TLG James posted:Logged onto my Synology today. Noticed my Logs, I had over 10000 failed attempts at trying to ssh into my RAID in the last few days. Why is your firewall letting port 22 in? I guess if you absolutely must be able to ssh in, try a non standard port. You will definitely get port scanners probing it still, but I've noticed a lot fewer failed login attempts by using a different port. fletcher fucked around with this message at 04:43 on Mar 20, 2013 |
|
# ? Mar 20, 2013 04:41 |
|
|
# ? May 28, 2024 15:04 |
|
fletcher posted:Why is your firewall letting port 22 in? I guess if you absolutely must be able to ssh in, try a non standard port. You will definitely get port scanners probing it still, but I've noticed a lot fewer failed login attempts by using a different port.
|
# ? Mar 20, 2013 04:53 |
|
adorai posted:if you keep up on your patches and aren't using passwords which are weak to brute force techniques, who cares is ssh on 22 allowed? What's wrong with the minor inconvenience of moving it, if only to clean up logs
|
# ? Mar 20, 2013 06:56 |
|
adorai posted:if you keep up on your patches and aren't using passwords which are weak to brute force techniques, who cares is ssh on 22 allowed?
|
# ? Mar 20, 2013 07:02 |
adorai posted:if you keep up on your patches and aren't using passwords which are weak to brute force techniques, who cares is ssh on 22 allowed? Because I like to type sudo lastb and see there is nothing in there. poo poo happens, it's always good to have several layers of protective measures. For example, requiring a VPN connection in order to even see machines behind your firewall.
|
|
# ? Mar 20, 2013 07:12 |
|
Changing the port is just security through obscurity which blah blah we've all heard why this isn't an acceptable solution. You'd be best just making sure you have password authentication off, use key authentication, make sure you have the latest updates at all times and make sure root can not log in. VPN would be the best solution but isn't always an option. Edit: Also, firewall that poo poo so only known IP addresses can SSH into it. Sure, spoofing will get around that but spoofing is more difficult to get around than a port scan. IT Guy fucked around with this message at 14:33 on Mar 20, 2013 |
# ? Mar 20, 2013 14:30 |
|
IT Guy posted:Changing the port is just security through obscurity which blah blah we've all heard why this isn't an acceptable solution. Security by obscurity is fine so long as it's only part of your security plan. If obscurity is literally the only thing keeping you from being hacked then yes it's a problem. Whitelisting IPs for logins only works if you know you're only going to be logging in from work or something. Much better to just use an intrusion prevention system like fail2ban to lock the service down. Also, using "vpn" has no guarantee of giving you any extra security, it will make it more obscure however since the other party will need to figure out which protocol you're using before he can attack you. SSH tunneling is a perfectly valid way to implement vpn after all.
|
# ? Mar 20, 2013 17:24 |
|
I apologize if this is a really dumb question. I'm going to be getting a NAS device and was just curious. I have 3 2TB drives right now with data on them. Can I copy everything on those to a 4th 2TB, stick the 3 drives in the device, let it build and then copy the information to the NAS then stick the 4th drive in there to add it?
|
# ? Mar 20, 2013 21:38 |
|
Irritated Goat posted:I apologize if this is a really dumb question. I'm going to be getting a NAS device and was just curious. I have 3 2TB drives right now with data on them. Can I copy everything on those to a 4th 2TB, stick the 3 drives in the device, let it build and then copy the information to the NAS then stick the 4th drive in there to add it? As long as you are using a setup that allows expandable volumes.
