I've always used ZFS because it's vastly superior to other options. When I see storage companies building without fault tolerance, or without a merkle tree (so that you can backup deltas efficiently without having to recompute them) it's a sign their marketing team has more influence over the company than their engineers.
Sadly, the few ZFS COTS options have been somewhat underpowered. QNAP supports ZFS filesystems, but their backup configuration won't let you arrange for a nas to pull from the source (instead of the source doing a push.) You can still pull it off by scheduling your own cron job, but this somewhat defeats the purpose of paying extra for a vendor solution.
UBNT is still supporting my 15 year old edgerouters with security updates, and their interface is clean and usable for anyone with basic network experience. And their video surveillance solutions are unusual in that they allow you to keep your footage entirely onsite and offline, an uncommon level of privacy. If they can bring the same polish to their storage solutions, I'll be using these new products for a long time.
QNAP unforgivably uses a proprietary version of ZFS with their own extensions that are not compatible with mainline OpenZFS.
It can only zfs send/receive to other QNAP devices. While your data is protected like any other ZFS system, it is _NOT_ interoperable. You can not take a zpool out of a QNAP system and access it on another system with ZFS.
I discovered this painfully the hard way, and won't buy from them again, unless I plan to wipe the software and run something open.
I think the ZFS changes were due to needing a way to allow qnap systems to expand zfs pools. The raidz expansion features in openzfs probably took too long for qnap to wait.
OpenZFS released the zpool expansion as stable last year. Hopefully QNAP is charting a path to allow their users to migrate from their fork to OpenZFS, though of course these kinds of things take time to develop. I would be really worried if they are diverging further from OpenZFS rather than converging.
Last I looked at their releases of code, they had branched from ZFS before it became OpenZFS, and had a lot of proprietary extensions beyond just the reshaping (from memory, they implemented encryption differently, as one example, and I think they had one or two checksums that I assume were because something they shipped had hardware support for it?) so I wouldn't hold out hope that their goal is to rebase on OpenZFS unless they announce something to that effect.
Nah, I doubt they're going to rebase to openzfs. There's too much divergence and I don't see them putting the time to write something that converts their zfs format to openzfs without an extremely good reason.-
> Hopefully QNAP is charting a path to allow their users to migrate from their fork to OpenZFS
This kind of migration is the stuff of nightmares. The main job of a NAS is to keep the data safe. A file system migration that works in every one of those corner cases present in the wild is statistically unlikely. The kind of bad publicity this can bring is what can sink a company. The only way I'd ever do this is by starting fresh on different storage and replicating the data.
The same is true for our AI processing on the cameras. This is entirely local and private. You can even air gap the UniFi Protect system from the Internet and it'll operate fine.
> This is entirely local and private. You can even air gap the UniFi Protect system from the Internet and it'll operate fine.
One week ago 3 guys broke into my shop while I was traveling. They had sense enough to power down the starlink that was providing internet which would have taken out all of the remote camera options.
They did not realize that almost everything they were doing was being recorded via the unifi system. In the end about the only thing of value left in the building was the hard drive with all of their pictures on it.
The police have used the footage to identify all of them and it will be pretty open and shut when they see a court room. Offline and air gapped the whole time they were there but did exactly what it was installed to do.
A 7U cabinet in an overhead space that is difficult to access. Installation and configuration were a bit of a headache but ended up being worth it. There was a NAS in the office and they stripped 7 drives, sleds and all, out of it.
I'm guessing with such an obvious endpoint for the camera storage it never occurred to anyone there was a second box. I had something like this in mind when I wired the building. It seemed like a good idea to make onsite security footage much harder to find given the cameras were obvious and anyone breaking in would probably look to damage or destroy the system.
I really thought the cameras themselves were the deterrent, but these guys gave it a shot anyway. Cutting the cable to the starlink and walking off with the NAS drives seemed to be the plan.
In the future I'm going to add a local battery backed alarm connected to external siren and strobe that is immediate on opening the office door to draw attention. I was driving down to WWDC when the starlink went offline and saw the notice on my phone but wrote it off to equipment failure which gave them enough time to clean the place out pretty well.
The hole in my strategy was thinking nothing could happen without notification, but being in a car in the middle of Norther CA with spotty cell coverage and lots of distractions blew that up pretty hard. I'm also thinking one of ubiquiti's cellular backups is in my future. Starlink offline is annoying but not the attention grabber that a still of a guy walking in the door would have been. Cellular backup would have gotten me that.
I've read through your story and I think you're on the right track with what you're doing.
But, re: alarms, I'd like to add a suggestion: Indoor sirens. They can be intolerably, painfully loud for not very much money (because piezos are cheap and square waves are easy). Using a small, random mixture of them can let them beat at different frequencies and periods, which can make them very unpleasant to behold even with hearing protection.
If you feel like being clever, you can even run them with a local battery that activates when they're disconnected. If you feel like being extra-clever, you can make them activate when they don't have the correct termination resistance at the far end of the line, or exactly the correct voltage: This way, whether the wire goes open or short, the sirens activate.
Super-extra bonus points for using a combination of methods. Any time that a thief spends figuring this out is time they aren't carrying stuff out.
And if that still seems incomplete, then: Fill the shop with smoke. They can't function when they can't even see their hand in front of their face. https://www.youtube.com/watch?v=RPgcysyFUiI
That would legitimately be horrifying - you break in somewhere, suddenly all is dark and fog spreads everywhere, then the growling begins and then you're Ewok'd from behind by a tree.
> I have found that the fog generating alarm systems are the ones that will stop burglars in their tracks.
We have one of those at our vacation home (well it's more than a vacation home: I used to live there but it's now house we use for vacation, several times a year but anyways...).
We've got that system connected to the alarm. It's amazing and the system did evolve: in the early days the fog had to be projected in the middle of the room or it'd leave traces on the walls. Now it's a fog that doesn't leave any trace anymore.
The reason it works so well it's that it means: "Now you cannot see jack shit and in a few minutes the police is going to be there".
It kicked in once: the bad people quickly left.
> If they can't see, they're not going to hang about ...
No indeed...
> and if they've tooled up with NV then that's a whole different threat model.
In my case the alarm is still there and if the company monitoring the alarm system tells the police "there are people dressed up like it's war with night-vision system", then they'll take it even more seriously.
I've had a house without my alarm on (because kid had a medical emergency and was between life and death: I left in a hurry and forgot to turn the alarm on) visited by burglars and it ain't a fun thing.
I highly recommend alarm systems that generate a fog. It's a wonderful thing.
And that fog doesn't last too long: by the time your back at your home, it's like the would-be-thieves: gone.
Better still, fill the room with the same scent they add to town gas. Anyone with an ounce of self preservation will get out of the building VERY FAST.
I'd be alarmed that they seemed to know you were going to WWDC. Like, they were tech-aware if they took the drives while you went to tech event... how did they know any of this / scout you?
> In the future I'm going to add a local battery backed alarm
Wait, you have an office full of expensive equipment but decided to half-ass DIY the security? No wonder you were targeted.
A proper monitored alarm system would have prevented this. They pretty much all have built-in cellular backup now. Do yourself a favor next time and call a professional.
