SBC for NAS with NO spectre vulnerability


Recommended Posts

medhunter

I am going to do a brave project

 

Aim: Home server mainly for Nextcloud as my first priority in addition to NAS , plex 4k (DirectPlay), Adblock server

 

I hope I can get SBC doing this with the minimal specs of USB3 and true Gigabit LAN (RPI 4 check)

And of course NO Spectre or meltdown vulnerability, (RPI 4 fail)

The only one I could find is the Rock64 as far as I searched.

 

I am open to the possibility of a miniPC with 2.5 inch bay for storage or even USB3.Yet should have No spectre or meltdown vulnerability

 

I am curious what the options can be..

 

Link to post
Share on other sites
+BudMan

So you plan on running multi tenant VMs on this "nas"... I think you should really do a bit more research on the details of meltdown and Spectre and how they could be exploited.  Before you concern yourself with you place too much concern on them to your "nas"

 

How exactly do you feel those exploits could be exploited on your nas??

 

What code would you be executing on your "nas" where it could use these exploits to "steal" info?  The only thing that runs on my nas is the nas software..  And a few "trusted" packages from secure locations, etc.  Its not a pc where you willy nilly go exe code because you were the 1million visitor to site xyz...

  • Like 3
Link to post
Share on other sites
Mindovermaster
4 hours ago, BudMan said:

So you plan on running multi tenant VMs on this "nas"... I think you should really do a bit more research on the details of meltdown and Spectre and how they could be exploited.  Before you concern yourself with you place too much concern on them to your "nas"

 

How exactly do you feel those exploits could be exploited on your nas??

 

What code would you be executing on your "nas" where it could use these exploits to "steal" info?  The only thing that runs on my nas is the nas software..  And a few "trusted" packages from secure locations, etc.  Its not a pc where you willy nilly go exe code because you were the 1million visitor to site xyz...

IIRC, you only run your NAS on your guest network. It won't go on the internet. So would that count out meltdown?

Link to post
Share on other sites
+BudMan

Im just a loss to why anyone would be worried about those issues on a "nas"  Are you giving access to other users running code?  Is your pc that could get infected by you running some untrusted code, or even getting hit with some drive by sort of infection?

 

You do not browse from your "nas" atleast not normally.. The only code running on it should be some packages from the maker of the nas from their secured stuff.  Or at worse some VMs you run on it for something - again should be trusted code running on it, etc.. Are you planning on running some VM on it that your going to use for XYZ that maybe could get infected?

 

But currently - good luck trying to find some cpu that is not open to these sorts of exploits..  And while its not a bad idea to get something that is not susceptible to such code... I don't see it as such an issue that you wouldn't get xyz nas box because of it..  But then again you have not given the full details of you are going to use this nas.. I can just comment on how nas is normally used..

 

And then again any major "nas" maker has supplied mitigation - for example here is synology page on the issues

https://www.synology.com/en-us/security/advisory/Synology_SA_18_01

DSM 6.2ModerateUpgrade to 6.2.2-24922 or above.

 

Here is best advice

Synology rates the overall severity as Moderate because these vulnerabilities can only be exploited via local malicious programs. To secure customers' products against the attacks, we recommend you only install trusted packages.

  • Like 3
Link to post
Share on other sites
medhunter

Something must have been misunderstood.

 

My main goal is to de-googlify my world, using nextcloud storage, calender, contacts, chat (Preferably installed over NAS control panel).May add adblock, pfsense later.

I plan on accessing nextcloud from my cellphone ,so it should be open to the internet.

You are right, I wont brose internet from my NAS. It is a dedicated thing.I will definitely install nextcloud plugin and may be some to follow later

 

Lastly: Am I over worried about spectre and meltdown for nextcloud server?

Link to post
Share on other sites
medhunter
6 hours ago, Mindovermaster said:

IIRC, you only run your NAS on your guest network. It won't go on the internet. So would that count out meltdown?

I would connect to the internet at some time later.If so, should be concerned about meltdown Only?...If yes, some AMD CPUs are not vulnerable to meltdown, in contrast to spectre

Link to post
Share on other sites
+BudMan
4 hours ago, medhunter said:

Am I over worried about spectre and meltdown for nextcloud server?

Yes!!!

 

Unless you think the nextcloud code your downloading from nextcloud is compromised and spying on you using those exploits.

Link to post
Share on other sites
medhunter

I am not concerned about Nextcloud. I will be sharing my data and later exposed to the internet.

