Zentyal vs Nethserver vs FreeBSD vs Windows which way now?

Sorry for the long post but it’s a long story with a simple question.

We were a happy 7-person reseller for MS selling, installing and supporting Windows Small business server. When MS decided to kill it to make more money on the cloud and take it away from people like us we looked for an alternative for clients being in a bad broadband area.

We looked at everything and we opted for FreeBSD going back to our Unix roots with CLI. We decided against a GUI after playing with Zentyal as it was too, slow and clunky as was Gnome and KME.

After a disaster with a FreeBSD / lamp / SOGO /SAMBA installation we settled on MS Server Essetials with Msaemon for email and a FreeBSD in a VM. Which has been good.

I now what to go all Linux server and no MS as a cloud alternative for clients so with Zentyal latest with AD and usable interfaces it was our next go-to-play-with choice.

I came across Nethserver so any ex-Zentyal admins here from a commercial environment have any views / advice to save me time on an evaluation is NS vs Zentyal. We need AD, Samba, RDP ( internal and from outside), SQL, ActiveSync, Bare metal backup. Hot-swap drives for backup , AV, although we use ESET, Advanced IPscanner, Wireshark. We use Draytek so firewall and VPN isnt an issue.

Although we are CLI capable a GUI with tools makes life quicker and easier.

I’m looking for a simple all in one low cost box for SME’ <25 users.

Advice please?

@Fiona

Hello Fiona!

And welcome to the NethServer Community!

As you can see from my Profile, I’m pretty much in the same business as you - only that I’ve always used open source with Linux. It’s now 35+ years, and I have about 25-30 clients, all using a NethServer, running virtualized on Proxmox to provide services like AD, File, Print, Mail, NextCloud, Zabbix Monitoring and much more!

I do have clients, who need an App (Programm) running on a Windows box, these are also virtualized, and are members of the NethServer AD…
Examples would be eg.:

• Hotel Hospitality Program, running on MS Server 2008R2 with MS-SQL.
• A Doctors Programm, running on MS-Windows10 (as a virtual, member server in AD) with MS-SQL Server.
• ERP Programm, also running on MS-Win10 as server with SQL-Server.

The virtualization layer underneath provides peace of mind with snapshots, live backups (including MS Windows!), fast migration up to a full HA High Availability Cluster.
Between two Proxmox in the same cluster and using shared storage, a live Migration takes 90 seconds - all the while the machine remaining up and connected, even with RDP!

See here for some ideas, it’s still WIP (Work in Progress), but there’s plenty of ideas there already:
https://wiki.nethserver.org/doku.php?id=userguide:nethserver_and_proxmox

Here are some recent “Converts”, from SBS to now running NethServer - more stable, faster tham before, with much more features…

Bildschirmfoto 2020-05-30 um 19.27.042532×1592 467 KB

Borek-LAN2360×1572 725 KB

Bildschirmfoto 2020-05-08 um 17.53.072750×1480 759 KB

I have Clients like Doctors, Hotels, a state Trade Institution (3 sites, Total of 70 users, one NethServer!) and financial institutions, architects…

I used to use SME Server before, although I can easily handle OpenBSD, Solaris, Novell Netware
and almost anything network capable. It doesn’t even have to be TCP/IP. But since 5+ years, I’ve been using NethServer, migrated all my clients. This is my form of giving back to a great forum, one of the best in OpenSource I’ve seen or used in 35+ years!

Neither NethServer, nor Proxmox have ever let me down since using them! (5y+)
Zental is more known for crappy updates. I wouldn’t touch it with a long pole! The community there doesn’t come close to our NethServer Community here!

If you have any questions, don’t hesiate to ask!

My 2 cents
Andy

PS: As you may have noticed, in all examples a Raspberry PI 3 handles all UPS needs for the network…
Saves my clients nearly a thou for eg APC SNMP Box, and my earning ratio is better too!

Hi Fiona,

i have been using MS Small Business Server in the 2003, 2008 and 2011 editions for many years and have been happy with it. Since MS discontinued and made many users dissatisfied, I am now using Nethserver and am very happy with it. On the side there is a server 2016 running for the things Nethserver can’t do (yet). WSUS for example. My motto is: Nethserver, that’s all i need.

Regards and a sunny Sunday.

