Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Linking Multiple Servers?

I just wanted to see if anyone out there has done this.


I have a client that currently has a Mac Server running here at their office. They are going to start having offices out of state, and will want to have those users remotely have their own servers for their work out there. He would like to be able to login into the server here and see their remote servers as share points along with his local server's sharepoints here.


We are thinking of sending out to a remote office a Kerio Firewall > Mac Mini (Sierra) > and a RAID storage to store that data.


Is it possible to link the servers together, so say if he went to Finder > Go > Connect to server and connected to his example local server afp://192.168.0.x that it would show the local share points and the remote ones together in the list.


Thanks.

Mac mini, OS X Server, Sierra 10.12.6

Posted on

Reply

Page content loaded

Mar 15, 2018 5:05 PM in response to andydotmason In response to andydotmason

Yes, that can work. Here’s some background that might be helpful, around how that can be configured, and some of the trade-offs...


If you need remote visibility, Server.app can connect to remote servers directly or via VPN, as can other tools such as Screen Sharing or Apple Remote Desktop. That’ll require establishing open ports (and preferably restricting by IP address at the firewall, otherwise they’ll get hammered on and best case your logs will get filled and worst case they’ll find a weak password and game over) or set up either on-demand or site-to-site VPNs. This is one of the most familiar ways folks can manage remote servers.


I’d really not recommend trying to run a file share across the internet. Remote access is slow, the protocols aren’t really intended for that, and the ‘net gremlins will try what they can to access those shares, and you’re all of one bad password or one file share protocol flaw away from a bad day. It is possible to do this, though. It’s also possible to connect to a remote share via VPN, which would be my choice if you really want to do this. It’ll be far slower than local access, though. VPN or otherwise.


Do not use the same subnet on any of your networks, and stay out of 192.168.0.0/24 and 192.168.1.0/24, as having the same subnet on both ends of a VPN does not work, and as some subnets are very commonly used. Like 192.168.0.0/24 and 192.168.1.0/24.


I’m not familiar with the capabilities of the Kerio firewall. I usually prefer a dedicated firewall box with an embedded VPN server. I’ve used ZyXEL ZYWALL USG series in a number of installs. They’re quite capable, but do expect the adminstrator to have knowledge of IP, VPNs, and related details. There are other choices. Host-based VPNs tend to be offline when you need to access the host, unfortunately. Like when you need to fix the host, or the VPN server.


Lock down remote access into your networks as much as possible, and then lock them down some more. Authenticate and encrypt your traffic. Open ports will get probed. Packets will get sniffed. FTP connections are a great way to post your access credentials and to fill your server eith sketchy files. Etc. The net is an increasingly hostile place.


Apple is deprecating most of the network services associated with macOS Server. You may (or will?) be headed for a migration. There are many discussions of these deprecations going on.


TCP and UDP ports used by Apple software products - Apple Support

Prepare for changes to macOS Server - Apple Support

Mar 15, 2018 5:05 PM

Reply Helpful
User profile for user: andydotmason

Question: Linking Multiple Servers?