Noob questions: network layout and NAS choice

Interested in our products? Post your questions here. Let us answer before you buy.
Post Reply
GardG
New here
Posts: 4
Joined: Sun May 16, 2021 6:27 am

Noob questions: network layout and NAS choice

Post by GardG »

Hi all,

I'm considering getting a NAS for my very small business (2 full time employees and some occasional freelancers), and I'm curious about some QNAP units.

Our current storage system involves a huge stack of random USB disks and a couple of different cloud services – we're hoping to consolidate all that into an on-side NAS unit instead. It will be used for storage of various project assets, including video files, 3D models and misc multimedia. We won't need to use the NAS for virtualisation, transcoding, or any of those things that high-powered units apparently can – it's just about storage, ideally fast.

Most of the time the client computers will mount the NAS over SMB/NFS using a wired connection at the office. Sometimes we'll access remotely over a VPN tunnel to the office router. If it's possible to make "shared folders" á la Dropbox et.al. to share files with clients etc then that would be superb as well.

Our budget is somewhat flexible, but we're hoping to keep the initial investment under approx. 1000€ excl. VAT. However, that would need to include some additional infrastructure to upgrade parts of our network to 10G.

I've been looking a the TS-431KX unit. Within our budget we could get one of those, a couple of 12TB NAS drives, an SSD for caching, plus a 10G SFP switch and cables to connect a couple of 10G clients. The plan is to use the 12TB SSDs in RAID1, then migrate to RAID5 when an additional drive is added when required later on. I'm thinking I could keep off-site backups at home – maybe I could set up a Raspberry Pi ro routinely make incremental copies of the NAS contents, or something like that.

Does this sound like a reasonable plan? It's certainly not an "enterprise" unit I'm considering, hardly even "SMB", but then again, our business is about as small as it gets.

Second question: our office is one of several rooms in a shared office space. The whole floor (30-40 pax, 13 different SMBs) shares a 400/400 fiber Internet connection through a shared router, on one single network (yikes!). We currently use our own router in a LAN-to-WAN setup (double NAT etc). This works fine, and we've experimented with opening OpenVPN tunnels to our router (using port forwarding on the shared router). We haven't used the VPN extensively, but when we get the NAS, we probably will. I've noticed that quite a few articles on this state that VPN through double NAT doesn't work. Is it just by sheer luck that it seems to work in our case? Will we run into trouble trying to access a NAS in this manner?

And are there any other issues I haven't thought of with this sort of solution? I guess it's possible to set up a DMZ or VLAN instead of this rather crude LAN-to-WAN solution, but if it's not broken, etc …


-G
You do not have the required permissions to view the files attached to this post.
P3R
Guru
Posts: 13190
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: Noob questions: network layout and NAS choice

Post by P3R »

GardG wrote: Sun May 16, 2021 6:56 am If it's possible to make "shared folders" á la Dropbox et.al. to share files with clients etc then that would be superb as well.
Dropbox et.al. are much better for that purpose. For security reasons you should sinply never expose your NAS on the internet. There should be no remote access to the NAS at all unless it's protected by a remote access VPN.
Our budget is somewhat flexible, but we're hoping to keep the initial investment under approx. 1000€ excl. VAT.
It's a very tight budget...
I've been looking a the TS-431KX unit.
While having a native 10 GbE interface, performance will be noway near that in a TS-431KX. Expect less than half of that but that's only once you have a 4-disk RAID 5. Less disks=less performance.
...an SSD for caching...
SSD caching is usually not useful but only a waste of money (and drive bays in a small 4-bay) for file serving in home and SMB environments.
The plan is to use the 12TB SSDs in RAID1, then migrate to RAID5 when an additional drive is added when required later on.
You mean 12 TB HDDs and yes that's a good plan evolving the storage when funds are limited.
I'm thinking I could keep off-site backups at home...
Yes an external backup is a requirement and remember that it should be part of the initial plan, not something you'll think that you can fix later. Future installations tend to be postponed and suddenly you're already using the NAS without an external backup when disaster hits.
This works fine, and we've experimented with opening OpenVPN tunnels to our router (using port forwarding on the shared router). We haven't used the VPN extensively, but when we get the NAS, we probably will. I've noticed that quite a few articles on this state that VPN through double NAT doesn't work.
Double NAT doesn't work when you can't control the internet-facing firewall/router (which is more often the case) and get incoming ports opened. When you can have incoming ports directed to the second firewall/router that you control, it's usually not a problem.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
GardG
New here
Posts: 4
Joined: Sun May 16, 2021 6:27 am

Re: Noob questions: network layout and NAS choice

Post by GardG »

Cheers P3R, good points, taken and appreciated.

I've looked at a few more options, and I think I might be able to stretch my budget a tad and accommodate a slightly better NAS. The other alternatives I've explored include

TS-932PX 4GB - but if SSD caching is useless I guess those 2,5" bays are a bit moot. Not sure if I'd ever bother with separate HDD and SSD volumes on the NAS.
TS-653D 4GB - lacks native 10GbE. Using port trunking for 5GbE isn't optimal as the required multi-gig copper SFP adapters for the router I have in mind are a bit expensive. But on the other hand, 2.5G should be more than enough when only using two drives, so maybe I could add a 10G card (and use the same cable and SFP module) when expanding to RAID5.