|
# ? Mar 20, 2013 21:44 |
|
Irritated Goat posted:I apologize if this is a really dumb question. I'm going to be getting a NAS device and was just curious. I have 3 2TB drives right now with data on them. Can I copy everything on those to a 4th 2TB, stick the 3 drives in the device, let it build and then copy the information to the NAS then stick the 4th drive in there to add it? As far as I understand swap/resilver shenanigans with ZFS (example) you can create a 4-drive raid-z1 or -z2 on the 3 cleaned drives, copy from the 4th with your data onto the raid in degraded state (as one drive is missing), clear the 4th drive and add it to the raid and resilver for a full raid with 4 drives. There might be a 4th drive required for creating the 4-drive raid required that is not your 4th drive with the data on it, I guess. Or borrow another 2TB drive from someone and directly create a 4-drive raid on your 3+1 drives
|
# ? Mar 20, 2013 22:16 |
|
yomisei posted:As far as I understand swap/resilver shenanigans with ZFS (example) you can create a 4-drive raid-z1 or -z2 on the 3 cleaned drives, copy from the 4th with your data onto the raid in degraded state (as one drive is missing), clear the 4th drive and add it to the raid and resilver for a full raid with 4 drives. There might be a 4th drive required for creating the 4-drive raid required that is not your 4th drive with the data on it, I guess. Don Lapre posted:As long as you are using a setup that allows expandable volumes. It'd be a device from Synology or QNAP so I'm not quite sure how that would work but this does give me some ideas to go on.
|
# ? Mar 20, 2013 22:20 |
|
Irritated Goat posted:It'd be a device from Synology or QNAP so I'm not quite sure how that would work but this does give me some ideas to go on. That's what I did with my Synology, only I had three drives total. I moved everything to one drive, put two in to build the array, copied it over, then added the third drive to the array. It took most of a day to add the third drive, but it worked just fine. Provided you're using their RAID type, which IS expandable.
|
# ? Mar 20, 2013 22:31 |
|
Irritated Goat posted:It'd be a device from Synology or QNAP so I'm not quite sure how that would work but this does give me some ideas to go on. Yea, that would work fine then. If a synology just use their hybridraid.
|
# ? Mar 20, 2013 22:32 |
|
So I picked up one of these StarTech 3.5" drive things, as discussed earlier in the thread: http://www.amazon.com/exec/obidos/ASIN/B005JFU16E/thewire0f-20 Works like a goddamn charm. Much better than the now-dead Thermaltake BlacX it replaces.
|
# ? Mar 22, 2013 15:52 |
|
So as I approach closer and closer to finally committing to this project and buying some gear, I have a question. I've been hearing alot about how some raid cards can't handle 3tb drives. Its been my idea all along to use 3tb drives. Does my proposed setup up a Sempron-based CPU and UnRAID still work with 3tb drives? Is there something else I should know/do, some special kind of card that handles them well?
|
# ? Mar 22, 2013 18:12 |
|
For most controllers, the only issue with 3TB drives is trying to boot off of them - which you shouldn't be in your situation. The only other issue are the occasional older controller (like my LSI 1064s - which is a fairly old card) that can't handle drives over 2TB at all. The newer-generation LSI chipset on the IBM m1015, and as far as I know all reasonably modern on-board chipsets, handle 3TB drives fine.
|
# ? Mar 22, 2013 18:19 |
|
Thank you sir. Definitely not gonna be booting off a 3tb!
|
# ? Mar 22, 2013 19:02 |
|
Don Lapre posted:Yea, that would work fine then. If a synology just use their hybridraid. For all the praise ZFS gets in this thread, SHR seems quite nice, at least at first glance. Does it have some non-obvious Achilles heel that I'm not seeing for why it doesn't get more praise in this thread?
|
# ? Mar 23, 2013 01:50 |
|
Sub Rosa posted:For all the praise ZFS gets in this thread, SHR seems quite nice, at least at first glance. Does it have some non-obvious Achilles heel that I'm not seeing for why it doesn't get more praise in this thread?
|
# ? Mar 23, 2013 03:32 |
|
Also if your Synology dies you need to buy another to read the data. ZFS can be read in any PC that can run FreeBSD/Linux/Solaris (assuming the pool version isn't newer).
|
# ? Mar 23, 2013 04:08 |
|
I paid $380 for my DS413j Synology. I can't say I have any complaints at all about it. It's 1.6Ghz with 512MB of ram. It's not going to do a whole lot else other than host files. The biggest draw, and the thing I like most about it still, is the software is really nice. I have my 3 year old Asrock 330 ION for processing files, it's just a duel core Atom, but it's still faster. Another reason I like this combo, the entire thing when running full tilt draws about 50-60 watts of power. A very nice thing for something I intend to leave on all the time. I did the math using a Kill-a-watt and week long averages. It was cheaper to buy a nettop PC to do my downloading/serving at the time, then to leave my power hungry gaming desktop on for a year and a half.
