Latest QNAP security cluster *** have you ditched QNAP?

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
User avatar
Trexx
Ask me anything
Posts: 5368
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx » Tue May 04, 2021 2:25 am

elvisimprsntr wrote: Does the QNAP firmware run complete off the USB DOM?

Does anyone know of the USB DOM is attached to the main board with a pin header?

I believe the DOM on my units are 512mb. TrueNAS minimum is 8gb, recommend 32gb for the boot drive.

If the DOM is on a pin header, would it be better to replace the DOM with a 32gb and use that for TrueNAS installation?

Or is that more trouble than it’s worth in case one wanted to switch back to QNAP FW.
Backup all critical data.

Easiest route is to just bypass the DOM by going into the bios and changing boot device order.

Boot from installer thumb drive with usb ssd also plugged in.

Install to usb ssd

Boot usb ssd and then reformat internal HDD.

Continue setup.

If you decide to revert back to qts, just unplug usb ssd drive and boot back off dom.

Will need to re-initialize Qnap so backup all important data before undertaking any of this.


Sent from my iPhone using Tapatalk
Paul

Model: TS-877-1600 FW: 4.4.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x 500GB Evo 860
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
GPU: EVGA GTX 1060 6GB
UPS: CP AVR1350

Model:TVS-673 32GB FW: 4.4.3.x Test/Backup Box
Model:TS-228a FW: 4.4.3.x Test/Backup Box
-----------------------------------------------------------------------------------------------------------------------------------------
NAS RAID Rebuild Times | Live QTS Videos | | QNAP NAS Guide | Information needed when you ask for HELP | QNAP Links, Tutorials, etc.
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 9946
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin » Tue May 04, 2021 4:31 am

Trexx wrote:
Mon May 03, 2021 8:18 pm
For boot drive, you could get by with m.2 SATA > USB external drive as the TS-653a isn’t going to have the bandwidth to fully saturate an NVMe drive. Unless the NVMe version is cheaper.

Even 2.5” external SSD USB combos are fine as well, just a little bigger.


Sent from my iPad using Tapatalk
this makes sense. i was just considering it because i also needed an external m.2 usb for testing purposes, and i don't have m.2 nvme if i needed one also to test things out. there is a sale going on tomorrow that is why i was looking.

well i'll just keep comparing then the prices :'


anyway this is my plan (either for the ts-509 pro or the ts-653a, not sure yet).


things i need

- usb flash drive (16gb??? 32gb if the price isn't much more. checking the virtual market place comments, there are a lot of warnings about possible fake goods, it's worrying :S you know the saying if it's too cheap it's probly too good to be true)
- m.2 nvme ssd OR m.2 sata ssd (probly on price), and a matching external usb enclosure for it
- QNAP NAS with eol firmware (ts-509 pro is the prime candidate, but ts-653a has better hardware and also getting on with age. sadly neither of these models have any ssds in them fyi. hoping arc can be run on the same external usb ssd? if that's an option, i'm not too familiar with zfs)
- monitor
- keyboard
- mouse

so download truenas, put onto the usb flash drive, plug that and the external usb onto the qnap. also plug in the monitor, keyboard and mouse

boot on qnap. enter bios (f12? delete? f2? f8? it's one of those, can't remember which). disable auto booting from the dom. set it to auto boot from the external usb ssd. Then boot up direct from the usb flash drive.

then follow the guide for setup for the rest
https://www.youtube.com/watch?v=E-wQwC4bDgc

at this point whenever you boot the nas, it will load truenas.

if for some reason you want to go back to qts, you can boot down, boot up, go bios, change the auto boot back to dom, then remove the external usb. then boot up. Now it's back to the original. I've heard some people physically remove the dom, but if you set it not to boot from dom anyway, i don't see the harm leaving it as is :'


any part of these steps did i misunderstand? : :?


If the qnap model had a m.2 ssd already inside the nas, i may have tried testing if i could install truenas onto that. but for now i don't have a nas that needs to do that yet 8) (no problem using qts as long as it gets security patches and actively maintained) but it would save me the trouble from requiring an external usb enclosure for a ssd.
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-659 Pro II
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D
[^] QNAP TS-228
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100dl/50ul MBPS FTTH Internet | Win10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin

User avatar
Toxic17
Ask me anything
Posts: 5683
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Toxic17 » Tue May 04, 2021 6:12 am

jaysona wrote:
Tue May 04, 2021 12:23 am
Well, that would make some anecdotal sense for sure. QTS has been going down the sewer for years now, and the more I use ADM and dig around its innards, the more it appears that Asus got a lot more right than QNAP has.

