Latest QNAP security cluster *** have you ditched QNAP?

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
User avatar
Trexx
Ask me anything
Posts: 5393
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx »

elvisimprsntr wrote: Does the QNAP firmware run complete off the USB DOM?

Does anyone know of the USB DOM is attached to the main board with a pin header?

I believe the DOM on my units are 512mb. TrueNAS minimum is 8gb, recommend 32gb for the boot drive.

If the DOM is on a pin header, would it be better to replace the DOM with a 32gb and use that for TrueNAS installation?

Or is that more trouble than it’s worth in case one wanted to switch back to QNAP FW.
Backup all critical data.

Easiest route is to just bypass the DOM by going into the bios and changing boot device order.

Boot from installer thumb drive with usb ssd also plugged in.

Install to usb ssd

Boot usb ssd and then reformat internal HDD.

Continue setup.

If you decide to revert back to qts, just unplug usb ssd drive and boot back off dom.

Will need to re-initialize Qnap so backup all important data before undertaking any of this.


Sent from my iPhone using Tapatalk
Paul

Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350

Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin »

Trexx wrote: Mon May 03, 2021 8:18 pm For boot drive, you could get by with m.2 SATA > USB external drive as the TS-653a isn’t going to have the bandwidth to fully saturate an NVMe drive. Unless the NVMe version is cheaper.

Even 2.5” external SSD USB combos are fine as well, just a little bigger.


Sent from my iPad using Tapatalk
this makes sense. i was just considering it because i also needed an external m.2 usb for testing purposes, and i don't have m.2 nvme if i needed one also to test things out. there is a sale going on tomorrow that is why i was looking.

well i'll just keep comparing then the prices :'


anyway this is my plan (either for the ts-509 pro or the ts-653a, not sure yet).


things i need

- usb flash drive (16gb??? 32gb if the price isn't much more. checking the virtual market place comments, there are a lot of warnings about possible fake goods, it's worrying :S you know the saying if it's too cheap it's probly too good to be true)
- m.2 nvme ssd OR m.2 sata ssd (probly on price), and a matching external usb enclosure for it
- QNAP NAS with eol firmware (ts-509 pro is the prime candidate, but ts-653a has better hardware and also getting on with age. sadly neither of these models have any ssds in them fyi. hoping arc can be run on the same external usb ssd? if that's an option, i'm not too familiar with zfs)
- monitor
- keyboard
- mouse

so download truenas, put onto the usb flash drive, plug that and the external usb onto the qnap. also plug in the monitor, keyboard and mouse

boot on qnap. enter bios (f12? delete? f2? f8? it's one of those, can't remember which). disable auto booting from the dom. set it to auto boot from the external usb ssd. Then boot up direct from the usb flash drive.

then follow the guide for setup for the rest
https://www.youtube.com/watch?v=E-wQwC4bDgc

at this point whenever you boot the nas, it will load truenas.

if for some reason you want to go back to qts, you can boot down, boot up, go bios, change the auto boot back to dom, then remove the external usb. then boot up. Now it's back to the original. I've heard some people physically remove the dom, but if you set it not to boot from dom anyway, i don't see the harm leaving it as is :'


any part of these steps did i misunderstand? : :?


If the qnap model had a m.2 ssd already inside the nas, i may have tried testing if i could install truenas onto that. but for now i don't have a nas that needs to do that yet 8) (no problem using qts as long as it gets security patches and actively maintained) but it would save me the trouble from requiring an external usb enclosure for a ssd.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
Toxic17
Ask me anything
Posts: 6468
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Toxic17 »

jaysona wrote: Tue May 04, 2021 12:23 am Well, that would make some anecdotal sense for sure. QTS has been going down the sewer for years now, and the more I use ADM and dig around its innards, the more it appears that Asus got a lot more right than QNAP has.

Juts about everything in ADM is packaged, the packages do not run as root and even the admin account does not run with root privileges.
definitely a wake up call for all of us and QNAP. whether they will come back from this is doubtful. damage has been done. if they spent more time on software than marketing hype they may have a chance I guess.
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
elvisimprsntr

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

Trexx wrote:
Backup all critical data.

Easiest route is to just bypass the DOM by going into the bios and changing boot device order.

Boot from installer thumb drive with usb ssd also plugged in.

Install to usb ssd

Boot usb ssd and then reformat internal HDD.

Continue setup.

If you decide to revert back to qts, just unplug usb ssd drive and boot back off dom.

Will need to re-initialize Qnap so backup all important data before undertaking any of this.


Sent from my iPhone using Tapatalk
Thanks.

I follow the 3-2-1 and grandfather-father-son backup rules.

I have three spare disks. Just bought two spare drive trays. I plan to remove QNAP partitioned/formatted drives and install new drives. This way I can quickly revert back if TrueNAS doesn’t run on QNAP hardware with Marvel 88SE8215 SATA, Intel I210 Ethernet, or other controllers.

I’ve run both TrueNAS CORE and SCALE as VM. Have flash drive with CORE image and 500gb Crucial USB 3 SSD.

Plan to start with TS-253A and run it for a month or so to make sure there are no issues (random reboots, crashes. etc.)

