@mcfly First off, I have no experience with TerraMaster, so I can't comment on the specific model you chose. But some general thoughts:
why not run TrueNAS on the TerraMaster itself instead in a VM? I've got 3 QNAPs at home, but got more & more fed up with their direction of features implemented & "dumbing down" of their GUI. I run opkg on top of QTS, so get I get by with what I need but if I didn't have to deal with a ~17 TB data I'd flash TrueNAS directly onto my main QNAP and start there.
@madalex
Q: Why not running TrueNAS on the terramaster itself?
A: I don't want TrueNAS to have access to the files of the other VM's at all.
The files in the TrueNAS will be exported to linux and windows clients. Malware-incidents on those systems should not have a chance to impact the other data.
I have full disk encryption on my systems - why?: when a disk breaks, it rarely breaks fully. With full disk encryption I don't have to overwrite/erase/degause anything, just chuck it into recycling. I spend enough time at work stacking disks for shredding, no need to do this at home as well.
As for the encryption troyan, you'll want something good at doing lots of snapshots, and size appropriately to limit damage being able to be done by malware.
@madalex Full disk encryption:
I Do like full disk encryption but i don't really see the sense of it in my use case.
When i throw them away they will have seen a 13mm metal drill going through them, usually twice.
Good luck getting data of that drive.
Snapshots: I don't want to waste all of my space with snapshots. I'll just make a daily backup with N+2 days.
@mcfly - so in conclusion, four points are import from my PoV:
pick hardware powerful enough for full disk encryption
pick a secure OS with good snapshot capabilities
do local accounts on the system with 2FA and a troyan shouldn't do any lasting damage
with QTS/DMS and probably whatever TerraMaster is running, you're stuck with whatever the vendor deems current. I'm on QTS 5.1.5 with my systems and I'm forced to run Samba 4.15, the GPFS clusters at work are at 4.17, 4.19 is current
@manawyrm Wait, compared to what?
Also - i was not considering running their TOS or however that's called.
There will be a linux below that.
The software that is delivered with the nas will not get installed but that's the nice thing - as far as i understand it - about the Terramaster NAS that you don't have to run their stuff. You can run your own OS (and i will surely do that)
@mcfly Hm... I run a regular Debian as my NAS host, it does ZFS natively and then I use virtiofs to mount a part of that FS through to a VM with samba, apache, etc. doing all of the NAS business...
Sharing the drives (as SCSI passthrough, etc.) is going to cause issues (missing SMART support, etc.)
Sharing a full controller via PCIe passthrough might work, but the hardware probably can't do that.
I was planning to put a virtualisation layer on the hardware.
That means something like a debian linux (might go for something different) with Libvirt that handles the virtual machines, the hardware including the drives.
For that i usually use mdadm and lvm.
The virtual machines get partitions on that. That's all they see. No hardware passthrough, no direct access to drives. ONLY the partitions made availible for them.
On those partitions they can make their file systems. I prefer if they don't use them as devices but as partitions as that makes resizing a lot easier later. Also the monitoring (s.m.a.r.t. specifically) happens here.
I want to use TrueNAS as NAS software that serves the files in the partitions that are availible to the client computers. (linux and windows)
Besides trueNAS there will likely be a backup system that backs up other systems on the internet. That will likely be a VM using Borg backup.
Also there will be a vm for home automatisation (actually mostly monitoring of temperatures and power consumption) and a
Add comment