Don't blow your entire budget on cameras then wonder if you need an alarm system because the only good the cameras will serve is to watch your stuff disappear. You mentioned California so expect these guys to be roaming free in short order if they see any jail time at all. Good luck with seeing any restitution or getting your stuff back.
You'd think. However, this is a rural area with a sheriffs department that has budget constraints. I know of 2 shops with monitored alarm systems that were successfully robbed over the last 5 years because by the time anyone followed up they were gone.
Your statement that "a proper monitored alarm system would have prevented this" is optimistic. I never had any particular expectation that if somewhat intelligent criminals decided to break in when no one was there that I wasn't going to lose whatever they could get at. The cameras let me document what happened and when and what was taken. If the imagery ends up having any other value that's a bonus rather than the point.
Yes sheriff's dept response times can be terrible. But someone could have been there a lot sooner, and it does put pressure on the perpetrators. I would suggest trying to find out why you were targeted, if the establishment was cased beforehand, etc. These crimes are not usually random.
Chances are, the thieves were monitoring the local dispatch over the radio (rural departments are not usually doing anything fancy) and knew exactly how long they had.
Any video surveillance system is foiled by a simple mask. Thieves who know to plan a break-in when you're away usually do their homework and come prepared.
This is why I think someone should market a cheap SIGINT tool that collects BT/BTLE/Wi-Fi data from nearby devices.
I've got this setup running on a Raspberry Pi near my front door and it collects all sorts of useful data, even from people walking by on the sidewalk, 30 feet and two walls away.
At some point, I'd love to explore vehicle emissions more, too.
Funny enough a router collecting this data near a busy enough highway can bog itself down by collecting unique Wi-Fi identifiers from all the passing cars' networks, not to mention all the hotspots on passing commuter trains.
It never occurs to router makers a static base could see a million Wi-Fi networks come and go every week.
I am unable to accept that it is fully local, since you have to bind your network to their cloud just to accept the EULA. [0] I have 0% trust that a subsequent unbind truly severs the link, because this is such a shady thing to require in the first place.
The processing can happen within the camera, and it's nice when it does...but that doesn't mean that the only other option is something cloud-based, like some might assume.
Open-source NVR software like Frigate can do things like the object-detection/license plate/face recognition game on local hardware, with the cheapest available IP cameras. It's just a program that runs on a computer with a network and some storage and some processing ability like a GPU.
Those cheap cameras don't have to be trusted; with things like VLANs, they can hang out on the Group W bench where they have no access to anything important or the outside world. :)
(But yeah, it does represent much more of a DIY effort than something from UBNT does.)
I've been so impressed with Ubiquiti that I've decided to target FreeBSD for my current side project. Their camera system is wonderful. Their DreamMachine is a massive upgrade for my home network. Their APs are rock solid, no hassle, just work, and it integrates so well. I have my work / home on different subnets. I have the kids on a different subnet and behind a firewall providing some protection against ads.
Long time ago I used these BSD-based appliances such as opnsense, beleiving I'll have it easier with their web interfaces than with editing config files in vi.
In the long run, after investing some time into learning actual BSDs I find editing a few config files much more convenient than clicking around in web interfaces.
I like unifi despite the appliance feel. I recommend using the kit that works fire you, but avoiding the temptation to stick everything in a single pane of glass. Use the wifi, don't also cram your routing and switching and firewalling into the same vendor relationship.
It's like being apple-everything. Freedom until you bump into the walls of your cell.
Unifi APs are a sweet spot of price/performance, and I have no difficulty recommending them. Ruckus hardware is better at five times the price.
UISP gear has worked very very well for me for ptp and ptmp. But that's a completely different line.
I do like the onboard AI, and it works well for entity detection (like people). We haven't found the face detection to be very reliable in outdoor security applications. There doesn't seem to be a way to correct/combine classes if someone's detected as multiple individuals on different occasions, so we end up with the same person detected as 5 "unknown"s. This is not a hard problem to solve. You'd just allow embedding matching to different face groups, but it's annoying as a user.
With face detection? License plates? Tamper protection?
I'm guessing you're thinking Reolink or other Chinese ultra-commodity cam. It's fine, it's just in a different product class and ecosystem - and that's where enterprises fit in, they want that support+ecosystem and not DIYing.
> With face detection? License plates? Tamper protection?
I do that with my Unifi Protect doorbell. RTSP streams. Google Coral. Frigate. Scales very well. Do ML on low quality stream. Look/save the high quality stream. You do it all centralized, and you can put the camera(s) on a seperate VLAN. They don't even need internet access. If you run them over PoE twisted pair, the attacker would need physical access to perform MITM. Wireless, one should assume the camera is insecure (e.g. KRACK).
(not the parent poster, but same setup): Is it better than UI Protect? No, but you can make it about the same.
I have the same popular setup (Frigate) although I just use ONNX on an 11th-gen Intel CPU instead of a Coral (unless you are trying to do something fundamentally goofy like use a Raspberry Pi as an NVR, Coral doesn't really perform better than even a several-generations-old iGPU or iNPU).
This is the typical OSS story: you can duct tape a giant leaning tower of janky stuff (Frigate + go2rtc + HomeAssistant + various connectors + some kind of VPN/proxy solution for away-from-home access) together and get something that's fairly close to the commercial solution, where you click a button. The open source solution is fun and more customizable in highly niche ways (you can bring your own image recognition models and tagging, adjust the resolution and encoding for everything in infinite detail, and so on) and the commercial solution is easy and works. Chose your path.
I will say I've liked the Frigate stack, though. I'm making some recognition tweaks for recognizing animals on my property, the software works well enough, and I do like having a really, truly on-prem solution for this specific thing.
I have rather a lot of Reolinks ... and Frigate on Home Assistant. The cameras are on a VLAN with rather minimal internet access (ie none) I make pool.ntp.org etc resolve to my own NTP servers too.
I think they're definitely not Avigilon, Genetec, Verkada, but we run a few hundred UI cams in some edge areas. It works, esp if you don't demand orchestration.
IME those sub-$100 Chinese IP cameras have you at the mercy of whatever firmware they cut from the master branch the week they shipped it. People don't buy UI because they win on specs-per-dollar. They buy it because they win on results-per-dollar.
You've clearly not owned many IP cameras, especially not outdoor cameras that go through true seasonal weather. Now, I will say that the first generation of cameras from Ubiquiti were just OK everything after the 3rd generation has been very good overall.
As others have pointed out they are supported for a long time. I have some earlier generations cameras that are going on 7 years of updates. Not only are you barely getting maybe a year of firmware updates at the $50-100 range but there's no comparison on the quality of the optics, sensor and overall hardware at that price differential.
Ubiquiti has done some shitty things over the years but Ubiquiti isn't competing against the $50-100 market. They're competing against the Axis and Panasonic quality builds. You've definitely got it backwards here.
And while, yes, you can get a decent camera from Reolink and the like at a good price it isn't surrounded by an exceptionally mature and well supported ecosystem that has yet to nickel and dime its customers with half ass SaaS and paid for features.
This comment couldn't be further from the reality of Ubiquiti's lineup in comparison.
