Bryan Heinz From Mac Servers to NAS The Great Migration $(whoami)

• Hi, I’m Bryan � • Twitter: @cookie_lust • Slack: @bheinz • I live in Peoria, IL. • AKA 3 hours south of Chicago • AKA 3 hours north of St. Louis $(whoami)

• IT Manager @ Simantel • B2B marketing firm • On-prem & cloud servers, DEP&MDM, network, end-point management, etc. etc. etc. I do all the things $(whoami)

• IT Manager @ Simantel • B2B marketing firm • On-prem & cloud servers, DEP&MDM, network, end-point management, etc. etc. etc. • I’ve worked in IT for around 11 years • I’ve worked with devices for around 6 years • To a lesser , QNAP • Archive and needs kickstarted my work with Synology Server

Synology 1 Synology 2 Expectations

• This talk will include • What a NAS server is • A map of Server.app services to these NAS’ • Other uses for NAS’ • Tips and advice on using a NAS • This talk won’t include • How to implement any of this stuff (good luck) • What you should buy The Takeaway

• If NAS’ are the correct tool for your org �� • What you can use a NAS for • Ideas on what vendor and model is for you ☣ Disclaimer ☣ Disclaimer ☣

• Tried to make this talk vendor agnostic, but… • This talk will be skewed towards Synology • Synology and QNAP are the best… • For the kind of use cases I’m talking about today • i.e. more than just storage • Other vendors lack turnkey applications and documentation • I have zero affiliation with any vendors • I’m not trying to sell you a thing

NAS What? NAS What?

• Network Attached Storage • AFP, SMB, NFS • More than just storage • Relatively cheap • Base/primary unit • Computers with a CPU, RAM, other computery things • Expansion units for even more storage NAS What? Oh, ess.

• Run their own flavor � • Synology DSM Not the Diagnostic and Statistical Manual of Mental Disorders (DSM-5) NAS What? Oh, ess.

• Run their own Linux flavor � • Synology DSM • QNAP QTS • Support SSH and basic Linux commands • cd • ls • sudo rm –rf /* • Etc. NAS What? Oh, ess.

• “App Store” • Synology’s “Package Center” • QNAP’s “App Center” • CLI Install • Use caution • Synology dpkg • QNAP qpkg NAS What? FS.

• Both support • Synology supports Synology supports BTRFS (Butter FS) NAS What? FS.

• Both support EXT4 • Synology supports BTRFS (“Butter FS”) • QNAP supports ZFS So, You’ve got a Mac Server

• NAS turnkey solution for most Server.app services • Calendar & Contact syncing • File Sharing • Mail • Messages • Time Machine • VPN • Websites • Wiki • DHCP & DNS • FTP • Directory So, You’ve got a Mac Server

• Non-turnkey solutions to run a few other services • Profile Manager • Netinstall • Update • A couple that require macOS • Caching server • Xcode server So, You’ve got a Mac Server Calendars & Contacts • Alternatives to Contacts & Calendar syncing • CalDav (Calendar) • CardDav (Contacts) • Synology • Installable Calendar and CardDAV package • Calendar is a full calendaring app + CalDav • QNAP • No first-party support for CalDAV or CardDAV • Third-party solution: Radicale • Verify it before use So, You’ve got a Mac Server File Sharing • Protocols • AFP • SMB • NFS • WebDav • Installable on Synology • Built-in on QNAP • Permissions • Support for local or directory user & groups • You can mix and match local and directory users & groups So, You’ve got a Mac Server File Sharing • Quotas • Synology • Share specific storage quotas • User specific storage quotas • QNAP • Only user specific storage quotas So, You’ve got a Mac Server Mail • Don’t. • Synology has two different mail server installs • Mail Server • MailPlus Server • High availability • Moar stats • Auditing • Cost Extra • QNAP no first-party mail server support So, You’ve got a Mac Server Messages • No Jabber (XMPP) replacement • Synology has a proprietary chat server called “Chat” • QNAP supports installing the open source chat server Mattermost So, You’ve got a Mac Server Time Machine • Both vendors support Time Machine • Synology Cloud Station Backup • Proprietary backup client/server • Works on macOS and Windows • Can’t mass deploy • QNAP has NetBak Replicator • Proprietary backup client • Windows only So, You’ve got a Mac Server VPN • Installable on both platforms • Synology - VPN Server • QNAP - QVPN Service • VPN Protocols • OpenVPN • L2TP over IPSec • PPTP • QBelt VPN • Proprietary QNAP VPN service • Requires QVPN client application So, You’ve got a Mac Server Websites • Both vendors support running web servers • With support for virtual hosts • Synology Web Station • Apache 2.2 or 2.4 • NGINX 1.13 • PHP 5.6, 7.0, or 7.2 • MariaDB 5 or 10 • QNAP • Apache, PHP, and MySQL Built-in • Let’s Encrypt • Built into Synology • QNAP requires myQNAPcloud Let’s Encrypt (Tangent)

• Free, automated, and open certificate authority • It’s run by the non-profit (ISRG) • It’s safe and secure to use • Supports wild card certs • Certs must be renewed every 3 months • Synology and QNAP automagically handle renewals So, You’ve got a Mac Server Wiki • Both vendors support installing DokuWiki and Media Wiki • No way to automated way of migrating • DokuWiki uses plain text files • I prefer DokuWiki So, You’ve got a Mac Server DHCP & DNS • DHCP Server • Built into Synology & QNAP • DNS Server • Synology has a DNS Server package • QNAP doesn’t have a turnkey solution So, You’ve got a Mac Server FTP • Built into both vendors OS • Use SFTP instead • SFTP is FTP over SSH So, You’ve got a Mac Server Open Directory • Synology has installable apps • Directory Server – LDAP • Active Directory Server – AD • QNAP has AD and LDAP server built-in So, You’ve got a Mac Server Lightning Round • Profile Manager • MicroMDM • Outsource (I hear SimpleMDM is good) • Netinstall • BSDPy • Software Update • Reposado server Docker Docker

