I've always used ZFS because it's vastly superior to other options. When I see storage companies building without fault tolerance, or without a merkle tree (so that you can backup deltas efficiently without having to recompute them) it's a sign their marketing team has more influence over the company than their engineers.
Sadly, the few ZFS COTS options have been somewhat underpowered. QNAP supports ZFS filesystems, but their backup configuration won't let you arrange for a nas to pull from the source (instead of the source doing a push.) You can still pull it off by scheduling your own cron job, but this somewhat defeats the purpose of paying extra for a vendor solution.
UBNT is still supporting my 15 year old edgerouters with security updates, and their interface is clean and usable for anyone with basic network experience. And their video surveillance solutions are unusual in that they allow you to keep your footage entirely onsite and offline, an uncommon level of privacy. If they can bring the same polish to their storage solutions, I'll be using these new products for a long time.
This kind of migration is the stuff of nightmares. The main job of a NAS is to keep the data safe. A file system migration that works in every one of those corner cases present in the wild is statistically unlikely. The kind of bad publicity this can bring is what can sink a company. The only way I'd ever do this is by starting fresh on different storage and replicating the data.
Joe blow running a beta release on his raspberry pi complaining about ram usage isn’t indicative of reality.
One week ago 3 guys broke into my shop while I was traveling. They had sense enough to power down the starlink that was providing internet which would have taken out all of the remote camera options.
They did not realize that almost everything they were doing was being recorded via the unifi system. In the end about the only thing of value left in the building was the hard drive with all of their pictures on it.
The police have used the footage to identify all of them and it will be pretty open and shut when they see a court room. Offline and air gapped the whole time they were there but did exactly what it was installed to do.
I'm guessing with such an obvious endpoint for the camera storage it never occurred to anyone there was a second box. I had something like this in mind when I wired the building. It seemed like a good idea to make onsite security footage much harder to find given the cameras were obvious and anyone breaking in would probably look to damage or destroy the system.
I really thought the cameras themselves were the deterrent, but these guys gave it a shot anyway. Cutting the cable to the starlink and walking off with the NAS drives seemed to be the plan.
In the future I'm going to add a local battery backed alarm connected to external siren and strobe that is immediate on opening the office door to draw attention. I was driving down to WWDC when the starlink went offline and saw the notice on my phone but wrote it off to equipment failure which gave them enough time to clean the place out pretty well.
The hole in my strategy was thinking nothing could happen without notification, but being in a car in the middle of Norther CA with spotty cell coverage and lots of distractions blew that up pretty hard. I'm also thinking one of ubiquiti's cellular backups is in my future. Starlink offline is annoying but not the attention grabber that a still of a guy walking in the door would have been. Cellular backup would have gotten me that.
But, re: alarms, I'd like to add a suggestion: Indoor sirens. They can be intolerably, painfully loud for not very much money (because piezos are cheap and square waves are easy). Using a small, random mixture of them can let them beat at different frequencies and periods, which can make them very unpleasant to behold even with hearing protection.
If you feel like being clever, you can even run them with a local battery that activates when they're disconnected. If you feel like being extra-clever, you can make them activate when they don't have the correct termination resistance at the far end of the line, or exactly the correct voltage: This way, whether the wire goes open or short, the sirens activate.
Super-extra bonus points for using a combination of methods. Any time that a thief spends figuring this out is time they aren't carrying stuff out.
And if that still seems incomplete, then: Fill the shop with smoke. They can't function when they can't even see their hand in front of their face. https://www.youtube.com/watch?v=RPgcysyFUiI
And the system should not be armed when desirable people are inside, so that problem seems like it is for the birds.
When employees forget their codes and trip the alarm when they're the first ones into the shop at whatever time, they can just go outside to escape the hellish indoor torment. Not perfect, but not so bad either when the goal is to keep people out. :)
Perhaps the smoke should have a harder trigger than the noise, though, if for no other reason than it's a consumable that eventually needs to be fed more money every time it is activated.
If they can't see, they're not going to hang about and if they've tooled up with NV then that's a whole different threat model.
We have one of those at our vacation home (well it's more than a vacation home: I used to live there but it's now house we use for vacation, several times a year but anyways...).
We've got that system connected to the alarm. It's amazing and the system did evolve: in the early days the fog had to be projected in the middle of the room or it'd leave traces on the walls. Now it's a fog that doesn't leave any trace anymore.
The reason it works so well it's that it means: "Now you cannot see jack shit and in a few minutes the police is going to be there".
It kicked in once: the bad people quickly left.
> If they can't see, they're not going to hang about ...
No indeed...
> and if they've tooled up with NV then that's a whole different threat model.
In my case the alarm is still there and if the company monitoring the alarm system tells the police "there are people dressed up like it's war with night-vision system", then they'll take it even more seriously.
I've had a house without my alarm on (because kid had a medical emergency and was between life and death: I left in a hurry and forgot to turn the alarm on) visited by burglars and it ain't a fun thing.
I highly recommend alarm systems that generate a fog. It's a wonderful thing.
And that fog doesn't last too long: by the time your back at your home, it's like the would-be-thieves: gone.
The fog&dog&log never fails.
fog, dog, log, jog, hog, bog, pog, nog
Enveloping fog
Dogs and wild pigs set loose
Log launches at you off a treadmill
Trap door drops you into a flooded basement
Barrage of paper disks
Eggnog super soakers
Wait, you have an office full of expensive equipment but decided to half-ass DIY the security? No wonder you were targeted.
A proper monitored alarm system would have prevented this. They pretty much all have built-in cellular backup now. Do yourself a favor next time and call a professional.