|
# ? Mar 23, 2013 04:08 |
|
PirateDentist posted:I paid $380 for my DS413j Synology. I can't say I have any complaints at all about it. It's 1.6Ghz with 512MB of ram. It's not going to do a whole lot else other than host files. The biggest draw, and the thing I like most about it still, is the software is really nice. The 413j is plenty fast enough to do sickbeard and sabnzbd as well.
|
# ? Mar 23, 2013 04:37 |
|
DrDork posted:Price and performance of the Synology lineup is a big factor. Synology devices are a lot more expensive, especially for anything above 2 drives, while being slower than DIY solution: a DS413 is about $500 with a 1.06GHz CPU. A N54L on the other hand, runs $380 and packs a 2.2GHz CPU. Ninja Rope posted:Also if your Synology dies you need to buy another to read the data.
|
# ? Mar 23, 2013 05:49 |
|
Don Lapre posted:The 413j is plenty fast enough to do sickbeard and sabnzbd as well. It is, I supposed I meant to say I personally don't need it to do much more than serve files. I phrased that poorly.
|
# ? Mar 23, 2013 06:15 |
|
Sub Rosa posted:I thought that under the hood it just using various Raid5/6 and mdadm could be used to recover data no sweat if a Synology died? Oh, maybe I'm wrong but I think SHR is their own thing whereas the RAID0-6 are standard md.
|
# ? Mar 23, 2013 06:27 |
|
Ninja Rope posted:Oh, maybe I'm wrong but I think SHR is their own thing whereas the RAID0-6 are standard md. I'd be happy for someone to correct me, but my understanding is, given the following example is this is actually under the hood four Raid5 arrays (or three Raid5/one Raid1?), and it would be possible to get mdadm to parse it as such. SHR with 2-disk redundancy is the same but Raid6. To be clear, I'm more asking if this is the case than telling you this is the case. Sub Rosa fucked around with this message at 07:09 on Mar 23, 2013 |
# ? Mar 23, 2013 07:01 |
|
DrDork posted:Price and performance of the Synology lineup is a big factor. Synology devices are a lot more expensive, especially for anything above 2 drives, while being slower than DIY solution: a DS413 is about $500 with a 1.06GHz CPU. A N54L on the other hand, runs $380 and packs a 2.2GHz CPU. If you want 8 or more drives, you're talking over $1000 for a Synology. Don't get me wrong, they're nice boxes and all, but you're primarily paying for the convenience of having it "ready to go" and being able to pick up the phone and call someone when something goes wrong or doesn't work right. The Mhz myth is alive and well it seems. You can not compare the cpus in the consumer synology units with those in the HP microserver just by their clockspeeds as they have completely different architectures. The N54L in the microserver is closer to 5-10[1] times faster than the cpus found in the 4 bay consumer synology units. [1]According to coremark the Marvell 88F6282 at 2Ghz (clocked at only 1.6 in the DS413j) is about as fast as an atom N270 and passmark puts the N54L at 10 times faster than that. I have no idea how fast the PPC Freescale P1022 chips are but I'll just assume they're twice as fast as the Marvells. Even the D2700s in the buisness models are technically slower than the N40L (but not by much).
|
# ? Mar 23, 2013 07:36 |
|
Sub Rosa posted:For all the praise ZFS gets in this thread, SHR seems quite nice, at least at first glance. Does it have some non-obvious Achilles heel that I'm not seeing for why it doesn't get more praise in this thread? It's not free in any sense of the word and it's tied to their hardware.
|
# ? Mar 23, 2013 07:46 |
|
Longinus00 posted:The Mhz myth is alive and well it seems. You can not compare the cpus in the consumer synology units with those in the HP microserver just by their clockspeeds as they have completely different architectures. The N54L in the microserver is closer to 5-10[1] times faster than the cpus found in the 4 bay consumer synology units.
|
# ? Mar 23, 2013 08:29 |
|
So I'm reading the N40L supports port multipliers if you flash the hacked BIOS. Has anyone added an external enclosure using the eSATA port? I'm curious how much of a negative impact might be had with those disks having to share the pipe, but it seems a great way to expand the number of disks a MicroServer has access to.
