Nextcloud Hosting & on premise Active Directory integration

At Express IT Solutions we like to consider ourselves as problem solving solution providers. Our IT philosophy is a KISS (Keep It Simple Stupid) approach. Keeping things as “simple” as possible is generally our goal. Could we make things more complex? Sure but why do that when more can potentially go wrong? In addition one of the net benefits of this approach is usually a lower cost because it takes less time in engineering gymnastics to setup the flippedy flu’s and whirly gigs necessary to make something complex. It reminds me of the fight scenes of Marvel movies where a character will do some fancy footwork to scale a wall or bounce off of two objects to kick someone in the face rather than just walk through the wall fence gate or simply kick them in the face. It takes much more effort and thus more billable time to engineer complexity. At it’s root most firms aren’t interested in simplicity like ours. It’s kind of a built in conflict of interest to build complexity with most IT firms because that’s where the perceived value is and the revenue!

It’s not a secret, we like using Open Source and Free Software. There is a distinction and although not in the scope of this post don’t think of the two as equal although both may be equally as useful. This server you’re reading this article on is on Open Source serve software, the routes you take to just pull up the page, many are open source routers and the browser you might be using if you’re not using Internet Explorer or Edge are Open Source (Chromium is behind Google Chrome and FireFox).

If you’re not familiar with Linux (or other alternative operating systems like BSD and derivations of it) and Open Source or Free Software solutions don’t let that scare you. Why? Because as we’ve blogged about in the past HUGE and I mean HUGE…the worlds LARGEST company’s ALL leverage Open Source and Free Software solutions. Apple, Cisco, Microsoft in fact, ATT, Verizon, GE, IBM, Amazon…and the list goes on. If you think for one second a corporation wouldn’t implement nor rely on Open Source and Free Software well think again. I recently had a salesman tell me over lunch who works for a 2 billion dollar IT consulting firm that his customer (a large regional healthcare provider in Michigan) would NEVER trust Open Source solutions on their infrastructure; and then yacked on and on about Cisco, how they implemented a network upgrade with Cisco, blah blah blah blah blah. I listened then asked, does that company use VMWare? Oh yeah, we’re also a VMWare partner and our customers use VMWare, blah blah blah blah blah…I then said, well…VMWare uses Open Source software and their bare metal hypervisor ESXi is free…did you know that? Blank stare, crickets chirping in the background, Simon & Garfunkel…”This is the sound…of silence”! I went on to say yes, even your dearly beloved Cisco (again as I’ve blogged about) uses Open Source and Free Software in its products. When you console into the Cisco Nexus line of equipment what pops up on the terminal screen is a GNU header.

Compliments of Mike Brown: Link

He didn’t believe me. I then had to educate him how Cisco LinkSys product (a Cisco owned company) used GNU free software but because they didn’t adhere to the license that asked for attribution they were sued for an undisclosed dollar amount. I personally asked Richard Stallman at a lecture I was fortunate to attend once what that dollar amount was as a follow up question asking him if he ever enforced his licensing agreement. He smirked and said he can’t disclose that dollar mount as part of the legal settlement. Here is a link to general information about that lawsuit.

Now to our main event! What did we do?

We setup a server that allows you to remotely access your files via a web browser, app or native mechanisms to mount shared folders in Windows from anywhere on any device. It’s an Ubuntu 18.04 LTS (that means Long Term Support) server with the Nextcloud snap installed turning it into a web server running Nextcloud.

This graphic will show you the logical layout of what we did. It allows our client to use their existing Active Directory (their Windows logons) to access this server. No need for a new account or yet another dumb password to remember!

Hosted Nextcloud virtual machine instance hosted by Express IT Solutions in Kalamazoo, Michigan protected by a PFSense Firewall an accessible anywhere from any device

The setup seems clear in our graphic but lets elaborate a bit. Our hosting location in Kalamazoo, Michigan is our own infrastructure, it’s not leased on anyone else’s equipment which makes that already 10 times more secure than using Amazon, Rack Space or some other hosting service like Digital Ocean or OVH…there are nothing but hackers galore on those networks. We have this sitting on a VMWare server (Open Source), running on Ubuntu 18.04 LTS (Open Source), using Nextcloud (Open Source) protected by a PFSense Firwewall (Open Source), encrypted transport with httpS provided by Lets Encrypt (Free brought to you by The Linux Foundation), secured from the server back to the client site via OpenVPN (Open Source) connected to their PFSense which essentially closes the loop allowing them to securely and directly query their Windows Active Directory for user authentication.

Confused? It’s simple. Open Source software made this happen and Express IT Solutions implemented it at a very reasonable rate. This solution in a flat logical layout looks like this:

Off site users > Internet <> OwnCloud <> client site & Active Directory

We’ve setup an Enterprise class (better than business class) server resource publicly available and protected by an Open Source stack of stuff to allow our client to better share and access their internal data. Scared of hackers? Don’t be…it’s protected by our Security Stack on our firewall that keeps out the baddy’s. I once heard a dope at the FBI who claimed to know his stuff blather on about…”…it’s not a matter of if, it’s a matter of when” you’ll be hacked. This is the most false information I’ve heard since they last gave people the solution to a router exploit called “VPNfilter“. Their advice? Reboot your device. <– Laughable! The FBI isn’t credible when it comes to cyber security, why? Because those are the people you call AFTER a crime has been committed. You call use to prevent calling them ;

Other than hosting their own solution on premise this was the next simplest solution and one that works perfectly!

If you need money saving consulting from a team of IT experts and engineers who don’t use the term engineering in the broadest sense then give us a shout! 30 minutes could save you thousands.


Comments or questions are welcome.

* indicates required field