If your small business is in the market for a new server and wants to keep the costs as low as possible, you’re in luck–NethServer 7 has been released, and it offers serious improvements over previous iterations. Let’s examine this new take on NethServer that is billed as a server that will make sysadmin’s lives easier…with the help of open source.
Built-in Samba Active Directory Controller
Out of the box, NethServer 7 can now act as a Samba Active Directory Controller–this is pretty big news. It means you can replace that aging and expensive Windows Active Directory Domain Controller and enjoy native Windows management tools like RSAT and AD PowerShell. You can also deploy group policies, and Windows workstations can seamlessly join the Active Directory domain without having to tweak the Windows registry so they can join the Samba AD.
NethServer 7 also includes the mechanism for centralized account management (aka multi-site), with support for authentication and authorization against either a local or a remote account provider such as:
- Samba 4 AD Domain Controller
- Remote Active Directory via Microsoft or Samba
Nextcloud, an incredibly powerful, flexible, and reliable cloud server, is coming along for the NethServer 7 ride. Although Nextcloud is not installed by default, you can install it via the NethServer 7 Software Center (Figure A).
Improved certificate management
Chances are, you’ve had to manage an SSL certificate for one server or another. If that’s the case, you know how much of a hassle that can be.
NethServer 7 has improved upon that process to make it easy to manage your certificates. You can edit the default self-signed certificate or easily upload a custom certificate purchased by an SSL provider (Figure B). That same NethServer panel allows for the requesting of certificates via Let’s Encrypt.
Improved transparent HTTPS proxy
Prior to NethServer 7, the platform made use of a Man In The Middle (MITM) feature to inspect all encrypted traffic; this has been substituted with a new transparent HTTPS proxy that sniffs out only the beginning of the connection. In other words, NethServer now only peeks at the source of the connection to discover the destination website and, if necessary, blocks it.
Other improvements that come with this include:
- It’s no longer necessary to install certificates for browsers;
- No more untrusted certificate warnings;
- No more sniffing incoming or outgoing sensitive information; and
- Seamless filtering of unwanted websites for HTTP and HTTPS.
The NethServer firewall is greatly improved, with the help of deep packet inspection using nDPI. With this new feature, an administrator can create very granular firewall rules. Imagine being able to easily enforce rules such as only PC X can access website Y…without having to write complex iptables rules.
This service is not installed by default–you must go to the Software Center and then install the Basic Firewall and the Deep Packet Inspection application. Once both are installed, firewall rules are easy to create. Add a host object (such as your CEO’s PC) and then create a rule around that (Figure C).
Other firewall improvements include:
- new time conditions;
- improved interface for traffic shaping;
- Snort replaced with Suricata;
- reverse proxy added; and
- Simplified Network Service panel includes Zones and new Firewall rules.
Mail server improvements
The NethServer mail server received a number of improvements, including:
- All users automatically have a valid email address;
- Shared mailbox support was added (this can be used for distributed lists and/or associated with a custom mail alias);
- Improved full-text IMAP search; and
- Improved POP3 connector module.
The list goes on and on
The list of improvements and changes for NethServer 7 are deep–this might be the biggest update ever for the server, and the improvements are seriously impressive. To read about all of the changes, check out the NethServer 7 release notes.
If you’re looking for a new small business server, you cannot go wrong with NethServer. With the massive rollout of improvements, this open source server should go a long way to serve your company. Give it a go, and see if you can’t kick the proprietary competition to the curb and save some serious budget in the process.