SSD for OS

[mclarkin9681]

I plan on starting a build and have 2 WD 4TB "Red" NAS Hard Drives. I also have an extra SSD drive i was using in a windows home server for the OS . Is there any advantage to using an SSD hard drive with FreeNAS?

 

[danb35]

Nope. Just use a USB stick.

 

[hungarianhc]

Nope. Just use a USB stick.

And just to add to this, I believe this is because the image is loaded into RAM, and FreeNAS essentially runs from RAM, meaning the speed of the device you install to doesn't really matter.

 

[gpsguy]

Here are a couple of disadvantages and why you should just go with a USB flash drive, as recommended.

a) uses a SATA connection - that might otherwise be used for an additional hard disk
b) space beyond ~4Gb is unusable for anything else. if you have a 120Gb SSD, you won't be able to do anything with the ~116Gb of extra space.

 

[Knowltey]

It would be pointless to waste an SSD on the FreeNAS operating system for a couple of reasons.

First is that the FreeNAS operating system is designed to run as a live image, so pretty much all of the reading except at boot time (which isn't something that you should be doing terribly often with a server anyways) is going to be performed out of RAM like a RAMDisk of sorts, which is already going to be significantly faster than an SSD could be anyways. Once the server is booted, pretty much the only thing that goes on with the USB stick is the occassional write when you change a configuration file, or the round robin database if you don't have it set up to save to your pool (round robin database only saves a few kilobytes of data at most once every 5 minutes or so.) So there is zero performance to be gained by running the OS on an SSD.

Another major reason not to is that the FreeNAS OS is designed to take up the entire drive of whatever is was installed on, so if you have a 100GB SSD, then 96GB of that is sitting there doing absolutely nothing and you can't do anything with it either.

As gpsguy said, running it off of an SSD would also take up a SATA slot that could be better served for pool expansion in the future.

Another thing that you could do if you have reason for one is set up the SSD in the system as a "cryptopool" that you can stick sensitive files on that contain information in them that you wouldn't want someone to have access to if god forbid they break into your house and run off with your FreeNAS box. In that scenario you are at least using it for something, and you also have the ability to use the whole space of the drive as well. (For redundancy purposes if you want redundancy of sorts as well you could just routinely run manual copy backups of it to the main pool in a TrueCrypt container file)

TL;DR: There is no performance to be gained by running an SSD for the operating system as the operating system is designed to run in a RAMDisk which will be faster than the SSD anyways.

 

[gpsguy]

btw, are you aware that TrueCrypt is not secure?

Here are the first three lines from their website: http://truecrypt.sourceforge.net/

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.

I(For redundancy purposes if you want redundancy of sorts as well you could just routinely run manual copy backups of it to the main pool in a TrueCrypt container file)

 

[Knowltey]

btw, are you aware that TrueCrypt is not secure?

Here are the first three lines from their website: http://truecrypt.sourceforge.net/

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.

I'm aware of the canary they pulled for some reason in June. However the version released prior to that was audited and there were no evidence of backdoors found.

Either way, my concern is against petty thieves. If the FBI or NSA want to dig into my TC containers containing tax returns, employment documents,and other miscellany containing stuff like social security numbers etc, then my thought is "Well they already know my social security number since they are sort of the folks that gave it to me." Joe Schmo burglar isn't going to know how to exploit the possible vulnerability that hasn't been made public yet if it even so much as exists.

If your concern was a government agency then I wouldn't be trusting any one encryption program anyways. I'd be stuffing TrueCrypts inside AESCrypts inside encrpyted 7-Zips inside more TrueCrypts on encrypted hard drives configured in RAID0 or RAID0+0 or something sillyand stored normally in two completely different locations with hidden volumes and the whole 9 yards all set to unlock using both passphrases and keyfiles set to be deleted by some sort of dead man's switch.

 

[jgreco]

Not to be contrary, but I'll say that I got fed up with flash for boot a long time ago. Most of my deploys are ESXi with redundant datastore, which gives redundant disk-based storage for the FreeNAS image. The N36L kept rotting USB keys and so I jammed a pair of cheap 30GB SSD's in there behind an old IBM BR10i RAID controller and I have had no boot/rot problems with it ever since.

 

[jgreco]

If your concern was a government agency then I wouldn't be trusting any one encryption program anyways. I'd be stuffing TrueCrypts inside AESCrypts inside encrpyted 7-Zips inside more TrueCrypts on encrypted hard drives configured in RAID0 and stored normally in two completely different locations with hidden volumes and the whole 9 yards all set to unlock using both passphrases and keyfiles set to be deleted by some sort of dead man's switch.

So, to sum it up:

 

[Knowltey]

So, to sum it up:

Well yeah, the keyfiles set to be deleted by some sort of dead man's switch was specifically made to address situation #2. Keyfiles gone = can't get in no matter what.

Something like the keyfiles being stored on some device set up with a script that will delete the keyfiles if the device holding the containers leaves some sort of geographical boundary.

Part of the idea with encryption though is to make sure it doesn't look like encryption and that you have a reasonable alibi for why there is a bunch of random data. A properly fully encrypted disk will just look like some disk that has been shredded using a data shredding algorithm or some stress stesting application that writes randomly generated data to a disk until you tell it to stop.

Then you can just be like "Oh those are just spare disks in case the RAID disks in my FreeNAS over there go out. I did some stress testing on them when I got them that involved writing a shit ton of random data to them for a few days straight so that I could trust them if I ever needed to use them."

That way if situation 2 occurs, your alibi is that they aren't actually encrypted, and if for some reasons they don't believe you then that is where the hidden volumes come into play, the volume actually has two passwords. One will access the full size of the container, and in there you'll stick some sensitive looking documents like stuff containing social security numbers, perhaps a notepad or database of "just in case I forget" password to some website that you don't care if someone gains access to, and perhaps some bank account numbers. Then the other password can be used to unlock a smaller area of the encrypted container that contains the real private informations. So you reach situation 2 and you unlock it for them before they hit you with the 5 dollar wrench.

 

[jgreco]

You're kind of missing the point there Knowltey. I appreciate your youthful optimism, but I have grown old and cynical and seen too much of the real world. The real weak spot in encryption is the human element. Making a Rube Goldberg contraption to "ensure encryption" only works reliably if you're actually willing to die rather than yield the data.

 

[Knowltey]

You're kind of missing the point there Knowltey. I appreciate your youthful optimism, but I have grown old and cynical and seen too much of the real world. The real weak spot in encryption is the human element. Making a Rube Goldberg contraption to "ensure encryption" only works reliably if you're actually willing to die rather than yield the data.

Oh, I'm just riding on the same joke as you are. At the point that your data needs that much protection the encryption of it is probably the least of your concerns.

 

[jgreco]

Apologies, insufficient coffee.

 

[DJ9]

I thought that between these last few comments and my wife trying to explain to me about this round thingy with tubes coming out of it (a distributor cap) made my morning. lol

 

[gpsguy]

You should gave told your wife that that round thingy with the tubes was a pencil holder for geeks.