Upload
others
View
12
Download
0
Embed Size (px)
Citation preview
From Mac Servers to NASThe Great Migration
Bryan Heinz
$(whoami)• Hi, I’m Bryan 👋• Twitter: @cookie_lust• Slack: @bheinz
• I live in Peoria, IL.• AKA 3 hours south of Chicago• AKA 3 hours north of St. Louis
$(whoami)
• IT Manager @ Simantel• B2B marketing firm• On-prem & cloud servers, DEP&MDM, network, end-point
management, etc. etc. etc.
I doall the things
$(whoami)
• IT Manager @ Simantel• B2B marketing firm• On-prem & cloud servers, DEP&MDM, network, end-point
management, etc. etc. etc.• I’ve worked in IT for around 11 years• I’ve worked with Synology devices for around 6 years• To a lesser extent, QNAP• Archive and backup needs kickstarted my work with
Synology
Server
Synology 1 Synology 2
Expectations
• This talk will include• What a NAS server is• A map of Server.app services to these NAS’• Other uses for NAS’• Tips and advice on using a NAS
• This talk won’t include• How to implement any of this stuff (good luck)• What you should buy
The Takeaway• If NAS’ are the correct tool for your org 🔩🔨• What you can use a NAS for• Ideas on what vendor and model is for you
☣ Disclaimer ☣
Disclaimer ☣
• Tried to make this talk vendor agnostic, but…• This talk will be skewed towards Synology• Synology and QNAP are the best…• For the kind of use cases I’m talking about today
• i.e. more than just storage• Other vendors lack turnkey applications and documentation
• I have zero affiliation with any vendors• I’m not trying to sell you a thing
NAS What?
NAS What?
• Network Attached Storage• AFP, SMB, NFS
• More than just storage• Relatively cheap• Base/primary unit• Computers with a CPU, RAM, other computery things
• Expansion units for even more storage
NAS What? Oh, ess.• Run their own Linux flavor 🍨• Synology DSM
Not theDiagnostic and Statistical Manual of Mental Disorders(DSM-5)
NAS What? Oh, ess.• Run their own Linux flavor 🍨• Synology DSM• QNAP QTS
• Support SSH and basic Linux commands• cd• ls• sudo rm –rf /*• Etc.
NAS What? Oh, ess.
• “App Store”• Synology’s “Package Center”• QNAP’s “App Center”
• CLI Install• Use caution• Synology dpkg• QNAP qpkg
NAS What? FS.
• Both support EXT4• Synology supports BTRFS
Synology supportsBTRFS (Butter FS)
NAS What? FS.
• Both support EXT4• Synology supports BTRFS (“Butter FS”)• QNAP supports ZFS
So, You’ve got a Mac Server• NAS turnkey solution for most Server.app services
• Calendar & Contact syncing• File Sharing• Mail• Messages• Time Machine• VPN• Websites• Wiki• DHCP & DNS• FTP• Open Directory
So, You’ve got a Mac Server
• Non-turnkey solutions to run a few other services• Profile Manager• Netinstall• Software Update
• A couple that require macOS• Caching server• Xcode server
So, You’ve got a Mac ServerCalendars & Contacts• Alternatives to Contacts & Calendar syncing• CalDav (Calendar)• CardDav (Contacts)
• Synology• Installable Calendar and CardDAV package• Calendar is a full calendaring app + CalDav
• QNAP• No first-party support for CalDAV or CardDAV• Third-party solution: Radicale
• Verify it before use
So, You’ve got a Mac ServerFile Sharing• Protocols• AFP• SMB• NFS• WebDav
• Installable on Synology• Built-in on QNAP
• Permissions• Support for local or directory user & groups• You can mix and match local and directory users & groups
So, You’ve got a Mac ServerFile Sharing• Quotas• Synology
• Share specific storage quotas• User specific storage quotas
• QNAP• Only user specific storage quotas
