The Great Migration Final

The Great Migration Final

Bryan Heinz From Mac Servers to NAS The Great Migration $(whoami) • Hi, I’m Bryan � • Twitter: @cookie_lust • Slack: @bheinz • I live in Peoria, IL. • AKA 3 hours south of Chicago • AKA 3 hours north of St. Louis $(whoami) • IT Manager @ Simantel • B2B marketing firm • On-prem & cloud servers, DEP&MDM, network, end-point management, etc. etc. etc. I do all the things $(whoami) • IT Manager @ Simantel • B2B marketing firm • On-prem & cloud servers, DEP&MDM, network, end-point management, etc. etc. etc. • I’ve worked in IT for around 11 years • I’ve worked with Synology devices for around 6 years • To a lesser extent, QNAP • Archive and backup needs kickstarted my work with Synology Server Synology 1 Synology 2 Expectations • This talk will include • What a NAS server is • A map of Server.app services to these NAS’ • Other uses for NAS’ • Tips and advice on using a NAS • This talk won’t include • How to implement any of this stuff (good luck) • What you should buy The Takeaway • If NAS’ are the correct tool for your org �� • What you can use a NAS for • Ideas on what vendor and model is for you ☣ Disclaimer ☣ Disclaimer ☣ • Tried to make this talk vendor agnostic, but… • This talk will be skewed towards Synology • Synology and QNAP are the best… • For the kind of use cases I’m talking about today • i.e. more than just storage • Other vendors lack turnkey applications and documentation • I have zero affiliation with any vendors • I’m not trying to sell you a thing NAS What? NAS What? • Network Attached Storage • AFP, SMB, NFS • More than just storage • Relatively cheap • Base/primary unit • Computers with a CPU, RAM, other computery things • Expansion units for even more storage NAS What? Oh, ess. • Run their own Linux flavor � • Synology DSM Not the Diagnostic and Statistical Manual of Mental Disorders (DSM-5) NAS What? Oh, ess. • Run their own Linux flavor � • Synology DSM • QNAP QTS • Support SSH and basic Linux commands • cd • ls • sudo rm –rf /* • Etc. NAS What? Oh, ess. • “App Store” • Synology’s “Package Center” • QNAP’s “App Center” • CLI Install • Use caution • Synology dpkg • QNAP qpkg NAS What? FS. • Both support EXT4 • Synology supports BTRFS Synology supports BTRFS (Butter FS) NAS What? FS. • Both support EXT4 • Synology supports BTRFS (“Butter FS”) • QNAP supports ZFS So, You’ve got a Mac Server • NAS turnkey solution for most Server.app services • Calendar & Contact syncing • File Sharing • Mail • Messages • Time Machine • VPN • Websites • Wiki • DHCP & DNS • FTP • Open Directory So, You’ve got a Mac Server • Non-turnkey solutions to run a few other services • Profile Manager • Netinstall • Software Update • A couple that require macOS • Caching server • Xcode server So, You’ve got a Mac Server Calendars & Contacts • Alternatives to Contacts & Calendar syncing • CalDav (Calendar) • CardDav (Contacts) • Synology • Installable Calendar and CardDAV package • Calendar is a full calendaring app + CalDav • QNAP • No first-party support for CalDAV or CardDAV • Third-party solution: Radicale • Verify it before use So, You’ve got a Mac Server File Sharing • Protocols • AFP • SMB • NFS • WebDav • Installable on Synology • Built-in on QNAP • Permissions • Support for local or directory user & groups • You can mix and match local and directory users & groups So, You’ve got a Mac Server File Sharing • Quotas • Synology • Share specific storage quotas • User specific storage quotas • QNAP • Only user specific storage quotas So, You’ve got a Mac Server Mail • Don’t. • Synology has two different mail server installs • Mail Server • MailPlus Server • High availability • Moar stats • Auditing • Cost Extra • QNAP no first-party mail server support So, You’ve got a Mac Server Messages • No Jabber (XMPP) replacement • Synology has a proprietary chat server called “Chat” • QNAP supports installing the open source chat server Mattermost So, You’ve got a Mac Server Time Machine • Both vendors support Time Machine • Synology Cloud Station Backup • Proprietary backup client/server • Works on macOS and Windows • Can’t mass deploy • QNAP has NetBak Replicator • Proprietary backup client • Windows only So, You’ve got a Mac Server VPN • Installable on both platforms • Synology - VPN Server • QNAP - QVPN Service • VPN Protocols • OpenVPN • L2TP over IPSec • PPTP • QBelt VPN • Proprietary QNAP VPN service • Requires QVPN client application So, You’ve got a Mac Server Websites • Both vendors support running web servers • With support for virtual hosts • Synology Web Station • Apache 2.2 or 2.4 • NGINX 1.13 • PHP 5.6, 7.0, or 7.2 • MariaDB 5 or 10 • QNAP • Apache, PHP, and MySQL Built-in • Let’s Encrypt • Built into Synology • QNAP requires myQNAPcloud Let’s Encrypt (Tangent) • Free, automated, and open certificate authority • It’s run by the non-profit (ISRG) • It’s