If no vulnerability using this scenario , then I may pick RP4

Link to post
Share on other sites
medhunter

So, Raspberry Pi4 is the best option?

Link to post
Share on other sites
  • 2 weeks later...
+BudMan

You have not called out anywhere near enough design considerations and budget constraints to be honest. Yeah sure you can use a pi as a cheap nas.. Will it meet your performance needs??

 

Pi 4 is pretty cheap option.. Yeah it could be a nas, yeah it could also serve up plex - 4k direct might be possible.  That would also depend on what your clients are going to be.  And for sure it could run say pihole.

 

They also sell off the shelf ready to plug in and go devices as well that can do all of that. Say something like

https://www.synology.com/en-us/products/DS118

 

Or even the ds119j might work or you.. Your at like 99 for that model.. Which would be same sort of price you would be spending on a pi4 with all the things you need to make it work. Case, power supply, microsd etc.. Cables.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Fezmid
      A look at Synology DSM 7 and Active Insight, the latest OS for your Synology NAS devices
      by Christopher White

      It's been more than five years since Synology released its current operating system, DSM 6. Earlier this week, the company provided a release candidate for install, so I decided to take a look and share the results of my exploration.

      Installation
      Before starting, it's important to remember that this is not a production quality release yet, so if you run production workloads, you should not upgrade quite yet. Even after DSM 7 is fully released, I'd recommend waiting a few months before upgrading your production environment, just to be safe.



      Having said that, the upgrade process was really straight forward. I simply downloaded the file from Synology's website, went to the Control Panel on the NAS device, selected Manual DSM Update, followed the prompts, and within 30 minutes, was running the latest version of the OS with no issues. However keep in mind that the upgrade was performed on the DS720+ review unit, so while it had several volumes and an SSD cache, there were no virtual machines, Docker containers, or the like which could have made the upgrade a little more difficult.

      GUI
      The most obvious thing you'll notice is that the overall GUI is more polished and modern looking now. The login screen no longer prompts for a username and password, instead pushing the password request onto a second page. This was done because the login process supports some new authentication methods that I'll touch on later.

      DSM 7 (left) vs DSM 6 (right) The main desktop includes a nice default wallpaper, in contrast to the stark blue default from the previous version. The new icons arguably look a little nicer, and overall the interface is just a bit more responsive when navigating and opening applications, which is nice. Overall though, this isn't a major overhaul that will require any sort of learning curve for existing users: Everything is still in the same places that you're already used to, it's just all a slight bit nicer.

      Storage Manager
      From a user experience perspective, the Storage Manager is where most of the visible changes have been made. The previous version of DSM, while straight forward, still made some assumptions that the user understood how storage worked. With DSM 7, Synology has attempted to streamline the process.



      The first change is that, after starting the Storage Creation Wizard, you're presented with a nice graphical depiction of what a storage pool and volume is and how that relates to the physical drives in your NAS. After you click the start button, you're asked what type of data protection you want to use, with descriptions of what they all mean, told to select which disks will be part of the pool, and how much disk space to allocate to the volume. The whole process takes less than a minute to setup your pool and volume.



      That said, there are still some minor display issues, most notably under the Usage Details section, where you can clearly see that the provided note about how the system calculates usage is cut off at the right, and the window doesn't provide the ability to resize. Minor issues like this are expected in a release candidate.

      The updated view in Storage Manager is much clearer in showing that a volume is part of the storage pool.



      One of the new features to Storage Manager that will be a welcome addition is "Fast Repair," which is enabled on the volume by default, and may be the best update in DSM 7. Whereas in previous versions, replacing a drive required a complete resync of the disks to ensure it was consistent, Fast Repair skips all of the unused space in a storage pool so that the repair is done faster. I put this to the test by pulling out a 4 TB drive and then putting it back in, and instead of taking hours to repair, was done in only an hour and a half. This means when replacing a failed drive, your data will be at risk for far less time than in the past, a welcome addition.



      Even more important than streamlining the initial configuration of a pool and volume is the streamlining of replacing drives in the system. After removing one of the 4 TB drives and then re-inserting it, I was given an option to manage the new drive, giving me selections such as "Repair storage pool," "Assign as hot spare," or even, "Create storage pool." After clicking the repair button, I was asked to select the drive and then click the apply button. This is much more streamlined a process than with DSM 6, and is a welcome addition.

