Why I build my own NAS even though I have a DS718+

[Arwen]

...
My main concern is the customizations of the Debian and the disabled docker usage, e.g. no docker-compose usage. For me fiddeling with k3s and Helm is an overkill and i would prefer sticking to docker. The other 2 issues are ZFS and missing Debian's apt.
What is the experience here: In case of security fixes, how quickly do they come from iX? The worst scenario for any NAS user is in my opinion to loose all data because of malware...

...

Some people think that NAS software should be a OS with a NAS package, (GUI front end, etc...). TrueNAS is more designed as a firmware that happens to use Linux, (or FreeBSD), as the OS. TrueNAS is not intended to be Internet accessible. Though in theory, apps on TrueNAS could be made accessible externally.

Security comes in layers. Firewall from the Internet router, lack of sharing outside the local network, reduction / removal of generic desktop apps, regular updates, and such. Not perfect by any stretch of the imagination.

Going back to the "TrueNAS is NAS firmware", lack of the Debian "apt" program is appropriate. Having random apps and programs, can reduce security and reliability of the NAS. Putting those apps in containers is much safer for the parent OS. Plus, "TrueNAS is NAS firmware" means that an update could / probably will, loose / remove any of the non-standard changes or programs added via "apt".

As for the Docker verses Kubernetes, it is just a choice iXsystems made. Not perfect for some people. But, the main focus was the Enterprise customers, (though some probably would want Docker too or instead of Kubernetes).


Now on to the security updates. I don't recall many reported security problems. However, the one we have seen is client side ransomware encrypting all the user's files. Including files on Samba shares in TrueNAS.

If the user of TrueNAS has setup regular ZFS snapshots, this can mitigate ransomware encryption on the TrueNAS server. (But NOT the client's local files...) Ransomware will cause all accessible files to be encrypted which could fill the NAS, since the unencrypted files are still present in the R/O ZFS snapshot. After the affected PC is removed from using the share, you can roll back a ZFS snapshot to restore the Samba share to exactly as it was at the time of the ZFS snapshot.

 

[Whattteva]

Actually my strategy is a bit the opposite: I am using my old / outdated Synology rarely and only for offline backup purposes.
I did also play a lot with Raspberry Pi based NAS, Nextcloud, a new/modern Synology and now with TrueNAS as the daily driver. For me personal data is very valuable, so i am not happy using too low power devices as a primary NAS.

I think you have that reversed honestly. Your backup is usually more valuable because that's your last resort when nothing else works (oh shit button). Most people that come here in panic, do so because their main NAS crashed and they have no backup to fall back to and lost TB's worth of data. Losing your main NAS (if you have a backup) is usually not a big deal. You just have a bit of down time, but unless you're a business that stands to lose millions due to downtime, a bit of downtime is not a big issue for most home users.

So I have switched to TrueNAS as my daily driver and hope i can stick to it. With the Terramaster 2 bay hardware, i am using, the energy consumption was very moderate till now, so around 20 Watt and noise level is also very low.
My main concern is the customizations of the Debian and the disabled docker usage, e.g. no docker-compose usage. For me fiddeling with k3s and Helm is an overkill and i would prefer sticking to docker. The other 2 issues are ZFS and missing Debian's apt.

In my experience, a proper TrueNAS hardware where you do everything right for the most reliability doesn't usually go hand-in-hand with low power at least if you want all the nice features like ECC, lots of PCIe lanes, spare computing power for running additional services, etc. SCALE, in particular, is terribad for low power use case as the k3s process constantly chugs 5-10% CPU cycles for really no reason when idling in my experience running it.

What is the experience here: In case of security fixes, how quickly do they come from iX? The worst scenario for any NAS user is in my opinion to loose all data because of malware...

Honestly, I've seen more posts about people losing their data due to self-imposed ransomware (lost encryption keys/passphrase) more than malware. In one bizarre case, someone made their password some random 200-character gibberish and he couldn't find a practical way to copy/paste that into the console when he lost the web GUI.

when i refer'd to recovery i had more the case of hardware or operating system broken in mind, means
take the harddisks out of the NAS and copy the data from the disks to some other server / NAS. So OpenZFS should be hopefully fine for that.

Broken OS is mostly a non-event for TrueNAS since it's designed to be a firmware appliance. The process of fresh reinstall -> restore config takes like 5-10 minutes at most. And if you have a broken boot disk, small consumer SSD's are ultra cheap and plentiful these days. You can even install it in a USB stick in a pinch just temporarily (not a good idea long term since your USB stick will die a premature death) until you can get the main boot disk back online. In 15 years of service, I have never ever needed to have another OS read my storage arrays. I have had a couple times where I had to reinstall the OS or replace a dead USB boot stick (yes, used to be recommended), but again, that takes like 5-10 minutes at most. Why would I take the trouble of disconnecting the disks to plug them into another system (which may not even have enough free SATA ports to accommodate all the disks), mounting them read-only (hopefully the correct way so it doesn't cause further corruptions), which would probably take far longer than 10 mins especially if you have to open cases and screws when I could just reinstall the OS for 5 mins? Heck, you don't even need to backup the config file if your use case is fairly simple with minimal services and users. With a simple use case, you can just import your pools and regenerate your config file in probably another 5-10 mins.

