Homelab upgrade - "Modern" alternatives to NFS, SSHFS?
-
I'd only use sshfs if there's no other alternative. Like if you had to copy over a slow internet link and sync wasn't available.
NFS is fine for local network filesystems. I use it everywhere and it's great. Learn to use autos and NFS is just automatic everywhere you need it.
-
Gotta agree. Even better if backed by zfs.
-
By default, unencrypted, and unauthenticated, and permissions rely on IDs the client can fake.
May or may not be a problem in practice, one should think about their personal threat model.
Mine are read only and unauthenticated because they're just media files, but I did add unneeded encryption via ktls because it wasn't too hard to add (I already had a valid certificate to reuse)
-
I don't know what you're on about, I'm talking about segregating with vlans and firewall.
If you're encrypting your San connection, your architecture is wrong.
-
That's what I though you were saying
-
NFS is good for hypervisor level storage. If someone compromises the host system you are in trouble.
-
Oh, OK. I should have elaborated.
Yes, agreed. It's so difficult to secure NFS that it's best to treat it like a local connection and just lock it right down, physically and logically.
When i can, I use iscsi, but tuned NFS is almost as fast. I have a much higher workload than op, and i still am unable to bottleneck.
-
Have you ever used NFS in a larger production environment? Many companies coming from VMware have expensive SAN systems and Proxmox doesn't have great support for iscsi
-
Yes, i have. Same security principles in 2005 as today.
Proxmox iscsi support is fine.
-
-
Last time I had a problem with ceph losing data was during 0.10, does it still happen?
-
-
-
-
-
-
-
-
But NFS has mediocre snapshotting capabilities (unless his setup also includes >10g nics)
-
NFS + Kerberos?
But everything I read about NFS amd so on: You deploy it on a dedicated storage LAN and not in your usual networking LAN.
