Homelab upgrade - "Modern" alternatives to NFS, SSHFS?
-
Gotta agree. Even better if backed by zfs.
-
By default, unencrypted, and unauthenticated, and permissions rely on IDs the client can fake.
May or may not be a problem in practice, one should think about their personal threat model.
Mine are read only and unauthenticated because they're just media files, but I did add unneeded encryption via ktls because it wasn't too hard to add (I already had a valid certificate to reuse)
-
I don't know what you're on about, I'm talking about segregating with vlans and firewall.
If you're encrypting your San connection, your architecture is wrong.
-
That's what I though you were saying
-
NFS is good for hypervisor level storage. If someone compromises the host system you are in trouble.
-
Oh, OK. I should have elaborated.
Yes, agreed. It's so difficult to secure NFS that it's best to treat it like a local connection and just lock it right down, physically and logically.
When i can, I use iscsi, but tuned NFS is almost as fast. I have a much higher workload than op, and i still am unable to bottleneck.
-
Have you ever used NFS in a larger production environment? Many companies coming from VMware have expensive SAN systems and Proxmox doesn't have great support for iscsi
-
Yes, i have. Same security principles in 2005 as today.
Proxmox iscsi support is fine.
-
-
Last time I had a problem with ceph losing data was during 0.10, does it still happen?
-
-
-
-
-
-
-
-
But NFS has mediocre snapshotting capabilities (unless his setup also includes >10g nics)
-
NFS + Kerberos?
But everything I read about NFS amd so on: You deploy it on a dedicated storage LAN and not in your usual networking LAN.
-
At least something that's distributed and fail safe (assuming OP targets this goal).
And if proxmox doesnt support it natively, someone could probably still config it local on the underlying debian OS.