I'd need to use 8TB drives rather than 12TB to afford these units, but that's enough for now, and with the extra bays it's not really a problem.

I've also looked at a couple of other brands, but one of them isn't available locally and the other one looks less favourable compared to the 653D - fewer bays and more cumbersome networking (no 10G option, requires trunking) at the same price. It has a front LCD, I don't think that's worth it ...

My current options are attached, budget prices in NOK. I've ditched the separate router and 10G switch concept, using a Mikrotik 10G router instead. Initially I wanted to avoid 2.5/5GbE and port trunking because the selection of switches supporting that seemed rather limited, but this router handles multi-gig (with the correct SFP copper adapter) and trunking on all ports, negating that concern.

P3R wrote: Tue May 18, 2021 1:51 am
GardG wrote: Sun May 16, 2021 6:56 am If it's possible to make "shared folders" á la Dropbox et.al. to share files with clients etc then that would be superb as well.
Dropbox et.al. are much better for that purpose. For security reasons you should sinply never expose your NAS on the internet. There should be no remote access to the NAS at all unless it's protected by a remote access VPN.
Makes sense, especially in light of recent events. I find it a bit odd that NAS manufacturers are making such a big deal of this "personal cloud" business in their marketing when it's so risky.
P3R wrote: Tue May 18, 2021 1:51 am
Our budget is somewhat flexible, but we're hoping to keep the initial investment under approx. 1000€ excl. VAT.
It's a very tight budget...
Indeed - the harsh reality of running a very small business. On the positive side, our real performance requirements are modest.
P3R wrote: Tue May 18, 2021 1:51 am
I've been looking a the TS-431KX unit.
While having a native 10 GbE interface, performance will be noway near that in a TS-431KX. Expect less than half of that but that's only once you have a 4-disk RAID 5. Less disks=less performance.
Yeah, I don't expect or need to fully saturate a 10G link with such a unit.
I've noticed in both Qnap and another manufacturer's lineup that some of the lowest-end ARM units have native 10G interfaces, while mid-range Intel units don't, requiring port trunking or expansion cards. This seems an odd choice. Is the 10G interface on the low end units a bit of a marketing trick? Why would the faster units not have it when the cheapest ones do?
P3R wrote: Tue May 18, 2021 1:51 am
...an SSD for caching...
SSD caching is usually not useful but only a waste of money (and drive bays in a small 4-bay) for file serving in home and SMB environments.
Does this apply to QTier as well?
You do not have the required permissions to view the files attached to this post.
P3R
Guru
Posts: 13190
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: Noob questions: network layout and NAS choice

Post by P3R »

GardG wrote: Thu May 20, 2021 1:46 pm My current options are attached, budget prices in NOK.
Oh so you're a neighbour... :wink:

In your position I would probably go with the TS-431KX.
Makes sense, especially in light of recent events. I find it a bit odd that NAS manufacturers are making such a big deal of this "personal cloud" business in their marketing when it's so risky.
The simple answer is that customers that don't understand the risks like the "personal cloud" message and that NAS manufacturers sell many units if they supply what the customers like. Experienced administrators have since long been saying that remote access is too dangerous without protection from a VPN and that it will lead to disasters but neither users nor Qnap have been interested in listening to that advice before the Qlocker disatser.

Qnap have had two huge incidents with thousands of infected users in about 18 months and the latest one with massive data loss for customers that didn't have backups. That hvae lead to that Qnap very recently started to discourage from direct NAS exposure on the internet. It will probably take time until all the marketing material have been changed to reflect their new position.
I've noticed in both Qnap and another manufacturer's lineup that some of the lowest-end ARM units have native 10G interfaces, while mid-range Intel units don't, requiring port trunking or expansion cards. This seems an odd choice. Is the 10G interface on the low end units a bit of a marketing trick? Why would the faster units not have it when the cheapest ones do?
I don't know for sure but maybe it's included in the chipsets they all use so the added cost for offering it is very low.

There are also multiple segments. You have the very low cost ARM models and you have the "high-end" ARM models with 10 GbE. In the Intel universe you have the low cost models in the TS-X5X lines but you also have many higher end Intel-based models that have 10 GbE as standard. The high-end ARM models happen to be in the same price bracket as the low end Intel models so you get to choose between 10 GbE or Intel.
Does this apply to QTier as well?
I've only recently enabled Qtier to try it out but having read about how it work, I don't think that the benefits are large enough to outweigh the disadvantages of loss of control for the administrator and the increased complexity that come with it. Especially not when on a tight budget. There are other things that are much, much more important than SSDs. I think of things that are often unfortunately neglected among users that buy SSDs, things like good versioned backups, a good firewall that include a remote access VPN solution and UPS-protection for the NAS. I also want to remind that my thoughts and recommendations here are for media consumption and file serving in home and SMB environments. There are other applications where both SSD caching and Qtier can be useful.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
Post Reply

Return to “Presales”