Transcription
Bryan HeinzFrom Mac Servers to NASThe Great Migration
(whoami) Hi, I’m Bryan Twitter: @cookie lust Slack: @bheinz I live in Peoria, IL. AKA 3 hours south of Chicago AKA 3 hours north of St. Louis
(whoami) IT Manager @ Simantel B2B marketing firm On-prem & cloud servers, DEP&MDM, network, end-pointmanagement, etc. etc. etc.
I doall the things
(whoami) IT Manager @ Simantel B2B marketing firm On-prem & cloud servers, DEP&MDM, network, end-pointmanagement, etc. etc. etc. I’ve worked in IT for around 11 years I’ve worked with Synology devices for around 6 years To a lesser extent, QNAP Archive and backup needs kickstarted my work withSynology
ServerSynology 1Synology 2
Expectations This talk will include What a NAS server isA map of Server.app services to these NAS’Other uses for NAS’Tips and advice on using a NAS This talk won’t include How to implement any of this stuff (good luck) What you should buy
The Takeaway If NAS’ are the correct tool for your org What you can use a NAS for Ideas on what vendor and model is for you
Disclaimer
Disclaimer Tried to make this talk vendor agnostic, but This talk will be skewed towards Synology Synology and QNAP are the best For the kind of use cases I’m talking about today i.e. more than just storage Other vendors lack turnkey applications and documentation I have zero affiliation with any vendors I’m not trying to sell you a thing
NAS What?
NAS What? Network Attached Storage AFP, SMB, NFS More than just storage Relatively cheap Base/primary unit Computers with a CPU, RAM, other computery things Expansion units for even more storage
NAS What?Oh, ess. Run their own Linux flavor Synology DSM
Not theDiagnostic and StatisticalManual of Mental Disorders(DSM-5)
NAS What?Oh, ess. Run their own Linux flavor Synology DSM QNAP QTS Support SSH and basic Linux commands cdlssudo rm –rf /*Etc.
NAS What?Oh, ess. “App Store” Synology’s “Package Center” QNAP’s “App Center” CLI Install Use caution Synology dpkg QNAP qpkg
NAS What?FS. Both support EXT4 Synology supports BTRFS
Synology supportsBTRFS (Butter FS)
NAS What?FS. Both support EXT4 Synology supports BTRFS (“Butter FS”) QNAP supports ZFS
So, You’ve got a Mac Server NAS turnkey solution for most Server.app services Calendar & Contact syncingFile SharingMailMessagesTime MachineVPNWebsitesWikiDHCP & DNSFTPOpen Directory
So, You’ve got a Mac Server Non-turnkey solutions to run a few other services Profile Manager Netinstall Software Update A couple that require macOS Caching server Xcode server
So, You’ve got a Mac ServerCalendars & Contacts Alternatives to Contacts & Calendar syncing CalDav (Calendar) CardDav (Contacts) Synology Installable Calendar and CardDAV package Calendar is a full calendaring app CalDav QNAP No first-party support for CalDAV or CardDAV Third-party solution: Radicale Verify it before use
So, You’ve got a Mac ServerFile Sharing Protocols AFPSMBNFSWebDav Installable on Synology Built-in on QNAP Permissions Support for local or directory user & groups You can mix and match local and directory users & groups
So, You’ve got a Mac ServerFile Sharing Quotas Synology Share specific storage quotas User specific storage quotas QNAP Only user specific storage quotas
So, You’ve got a Mac ServerMail Don’t. Synology has two different mail server installs Mail Server MailPlus Server High availabilityMoar statsAuditingCost Extra QNAP no first-party mail server support
So, You’ve got a Mac ServerMessages No Jabber (XMPP) replacement Synology has a proprietary chat server called “Chat” QNAP supports installing the open source chat serverMattermost
So, You’ve got a Mac ServerTime Machine Both vendors support Time Machine Synology Cloud Station Backup Proprietary backup client/server Works on macOS and Windows Can’t mass deploy QNAP has NetBak Replicator Proprietary backup client Windows only
So, You’ve got a Mac ServerVPN Installable on both platforms Synology - VPN Server QNAP - QVPN Service VPN Protocols OpenVPNL2TP over IPSecPPTPQBelt VPN Proprietary QNAP VPN service Requires QVPN client application
So, You’ve got a Mac ServerWebsites Both vendors support running web servers With support for virtual hosts Synology Web Station Apache 2.2 or 2.4NGINX 1.13PHP 5.6, 7.0, or 7.2MariaDB 5 or 10 QNAP Apache, PHP, and MySQL Built-in Let’s Encrypt Built into Synology QNAP requires myQNAPcloud
Let’s Encrypt (Tangent) Free, automated, and opencertificate authority It’s run by the non-profit(ISRG) It’s safe and secure to use Supports wild card certs Certs must be renewed every3 months Synology and QNAPautomagically handle renewals
So, You’ve got a Mac ServerWiki Both vendors support installing DokuWiki and Media Wiki No way to automated way of migrating DokuWiki uses plain text files I prefer DokuWiki
So, You’ve got a Mac ServerDHCP & DNS DHCP Server Built into Synology & QNAP DNS Server Synology has a DNS Server package QNAP doesn’t have a turnkey solution
So, You’ve got a Mac ServerFTP Built into both vendors OS Use SFTP instead SFTP is FTP over SSH
