From Mac Servers to NASThe Great Migration
Bryan Heinz
$(whoami)⢠Hi, Iâm Bryan đ⢠Twitter: @cookie_lust⢠Slack: @bheinz
⢠I live in Peoria, IL.⢠AKA 3 hours south of Chicago⢠AKA 3 hours north of St. Louis
$(whoami)
⢠IT Manager @ Simantel⢠B2B marketing firm⢠On-prem & cloud servers, DEP&MDM, network, end-point
management, etc. etc. etc.
I doall the things
$(whoami)
⢠IT Manager @ Simantel⢠B2B marketing firm⢠On-prem & cloud servers, DEP&MDM, network, end-point
management, etc. etc. etc.⢠Iâve worked in IT for around 11 years⢠Iâve worked with Synology devices for around 6 years⢠To a lesser extent, QNAP⢠Archive and backup needs kickstarted my work with
Synology
Server
Synology 1 Synology 2
Expectations
⢠This talk will include⢠What a NAS server is⢠A map of Server.app services to these NASâ⢠Other uses for NASâ⢠Tips and advice on using a NAS
⢠This talk wonât include⢠How to implement any of this stuff (good luck)⢠What you should buy
The Takeaway⢠If NASâ are the correct tool for your org đŠđ¨â˘ What you can use a NAS for⢠Ideas on what vendor and model is for you
⣠Disclaimer âŁ
Disclaimer âŁ
⢠Tried to make this talk vendor agnostic, butâŚâ˘ This talk will be skewed towards Synology⢠Synology and QNAP are the bestâŚâ˘ For the kind of use cases Iâm talking about today
⢠i.e. more than just storage⢠Other vendors lack turnkey applications and documentation
⢠I have zero affiliation with any vendors⢠Iâm not trying to sell you a thing
NAS What?
NAS What?
⢠Network Attached Storage⢠AFP, SMB, NFS
⢠More than just storage⢠Relatively cheap⢠Base/primary unit⢠Computers with a CPU, RAM, other computery things
⢠Expansion units for even more storage
NAS What? Oh, ess.⢠Run their own Linux flavor đ¨â˘ Synology DSM
Not theDiagnostic and Statistical Manual of Mental Disorders(DSM-5)
NAS What? Oh, ess.⢠Run their own Linux flavor đ¨â˘ Synology DSM⢠QNAP QTS
⢠Support SSH and basic Linux commands⢠cd⢠ls⢠sudo rm ârf /*⢠Etc.
NAS What? Oh, ess.
⢠âApp Storeâ⢠Synologyâs âPackage Centerâ⢠QNAPâs âApp Centerâ
⢠CLI Install⢠Use caution⢠Synology dpkg⢠QNAP qpkg
NAS What? FS.
⢠Both support EXT4⢠Synology supports BTRFS
Synology supportsBTRFS (Butter FS)
NAS What? FS.
⢠Both support EXT4⢠Synology supports BTRFS (âButter FSâ)⢠QNAP supports ZFS
So, Youâve got a Mac Server⢠NAS turnkey solution for most Server.app services
⢠Calendar & Contact syncing⢠File Sharing⢠Mail⢠Messages⢠Time Machine⢠VPN⢠Websites⢠Wiki⢠DHCP & DNS⢠FTP⢠Open Directory
So, Youâve got a Mac Server
⢠Non-turnkey solutions to run a few other services⢠Profile Manager⢠Netinstall⢠Software Update
⢠A couple that require macOS⢠Caching server⢠Xcode server
So, Youâve got a Mac ServerCalendars & Contacts⢠Alternatives to Contacts & Calendar syncing⢠CalDav (Calendar)⢠CardDav (Contacts)
⢠Synology⢠Installable Calendar and CardDAV package⢠Calendar is a full calendaring app + CalDav
⢠QNAP⢠No first-party support for CalDAV or CardDAV⢠Third-party solution: Radicale
⢠Verify it before use
So, Youâve got a Mac ServerFile Sharing⢠Protocols⢠AFP⢠SMB⢠NFS⢠WebDav
⢠Installable on Synology⢠Built-in on QNAP
⢠Permissions⢠Support for local or directory user & groups⢠You can mix and match local and directory users & groups
So, Youâve got a Mac ServerFile Sharing⢠Quotas⢠Synology
⢠Share specific storage quotas⢠User specific storage quotas
⢠QNAP⢠Only user specific storage quotas