safe and secure to use • Supports wild card certs • Certs must be renewed every 3 months • Synology and QNAP automagically handle renewals So, You’ve got a Mac Server Wiki • Both vendors support installing DokuWiki and Media Wiki • No way to automated way of migrating • DokuWiki uses plain text files • I prefer DokuWiki So, You’ve got a Mac Server DHCP & DNS • DHCP Server • Built into Synology & QNAP • DNS Server • Synology has a DNS Server package • QNAP doesn’t have a turnkey solution So, You’ve got a Mac Server FTP • Built into both vendors OS • Use SFTP instead • SFTP is FTP over SSH So, You’ve got a Mac Server Open Directory • Synology has installable apps • Directory Server – LDAP • Active Directory Server – AD • QNAP has AD and LDAP server built-in So, You’ve got a Mac Server Lightning Round • Profile Manager • MicroMDM • Outsource (I hear SimpleMDM is good) • Netinstall • BSDPy • Software Update • Reposado server Docker Docker • Installable on both platforms • Docker package on Synology • Container Station package on QNAP • Both vendors have a Docker GUI • Support CLI docker and docker-compose commands Docker @ Simantel • Crypt Server (for now… (hi Catalina)) • Munki server • munkireport-php • Reposado server • DokuWiki • Snipe-IT • Unifi Controller Tips/Advice Tips/Advice Reverse Proxies Tips/Advice, Reverse Proxies • Built-in, turnkey solution on Synology • Can send traffic like https://crypt.Simantel.com to http://localhost:8080 • Add SSL certs without reconfiguring the destination server • Access Control Profiles • Enable if running internal and external websites • Control what subnets can access a site • Not turnkey on QNAP Tips/Advice, Disks • Most Suggested • Western Digital Red • Seagate IronWolf • IronWolf has better SMART integration • Look at BackBlaze’s drive statistics • https://www.backblaze.com/b2/hard-drive-test-data.html Tips/Advice, Disks • Buy drives from multiple sources • If buying 12 drives, buy 4 from Amazon, 4 from Newegg, and 4 from CDW • Check each drives warranty • Purchase a cold spare Tips/Advice, RAID • Don’t use RAID 5, use RAID 6 instead • RAID isn’t a backup • Not protected from data corruption, file deletion, crypto, etc. • Always have a cold spare Tips/Advice, RAID • Synology has it’s own RAID type, SHR/2 • Synology Hybrid RAID • SHR == RAID 5 and SHR2 == RAID 6 • Allows non-matching drives • Immediate volume expansion • RAID 6 is faster than SHR/2 • Not all Synology models support SHR/2 • It’s listed under “Supported RAID Types” as “Synology Hybrid RAID” on a models specs page • Synology RAID calculator • https://www.synology.com/en-us/support/RAID_calculator Tips/Advice, File Systems • Use BTRFS or ZFS for your filesystem • Data scrubbing • Repairs inconsistencies with data in the file systems • Schedule data scrubbing • Every 1-3 months • Snapshots • Setup snapshots • Snapshot replication • Requires the same FS (BTRFS → BTRFS ; ZFS → ZFS) Tips/Advice, Backups • Backup your NAS • Follow the 3-2-1 rule • 3 copies of your data • 2 storage mediums • 1 offsite • Local backups • Snapshots (with replication) • Synology Hyper Backup package • QNAP Hybrid Backup package • Online backups • Amazon S3/Glacier • BackBlaze B2 • Wasabi Tips/Advice, HA! • High Availability • Synology’s xs/+ line, QNAP’s ES line • Synology - High Availability listed on a models specs page • QNAP - High Availability listed on a models software specs page • Both models must be mirrors of each other Tips/Advice, Notifications • Notifies of disk and other hardware failures • Enable Notifications • Support for both Email and SMS • Test your notifications Tips/Advice, Speed • Use 10Gbe if you have the infrastructure • 10Gbe sometimes sold separately • Setup an SSD cache* • Can be either M.2 or Sata • M.2 PCIe card sold separately • *Except for large sequential read or write operations (video) • Only select models support 10Gbe and M.2 • Typically looking for a model with 10Gbe built-in Tips/Advice, Model Names • Synology has a documented model naming scheme Tips/Advice, Model Names • Synology has a documented model naming scheme • RS18017XS+ == Rack Station, 180 drives, from 2017, high- performance • DS3018XS == Disk Station, 30 drives, from 2018, high-performance • DS418play == Disk Station, 4 drives, made for playing video • QNAP doesn’t appear to have a documented naming scheme Tips/Advice, SSH/SFTP • Avoid opening SSH or SFTP on your firewall • If you have to, use a white list • Require a VPN connection • Avoid port 22 • Use keypairs + passwords • SSH requires admin privileges on Synology Tips/Advice, Data Migration • Sanitize your filenames and paths • Illegal characters: / ? < > \ : * “ | • Spaces at the end of filenames is a day ruiner • People make the most broken

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    61 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us