Uwe

Thank for your valuable comments. I wont miss WSUS I want to individually control all updates especially W10. I’ll go back on Monday and play with a Nethserver installation as a trial.

As you also want to have some kind of RDP option I can point you to the community module for nethserver-guacamole: https://wiki.nethserver.org/doku.php?id=guacamole
It allows to serve as a gateway to other devices through RDP, SSH or VNC.

Thank you all for your help, there is quite a bit Ill be playing with.

@Andy_Wismer I like your layout, what software are you using? We still have MS servers here with a BSD in a VM. Im looking at creating a second VM with Nethserver eventually and migrating all my software gradually We have Front Accounting, Owncloud backup PC, plus HESK already on the BSD platform but Id like to go completely NIX.

@Fiona

Hi Fiona

Sorry, I’m so late with answering, but I was on the train from Switzerland to Frankfurt/Main, in Germany (6 hours!).

I’ve been using Zabbix recently as tool to create network docs, like the maps shown above. All those shown maps are “live”, that is, if a problem exists, the host is highlighted with the problem.
But as you can create as many maps as you need, I thought it a good solution. It’s live, always accessible and I can create a Map/Drawing anytime I need. And they look good - I’ve always heard that, especially from the Visio Freaks.

I’d personally suggest not using NethServer as virtualization host (Just as bad an idea like using your MS AD Server as Hyper-V server…). I’d suggest taking a look at Proxmox for virtualization. Proxmox is free like NethServer, you can pay for support if you want, it costs about 100$ / CPU socket / year. The amount of cores does not matter!

Note1: NethServer can run KVM virtualizations, but does not give you HA High Availability, Live Backups (Even Windows) nor Fast Migration. Proxmox gives you all that, for free! I let my clients pay the maintenence fee, it so much simpler than what others bill, like VMWare or Hyper-V.
The comparison for billing from MS-Hyper-V, VMWare ESXi and XEN feels like you’re in a Starbucks, but you only want a typical italian expresso. The Menu and prices are staggering.
Proxmox only has 4 levels, all licensed by CPU socket! I use Community Support, that get’s me the stable, tested updates.

NethServer is like a good Swiss Army Knife, it can do almost anything, and fairly well. However, there are better tools for certain tasks, like virtualization and firewalling, two things I don’t use NethServer for.

But all my clients DO use a virtuzalized NethServer for similiar or same duties as before a MS SBS did. The last client I migrated this February, just before the lockdown. They were running SBS 2003 (!) high time that was replaced! They now have NethServer running virtually, in a brand new decent HP Proliant 380 Gen10 with 64 GB RAM, storage and Backups are each on a seperate Synology NAS. Next step is out of house Backups, using rsync and a NAS at home of the companys boss.

Note2: Migrating Physical 2 Virtual of MS Windows systems (no matter if workstation or server) is mostly a matter of loading mergeide (A MS Tool!), creating a image (no matter if clonezilla, acronis or whatever tool) and moving the image to the storage NAS.

I’d suggest you look and play around with both products, NethServer as SBS replacement and more, Proxmox for peace of mind virtualization.

One example:
The hotel I planned the network for and run their support uses HP Proliant Servers. One virtualized Server is a Windows 2008 R2 Server, running MS-SQL and the Hotel Application, all corectly licensed.
We demonstrated to the Hotel owner HOW powerful this new Proxmox was by loading a Backup from the virtualized Win2008 server, and loading that on my partners home Proxmox, which he brought along for the show. Now, this Home-Proxmox is a Apple Mac Mini! It has completly different hardware and CPU built in from the Proliant Servers. Using VMWare or Hyper-V, which pass the CPU 1:1, the system would have to be newly licensed, as windows would detect the difference…

Proxmox, however, uses ideally a “virtual” CPU, a KVM-CPU, which is the same on all Proxmox no matter what the real CPU underneath is! The same virtual 100 GB LAN NIC (yes’ i had to look twice, thought 100 MB was slow!!!) and the same grafik. So NO license issues, the licensed Win2008r2 carried on working with NO issues!

Add this flexibility to a 90 second LIVE Migration time from one Proxmox host to another, and you get a very high availability, without yet using full High Availibility (HA), a further option Proxmox offers.

The same goes for your NethServer - after you’ve burned yourself with your FreeBSD server, thought you might like the safety and peace of mind this induces, especially once you’ve tested this through!

