Infrastructure on Alfred van Ster

NAT Demystified: The Engine of Modern MSP Networking

Thu, 15 Jan 2026 11:00:00 +0200

A comprehensive guide to NAT types, use cases, and common MSP troubleshooting scenarios like Double NAT and Hairpinning.

Resilient Data: Architecting a 3-2-1-1 Backup Strategy for MSPs

Mon, 05 Jan 2026 10:00:00 +0000

In modern infrastructure, “Backup” is not a task—it is a foundational pillar of security. For an MSP managing hundreds of endpoints, a simple file-copy isn’t enough. Here is how I architect systems to survive ransomware and site-wide disasters.

1. The 3-2-1-1 Framework

I advocate for an evolved version of the classic 3-2-1 rule, specifically designed for remote-first workforces:

3 Copies of Data: Primary, local secondary, and offsite tertiary.
2 Different Media: Utilizing localized NAS storage for fast LAN recovery and cloud-native repositories.
1 Offsite Location: Ensuring data is physically separated from the primary site.
1 Immutable Copy: Utilizing S3 Object Lock or Air-gapping to ensure backups cannot be deleted by compromised credentials.

2. The Infrastructure Stack

My preferred approach utilizes a unified management plane to reduce “Shadow Data”:

Securing the Perimeter: Why I chose a VPS over Shared Hosting

Wed, 01 Jan 2025 17:00:00 +0000

Most portfolios live on shared hosting—cheap, easy, but restricted. For my infrastructure, I chose a Virtual Private Server (VPS). Here’s why a Systems Engineer treats their “home on the web” like a production environment.

1. The Isolation Advantage

On shared hosting, you are at the mercy of your “neighbors.” If another site on the same IP gets hit with a DDoS or runs a malicious script, your site slows down or goes dark. On my VPS, my vCPU and RAM are mine alone.