ECC support depends on the processors that the NAS uses. A few of their NASes allow you to use ECC memory but you'd need to swap the memory installed to ECC memory. A lot of their systems use Intel cpus that don't support ECC at all so you need to carefully pick and choose.
Some do. I got the TS-873A a few years back, it works. Their software is kind of weird, and I wouldn't connect it to their cloud offering, but it does work.
The stock symbol for Ubiquiti is actually UI, not UBNT. UBNT was the symbol for the old name that hasn't been used since 2019. I have no idea why changing the name also changed the stock symbol, but shrug
Thanks, I think. I usually write UBNT because it's distinct and spelling out "Ubiquiti" hurts my soul in ways that I find difficult to properly articulate.
Ubiquiti's biggest feature is no monthly recurring cost. I really hope they continue the streak on products like this. Seems like anything else bought up these days is switched to an MRR model with no vision into the long term viability.
The founders being the erstwhile Apple routers team, I believe they are playing the Apple game — sell good quality hardware; free the software that runs the hardware.
I echo what the others say in that it's much more important to know what portions of your traffic are going to need to be processed by the CPU than it is to know how beefy the CPU is. E.g., just to give an example of the usual investigation process:
- The EdgeRouter 12P is ancient and had a weak CPU for even the time
- However, the EdgeRouter 12P has a good selection of hardware offloads for things like routing/NAT & even a hardware switch chip. These functions will often run at (or very near) line rate without touching the CPU much, and the latency/jitter/buffer handling will often be better than when even fast CPUs handle the traffic on other products.
- Buuuut there are oddball restrictions. E.g. on the newer 2.x or 3.x software streams (i.e. for the last ~5 years) hardware offload for VLAN tagged traffic on the switch does not work, and the CPU cannot switch a full 1G of traffic without choking (it gets close, but not quite). Also the hardware switch only covers a certain range of ports, some ports can only be routed or software bridged.
- Even then, if you add a bunch of advanced firewall inspection rules it's gonna run out of CPU. Quicker if it didn't have offloads for some of the work, but still easy to make it go from a solid full gigabit WAN NAT box to 100-200 mbps depending on what you enable. This can repeat for a lot of features, like VPN and so on.
As far as host networking (i.e. a server sending data out of its NIC rather than trying to be a network switch/router/firewall between segments) usually the CPU will be a limitation for other things before it's the limitation for sending things out the NIC. And a quality NIC (which these particular ones seem to be) can make that even more true in a similar, but less extreme, way as the switching/routing hardware offloads on the EdgeRouter. E.g. ZFS can be CPU heavy with all of the parity/encryption/deduplication features you can enable and trying to do that on top of using SFTP to transfer the data to a remote host in a single encrypted stream can stress the CPU even more... but this CPU also doesn't look like a typical bargain basement ARM CPU you'd find in cheaper Ubiquiti products and would probably do fine for what it has.
> I genuinely curious what bottlenecks you've hit.
1. My UDM Pro absolutely chokes and stalls with intrusion detection enabled on the firewall and 8 cameras connected. Network goes down, cameras disconnect, devices disconnect from Wi-Fi every time a car drives past a camera due to AI features triggering, etc.
For something meant for small businesses I wish they would just shove an Intel i5 or something in it. They make great switches, great APs, great everything else, just too stingy on processors on the few pieces of central equipment that people would actually be willing to spend more on.
And for a $3999 enterprise NAS with dual 25 Gbps SFP ports and 16 drives? It could surely use something more beefy than a Neoverse N2. I'd say an i7 or even i9 is warranted here.
3. The UNAS 8 I don't own but I believe it would struggle with >1Gbps links and encryption enabled
I have to agree. I only have a consumer UDM (four years old) and it's on its last legs. From day one it was using 90%+ of its RAM and hit the CPU ceiling during large file transfers. Successive updates have pushed it well beyond its limits. I have had to disable many features like VPN and IDS/IPS. I was considering upgrading to the newer Dream Router 7 but the processor is not much of an upgrade, and it only has 3GB of RAM vs my current 2GB. I don't have space for a Pro and I'm not even sure I want one. I already have an Unraid server running with more than enough compute and RAM, and I'm going to try using OPNsense. I would prefer dedicated hardware but for the cost, it's just not worth it.
1. Same here - but it's only become a problem as protect has gained features (# of cameras stayed the same). I got a UNVR Instant and all the issues went away (I have been waiting for an updated 1U NVR but still not out yet). It sucks, but otoh protect is light years better than it had been.
I dont mind using ARM for NAS, but (to be fair I have not looked in a while) the issue is they tend to not have many pcie lanes. Looks like the N2 can have up to 64 @pcie5 so if it's built well, I don't think the CPU will be too much of a bottleneck.
Hell I'll put it out there - some company should make a NAS-specific ARM chip line to make lines of way less expensive (well pre the current troubles) base NAS enclosures with lots of NVMe etc.
Unifi docs say that the AI feature run directly on the camera or via optional devices like the AI Port or AI Key. Odd that it impacts your UDM Pro and wifi.
I'm sure even if the camera runs the neural net, the detection itself triggers clips to be stored, re-encoded, indexed, etc. and the UDM Pro's processor is underpowered even for this.
It's even underpowered for streaming -- I found Protect to be extremely laggy, taking often 30+ seconds to open the camera stream when 3-4 stream receivers were connected.
I have a udm se, 10 g3 cams, 4k bullet+ai, door entry + cam +ai, couple of the display viewports running all day and a nano hd access point and symmetric gig with intrusion etc turned on. I also have wireguard users connecting in remotely.
No problems with performance whatsoever at this point.
Ok its not enterprisy its just a small business with 20 people but seems fine to me. I run synology servers.
He did say intrusion detection so that's probably it. That, and if you're using any kind of complicated firewall rules, those aren't HW accelerated like enterprise gear, so throughput tanks.
Basic routing and switching - expect line speed.
Don't expect analysis features to run at line speed - 30-50% penalty could be normal depending on throughput.
Stay away from IPS and complicated firewall rules which usually are done in CPU, and you should be fine. HW acceleration for those (esp. TLS decryption) is a major reason fancy firewalls are very expensive. You're better off building an IDS or picking up a smaller FortiGate or Palo Alto firewall if you really want to get serious there.
The Cloud Key Gen 2 is underpowered depending what you do with it, and it runs hot. UniFi seriously needs to refresh it. (At least it’s better than the Gen 1. The Gen 1 was disastrously bad.)
The ENAS looks like fairly nice hardware. It even has ECC RAM. Not cheap, though.
Considering how long it has been I don't think we will ever see a Cloud Key Gen 3/3+.
Ubiquiti's Cloud Gateway Max or Fiber seems to be the modern replacement since they do the job of the Cloud Key while also serving as your router and firewall.
It says 8 Arm Neoverse N2 cores in the blog post. So not directly ARM Cortex, derived from ARM Cortex-X3 but same family as NVIDIA Grace, Google Axion and AWS Graviton4.
It's based on Neoverse N2 which in our other platforms (e.g., ENVR Core, UDM Beast, EF Core) has contributed to vast improvements in performance versus ARM Cortex.
This is how they make their money. They put out underpowered crap and constantly churn them so you have to pay them regularly. If something isn't profitable to maintain it just goes EoL.
