Assistance with setup of NAS, VPN, + Backup

[Commander_Dork]

I hope the image below makes sense... yes I drew it in paint  don't judge lol. lemme know if I'm missing any necessary info for you to help out 

[Electronics Wizardy]

Why not run the VPN on the NAS? Normally you don't run a VPN on the switch. If you want to limit nas access use permissions on the nas. You can do a point to point link if you want though.

 

Otherwise this setup should work fine.

[Commander_Dork]

1 minute ago, Electronics Wizardy said:

Why not run the VPN on the NAS? Normally you don't run a VPN on the switch. If you want to limit nas access use permissions on the nas. You can do a point to point link if you want though.

 

Otherwise this setup should work fine.

I think I will run the VPN on the NAS but I also figured that since some switches can support a VPN I might do that but I think I will go with a proxmox server or maybe CasaOS.

[Electronics Wizardy]

1 minute ago, Commander_Dork said:

I think I will run the VPN on the NAS but I also figured that since some switches can support a VPN I might do that but I think I will go with a proxmox server or maybe CasaOS.

Why not run Proxmox on the NAS?

 

I'd probably stay away from CasaOS, last time I tried it the GUI wasn't great and there are other ways to run docker containers.

[Commander_Dork]

8 minutes ago, Electronics Wizardy said:

Why not run the VPN on the NAS? Normally you don't run a VPN on the switch. If you want to limit nas access use permissions on the nas. You can do a point to point link if you want though.

 

Otherwise this setup should work fine.

Would you be able to give me a link for learning about point to point connections for across networks?

[Electronics Wizardy]

1 minute ago, Commander_Dork said:

Would you be able to give me a link for learning about point to point connections for across networks?

I was thinking for the high speed link, just run a cable between the NAS and your PC.

 

But really no need to make a seperate network for your NAS and the rest of the network, permissions will be fine here.

[Commander_Dork]

54 minutes ago, Electronics Wizardy said:

I was thinking for the high speed link, just run a cable between the NAS and your PC.

 

But really no need to make a seperate network for your NAS and the rest of the network, permissions will be fine here.

The purpose for the switch is for connecting any other computers that will need access since I want to run a 2.5gb connection to each of the computers. The VPN is to have it reach out to an off premise back up securely. We've actually had fires set intentionally to our building 3 times now and we don't want to risk losing everything. 

[Commander_Dork]

Not sure if I was able to explain that clearly or not idk if you were saying that I don't need a VPN or you were just talking about the local side of things 

[FlyingPotato_is_taken]

2 hours ago, Commander_Dork said:

yes I drew it in paint  don't judge lol

My eyes .Next time dark mode. 

 

 

Drop the Pi5 and get a Intel N100 as backup NAS.

For the primary NAS: If you don't want the Network B interacting with Network A use a VLAN to your NAS VM and configure a firewall for this. You might just run the firewall for this VLAN in a Proxmox VM (so it basically is none existent for the other network gear. Removing complexity there but adding a separate firewall VM).

 

[Network B] ---- [Internet] --- [Network A] ----[VLAN] --- [Firewall in a Proxmox VM] --- [virtual NIC/network on the proxmox instance] ---- [NAS (Proxmox VM)]

 

1 hour ago, Commander_Dork said:

The VPN is to have it reach out to an off premise back up securely. We've actually had fires set intentionally to our building 3 times now and we don't want to risk losing everything. 

You could look into cloud storage like Backblaze B2 ($6/(month*tb)) or Wasabi ($7/(month*tb)).

Lower cost could be Amazon deep glacier. Exact figures/cost for Amazon is complex.

[Commander_Dork]

1 hour ago, FlyingPotato_is_taken said:

You could look into cloud storage like Backblaze B2 ($6/(month*tb)) or Wasabi ($7/(month*tb)).

Lower cost could be Amazon deep glacier. Exact figures/cost for Amazon is complex.

I tried so many times to recommend it to them but they didn't want any monthly fees like that.

 

1 hour ago, FlyingPotato_is_taken said:

Drop the Pi5 and get a Intel N100 as backup NAS.

That's what I wanted to do but I already have an Rpi5 and since I really don't need anything faster I'm not too concerned. 

1 hour ago, FlyingPotato_is_taken said:

For the primary NAS: If you don't want the Network B interacting with Network A use a VLAN to your NAS VM and configure a firewall for this.

Something I realized I forgot to mention is the backup will be stored at my house (network B). If I setup a VLAN on my NAS then I can use a firewall to allow traffic to and from an external device on a completely separate network? 

(pls forgive the lack of understanding, I love all this stuff but I still am very new) 

1 hour ago, FlyingPotato_is_taken said:

My eyes .Next time dark mode. 