      Active Insight
      One of the best improvements with DSM 7 is the addition of a new feature called Active Insight. In essence, it's a remote monitoring system that allows you to see the status of all of your Synology devices through a web portal, and get immediate notifications for any errors. If you have multiple devices, you can see the status of all of them from a single pane of glass.



      Using the feature requires linking your device up to your Synology account and then enabling the feature. You can decide if you want the basic monitoring, so you're notified of storage pool degredation, failed drives, and the like, or if you want all of your performance data sent to Synology for easy remote monitoring.



      After enabling Active Insight, you can navigate to the Synology website (or click the link in the interface) and you're brought to an overview page that shows all of the events that have occurred in the last seven days, as well as the real-time metrics of your device. In the above screenshot, the red underline on June 3rd shows you that there was a critical alert and has been resolved, while the solid yellow shows a warning that has not yet been acknowledged and closed.



      Clicking on the Host menu will bring up an information card for every Synology device you have registered with Active Insight, showing basic CPU and memory utilization, as well as network traffic, drive performance, and storage utilization. If you have multiple devices, you can filter based on the model number or, more importantly, any devices that currently have a warning or critical alert associated with them. For enterprises that have a large number of devices, this could be an extremely useful feature. If you only have one or two devices at home, I suspect most users would simply login to the device itself for this information.



      If you want more specific information about an individual host, you can click on the card and see performance data, what services are running on the device, a graph that shows the storage usage over time, and any events that have occurred.



      The Performance tab shows a lot of data, from high level information such as volume utilization, down to statistics such as read and write latency, the number of IOPS, and the overall throughput of the volume. You can change the timeframe of the graphs from 6 hours up to an entire year. In addition, if you hover your cursor over a specific time, a vertical red line is displayed on every graph, allowing you to highlight a potential problem area and see all of the stats associated with that specific time.

      While overall I love Active Insight, the downside is that you're now sharing performance data with a third party. While your private data is still safe in your own location, some people who are security/privacy focused may have purchased a home NAS in order to keep everything within their own walls and to not share anything with a third party. Most of the data available in Active Insight is available directly on the NAS device itself, including the ability to send notifications for errors, it's just more work to setup, so I can see casual users really benefiting from this functionality.



      The other shortcoming with Active Insight is that, while it will alert you of issues that impact your NAS, there is no immediate check on whether the device is sending data or not. If the NAS device is offline, Active Insight simply shows no data for the duration of the outage.



      After opening a ticket with Synology about this shortcoming, I found the Custom Event tab in the Management section that lets you create notifications for various system events. By default, there are no events associate with any devices, although there is a default event called "Disconnected from Active Insight server." Unfortunately, the default is set to send a warning after a NAS device is unresponsive for an hour and a critical alert after 12 hours, which seem like rather high defaults, and although you can tweak them to meet your needs, the level of granularity is an hour, and you can't use decimal points in the fields. Hopefully Synology updates these thresholds.

      It's important to note that Active Insight appears to be a feature that Synology will be charging for in the future. When registering your device, you sign up for the Beta plan, which gives you access to customized events, 1 year data history retention, and metrics updated every minute. There's no word on what the price will be when the service exits beta.

      Security
      Synology has allowed users to use two-factor authentication for a long time, and it's something I highly recommend everyone enable. With DSM 7, Synology is giving users even more flexibility when it comes to authentication. Instead of using only a username/password combination or a username/password/two-factor combination, the latest version of DSM allows you to configure a hardware security key (such as a Yubikey), Windows Hello, or macOS Touch ID, or simply approve a login via the "Synology Secure Signin" mobile app. That said, enabling these advanced authentication methods will take some time and require a bit of work on the administrator's part.



      If you want to configure passwordless authentication with the new mobile app, you'll need either a public IP address for your NAS device or will need to enable QuickConnect or DDNS to setup the remote access. If you want to use a hardware security key, you must have a registered domain address over hTTPS and cannot use QuickConnect.

      As with DSM 6, you can use two-factor authentication with an authenticator app, but whereas you could use other authenticator apps in the past, with the new version of DSM, you appear to be locked into the Synology Secure Signin app, which feels like a step backwards.

      As with Active Insight, some people may not want to expose their device to the Internet at all, making this feature not very helpful for them. However if you're ok with connecting your NAS device to the Internet or using QuickConnect, these new features could be very helpful.

