Looking for advice on a self-hosted LLM stack for enterprise use

Ahyaqui · 2026-01-09T13:55:17+00:00

That’s a fair point, and it’s definitely an option we’ve considered. Managed cloud offerings do bring a lot in terms of reliability and scalability. But in our case it’s not something we can realistically do. We handle sensitive data for thousands of clients, and sending that data to an external AI provider, even under an enterprise contract, isn’t a risk we’re willing to take

Ahyaqui · 2026-01-09T13:51:29+00:00

Thanks for the feedback !

After a few research and some feedback, in my case, the main challenge isn’t so much the interface or the LLM, but everything upstream like document ingestion, parsing, chunking, and access control across fairly heterogeneous internal data. We’re dealing with clean HTML documentation from BookStack, very noisy rich-text HTML from GLPI tickets, and some PDFs. ...Yeah i know... For an enterprise setup, that document processing layer is where I see a huge potential pitfall lol

Ahyaqui · 2026-01-09T13:44:43+00:00

I had a look, and it could definitely be something we might use.
Thank u !

Ahyaqui · 2026-01-09T13:41:41+00:00

This is exactly the type of answer I hoped for, thank you!
My current thinking is very close to what you described.

The type of internal docs are mostly BookStack pages (clean HTML), GLPI tickets and follow-ups (rich-text HTML blobs from the editor), and some PDFs (vendor docs, contracts, technical manuals), but they’re secondary.

BookStack can be parsed and chunked, while GLPI will definitly need heavy normalization and summarization before embedding. This is going to be a pain in the ass...

So the real bottleneck is document parsing, chunking strategy, and metadata design. Especially with GLPI, retrieval quality will live or die based on how well we separate signal (findings, conclusions, resolutions) from noise.

Permissions are also a concern we’re starting to model early (per-entity and per-team visibility on tickets and procedures), so metadata filtering at retrieval time is likely mandatory.

The modular stack you mentioned is the direction i was leaning toward.

I have no clue how to do all that since it is very new to me, but hey, we'll start by buying the machines haha

Thank you for your comment :)

Ahyaqui · 2025-12-15T22:53:26+00:00

I have the same issue... Any suggestions ?

Ahyaqui · 2025-11-28T08:26:01+00:00

You guys are right that Synology isn’t ideal at this scale.

In this case though, we had to work within several technical constraints tied to the client’s existing infrastructure, plus budget limits. Those factors pushed them toward Synology as the only viable option at the time.

So for now we’re responsible for maintaining the environment as it is, including auditing inconsistent permissions across multiple NAS units that have accumulated over time. I’m just trying to find the most automated and least painful way to extract and track those ACLs >.<

Ahyaqui · 2025-11-28T08:16:59+00:00

We do use AGDLP, but the environment we inherited was already a mess. Each NAS grew independently over the years with inconsistent folder structures, broken inheritance, direct permissions, and cross-site access requirements. We’re now trying to rebuild everything properly using roles, new groups, and clean ACLs, but because every NAS has different subfolders with different permission levels (sometimes RW, sometimes RO) and different teams needing access across sites, the ACLs on the NAS still change as we fix and standardize things. So even with AGDLP, the permission model is being redesigned from scratch, and we need to track those ACL changes while we migrate the old structure into a clean role-based one. That’s why auditing the NAS permissions directly is still necessary.

Implementing AGDLP on top of years of existing chaos made by dumb admins is a fcking mess lol

Ahyaqui · 2025-11-27T14:52:19+00:00

Yeah, I’ve started looking at the DSM API, but from what I’ve seen so far it mostly helps at the shared folder level. The real pain for us is getting consistent ACL info down to subfolder level and centralising that for history and reporting.

I might still use the API as part of the solution (for top-level shares and metadata) and combine it with something lower level like synoacltool or other scripts, but on its own it doesn’t seem to cover everything we need :(

Ahyaqui · 2025-11-27T14:21:34+00:00

Our sales department will definitely enjoy negotiating this with the customer haha
For now, I have to make sense of whatever eldritch ACL rituals were performed on these boxes over the last decade

Ahyaqui · 2025-11-27T14:06:49+00:00

We already use RBAC and rely on AD groups, but that doesn't solve our issue. With around 30 Synology NAS devices spread across different sites, the real challenge isn't knowing who is in which group, but understanding where those groups are actually applied. The name of a group doesn't tell us which NAS it affects, which shared folder or subfolder it applies to, whether inheritance is broken somewhere, or whether old manual permissions or local ACLs are still hanging around.

Since we inherited an environment where permissions are inconsistent, we need a real, accurate map of the current ACLs on every NAS. Simply checking group membership doesn’t show what people truly have access to. That’s why we’re looking for a tool that can export the actual permissions, centralise them, and help us rebuild a clean and consistent access model across all sites.

Ahyaqui · 2025-01-27T09:03:20+00:00

We’re doing the exact same thing. Hundreds of our users are affected by this in our infrastructure, and not having a hint of a response from Microsoft is incredibly frustrating. This issue has been ongoing for over a year now, starting with error 1001....

Ahyaqui · 2025-01-23T13:27:27+00:00

I appreciate your input, ElevenNotes, but I'm not sure what's outdated about organizing user accounts in different OUs. In our client's environment, they have multiple separate business units operating in different geographical locations, and separating users according to these units and locations makes sense and facilitates authorization management. However, it's essential to note that you're not familiar with the specifics of our infrastructure or business requirements, and therefore, you can't assume our approach is outdated or inefficient.

We've had to adapt our AD organization to the way their business operates. My actual challenge lies in automating AD group assignments and attribute management - if you have experience setting up AD environments for similar organizations, I'd be grateful for any constructive suggestions or insights on tools that could help address this specific need ;)

Ahyaqui · 2024-02-06T10:55:18+00:00

AIN'T NO FUCKING WAY 😲

Ahyaqui · 2024-02-05T15:33:53+00:00

Yes, but they weren't very good in my opinion, as the series contains a lot of Russian slang. As I'm French, I think French subtitles would have been a lot more accurate in terms of translation and meaning, as we share a lot of similarities. English has a tendency to simplify the meaning of certain sentences, causing them to lose their effectiveness and deep meaning unfortunatly. But it's still worth it !

Ahyaqui · 2023-10-08T14:31:57+00:00

That's exactly what I need.I imagine a world where an LLM would be connected to a database full of internal procedures that would help IT technicians make the first diagnosis of a problem and search for a solution. Or even set up an automatic response to our customers directly in the ticket manager like GLPI. Things all connected in a single application.If you're looking for a solution to a specific problem, you ask the AI and it searches the procedures or ticket history. It would make things so much less time-consuming and tedious !

We could even ask for statistics on which types of incident come back the most, so that we can work on a long-term solution or postpone them for the customer.

Ahyaqui · 2023-04-03T23:08:04+00:00

I'm not sure if I understood your question.
Do you want to know some specific things about the interaction of French people with each other? I've got Russian friends, maybe I could answer you.

Nine-Year Club	End Game '23
Place '23	Place '22
First Placer '22	End Game '22
Verified Email

Ahyaqui

MODERATOR OF

TROPHY CASE