LOL 

 

also ignore the fact that I just quoted everything backwards xD

[LIGISTX]

20 minutes ago, Commander_Dork said:

I tried so many times to recommend it to them but they didn't want any monthly fees like that.

How much data are we talking about backing up here? If a company can’t Willow paying ~30 bucks a month for cloud backup of its digital assets…… that company probably can’t afford to continue functioning. 
 

I backup 4ish TB to backblaze B2, and it’s ~25 bucks a month. This shouldn’t even be a consideration for a company, it should entirely be rolled into “cost of doing business”. 
 

I would also not recommend storing company data at your house unless it’s your company. That puts you in a potentially rough place legally (if it was stolen, or bad opsec lead to sensitive data being stolen/accessed), and puts a lot of responsibility on you personally. I’d avoid this at all cost. 

[FlyingPotato_is_taken]

1 hour ago, Commander_Dork said:

If I setup a VLAN on my NAS then I can use a firewall to allow traffic to and from an external device on a completely separate network? 

Imagine a VLAN like a separate network running through separate cables, switches and all have their own firewall rules. The difference it's all virtual. The router and the like add a tag to each data package that reads to which network (VLAN) it belongs and is only routed within this virtual network. Over simplified but I hope the idea is clear.

The beautify is that with just one RJ45-ethernet port and one network cable you could run more than a dozen separated networks.

With networking there doesn't even need to be an outgoing connection. You could just spin up a virtual network within a Server that only exists between virtual machines.

 

----

 

I agree with @LIGISTX Explain them why cloud is the better option:

• Show them how long the purchased hardware would take to break even compared to the "subscription". 
• Show them how price stable e.g. Backblaze has been. 
• Data security is also better. First of all they aren't in the same region so a wildfire wouldn't take out the company and the backup. Second the hardware is far more reliably setup. Third physical access to a datacentre is reasonable restricted (far better than a home).
• Show them that the data/backup can be encrypted locally. Meaning the cloud storage provider has no clue what the data is. You might as well could publish it and likely nobody could crack it (not recommended to publish backups).
• Not sure if Backblaze still offers it. In the past they had the option to purchase HDDs with the data to restore the data if the internet connection was too slow.
• Demonstrate how easy and quick it is to migrate from e.g. Backblaze to Wasahbai if there is an issue with Backblaze.
• Explain to them that you don't want any customer, employee or emails/message data backup at home. Make sure to cover your butt with the contract if they still reject the cloud option and want it at your home.

[Commander_Dork]

41 minutes ago, LIGISTX said:

How much data are we talking about backing up here? If a company can’t Willow paying ~30 bucks a month for cloud backup of its digital assets…… that company probably can’t afford to continue functioning. 
 

I backup 4ish TB to backblaze B2, and it’s ~25 bucks a month. This shouldn’t even be a consideration for a company, it should entirely be rolled into “cost of doing business”. 
 

I would also not recommend storing company data at your house unless it’s your company. That puts you in a potentially rough place legally (if it was stolen, or bad opsec lead to sensitive data being stolen/accessed), and puts a lot of responsibility on you personally. I’d avoid this at all cost. 

The problem is it's not an official company or business but does conduct some legal affairs albeit none of the files being stored are like legal documents. It's a church so most things are run by individual families with the exception of legal affairs. I am the only one with any kind of IT knowledge so they often fall back on me for assistance and I fall back on here if I don't know it XD. The items being stored are all the kind of items that can be rebuilt but are a pain in the butt to lose and it would be extremely frustrating to lose. Wouldn't get into legal issues it's just there are a lot of files frequently referenced. I think a 4tb cloud backup mentioned like back blaze would be perfect especially considering the price. It also saves me a tremendous amount of work. 

[LIGISTX]

12 minutes ago, Commander_Dork said:

The problem is it's not an official company or business but does conduct some legal affairs albeit none of the files being stored are like legal documents. It's a church so most things are run by individual families with the exception of legal affairs. I am the only one with any kind of IT knowledge so they often fall back on me for assistance and I fall back on here if I don't know it XD. The items being stored are all the kind of items that can be rebuilt but are a pain in the butt to lose and it would be extremely frustrating to lose. Wouldn't get into legal issues it's just there are a lot of files frequently referenced. I think a 4tb cloud backup mentioned like back blaze would be perfect especially considering the price. It also saves me a tremendous amount of work. 

If you backup directly from a normal windows PC, it’s like 7 bucks a month for unlimited storage…. So I would just do that. 

[Commander_Dork]

16 minutes ago, LIGISTX said:

If you backup directly from a normal windows PC, it’s like 7 bucks a month for unlimited storage…. So I would just do that. 

Yeah that's WAYYYYY better than what I was thinking. I kinda wanted to do the whole network setup to get more experience but honestly since it's not my personal data that's a way better option. thanks a lot dude!