Latest QNAP security cluster *** have you ditched QNAP?

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Rchiil
New here
Posts: 8
Joined: Mon Jan 28, 2019 7:01 pm

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Rchiil »

soz replied to wrong post
pbrunnen
Starting out
Posts: 21
Joined: Wed Sep 14, 2011 6:40 am

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by pbrunnen »

elvisimprsntr wrote: Fri Apr 30, 2021 5:43 am
Shazbot! Two Marvell and one Intel SATA controller.

Code: Select all

[~] # lspci -k | grep -i 0106
02:00.0 Class 0106: 1b4b:9215 ahci
00:13.0 Class 0106: 8086:22a3 ahci
01:00.0 Class 0106: 1b4b:9215 ahci
https://devicehunt.com/view/type/pci/ve ... evice/9215
88SE9215 PCIe 2.0 x1 4-port SATA 6 Gb/s Controller
https://devicehunt.com/view/type/pci/ve ... evice/22A3
Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series SATA Controller

Some reports on TrueNAS forum indicate support for the 88SE9215
https://www.truenas.com/community/searc ... =relevance
Hi elvisimprsntr,
Yes... and hence I indicated Newer models. The Marvell 88SE1475, at least from the chipset datasheet is copyright 2020, so I suspect larger QNap boxes that are late 2020 forward. I've seen the 88SE9215 mentioned and also appears supported in the mainline Linux kernel, so that one wouldn't be an issue... But the drivers are not interchangeable.

Moogle Stiltzkin wrote: Fri Apr 30, 2021 5:06 am for older models, would a ts-509 pro and a ts-653a work using truenas? :'
Hi Moogle Stiltzkin,
Yea, I would suspect older boxes would be fine. Like elvisimprsntr pointed out... Our older TS-879U-RP is similar and has a Marvell 88SE9125 (PCI-ID 1b4b:9125) and this sata chipset has been in Linux support since 2011... But that unit is 2014 vintage.

Trexx wrote: Fri Apr 30, 2021 11:48 am Just out of curiosity, have you tried the latest alpha version of TrueNas Scale which is Debian based to see if they had support?
Hi Trexx,
Yes... I'm not a BSD guy, so I did try Scale and setup a build environment so I could test the bleeding edge. I even built the kernel module for the Marvell 88SE1475 chipset from the driver source that QNap provides. It wasn't pretty...
elvisimprsntr

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

pbrunnen wrote:
Hi elvisimprsntr,
Yes... and hence I indicated Newer models. The Marvell 88SE1475, at least from the chipset datasheet is copyright 2020, so I suspect larger QNap boxes that are late 2020 forward. I've seen the 88SE9215 mentioned and also appears supported in the mainline Linux kernel, so that one wouldn't be an issue... But the drivers are not interchangeable.

@pbrunnen

I have a USB 3 SSD I was planning to use as the TrueNAS boot drive, but I’ve read reports that TrueNAS will quickly wear out USB flash drives. Not sure if a USB 3 SSD would suffer the same wear out. I did see that you can install FreeNAS without a swap partition.

Do you know if the Intel SATA controller has a header on the motherboard? Of course I would also need a power connection if I mounted a SATA SSD internally.
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin »

elvisimprsntr wrote: Sat May 01, 2021 12:53 am @pbrunnen

I have a USB 3 SSD I was planning to use as the TrueNAS boot drive, but I’ve read reports that TrueNAS will quickly wear out USB flash drives. Not sure if a USB 3 SSD would suffer the same wear out. I did see that you can install FreeNAS without a swap partition.

Do you know if the Intel SATA controller has a header on the motherboard? Of course I would also need a power connection if I mounted a SATA SSD internally.
this is what i am very concerned with. is there a better solution for this?

i want a long term reliable boot drive that i don't have to wonder if it's gonna be dead soon after.

usually on qnap nas i have the os installed on a m.2 ssd x 2 running in raid1
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
Trexx
Ask me anything
Posts: 5393
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx »

elvisimprsntr wrote:
@pbrunnen

I have a USB 3 SSD I was planning to use as the TrueNAS boot drive, but I’ve read reports that TrueNAS will quickly wear out USB flash drives. Not sure if a USB 3 SSD would suffer the same wear out. I did see that you can install FreeNAS without a swap partition.

Do you know if the Intel SATA controller has a header on the motherboard? Of course I would also need a power connection if I mounted a SATA SSD internally.
If you are using a true SSD (via USB enclosure) you should be fine for a boot drive. I have a SataDom being installed in my new TrueNas box (which hasn’t shipped yet… grrr) and from what the TrueNas guides have said, I should be fine with that as Boot SSD doesn’t get that heavy of use in terms of writes.

Other functions such as L2Arc & Slog are different stories :)


Sent from my iPad using Tapatalk
Paul

Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350

Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
pbrunnen
Starting out
Posts: 21
Joined: Wed Sep 14, 2011 6:40 am

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by pbrunnen »

Trexx wrote: Sat May 01, 2021 1:34 pm If you are using a true SSD (via USB enclosure) you should be fine for a boot drive. I have a SataDom being installed in my new TrueNas box (which hasn’t shipped yet… grrr) and from what the TrueNas guides have said, I should be fine with that as Boot SSD doesn’t get that heavy of use in terms of writes.