Don't blow your entire budget on cameras then wonder if you need an alarm system because the only good the cameras will serve is to watch your stuff disappear. You mentioned California so expect these guys to be roaming free in short order if they see any jail time at all. Good luck with seeing any restitution or getting your stuff back.
Your statement that "a proper monitored alarm system would have prevented this" is optimistic. I never had any particular expectation that if somewhat intelligent criminals decided to break in when no one was there that I wasn't going to lose whatever they could get at. The cameras let me document what happened and when and what was taken. If the imagery ends up having any other value that's a bonus rather than the point.
Chances are, the thieves were monitoring the local dispatch over the radio (rural departments are not usually doing anything fancy) and knew exactly how long they had.
Do not under-estimate the number of thieves on the left-hand side of the bell curve: if you can deal with those that's half the population that's less of a problem.
(The thieves on the right-hand side of the bell curve generally work on Wall Street and generally don't do break-and-enters.)
I've got this setup running on a Raspberry Pi near my front door and it collects all sorts of useful data, even from people walking by on the sidewalk, 30 feet and two walls away.
At some point, I'd love to explore vehicle emissions more, too.
It never occurs to router makers a static base could see a million Wi-Fi networks come and go every week.
That is why they need WiFi info for ‘fine location’.
I have MAC addresses!
M-A-C...
Yes, I sniff them out the air with equipment I built!
Uh no I'm not on drugs why do you ask?
[0] https://community.ui.com/questions/e3d50641-5c00-4607-9723-4...
But if you don't trust it, the fix is easy: just deny the Ubiquiti cameras and controller all internet access. That way no trust is required.
No.
Very happy customer here.
As much as I wish Ubnt are using BSD in their product, which they are not. I am understanding how FreeBSD relates here.
https://www.freshports.org/net-mgmt/unifi10/
https://ports.to/path/net/unifi/main.html
I guess not officially supported but I use them, they work well.
In the long run, after investing some time into learning actual BSDs I find editing a few config files much more convenient than clicking around in web interfaces.
OpenBSD is great for a router.
So what ? It's not possible to be reliable, open and have many features.
It's like being apple-everything. Freedom until you bump into the walls of your cell.
Unifi APs are a sweet spot of price/performance, and I have no difficulty recommending them. Ruckus hardware is better at five times the price.
UISP gear has worked very very well for me for ptp and ptmp. But that's a completely different line.
Worth noting most of the time the Corals sit idle in many setups, as Frigate only wakes them up if it detects motion with simpler algorithms on the CPU first. You gain capacity for a further 100 detections/sec for every Coral you add essentially. The corals are not sitting watching every single frame from every camera, which I think is a common misconception about Frigate.
It's worthwhile to spend some time with the docs - the mistake I always see made is folks passing a full fat 4k stream for detection at some silly FPS, which generally doesn't make the detection work any better and greatly increases processing costs.
If your six cameras really are generating enough events (100 a second) to saturate a coral, I'd be looking at what else I screwed up!
> https://docs.frigate.video/frigate/camera_setup/#choosing-a-...
Wireless cameras can also cause their own set of issues, but I can understand using them if you have to.
Open-source NVR software like Frigate can do things like the object-detection/license plate/face recognition game on local hardware, with the cheapest available IP cameras. It's just a program that runs on a computer with a network and some storage and some processing ability like a GPU.
Those cheap cameras don't have to be trusted; with things like VLANs, they can hang out on the Group W bench where they have no access to anything important or the outside world. :)
(But yeah, it does represent much more of a DIY effort than something from UBNT does.)
(Seemingly rolled back recently, but a roll back can be easily rolled back itself. I don't trust them enough to count on that not happening.)
I'm guessing you're thinking Reolink or other Chinese ultra-commodity cam. It's fine, it's just in a different product class and ecosystem - and that's where enterprises fit in, they want that support+ecosystem and not DIYing.
Reolink CX820 8MP $129 https://reolink.com/product/cx820/
Unifi G6 8MP ~$300 https://techspecs.ui.com/unifi/physical-security/uvc-g6-dome...
Avigilon H6A 8MP ~$1200 https://www.avigilon.com/security-cameras/h6a-dome
I do that with my Unifi Protect doorbell. RTSP streams. Google Coral. Frigate. Scales very well. Do ML on low quality stream. Look/save the high quality stream. You do it all centralized, and you can put the camera(s) on a seperate VLAN. They don't even need internet access. If you run them over PoE twisted pair, the attacker would need physical access to perform MITM. Wireless, one should assume the camera is insecure (e.g. KRACK).
The purpose of my comment had only been pointing out those features don't come onboard a $100 cam.
I have the same popular setup (Frigate) although I just use ONNX on an 11th-gen Intel CPU instead of a Coral (unless you are trying to do something fundamentally goofy like use a Raspberry Pi as an NVR, Coral doesn't really perform better than even a several-generations-old iGPU or iNPU).
This is the typical OSS story: you can duct tape a giant leaning tower of janky stuff (Frigate + go2rtc + HomeAssistant + various connectors + some kind of VPN/proxy solution for away-from-home access) together and get something that's fairly close to the commercial solution, where you click a button. The open source solution is fun and more customizable in highly niche ways (you can bring your own image recognition models and tagging, adjust the resolution and encoding for everything in infinite detail, and so on) and the commercial solution is easy and works. Chose your path.
I will say I've liked the Frigate stack, though. I'm making some recognition tweaks for recognizing animals on my property, the software works well enough, and I do like having a really, truly on-prem solution for this specific thing.
