I work for a school here in Switzerland and we currently use – among other things – ClearOS servers to mainly manage authentications of different external systems using OpenLDAP, manage IP addresses of computers based in different VLANs, sharing files and use OpenVPN for external connection.
So I use ClearOS as a gateway, firewall, file server and authentication server for other system with LDAP.
Following the announcement of the ClearOS servers shutdown, I need to change my network core and I’ looking for an alternative.
I’ve found different systems which could replace my Clearos like Nethserver, Zentyal or Synology.
Basically, I prefer to install systems such as Nethserver or Zentyal but the time needed is an important criterion. Indeed, the maintenance of the infrastructure is not my main job anymore.
I used to use Clearos as a gateway with a direct connection to a router, which was convenient.
For me, it is obvious that if I choose the Nethserver version, the version 8 will be necessary, but it seems to me that I have read that the latter does not have the gateway tools. can you confirm this?
Finally, knowing that my time is limited, wouldn’t an all-out-of-the-box solution such as Synology be preferable, even though technically, it doesn’t have my preference?
It seems that Synology has these features, yes but I’m not 100% sure. I talked about Nethserver 8 because Centos 7 will be stopped in 2024 if i remember well. I think that it is not useful for me to install a new infrastructure that will not be maintained in a few months but I dont know what Nethserver will do …
IMVHO… NethServer 7 is the best choice for drop-in replace for ClearOS. NS 8 is no production grade now.
I can relate that you don’t want to do the job twice but… timing is not consistent with NS8 status.
Ok but on my routers, I have paththroughs that allow me to have the global IP address directly on the WAN card of my systems. This is nice because I don’t have to do NAT on my router. I’m not a router expert but I guess if I do the gateway on my router, I will have to set up redirects for each port, right?
Developers are working on a migration procedure from NS7/CentOS7 to NS8/The Container Disciple (the second definition is mine and ironical).
If things are going as expected, a simple backup/restore procedure might lead from a working NS7 to a fully migrated NS8.
Dev team delivered the same kind of procedure from NS6 to NS7 (different underlying OS but same family). You could choose to not believe the team, but you should look for an alternative as “one man band” Distro Linux for the same services as ClearOS and NS7 are doing.
Another option is split the firewall and the server in two hardwares (virtualized or not). Plus: better firewall options and services. Minus: less integration and a bit tougher deploy session.
Ok,thank you very much fore these informations Pike, I will keep it all in mind.
But when moving eventually to NS8 , we agreed that the Gateway option will no longer be available and that NS8 will be a LAN server. We will have to think about installing a second system for the gateway (possibly the router).
Now I just have to weigh the pros and cons of each solution …
@forstera you could implement OPNSense as your firewall.router that way, you know you have no need to adjust on firewall matter, then implement NS7 for everything else. By the time we get to 2024, actually might even be Before that, you can Migrate to NS8.
While NS8 should be able to help you get a good number of things up and running, plus its a drop in replacement of ClearOS with better implementation and functionalities, you will also benefit alot from what NS8 will offer, if the promise made, of additional items, on top of what Ns already supports.
On the Upper side, since NS8 support/ will support clustering and multi modes, having a firewall independently run from the core system, will give you room for more advanced configurations if need be, and also better failure management
That is exactly what it is.
I still have IT management but I have been given other assignments that take priority. From now on, I will only be able to dedicate myself to IT about 1 day a week, maybe less.
The problem is that I am alone, although this can have advantages
To be precise, part of the IT has been delegated to external resources but belonging to our government.
I kept part of the IT management for the development of our own tools here internally or the implementation of tools that are not provided by our government (example: Moodle).