So, Youâve got a Mac ServerMail⢠Donât.⢠Synology has two different mail server installs⢠Mail Server⢠MailPlus Server
⢠High availability⢠Moar stats⢠Auditing⢠Cost Extra
⢠QNAP no first-party mail server support
So, Youâve got a Mac ServerMessages⢠No Jabber (XMPP) replacement⢠Synology has a proprietary chat server called âChatâ⢠QNAP supports installing the open source chat server
Mattermost
So, Youâve got a Mac ServerTime Machine⢠Both vendors support Time Machine⢠Synology Cloud Station Backup⢠Proprietary backup client/server⢠Works on macOS and Windows⢠Canât mass deploy
⢠QNAP has NetBak Replicator⢠Proprietary backup client⢠Windows only
So, Youâve got a Mac ServerVPN⢠Installable on both platforms⢠Synology - VPN Server⢠QNAP - QVPN Service
⢠VPN Protocols⢠OpenVPN⢠L2TP over IPSec⢠PPTP⢠QBelt VPN
⢠Proprietary QNAP VPN service⢠Requires QVPN client application
So, Youâve got a Mac ServerWebsites⢠Both vendors support running web servers
⢠With support for virtual hosts⢠Synology Web Station
⢠Apache 2.2 or 2.4⢠NGINX 1.13⢠PHP 5.6, 7.0, or 7.2⢠MariaDB 5 or 10
⢠QNAP⢠Apache, PHP, and MySQL Built-in
⢠Letâs Encrypt⢠Built into Synology⢠QNAP requires myQNAPcloud
Letâs Encrypt (Tangent)
⢠Free, automated, and open certificate authority⢠Itâs run by the non-profit
(ISRG)⢠Itâs safe and secure to use⢠Supports wild card certs⢠Certs must be renewed every
3 months⢠Synology and QNAP
automagically handle renewals
So, Youâve got a Mac ServerWiki⢠Both vendors support installing DokuWiki and Media Wiki⢠No way to automated way of migrating⢠DokuWiki uses plain text files⢠I prefer DokuWiki
So, Youâve got a Mac ServerDHCP & DNS⢠DHCP Server⢠Built into Synology & QNAP
⢠DNS Server⢠Synology has a DNS Server package⢠QNAP doesnât have a turnkey solution
So, Youâve got a Mac ServerFTP⢠Built into both vendors OS⢠Use SFTP instead⢠SFTP is FTP over SSH
So, Youâve got a Mac ServerOpen Directory⢠Synology has installable apps⢠Directory Server â LDAP⢠Active Directory Server â AD
⢠QNAP has AD and LDAP server built-in
So, Youâve got a Mac ServerLightning Round⢠Profile Manager⢠MicroMDM⢠Outsource (I hear SimpleMDM is good)
⢠Netinstall⢠BSDPy
⢠Software Update⢠Reposado server
Docker
Docker
⢠Installable on both platforms ⢠Docker package on Synology⢠Container Station package on QNAP
⢠Both vendors have a Docker GUI⢠Support CLI docker and docker-compose commands
Docker @ Simantel
⢠Crypt Server (for now⌠(hi Catalina))⢠Munki server⢠munkireport-php⢠Reposado server⢠DokuWiki⢠Snipe-IT⢠Unifi Controller
Tips/Advice
Tips/AdviceReverse Proxies
Tips/Advice, Reverse Proxies
⢠Built-in, turnkey solution on Synology⢠Can send traffic like https://crypt.Simantel.com to
http://localhost:8080⢠Add SSL certs without reconfiguring the destination server⢠Access Control Profiles⢠Enable if running internal and external websites⢠Control what subnets can access a site
⢠Not turnkey on QNAP
Tips/Advice, Disks
⢠Most Suggested⢠Western Digital Red⢠Seagate IronWolf
⢠IronWolf has better SMART integration⢠Look at BackBlazeâs drive statistics⢠https://www.backblaze.com/b2/hard-drive-test-data.html
Tips/Advice, Disks
⢠Buy drives from multiple sources⢠If buying 12 drives, buy 4 from Amazon, 4 from Newegg, and 4
from CDW⢠Check each drives warranty⢠Purchase a cold spare
Tips/Advice, RAID
⢠Donât use RAID 5, use RAID 6 instead⢠RAID isnât a backup⢠Not protected from data corruption, file deletion, crypto, etc.