It works similar, but requires some effort to get working (if you already self-host its peanuts think Frigate plus reverse proxy and I also use Wireguard to have it available from outside). My home connection is fiber 1 gbit, but with DSL (only 30 mbit upload) it worked fine, too.
Since I want to decrease my reliance on US cloud, I like to self-host. I also still rely on Unifi APs and the doorbell. Right now I wouldn't spend money on building a self-hosted server, given prices.
I should mention I use iGPU via SR-IOV on a VM. The Google Coral sits in the device unused.
I also immediately copy the stream to an offsite backup. This way, if I get coerced to destroy my doorbell feed, I will happily oblige.
I think they're definitely not Avigilon, Genetec, Verkada, but we run a few hundred UI cams in some edge areas. It works, esp if you don't demand orchestration.
As others have pointed out they are supported for a long time. I have some earlier generations cameras that are going on 7 years of updates. Not only are you barely getting maybe a year of firmware updates at the $50-100 range but there's no comparison on the quality of the optics, sensor and overall hardware at that price differential.
Ubiquiti has done some shitty things over the years but Ubiquiti isn't competing against the $50-100 market. They're competing against the Axis and Panasonic quality builds. You've definitely got it backwards here.
And while, yes, you can get a decent camera from Reolink and the like at a good price it isn't surrounded by an exceptionally mature and well supported ecosystem that has yet to nickel and dime its customers with half ass SaaS and paid for features.
This comment couldn't be further from the reality of Ubiquiti's lineup in comparison.
What's the comparison at $50-100?
Do they have ecc on those models? Do you have an example model on hand?
Too bad... I always wonder why companies do this...
But UI just seems so ambiguous. :)
A is for Agilent. C is for Citigroup. T for AT&T, the Telephone Company.
Or just making assumptions about what "everyone" knows. Either way it tends to be a net negative for a large percentage of the audience.
Whether the individuals writing care about the ignorant among the audience determines if they put any effort into being educational or just signaling.
I've only been using Ubiquiti as a pro-sumer, but it has held up well for my use case of Plex and little game servers.
I use a Synology NAS for my storage though, which is a slightly beefier mobile AMD chipset.
I'd be very interested to know what I should and shouldn't expect from my ARM based network stack though!
1. My UDM Pro absolutely chokes and stalls with intrusion detection enabled on the firewall and 8 cameras connected. Network goes down, cameras disconnect, devices disconnect from Wi-Fi every time a car drives past a camera due to AI features triggering, etc.
For something meant for small businesses I wish they would just shove an Intel i5 or something in it. They make great switches, great APs, great everything else, just too stingy on processors on the few pieces of central equipment that people would actually be willing to spend more on.
And for a $3999 enterprise NAS with dual 25 Gbps SFP ports and 16 drives? It could surely use something more beefy than a Neoverse N2. I'd say an i7 or even i9 is warranted here.
3. The UNAS 8 I don't own but I believe it would struggle with >1Gbps links and encryption enabled
I dont mind using ARM for NAS, but (to be fair I have not looked in a while) the issue is they tend to not have many pcie lanes. Looks like the N2 can have up to 64 @pcie5 so if it's built well, I don't think the CPU will be too much of a bottleneck.
Hell I'll put it out there - some company should make a NAS-specific ARM chip line to make lines of way less expensive (well pre the current troubles) base NAS enclosures with lots of NVMe etc.
It's even underpowered for streaming -- I found Protect to be extremely laggy, taking often 30+ seconds to open the camera stream when 3-4 stream receivers were connected.
I have a udm se, 10 g3 cams, 4k bullet+ai, door entry + cam +ai, couple of the display viewports running all day and a nano hd access point and symmetric gig with intrusion etc turned on. I also have wireguard users connecting in remotely.
No problems with performance whatsoever at this point.
Ok its not enterprisy its just a small business with 20 people but seems fine to me. I run synology servers.
This is worse with the older devices.
For example: https://www.youtube.com/watch?v=p4yKf044meY
https://community.ui.com/questions/UniFi-Gateway-Intrusion-D...
I also have it on on my unit .
I do agree though nonharm in giving a bit more power. Why skimp on the cpu.
- The EdgeRouter 12P is ancient and had a weak CPU for even the time
- However, the EdgeRouter 12P has a good selection of hardware offloads for things like routing/NAT & even a hardware switch chip. These functions will often run at (or very near) line rate without touching the CPU much, and the latency/jitter/buffer handling will often be better than when even fast CPUs handle the traffic on other products.
- Buuuut there are oddball restrictions. E.g. on the newer 2.x or 3.x software streams (i.e. for the last ~5 years) hardware offload for VLAN tagged traffic on the switch does not work, and the CPU cannot switch a full 1G of traffic without choking (it gets close, but not quite). Also the hardware switch only covers a certain range of ports, some ports can only be routed or software bridged.
- Even then, if you add a bunch of advanced firewall inspection rules it's gonna run out of CPU. Quicker if it didn't have offloads for some of the work, but still easy to make it go from a solid full gigabit WAN NAT box to 100-200 mbps depending on what you enable. This can repeat for a lot of features, like VPN and so on.
As far as host networking (i.e. a server sending data out of its NIC rather than trying to be a network switch/router/firewall between segments) usually the CPU will be a limitation for other things before it's the limitation for sending things out the NIC. And a quality NIC (which these particular ones seem to be) can make that even more true in a similar, but less extreme, way as the switching/routing hardware offloads on the EdgeRouter. E.g. ZFS can be CPU heavy with all of the parity/encryption/deduplication features you can enable and trying to do that on top of using SFTP to transfer the data to a remote host in a single encrypted stream can stress the CPU even more... but this CPU also doesn't look like a typical bargain basement ARM CPU you'd find in cheaper Ubiquiti products and would probably do fine for what it has.
