BUILD Supermicro Xeon D or other Mini-ITX

[Thinkcat]

Hello

I am building a small NAS that I will administer but probably not use. It has now three 4TB WD Red disks, intended to be used as a RAID-1 three way mirror. I have a Fractal Design Node 304 case with Corsair RM550x power supply. There is room for a second set of three disks.

My motherboard options are either Supermicro X10SDV-2C-TLN2F (D-1508, 2 cores, 2 x 10 gbit), X10SDV-4C-TLN4F (D-1518, 4 cores, 2 x 10 gbit, 2 x 1 gbit) or X10SDV-4C-TLN2F (D-1520/1521, 4 cores, 2 x 10 gbit). I see that all these have an M.2 slot that I hope to use for a boot drive. I also assume that if I buy a PCI-E based M.2 drive, it will not conflict with any SATA functionality.

The case only allows for Mini-ITX, and there is no general purpose Xeon motherboard for that size, so I assume I will go with Xeon D. Unless someone can suggest something better. Someone more budget conscious would probably want such a motherboard and a Haswell or Skylake i3.

Or what would I basically lose if I got an Avoton motherboard? Say, A1SAi-2550F? I'd lose the M.2 socket, yes. The 10 gbit LAN is not strictly necessary. Four of the SATA ports would be SATA2 and only two would be SATA3. I would have an internal USB 3 header for the system disk, maybe an SSD with some SATA to USB adapter.

1) Can FreeNAS boot out of an M.2 drive? Does it matter if it is a SATA or PCI-E based one?
2) Is there any problem I could encounter with a Xeon D generally?
3) Can I use all 6 SATA connectors with the M.2 if I buy a PCI-E M.2 drive?
4) I think I saw that the support for the 10 gbit Ethernet is now working. Correct?
5) I need some memory that is easily available in Europe. Any suggestions? I do not plan to go for full density or maximum size. Maybe begin with 16 GB and then expand if necessary.
6) Is the D-1508 missing anything? It is, after all, called Pentium, whereas the others are Xeon.

 

[Ericloewe]

Can FreeNAS boot out of an M.2 drive?

Yes. If not, that's a bug that needs fixing.

Does it matter if it is a SATA or PCI-E based one?

No.

2) Is there any problem I could encounter with a Xeon D generally?

Well, your wallet will feel oddly light...

3) Can I use all 6 SATA connectors with the M.2 if I buy a PCI-E M.2 drive?

Yeah, assuming the board supports PCI-e M.2 drives. Don't assume, check the product page and/or manual.

4) I think I saw that the support for the 10 gbit Ethernet is now working. Correct?

It should be.

6) Is the D-1508 missing anything? It is, after all, called Pentium, whereas the others are Xeon.

Two cores and a bunch of MHz.

 

[Thinkcat]

I gather from How to install Samsung 950 PRO M.2 SSD in a PCIe slot - tested with Supermicro 5028D-TN4T that Xeon D does support booting from PCI-E in M.2 slot and from PCI-E passthrough cards. But I will look for more confirmations.

 

[Ericloewe]

I gather from How to install Samsung 950 PRO M.2 SSD in a PCIe slot - tested with Supermicro 5028D-TN4T that Xeon D does support booting from PCI-E in M.2 slot and from PCI-E passthrough cards. But I will look for more confirmations.

The platform definitely supports it (minus firmware bugs).

 

[Thinkcat]

Here it seems like Supermicro Xeon D motherboards are able to boot from M.2 PCI-E devices.

I went with X10SDV-2C-TLN2F and am waiting for it to arrive. I already have everything else. Decided to go with two 8 GB sticks of Samsung DDR4 ECC memory from the HCL and upgrade to 32 GB or 48 GB maybe later if need arises. Now this is supposed to be a simple NAS box, plain storage with some little fun on the side, maybe one jail or virtual machine with low demands.

I have a 128 GB SM951 for a boot disk. I think that is quite luxurious compared to my own NAS that has to do with a 32 GB USB stick. Should I split the SM951 in two and mirror the halves? Would I gain any security by that?

Talking about security, is there any safe, simple and workable way to encrypt the NAS? I mean if someone were to steal it.

 

[Ericloewe]

Would I gain any security by that?

No.

Talking about security, is there any safe, simple and workable way to encrypt the NAS? I mean if someone were to steal it.

No. Encryption is rather hacky in FreeNAS, and really intended for when it's absolutely necessary.

 

[silverbull]

No. Encryption is rather hacky in FreeNAS, and really intended for when it's absolutely necessary.

Ouch, I'd assumed it would be there and easy. Do the good folks using FreeNAS not think about the possibility of someone stealing their box?

 

[Ericloewe]

Ouch, I'd assumed it would be there and easy. Do the good folks using FreeNAS not think about the possibility of someone stealing their box?

