Right hardware for the job? Emphesis on low power not performance.

[simonovic_peter]

Hello,

I am searching for a safe and reliable backup solution. Last month I got hit by the qLocker on my main and »backup« Qnap nas. I got lucky and recovered 90% of important data (personal pictures and videos) but also lost 100% of trust in Qnap. Even more, for one of them, Qnap will terminate firmware and security updates next year. Thus, I am searching for new options and a new backup strategy (as I found out, two devices located 150Km apart are not enough if they are the same make).

What am I looking for?

• A device to backup my personal data. Mostly (99%) of the data, will be family pictures and videos, and some other documents. So, there will be a lot of small files.
• A 5-disk device, that will run 1 vdev mirror plus 1 »backup« disk (Formated Ext4, exFAT… so that if I do something very wrong, I can still take the disk out and get the files). The other two unused slot are for upgrading. I will buy two new disks with larger capacity and create a new pool, and then replace the third disk.

The device MUST:

• Be capable of active »bitrot« detection and correction.
• Be low power. 50W at idle without disks.
• Be low maintenance.
• To be safe to expose to the internet (port forwarding) out of the box (or with very little configuration).

The device NEEDS (it is very important, but I can find another way):

• Connect to two other NAS devices one local and one remote and perform backups of certain folders.
• Run DDNS client
• Run OpenVPN server (1 occasional to a maximum of 3 concurrent connections from time to time)
• “easy” to setup, for someone who is not a professional network engineer.

If the device can (It is a »nice to have«, but not important):

• Run Transmission
• Host a gallery (like Qnaps Photostation)

My questions:

• Does Truenas CORE fit the above parameters?
• Is the following Motherboard and processor combo going to do the job?
  • https://www.supermicro.com/en/products/motherboard/A2SDi-4C-HLN4F
• Will 16Gb of this ram suffice?
  • https://www.crucial.com/memory/server-ddr4/mta18asf2g72pdz-2g6j1
• It is better to use onboard sata controller or to buy a separate card?
• I have seen that for boot drives it is possible to have two usb dongles in mirror. Is this a good option or it is better to have an SSD?
• Since the device will most of the time be copying files from other NAS devices to itself over gigabit network, is it worth to invest in a larc or slog?
• I have seen, that some of you are running older i3 processors with supermicro motherboards and 1151 socket. What is your idle power usage without disks? If there is a small power increase in big performance bump, I would go that way.
• Some other suggestions?

Thank you for your answers.

Best regards,
Simonovič Peter

 

[Ericloewe]

To be safe to expose to the internet (port forwarding) out of the box (or with very little configuration).

Eeeeeeeeehhhh... It depends. The TrueNAS host is not something you'd want exposed to the internet, but Jailed applications designed to be exposed are generally considered to be acceptable.

Formated Ext4, exFAT

That's a non-starter, but fortunately it is also very unnecessary. ZFS is more widely supported than either exFAT (mostly due to patents) or ext4 (mostly because who the hell actively wants ext4).

Does Truenas CORE fit the above parameters?

Apart from the above comments, everything is doable.

Is the following Motherboard and processor combo going to do the job?

Yup, should work pretty well.

Will 16Gb of this ram suffice?

• https://www.crucial.com/memory/server-ddr4/mta18asf2g72pdz-2g6j1

It should, but see if UDIMMs aren't cheaper. Slightly lower power and latency, and still plenty good for 64 GB of maximum RAM. Probably 128 GB even, but that's more of an edge case.

It is better to use onboard sata controller or to buy a separate card?

On-board.

I have seen that for boot drives it is possible to have two usb dongles in mirror. Is this a good option or it is better to have an SSD?

One SATA SSD is better than two USB flash drives any day of the week. Get an M.2 SATA SSD and get a neat solution.

Since the device will most of the time be copying files from other NAS devices to itself over gigabit network, is it worth to invest in a larc or slog?

Probably not.

I have seen, that some of you are running older i3 processors with supermicro motherboards and 1151 socket. What is your idle power usage without disks? If there is a small power increase in big performance bump, I would go that way.

Just under 50 W with 6 disks.

 

[Arwen]

@simonovic_peter Please be aware that that while TrueNAS & ZFS can help with ransomware, you have to make sure you use a feature that helps mitigate it. That feature is recursive snapshots. Basically this create a read only copy of your NAS disks' data. As long as the files the snapshot(s) represents do not change, the ZFS snapshot(s) take very little space. And over time, if you do re-organize things causing the snapshot(s) to take more space, you can start deleting the oldest.

One strategy in ransomware mitigation is to create a new snapshot after you backup your clients, or add lots of pictures.
Another strategy is to have periodic snapshots kept for a week. So hopefully you notice a ransomware infection and are able to "roll back" the last good snapshot, restoring your data. (Except what was changed since the snapshot was taken.)


An interesting side affect of using ZFS with snapshots is that when ransomware infects an entire ZFS pool, it basically attempts to double the storage requirement. Meaning if you have a current snapshot that takes up little space because nothing has changed, along comes a ransomware task encrypting each and every file. Thus, ZFS with copy on write, causes each file to take more space until you have doubled your storage usage.

Some people have even found out about the ransomware because their ZFS based NAS has filled up. (This does imply they were using more than 50% of the NAS.)


Last, while a NAS can be your backup device, as you found out, sometimes a backup of your NAS would have been helpful. My data usage is modest, so I am able to use an 8TB disk as a backup media to my NAS. Since it's in a padded, water proof and sturdy case, it can't be infected unless I plug it in for my next backup. But, even then, I have some ransomware coverage. After each backup of my NAS, I make a new snapshot on this backup disk. (If needed, I will delete the oldest snapshot to reclaim enough space for backups.)

So, my recomendation:

• Make a backup plan
• Document it, including how you perform the backup
• Test it, quarterly?
• Perhaps review it yearly

Good luck.

 

[Etorix]

One SATA SSD is better than two USB flash drives any day of the week. Get an M.2 SATA SSD and get a neat solution.

I suspect that a M.2 SATA SSD shares its lane with an on-board SATA port, so it's better to get a small NVMe M.2 and keep all SATA ports for drives.

 

[Ericloewe]

But the PCIe lanes are shared with the SATA ports inside the SoC, so it's more or less a zero-sum game.

In any case, up to eight SATA ports are supported, which is more than the five disks required, so it should be fine.