So, You’ve got a Mac ServerOpen Directory Synology has installable apps Directory Server – LDAP Active Directory Server – AD QNAP has AD and LDAP server built-in
So, You’ve got a Mac ServerLightning Round Profile Manager MicroMDM Outsource (I hear SimpleMDM is good) Netinstall BSDPy Software Update Reposado server
Docker
Docker Installable on both platforms Docker package on Synology Container Station package on QNAP Both vendors have a Docker GUI Support CLI docker and docker-compose commands
Docker @ Simantel Crypt Server (for now (hi Catalina)) Munki server munkireport-php Reposado server DokuWiki Snipe-IT Unifi Controller
Tips/Advice
Tips/AdviceReverse Proxies
Tips/Advice,Reverse Proxies Built-in, turnkey solution on Synology Can send traffic like https://crypt.Simantel.com tohttp://localhost:8080 Add SSL certs without reconfiguring the destination server Access Control Profiles Enable if running internal and external websites Control what subnets can access a site Not turnkey on QNAP
Tips/Advice,Disks Most Suggested Western Digital Red Seagate IronWolf IronWolf has better SMART integration Look at BackBlaze’s drive statistics html
Tips/Advice,Disks Buy drives from multiple sources If buying 12 drives, buy 4 from Amazon, 4 from Newegg, and 4from CDW Check each drives warranty Purchase a cold spare
Tips/Advice,RAID Don’t use RAID 5, use RAID 6 instead RAID isn’t a backup Not protected from data corruption, file deletion, crypto, etc. Always have a cold spare
Tips/Advice,RAID Synology has it’s own RAID type, SHR/2 Synology Hybrid RAIDSHR RAID 5 and SHR2 RAID 6Allows non-matching drivesImmediate volume expansionRAID 6 is faster than SHR/2Not all Synology models support SHR/2It’s listed under “Supported RAID Types” as “Synology HybridRAID” on a models specs page Synology RAID calculator https://www.synology.com/en-us/support/RAID calculator
Tips/Advice,File Systems Use BTRFS or ZFS for your filesystem Data scrubbing Repairs inconsistencies with data in the file systems Schedule data scrubbing Every 1-3 months Snapshots Setup snapshots Snapshot replication Requires the same FS (BTRFS BTRFS ; ZFS ZFS)
Tips/Advice,Backups Backup your NAS Follow the 3-2-1 rule 3 copies of your data 2 storage mediums 1 offsite Local backups Snapshots (with replication) Synology Hyper Backup package QNAP Hybrid Backup package Online backups Amazon S3/Glacier BackBlaze B2 Wasabi
Tips/Advice,HA! High Availability Synology’s xs/ line, QNAP’s ES line Synology - High Availability listed on a models specs page QNAP - High Availability listed on a models software specs page Both models must be mirrors of each other
Tips/Advice, Notifications Notifies of disk and other hardware failures Enable Notifications Support for both Email and SMS Test your notifications
Tips/Advice, Speed Use 10Gbe if you have the infrastructure 10Gbe sometimes sold separately Setup an SSD cache* Can be either M.2 or Sata M.2 PCIe card sold separately *Except for large sequential read or write operations (video) Only select models support 10Gbe and M.2 Typically looking for a model with 10Gbe built-in
Tips/Advice,Model Names Synology has a documented model naming scheme
Tips/Advice,Model Names Synology has a documented model naming scheme RS18017XS Rack Station, 180 drives, from 2017, highperformance DS3018XS Disk Station, 30 drives, from 2018, high-performance DS418play Disk Station, 4 drives, made for playing video QNAP doesn’t appear to have a documented namingscheme
Tips/Advice,SSH/SFTP Avoid opening SSH or SFTP on your firewall If you have to, use a white list Require a VPN connection Avoid port 22 Use keypairs passwords SSH requires admin privileges on Synology
Tips/Advice, DataMigration Sanitize your filenames and paths Illegal characters: / ? \ : * “ Spaces at the end of filenames is a day ruiner People make the most broken filenames somehow A way to migrate Mount the old storage onto your NAS SSH into your NAS Rsync from the old mounted share to your new share
Tips/Advice,Misc. Only store data in shares Don’t change system config files via CLI L2TP over IPSec only allows 1 connection per WAN Synology’s tier 2 support response times are slow Don’t plug APFS drives into a Synology
Still need a Mac server? Server.app is dead to us macOS Only Xcode server Caching server AutoPkg macOS or Windows Adobe Software Update Server FontExplorer X Pro Server
Conclusion macOS Server is deprecated Still needed for some tasks NAS’ are great Lots of storage Versatile Cheap
Wrap-up MacAdmins Slack, join us http://macadmins.org #synology & #qnap channels Where you can stalk me Twitter @cookie lust – note the Slack @bheinz Blog/Slides kernelpanic.me
Thanks! Robert Hammen Chris Dawe Steve Yuroff Rick Heil All of you
Q&A MacAdmins Slack, join us http://macadmins.org #synology & #qnap channels Where you can stalk me Twitter @cookie lust – note the Slack @bheinz Blog/Slides kernelpanic.me
Tips/Advice,RAID Don’t use RAID 5, use RAID 6 instead RAID isn’t a backup Not protected from data corruption, file deletion, crypto, etc. Always have a cold spare. Tips/Advice,RAID Synology has it’s own RAID type, SHR/2 Synology Hybri