      Synology Photos
      Synology is deprecating the use of Moments and replacing it with Synology Photos. In my limited use of the product, it looks very similar to Moments (you can see my review of that product from 2018 here). Usage of Photos looks very similar to Moments: upload photos, and it categorizes them based on the year and month. You can then create albums based on the pictures you've uploaded. By default, DSM 7 will use facial recognition to categorize the same people into groups, but while Moments would also use AI to detect other things like cats and dogs, Photos seems to have done away with that feature for some reason. I don't understand why they would remove such a useful feature, especially since all of the processing is done on the local NAS device, so hopefully they'll bring it back once DSM 7 is officially released.

      Other New Features
      While I talked about a lot of the visual features of DSM 7, many of the updates to the operating system are actually behind-the-scenes or for enterprise implementations.

      According to Synology, a lot of work has been done around the SSD cache. When I reviewed the DS720+, I recommended against using an NVMe drive as cache in a home setup because there was simply no performance benefit. However, according to Synology, you can now use the cache to store all of the Btrfs metadata, which should speed up file access and searching. Since building cache takes a long time, I'm hoping to be able to test this in the future. Another update is the ability to add and remove the cache without impacting availability to the volume, a welcome addition, albeit one that probably doesn't get used too frequently.



      Another feature that is nice to have, but is relatively minor, is the ability to lock the USB port. This protects the NAS device from someone plugging in a device and automatically copying potentially harmful files onto the server.

      There are also some features that have been discontinued, such as using USB devices such as Bluetooth dongles and 3G/4G dongles, so be sure to read the release notes for more specifics before beginning the upgrade.

      Conclusion
      Overall, while DSM 7 isn't a revolutionary upgrade, there's sure to be at least a few nice additions for everyone. Considering it's a free upgrade, once the OS is available, there's no reason not to install it and take advantage of what it has to offer. Just make sure you have backups in place in case something goes wrong.

    • By hellowalkman
      Pine64's Quartz64 model-A SBC delayed, will now launch alongside the model-B
      by Sayan Sen

      Every month, Pine64, a community-driven manufacturer of low-cost ARM and Linux devices like single-board computers (SBCs), Linux phones, and such, releases an update on its latest developments. The update for the month of April is out today and for those looking forward to Pine64's new Quartz64 model-A SBC, there is some bad news as its production appears to have hit a snag.

      The development team has learned that the Gigabit Ethernet PHY which was intended to be used originally is currently out of stock and potentially as a consequence of that, the price per unit of these chips has apparently increased by 850%. As a result, to prevent further delays to the model-A SBC, the team will be replacing the unavailable PHY with something else. It is now expected that the model-A will launch alongside the Quartz64 model-B.

      Quartz64 model-A The Quartz64 model-A is the first from Pine64's newest lineup of 'Quartz64' SBCs that was introduced in the company's January update and later detailed in February. The board has a similar footprint to the ROCKPRo64. However, it is not a successor to it and instead intends to replace the Pine A64 and the ROCK64 SBCs.

      Coming to the Quartz64 model-B, this one has a similar layout and appearance to that of the ROCK64 non-Pro edition, unlike in model-A. The Model-B will pack either a Realtek Bluetooth/WiFI chipset or a Bouffalo BL602. Most of the other feature set appears similar to that in model-A.

      Quartz64 model-B It has also been announced that PinePhone BETA Edition and the Pinebook Pro orders prior to April 12th will be shipping out this month and if you ordered one or is just plain curious then you should keep an eye on this official shipping update thread. There are also several other announcements and developments in this April update which you can view by visiting the official blog here.

    • By Steven P.
      It's World Backup Day: Are you protecting your data?
      by Steven Parker



      Have you heard of World Backup Day before? You should have, because we emphasize it on a yearly basis! If you're new here, or just happen to avoid reading Neowin every March 31st, World Backup Day is "a day for people to learn about the increasing role of data in our lives and the importance of regular backups."

      Think about it. How much personal data do you have on your phone? There's undoubtedly a bunch of photos and videos. How about your computer? Do you have any important tax documents? Excel spreadsheets and Word documents? Maybe you even have a Plex server filled with personal music and television shows?

      Now imagine your phone is on your home network and gets infected with Ransomware. It encrypts everything on the device and then worms its way to everything it sees on your network, while also deleting all of your cloud storage. Your photos, videos, documents, and music are all encrypted. What would you do?