Other functions such as L2Arc & Slog are different stories :)
Agreed with Trexx that a USB attached SSD will work. TrueNAS uses ZFS for the boot drive now too, so there are lots of small writes occurring and that wears out flash drives since they don't have any wear leveling built-in like an SSD does. Hence TrueNAS no longer says that USB flash drives are Ok for production use.

I've not seen a QNap device that left any SATA ports exposed internally... You'd probably end up having to go on the board to tap off the chipset, and I don't recommend that. They do typically have a small USB flash module on a separate daughter board inside which you can remove and use a USB header cable to give yourself another USB2 port.

Why not install directly on the drive in your NAS? I've not tried this personally yet, but I would think you could use the main disks for both boot and data... That is essentially what QNap does... The boot starts on flash for the basics and then transitions to running of your SATA disks.
elvisimprsntr

Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

pbrunnen wrote:
Trexx wrote: Sat May 01, 2021 1:34 pm If you are using a true SSD (via USB enclosure) you should be fine for a boot drive. I have a SataDom being installed in my new TrueNas box (which hasn’t shipped yet… grrr) and from what the TrueNas guides have said, I should be fine with that as Boot SSD doesn’t get that heavy of use in terms of writes.

Other functions such as L2Arc & Slog are different stories :)
Agreed with Trexx that a USB attached SSD will work. TrueNAS uses ZFS for the boot drive now too, so there are lots of small writes occurring and that wears out flash drives since they don't have any wear leveling built-in like an SSD does. Hence TrueNAS no longer says that USB flash drives are Ok for production use.

I've not seen a QNap device that left any SATA ports exposed internally... You'd probably end up having to go on the board to tap off the chipset, and I don't recommend that. They do typically have a small USB flash module on a separate daughter board inside which you can remove and use a USB header cable to give yourself another USB2 port.

Why not install directly on the drive in your NAS? I've not tried this personally yet, but I would think you could use the main disks for both boot and data... That is essentially what QNap does... The boot starts on flash for the basics and then transitions to running of your SATA disks.
I’m planning on using a Crucial CT500X8SSD9 USB 3 SSD. It’s basically a M.2 SSD in a USB enclosure.

I’ve already run both TrueNAS CORE and SCALE as a VM to familiarize myself and test all the settings.

In theory you can install TrueNAS on one or more SATA drives in a bootable RAID1 mirror as a boot partition. Then have rest of the drives portioned for what ever RAID configuration you desire. Is that how most TrueNAS installations are?

UPDATE

If you install TrueNAS on one of the SATA drives that is one less you have for your array.

https://www.ixsystems.com/blog/how-to-i ... enas-core/
Boot device (SSD or HDD): Also known as the boot drive. At least 8 GB of storage capacity is required to serve as the boot device for TrueNAS. An SSD is an ideal choice for longevity; keep in mind that the entire disk will be used for the TrueNAS operating system. USB sticks are no longer recommended, due to the high amount of write tasks on TrueNAS.
Last edited by elvisimprsntr on Mon May 03, 2021 1:00 am, edited 1 time in total.
User avatar
Cbrad01
Know my way around
Posts: 245
Joined: Fri Jan 15, 2016 9:17 pm

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Cbrad01 »

Regardless of what hardware or software you run you need to take steps to protect your devices and data!
QNAP has been sloppy with security just as many other vendors.
Am I walking away from QNAP no, will I continue to follow steps to protect my systems, yes and above all I will always ignore the manufacturer’s marketing hype and protect my assets.
Any time it is easy for you to access you systems it’s just as easy for bad folks.


Sent from my iPhone using Tapatalk
elvisimprsntr

Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

Cbrad01 wrote:Regardless of what hardware or software you run you need to take steps to protect your devices and data!
QNAP has been sloppy with security just as many other vendors.
Am I walking away from QNAP no, will I continue to follow steps to protect my systems, yes and above all I will always ignore the manufacturer’s marketing hype and protect my assets.
Any time it is easy for you to access you systems it’s just as easy for bad folks.


Sent from my iPhone using Tapatalk
Which is why my network is behind https://pfsense.org enterprise class firewall on a https://protectli.com device.

Even QNAP’s new guidance says don’t open ports. https://blog.qnap.com/nas-internet-connect-en/

If QNAP would spend as much resources steering customers to more secure solutions as they spent in recent weeks on vulnerabilities, customers would not be at as much risk.
User avatar
Trexx
Ask me anything
Posts: 5393
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx »

elvisimprsntr wrote:
pbrunnen wrote:
Trexx wrote: Sat May 01, 2021 1:34 pm If you are using a true SSD (via USB enclosure) you should be fine for a boot drive. I have a SataDom being installed in my new TrueNas box (which hasn’t shipped yet… grrr) and from what the TrueNas guides have said, I should be fine with that as Boot SSD doesn’t get that heavy of use in terms of writes.