Stay away from IPS and complicated firewall rules which usually are done in CPU, and you should be fine. HW acceleration for those (esp. TLS decryption) is a major reason fancy firewalls are very expensive. You're better off building an IDS or picking up a smaller FortiGate or Palo Alto firewall if you really want to get serious there.
The ENAS looks like fairly nice hardware. It even has ECC RAM. Not cheap, though.
The remaining market for such a product is people who are running UniFi switches and/or APs but not the router and yet still want an appliance, which is not a large space. Most of that market either has a random server they can run it on or is willing to throw together a Raspberry Pi controller.
Ubiquiti's Cloud Gateway Max or Fiber seems to be the modern replacement since they do the job of the Cloud Key while also serving as your router and firewall.
They will at some point just cash out.
Once you invest thousands in network equipment or cameras you’re less likely to jump ship when they start sneaking things in. And this is long lived equipment, not the kind you anyway replace every couple of years. So that’s a relatively strong lock-in.
The usual trend that the smaller upsets compete on cost until they get higher and higher volume and work their way into higher and higher end markets. Ubiquiti 10 years ago was mostly doing volume for small niche ISPs or prosumers at home, now it's got enormous gains in SMB & products aimed at enterprise. I don't think they'll just stop at where they are, focus will keep shifting to wherever they think they can grow to rather than where they've had success before.
Boy I hope Broadcom didn’t hear that…
My "NAS" is a NUC with a couple drives plugged into it using a USB DAS. apt install zfs samba, and away you go.
I could split up the functions into different boxes and build a faster LAN to connect them, but doing that wouldn't improve anything except giving me more parts to goof around with. :)
In my opinion, as long as the majority of their profits come from people continuing to buy the self-host devices, it is fairly unlikely they'll ever stop offering those devices. Why change a working business model?
Yes, subscription models are enticing for that recurring revenue... number must go up, right? /s
If a majority of your sales are not in subscription products though, I think it would be foolish for a business to blow off its own leg trying to chase that particular dragon.
Then again... businesses have made dumber calls in the past out of nowhere...
This also makes the founder net worth of around $33B.
I know there are plenty of ways to go around it via trust funds or other entities to hide it so the ownership could be extremely concenrtated. But having it actually allowed is something I didn't know.
Does that make the rotting corpse of Twitter public again?
1. Your use case falls squarely into "you should be paying for support" territory. 2. You're setting things up incorrectly. You should be shipping logs, not scraping them when you think you need them.
And I want to ship logs, but they don’t provide a mechanism for all their logs to be shipped.
Don’t assume ;)
Off top of my head, besides all the UI/UX glitches:
- They once allowed a human employee to access static AWS root access key.
- Their employee once claimed "remote access" was end to end encrypted, but later people figured out they probably just meant TLS in transit.
- They had a configuration error that allowed some users to access other users' camera feeds. They corrected the error, but never explained how the hell was it even possible or if they made any architecture design change to prevent that from happening again.
Now, ZFS is nice. But even after years of iterations, I still need to do 50% of my operations via SSH on my Truenas system. I can't imagine Ubiquiti to do any better
Its annoying but with Claude and a little knowledge you can make it persistent. By default it got wiped every update which was annoying.
Can you actually saturate the links with the spinning drives?
I've had the hardest time making my TrueNAS ZFS server fast when it was filled with HDD spinning disks. I initially also had 12 of them trying to get maximum speed. I have 128GB RAM and a 10G ethernet connection. I tried all types of optimizations like L2ARC via NVMe, etc, and it wasn't very effective and just too much time spent tweaking and testing.
Instead I just threw up my hands and replaced all the spinning disks with NVMe drives for the data I actually shared (8x 4TB NVMe drives.) And now it very usable and no need for LRArc, etc. Random or streaming access is equally fast.
Best choice I made. Now I did do this over a year ago so I skipped the NVMe price inflation.
I still keep 4 spinning disks but it is for archival data that I expect to never access unless something bad happens. It is slow and I use it like a tape drive.
The bigger risk is the CPU. This is an issue with the Ubiquiti UNAS Pro 8, their ~$800 USD 8 bay NAS. In theory it has 10gig networking. In practice the CPU physically cannot transfer bits fast enough, because its a dinky underpowered ARM CPU that they clearly chose to hit that quite affordable price point. Its a decent trade-off, because similar units from Synology are more like $1600, and you can meaningfully hit somewhere between 2.5gig and 10gig; but saturating 10gig is out of the question.
The ENAS has a beefier CPU so it might keep up with 25gig (could this do 50gig bonded?). But only testing will tell.
This says the UNAS Pro 8 can saturate 20gbe with reads. It won't with just a single user, though, so for homelab enthusiasts it's less attractive even though the price is appealing. But for an actual small business using it to serve a handful of people? The 10gbe isn't a waste
Honestly, outside of random access/small file access, my primary NVMe ZFS server isn't all that much faster in raw throughput - despite being 22x NVMe drives going direct to the CPU instead of 8 HDDs going through a SATA controller. I think it's easier to hit other bottlenecks with ZFS/network transfers well before the disk throughput itself. E.g., enabling jumbo frames for NFS did still give me a decent perf/efficiency bonus.
There can easily be a bottleneck depending on how the setup the sata/sas, but if you can get sustained sequential reads or writes, 16x drives at 6 Gbps sata should be able to saturate 2x 25 Gbps ethernet. The store link shows two expansion ports as well which should help get bandwidth to the point where 25 Gbps is useful.
