@Dbayn
Hi Dustin
And welcome to the NethServer Forum!
If your goal is to improve security and availability of your IT resources, NethServer among them.
A few questions, just so I get the right picture…
Is the NethServer the primary router between LAN and DMZ?
→ This isn’t the best security solution! A seperate box (firewall!) should seperate LAN from DMZ, and (optimally) another box between DMZ and WAN. A box with 3 NICs, one each for LAN, DMZ and WAN, would force all traffic to pass through it twice, slowing performance…
And hacking that single box gives an attacker access to ALL networks…
These firewalls can and should be in HA (High Availability) using two boxes for each connection, if possible. Part of the redundancy could include VM-firewalls…
The same redundanca thout also is valid for your NAS System. Major vendors like Synology, Qnap and others all have usable HA options…
NethServers internal data storage under /var/lib/nethserver can easily be symlinked to eg a NFS mounted NAS r a different disk. This works very stable and update secure, as long as hardware and components are of a certain quality! I would strongly suggest seperating individual NFS mounts, eg Mail, iBays, NextCloud. Non voluminous configuration stuff should be left in /var/lib/nethserver. Make sure you choose quality components!
To increase availability, I’d very strongly suggest using virtualization. It’s 2023 now, native installs are only for die-hard hardware freaks. Virtualization gives you so many advantages you otherwise don’t have:
- Fast disaster recovery, ignoring any hardware incompatibilities. In 30 Minutes, I can install Proxmox on any suitable hardware. Restoring the Proxmox Backup from a PBS (Proxmox Backup Server) is very fast.
Even AMD or Intel CPU won’t matter, not even for Windows Servers!
- Fast Incremental Ba ckups of VMs, also Offsite Storage is fairly fast.
- Fast Live Migration between nodes of a Cluster, even without High Availibility. Using a 1 GBE Cluster Link, a 16 GB RAM VM will migrate in about 90 seconds flat from one hardware to he next - all while running!
Backups including full VM restores, but also individual files and flders from almost any system, but especially for Windows and Linux OSes, all included without extra costs…
→ Proxmox can run with or without paid support, just like NethServer!
These are just a few quick thoughts without knowing much. Then again, I have planned security for Swiss Banks, among others…
Send me a PM, if you need more hints on security, with less public exposure…
My 2 cents
Andy