Juts about everything in ADM is packaged, the packages do not run as root and even the admin account does not run with root privileges.
definitely a wake up call for all of us and QNAP. whether they will come back from this is doubtful. damage has been done. if they spent more time on software than marketing hype they may have a chance I guess.
Regards Simon

QTS 4.x User Guidex

QNAP Club Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-473-32GB QM2-2P QXG-10G1T 4.5.3.1652 • TVS-463-16GB 4.5.3.1652 QM2-2S10G1TB • TS-459 Pro 2GB 4.2.6 • TS-121 4.3.3.1624 • APC Back-UPS ES 700G
Network: VM Hub3 • UniFi UDM Pro 1.10-0.9 • Controller: 6.2.23 • UniFi US-16-150W/US-8-60W 5.60.3 • USW Mini Flex 1.8.4 • UniFi G3-Flex • AP: AC Pro 5.60.3 • U6-LR 5.60.3

elvisimprsntr
Easy as a breeze
Posts: 327
Joined: Thu Apr 06, 2017 6:07 am

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr » Tue May 04, 2021 5:34 pm

Trexx wrote:
Backup all critical data.

Easiest route is to just bypass the DOM by going into the bios and changing boot device order.

Boot from installer thumb drive with usb ssd also plugged in.

Install to usb ssd

Boot usb ssd and then reformat internal HDD.

Continue setup.

If you decide to revert back to qts, just unplug usb ssd drive and boot back off dom.

Will need to re-initialize Qnap so backup all important data before undertaking any of this.


Sent from my iPhone using Tapatalk
Thanks.

I follow the 3-2-1 and grandfather-father-son backup rules.

I have three spare disks. Just bought two spare drive trays. I plan to remove QNAP partitioned/formatted drives and install new drives. This way I can quickly revert back if TrueNAS doesn’t run on QNAP hardware with Marvel 88SE8215 SATA, Intel I210 Ethernet, or other controllers.

I’ve run both TrueNAS CORE and SCALE as VM. Have flash drive with CORE image and 500gb Crucial USB 3 SSD.

Plan to start with TS-253A and run it for a month or so to make sure there are no issues (random reboots, crashes. etc.)

Then migrate TS-453A, which is basically the exact same hardware.
[Hourly] TS-453A-16G, R5x4x2TB Seagate ST2000VN00?, Crucial CT2KIT102464BF160B
[Daily] TS-253A-16G, TrueNAS-CORE, Seagate ST4000VN008, Crucial CT2KIT102464BF160B
[Weekly] USB3, 1x4TB Seagate STDR4000901, 45 min fire rated safe
[WAN1] ATT Fiber
[WAN2] SpeedTalk SIM in Netgear LTE Modem
[Firewall] pfSense on Protectli
[WLAN] OpenWRT on Linksys WRT3200ACM
[UPS] APC Back-UPS BX1500G

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 9946
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin » Tue May 04, 2021 6:26 pm

elvisimprsntr wrote:
Tue May 04, 2021 5:34 pm
I’ve run both TrueNAS CORE and SCALE as VM. Have flash drive with CORE image and 500gb Crucial USB 3 SSD.
wait, should we be using core or scale? i heard core is freebsd and scale linux (with stuff like docker container apps which is neat)
https://www.youtube.com/watch?v=fFnLJPMLY0Y

is it stable in 2021? :'

*update

nm it's not :( (but quts hero does run on zfs linux and has dockers :' )
https://www.youtube.com/watch?v=u2frzvl8yL8

so core it is because it's rock solid stable :)
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-659 Pro II
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D
[^] QNAP TS-228
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100dl/50ul MBPS FTTH Internet | Win10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin

User avatar
Trexx
Ask me anything
Posts: 5368
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx » Tue May 04, 2021 8:32 pm

Moogle Stiltzkin wrote: wait, should we be using core or scale? i heard core is freebsd and scale linux (with stuff like docker container apps which is neat)
https://www.youtube.com/watch?v=fFnLJPMLY0Y

is it stable in 2021? :'

*update

nm it's not :( (but quts hero does run on zfs linux and has dockers :' )
https://www.youtube.com/watch?v=u2frzvl8yL8

so core it is because it's rock solid stable :)
<insert smart@ss comment about QTS stability>

In terms of HW compatibility, more likely to get that with Scale as it is Debian based so will have much broader HW support.

Is it production ready, no but it is targeted to hit beta in June (so 1 month away).

There are too many things I want in scale, and I don’t know if I can migrate from core to scale later (post deployment) without major headaches.

From what the release notes read from the latest 04 release sounds like base functionality is pretty stable as well as KVM/Docker.