They've been at this for a while. They do have offerings you subscribe for and pay monthly. They have also consistently offered an option for each of those offerings to bring your own or self host. They've earned my trust.
Recently they removed the option to take certain types of backup locally (for the Network app). Now it only does it to the cloud, for those who allow this. It’s these small things that make me cautiously pessimistic that long term Ubiquity won’t pull the rug from under the customers.
Once you invest thousands in network equipment or cameras you’re less likely to jump ship when they start sneaking things in. And this is long lived equipment, not the kind you anyway replace every couple of years. So that’s a relatively strong lock-in.
It's definitely where they fit now, but are Ubiquiti's goals really always going to be the cheapest option when there are already a dozen other vendors who have demonstrated how to get higher margins & subscription revenue?
The usual trend that the smaller upsets compete on cost until they get higher and higher volume and work their way into higher and higher end markets. Ubiquiti 10 years ago was mostly doing volume for small niche ISPs or prosumers at home, now it's got enormous gains in SMB & products aimed at enterprise. I don't think they'll just stop at where they are, focus will keep shifting to wherever they think they can grow to rather than where they've had success before.
They would be shooting themselves in the foot in the long term.
I was surprised to learn that Ubiquiti is a publicly traded company, but also the CEO and founder owns the mass majority of the shares, so he is not beholden by shareholders wanting to enshittify the company for the same of increased stock prices.
Sure. But all you can do, when deciding with whom to do business, is base your decision on what they have already done. It's not viable to refuse to do business with a company on the basis of "they might one day get bought by PE and introduce customer hostile changes".
At home, my "NAS" is the Linux desktop box under my desk. It's got a bunch of local drives doing ZFS things, and samba.
I could split up the functions into different boxes and build a faster LAN to connect them, but doing that wouldn't improve anything except giving me more parts to goof around with. :)
In my opinion, as long as the majority of their profits come from people continuing to buy the self-host devices, it is fairly unlikely they'll ever stop offering those devices. Why change a working business model?
Yes, subscription models are enticing for that recurring revenue... number must go up, right? /s
If a majority of your sales are not in subscription products though, I think it would be foolish for a business to blow off its own leg trying to chase that particular dragon.
Then again... businesses have made dumber calls in the past out of nowhere...
They can sell subscriptions to people who buy them and allow self contained as possible. For securities sake requiring off-site storage of a security system is a non-starter.
If you think that is bad, look into the spacex ipo. That tiny public offering is for stock that can barely vote and cannot bring shareholder actions, making them more NFTs than proper "shares" imho.
I don't believe this. They've been around since 2003, and the Unifi line started in 2010. If they were going to enshittify it would have happened by now. Cynicism is not always warranted.
That’s just patently not true for Ubiquiti. You enter the Enterprise space with them and you are paying monthly. Their very expensive Identity Enterprise monthly per user subscription and their per site support charges to be able to get help with their latest rushed release. Paying extra for Apple wallet support. And you don’t even get complete APIs in return, or proper SCIM integrations. Can’t even pull access logs via API. Infuriating company that just do not function at scale.
The biggest concern about Ubiquiti to me is still its software/infrastructure quality.
Off top of my head, besides all the UI/UX glitches:
- They once allowed a human employee to access static AWS root access key.
- Their employee once claimed "remote access" was end to end encrypted, but later people figured out they probably just meant TLS in transit.
- They had a configuration error that allowed some users to access other users' camera feeds. They corrected the error, but never explained how the hell was it even possible or if they made any architecture design change to prevent that from happening again.
Now, ZFS is nice. But even after years of iterations, I still need to do 50% of my operations via SSH on my Truenas system. I can't imagine Ubiquiti to do any better
What did you replace them with? I am starting to look into alternatives my self as I can see the noose they have around their user's neck's slowly starting to close.
> "Dual 25 Gigabit SFP28 ports and redundant power supplies for resilience"
Can you actually saturate the links with the spinning drives?
I've had the hardest time making my TrueNAS ZFS server fast when it was filled with HDD spinning disks. I initially also had 12 of them trying to get maximum speed. I have 128GB RAM and a 10G ethernet connection. I tried all types of optimizations like L2ARC via NVMe, etc, and it wasn't very effective and just too much time spent tweaking and testing.
Instead I just threw up my hands and replaced all the spinning disks with NVMe drives for the data I actually shared (8x 4TB NVMe drives.) And now it very usable and no need for LRArc, etc. Random or streaming access is equally fast.
Best choice I made. Now I did do this over a year ago so I skipped the NVMe price inflation.
I still keep 4 spinning disks but it is for archival data that I expect to never access unless something bad happens. It is slow and I use it like a tape drive.
It does have a dual NVMe cache; those in RAID-0 will saturate (e.g. I believe just one Samsung 990 Pro can write at just over 50Gbps).
The bigger risk is the CPU. This is an issue with the Ubiquiti UNAS Pro 8, their ~$800 USD 8 bay NAS. In theory it has 10gig networking. In practice the CPU physically cannot transfer bits fast enough, because its a dinky underpowered ARM CPU that they clearly chose to hit that quite affordable price point. Its a decent trade-off, because similar units from Synology are more like $1600, and you can meaningfully hit somewhere between 2.5gig and 10gig; but saturating 10gig is out of the question.
The ENAS has a beefier CPU so it might keep up with 25gig (could this do 50gig bonded?). But only testing will tell.
You can hit 10 gig aggregate on an A57 quite easily, given standard memory bandwidth (I've done it). They must be doing something stupid on the software side, like too many copies. Or if you're trying to shove 10 gig in one flow at 1500 mtu yeah that might be painful.
As I recall there were some people on reddit who got the UNAS Pro 8 up to 10gig, but yeah it was only through some level of software tweaks or network stack config or something. From the factory my understanding is that it struggles.
> Can you actually saturate the links with the spinning drives?
I can mostly saturate my toy 100gbit link with it on read (to memory, since the other side also needs to not be the problem). Just for as long as it's already in the ZFS cache (which can be huge with in the hundreds GB of ram in servers in general). Not in practice since when you hit the disks you take a massive penalty, but then again, it can be done.
I have a backup node with a 40G NIC & a ZFS pool of just 8x HDDs set up as a pool of two RAIDZ1 vdevs striped together (i.e. 4x drives in raidz1-0 & 4x drives in raidz1-1 make up the "backup" pool). Restoring full backup images to another server I usually get ~11-12 Gbps over NFS, no flash cache or anything involved.
Honestly, outside of random access/small file access, my primary NVMe ZFS server isn't all that much faster in raw throughput - despite being 22x NVMe drives going direct to the CPU instead of 8 HDDs going through a SATA controller. I think it's easier to hit other bottlenecks with ZFS/network transfers well before the disk throughput itself. E.g., enabling jumbo frames for NFS did still give me a decent perf/efficiency bonus.
> Can you actually saturate the links with the spinning drives?
There can easily be a bottleneck depending on how the setup the sata/sas, but if you can get sustained sequential reads or writes, 16x drives at 6 Gbps sata should be able to saturate 2x 25 Gbps ethernet. The store link shows two expansion ports as well which should help get bandwidth to the point where 25 Gbps is useful.