      With a backup, it's important to have multiple copies of your data. At the very least, you want two copies of the data, but ideally you want at least three, with one copy stored in a separate building from where you live to protect against fire and natural disasters. You should also think about having an offline copy so that if you are hit with ransomware, it won't be able to destroy the offline copy.



      Of course World Backup Day is about more than just backing up data: It's also "a day to talk about the enormous task of preserving our increasingly digital heritage and cultural works for future generations." Think about your old 8mm film, or your MiniDV tapes that can only be read via FireWire, or your thesis paper you wrote using Word Perfect 5.1 on DOS and come up with a plan to modernize the information so that your future generations will be able to admire it, instead of simply finding a 5.25" plastic square, shrugging, and throwing it in the garbage.

      Poll
      My backup strategy consists of
      Not backing up at all Online backup Offline backup Online and offline backup Submit Vote If you already backup your data, share your strategy. If you have modernized your data, let us know how you did it. And if you haven't done either of these things, take the pledge to not only backup your data but to also modernize it.

    • By zikalify
      Gigabyte launches new servers with new AMD EPYC 7003 processors
      by Paul Hill



      Gigabyte Technology has announced over 40 servers and server motherboards that come with or support the new AMD EPYC 7003 Series processors. The firm said that these new servers are exceptional in high-performance computing (HPC), HCI virtualization, cloud, and data analytics and that they’re suitable for on-premises or cloud data centers.

      The latest generation of Gigabyte servers have been tested and are ready for AMD’s latest EPYC processors. Gigabyte has several series in their server line-up including the R-series, H-series, G-series, S-series, and M-series. The full list of devices is as follows:

      R-series R152-Z30, R152-Z31, R152-Z32, R152-Z33, R162-ZA0, R162-Z10, R162-Z11, R182-Z90, R182-Z91, R182-Z92, R182-Z93, R262-ZA0, R272-Z30, R272-Z31, R272-Z32, R272-Z34, R282-Z90, R282-Z91, R282-Z92, R282-Z93, R282-Z94 H-series H242-Z10, H242-Z11, H252-Z10, H252-Z12, H262-Z61, H262-Z62, H262-Z63, H262-Z66, H262-Z6A, H262-Z6B G-series G242-Z10, G242-Z11, G292-Z20, G292-Z22, G292-Z24, G292-Z40, G292-Z42, G292-Z43, G292-Z44, G492-Z51

      S-series S452-Z30 M-series MZ32-AR0, MZ72-HB0 Each of the new products from Gigabyte supports up to 64 cores and 128 threads, up to 4TB of DDR4 memory (up to 3200MHz) can be installed in each socket, and there are 128 to 160 PCIe 4.0 lanes available between the CPU and drives or accelerators.

      As part of its offering, Gigabyte provides Gigabyte Management Console (GMC) for BMC server management via a platform accessible through a web browser. Gigabyte Server Management (GSM) software is also available for download and allows you to monitor and manage several servers easily.

    • By Fezmid
      Review of the four-bay QNAP TS-453D NAS device with 2.5GbE networking
      by Christopher White

      Cloud storage is great for many things, but if you want the absolute fastest performance within your home or office, or if you just want to have more control over your data, then a NAS device is definitely the way to go. I've reviewed many such devices over the years from vendors such as Synology, Thecus, and QNAP. Today, I'm going to take a look at the QNAP TS-453D, a 4-bay NAS device that has one specific special feature: Built-in 2.5GbE for faster network performance. How does it perform? Let's find out!

      Specifications
      Powering the QNAP TS-453D is an Intel Celeron J4125 2.0 GHz quad-core processor. By default, the device has 4GB of DDR4 RAM, but with two SODIMM memory slots, you can easily upgrade the device with up to 8GB of memory. My review unit had 4GB of RAM in it, which made virtualization testing difficult.



      There's a single 120mm system fan in the back to keep theTS-453D cool. I had it running in my office for over a month and found it to be very quiet, so it won't be distracting in a home office setting. QNAP has it rated at 21.1db.