TL; DR: TrueNAS is kinda' designed so you don't HAVE to do the things you're referring to.

 

[Constantin]

Also, keep in mind that TrueNAS can be a bit enthusiastic re: declaring your pool dead and in need of a rebuild rather than advising what actually went wrong during a failed pool import and providing good information and/or recovery options.

This has happened twice to me so far, and I consider the awful feedback TN / ZFS provides in these situations to be a serious improvement opportunity. For example, state which drives in a pool are present, missing, or failed.

A NAS shouldn’t tell me that the pool is dead and needs a ground-up rebuild w/o also stating what the issues are. Simple electrical issues can hence unnecessarily snowball into a system rebuild before the admin realizes that a few disks dropped out due to a loose or broken SATA connection.

Both times, a simple electrical issue was easily fixed and saved me hours upon hours of work to rebuild the NAS. Thankfully, the community here helped me tremendously in those trying times and I am super grateful for all the help I received.

 

[loriot]

Some people think that NAS software should be a OS with a NAS package, (GUI front end, etc...). TrueNAS is more designed as a firmware that happens to use Linux, (or FreeBSD), as the OS. TrueNAS is not intended to be Internet accessible. Though in theory, apps on TrueNAS could be made accessible externally.

Security comes in layers. Firewall from the Internet router, lack of sharing outside the local network, reduction / removal of generic desktop apps, regular updates, and such. Not perfect by any stretch of the imagination.

Thanks for that hint on the philosophy and your thoughts on security.
Even while i understand your points and can ack to a large extend, i feel there is a bit more to it:

• About access from the Internet, i am fully with you: My NAS is not in the Internet. I have even 2 routers and 2 LANs in my home. A normal zone, for the family (normal security) and a second zone, which is a bit isolated, e.g. has IP whitelisting: only trusted sources shall come in. My NAS is within the (hopefully) secure zone, of course with some exceptions = ports exposed to the family (W)LAN for media streaming.
• However: Security risks can also come from your PC / Smartphone at home: AVM is very popular in Germany to have secure routers. The last time, these routers got hacked was via Java script from the browser inside the local LAN. So the attacker "must not come through the firewall". it can come from inside, so from your trusted zone.
• I am now very long in IT, 10 years for Nokia and another decade for IT consultancy. Based on my experience it is not a good idea to replicate / re-package the work somebody else is doing. It just takes resources, slows down things and lets assume Debian is some day deciding for a technology shift iX does not like, like immutable partitions or something else. In this case the future for the firmware might suddenly fade away or the effort to maintain it could explode...
  I totally prefer to too build on top of existing well documented APIs. For me such an API could be the containers, so docker, Podman or Kubernetes. And you are of course right again: kubernetes is most likely the choice to better serve the enterprise, even while i don't like it and would like to have a choice at least.
• If i am right, the explanation why docker-compose is disabled, is, that users should not mess up with the IP range used by k3s. Actually if this is the only problem, i believe the target could be achieved also with different measures and both solutions could also co-exist.

 

[loriot]

I think you have that reversed honestly. Your backup is usually more valuable because that's your last resort when nothing else works (oh shit button). .

Valid point From security point my backup is even more "valued" / protected: It is a plain RAID 5 inside the old Synology box, however not using any Synology tweaks. Again the hope, that i can put the disks also to any other computer that can handle the RAID, in case ...
The TrueNAS (so my daily driver NAS) has only 2 Bays, so 1 disk for Nextcloud = data and another for media (mainly vu-plus recorder).

Broken OS is mostly a non-event for TrueNAS since it's designed to be a firmware appliance. The process of fresh reinstall -> restore config takes like 5-10 minutes at most. And if you have a broken boot disk, small consumer SSD's are ultra cheap and plentiful these days.

Actually i tried that already by accident. I was not so happy with my root disk arrangement and could easily install to a fresh SSD and import the existing data disks. Works like a charm

TL; DR: TrueNAS is kinda' designed so you don't HAVE to do the things you're referring to.

i need to get used to TrueNAS

 

[Arwen]

...

• However: Security risks can also come from your PC / Smartphone at home: AVM is very popular in Germany to have secure routers. The last time, these routers got hacked was via Java script from the browser inside the local LAN. So the attacker "must not come through the firewall". it can come from inside, so from your trusted zone.

...

Yes, I forgot about virus' attacking a TrueNAS from an infected local PC or phone. This is where having fewer listening programs comes in to play. On my home computers, they have SSH listening and generally nothing else. The NTP Daemons listen only locally, as do the CUPS daemon. Only on my home server do they listen on the local network.

The most probably attack would probably go against the Web server & the GUI. Attacking SSH or RSync, (if enabled), is probably not going to result in anything useful. Samba I am not so sure about. TrueNAS, both Core & SCALE, can't keep up with the constant updates for Samba. This is because iXsystems has to thoroughly test Samba sharing before releasing any update. This can take weeks, in which time yet another Samba update might become available :-(. Plus, their is no telling in advance of an "important" Samba update coming soon, which fixes security problems.