Less likely with random reads/writes or mixed use.
https://arstechnica.com/gadgets/2020/05/zfs-versus-raid-eigh...
I will be honest that moving to a pure NVMe setup means I never have to read another long article about how to tweak my spinning disk setup for performance and all the tradeoffs to consider. It is honestly freeing, and just feels like discarding old baggage. I do recommend it.
Sadly it's a very costly proposition these days though, so hope they live for a few more years.
I got a 10G ethernet network card for my NAS only to realize it has to overlap with my modem's supported bandwidths (IIRC 2.5G, 5G).
Knowing nothing about the space, I had assumed it would use max(node1, node2), but instead it negotiated a 1G link. So it was faster to use the mobo's built-in 2.5G port.
https://www.fs.com/c/25g-sfp28-3215
But no, spinning disks won't saturate it, even if you were doing 100% sequential reads.
(I originally said fill it with NVMe - I was wrong)
Looking at the specs: https://store.ui.com/us/en/category/network-storage/products...
Hard Drive Capacity
(16) 2.5/3.5" HDD / SSD support
(2) M.2 NVMe SSD support
(2) Expansion ports support
I think you're right we only get two SSDs on NVME as the cache, but it looks like we can run the rest (16) as SATA SSDs, which is often fine if you primarily care about random IOPS and capacity over pure throughput.
Would you consider that a dealbreaker?
https://store.10gtek.com/1-25g-media-converter-sfp-slot-with...
Or a non-copper equivalent in your case. You just need to use the VLAN IDs that Bell expects, see https://www.reddit.com/r/bell/s/uUltTdyqFC
I can mostly saturate my toy 100gbit link with it on read (to memory, since the other side also needs to not be the problem). Just for as long as it's already in the ZFS cache (which can be huge with in the hundreds GB of ram in servers in general). Not in practice since when you hit the disks you take a massive penalty, but then again, it can be done.
$3999
I laughed.
https://kb.synology.com/en-us/DSM/tutorial/Why_does_my_Synol...
https://www.bhphotovideo.com/c/product/1618911-REG/synology_...
Edit: Drives are not included :(
A more fair comparison is this nas vs another brands nas. Or compared to S3 if you just need a place to dump files.
(Not that you need that much for canceling streaming, I’d get a home Synology or diy TrueNAS for that anyway)
The ability to mix and match drives in the main Unraid Array is of course the original feature and draw. Adding a few TB at a time for whatever leftover money I had after taxes each year is really appealing.
But they've added SSD write caching, VMs, Docker containers, a Docker "app store", and recently ZFS drive clusters (mostly for SSD storage).
It's pretty great and incredibly easy to admin. I presently have well over 125TB of mixed Unraid and ZFS cluster storage in a Fractal 7 XL. It's running around 30 containers, a handful of VMs, Tailscale and literally requires less than 20 minutes a week of system level administration (probably more like 5-10 minutes). Of course I'm spending far more than that messing with the actual apps, but that's a personal problem ;)
It gets regular updates, and I'm sure my uptime would exceed a couple of years except for reboots needed to handle the updates and the occasional power outage. You can ignore the updates of course to min-max your uptime. ZFS has been rock solid on my SSD array.
You can recreate the core array bits with a bit of effort and MergeFS and SnapRAID, add Docker, some VM host system, ZFS and a few other things and you can get Unraid "for free" with a fairly normal Linux distro, but the administrative overhead will be a bit more.
One tradeoff is that Unraid exposes a core set of features for each of these, but you could get to quite a bit more specific of a configuration if you go the regular Linux route. The Unraid devs are slowly adding more ZFS features (for example) to the regular interface, but it takes time. Some more expeditionary Unraid user attempt to use those features more or less at their risk with results reported in various forums.
EDIT oof yeah that’s pretty horrible, I take back my Synology recc. Looks like it’s partly model-based restrictions. That’s a shame, they were nice as relatively low maintenance devices.
This looks like a dig at Synology, who do this.
I'm not at all surprised that Ubiquiti is getting ahead of that and promising it from the start.
Is that correct? Looking at a common flagship model, the 4-Bay DS925+
and then the "Compatibility list" here https://www.synology.com/en-global/compatibility?search_by=d...
I see only Synology branded drives.
Synology do not make their own hard drives. They are rebadged.
https://www.guru3d.com/story/synology-reverses-policy-bannin...
>Now, with the release of DSM 7.3, Synology has quietly walked the policy back. Third-party hard drives and 2.5-inch SATA SSDs can once again be used without triggering warning messages or reduced functionality. Drives from Seagate, WD, and others will work exactly as they did before—complete with full monitoring, alerts, and storage features.
NVMe SSDs are different.
First hand experience many times over: there is little more regrettable than placing Ubiquitis latest test-it-in-prod release in to an Enterprise setting.
Yeah, that's the kind of people you want to be running your company's storage appliance.
Tons of those are pretty basic web security stuff. Nearly as bad as TP-Link, a bargain-basement brand.
Compare and contrast:
https://app.opencve.io/cve/?vendor=freenas
https://app.opencve.io/cve/?q=vendor%3Aproxmox
Proxmox's record in 2025 wasn't particularly great but it's a hell of a lot better than Ubiquiti's. And before someone starts complaining that it's not a fair comparison because Ubiquiti has so many more products: they have a unified OS and management tools. They also have orders of magnitude more revenue and can afford far more in engineering resources.
What about Cisco?
