I've always used ZFS because it's vastly superior to other options. When I see storage companies building without fault tolerance, or without a merkle tree (so that you can backup deltas efficiently without having to recompute them) it's a sign their marketing team has more influence over the company than their engineers.
Sadly, the few ZFS COTS options have been somewhat underpowered. QNAP supports ZFS filesystems, but their backup configuration won't let you arrange for a nas to pull from the source (instead of the source doing a push.) You can still pull it off by scheduling your own cron job, but this somewhat defeats the purpose of paying extra for a vendor solution.
UBNT is still supporting my 15 year old edgerouters with security updates, and their interface is clean and usable for anyone with basic network experience. And their video surveillance solutions are unusual in that they allow you to keep your footage entirely onsite and offline, an uncommon level of privacy. If they can bring the same polish to their storage solutions, I'll be using these new products for a long time.
One week ago 3 guys broke into my shop while I was traveling. They had sense enough to power down the starlink that was providing internet which would have taken out all of the remote camera options.
They did not realize that almost everything they were doing was being recorded via the unifi system. In the end about the only thing of value left in the building was the hard drive with all of their pictures on it.
The police have used the footage to identify all of them and it will be pretty open and shut when they see a court room. Offline and air gapped the whole time they were there but did exactly what it was installed to do.
Open-source NVR software like Frigate can do things like the object-detection/license plate/face recognition game on local hardware, with the cheapest available IP cameras. It's just a program that runs on a computer with a network and some storage and some processing ability like a GPU.
Those cheap cameras don't have to be trusted; with things like VLANs, they can hang out on the Group W bench where they have no access to anything important or the outside world. :)
(But yeah, it does represent much more of a DIY effort than something from UBNT does.)
I'm guessing you're thinking Reolink or other Chinese ultra-commodity cam. It's fine, it's just in a different product class and ecosystem - and that's where enterprises fit in, they want that support+ecosystem and not DIYing.
Reolink CX820 8MP $129 https://reolink.com/product/cx820/
Unifi G6 8MP ~$300 https://techspecs.ui.com/unifi/physical-security/uvc-g6-dome...
Avigilon H6A 8MP ~$1200 https://www.avigilon.com/security-cameras/h6a-dome
I do that with my Unifi Protect doorbell. RTSP streams. Google Coral. Frigate. Scales very well. Do ML on low quality stream. Look/save the high quality stream. You do it all centralized, and you can put the camera(s) on a seperate VLAN. They don't even need internet access. If you run them over PoE twisted pair, the attacker would need physical access to perform MITM. Wireless, one should assume the camera is insecure (e.g. KRACK).
The purpose of my comment had only been pointing out those features don't come onboard a $100 cam.
I think they're definitely not Avigilon, Genetec, Verkada, but we run a few hundred UI cams in some edge areas. It works, esp if you don't demand orchestration.
What's the comparison at $50-100?
(Seemingly rolled back recently, but a roll back can be easily rolled back itself. I don't trust them enough to count on that not happening.)
Do they have ecc on those models? Do you have an example model on hand?
But UI just seems so ambiguous. :)
They will at some point just cash out.
Once you invest thousands in network equipment or cameras you’re less likely to jump ship when they start sneaking things in. And this is long lived equipment, not the kind you anyway replace every couple of years. So that’s a relatively strong lock-in.
In my opinion, as long as the majority of their profits come from people continuing to buy the self-host devices, it is fairly unlikely they'll ever stop offering those devices. Why change a working business model?
Yes, subscription models are enticing for that recurring revenue... number must go up, right? /s
If a majority of your sales are not in subscription products though, I think it would be foolish for a business to blow off its own leg trying to chase that particular dragon.
Then again... businesses have made dumber calls in the past out of nowhere...
Does that make the rotting corpse of Twitter public again?
I've only been using Ubiquiti as a pro-sumer, but it has held up well for my use case of Plex and little game servers.
I use a Synology NAS for my storage though, which is a slightly beefier mobile AMD chipset.
I'd be very interested to know what I should and shouldn't expect from my ARM based network stack though!
1. My UDM Pro absolutely chokes and stalls with intrusion detection enabled on the firewall and 8 cameras connected. Network goes down, cameras disconnect, devices disconnect from Wi-Fi every time a car drives past a camera due to AI features triggering, etc.
For something meant for small businesses I wish they would just shove an Intel i5 or something in it. They make great switches, great APs, great everything else, just too stingy on processors on the few pieces of central equipment that people would actually be willing to spend more on.
