[OT] best (Linux based!) all-in-one NAS-VPN-firewall?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[OT] best (Linux based!) all-in-one NAS-VPN-firewall?

M. Fioretti-2
Greetings,

One of my jobs in the next months will be Free Software teaching/
consulting for a small private school. Part of the consulting consists
of helping the school to evaluate how to set up some infrastructure,
using Linux/Free Software as much as possible.

I have been just asked to, quoting, "suggest an all-in-one
NAS-VPN-firewall for the school". We are talking ~80 students in the
8/13 years age range, maybe more after summer, plus teachers and
administration. The "all-in-one" part is the key requirement, and also
the reason why I am asking for recommendations based on your
real-world experience. I know how to handle this stuff the 100%
DIY/hacker way, but that is not an option in this case. Me, I wouldn't
mind but, while the school would like to use more FOSS also for
administration and internal services, actual teaching has much higher
priority this year.

Thanks in advance for any feedback,
Marco

--

M. Fioretti http://mfioretti.com                   http://stop.zona-m.net

Your own civil rights and the quality of your life heavily depend on how
software is used *around* you

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] best (Linux based!) all-in-one NAS-VPN-firewall?

Karl Auer
On Sat, 2019-06-29 at 10:49 +0200, M. Fioretti wrote:
> I have been just asked to, quoting, "suggest an all-in-one
> NAS-VPN-firewall for the school". [...]
> The "all-in-one" part is the key requirement

It may be a key requirement, but it is a very, very bad one. It's
putting all your eggs in one basket. It means you cannot get the best
router, the best firewall, the best VPN concentrator or the best NAS,
because each of those will be limited by the others. You can't swap out
separate components if they turn out to be inadequate or faulty. If the
all-in-one fails, you have lost everything.

This is absolutely the wrong solution for any serious enterprise and (I
would go so far as to say) especially a school.

Get separate devices.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] best (Linux based!) all-in-one NAS-VPN-firewall?

M. Fioretti-2
On Sat, Jun 29, 2019 19:51:13 PM +1000, Karl Auer wrote:
> On Sat, 2019-06-29 at 10:49 +0200, M. Fioretti wrote:
> > I have been just asked to, quoting, "suggest an all-in-one
> > NAS-VPN-firewall for the school". [...]
> > The "all-in-one" part is the key requirement
>
> It may be a key requirement, but it is a very, very bad one.

Excellent point, of course. Hardware-wise, it would be no problem to
have separate computers, each performing just one of those functions.

What they hope to minimize is uncertainty. As in, e.g.:

- which combination of software firewall etc.. is guaranteed to work
  together without problems, has the best documentation to set it up
  that way, and possibly one integrated interface to at least
  monitoring /reporting everything that is happening and ought to be
  done

Marco
--

M. Fioretti http://mfioretti.com                   http://stop.zona-m.net

Your own civil rights and the quality of your life heavily depend on how
software is used *around* you

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] best (Linux based!) all-in-one NAS-VPN-firewall?

Karl Auer
On Sat, 2019-06-29 at 16:01 +0200, M. Fioretti wrote:
> > > The "all-in-one" part is the key requirement
> > It may be a key requirement, but it is a very, very bad one.
> [...]
> What they hope to minimize is uncertainty. As in, e.g.:

They will not achieve that by getting an all-in-one solution,
especially not one that includes a NAS.

Get reputable brands, explain your requirement when you purchase, and
do not hesitate to return them if they do not interoperate. You may be
able to get test units to put together in your lab for a week or two to
check them. 99% of equipment out there interoperates perfectly for
straightforward networking.

>   that way, and possibly one integrated interface to at least
>   monitoring /reporting everything that is happening and ought to be
>   done

If they are not competent enough to realise that an all-in-one solution
is bad, then they are not competent to understand such a dashboard.

You will save a LOT of money in the long run if you hire a networking
company for a few hours to advise you (but do not buy hardware or
software from the same people).

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] best (Linux based!) all-in-one NAS-VPN-firewall?

Compdoc@hotrodpc.com
In reply to this post by M. Fioretti-2
On 6/29/19 2:49 AM, M. Fioretti wrote:

> I have been just asked to, quoting, "suggest an all-in-one
> NAS-VPN-firewall for the school".


It's doable. Not really sure there is an all in one appliance, but
freenas has possibilities with its ability to run virtual machines.

I actually provide that sort of thing to a few healthcare clinics, but I
dont use freenas. All running on one machine that boots Ubuntu, I have a
firewall/VPN, an email spam/virus filter, and sometimes Windows Server
or Ubuntu Server providing file serving. 24/7

I just run various distros in virtual machines using KVM and
virt-manager. It does take some skill at setting up bridges and
networking, and you need more than one ethernet port.

Also, firewall running in a VM requires some horsepower - an Intel i5
cpu would be minimum for up to a 100mbps internet connection.

Personally, from a maintenance standpoint, its better to run the
firewall/vpn on a seperate box. It doesn't have to be a very large PC.
mini-itx is great.




--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Thanks for: [OT] best (Linux based!) all-in-one NAS-VPN-firewall?

M. Fioretti-2
In reply to this post by M. Fioretti-2
Many thanks to all who answered this request, and added very useful
general comments. I have synthesized all the feedback collected here
and elsewhere, and forwarded the result to the client. We'll know how
it ends next month.

For the record, and to give more context: both the client and I know,
and agree with, that "putting all eggs in one basket" is a BAD
idea. No question about that. And I am not even supposed to be the one
who makes the final choice, or the one who eventually builds and
manages whatever is chosen. The question came out informally, while
chatting about other parts of my assignment, because neither I nor the
client (who was way more competent than me on this, until he changed
line of work) are not up to date on **specific** products and projects
in this field. And its meaning was "what is the most efficient way,
time-wise, to get this done well?" We needed help to refresh our view
of the "market", and you provided it.

Thanks!

Marco


On Sat, Jun 29, 2019 10:49:49 AM +0200, Marco Fioretti wrote:

> Greetings,
>
> One of my jobs in the next months will be Free Software teaching/
> consulting for a small private school. Part of the consulting consists
> of helping the school to evaluate how to set up some infrastructure,
> using Linux/Free Software as much as possible.
>
> I have been just asked to, quoting, "suggest an all-in-one
> NAS-VPN-firewall for the school". We are talking ~80 students in the
> 8/13 years age range, maybe more after summer, plus teachers and
> administration. The "all-in-one" part is the key requirement, and also
> the reason why I am asking for recommendations based on your
> real-world experience. I know how to handle this stuff the 100%
> DIY/hacker way, but that is not an option in this case. Me, I wouldn't
> mind but, while the school would like to use more FOSS also for
> administration and internal services, actual teaching has much higher
> priority this year.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] best (Linux based!) all-in-one NAS-VPN-firewall?

Bekkenes
In reply to this post by M. Fioretti-2
Everything in one basket is generally a bad idea.
But it can be done, just make sure you have redundancies.

Do however not run everything in "one" distro.
I would suggjest you as a base use proxmox , then under that you setup
different virtual machines with ubuntu running things seperate,ie one
machine vpn, one nas, one firewall.

All those things you can use Ubuntu for.
Make sure you have a proper raid setup , that is especially important in the
limited scope you have to work with in regards to hardware.

https://www.proxmox.com/en/





--
Sent from: http://ubuntu.5.x6.nabble.com/ubuntu-users-f1215774.html

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users