$4000 is… a lot. I can buy a used CSE-846 for about 1/4 of that, an X10–era mobo for a few hundred bucks, and have 1.5x the bays (tbf, also 4U instead of 3U). Managing ZFS is just not that hard; it’s not Ceph. If you want easy mode, throw TrueNAS on it, and you’ll get an awesome UX that abstracts away everything difficult.
If this were < $3000, I’d probably buy it. I’ve been holding off on replacing my two CSE-826 because I’ve been waiting for this to come out. Disappointing.
For that use case I recommend UNas from ugreen or the minis forum ryzen Ai stuff.
The segment UI and Synology are in are 10x more than the minisforum, beelink, qnap, cwwk type devices, but still 1/10 of the price of getting started in enterprise gear from HPe, Dell, Pure, etc.
https://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffe...
https://krebsonsecurity.com/2015/06/crooks-use-hacked-router...
https://www.bankinfosecurity.com/ubiquiti-insider-hacker-sen...
https://www.theverge.com/2021/3/31/22360409/ubiquiti-network...
https://www.bankinfosecurity.com/ubiquiti-insider-hacker-sen...
https://www.theregister.com/security/2022/03/30/ubiquiti-sue...
In the case of the fake whistleblower, it sued a journalist for defamation but its counsel could not spell the word "damning"
Was it meritless. Would it have been dismissed for failure to state a claim
If yes, this might explain why Ubiquiti agreed to a stipulated dismissal
https://dn721900.ca.archive.org/0/items/gov.uscourts.vaed.52...
Seems like a nice, basic, affordable platform for workgroup/SME stuff. Not NetApp/Pure Storage "enterprise" grade though.
It is a large reason they can mitigate vendor risk IMHO, offering different tiers of switches as an example without being held hostage by on particular switch IC vendor like many brands.
I do wish someone would take up comstar though, netapp bought and killed several jbod lines etc… to kill it before Oracle bought Sun and also killed it to protect their enterprise storage offerings.
NVMe-oF may be a possibility because there are FPGA IP vendors but without comstar there are some challenges IMHO.
I also have tons of other Ubiquiti gear, and honestly there's not a ton of synergy between the NAS and everything else. It's a great NAS though. And also, it's only a NAS. It's not an application server like a Synology NAS.
I appreciate the perspective, I definitely take backups seriously for my photography.
1/ ZFS datasets with hourly (or daily) snapshots
2/ Samba with vfs_fruit
Gives the peace of mind that even when the sparsebundle shits the bed, you can rollback to a suitable snapshot and only lose a small period of backups, rather than having to lose the entire history and start again from scratch.
(I say when, not if, through considerable experience over the last 15 years that it will always, inevitably, shit the bed.)
[1] https://kb.synology.com/en-us/DSM/tutorial/How_to_back_up_fi...
A 2 drive anything is not replacing my existing NAS + solving my backup use case, although I appreciate the sentiment of saving money.
Stay away from synology.
I just checked any my oldest TM backup for the MacBook from which I'm typing is 2023-09-14. This MacBook has a 2 TB SSD and I have the TM volume quota set to 3 TB. TM culls old backups as needed.
The TM GUI is still terrible, but you can use `tmutil listbackups` to easily access backups from the command line.
I also use Arq to B2.
Time Machine would work and work and work until one day... "Cannot write to your backup" and the whole thing would be corrupt and not even readable.
Flirted with Acronis TrueImage which was worse. Hell, even before catastrophic corruption, attempting to restore a file from a decent size catalog even over 10gbE would generally cause a beachball for minutes and then you had to be very careful to browse exactly to the location and file you wanted to restore (poking around trying to find it would inevitably totally crash the client, and even being careful sometimes would).
I ended up moving to Carbon Copy Cloner to Synology, with the Synology taking a snapshot 10 minutes before CCC starts its nightly run.
A few months in and it has been rock solid. If I want to restore I can just browse the snapshot in Synology and either copy a file directly from the Snapshot browser or mount the entire snapshot as a shared folder.
If other products are so bad like that one, I don't know what is the hype for this company.
I bought the 8-bay UNAS ($799.00) but have yet to put a drive in it yet since the costs are out of control for hard drives currently. I'm still using my 2x 12-bay Synology for now.
I hope they don't abandon or lose focus of their UNAS offerings (and/or they get better) since I had planned to buy 2-3 more 8-bay UNAS units once I can afford the drives for them.
I ended up hosting a local site that embeds the RTSP feeds, which works pretty well, but I was surprised that there’s no native way to do it
Admittedly my 1 grand is referenced off pre AI insanity pricing. Call it 1.5 today
Point is someone willing to roll the dicey on AMD consumer CPUs doing ECC can beat everything else out there
[for those contemplating...asus crosshair viii dark hero is where you want to start looking ) And reminder that these boards take UDIMMs not RDIMMs...do not assume suppliers understand the difference
But of course, if I'm someone who knows how to build a NAS and is inclined to do such a thing, then I'm sort of inherently not the kind of person that would be interested in such things and not the audience they're marketing towards, which is obviously fine.
I've built my own NAS when my last synology died, and I'm not sure I'll build one again. I've dealt with all sorts of issues that I just haven't had to deal with with a packaged solution, and I really just want to not think about that stuff when I'm not working.
Yes, I can absolutely do it for cheaper, better, and with more flexibility myself. Doesn't mean I actually want to.
This is my exact attitude but I don't have decades of sysadmin experience to lean on so I'm completely lost on what approach to take setting up my first NAS.
My requirements are simple: (1) Should be plug and play (hardware + software) (2) Must support ZFS since I already set up a pool in my beefy desktop PC.
