This article highlights some of the new features which have been added to FreeNAS 8.x since July, 2012. These include the Plugins Jail, ZFSv28, and GELI encryption.
Since its initial release in May, 2011, the newly designed FreeNAS 8.x series has added many features that make this open source storage operating system an attractive option for everyone from home users up to large enterprise users.
The initial releases concentrated on improving the graphical administrative interface and the “core” NAS features. These core features include the ability to perform the following within a graphical interface from a web browser:
- import existing UFS or ZFS RAID configurations
- import existing disks formatted with FAT, NTFS, or EXT2/3
- create volumes, datasets, and zvols
- import existing users, groups, and permissions from Active Directory or LDAP
- create Netatalk, NFS, and Samba shares and manage permissions to those shares
- share data over FTP/FTPS, SSH, and TFTP
- create iSCSI targets
- manage cron jobs, sysctls, and loader.conf values
- manage link aggregations, VLANs, and static routes
- schedule snapshots, replication, scrubs, and S.M.A.R.T. tests
- backup the configuration and perform upgrades
Subsequent releases added the following major features to augment the core NAS features:
- 8.2.0, released in July, 2012, added the Plugins Jail to allow for the installation of additional software.
- 8.3.0, released in October, 2012, added ZFSv28.
- 8.3.1, released in March, 2013, added the ability to create ZFS pools on GELI encrypted disks.
In addition to major features, each release incorporates bug fixes, new drivers, and minor features to improve the usability of FreeNAS. This article discusses some of these new features in more detail.
FreeNAS 8.2.0 introduced the Plugins Jail, which allows the FreeNAS administrator to extend core NAS functionality by installing additional applications in order to meet the needs of their specific environment. This functionality is provided through the following components:
- FreeBSD Jail: provides light-weight, operating system-level virtualization. Essentially, it installs a separate FreeBSD system onto the FreeNAS host. The jail has its own hostname, IP address, user accounts, processes, and configuration. The FreeNAS implementation includes vimage, which gives the jail its own networking stack and IP broadcasting, as these are required by some file sharing applications.
- PBI: the Push Button Installer format was created by the PC-BSD Project to provide a graphical front-end to the FreeBSD Ports Collection. Applications can be installed and uninstalled from a GUI interface which also provides information about which applications and versions are installed. PBIs are self-contained in that they include all the runtime and library dependencies required by the application.
- Plugins: a FreeNAS plugin extends the PBI format by incorporating the installed software, as well as its configuration options, into the FreeNAS GUI. This allows the plugin to be installed, configured, started/stopped, and uninstalled, all from the FreeNAS GUI. Figure 1 shows how the FreeNAS Control Services screen indicates that three plugins have been installed. Figure 2 shows the configuration screen for the Firefly plugin.
In order to install plugins, the Plugins Jail must first be downloaded and installed. If a plugin is not available for the needed software, FreeBSD ports or packages can still be installed within the plugins jail. The only difference is that the installation, configuration, and starting/stopping of the application’s service is performed from the command line of the jail, rather than from the FreeNAS GUI.
The Plugins chapter of the FreeNAS Users Guide describes in detail how to install and manage the plugins jail, install and manage plugins, install and manage FreeBSD packages and ports, and how to make custom plugins. This chapter is available at http://doc.freenas.org/index.php/Plugins.
FreeNAS 8.3.0 added support for ZFSv28. This adds the following ZFS features:
- RAIDZ3: this triple-parity version of ZFS RAID allows up to three disks to fail, with no restrictions on which drives fail, without losing data.
- Replaceable ZIL: the ZFS Intent Log is effectively a filesystem journal that manages writes. You can increase performance by dedicating a device (typically an SSD or a dedicated disk) to hold the ZIL. If the ZIL is installed on a device and that device fails, it can be replaced without losing the pool. The only data that is lost is the last few seconds of writes which had not yet been committed to the pool.
- zpool split: this command allows you to split a disk from a mirrored pool. Essentially, the pool is cloned to the disk which can then be removed and used to recreate that pool on another system.
- autoexpand: this ZFS property allows the administrator to replace smaller disks with larger disks in order to increase the size of the pool. While this is not the recommended way to increase pool size, it is the only option when the hardware does not support adding more disks or controllers.
- ZLE: Zero Length Encoding is a fast and simple compression algorithm which only compresses blocks that are filled with zeroes. This saves space when a thin-provisioned zvol has only used a portion of the size allocated to it.
- Deduplication: is the process of eliminating duplicate copies of data in order to save space. Once deduplicaton occurs, it can improve ZFS performance as less data is written and stored.