Yes, however:

• It's unlikely we have anything worth hiding away at the risk of data loss
• It's unlikely a random moron is going to be able to figure out how to get to the data
• It's unlikely a random moron is going to even care
• Servers do not make for easily-disguised, easily-carried loot

And I could go on...

 

[Dice]

• It's unlikely a random moron is going to be able to figure out how to get to the data

What is required really?
Power on the box - crack the CIFS share password?
Could the data be accessed if the pool would be transplanted to another FreeNAS installation, then import the pool from a new root/password setup?

 

[maglin]

If some jacked your box there are other ways to access data. Encryption is there but you need a processor with AES instructions I believe it is otherwise it will come to a screeching hault performance wise. 99% of users don't need encryption. I'm willing to bet 95% of people that have encryption on don't need it either. Other than intellectual property theft there usually isn't anything worth securing in a home environment.

Of course the data could be imported on another box. One of the bonuses of ZFS.

Just understand the risks involved with encryption on a pool before you go there. Once turned on it can't be turned off is my understanding.


Sent from my iPhone using Tapatalk

 

[Ericloewe]

Could the data be accessed if the pool would be transplanted to another FreeNAS installation, then import the pool from a new root/password setup?

Easily. However, that is beyond the capabilities of a random moron who broke in and stole a server. Odds are, he doesn't even know what a server is.

 

[silverbull]

It's unlikely we have anything worth hiding away at the risk of data loss

As a law abiding person I don't have anything to hide, but I want to ensure if someone steals my server they don't get a home run at stealing my identity.

It's unlikely a random moron is going to be able to figure out how to get to the data

Agreed, I worry more about the person he sold the server to for 50 bucks

Servers do not make for easily-disguised, easily-carried loot

True, but where I live most robberies are not junkies looking for their next hit. They are more organised where they watch your house and come with a removal van and empty everything. Or they find out from social media posts you are away and come and take their time to get what they want and load it in to a van parked inside the garage. And those kind of thieves will look to steal your identity also.

What is required really?
Power on the box - crack the CIFS share password?

Pretty much if someone has physical control of your device they own the data on it unless it's encrypted. Moving disks to another machine would be one way. Reinstalling the OS on same machine then mount disks and take ownership is another. Use a bootable OS distro and access the disks ect ect.

I'm surprised with the level of caution taken over the approaches to data loss that this isn't considered more. Sure in a secure data centre you don't need to worry, but a small business with the unit in the back room or home users should think about what's at risk if their data is acquired by someone with malicious intent. I read that encryption is supported but looks like not via the web gui. Best I do some more reading now and work out how to structure my vdevs and pools so I have one small encrypted pool as I don't think I'll encrypt everything.

 

[Bidule0hm]

I read that encryption is supported but looks like not via the web gui.

It is supported via the web GUI ;)

 

[silverbull]

It is supported via the web GUI ;)

Ok, I read eric's post earlier about it being hacky and read some other info about encrypting the disks one by one via CLI and assumed it wasn't a GUI offering. So if it's supported and available via the GUI are there any practical problems using it? My CPU choice (i3 6100) has the right encryption hardware and I'll only be using low volume (4 home users for data and plex 1080 down transcoding and transmission) home use. I was intending to build one 4 disk zpool and encrypt the lot from day 1.

 

[jgreco]

The practical problem is that it has some design issues that may mean it won't be supported in the future, so going to FreeNAS 10 might be problematic if you have an encrypted pool.

 

[silverbull]

may mean it won't be supported in the future

Ok so best to reduce my encrypted footprint to just the data that needs it so it's easier to manipulate off and back on again if needed during upgrades. Thanks.

 

[jgreco]

There's always that, yes.

 

[Thinkcat]

Back to my original mission and the subject of this thread. I now have the machine installed and running. I ran into problems with cooling the CPU on the Xeon D motherboard, and had to rig a fan on top of it.

I have both Windows and Mac users wanting to use the NAS. Question is, should I simply make datasets for everyone, or should I set up home directories? Is there a link to a FAQ or a good discussion on this?

I assume the point of home directories is to a) use the NAS to serve home directories in a Windows domain or b) have public_html for the users. I plan to do neither, so would I gain or lose by setting up home directories?

 

[jgreco]

Home directories also function within the UNIX paradigm. Datasets are more of a ZFS thing, and you run into the risk of needing to make lots of them if you have lots of users.

 

[Thinkcat]

I could not find quickly or easily any info on how to share home directories via AFP, so I simply create individual shares for each user. I will end up with less than 10 shares since this is just a home backup system. Of course I'd like to learn how to do things the efficient way.

I now have a dataset called /mnt/mypool/home and under that are user's home directories. I originally was about to create individual datasets for each user under home, but dataset /mnt/mypool/home/john ended containing a home directory /mnt/mypool/home/john/johndoe and that felt silly, so I just stuck with one dataset for all users and created home directories inside that.