What would you recommend? I've looked into Synology's offerings and they look perfect except for the fact that they don't support ZFS only Btrfs. I clicked into this thread expecting Ubiquiti's offering would be what I want, but all I see here is hardcore enterprise gear for the prosumer crowd.
Got a 4 bay usb hard drive enclosure and then just set up a btrfs raid array since my drives are all different speeds and capacities. The thing is only about as fast as a single hard drive but it does pool all the storage in to one unified storage and is way faster than google drive.
Would be nice to have a CSI, but I can probably just use democratic-csi like I already do on my homemade ZFS based storage appliance.
They manage to make performant, capable hardware for a decent price. Then they give you shit configuration tools, a shit configuration experience, vendor lock in, and forced to the cloud. So on balance no thank you per my personal priorities.
If you expect cloud and vendor lock in is a plus that you’re accustomed to with other maybe enterprise vendors, by all means.
you haven't had the pleasure of managing a Cisco environment have you?
It is nice to be able to access your local NAS and LLMs while away from home too.
EDIT: Nevermind, the product page has an option to add up to 32 additional drives via expansion units. Nice!
There ARE licensing issues related to shipping it compiled into the kernel, but you can install it as a kernel module on every mainline distro nowadays which is functionally the same from a user perspective.
As a consequence, you don't necessarily want a rolling distro, as the ZFS module can get out of sync with the kernel.
ZFS itself is build for both BSD and Linux from the same source, so there's feature parity there.
ZFS is my favorite filesystem. I even use it on single drives because its snapshots and online data integrity checking are so great.
I even use it on single spinning rust USB drives. Zero problems.
Since DoD/DoW generally requires STIG compliance, and none authored are for any specific Ubiquiti product, we can cross that off the list. Sure they can get exceptions or use a more generalized STIG but stakeholders generally have pre-defined limitations on what they will and will not allow on networks they sponsor.
Overpriced piece of hardware that you will never own because it runs proprietary firmware, you are forced to install apps to take full advantage from those devices.
Sure maybe this NAS is overpriced compared to building it yourself but those are different target markets.
When it comes to wireless access points you really can't beat $99 for home use. I've never had any reliability issues, never had to even think about my network, rebooting my router, those issues are just completely in the past and the single-pane-of-glass makes networking such a non-burden. I feel confident knowing my network is not running on some piddly proprietary TP-link fork of openWRT running who knows what else.
> hardware that you will never own because it runs proprietary firmware,
I don't really buy these things to install a gameboy emulator on them, they're appliances to solve my problem of "need internet" and they work flawlessly. More power to people who achieve that solution by buying their own SDR PCIe cards and wiring that all up, but I don't have time for that nor does it really matter to me.
> forced to install apps to take full advantage from those devices.
As opposed to busting out an RJ11 cable and configuring them over serial or something? The management platform is part of the value prop, you're clearly not the target audience :)
Business: aruba instant-on. They cost more and updates are much less frequent. They are also more reliable and the support experience is far superior even though it is HP.
Sounds like a marketing piece frankly.
The UNAS line from 2024 was targeted for smaller/simpler prosumer type setups (2-8 drives, no ECC, often no power redundancy, weaker CPUs, & 2.5G-10G networking) and still uses Btrfs on top of traditional RAID.
Their UI is pretty (lmao ui.com) but their software is terrible, unreliable. Logs are filled with errors which is "normal" etc.
And lately the interface has been so convoluted and nonsensical. DNS records sure now “policies”, you can only assign very essential rules like setting routing rules to known objects based on MAC address - the ui doesn’t allow you to pick an IP address.
I wanted to create a special routing rules to allow a container using macvlans to always leave through ISP2. Since this is a macvlan the interface MAC address was different every time the system started. Mind you “ip x.x.x.x goes through link 2” is one of those basic things firewalls and routers do since forever but if the object doesn’t exist on their automated inventory then forget it.
After a long time they introduced ONVIF into their camera products which basically opened it to everyone.
The Cloud Gateway will be sold or given away. It's utter crap. I'm now building an OpenWRT container on IncusOS as my Internet gateway/router.
The switch is meh. It's easy to admin, which is nice - though I'm having to run UnifiOS on another container on said IncusOS.
The APs are fine. Decent power and the central administration with the switch is actually quite nice.
If I knew everything I know now, I wouldn't have bought any of those but they will do for now.
What needs do you have for a router that the Cloud Gateway is missing or is bad at? A PiHole equivalent is about all I can think I'm missing.
There were a few other niggles, and in the end I just found it easier to do what I need on OpenWRT.
You can also modify your frame size: Unifi Devices - Gateway - Settings - MSS Clamping.
In my view , unifi gives you all the power and very good defaults at a very reasonable price. Their nearest competitors (eero on consumer side and ruckus / Aruba on business side) have less features and more price.
> 1492 is the default frame size set by unifi on wan pppoe. You neither need to know such esoteric details nor need to set them. “It just works”
It doesn't just work. It kept it as 1500 and I started having all sorts of issues. MSS clamping effectively reduces it to 1492 but that's not what I want. Something so simple as setting an interface's MTU shouldn't be a big deal, this is a dumb design choice.
> unifi gives you all the power
Yes but hides it out into creating a boot-time systemd unit to ensure it persists.
> Their nearest competitors (eero on consumer side and ruckus / Aruba on business side) have less features and more price.
Clearly you haven't read the rest of the thread. I'm comparing Unifi with OpenWRT, opnSense, vyos, etc.
I would never rely on the likes of Eero, and I don't want to shell out for enterprise gear which in fact don't tend to be great to operate either.