Other functions such as L2Arc & Slog are different stories :)
Agreed with Trexx that a USB attached SSD will work. TrueNAS uses ZFS for the boot drive now too, so there are lots of small writes occurring and that wears out flash drives since they don't have any wear leveling built-in like an SSD does. Hence TrueNAS no longer says that USB flash drives are Ok for production use.

I've not seen a QNap device that left any SATA ports exposed internally... You'd probably end up having to go on the board to tap off the chipset, and I don't recommend that. They do typically have a small USB flash module on a separate daughter board inside which you can remove and use a USB header cable to give yourself another USB2 port.

Why not install directly on the drive in your NAS? I've not tried this personally yet, but I would think you could use the main disks for both boot and data... That is essentially what QNap does... The boot starts on flash for the basics and then transitions to running of your SATA disks.
I’m planning on using a Crucial CT500X8SSD9 USB 3 SSD. It’s basically a M.2 SSD in a USB enclosure.

I’ve already run both TrueNAS CORE and SCALE as a VM to familiarize myself and test all the settings.

In theory you can install TrueNAS on one or more SATA drives in a bootable RAID1 mirror as a boot partition. Then have rest of the drives portioned for what ever RAID configuration you desire. Is that how most TrueNAS installations are?

UPDATE

If you install TrueNAS on one of the SATA drives that is one less you have for your array.

https://www.ixsystems.com/blog/how-to-i ... enas-core/
Boot device (SSD or HDD): Also known as the boot drive. At least 8 GB of storage capacity is required to serve as the boot device for TrueNAS. An SSD is an ideal choice for longevity; keep in mind that the entire disk will be used for the TrueNAS operating system. USB sticks are no longer recommended, due to the high amount of write tasks on TrueNAS.
Just boot from usb thumb to install truenas to usb SSD drive. Then use all internal drives for ZFS. Ideally you have internal m.2s for the caching functions like l2arc, slog etc.


Sent from my iPhone using Tapatalk
Paul

Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350

Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin »

so something like this ya?
https://shopee.com.my/%E3%80%90Ready-St ... 6145459040


i'm also considering getting this Kingston a2000 m.2 nvme 500gb to go with it
https://www.youtube.com/watch?v=qcF2jNuxIQg
https://www.tomshardware.com/reviews/ki ... 2-nvme-ssd
https://www.techspot.com/products/stora ... ie.198588/

Image


or is there a better deal than this for getting truenas onto a ts-653a or a ts-503 pro?
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
Trexx
Ask me anything
Posts: 5393
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx »

For boot drive, you could get by with m.2 SATA > USB external drive as the TS-653a isn’t going to have the bandwidth to fully saturate an NVMe drive. Unless the NVMe version is cheaper.

Even 2.5” external SSD USB combos are fine as well, just a little bigger.


Sent from my iPad using Tapatalk
Paul

Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350

Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
elvisimprsntr

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

Trexx wrote:For boot drive, you could get by with m.2 SATA > USB external drive as the TS-653a isn’t going to have the bandwidth to fully saturate an NVMe drive. Unless the NVMe version is cheaper.

Even 2.5” external SSD USB combos are fine as well, just a little bigger.


Sent from my iPad using Tapatalk
Does the QNAP firmware run complete off the USB DOM?

Does anyone know of the USB DOM is attached to the main board with a pin header?

I believe the DOM on my units are 512mb. TrueNAS minimum is 8gb, recommend 32gb for the boot drive.

If the DOM is on a pin header, would it be better to replace the DOM with a 32gb and use that for TrueNAS installation?

Or is that more trouble than it’s worth in case one wanted to switch back to QNAP FW.
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by jaysona »

Toxic17 wrote: Fri Apr 30, 2021 12:42 am Thats more likely down to who left QNAP years ago to join Synology and Asustor. I heard all the good techies left QNAP years ago. there other thing is most of Synology and Asustor are packaged based and they update accordingly. QNAP on the other hand adds Apache/php and mysql into firmware which makes updating these packages near non existant.

SQL on the latest QTS is MariaDB 5.5.x which is eol of life last year. they are aware of it however as I have raised tickets with them this week.
Well, that would make some anecdotal sense for sure. QTS has been going down the sewer for years now, and the more I use ADM and dig around its innards, the more it appears that Asus got a lot more right than QNAP has.

Juts about everything in ADM is packaged, the packages do not run as root and even the admin account does not run with root privileges.
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by jaysona »

elvisimprsntr wrote: Mon May 03, 2021 9:57 pm Does the QNAP firmware run complete off the USB DOM?

Does anyone know of the USB DOM is attached to the main board with a pin header?

I believe the DOM on my units are 512mb. TrueNAS minimum is 8gb, recommend 32gb for the boot drive.

If the DOM is on a pin header, would it be better to replace the DOM with a 32gb and use that for TrueNAS installation?

Or is that more trouble than it’s worth in case one wanted to switch back to QNAP FW.
The DOM is used for the initial bootstrap, once a valid QNAP partition is found on a hard disk, the boot continues from the hard disk QNAP partition.

The DOM is USB based using an 8-pin header.
viewtopic.php?t=146739#p705292
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
Post Reply

Return to “Users' Corner”