Hello! Should I FreeNAS?

Status
Not open for further replies.
PhiloEpisteme

PhiloEpisteme

Guru
Joined
Oct 18, 2018
Messages
969
I have long been an avid user of Google Drive, Dropbox, etc. As I grow older the amount of data I own grows and I am less excited about having all of my data in the cloud. I’ve thus starting thinking about building and maintaining my own data server at home. I’ve put some time into considering my requirements and significant time into reading about FreeNAS. I realize that there exists a certain amount of bias in even asking this question here but I ask it all the same. Given my list of requirements below, is FreeNAS a good solution from a technical point of view?


Storage

  • I’d like to start with ~10TB of space. I’d likely need that to grow in the future.
  • Roughly 2TB of that would be allocated to sensitive data such as business records, personal finances, etc. Ideally this data would not be available unless needed. I’m imagining this data living on encrypted drives (or in encrypted pools) that are only mounted when needed.
  • The remaining data is less sensitive. Think family photos etc. I would still like this data to be encrypted in case of hardware theft but to be generally available.

I’d like my data to be very secure against loss

  • 2 disk failure
  • I would like to maintain a once-weekly on-site backup to encrypted storage.
  • I would like to maintain a twice-monthly off-site backup. I would like this to be encrypted such that if I chose to use one of Amazon’s storage solutions I would be protected against someone accessing the data there.

I’d like my data to be very secure against theft

I realize that this is quite complicated and depends a lot on if and how I expose my data outside of my home network. To keep it relevant to the security of the disks themselves I take this to mean secure against theft of my hardware, likely therefore meaning encryption.

I'd like to gain more experience building and maintaining servers!


From the points listed above I guess there are a few sub-questions.
  • Is it reasonable to unmount a zfs pool when it is not in use such that the only way to access the data is to have the encryption key?
  • What about external backups? Do folks typically just use cloud solutions or are on-prem backups reasonable?
 
Jailer

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,977
Since you have your mind made up you want encryption I would STRONGLY recommend that you do a lot of reading on the forum and practice your disaster recovery BEFORE you commit any data to an encrypted pool. There have been several users over the few years I've been around that have lost their data because they were ill equipped do deal with simple things such as a drive replacement since the procedure differs slightly with an encrypted pool.
 
kdragon75

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457
PhiloEpisteme said:
I’m imagining this data living on encrypted drives (or in encrypted pools) that are only mounted when needed.
Click to expand...
I have seen several people lose EVERYTHING due to using the encryption and not understanding how important keeping the encryption keys backed up off site really is. Or just forgetting the password... I wont say you shouldn't to this just that its a great way to lock yourself out of your own data PERMANENTLY.

There are three main sides to data protection. Integrity, Security, and availability. FreeNAS does a great job with integrity, availability follows closely. The security ai almost all on you. There is a reason the many CoLo data centers have man traps.
PhiloEpisteme said:
I'd like to gain more experience building and maintaining servers!
Click to expand...
Thats great! Your business records are not a great thing to learn with. You WILL make mistakes and bad decisions. Its just part of the learning curve. The best place to start is by playing with a VM in something like virtualbox. Build a FreeNAS server in there with 6 virtual drives for storage (+1 for boot) and play with the the different options, try to mirror what you want in real life. COPY some data to it and setup shares, encryption, replication/cloud backup jobs. The best guide to all of this is the user guide
 
PhiloEpisteme

PhiloEpisteme

Guru
Joined
Oct 18, 2018
Messages
969
Thanks for the replies so far. I completely agree that starting this right off with my business data is not a good idea but it is where I'd like to end up. I currently do not have a FreeNAS machine and I do not plan on committing any of my data to a new encrypted system until I am certain that I can deal with drive replacement.
 
Jailer

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,977
For what you want to do I would look into encrypted containers for your sensitive files. It is my opinion that entire pool encryption really should be left to those who are required to do so due law/policy constraints.
 
kdragon75

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457
Jailer said:
For what you want to do I would look into encrypted containers for your sensitive files. It is my opinion that entire pool encryption really should be left to those who are required to do so due law/policy constraints.
Click to expand...
I hate HIPAA.....
 
Jailer

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,977
Status
Not open for further replies.

Similar threads

L
  • Locked
SOLVED Encryption: Is FreeNAS safe enough?
Replies
14
Views
10K
tvsjr
T
M
  • Locked
Encryption, SED vs FreeNAS built in, user intervention at reboots and updates?
2
Replies
25
Views
6K
JoshDW19
JoshDW19
robbyrob42
  • Locked
Graduating to FreeNAS
Replies
1
Views
630
BigDave
BigDave
D
  • Locked
Introducing.. me! (and my future build pending your awesome feedback)
Replies
7
Views
2K
jgreco
jgreco
J
Questions about how not to make mistakes with encryption
Replies
9
Views
2K
John Childermass
J
Top