• Installable on both platforms • Docker package on Synology • Container Station package on QNAP • Both vendors have a Docker GUI • Support CLI docker and docker-compose commands Docker @ Simantel

• Crypt Server (for now… (hi Catalina)) • Munki server • munkireport- • Reposado server • DokuWiki • Snipe-IT • Unifi Controller Tips/Advice Tips/Advice Reverse Proxies Tips/Advice, Reverse Proxies

• Built-in, turnkey solution on Synology • Can send traffic like https://crypt.Simantel.com to http://localhost:8080 • Add SSL certs without reconfiguring the destination server • Access Control Profiles • Enable if running internal and external websites • Control what subnets can access a site • Not turnkey on QNAP Tips/Advice, Disks

• Most Suggested • Western Digital Red • Seagate IronWolf • IronWolf has better SMART integration • Look at BackBlaze’s drive statistics • https://www.backblaze.com/b2/hard-drive-test-data.html Tips/Advice, Disks

• Buy drives from multiple sources • If buying 12 drives, buy 4 from Amazon, 4 from Newegg, and 4 from CDW • Check each drives warranty • Purchase a cold spare Tips/Advice, RAID

• Don’t use RAID 5, use RAID 6 instead • RAID isn’t a backup • Not protected from corruption, file deletion, crypto, etc. • Always have a cold spare Tips/Advice, RAID

• Synology has it’s own RAID type, SHR/2 • Synology Hybrid RAID • SHR == RAID 5 and SHR2 == RAID 6 • Allows non-matching drives • Immediate volume expansion • RAID 6 is faster than SHR/2 • Not all Synology models support SHR/2 • It’s listed under “Supported RAID Types” as “Synology Hybrid RAID” on a models specs • Synology RAID calculator • https://www.synology.com/en-us/support/RAID_calculator Tips/Advice, File Systems

• Use BTRFS or ZFS for your filesystem • • Repairs inconsistencies with data in the file systems • Schedule data scrubbing • Every 1-3 months • Snapshots • Setup snapshots • Snapshot • Requires the same FS (BTRFS → BTRFS ; ZFS → ZFS) Tips/Advice,

• Backup your NAS • Follow the 3-2-1 rule • 3 copies of your data • 2 storage mediums • 1 offsite • Local backups • Snapshots (with replication) • Synology Hyper Backup package • QNAP Hybrid Backup package • Online backups • Amazon S3/Glacier • BackBlaze B2 • Wasabi Tips/Advice, HA!

• High Availability • Synology’s xs/+ line, QNAP’s ES line • Synology - High Availability listed on a models specs page • QNAP - High Availability listed on a models software specs page • Both models must be mirrors of each other Tips/Advice, Notifications

• Notifies of disk and other hardware failures • Enable Notifications • Support for both Email and SMS • Test your notifications Tips/Advice, Speed

• Use 10Gbe if you have the infrastructure • 10Gbe sometimes sold separately • Setup an SSD cache* • Can be either M.2 or Sata • M.2 PCIe card sold separately • *Except for large sequential or write operations (video) • Only select models support 10Gbe and M.2 • Typically looking for a model with 10Gbe built-in Tips/Advice, Model Names

• Synology has a documented model naming scheme Tips/Advice, Model Names

• Synology has a documented model naming scheme • RS18017XS+ == Rack Station, 180 drives, from 2017, high- performance • DS3018XS == Disk Station, 30 drives, from 2018, high-performance • DS418play == Disk Station, 4 drives, made for playing video • QNAP doesn’t appear to have a documented naming scheme Tips/Advice, SSH/SFTP

• Avoid opening SSH or SFTP on your firewall • If you have to, use a white list • Require a VPN connection • Avoid port 22 • Use keypairs + passwords • SSH requires admin privileges on Synology Tips/Advice,

• Sanitize your filenames and paths • Illegal characters: / ? < > \ : * “ | • Spaces at the end of filenames is a day ruiner • People make the most broken filenames somehow • A way to migrate • Mount the old storage onto your NAS • SSH into your NAS • Rsync from the old mounted share to your new share Tips/Advice, Misc.

• Only store data in shares • Don’t change system config files via CLI • L2TP over IPSec only allows 1 connection per WAN • Synology’s tier 2 support response times are slow • Don’t plug APFS drives into a Synology Still need a Mac server?

• Server.app is dead to us • macOS Only • Xcode server • Caching server • AutoPkg • macOS or Windows • Adobe Software Update Server • FontExplorer X Pro Server Conclusion

• macOS • Server is deprecated • Still needed for some tasks • NAS’ are great • Lots of storage • Versatile • Cheap Wrap-up

• MacAdmins Slack, join us • http://macadmins.org • #synology & #qnap channels • Where you can stalk me • Twitter @cookie_lust – note the _ • Slack @bheinz • Blog/Slides kernelpanic.me Thanks!

• Robert Hammen • Chris Dawe • Steve Yuroff • Rick Heil • All of you Q&A

• MacAdmins Slack, join us • http://macadmins.org • #synology & #qnap channels • Where you can stalk me • Twitter @cookie_lust – note the _ • Slack @bheinz • Blog/Slides kernelpanic.me