Less likely with random reads/writes or mixed use.
How did you configure the array? If you did a single RAID-Z2 say then uncached reads are limited about what a single disk will do. Writes should saturate though.
Yes I did use Raid-Z2 as I figured that was best for the 12 drives I had.
I will be honest that moving to a pure NVMe setup means I never have to read another long article about how to tweak my spinning disk setup for performance and all the tradeoffs to consider. It is honestly freeing, and just feels like discarding old baggage. I do recommend it.
That explains it. And yes, NVMe is the future. I have a small 4x 2TB NVMe array for all my Docker/VM stuff and it's so great, got them when they were dirt cheap.
Sadly it's a very costly proposition these days though, so hope they live for a few more years.
I got a 10G ethernet network card for my NAS only to realize it has to overlap with my modem's supported bandwidths (IIRC 2.5G, 5G).
Knowing nothing about the space, I had assumed it would use max(node1, node2), but instead it negotiated a 1G link. So it was faster to use the mobo's built-in 2.5G port.
I think you're right we only get two SSDs on NVME as the cache, but it looks like we can run the rest (16) as SATA SSDs, which is often fine if you primarily care about random IOPS and capacity over pure throughput.
I did end up ditching the modem since I wrote the article. I ended up using a TP-Link 8411 router though. Having everything TP-Link has its benefits for observability and maintenance.
That's still only 1/3rd of a single U.2 or a 6th or single U.3 drive... and the IOPS over SMB/NFS is significantly lower than a local drive, even with a big ethernet pipe.
with the zil/slog on nvme yes -- you would want redundant power, UPS and a raid of nvme drives but with all that in place the data would get securely written to flash media before being flushed to spinning rust.
That seems reasonable, I don't buy NAS for datacenters (just run a modest 80tb one for my home lab) but equivalent rackmount 16-bay ones from other vendors would be more expensive (maybe $5k-6k?) and with less polish.
I paid ~$4900 in October 2021 for a TrueNAS MiniXL+ with 8x14TB, 2x480G SSD (L2ARC/ZIL) and 64GB RAM, 2x10Gbps, with 3 year support direct from IxSystems. The CPU is an 8 core Intel(R) Atom(TM) CPU C3758 @ 2.20GHzStill going strong. I had drive failure and they replaced it. I had a fan failure and they replaced the fans. The price of the UI kit in 2026 seems to be reasonable.
That's without storage. They are charging $750 each for 24tb HDD's, so filling it up brings that cost to $16k. Only need to run it for 13+ years and have zero HDD failures in that time, and then pay for all the media you are going to load it up with. Not exactly sure this would be cheaper or easier than just paying for streaming services and cancelling them when you don't need them.
As a Synology owner, I would not recommend anyone to get into Synology at this point after the drive BS they pulled off. I'm planning on building myself a DIY server with Unraid instead.
The ability to mix and match drives in the main Unraid Array is of course the original feature and draw. Adding a few TB at a time for whatever leftover money I had after taxes each year is really appealing.
But they've added SSD write caching, VMs, Docker containers, a Docker "app store", and recently ZFS drive clusters (mostly for SSD storage).
It's pretty great and incredibly easy to admin. I presently have well over 125TB of mixed Unraid and ZFS cluster storage in a Fractal 7 XL. It's running around 30 containers, a handful of VMs, Tailscale and literally requires less than 20 minutes a week of system level administration (probably more like 5-10 minutes). Of course I'm spending far more than that messing with the actual apps, but that's a personal problem ;)
It gets regular updates, and I'm sure my uptime would exceed a couple of years except for reboots needed to handle the updates and the occasional power outage. You can ignore the updates of course to min-max your uptime. ZFS has been rock solid on my SSD array.
You can recreate the core array bits with a bit of effort and MergeFS and SnapRAID, add Docker, some VM host system, ZFS and a few other things and you can get Unraid "for free" with a fairly normal Linux distro, but the administrative overhead will be a bit more.
One tradeoff is that Unraid exposes a core set of features for each of these, but you could get to quite a bit more specific of a configuration if you go the regular Linux route. The Unraid devs are slowly adding more ZFS features (for example) to the regular interface, but it takes time. Some more expeditionary Unraid user attempt to use those features more or less at their risk with results reported in various forums.
I’m still on DSM 6, and just added a new unapproved drive, and it was just a click through warning. Is it much worse on the newer DSM versions?
EDIT oof yeah that’s pretty horrible, I take back my Synology recc. Looks like it’s partly model-based restrictions. That’s a shame, they were nice as relatively low maintenance devices.
First hand experience many times over: there is little more regrettable than placing Ubiquitis latest test-it-in-prod release in to an Enterprise setting.
Proxmox's record in 2025 wasn't particularly great but it's a hell of a lot better than Ubiquiti's. And before someone starts complaining that it's not a fair comparison because Ubiquiti has so many more products: they have a unified OS and management tools. They also have orders of magnitude more revenue and can afford far more in engineering resources.
I was literally looking today to see if there was any news on this, because it’s been widely assumed that they’d release it.
$4000 is… a lot. I can buy a used CSE-846 for about 1/4 of that, an X10–era mobo for a few hundred bucks, and have 1.5x the bays (tbf, also 4U instead of 3U). Managing ZFS is just not that hard; it’s not Ceph. If you want easy mode, throw TrueNAS on it, and you’ll get an awesome UX that abstracts away everything difficult.
If this were < $3000, I’d probably buy it. I’ve been holding off on replacing my two CSE-826 because I’ve been waiting for this to come out. Disappointing.
This is not a homelab replacement part. It’s enterprise with all the positive and negatives that come with that phrase. The second you start talking about old X hardware, it’s a different product class.
For that use case I recommend UNas from ugreen or the minis forum ryzen Ai stuff.
Think about the competitors - they're aiming at the Synology RackStations and similar, which are $3-5k without drives.
The segment UI and Synology are in are 10x more than the minisforum, beelink, qnap, cwwk type devices, but still 1/10 of the price of getting started in enterprise gear from HPe, Dell, Pure, etc.
Is this some xBSD or UniFi OS (debian) with ZFSoL? Can't tell from what they've written. 8C+64GB: enough for essential block+file service, but not for dedup and other demanding ZFS features. Also, doesn't appear the controller is redundant; just the power supplies. iSCSI is headlined; nice they didn't limit this to file. No mention of object store, or NVMe-oF.
Seems like a nice, basic, affordable platform for workgroup/SME stuff. Not NetApp/Pure Storage "enterprise" grade though.
They seem to follow the anti-corruption layer model for most of their offerings, so I would expect they use what ever OS is best supported by the upstream.
It is a large reason they can mitigate vendor risk IMHO, offering different tiers of switches as an example without being held hostage by on particular switch IC vendor like many brands.
I do wish someone would take up comstar though, netapp bought and killed several jbod lines etc… to kill it before Oracle bought Sun and also killed it to protect their enterprise storage offerings.
NVMe-oF may be a possibility because there are FPGA IP vendors but without comstar there are some challenges IMHO.
It's nice that they're doing this, but don't bet the farm on this product until they release a second version. Not saying I've been burned by them pulling a product and then memory-holing its existence, but, um.