Then migrate TS-453A, which is basically the exact same hardware.
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin »

elvisimprsntr wrote: Tue May 04, 2021 5:34 pm I’ve run both TrueNAS CORE and SCALE as VM. Have flash drive with CORE image and 500gb Crucial USB 3 SSD.
wait, should we be using core or scale? i heard core is freebsd and scale linux (with stuff like docker container apps which is neat)
https://www.youtube.com/watch?v=fFnLJPMLY0Y

is it stable in 2021? :'

*update

nm it's not :( (but quts hero does run on zfs linux and has dockers :' )
https://www.youtube.com/watch?v=u2frzvl8yL8

so core it is because it's rock solid stable :)
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
Trexx
Ask me anything
Posts: 5393
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx »

Moogle Stiltzkin wrote: wait, should we be using core or scale? i heard core is freebsd and scale linux (with stuff like docker container apps which is neat)
https://www.youtube.com/watch?v=fFnLJPMLY0Y

is it stable in 2021? :'

*update

nm it's not :( (but quts hero does run on zfs linux and has dockers :' )
https://www.youtube.com/watch?v=u2frzvl8yL8

so core it is because it's rock solid stable :)
<insert smart@ss comment about QTS stability>

In terms of HW compatibility, more likely to get that with Scale as it is Debian based so will have much broader HW support.

Is it production ready, no but it is targeted to hit beta in June (so 1 month away).

There are too many things I want in scale, and I don’t know if I can migrate from core to scale later (post deployment) without major headaches.

From what the release notes read from the latest 04 release sounds like base functionality is pretty stable as well as KVM/Docker.

Not all functionality is fully baked in the GUI, but that is ok. Good excuse to learn more Linux CLI :)


Sent from my iPad using Tapatalk
Paul

Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350

Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin »

In terms of HW compatibility, more likely to get that with Scale as it is Debian based so will have much broader HW support.
noted.




*update

so i managed to get the items on sale after all :D

this is what i ordered
Kingston DataTraveler 100 G3 DT100G3 USB 3.0 Flash Drive Pendrive (32GB)

Kingston A2000 NVMe PCIe Gen 3x4 M.2 2280 Internal Solid State Drives SSD 500GB

ORICO M.2 SSD Enclosure USB-C Gen2 10Gbps PCIe SSD Case M2 SATA NVME NGFF 5Gbps SSD Enclosure for M.2 NVME

Adapter USB 3.0 male to female type-C OTG USB3.0 A Adapter USB C Converter for Macbook

for pricing i managed to get the A2000 500gb for a decent price, so i didn't bother with the m.2 sata option. 1tb also had a good deal but i'm fine with 500gb.

the external m.2 case is a type c..... i needed type a.... so i figured using a convertor would suffice to solve that issue i hope.



anyway once it arrives i'll try test it with the ts-509 pro first (and if there are issues it won't be that big a deal on this old model). the ts-653a has firmware 4.5.3.1652 build 20210428, so don't need an alternative OS for it just yet.

not expecting any performance miracles. only just want a secure os that is maintained to replace qts for an eol model and is stable.

the ts-509 pro only has a VGA output ... so gonna have to find that cable :'

i'll create a new thread this project of mine.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
Cbrad01
Know my way around
Posts: 245
Joined: Fri Jan 15, 2016 9:17 pm

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Cbrad01 »

As some people rush to switch to different platforms remember this. Regardless of what platform/ OS you run, your system should never be exposed to the internet! Any services that you do share outside your network should be protected by VPN, strong passwords, regular patching and updates, and other best practices to prevent attacks.

I am not making excuses for QNAP but people should not think that they can switch platforms and everything is solved.

My QNAP would be considered insure for ease of end user access, but my network sits behind a Unifi routers and SonicWalls. Only traffic that I approve passes and it is a pain in the ** to keep updated.

Good security is in opposition to ease of use. Far to many people fall for the marketing hype and ignore security. Don’t switch platforms and think you are safe…


Sent from my iPhone using Tapatalk
User avatar
Trexx
Ask me anything
Posts: 5393
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx »

Agreed….good security also starts with good professional coding.

As you said there is no easy button for good security. Layers in depth is the key.


Sent from my iPhone using Tapatalk
Paul

Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350

Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
elvisimprsntr

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

Installed TrueNAS CORE on my TS-253A!

I just have to get TimeMachine ACLs figured out and I can ditch QTS!
elvisimprsntr

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

Excommunicated QNAP QTS from my home!

Installed TrueNAS CORE on both units.

I couldn’t be more pleased.

Time to celebrate
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin »

hope you will remain with the community at least :( who will i ask for help for from time to time otherwise? *sob sob
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
elvisimprsntr

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

Moogle Stiltzkin wrote:hope you will remain with the community at least :( who will i ask for help for from time to time otherwise? *sob sob
I’ve already registered at TrueNAS forums, but will likely read QNAP forums from time to time just to remind me what a great decision it was to switch to TrueNAS.
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin »

kewl. well if they do a major revamp to something you like, you can always come back. you got half your foot in the door so to speak :D

i'll be here in nas purgatory where i can dabble in both 8) qts is my primary for now. hopefully i can use quts hero in future.... :(
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by jaysona »

jaysona wrote: Thu Apr 29, 2021 8:16 am ....

Initial thoughts of the AS6604T, omg, it's what a NAS should be and the hard disks actually spin down! I forgot how quiet a NAS can actually be. :D :geek:
I generally do not like to quote myself, I think it is poor form, however in the context of ditching QNAP and going to Asustor, I felt it was appropriate.

In the last 14 months, QNAP has continued to circle the drain, and sadly Asustor has started to follow suit. The last few updates of ADM have left me *SMH* :x

I more than ever now feel that the only real alternative for a decent CPU powered (x86 Celeron J4125 and up) QNAP is TrueNAS Scale and OMV for those select NAS models that are best supported by OMV.

Sadly, this means a lot of reading and note taking prior to purchasing a NAS and then decide which alternate OS to install on the newly purchased NAS.
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
Post Reply

Return to “Users' Corner”