Trash Panda Guides

Media centers, like Plex, are designed to stream.

Restricting access to just your home network is an option — but it defeats much of your media center’s value. Remote access and sharing are powerful features. Proper design means exposing services hosted within your home to the internet doesn't have to be a reckless endeavor.

Before exposing anything to the internet though the network must be designed correctly to minimize risks - elimination of risk is not possible but minimizing it is well within our capability.

Long before we even consider opening path in our gateway/firewall to expose our media center we need to segment our internal network to promote both security and performance. To achieve this segmentation, we'll need to configure a minimum of three Virtual Local Area Networks (VLANs).

• NFS VLAN - Dedicated to communication between the NAS and the servers requiring high speed access to the content library.
  

• DMZ VLAN - An isolated space where we will deploy our servers providing internet facing services.
  

• LAN VLAN - Our primary internal network where our general use computers and printers are deployed.
  

It is important to note that your network should probably be as segmented as possible, isolating Internet of Things (IoT) devices, Guest devices, mobile devices, etc., but for the purposes of this guide we'll focus on the three needed to securely deploy a high performing Plex ecosystem. When it comes time to put all the pieces together for our ecosystem we'll be accessing our content library via an NFS link between our Plex Media Server and our NAS device.

In the remainder of this page we will discuss what is needed, and why, but we will not go into specifics on how to configure your network equipment since the how will vary depending on what network equipment you have and the configuration tools available to configure it.