I’m working on an secure design installation for SME. I wonder if anyone already has started on this just so I don’t have to invent the wheel twice.
Scenario: I want to keep security very high and therefore an an “All in one” Nethserver installation is not secure enough for SME installations. I presume that some modules can co-exist on a server installation and some should be separated especially if you have DMZ servers and internal servers that need to communicate to each other and have the same role but are separated for external/internal use.
This solution Idea should reflect those possible scenarios:
Complete solution design should be hosted virtual . I prefer ProXmoX but Nethserver could be used if it’s mature enough
Secure mobile mail sync (SOGo, VPN)
Design solution should reflect a FW/GW with UTM Nethsecurity installation
All network scenarios should be used DMZ, Internet, Lan and Guest.
DMZ (Orange) should host front end gw systems for Mail access, Webhosting, Owncloud gw etc.
Guest (Blue) wifi for internet access.
OpenVPN roadwarrior design
VLAN design for voice/video/data
UC&C Nethserver secure&encryptet setup for all the different modules
IPPBX Nethvoice secure&encryptet Asterix installation switchboard setup with queue.
This is only a draft and I haven’t seen the software yet for SME but would like to plan for an design that takes security serious. I don’t know if Nehtserver is up for the task but I would like to try and hear what the community thinks about this? Any suggestions are welcome.
When you talk about “design installation” are you talking about a document (guide/tutorial/howto ecc.) such as a best practice to intall NethServer in small-medium enterprises (SME) or something else?
Not sure that the virtualisation module of neth is enough mature to be used in professional needs…I use virtualbox for my need but I will never advice to use it in a real infrastructure. I do prefer also proxmox and keep neth virtual…but anyway which O.S is still done otherwise than in a virtual machine.
Agree, I want to gather relevant information that can be used right away out of the if possible so Neth SME administrators doesn’t have to invent everything from scratch. Therefore only solution that work in real infrastructure solutions should be mentioned and documented.
See this design more or less first as an infrastructure secure architectural design brainstorming which should end up in a working tutorial or reference installation documentation.
We are running distributed NethServer environment on multiple sites with roadwarrior VPN and vpn bridges. We use both NS6 and testing NS7.
I have used Linux since 1996 starting with RedHat on DEC alpha and Slackware on Intel. (correction)
We also have CentOS 6 and 7 servers on the infra and some apps on U14.04LTS. Laptops on Fedora and CentOS. Some storage on RockStor (also CentOS based).
NS looks quite capable solution where also non IT people can manage systems functionality. For SME the easyness is the key and we try to show other SMEs that you really do not need Windows or Mac to manage your business.
There are good guidelines to follow on distributed and segmented networks by NSA (jep, the bad guys give good advices and use RedHat). This topic is very important for SMEs to get real benefits from Linux in business.
Indeed, check my talk a FOSDEM, I pushed this button further! You look as and advanced NethServer administrator how can we improve our product? Any idea?
in SME business scenario there are lots of ideas but many of them are not suitable for integrating to single system.
On the other hand the ability to have different types of installation of same base makes sense.
Like on groupware server with SOGo and email to add project managent solution Redmine or even Taiga. We have used Redmine long time first testing on Bitnami stack and now on CentOS 7 with mobile application on Android devices. Taiga seems to be very promising.
Migration from older system or other solutions come in the way to most SME users. We migrated succesfully from Zimbra (long time in use and frustrated with upgrades) to Nethserver 6 and SOGo 3. With little work found german instruction which helped to configure Evolution calendar and contacts to work in sync with Android contacts and calendar. Works nicely. Works well also on NS7+SOGo3.
I have had some issues with NS with Mysql with missing admin password file after install.
As a storage solution good integration with Rockstor (also CentOS based) would give expandability to SME (with data replication between offices).
As the manufacturing industry is looking forward to Industry 4.0 SMEs will face even more IT challenges. NS WebPortal server install with easy setup with ex. Joomla and customer support solution would make lots of business owners happy. I belive that more and more security concious businesses will want to host their own servers and own their data.
There are lots of thing to discus on the road to make SME centric solutions. Too much is focused on IT savvy tech firms. Most of the SME businesses and manufacturing firms are not IT-professionals but own good technological skill to learn systems which are designed to poeple outside of software industry. I dont mean gray mass but companies and peoiple who push their companies forward.
Open source is excellent way to SMEs to gain momentum and when tey grow they can decide which support contracts they need to fortify their business. M$/Oracle/Mac way of licence hell is keeping lots of SMEs on the slow evolution phase.
how can we improve our product? Any idea?