The NAS project I started awhile ago was settled when we picked the Netgear ReadyNAS line. Or so I thought. The issue was recently reopened when our HQ turned on mandatory SMB Signing and “broke” our NAS units out in the field. I was tasked to come up with a fix and that is where it got complicated.
When we noticed the new security standard had been added to our Group Policies, we contacted HQ and asked for it to be turned off. This prompted them to ask questions about our field setup. Unfortunately, our HQ really doesn’t understand our requirements and think we all live in a perfect world with a datacenter in the same building and WAN connectivity.
Rather than risk HQ shutting down our whole NAS program, I had to come up with a more secure and robust solution. At first, I started looking at ReadyNAS again. But then I started think about the usefulness of having a full Linux distro. Since we are using Oracle Linux for some of our servers, I decided to use the similar Scientific Linux. Both Oracle Linux and Scientific Linux are Red Hat based distros. Scientific Linux is free, but does not come with professional support, but that is OK for our NAS project.
To test, I used one of our old PCs and setup Scientific Linux exactly as I would for the eventual configuration. Here are some of the key details of that config:
- RAID1 Mirrored drives
- Encrypted filesystem
- SAMBA with SMB Signing
- FTP Server
- WebMin (for easier maintenance)
This meets our minimum requirements, but also gives us the option to utilize the box for additional purposes like SMTP, network monitoring, remote security scanner, etc.
The next part of the project was getting the hardware. Initially, I was planning on buying the components at MicroCenter, but they didn’t have what I was looking for. Instead we ordered a prebuilt PC from BookPC. Hopefully it will arrive today.