Been a long time fan of Ubiquiti, and I think this product will do particularly well in small-medium businesses. Think of the local marketing firm with 40 employees. They likely have an office with Unifi networking, and they LIKELY hire an MSP to do their IT work. An MSP will easily try to sell this as their storage solution since they can manage the infrastructure with one login to the UBNT dashboard.
This is interesting, I'm not sure I fully understand how this compares to their UNAS offerings. I can't remember off the top of my head if UNAS does m.2 cache drives.
I bought the 8-bay UNAS ($799.00) but have yet to put a drive in it yet since the costs are out of control for hard drives currently. I'm still using my 2x 12-bay Synology for now.
I hope they don't abandon or lose focus of their UNAS offerings (and/or they get better) since I had planned to buy 2-3 more 8-bay UNAS units once I can afford the drives for them.
The price looks kinda rough. I built a server that stomps this for under a grand (vs their 4k). Stronger CPU, likely faster ram, optane zfs cache instead of nvme...
Admittedly my 1 grand is referenced off pre AI insanity pricing. Call it 1.5 today
Point is someone willing to roll the dicey on AMD consumer CPUs doing ECC can beat everything else out there
[for those contemplating...asus crosshair viii dark hero is where you want to start looking ) And reminder that these boards take UDIMMs not RDIMMs...do not assume suppliers understand the difference
I always forget that these things aren't for me. My immediate thought is always immediately "just build your own NAS with a vanilla Linux box and set up Samba or something because then you can make it however you want".
But of course, if I'm someone who knows how to build a NAS and is inclined to do such a thing, then I'm sort of inherently not the kind of person that would be interested in such things and not the audience they're marketing towards, which is obviously fine.
I've been a sysadmin for decades, dealt with *nix based servers since the late 90s, yet for the most part I've used devices like Synology servers, simply because I don't want to have to manage technology to that degree at home.
I've built my own NAS when my last synology died, and I'm not sure I'll build one again. I've dealt with all sorts of issues that I just haven't had to deal with with a packaged solution, and I really just want to not think about that stuff when I'm not working.
Yes, I can absolutely do it for cheaper, better, and with more flexibility myself. Doesn't mean I actually want to.
> I really just want to not think about that stuff when I'm not working.
This is my exact attitude but I don't have decades of sysadmin experience to lean on so I'm completely lost on what approach to take setting up my first NAS.
My requirements are simple: (1) Should be plug and play (hardware + software) (2) Must support ZFS since I already set up a pool in my beefy desktop PC.
What would you recommend? I've looked into Synology's offerings and they look perfect except for the fact that they don't support ZFS only Btrfs. I clicked into this thread expecting Ubiquiti's offering would be what I want, but all I see here is hardcore enterprise gear for the prosumer crowd.
What kind of issues? I just set up a very home tier NAS setup for my home server.
Got a 4 bay usb hard drive enclosure and then just set up a btrfs raid array since my drives are all different speeds and capacities. The thing is only about as fast as a single hard drive but it does pool all the storage in to one unified storage and is way faster than google drive.
Companies are also much more inclined to spend money to solve a problem while hobbyists are much more likely to get enjoyment out of the process of building. I'm firmly in the latter category, having built a rather robust ZFS array on NixOS with a pretty gnarly NVMe cache hierarchy built on LVM. It was fun to do.
I don't have the NVMe cache but I too have quite a robost ZFS array on NixOS. I feel less guilty about running it now since it is powered almost exclusively off solar in my backyard :)
i like their gear, I bought a whole bunch, but I couldn't and can't figure out how to give my wife access to their Protect app as well. It's absurd to the point where their MFA sent doesn't work when trying to authorize her - and judging by reddit posts etc I'm not the only one. Such mundane things are where UI falls apart, wrong details. Instead of giving elves resources to pack each individual rackmount screw, if they spent some more time on workflows and software, they'd be a truly great company.
I haven’t encountered this bug, but I have been frustrated that there’s no way to give a babysitter temporary access to the cameras in the kids’ rooms.
I ended up hosting a local site that embeds the RTSP feeds, which works pretty well, but I was surprised that there’s no native way to do it
It's true for HDDs. They don't maintain a list of compatible third-party HDDs, but you use them perfectly fine. No errors, drive health monitoring works, etc.
>Now, with the release of DSM 7.3, Synology has quietly walked the policy back. Third-party hard drives and 2.5-inch SATA SSDs can once again be used without triggering warning messages or reduced functionality. Drives from Seagate, WD, and others will work exactly as they did before—complete with full monitoring, alerts, and storage features.
They still require you to buy their overpriced (even by AI bubble standards) NVMe drives with zero third-party support. There is a project that adds third-party SSD support for newer Synology devices, but you need to redo it every time your NAS updates, so it's very much unsupported. Would definitely not say that they "recanted immediately".
Synology also don't (didn't?) offer a ZFS product, which is why I bought a QNAP. Restriction-free and ZFS storage. Apparently you can also completely replace the OS if you want, although I haven't tried it.
This is a marketing announcement about a new enterprise NAS product+product line.
The UNAS line from 2024 was targeted for smaller/simpler prosumer type setups (2-8 drives, no ECC, often no power redundancy, weaker CPUs, & 2.5G-10G networking) and still uses Btrfs on top of traditional RAID.
What is the current state of ZFS? I know it had some licensing issues traditionally, despite it being a delight to use every time I've tried it. Is it back?
Never went away, Linux is now the primary target platform for OpenZFS (which is basically synonymous with ZFS these days). TrueNAS/iXSystems (probably the main commercial company using ZFS) moved from FreeBSD to Linux. Major new features like pool expansion have been added after years of requests. Etc., it's a good time for ZFS on Linux.
There ARE licensing issues related to shipping it compiled into the kernel, but you can install it as a kernel module on every mainline distro nowadays which is functionally the same from a user perspective.
ZFS on Linux works great, but with most distributions, it will compile the kernel module on device upon installation. Only Ubuntu distributes binaries.
As a consequence, you don't necessarily want a rolling distro, as the ZFS module can get out of sync with the kernel.
ZFS itself is build for both BSD and Linux from the same source, so there's feature parity there.
I've been using ZFS on linux for like... 14 years now? I've migrated through centos, ubuntu, and debian during that time and the zpools never had any issues that weren't hardware related.
ZFS is my favorite filesystem. I even use it on single drives because its snapshots and online data integrity checking are so great.
I even use it on single spinning rust USB drives. Zero problems.
Ubiquiti bubble is so tiring, it is like AI bubble and Apple bubble. These people live within a bubble.
Overpriced piece of hardware that you will never own because it runs proprietary firmware, you are forced to install apps to take full advantage from those devices.
I am highly interested in this, especially if it works well with Time Machine to do backups over the network. I've got a fully 10GbE + WiFi 7 network w/ Ubiquiti gear already, would love to ditch my janky DIY NAS setup for something that is integrated with the rest and could potentially give me a better backup setup for my photography as well as enough storage to act as a media server.
I have a UNAS-Pro, which runs the same Unifi Drive software as this, and it works great for Time Machine backups. Dead simple.