As to NethServer: 2 - 75 users, AD, Mail, File, Print, Database, NextCloud, Zabbix Monitoring and more - including Guacamole HTML5 RDP (Home Office for Corona!) - all run extremly stable on Proxmox!

If you have any questions, don’t hesitate to ask!

My 2 cents
Andy

2 posts were split to a new topic: OPNsense, NethServer and Certificates

7 posts were split to a new topic: Restart NAS without affecting vm/windows+sqlserver on Proxmox

Hello to all, I’m must jump in
So , I’m also big proxmox fan since 1.3 version , and trying to migrate all possible windows services to linux ones. The best AD (samba4) candidate is NethServer and 2 customers of mine (with crostino subs: ) are very satisfied with it … actually they are not aware they are not using MS AD Yes, I’m also very satisfied with AD role , but for file-sharing I prefer Free/TrueNAs because of snapshoting and zfs replication. Regarding Proxmox I switched from shared storage to ZFS local storages again because of ZFS features … zfs-storage replication (in HA (3node cluster … 2 big players and 1 small quorum node) works really good … It’s far easier to maintain (and afford) two good hypervisor-nodes with local-zfs storages, than having shared (i.e. SAN) storage … that also should be redundant etc etc …
So, NethServer and proxmox is way to go !

But, I’m planning to migrate kind a big customer (100 users) from MS to NethS and I’m wandering if there is a way to take over existing MS active directory ? …
Andy, how did you promote NethS into “FSMO” ?

Thank you in advance for your advices
Best regards

Tonci

@tonci

Hi

Actually I never “promoted” a NethServer to FSMO.
With Proxmox, good Backups and Snapshots, I have enough security to run NethServer (Also does it’s own Backups), all Backups also “Off-Site”, daily with rsync.

Simple reason: it’s not officially supported.
2) Two third of my clients were already using the predecessor, SME-Server, and that was running the old NT-Domain with Samba.
3) Most of the other clients were migrated from MS-SBS.

My largest present client has about 55 users from a single NethServer. About 35-40 users in Zurich, another 12 users in Geneva, and 3 in Lugano. All three sites are interconnected with VPN, all 3 sites carry a Backup-NAS, itself backuped to an 8 TB Seagate Backup Hub (USB3). (<- These are a good buy!). All sites are backuped on the other two sites, in triangel. The CRM is running SuiteCRM, in a LXC on Proxmox. For the amount of users, this CRM only has 2 GB RAM! And NO issues for now 2.5 years!

In future, I’d add a Hot Standby Server, also NethServer on Proxmox. This can be promoted to Master, and even assumes the right IPs after a reboot! More redundancy and resilence for the network. This is available for NethServer as a Module.

Another “feature”: The Offsite Backups are for amost all clients at the bosses home, via VPN and to a NAS, mostly Synology. (I’d prefer Free/TrueNAS…) The clue is, in case of an outage say between Xmas and New Year, when it’s hard to get a replacement timely, the boss can grab the NAS at home, and bring it to the office. It already has the data on it!

An idea: You can join a NethServer to a Windows AD, later shut down the AD master, and promote NethServer to new Master. This works, but is not officially supported. But there are how-tos and docs for this, here on the forum and in the Wiki.

To test this and also to gain experience, I’d suggest doing a dry run. Clone the AD, (as a VM, of course!), and jaoin a NethServer to that AD… All on Proxmox. Don’t forget to first install MergeIDE on the AD before cloning. A good tool can be VMWare’s Migration tool (Use a local USB Disk here!) and afterwards use Proxmox to convert the VMDK file to RAW (What you need on ZFS…)

For 100 users I’d split up services, like Files on one, Mail on another and maybe two running AD, one of them as member.

I have done NethServer for clients with over 100 users, and none of my clients use a real Windows AD. Most “Application Servers” (ERP or other Stuff you can’t offer on Linux (yet) are all simple member servers on the NethServer AD. For a lot of smaller clients I use a simple, cleaned up Win10 VM, de facto running as Member Server.

Using TSplus, a software which makes a Win10 PC/VM into a multiuser terminal server (Way less costly than a Windows TS Server, plus the user experience conforms more to the Win10 most users are familiar with. Windows Server does NOT feel like a Windows PC…

Almost all clients use a Raspberry 3 for Nut Server. It’s completly independant, cheap enough that every client can keep a spare in the cupboard… And I get nice stats for Zabbix!

