Did you overread the parts of my last Post that you don't like?
Nope... I ignored it because there's no problems in that area.
1. If the microSD fails, that's why there's 2 (different app config, but the same data config) and it should happily chug along for 12 months.
2. If 1 disk fails it's ok since it's raidz2, if 2nd disk fails then there's offsite backup box + no local data loss, if 3rd disk fails there's local data loss but offsite backup... and the critical stuff will be rsync'd to 1tb External disks both locally and at the offsite, so they'll have even more copies. What's the chances of 3 brand new disks failing within 1 year given they're not Seagates? What's the chances of 5 going bad causing loss of everything except the critical stuff? What's the chances of 7 going bad losing everything? If 4 go bad, I'll buy new disks budget be damned. Also, I don't see how it's related to the microSD argument given disk failure is unrelated to using microSD for apps?
I don't think you understand the end to end solution I have in mind, which I've mentioned earlier to a degree but perhaps not been clear, and certainly didn't mention everything.
The plan is something like below:
This NAS (onsite) = VPN server for connections between sites, VPN client for "external VPN service".
- USB OS
- microSD apps
- 4 x 6Tb in RAIDZ2
- 1 x 1.5Tb external HDD (the most critical 1.5Tb portion of the stuff on the 12Tb nas storage)
- 1 x 1Tb external HDD (the most critical 1Tb portion of the stuff being backed up to the 1.5Tb drive)
Services:
- VPN client for torrent via local user/streaming from VPN server hairpin connections
- VPN server for off-site backup and streaming clients
- Printer/Fax/Scanner
- A number of small VMs (VMDKs stored on the disks, VMware on the microSD)
- Local network plex
vdev setup:
500Gb - Super Important - back up to 1.5 Tb and 1Tb
500Gb - Important - back up to 1.5 Tb and 1Tb
500Gb - Semi Important - back up to 1.5 Tb only
3Tb - Really not important - The stuff that won't be transferred across, and not backed up anywhere. First to go if RAID fails (i.e. 3 disks go bad) or site fails (i.e. house catches fire).
remaining - Not Important
Other NAS (offsite), running... haven't decided on OS, but probably Oracle Linux Server or Windows 2012 Server ("free" through my subscription) or something - E6600, 12 Gb DDR3 non-ECC = VPN client for data synching, planned to upgrade to HP MS Gen 10 next year tax time if it's out by then.
- SSD OS/apps
- 500Gb 2.5" internal - backup drive (the most critical 500Gb portion of the stuff being backed up to the 1Tb drive)
- 4 x 3Tb in RAIDZ or RAID5 (the most critical 9Tb portion of the stuff on the main array, replicated through a daily job via VPN)
- 1 x 1Tb external HDD (the most critical 1Tb portion of the stuff being replicated to the 9Tb array)
Services:
- Backup recipient
- Local network read access to backup data (no write access to files from local network, except for perhaps 1 partition)
- Printer/Fax/Scanner
- Local network plex
partition setup:
500Gb - Super Important - sync every hour from main system, back up to 1 Tb and 500Gb
500Gb - Important - sync every 12 hours from main system, back up to 1 Tb only
500Gb - Semi Important - sync once a day from main system
500Gb - Local network accessible share (thinking whether needed or not, and whether to "reverse backup" to main).
remaining - Not Important - sync once a week, pause at x:59 of each hour and resume once super important sync finishes.
A single sd card as a vdev/pool should really be no Option!
Why not?
It has apps and app config only... there's no real loss if that goes... maybe the NAS will be down while I insert the other one? No big deal... none of my storage data is at risk, which is the important part - the part that I want clean, pristine and meticulously organised manually so I can find everything and track everything.
I do the same for every one of my PCs... never back up any of the OS and "clean reinstall, clean re-setup" in case of operational failure.
3 - 4 redundancies for all "data" that cannot be downloaded from the internet (mostly kids photos and kids videos, but also includes documents such as payroll, a scan of the receipts for all the stuff I buy, financial position spreadsheet, etc).
There is cheap Hardware for running pfsense on ebay Australia for under 100$.
Firstly, I don't see anything there for under $100. The cheapest is $450, and it doesn't support enough LAN ports or have WIFI.
More importantly, will it actually do what I want it to do?
Note that I do not want any of my other PCs on the network to go through the VPN except for very specific activities (i.e. streaming US geo-locked content for example). The client PC will have split tunneling VPN configuration with these specific sites to go via the NAS out through the external VPN, whereas all other network connections will go via the router to the WAN directly.
I was planning to achieve this by having the bt service user having access to only ppp0 and nothing else, and the vpn server user having access to ppp0 and its own connection (ppp1?). The rsync user will have access to (ppp1?) and usb ports only. If I have pfSense external box, how would I manage these security requirements? I never found a way to achieve this when running the synology + custom router (Pentium 2 based box with IPCop installed, PSU has since died and I chucked the rest given its age). Also, this will be very expensive given i'd have to change my wifi modem router to bridge mode, and purchase