Not all functionality is fully baked in the GUI, but that is ok. Good excuse to learn more Linux CLI :)


Sent from my iPad using Tapatalk
Paul

Model: TS-877-1600 FW: 4.4.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x 500GB Evo 860
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
GPU: EVGA GTX 1060 6GB
UPS: CP AVR1350

Model:TVS-673 32GB FW: 4.4.3.x Test/Backup Box
Model:TS-228a FW: 4.4.3.x Test/Backup Box
-----------------------------------------------------------------------------------------------------------------------------------------
NAS RAID Rebuild Times | Live QTS Videos | | QNAP NAS Guide | Information needed when you ask for HELP | QNAP Links, Tutorials, etc.
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 9946
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin » Wed May 05, 2021 5:21 am

In terms of HW compatibility, more likely to get that with Scale as it is Debian based so will have much broader HW support.
noted.




*update

so i managed to get the items on sale after all :D

this is what i ordered
Kingston DataTraveler 100 G3 DT100G3 USB 3.0 Flash Drive Pendrive (32GB)

Kingston A2000 NVMe PCIe Gen 3x4 M.2 2280 Internal Solid State Drives SSD 500GB

ORICO M.2 SSD Enclosure USB-C Gen2 10Gbps PCIe SSD Case M2 SATA NVME NGFF 5Gbps SSD Enclosure for M.2 NVME

Adapter USB 3.0 male to female type-C OTG USB3.0 A Adapter USB C Converter for Macbook

for pricing i managed to get the A2000 500gb for a decent price, so i didn't bother with the m.2 sata option. 1tb also had a good deal but i'm fine with 500gb.

the external m.2 case is a type c..... i needed type a.... so i figured using a convertor would suffice to solve that issue i hope.



anyway once it arrives i'll try test it with the ts-509 pro first (and if there are issues it won't be that big a deal on this old model). the ts-653a has firmware 4.5.3.1652 build 20210428, so don't need an alternative OS for it just yet.

not expecting any performance miracles. only just want a secure os that is maintained to replace qts for an eol model and is stable.

the ts-509 pro only has a VGA output ... so gonna have to find that cable :'

i'll create a new thread this project of mine.
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-659 Pro II
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D
[^] QNAP TS-228
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100dl/50ul MBPS FTTH Internet | Win10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin

User avatar
Cbrad01
Know my way around
Posts: 106
Joined: Fri Jan 15, 2016 9:17 pm

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Cbrad01 » Wed May 05, 2021 8:30 pm

As some people rush to switch to different platforms remember this. Regardless of what platform/ OS you run, your system should never be exposed to the internet! Any services that you do share outside your network should be protected by VPN, strong passwords, regular patching and updates, and other best practices to prevent attacks.

I am not making excuses for QNAP but people should not think that they can switch platforms and everything is solved.

My QNAP would be considered insure for ease of end user access, but my network sits behind a Unifi routers and SonicWalls. Only traffic that I approve passes and it is a pain in the ** to keep updated.

Good security is in opposition to ease of use. Far to many people fall for the marketing hype and ignore security. Don’t switch platforms and think you are safe…


Sent from my iPhone using Tapatalk

User avatar
Trexx
Ask me anything
Posts: 5368
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx » Wed May 05, 2021 8:40 pm

Agreed….good security also starts with good professional coding.

As you said there is no easy button for good security. Layers in depth is the key.


Sent from my iPhone using Tapatalk
Paul

Model: TS-877-1600 FW: 4.4.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x 500GB Evo 860
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
GPU: EVGA GTX 1060 6GB
UPS: CP AVR1350

Model:TVS-673 32GB FW: 4.4.3.x Test/Backup Box
Model:TS-228a FW: 4.4.3.x Test/Backup Box
-----------------------------------------------------------------------------------------------------------------------------------------
NAS RAID Rebuild Times | Live QTS Videos | | QNAP NAS Guide | Information needed when you ask for HELP | QNAP Links, Tutorials, etc.
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq

elvisimprsntr
Easy as a breeze
Posts: 327
Joined: Thu Apr 06, 2017 6:07 am

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr » Sun May 09, 2021 9:24 am

Installed TrueNAS CORE on my TS-253A!

I just have to get TimeMachine ACLs figured out and I can ditch QTS!
[Hourly] TS-453A-16G, R5x4x2TB Seagate ST2000VN00?, Crucial CT2KIT102464BF160B
[Daily] TS-253A-16G, TrueNAS-CORE, Seagate ST4000VN008, Crucial CT2KIT102464BF160B
[Weekly] USB3, 1x4TB Seagate STDR4000901, 45 min fire rated safe
[WAN1] ATT Fiber
[WAN2] SpeedTalk SIM in Netgear LTE Modem
[Firewall] pfSense on Protectli
[WLAN] OpenWRT on Linksys WRT3200ACM
[UPS] APC Back-UPS BX1500G

Post Reply

Return to “Users' Corner”