For Proxmox Backups I’d use PBS.

Guacamole, MeshCentral and a good Zabbix monitoring are your friends, when it comes to providing a long term stability to the client! And it helps if you know where the “itch” is, before your client calls…

Some sample networks, all current:

1. Doctors practice
2. The mentionned large client, a state institute
3. A financial company (Treuhand)

SAZG_Zabbix2794×1594 463 KB

CCIS_Zabbix2728×1434 592 KB

WPD_Zabbix2602×1538 533 KB

Hope these tips help!

My 2 cents
Andy

Hello Andy ,
thank you for your rich answer(s), zabbix is on my to-do list
Yes, the plan is migrate FSMO role from win2008r2 to NethS (actually to shutdown MS machine completely) , in order that clients do not feel any DC change (from Windows to linux) . I still haven’t tried the procedure that you mentioned (join as member, migrate from master, demote master) because I knew it was not officially supported but hoped something changed regarding this subject. I think this would be very important/useful feature … “silent” removing win2008r2 dc and putting NethS DC in production could be priceless … on the other hand, w/o AD migration , removing 100 clients from MS AD and joining to the NethS AD domain make things very complicated and far away from “silent”
Haven’t tried this migration with Zentyal but they “say/claim” they can … on the other hand our Neth team says it’s not that easy and safe
Win2008r2 does not have support any more and has to be replaced… from my NetHS experience we are able to run 100 users AD domain w/o any problems , but how to make “silent switch” ?
I’m wandering what can go wrong after successful AD migration from win to NethS ?

Yes, I do have PBS in production and as datastore I use NFS server (old NetGear-rn102 NAS
This is very little remote location that has one proxmox host … PBS is VM in this host and everything works almost perfectly … “block” backup runs pretty smart, although NFS as datastore needs some polishing (old snapshots cleaning problems) … “Incremental” backup of 800GB VM lasts in minutes … depending (only) on changed data … but there is still something that I’m missing … file-level restore on windows vm’s etc … but everything looks pretty promising and no other commercial hypervisor (vmware/hyperV, …) has such “embeded” and powerfull backup engine … and FOSS of course

BR
Tonci

@tonci

Hi

You musn’t forget a few Windows “Standards” you’ld need to implement, also not yet standard on Neth…

Windows Profiles Directory / Share for clients that need / require “roving profiles”. This works well.
There is a good dok here:

→ Don’t forget to include this folder in NethServer’s own backup!

You can also rsync the contents over from the old AD.

For file level Backup, both win and Neth, I use my own rsync script (Running on Neth!). This places the files in a Share “Backups” on the NAS, with subfolders (1_Monday, 2_Tuesday, 3_Wednesday…). I keep 7 generations, users have read only permissions to the folder. This makes this safe from cryptolockers.
My NAS are never in AD, and the local admin has a different Password from the AD / Neth admin, also a protection from Cryptolockers.

Actually, you’re specifically lucky the present server is Win2008R2. This version is fully supported by Samba - all functions! So NethServer would be seen as “equal” by the old AD…
For a 2016 or 2019 AD the mentionned route with join - demote - promote would be quite risky!

RSAT and Stephdl’s PHPLDAPadmin are priceless tools when it comes to AD administration.
I’d setup a dedicated Win10 as PC-Admin10.

As to Proxmox and TrueNAS: both companies behind them are among the largest contributers to the fantastic OpenZFS project. Proxmox also for CEPH, one of my next projects.

OK, food’s up. I’ll be back shortly…

My two cents
Andy

This could also help:
https://wiki.nethserver.org/doku.php?id=userguide:nethserver_and_proxmox#proxmox_hp_rok_server_licenses_dell_equivalent

To read it out of the present server(s) (To test AD, etc…) boot with Linux, eg SystemRescueCD…

Which switches are you using in this HA concept ?
So, your image storage is synology NFS server ? How are they synced ?

@tonci

Hi

Synology has their own HA. 2 Synologys are synched, one drops out, the other can take over.
But I’d prefer True/FreeNAS.
Synology is quite OK for smaller SME companies.

I prefer HPE Switches, but I can handle Cisco or eg Netgear.

My 2 cents
Andy