I also have tons of other Ubiquiti gear, and honestly there's not a ton of synergy between the NAS and everything else. It's a great NAS though. And also, it's only a NAS. It's not an application server like a Synology NAS.
Wireless Time Machine backup works until one day, Time Machine decides to shit the bed. Do not trust it. Invest in a different backup solution if your data is at all important to you. Something like Arq or Backblaze or tarsnap.
I hear this sentiment a lot, but I've not had a problem with Time Machine in years across multiple MacBooks in my household. Backing up to TrueNAS. Unifi networking. It Just Works.
I just checked any my oldest TM backup for the MacBook from which I'm typing is 2023-09-14. This MacBook has a 2 TB SSD and I have the TM volume quota set to 3 TB. TM culls old backups as needed.
The TM GUI is still terrible, but you can use `tmutil listbackups` to easily access backups from the command line.
I've had all manner of issues, backing up via Ethernet and Wifi to FreeNAS and then to Synology. The only backups with Time Machine I had no issue with were to local USB drives.
Time Machine would work and work and work until one day... "Cannot write to your backup" and the whole thing would be corrupt and not even readable.
Flirted with Acronis TrueImage which was worse. Hell, even before catastrophic corruption, attempting to restore a file from a decent size catalog even over 10gbE would generally cause a beachball for minutes and then you had to be very careful to browse exactly to the location and file you wanted to restore (poking around trying to find it would inevitably totally crash the client, and even being careful sometimes would).
I ended up moving to Carbon Copy Cloner to Synology, with the Synology taking a snapshot 10 minutes before CCC starts its nightly run.
A few months in and it has been rock solid. If I want to restore I can just browse the snapshot in Synology and either copy a file directly from the Snapshot browser or mount the entire snapshot as a shared folder.
I use the 3-2-1 strategy for backups. I keep one copy off-site by using cloud backups, currently I primarily use Backblaze for that purpose but am considering alternatives for several reasons. I keep a second copy on an external SSD via Time Machine, and I keep one copy on-device. I'd like to use network Time Machine to get rid of the inconvenience of having a bunch of USB external SSDs floating around, especially since none of them are large enough to backup my entire drive if I get close to filling it.
I appreciate the perspective, I definitely take backups seriously for my photography.
Gives the peace of mind that even when the sparsebundle shits the bed, you can rollback to a suitable snapshot and only lose a small period of backups, rather than having to lose the entire history and start again from scratch.
(I say when, not if, through considerable experience over the last 15 years that it will always, inevitably, shit the bed.)
A 2-drive Synology (e.g. DS225+) in RAID 0 or RAID 1 works fine for this, for 90% less than this beast. Synology documented their optimal settings for Time Machine a couple years ago, too. Hope this is helpful. [1]
Or if you want something from a vendor butting running decade old hardware configs and trying to lock people into their drive ecosystem, UNas or many other options.
I already have a DIY NAS w/ 14x 14TB drives in it running ZFS on FreeBSD. It does not play nicely with Time Machine over the network though, and has some other bugbears that I've resolved to fix by migrating to Linux and running ZFS on Linux, but have never got around to doing.
A 2 drive anything is not replacing my existing NAS + solving my backup use case, although I appreciate the sentiment of saving money.
My experience of Ubiquiti is through their Dream Router 7. What a piece of crap that is. Can't even get good WiFi in adjacent rooms where same ancient Asus router wasn't breaking a sweat. Connection drop outs are a nice bonus. Don't forget booting for ages, fan noise etc.
If other products are so bad like that one, I don't know what is the hype for this company.
I have enough dollars and hours invested with Ubiquiti to have an opinion here.
They manage to make performant, capable hardware for a decent price. Then they give you shit configuration tools, a shit configuration experience, vendor lock in, and forced to the cloud. So on balance no thank you per my personal priorities.
If you expect cloud and vendor lock in is a plus that you’re accustomed to with other maybe enterprise vendors, by all means.
Then-still-independent Sun sold storage appliances, and during their development and debugging it was noticed that vibrations effected performance… by yelling at the drives:
Are Ubiquiti products commonplace for companies that contract with the US government outside of the DoD/DoW?
Since DoD/DoW generally requires STIG compliance, and none authored are for any specific Ubiquiti product, we can cross that off the list. Sure they can get exceptions or use a more generalized STIG but stakeholders generally have pre-defined limitations on what they will and will not allow on networks they sponsor.
The Defense Industrial Base is 10s of thousands of companies. May are small businesses. Many need to obtain CMMC Level 2, which has requirements for FIPS certified encryption. Our systems do not directly connect to Government systems and those STIGs may not apply directly. So, could I use Ubiquiti in some places? Maybe, not to store controlled information in this case. I could probably store previously fips encrypted files there. Would I want to use Ubiquiti cloud services? No.
I built a 12-bay NAS recently. I snagged a 5900X/Supermicro server board/128GB DDR4 ECC combo for only $680 on eBay right before memory prices went apeshit. It has IPMI and 2x10g. Suffice to say I belive you can roll your own appliance like this for considerably less money, and have far more control over it. I say this as a Unifi fanboi.
Nice that it's plain OpenZFS, no paid license layer, yay! Ubiquiti sometimes ships v1 hardware and ghosts their own roadmap, but this kinda neuters the downside. If they lose interest, you just pull the disks and zpool import on any box (assuming feature flag parity). That's a saner path than Synology, with their "unauthorized" drive warnings.
I love by Dream Machine Pro. Seems to just work and keep everything up to date. I have it running my security cameras as well and it has been pretty much bullet proof.
What needs do you have for a router that the Cloud Gateway is missing or is bad at? A PiHole equivalent is about all I can think I'm missing.
IPv6 support is basic at best. The zone-based firewall is very prescriptive and limited. ACL stuff is not great. To increase the MTU of the physical interface connected to the ISP I would need to hack a systemd unit that did it on boot (I either need it at 1508 so the PPPoE interface uses 1500, or I need to MSS clamp it and have it effectively reduced to 1492). Initial configuration requires the device to be connected to the Internet.
There were a few other niggles, and in the end I just found it easier to do what I need on OpenWRT.
PPPoE introduces an 8 byte overhead per packet. The "MTU of the Internet" is 1500, so that's what more or less everything defaults to.
This includes physical NICs on Linux, but the PPPoE interface has to tunnel through one of such physical NICs.
If the physical NIC has an MTU of 1500 (and can't be changed), the PPPoE NIC must do MSS clamping, effectively reducing the MTU from my network to the Internet to 1492. This increases fragmentation and overhead.
If I can increase the physical NIC's MTU to 1508 (and the ISP supports it, which mine does), then the PPPoE tunnel can use the full 1500 when talking to the Internet.
So, it's technically not _required_ but it's an improvement I should be able to implement easily (in OpenWRT I literally type 1508 on the MTU box for the NIC, or issue a single uci command).
The MTU thing is a bit bizarre - all connections I've seen on PPPoE in practice (fiber or DSL) used 1492 MTU to fit data into frames (and ISPs configured their routers like that too). What are you trying to hack with this unusual 1508 frame size?
It's not a hack. It's literally having the tunnel at 1500 MTU.