So, You’ve got a Mac ServerMail• Don’t.• Synology has two different mail server installs• Mail Server• MailPlus Server
• High availability• Moar stats• Auditing• Cost Extra
• QNAP no first-party mail server support
So, You’ve got a Mac ServerMessages• No Jabber (XMPP) replacement• Synology has a proprietary chat server called “Chat”• QNAP supports installing the open source chat server
Mattermost
So, You’ve got a Mac ServerTime Machine• Both vendors support Time Machine• Synology Cloud Station Backup• Proprietary backup client/server• Works on macOS and Windows• Can’t mass deploy
• QNAP has NetBak Replicator• Proprietary backup client• Windows only
So, You’ve got a Mac ServerVPN• Installable on both platforms• Synology - VPN Server• QNAP - QVPN Service
• VPN Protocols• OpenVPN• L2TP over IPSec• PPTP• QBelt VPN
• Proprietary QNAP VPN service• Requires QVPN client application
So, You’ve got a Mac ServerWebsites• Both vendors support running web servers
• With support for virtual hosts• Synology Web Station
• Apache 2.2 or 2.4• NGINX 1.13• PHP 5.6, 7.0, or 7.2• MariaDB 5 or 10
• QNAP• Apache, PHP, and MySQL Built-in
• Let’s Encrypt• Built into Synology• QNAP requires myQNAPcloud
Let’s Encrypt (Tangent)
• Free, automated, and open certificate authority• It’s run by the non-profit
(ISRG)• It’s safe and secure to use• Supports wild card certs• Certs must be renewed every
3 months• Synology and QNAP
automagically handle renewals
So, You’ve got a Mac ServerWiki• Both vendors support installing DokuWiki and Media Wiki• No way to automated way of migrating• DokuWiki uses plain text files• I prefer DokuWiki
So, You’ve got a Mac ServerDHCP & DNS• DHCP Server• Built into Synology & QNAP
• DNS Server• Synology has a DNS Server package• QNAP doesn’t have a turnkey solution
So, You’ve got a Mac ServerFTP• Built into both vendors OS• Use SFTP instead• SFTP is FTP over SSH
So, You’ve got a Mac ServerOpen Directory• Synology has installable apps• Directory Server – LDAP• Active Directory Server – AD
• QNAP has AD and LDAP server built-in
So, You’ve got a Mac ServerLightning Round• Profile Manager• MicroMDM• Outsource (I hear SimpleMDM is good)
• Netinstall• BSDPy
• Software Update• Reposado server
Docker
Docker
• Installable on both platforms • Docker package on Synology• Container Station package on QNAP
• Both vendors have a Docker GUI• Support CLI docker and docker-compose commands
Docker @ Simantel
• Crypt Server (for now… (hi Catalina))• Munki server• munkireport-php• Reposado server• DokuWiki• Snipe-IT• Unifi Controller
Tips/Advice
Tips/AdviceReverse Proxies
Tips/Advice, Reverse Proxies
• Built-in, turnkey solution on Synology• Can send traffic like https://crypt.Simantel.com to
http://localhost:8080• Add SSL certs without reconfiguring the destination server• Access Control Profiles• Enable if running internal and external websites• Control what subnets can access a site
• Not turnkey on QNAP
Tips/Advice, Disks
• Most Suggested• Western Digital Red• Seagate IronWolf
• IronWolf has better SMART integration• Look at BackBlaze’s drive statistics• https://www.backblaze.com/b2/hard-drive-test-data.html
Tips/Advice, Disks
• Buy drives from multiple sources• If buying 12 drives, buy 4 from Amazon, 4 from Newegg, and 4
from CDW• Check each drives warranty• Purchase a cold spare
Tips/Advice, RAID
• Don’t use RAID 5, use RAID 6 instead• RAID isn’t a backup• Not protected from data corruption, file deletion, crypto, etc.
