why?
One day, due to the breakdown of the maionboard of the SME without any warning, I had to use suddenly such a decentralized network in a productiv way.
After it was clear that the hardware of the SME was broken, I tried to run the backup server as a production server by using "affa --rise". Unfornately, because of Murphy's law, it didn't work as expected this time (inspite I had positivly tested previously the conversion of the server), about 1/3 of the services couldn't be used.
I restored by hand in a dirty way the main fonctions of the SME server to get the time to build something different.
It was for me clear that "all-in-one" is too risky: "loosing one" can result in "loosing all" and this produces .......some stress!
How?
Steps:
- In a first time, I used the (low power) Proxmox testing machine to build a virtual network an to test the architecture: how many machines? Which OS? Which services/functions done by which machine? What is the strategy for backups?
- Then I ran the Proxmox testing machine in a productive way to confirm that the strategy is OK or in order to correct some unexpected problems. In addition, I wanted to shutdown the SME as soon as possible and reuse the hardware to achieve backups of the Proxmox.
In the meantime the hardware of the "old" production SME has been repaired I could use it for a NAS. - Finally I bought new hardware for the pfSense and for the Proxmox.
The general concept:
The general concept is in fact very simple: (diagram coming soon!!)
Architecture:
- very basic with WAN, DMZ and LAN. A router/firewall managing the communication between the parts of the network.
- DMZ is accessible from the WAN only on the ports that are in use.
- no communication from WAN to LAN and from DMZ to LAN
Distributions:
I tried to use the "best" (in my point of view!) specific distribution to achieve each group of fonctions.
- Router/firewall: pfSense
- Email-staff: NethServer as a VM
- Main web applications: Nethserver as a VM
- Secondary web applications: over Docker containers on a Debian VM
- Files and storage: FreeNAS
- Host for VMs: Proxmox