Check my answer to the sibling comment [0]. It's also known as mini jumbo frames, and is documented in RFC4638 [1]. And here's a post [2] talking about using it on OpenReach FTTC, which is similar to my own infrastructure, only I'm FTTP.
I'm slowly in the process of migrating from an EdgeRouter and Edgeswitches (including the 16XG for my SAN backplane) to Unifi. Am comfortable at the command line (and actually just had Claude help me build a bunch of configs and an IaC harness for my whole infrastructure) but the SPOG will be nice - that and Ubiquiti has basically abandoned the Edge* line. This was prompted by not wanting to by having persistent problems with the Cat 6 STP termination and the length of the run between my office and the rack in my garage, and my Mac Studio and Edgeswitch would generally only negotiate at 5gbps and even then be error prone, so I got a Unifi switch with 8 ports and 2 SFP+ and ran fiber to the garage for the uplink, and just a short 10' run between the switch and my studio gave me rock solid 10gig (I just run the controller, for now, on a small VM, with my 2 WAPs, but will go all in when I pull the trigger, though, oof, $2,500 for everything I need).
+1 for Dream Machine Pro. Own one at home and have stretched them pretty far in SMB environments.
I use it with 8 APs in a mesh and a few switches, all UI, and it just works. I also have a lot of success helping out some local SMBs by setting up UI for them.
I went with eero and really wish I'd gone with unifi
Apart from the shitty software and basic features either missing or locked behind a monthly cost, the network itself is not bad at all, I get 600-700mbps on wifi throughout the house and have my servers wired on 2.5gbe
But the one thing I really thought I was buying into by choosing an amazon brand was ease when it came to buying upgrades, and yet I ended up having to buy extra hardware (like the wired gateway) from ebay and sellers in the US as amazon does not sell their own hardware everywhere
I started with Unifi and it's been pretty great overall. I've integrated all the cameras into Home Assistant, it's all local, and can bridge with HomeBridge so it all shows up and plays nicely with HomeKit as well. Rock solid and very few complaints.
I've had standalone routers, Eero Pro, Google Wifi, TP Link Deco, TP Link Omada, and probably some I'm forgetting. They all had something that just enraged me.
I finally bought a Unifi and I'm very happy with it so far, 6 months in. There's a few things I haven't tried, like rebooting it while it doesn't have an internet connection (I'm looking at you, Deco!), but so far my big complaints are that it's opinionated about the initial setup, and setting up a static IP for a device that isn't connected yet is a serious PITA. I had devices on my old system that I didn't want to have to change IPs (because the computers talk to each other) and that was not easy. If I had to do it again, I'd probably just let it do what it wants and deal with changing all those configs to the new IPs.
FWIW, I just have it as a router, and my Wifi is still some of my expensive standalone Asus wifi routers acting as just access points. I didn't see a point in replacing them when they were working great as APs.
Who said it was bad? I thought we were all pretty much in agreement that it was good, and the only thing holding it back from wider adoption into e.g. the Linux kernel was the poison-pill of Oracle's ownership and licensing.
Actually the licensing issues were from Linux developers' side - Oracle has nothing to say (as the license to the code and patents was given before Oracle got their grubby hands), and Sun IIRC expected CDDL to work similar to the AFS precedent where non-derivative, non-GPL code was allowed into kernel.
The only lawsuit specifically about licensing was from few Linux developers through SFC who disagree with common consensus on how GPL applies in that case and sued Ubuntu for shipping ZFS as a module.
Some years ago, there were mud-slinging myths being thrown around about ZFS.
Things like "ZFS needs 1GB of RAM per 1TB of storage" and "it requires that RAM to be ECC" were once common to find online.
These sort of thing seemed to lead to widespread beliefs that it was inefficient, expensive, and fragile. None of that is true, of course, but folks might remember and believe these myths and conclude that it is (or was) bad.
(But it's pretty excellent. I've been using it for about a decade, now. It'd be nice if it fit into the Linux kernel better, but I manage anyway.)
Yep. They be wrong. Many of the myths about ZFS seem to originate from the TrueNAS forums, and the working assumption is that they're motivated to be this way because they're a bunch of gatekeeping losers.
More RAM is better -- of course it is. Otherwise-unused RAM can gets used for stuff like caching (such as the ZFS arc), and caches are faster than disks. That's good for performance.
But ZFS isn't really any more thirsty in this way than other filesystems are, unless special features -- stuff that many other filesystems lack entirely, like deduplication -- get used.
And these days, dedup can use an SSD instead of RAM for the heavy lifting so that's not a huge concern either. (Not that I'm recommending dedup; it works and it is reliable, but it doesn't fit very many workloads.)
I would absolutely be comfortable running ZFS with 12TB on 6GB. Or 2GB, for that matter. It's fine. Send it.
I've personally done more with less and had excellent results. No regrets.
(There's ways to tune arc performance, too. As an example, I've got a dataset that is full of many terabytes of Linux ISOs. I don't need that data to be cached...like, ever. If it were to be cached, it would just consume resources that would be better spent elsewhere. But I do want it to be indexed quickly. So I set that dataset to primarycache=metadata and that works great for me.)
TrueNAS is an OS with management bells and whistles. I'd say yeah you'd want 16GB for TrueNAS to work well, ie roughly 8GB for TrueNAS and roughly 8GB for ZFS cache.
No you do not need 16GB simply for a 12TB ZFS array on a plain Linux/FreeBSD box. It'll be faster, but you don't need it.
another thing holding it back is the threat of a lawsuit from Netapp.
source: used to work for a storage vendor that was marketing a NAS based on ZFS and got credible threats from Netapp to the point that we sought a partnership with Oracle that included indemnification under Oracles settlement with Netapp.
I remember all this too. The time period that I was in this scene was AFTER 2010 though so who knows. As mentioned in response to the sibling "credible sources" bro, I was just a lowly support engineer so i had to trust that the CEO wasn't lying to us about all this.
Maybe he was ... they do that sometimes.
I looked around a little. the C&D from Netapp was in ~July 2010 and the partnership and product with Oracle in the Fall (Around the cease fire) and we continued with that (via the Oracle Partnership) through 2011-2015 when the company ran out of cash and laid us all off.
sorry, don't have a link to the CEO telling us that we were signing a partnership with oracle that included the indemnification.
I was just a lowly support engineer so not privy to all the legal details that the executives were dealing with. I too had to just take them at their word.
I've always used ZFS because it's vastly superior to other options. When I see storage companies building without fault tolerance, or without a merkle tree (so that you can backup deltas efficiently without having to recompute them) it's a sign their marketing team has more influence over the company than their engineers.
Sadly, the few ZFS COTS options have been somewhat underpowered. QNAP supports ZFS filesystems, but their backup configuration won't let you arrange for a nas to pull from the source (instead of the source doing a push.) You can still pull it off by scheduling your own cron job, but this somewhat defeats the purpose of paying extra for a vendor solution.
UBNT is still supporting my 15 year old edgerouters with security updates, and their interface is clean and usable for anyone with basic network experience. And their video surveillance solutions are unusual in that they allow you to keep your footage entirely onsite and offline, an uncommon level of privacy. If they can bring the same polish to their storage solutions, I'll be using these new products for a long time.
reply