• Always have a cold spare
Tips/Advice, RAID• Synology has it’s own RAID type, SHR/2• Synology Hybrid RAID• SHR == RAID 5 and SHR2 == RAID 6• Allows non-matching drives• Immediate volume expansion• RAID 6 is faster than SHR/2• Not all Synology models support SHR/2• It’s listed under “Supported RAID Types” as “Synology Hybrid
RAID” on a models specs page• Synology RAID calculator• https://www.synology.com/en-us/support/RAID_calculator
Tips/Advice, File Systems• Use BTRFS or ZFS for your filesystem• Data scrubbing• Repairs inconsistencies with data in the file systems• Schedule data scrubbing
• Every 1-3 months
• Snapshots• Setup snapshots• Snapshot replication
• Requires the same FS (BTRFS → BTRFS ; ZFS → ZFS)
Tips/Advice, Backups• Backup your NAS• Follow the 3-2-1 rule
• 3 copies of your data• 2 storage mediums• 1 offsite
• Local backups• Snapshots (with replication)• Synology Hyper Backup package• QNAP Hybrid Backup package
• Online backups• Amazon S3/Glacier• BackBlaze B2• Wasabi
Tips/Advice, HA!
• High Availability• Synology’s xs/+ line, QNAP’s ES line
• Synology - High Availability listed on a models specs page• QNAP - High Availability listed on a models software specs page
• Both models must be mirrors of each other
Tips/Advice, Notifications
• Notifies of disk and other hardware failures• Enable Notifications• Support for both Email and SMS• Test your notifications
Tips/Advice, Speed
• Use 10Gbe if you have the infrastructure• 10Gbe sometimes sold separately
• Setup an SSD cache*• Can be either M.2 or Sata• M.2 PCIe card sold separately• *Except for large sequential read or write operations (video)
• Only select models support 10Gbe and M.2• Typically looking for a model with 10Gbe built-in
Tips/Advice, Model Names
• Synology has a documented model naming scheme
Tips/Advice, Model Names
• Synology has a documented model naming scheme• RS18017XS+ == Rack Station, 180 drives, from 2017, high-
performance• DS3018XS == Disk Station, 30 drives, from 2018, high-performance• DS418play == Disk Station, 4 drives, made for playing video
• QNAP doesn’t appear to have a documented naming scheme
Tips/Advice, SSH/SFTP
• Avoid opening SSH or SFTP on your firewall• If you have to, use a white list• Require a VPN connection• Avoid port 22
• Use keypairs + passwords• SSH requires admin privileges on Synology
Tips/Advice, Data Migration
• Sanitize your filenames and paths• Illegal characters: / ? < > \ : * “ |• Spaces at the end of filenames is a day ruiner• People make the most broken filenames somehow
• A way to migrate• Mount the old storage onto your NAS• SSH into your NAS• Rsync from the old mounted share to your new share
Tips/Advice, Misc.
• Only store data in shares• Don’t change system config files via CLI• L2TP over IPSec only allows 1 connection per WAN• Synology’s tier 2 support response times are slow• Don’t plug APFS drives into a Synology
Still need a Mac server?
• Server.app is dead to us• macOS Only• Xcode server• Caching server• AutoPkg
• macOS or Windows• Adobe Software Update Server• FontExplorer X Pro Server
Conclusion
• macOS• Server is deprecated• Still needed for some tasks
• NAS’ are great• Lots of storage• Versatile• Cheap
Wrap-up
• MacAdmins Slack, join us• http://macadmins.org• #synology & #qnap channels
• Where you can stalk me• Twitter @cookie_lust – note the _• Slack @bheinz• Blog/Slides kernelpanic.me
Thanks!
• Robert Hammen• Chris Dawe• Steve Yuroff• Rick Heil• All of you
Q&A
• MacAdmins Slack, join us• http://macadmins.org• #synology & #qnap channels
• Where you can stalk me• Twitter @cookie_lust – note the _• Slack @bheinz• Blog/Slides kernelpanic.me