And for a $3999 enterprise NAS with dual 25 Gbps SFP ports and 16 drives? It could surely use something more beefy than a Neoverse N2. I'd say an i7 or even i9 is warranted here.
3. The UNAS 8 I don't own but I believe it would struggle with >1Gbps links and encryption enabled
I dont mind using ARM for NAS, but (to be fair I have not looked in a while) the issue is they tend to not have many pcie lanes. Looks like the N2 can have up to 64 @pcie5 so if it's built well, I don't think the CPU will be too much of a bottleneck.
Hell I'll put it out there - some company should make a NAS-specific ARM chip line to make lines of way less expensive (well pre the current troubles) base NAS enclosures with lots of NVMe etc.
It's even underpowered for streaming -- I found Protect to be extremely laggy, taking often 30+ seconds to open the camera stream when 3-4 stream receivers were connected.
I have a udm se, 10 g3 cams, 4k bullet+ai, door entry + cam +ai, couple of the display viewports running all day and a nano hd access point and symmetric gig with intrusion etc turned on. I also have wireguard users connecting in remotely.
No problems with performance whatsoever at this point.
Ok its not enterprisy its just a small business with 20 people but seems fine to me. I run synology servers.
This is worse with the older devices.
For example: https://www.youtube.com/watch?v=p4yKf044meY
https://community.ui.com/questions/UniFi-Gateway-Intrusion-D...
Stay away from IPS and complicated firewall rules which usually are done in CPU, and you should be fine. HW acceleration for those (esp. TLS decryption) is a major reason fancy firewalls are very expensive. You're better off building an IDS or picking up a smaller FortiGate or Palo Alto firewall if you really want to get serious there.
The ENAS looks like fairly nice hardware. It even has ECC RAM. Not cheap, though.
Can you actually saturate the links with the spinning drives?
I've had the hardest time making my TrueNAS ZFS server fast when it was filled with HDD spinning disks. I initially also had 12 of them trying to get maximum speed. I have 128GB RAM and a 10G ethernet connection. I tried all types of optimizations like L2ARC via NVMe, etc, and it wasn't very effective and just too much time spent tweaking and testing.
Instead I just threw up my hands and replaced all the spinning disks with NVMe drives for the data I actually shared (8x 4TB NVMe drives.) And now it very usable and no need for LRArc, etc. Random or streaming access is equally fast.
Best choice I made. Now I did do this over a year ago so I skipped the NVMe price inflation.
I still keep 4 spinning disks but it is for archival data that I expect to never access unless something bad happens. It is slow and I use it like a tape drive.
I got a 10G ethernet network card for my NAS only to realize it has to overlap with my modem's supported bandwidths (IIRC 2.5G, 5G).
Knowing nothing about the space, I had assumed it would use max(node1, node2), but instead it negotiated a 1G link. So it was faster to use the mobo's built-in 2.5G port.
Honestly, outside of random access/small file access, my primary NVMe ZFS server isn't all that much faster in raw throughput - despite being 22x NVMe drives going direct to the CPU instead of 8 HDDs going through a SATA controller. I think it's easier to hit other bottlenecks with ZFS/network transfers well before the disk throughput itself. E.g., enabling jumbo frames for NFS did still give me a decent perf/efficiency bonus.
There can easily be a bottleneck depending on how the setup the sata/sas, but if you can get sustained sequential reads or writes, 16x drives at 6 Gbps sata should be able to saturate 2x 25 Gbps ethernet. The store link shows two expansion ports as well which should help get bandwidth to the point where 25 Gbps is useful.
Less likely with random reads/writes or mixed use.
https://www.fs.com/c/25g-sfp28-3215
But no, spinning disks won't saturate it, even if you were doing 100% sequential reads.
(I originally said fill it with NVMe - I was wrong)
Looking at the specs: https://store.ui.com/us/en/category/network-storage/products...
Hard Drive Capacity
(16) 2.5/3.5" HDD / SSD support
(2) M.2 NVMe SSD support
(2) Expansion ports support
I think you're right we only get two SSDs on NVME as the cache, but it looks like we can run the rest (16) as SATA SSDs, which is often fine if you primarily care about random IOPS and capacity over pure throughput.
Would you consider that a dealbreaker?
$3999
https://www.bhphotovideo.com/c/product/1618911-REG/synology_...
Edit: Drives are not included :(
(Not that you need that much for canceling streaming, I’d get a home Synology or diy TrueNAS for that anyway)
EDIT oof yeah that’s pretty horrible, I take back my Synology recc. Looks like it’s partly model-based restrictions. That’s a shame, they were nice as relatively low maintenance devices.