These features, including how to enable them and any caveats to doing so, are described in more detail in the Volumes chapter of the FreeNAS Users Guide: http://doc.freenas.org/index.php/Volumes.
Any ZFS volume created in FreeNAS 8.3.0 or later will automatically be formatted with ZFSv28. Existing FreeNAS ZFS pools running ZFSv15 can be easily upgraded using the instructions at http://doc.freenas.org/index.php/Upgrading_FreeNAS#Upgrading_a_ZFS_Pool. Upgrading a pool only takes a few seconds and does not disrupt the use of the FreeNAS system.
FreeNAS 8.3.1, released on March 20, 2013, adds FreeBSD GELI disk encryption, allowing a ZFS pool to be created on top of the AES-256 encrypted disks. This type of encryption is primarily targeted at users who store sensitive data and want to retain the ability to remove disks from the pool without having to first wipe the disk’s contents.
The design is as follows:
- This is not the encryption method used by Oracle ZFSv30. That version of ZFS has not been open sourced and is the property of Oracle.
- This is full disk encryption and not per-filesystem encryption. The underlying drives are first encrypted, then the pool is created on top of the encrypted devices.
- This design is suitable for safe disposal of disks independent of the encryption key. As long as the key and the disks are intact, the system is vulnerable to being decrypted. The encryption key should be protected by a strong passphrase and any backups of the key should be securely stored.
- As a backup recovery method (should the passphrase be forgotten), a recovery key can be used with the encryption key to decrypt the disks.
- The encryption key is per ZFS volume (pool). If you create multiple pools, each pool has its own encryption key.
- If the system has a lot of disks, there will be a performance hit if the CPU does not support AES-NI. If the processor does support the AES-NI instruction set, there should be very little, if any, degradation in performance when using encryption.
- Data in the ZFS ARC cache and the contents of RAM are unencrypted.
- Swap is always encrypted, even on unencrypted volumes.
- There is no way to convert an existing, unencrypted volume. Instead, the data must be backed up, the existing pool must be destroyed, a new encrypted volume must be created, and the backup restored to the new volume.
- Hybrid pools are not supported. In other words, newly created vdevs must match the existing encryption scheme. When extending a volume, FreeNAS will automatically encrypt the new vdev being added to the existing encrypted pool.
When creating an encrypted ZFS volume, an option is available to initialize the disks with random data. This is recommended as it writes the disks with random data before enabling encryption, which can increase its cryptographic strength. However, it will take longer for the volume to be created.
Once an encrypted ZFS volume is created, the user should immediately set a passphrase on the encryption key, make a backup of the encryption key, and create a recovery key. Without these, it will be impossible to re-import or replace the disks at a later time. Figure 3 shows the options for managing the encryption and recovery keys which are added to the FreeNAS GUI for managing the volume. Details on how to use these options can be found at http://doc.freenas.org/index.php/Volumes#Key_Management_for_Encrypted_Volumes.
Some of the other features introduced since 8.2.0 include:
- a web shell built into the FreeNAS GUI. Clicking this opens a root shell to allow for command line management of the FreeNAS system from a web browser.
- support for multipath devices on systems containing dual expander SAS backplanes, SAS drives, or dual expander JBODs with SAS drives. Such hardware will be automatically configured for multipath.
- an autotuning script can be used to set various loader values and sysctls based on system resources and installed hardware components.
- a replication window can be set, allowing snapshots taken during the day to be replicated during the evening.
- improved reporting graphs make it easier to scroll through time intervals to monitor performance trends.
- ZFS ARC stats have been added to top(1).
Many resources are available to FreeNAS 8.x users. They include:
- the Sourceforge download page: http://sourceforge.net/projects/freenas/files/FreeNAS-8.3.1/
- the per-release documentation, in various downloadable formats: http://doc.freenas.org/index.php/Main_Page
- the support page for viewing/creating support tickets and feature requests: http://support.freenas.org
- the user forums: http://forums.freenas.org
- the Freenode IRC channel: #freenas
Dru Lavigne is author of BSD Hacks, The Best of FreeBSD Basics, and The Definitive Guide to PC-BSD. As Director of Community Development for the PC-BSD Project, she leads the documentation team, assists new users, helps to find and fix bugs, and reaches out to the community to discover their needs. She is the former Managing Editor of the Open Source Business Resource, a free monthly publication covering open source and the commercialization of open source assets. She is founder and current Chair of the BSD Certification Group Inc., a non-profit organization with a mission to create the standard for certifying BSD system administrators, and serves on the Board of the FreeBSD Foundation.