NAS drive and raid options: Release your inner geek

Boinked

Boinked

TJ Expert
Joined
Jul 7, 2018
Messages
3,093
Location
Mesa,az
Now that my jeep is running good for a change i must now focus on more important matters.

Its time for me to install a NAS. I have put this off for 10 years but now im starting to lose things that should have been backed up.

It has been many years since I was deeply involved in networking. Raid seems to have changed a lot. Many new things to look at. That is why im here. I know we have experts that keep up on things.

Things that will happen:

The NAS will be local network only! I will block all internet access for it.
NAS will be MAC filtered to limit access to a couple of computers.

What i need:
Reliability......
Redundancy.... i don't want to lose data.

What i don't need.
Im not using this as a media server.
Not storing huge files.
I dont need fast access to the data.


Now what is my best options.
I was thinking 5 bay NAS running raid 6. To allow for multiple failures. But im open to anything.
 
If you weren't blocking internet access, I'd tell you to not even bother storing the data on your local machine and back it up to AWS (that's what I do with this site, I have a cronjob setup to back it up nightly to AWS, the local hard drive, and another offsite location as well).

It's been a long time since I actually spec'd out anything like this, I'm way behind the times.
 
What is your OS? Is this a home network? How much storage do you need?

I haven't needed to do this in some time but you could use USB flash drives as a multi disk RAID. Apparently Mac has this capability built in. If you use Win 10 Pro you can use its Storage Spaces which creates a mirror drive. Or to RAID them you have to "turn off" the removable flag of each drive.

OR if you only "don't want to loose data" again use a flash drive with a backup software package.

If you need a lot of space flash drives may not be cost effective as a TB (4-256 GB) from a quality mfg'er is ~ 2 bills.
 
Last edited:
05 Blue Unlimited said:
What is your OS? Is this a home network? How much storage do you need?

I haven't needed to do this in some time but you could use USB flash drives as a multi disk RAID. Apparently Mac has this capability built in. If you use Win 10 Pro you can use its Storage Spaces which creates a mirror drive. Or to RAID them you have to "turn off" the removable flag of each drive.

OR if you only "don't want to loose data" again use a flash drive with a backup software package.

If you need a lot of space flash drives may not be cost effective as a TB (4-256 GB) from a quality mfg'er is ~ 2 bills.
Click to expand...
Flash drives are an ok option but the must be plugged in to save. Im looking for a automated backup to a device. Im storing sensitive information and do not want to use a cloud due to the massive data breachs that occur every day. I am paranoid.
I just like the idea of a box that stores all my information that i don't have to do anything to (after configuring it) and if a drive fails i just swap a new one in and call it a day.
 
Ok sure but I am not sure if you want a RAID set or just a backup drive for data? Also not sure what you mean that FD's must be plugged in to save since all options must be plugged in? A SSD is basically a large FD just in one box. Also if you use RAID 5 or 6 with FD's if one fails you still replace it and let the RAID function restore that data...depending on the RAID type of course.
 
Last edited:
What i have been leaning towards was the QNAP and dropping 4x8Tb drives into it. I was hoping for a 5 or 6 drive but can seem to find a reasonable price.

And every time I look at reviews i see so many negatives.
Im looking for commercial quality home use prices. I might have to bite the bullet and pay the premium for better quality.

QNAP TS-451+ 4-Bay Next Gen Personal Cloud NAS, Intel 2.0GHz Quad-Core CPU with Media Transcoding https://www.amazon.com/dp/B015VNLGF8/?tag=wranglerorg-20
 
I have the QNAP TS-451+. It is an awesome little device for home use. It also supports docker containers which comes in handy. I am running Plex on it.
 
Ok so i bit the bullet and pick up the QNAP TS-451+. I also grabbed 4 x 3TB WD Red drives.

Now my logic is to run 3 of them raid 5. Use the 4th as a separate back up for the raid array.

In theory the raid will be 6TB and my backup will be 3TB. Once the backup gets full i will swap it out for a 6TB drive and keep the 3TB as a spare if one of the raid disks fail.

Am i going overboard?
 
Boinked said:
Am i going overboard?
Click to expand...

Impossible to say as we still don't know what you want to do.

Above you state -
———————————————-
What i need:
Reliability......
Redundancy.... i don't want to lose data.

What i don't need.
Im not using this as a media server.
Not storing huge files.
I dont need fast access to the data.
———————————————————————

So if that is accurate and only what you need then yes, you are way overboard to the point of drowning. IMO for the stated "What I do/don't need" a simple backup drive and proper backup routine is all you need since the primary purpose of RAID is performance increase with redundancy being a very good but secondary result.
 
Looks like you're already headed down a particular path, but I'd just suggest some things to consider.

The more hardware you have in service, the more likely it is that one of the components is going to fail. Of course, all the hardware will fail eventually, but with more hardware you'll have more frequent component failures. So, it's worth thinking about how to keep things simple.

RAID isn't a backup strategy, so it's good that you have a separate backup. Now, consider making sure you have regular offline backups. Online backups are great because you can keep them up to date, but that also makes them vulnerable to things like ransomware. You want at least one backup set that's offline so it can't be damaged by malware.
 