> You can also modify your frame size: Unifi Devices - Gateway - Settings - MSS Clamping.
This reduces my MTU inside the tunnel and even though it works, it's not as efficient as using the full 1500 MTU.
Check my answer to the sibling comment [0]. It's also known as mini jumbo frames, and is documented in RFC4638 [1]. And here's a post [2] talking about using it on OpenReach FTTC, which is similar to my own infrastructure, only I'm FTTP.
[0] https://news.ycombinator.com/item?id=48589677
[1] https://datatracker.ietf.org/doc/html/rfc4638
[2] https://blah.cloud/networks/enabling-mini-jumbo-frames-rfc46...
This includes physical NICs on Linux, but the PPPoE interface has to tunnel through one of such physical NICs.
If the physical NIC has an MTU of 1500 (and can't be changed), the PPPoE NIC must do MSS clamping, effectively reducing the MTU from my network to the Internet to 1492. This increases fragmentation and overhead.
If I can increase the physical NIC's MTU to 1508 (and the ISP supports it, which mine does), then the PPPoE tunnel can use the full 1500 when talking to the Internet.
So, it's technically not _required_ but it's an improvement I should be able to implement easily (in OpenWRT I literally type 1508 on the MTU box for the NIC, or issue a single uci command).
For my personal setup, I decided to go with OPNSense and I couldn't be happier. Much more control, at the cost of being a little more hands on.
I think the best (rough) comparison here is MacOS vs Linux (or more accurately in this case, FreeBSD).
I use it with 8 APs in a mesh and a few switches, all UI, and it just works. I also have a lot of success helping out some local SMBs by setting up UI for them.
Apart from the shitty software and basic features either missing or locked behind a monthly cost, the network itself is not bad at all, I get 600-700mbps on wifi throughout the house and have my servers wired on 2.5gbe
But the one thing I really thought I was buying into by choosing an amazon brand was ease when it came to buying upgrades, and yet I ended up having to buy extra hardware (like the wired gateway) from ebay and sellers in the US as amazon does not sell their own hardware everywhere
I finally bought a Unifi and I'm very happy with it so far, 6 months in. There's a few things I haven't tried, like rebooting it while it doesn't have an internet connection (I'm looking at you, Deco!), but so far my big complaints are that it's opinionated about the initial setup, and setting up a static IP for a device that isn't connected yet is a serious PITA. I had devices on my old system that I didn't want to have to change IPs (because the computers talk to each other) and that was not easy. If I had to do it again, I'd probably just let it do what it wants and deal with changing all those configs to the new IPs.
FWIW, I just have it as a router, and my Wifi is still some of my expensive standalone Asus wifi routers acting as just access points. I didn't see a point in replacing them when they were working great as APs.
Things like "ZFS needs 1GB of RAM per 1TB of storage" and "it requires that RAM to be ECC" were once common to find online.
These sort of thing seemed to lead to widespread beliefs that it was inefficient, expensive, and fragile. None of that is true, of course, but folks might remember and believe these myths and conclude that it is (or was) bad.
(But it's pretty excellent. I've been using it for about a decade, now. It'd be nice if it fit into the Linux kernel better, but I manage anyway.)
Are they wrong?
More RAM is better -- of course it is. Otherwise-unused RAM can gets used for stuff like caching (such as the ZFS arc), and caches are faster than disks. That's good for performance.
But ZFS isn't really any more thirsty in this way than other filesystems are, unless special features -- stuff that many other filesystems lack entirely, like deduplication -- get used.
And these days, dedup can use an SSD instead of RAM for the heavy lifting so that's not a huge concern either. (Not that I'm recommending dedup; it works and it is reliable, but it doesn't fit very many workloads.)
I would absolutely be comfortable running ZFS with 12TB on 6GB. Or 2GB, for that matter. It's fine. Send it.
I've personally done more with less and had excellent results. No regrets.
(There's ways to tune arc performance, too. As an example, I've got a dataset that is full of many terabytes of Linux ISOs. I don't need that data to be cached...like, ever. If it were to be cached, it would just consume resources that would be better spent elsewhere. But I do want it to be indexed quickly. So I set that dataset to primarycache=metadata and that works great for me.)
No you do not need 16GB simply for a 12TB ZFS array on a plain Linux/FreeBSD box. It'll be faster, but you don't need it.
... because part of the company wanted you to buy their certified systems
The only lawsuit specifically about licensing was from few Linux developers through SFC who disagree with common consensus on how GPL applies in that case and sued Ubuntu for shipping ZFS as a module.
source: used to work for a storage vendor that was marketing a NAS based on ZFS and got credible threats from Netapp to the point that we sought a partnership with Oracle that included indemnification under Oracles settlement with Netapp.
* https://www.theregister.com/off-prem/2010/09/09/oracle-and-n...
* https://www.computerworld.com/article/1585889/opinion-patent...
NetApp originally sued then-independent Sun in 2007, and Sun counter-sued.
Free/TrueNAS/iXsystems has been offering ZFS-based solutions for many years now, and I haven't heard NetApp going after them:
Maybe he was ... they do that sometimes.
I looked around a little. the C&D from Netapp was in ~July 2010 and the partnership and product with Oracle in the Fall (Around the cease fire) and we continued with that (via the Oracle Partnership) through 2011-2015 when the company ran out of cash and laid us all off.
I was just a lowly support engineer so not privy to all the legal details that the executives were dealing with. I too had to just take them at their word.
ETA: I searched a bit. Here's a link
https://www.enterprisestorageforum.com/networking/netapp-thr...
Maybe threats were enough? I certainly wouldn't want to test it myself.