Seems like a nice, basic, affordable platform for workgroup/SME stuff. Not NetApp/Pure Storage "enterprise" grade though.
It is a large reason they can mitigate vendor risk IMHO, offering different tiers of switches as an example without being held hostage by on particular switch IC vendor like many brands.
I do wish someone would take up comstar though, netapp bought and killed several jbod lines etc… to kill it before Oracle bought Sun and also killed it to protect their enterprise storage offerings.
NVMe-oF may be a possibility because there are FPGA IP vendors but without comstar there are some challenges IMHO.
$4000 is… a lot. I can buy a used CSE-846 for about 1/4 of that, an X10–era mobo for a few hundred bucks, and have 1.5x the bays (tbf, also 4U instead of 3U). Managing ZFS is just not that hard; it’s not Ceph. If you want easy mode, throw TrueNAS on it, and you’ll get an awesome UX that abstracts away everything difficult.
If this were < $3000, I’d probably buy it. I’ve been holding off on replacing my two CSE-826 because I’ve been waiting for this to come out. Disappointing.
For that use case I recommend UNas from ugreen or the minis forum ryzen Ai stuff.
The segment UI and Synology are in are 10x more than the minisforum, beelink, qnap, cwwk type devices, but still 1/10 of the price of getting started in enterprise gear from HPe, Dell, Pure, etc.
This looks like a dig at Synology, who do this.
I'm not at all surprised that Ubiquiti is getting ahead of that and promising it from the start.
Is that correct? Looking at a common flagship model, the 4-Bay DS925+
and then the "Compatibility list" here https://www.synology.com/en-global/compatibility?search_by=d...
I see only Synology branded drives.
Synology do not make their own hard drives. They are rebadged.
https://www.guru3d.com/story/synology-reverses-policy-bannin...
>Now, with the release of DSM 7.3, Synology has quietly walked the policy back. Third-party hard drives and 2.5-inch SATA SSDs can once again be used without triggering warning messages or reduced functionality. Drives from Seagate, WD, and others will work exactly as they did before—complete with full monitoring, alerts, and storage features.
NVMe SSDs are different.
Would be nice to have a CSI, but I can probably just use democratic-csi like I already do on my homemade ZFS based storage appliance.
There ARE licensing issues related to shipping it compiled into the kernel, but you can install it as a kernel module on every mainline distro nowadays which is functionally the same from a user perspective.
As a consequence, you don't necessarily want a rolling distro, as the ZFS module can get out of sync with the kernel.
ZFS itself is build for both BSD and Linux from the same source, so there's feature parity there.
If other products are so bad like that one, I don't know what is the hype for this company.
I also have tons of other Ubiquiti gear, and honestly there's not a ton of synergy between the NAS and everything else. It's a great NAS though. And also, it's only a NAS. It's not an application server like a Synology NAS.
I just checked any my oldest TM backup for the MacBook from which I'm typing is 2023-09-14. This MacBook has a 2 TB SSD and I have the TM volume quota set to 3 TB. TM culls old backups as needed.
The TM GUI is still terrible, but you can use `tmutil listbackups` to easily access backups from the command line.
I also use Arq to B2.
Time Machine would work and work and work until one day... "Cannot write to your backup" and the whole thing would be corrupt and not even readable.
Flirted with Acronis TrueImage which was worse. Hell, even before catastrophic corruption, attempting to restore a file from a decent size catalog even over 10gbE would generally cause a beachball for minutes and then you had to be very careful to browse exactly to the location and file you wanted to restore (poking around trying to find it would inevitably totally crash the client, and even being careful sometimes would).
I ended up moving to Carbon Copy Cloner to Synology, with the Synology taking a snapshot 10 minutes before CCC starts its nightly run.
A few months in and it has been rock solid. If I want to restore I can just browse the snapshot in Synology and either copy a file directly from the Snapshot browser or mount the entire snapshot as a shared folder.
I appreciate the perspective, I definitely take backups seriously for my photography.
1/ ZFS datasets with hourly (or daily) snapshots
2/ Samba with vfs_fruit
Gives the peace of mind that even when the sparsebundle shits the bed, you can rollback to a suitable snapshot and only lose a small period of backups, rather than having to lose the entire history and start again from scratch.
(I say when, not if, through considerable experience over the last 15 years that it will always, inevitably, shit the bed.)
[1] https://kb.synology.com/en-us/DSM/tutorial/How_to_back_up_fi...
Stay away from synology.
A 2 drive anything is not replacing my existing NAS + solving my backup use case, although I appreciate the sentiment of saving money.