⢠Always have a cold spare
Tips/Advice, RAID⢠Synology has itâs own RAID type, SHR/2⢠Synology Hybrid RAID⢠SHR == RAID 5 and SHR2 == RAID 6⢠Allows non-matching drives⢠Immediate volume expansion⢠RAID 6 is faster than SHR/2⢠Not all Synology models support SHR/2⢠Itâs listed under âSupported RAID Typesâ as âSynology Hybrid
RAIDâ on a models specs page⢠Synology RAID calculator⢠https://www.synology.com/en-us/support/RAID_calculator
Tips/Advice, File Systems⢠Use BTRFS or ZFS for your filesystem⢠Data scrubbing⢠Repairs inconsistencies with data in the file systems⢠Schedule data scrubbing
⢠Every 1-3 months
⢠Snapshots⢠Setup snapshots⢠Snapshot replication
⢠Requires the same FS (BTRFS â BTRFS ; ZFS â ZFS)
Tips/Advice, Backups⢠Backup your NAS⢠Follow the 3-2-1 rule
⢠3 copies of your data⢠2 storage mediums⢠1 offsite
⢠Local backups⢠Snapshots (with replication)⢠Synology Hyper Backup package⢠QNAP Hybrid Backup package
⢠Online backups⢠Amazon S3/Glacier⢠BackBlaze B2⢠Wasabi
Tips/Advice, HA!
⢠High Availability⢠Synologyâs xs/+ line, QNAPâs ES line
⢠Synology - High Availability listed on a models specs page⢠QNAP - High Availability listed on a models software specs page
⢠Both models must be mirrors of each other
Tips/Advice, Notifications
⢠Notifies of disk and other hardware failures⢠Enable Notifications⢠Support for both Email and SMS⢠Test your notifications
Tips/Advice, Speed
⢠Use 10Gbe if you have the infrastructure⢠10Gbe sometimes sold separately
⢠Setup an SSD cache*⢠Can be either M.2 or Sata⢠M.2 PCIe card sold separately⢠*Except for large sequential read or write operations (video)
⢠Only select models support 10Gbe and M.2⢠Typically looking for a model with 10Gbe built-in
Tips/Advice, Model Names
⢠Synology has a documented model naming scheme
Tips/Advice, Model Names
⢠Synology has a documented model naming scheme⢠RS18017XS+ == Rack Station, 180 drives, from 2017, high-
performance⢠DS3018XS == Disk Station, 30 drives, from 2018, high-performance⢠DS418play == Disk Station, 4 drives, made for playing video
⢠QNAP doesnât appear to have a documented naming scheme
Tips/Advice, SSH/SFTP
⢠Avoid opening SSH or SFTP on your firewall⢠If you have to, use a white list⢠Require a VPN connection⢠Avoid port 22
⢠Use keypairs + passwords⢠SSH requires admin privileges on Synology
Tips/Advice, Data Migration
⢠Sanitize your filenames and paths⢠Illegal characters: / ? < > \ : * â |⢠Spaces at the end of filenames is a day ruiner⢠People make the most broken filenames somehow
⢠A way to migrate⢠Mount the old storage onto your NAS⢠SSH into your NAS⢠Rsync from the old mounted share to your new share
Tips/Advice, Misc.
⢠Only store data in shares⢠Donât change system config files via CLI⢠L2TP over IPSec only allows 1 connection per WAN⢠Synologyâs tier 2 support response times are slow⢠Donât plug APFS drives into a Synology
Still need a Mac server?
⢠Server.app is dead to us⢠macOS Only⢠Xcode server⢠Caching server⢠AutoPkg
⢠macOS or Windows⢠Adobe Software Update Server⢠FontExplorer X Pro Server
Conclusion
⢠macOS⢠Server is deprecated⢠Still needed for some tasks
⢠NASâ are great⢠Lots of storage⢠Versatile⢠Cheap
Wrap-up
⢠MacAdmins Slack, join us⢠http://macadmins.org⢠#synology & #qnap channels
⢠Where you can stalk me⢠Twitter @cookie_lust â note the _⢠Slack @bheinz⢠Blog/Slides kernelpanic.me
Thanks!
⢠Robert Hammen⢠Chris Dawe⢠Steve Yuroff⢠Rick Heil⢠All of you
Q&A
⢠MacAdmins Slack, join us⢠http://macadmins.org⢠#synology & #qnap channels
⢠Where you can stalk me⢠Twitter @cookie_lust â note the _⢠Slack @bheinz⢠Blog/Slides kernelpanic.me