Help setting up FreeNAS w/backups

[Ouroboros]

I am planning to buy a FreeNAS machine and my brother will buy one as well. The plan is to back-up our stuff on each other's FreeNAS machines so that if one of our houses burns down or whatever, we have a full copy of our data off-site. We each plan to buy 8 3TB drives, and put 4 in our own machine and 4 in the other's machine.

My question is, what kind of VDEV set-up and RAID level should we use? And how do we sync our local storage with the off-site storage? Furthermore, is there a way to enable encryption only in the remote machine without affecting performance on the local machine (while maintaining "incremental back-up" so we're not sending our whole filesystem over the internet every time we back-up)?

We do plan to buy processors with AES-NI, but we're not sure how punishing encryption would be even with AES-NI. We also prefer to use our 4 drives in a RAID-10 situation rather than RAID-Z2, because RAID-10 is faster and we're okay with the (small) risk that two disks fail in the same mirror, since we can always fall back on the off-site backups, so it would take the failure of a minimum of 4 disks (and up to 6) before complete data loss. We're also considering downsizing to 7 drives each, and have the off-site storage be RAID-Z1 (with 3 drives) instead, since the performance doesn't matter, does that make sense?

 

[ser_rhaegar]

Assuming you're using gigabit Ethernet, why not setup both sites with an 8 drive raidz2 (not optimal I know) and encrypt the entire thing.

I doubt you'll see any speed difference due to the gigabit bottleneck and you get an extra 6TB of space out of the deal on both sides.

With aes-ni you won't see a difference encrypting the drives either on gigabit.

Then split your pools into two root datasets. Dataset for you and a dataset for your brother. Then create sub datasets in your local pool/yourrootdataset. Then you can replicate recursively your local root dataset to the remote dataset.


Example layout of both boxes:
Tank/brothera
Tank/brothera/Media
Tank/brothera/somestuff
Tank/brotherb/
Tank/brotherb/Downloads
Tank/brotherb/Media

 

[Nick2253]

If you want to use RAID10 and not RAIDZ2, I would recommend you not use FreeNAS. FreeNAS is based around the fact that you are using ZFS. And you shouldn't be using ZFS unless the OS has direct access to the HDDs (in other words, not in a RAID configuration).

Unless you guys are doing crazy stuff with your data usage, you are going to saturate your 1GB link before you max out your HDD read/write speed, even with RAIDZ2. In other words, I strongly recommend RAIDZ2 :).

As far a syncing the data is concerned: you'll want to connect your two LANs with VPN. At least, that's the easiest way I think to go about it. Maybe you want to investigate the pfSense project (a BSD firewall, and a killer one at that). That would make doing a VPN a piece of cake.

Once VPNed together, you could rysnc the data between the two machines: http://doc.freenas.org/index.php/Rsync_Tasks Or you could use ZFS replication: http://docs.oracle.com/cd/E17952_01/refman-5.0-en/ha-zfs-config.html

Lot's of options to do this :)

 

[anodos]

RAID10 is fine if you set it up from the FreeNAS GUI [where we're talking about mirrored and striped vdevs]. RAIDZ2 is definitely a better option than RAIDZ1. I wouldn't even consider RAIDZ1 if you have large disks. I prefer RAID10 because of shorter rebuild times when a drive fails, but RAIDZ2 can be cheaper to implement depending on number of disks.

For backups, I think using SSH with dynamic DNS and port forwarding is a lot less complicated than setting up and maintaining a VPN. Just make sure you at the minimum you configure ssh for key-based authentication.

 

[Nick2253]

Direct SSH access may be less complicated, but it's much riskier. Doing VPN presents much fewer risks, and has the added benefit that you can connect your two networks together. I've seen one too many botched direct-access setups to recommend it any more. Doing site-to-site VPN is really not that much harder than doing SSH correctly.