Since DoD/DoW generally requires STIG compliance, and none authored are for any specific Ubiquiti product, we can cross that off the list. Sure they can get exceptions or use a more generalized STIG but stakeholders generally have pre-defined limitations on what they will and will not allow on networks they sponsor.
After a long time they introduced ONVIF into their camera products which basically opened it to everyone.
The Cloud Gateway will be sold or given away. It's utter crap. I'm now building an OpenWRT container on IncusOS as my Internet gateway/router.
The switch is meh. It's easy to admin, which is nice - though I'm having to run UnifiOS on another container on said IncusOS.
The APs are fine. Decent power and the central administration with the switch is actually quite nice.
If I knew everything I know now, I wouldn't have bought any of those but they will do for now.
What needs do you have for a router that the Cloud Gateway is missing or is bad at? A PiHole equivalent is about all I can think I'm missing.
There were a few other niggles, and in the end I just found it easier to do what I need on OpenWRT.
This includes physical NICs on Linux, but the PPPoE interface has to tunnel through one of such physical NICs.
If the physical NIC has an MTU of 1500 (and can't be changed), the PPPoE NIC must do MSS clamping, effectively reducing the MTU from my network to the Internet to 1492. This increases fragmentation and overhead.
If I can increase the physical NIC's MTU to 1508 (and the ISP supports it, which mine does), then the PPPoE tunnel can use the full 1500 when talking to the Internet.
So, it's technically not _required_ but it's an improvement I should be able to implement easily (in OpenWRT I literally type 1508 on the MTU box for the NIC, or issue a single uci command).
I use it with 8 APs in a mesh and a few switches, all UI, and it just works. I also have a lot of success helping out some local SMBs by setting up UI for them.
For my personal setup, I decided to go with OPNSense and I couldn't be happier. Much more control, at the cost of being a little more hands on.
I think the best (rough) comparison here is MacOS vs Linux (or more accurately in this case, FreeBSD).
Apart from the shitty software and basic features either missing or locked behind a monthly cost, the network itself is not bad at all, I get 600-700mbps on wifi throughout the house and have my servers wired on 2.5gbe
But the one thing I really thought I was buying into by choosing an amazon brand was ease when it came to buying upgrades, and yet I ended up having to buy extra hardware (like the wired gateway) from ebay and sellers in the US as amazon does not sell their own hardware everywhere
I finally bought a Unifi and I'm very happy with it so far, 6 months in. There's a few things I haven't tried, like rebooting it while it doesn't have an internet connection (I'm looking at you, Deco!), but so far my big complaints are that it's opinionated about the initial setup, and setting up a static IP for a device that isn't connected yet is a serious PITA. I had devices on my old system that I didn't want to have to change IPs (because the computers talk to each other) and that was not easy. If I had to do it again, I'd probably just let it do what it wants and deal with changing all those configs to the new IPs.
FWIW, I just have it as a router, and my Wifi is still some of my expensive standalone Asus wifi routers acting as just access points. I didn't see a point in replacing them when they were working great as APs.
Things like "ZFS needs 1GB of RAM per 1TB of storage" and "it requires that RAM to be ECC" were once common to find online.
These sort of thing seemed to lead to widespread beliefs that it was inefficient, expensive, and fragile. None of that is true, of course, but folks might remember and believe these myths and conclude that it is (or was) bad.
(But it's pretty excellent. I've been using it for about a decade, now. It'd be nice if it fit into the Linux kernel better, but I manage anyway.)
source: used to work for a storage vendor that was marketing a NAS based on ZFS and got credible threats from Netapp to the point that we sought a partnership with Oracle that included indemnification under Oracles settlement with Netapp.
* https://www.theregister.com/off-prem/2010/09/09/oracle-and-n...
* https://www.computerworld.com/article/1585889/opinion-patent...
NetApp originally sued then-independent Sun in 2007, and Sun counter-sued.
Free/TrueNAS/iXsystems has been offering ZFS-based solutions for many years now, and I haven't heard NetApp going after them:
Maybe he was ... they do that sometimes.
I looked around a little. the C&D from Netapp was in ~July 2010 and the partnership and product with Oracle in the Fall (Around the cease fire) and we continued with that (via the Oracle Partnership) through 2011-2015 when the company ran out of cash and laid us all off.
I was just a lowly support engineer so not privy to all the legal details that the executives were dealing with. I too had to just take them at their word.
ETA: I searched a bit. Here's a link
https://www.enterprisestorageforum.com/networking/netapp-thr...
Maybe threats were enough? I certainly wouldn't want to test it myself.