|
# ? Mar 25, 2013 07:21 |
|
Sub Rosa posted:it seems a great way to expand the number of disks a MicroServer has access to. Do you really, REALLY need more than 7? :P
|
# ? Mar 25, 2013 07:23 |
|
tarepanda posted:Do you really, REALLY need more than 7? :P A support group for data hoarders might be needed. The first step on the road to recovery is keeping the data to 7 disks or less.
|
# ? Mar 25, 2013 09:08 |
|
Sub Rosa posted:So I'm reading the N40L supports port multipliers if you flash the hacked BIOS. Has anyone added an external enclosure using the eSATA port? I'm curious how much of a negative impact might be had with those disks having to share the pipe, but it seems a great way to expand the number of disks a MicroServer has access to. I've seen people talk about doing it but not sure anyone has, nor the performance hit. My favourite way of unnecessarily stuffing the N40L with an unreasonable number of drives is this though: http://www.scan.co.uk/products/icy-dock-mb996sp-6sb-6-sata-hot-swap-525-bay-backplane-raid-cage 6 2.5" drives in a single 5.25 slot. So cute! On a similar note, I treated my N40L to one of these: http://www.scan.co.uk/products/akasa-lokstor-m51-525-mobile-rack-for-25-and-35-sata-hdd-with-two-usb30-pass-through It's a bit pricier than similar products - I paid the premium to get USB3. Then I realised that the USB header plug it comes with is too tall to fit the tiny space where my PCIe USB3 card plugs in. Not sure whether to solder together a low profile extension or take a knife to the plug... Also, I've been running Snapraid with aufs pooling for a little while now. I can heartily recommend it for a media server setup. It's entirely transparent (the drives are all accessible as individual devices as well as an aufs pool, you can pull any drive and read its contents directly), very flexible and seems to perform well. It's not an appropriate setup where a lot of misson-critical data is being written constantly but a wonderful solution for a large amount of rarely changed files.
|
# ? Mar 25, 2013 11:10 |
|
DashingGentleman posted:I've seen people talk about doing it but not sure anyone has, nor the performance hit. Wouldn't packing 6 2.5" platter drives in an area that small cause a lot of heat buildup?
|
# ? Mar 25, 2013 12:39 |
2.5" drives generate less heat, but if that's your worry you can replace the 40mm fan at the back with a fan that moves up to 50 CFM.
|
|
# ? Mar 25, 2013 13:21 |
|
So now that FreeNAS 8.3.1 is released, I've been looking into the encryption on one of my colocated servers. They mention in the documentation that if the processor supports hardware encryption that you wouldn't notice any performance issues. Does anyone know if the N54L is compatible or where to find a list for something like that?
|
# ? Mar 25, 2013 14:06 |
|
IT Guy posted:So now that FreeNAS 8.3.1 is released, I've been looking into the encryption on one of my colocated servers. They mention in the documentation that if the processor supports hardware encryption that you wouldn't notice any performance issues. Does anyone know if the N54L is compatible or where to find a list for something like that? According to wikipedia the Turion doesn't support AES NI, just newer/more powerful Bulldozer or Piledriver ones have it.
|
# ? Mar 25, 2013 14:34 |
ZFS uses 128-256 bit AES CCM/GCM encryption (according to this) and the Turion™ II Neo N54L doesn't support AES at all (according to this). EDIT: Added sources. Also beaten without having realized it. BlankSystemDaemon fucked around with this message at 14:45 on Mar 25, 2013 |
|
# ? Mar 25, 2013 14:34 |
|
Awesome, thanks. I guess I'll leave the encryption off for now.
|
# ? Mar 25, 2013 15:23 |
|
|
# ? May 28, 2024 15:04 |
|
DashingGentleman posted:I've seen people talk about doing it but not sure anyone has, nor the performance hit. You've piqued my interest with this Snapraid. It sounds very much like something that would suit my needs (my intention is a media archive). If you set this up, windows machines can read the partition as one huge drive?
|
# ? Mar 25, 2013 18:07 |