  • Like
Reactions: 05 Blue Unlimited
@05 Blue Unlimited

I just want to explain the "no large file statement". I don't have 5+ gig files the i need to run from the drive. But i do have around 900 gigs worth of files. Photos movie backups, research files, and financial documents/statements.

@fuse

Ransomware/malware That was the intention of blocking the NAS from the internet.

As far as offline back ups. I have had horrible luck with portable harddrives failure. Also i am like most people and HORRIBLY lazy when it comes to manual backups. The idea behind the separate single drive was to gaurd against the NAS failure. My thoughts was if the hardware (not drive) crashed i could use the single drive in my desktop to recover the data. Or is that wishful thinking.
 
Boinked said:
My thoughts was if the hardware (not drive) crashed i could use the single drive in my desktop to recover the data. Or is that wishful thinking.
Click to expand...
Ransomware is getting pretty smart these days. I think you should expect that if the drive is online, the ransomware can find it and encrypt or delete the contents. I'd also anticipate that if the drive looks like a backup, it's likely to be deleted.

The other risk is that even if the ransomware doesn't get to your drive, your regular backup procedures could overwrite good data with data that's been corrupted by the ransomware. This happens a lot to ransomware victims.

FWIW, I haven't been so good at following this advice myself, but after the recent sessions at a local Infragard meeting, I'm planning to rotate backup drives so that I always have one set of offline backups.
 
Boinked said:
@05 Blue Unlimited

I just want to explain the "no large file statement". I don't have 5+ gig files the i need to run from the drive. But i do have around 900 gigs worth of files. Photos movie backups, research files, and financial documents/statements.
.
Click to expand...

Hey not a problem for me. I just think that for what your goal is your method for getting there is overly expensive. With what you have, in terms of files, I would seriously consider fuse's advice regarding off-line backup. If you really want protection consider an off premise backup as well. However, fundamentally your plan will work.
 
fuse said:
FWIW, I haven't been so good at following this advice myself, but after the recent sessions at a local Infragard meeting, I'm planning to rotate backup drives so that I always have one set of offline backups.
Click to expand...
That is a really good idea. Hard drives are not that expensive. I could just swap in a 2nd drive every month or so and then pull it and store it away.

Its better then what I have been doing for the past 30 years.
I miss tape recording back ups :)
 
Boinked said:
I miss tape recording back ups
Click to expand...
Yeah, tape backups were great — until you had to recover from a bad tape. :)

I think cloud storage is one of the best things to come along recently. @Chris uses AWS. I use Azure because it's marginally cheaper. Either way, it's a great way to get really reliable storage at amazingly cheap prices. I pay less than $5 per month to back up all my household computers to the cloud.
 
  • Like
Reactions: Chris
I don't think you should use mac authentication only. Pretty easy to spoof especially if I was your neighbor. I mean it is is fine, but it is readily available through a tcp dump in plain text. I would look into more security, and if you are going to do a raid 5 with a backup to the raid, why not do a raid 6 or a raid 10?

In my eyes, I think you are way overboard, but really it is all in what you want to do. Do you want more security and redundancy? For me I want more space. I run everything in vm's and back those up to a nas, I also back up my nas on to drives and take them to work. I use good drives and don't raid anything, but it is all on LVM's.

Now this is just my personal network, not at work, so I am not as meticulous, but it has been running this way since 1998. Well sort of because lvm really isn't that old. I like @Chris idea of backing up to AWS, but if yo have that much data restoring would be slow, and your security is only as good as AWS and they are pretty famous for getting breached. I know they are better, but I am still leery of the cloud. I am stuck in the old days though. You might call me a dinosaur.

For security, I use user based authentication and turn everything off except the ports I need. My ssh refuses all, except users I allow, which isn't many or them. I do allow all read to my media from inside my network only. Except for me. I can stream whatever I want from whatever device I want based on my user account from where ever I want. Which is not my name!

I can stream music from my server to my helmet when I am riding my motorcycle, but nobody else can.
Even if I give you an ssh account, you still can't get to anything on my network unless I allow it.

My KVM server does have a hardware raid 1, but I have never had to mess with it, and if a drive does go, I will most likely upgrade all of the hardware, and do a clean install anyway then restore all of the VM's.
 
Synology Diskstation Raid 6 or 10 with external periodic backups and call it a day. You want to make sure you scrub your raid often.

A RAID is not a backup solution.

You should have external hot and cold backups on and off premises if you are serious.

All data on all external/internal drives should be AES encrypted, biggest and most complex key you are willing to remember. Use a high quality drive for your externals (like a western digital black) and you will have very little issues. Always let the drive spin down before you move it.

Security wise you just don't expose the services to the internet, better to do it cloud based these days. A lot of these services aren't intended or equipped to be configured properly for direct exposure.

If you must go direct id go through SFTP for remote file access or low privilege remote session virtual machine jump boxes.

Always a good idea to run a decent IDS (like snort) and block all countries outside of your needs. Most of these probes come from overseas IP's, I see very few from within the USA.

I block all inbound connections outside of the USA on many networks that I admin for with great success. This act alone has reduced IDS alerts and intervention by over 80%.
 
Last edited:
  • Like
Reactions: Boinked
Top Bottom
Back