      CPU Intel Celeron J4125 quad-core 2.0GHz, burst up to 2.7GHz, with AES-NI encryption Memory Up to 8GB (2x4GB) SODIMM DDR4 2400 MT/s Disk Capacity 72TB (18TB drive x 4)

      Network 2 x 2.5GbE (RJ-45)

      USB Ports 1x USB 3.2 Gen 1 (5Gbps) in front, 3 x USB 2.0 in back, 1 x USB 3.2 Gen 1 (5Gbps) in back

      NVMe Slots None Other 1xHDMI 2.0, 1xIR Sensor, 1xPCIe Gen 2 x2, 1xCopy Button Size 6.61" × 6.69" × 8.9" / 16.79 x 16.99 x 22.61cm

      Weight 4.98lbs / 2.259kg

      From a connectivity perspective, there are two 2.5GbE ports on the back that can be aggregated into one to improve performance. Note that you can't double your throughput from a single stream, but rather the aggregation can be used as either failover in case a switch port dies, or to improve bandwidth on multiple streams, assuming your network equipement supports this functionality.

      Hardware Installation
      Back in the day, there was something to talk about with the hardware installation section. It usually required unscrewing a front panel to access the drive bays, and then screwing the actual hard drives into the sleds before undoing the whole thing. Nowadays, pretty much every NAS device has easily accessilble hot-swappable drive bays and the sleds are tool-less, meaning you just snap them into place and slide them into the array.



      The QNAP TS-453D falls into the latter category, with the only wrinkle being the device has a plastic shield in front of the drive bays. To remove the shield, there's a slide lock on the left side of the device that needs to be in the lower position before you're able to slide the plastic to the left in order to expose the drives. When the drives are in place, simply slide the cover back over the front - magnets help snap it in place - and then lift the slide lock up to keep it in place. It gives the TS-453D a cool look, even if it doesn't seem to offer any functional improvements, but note that it does seem to have a lot of static electricity that causes dust particles and pet dander to cling to it.

      After that, simply plug in the included Ethernet cable, connect the power, and turn it on.

      Initial Setup
      Initial setup is normally pretty straight forward, but I had some issues with the QNAP TS-453D.

      My initial test had the NAS device as well as my PC plugged into a QNAP 2.5GbE switch. This switch was plugged into a Ubiquiti US-8-60W, an 8-port switch. The switch, in turn, is connected to a 24-port Ubiquti switch, which ultimately connects to the Synology RT1900ac router that provides addressing via DHCP.

      With this configuration, my PC was able to obtain a DHCP lease, but the TS-453D was not receiving an IP address. After some troubleshooting, I disconnected the NAS from the QNAP switch and plugged it directly into the 8-port Ubiquiti switch, and the device was able to obtain an address. I had to then hardcode the IP address (something I would recommend for any server on your network anyway) before plugging it back into the QNAP 2.5GbE switch. Since then everything worked fine, but I still don't understand why it wasn't able to obtain a lease through the initial configuration, and QNAP support was stumped as well. After the initial setup, I was even able to re-configure the device to use DHCP, and everything worked fine.



      Other than this minor hiccup, the initial installation was simple. After installing the QFinder Pro application on my desktop, the device was detected and I was given the option to go through the Smart Installation Guide to start the initial configuration.



      The system starts by asking you to click a button to upgrade to the latest version of firmware, a process that takes several minutes to complete. The current version is QTS 4, similar to Synology's DSM 6.



      Next, you follow a typical installation wizard, where you set the name of the device, set up an admin password, set the timezone, configure network addressing, and determine which file services you want to enable, a combination of SMB/CIFS, File Station, AFB, and NFS.



      You're then presented with a summary page to review before clicking apply and setting up your new device.



      After waiting a few minutes for the system to configure, you're done with the initial setup!

      Disk Configuration
      After the initial setup, the next step is to configure your disks in a way that makes the storage usable on the network. This process, like the initial setup, is also done via a wizard that walks you through each step.



      When you first go into the Storage menu, you're greeted with a message noting that you have no volumes or storage pools, and are told to click the "New Storage Pool" button to begin the process.



      One of the advanced features that QNAP provides is the ability to auto-tier storage. Called Qtier, it allows frequently accessed data to be automatically migrated to SSDs, while less accessed data can be moved to SATA disks. This would be a useful feature for a larger array, but for a NAS device with only four disks, most people are probably going to simply use four of the same types of disks.



      After determining whether you want Qtier (you probably don't on this device), you select the disks to put into the pool and determine the RAID type. For the review, I put the four disks in a RAID-5 configuration. This means that one of the four disks is used for parity, meaning if one drive fails, I won't lose any data. It's important to remember that RAID is not a backup and that you should still have a second copy of your data somewhere else and a third copy offsite.



      Next, under the Configure tab, you can enable SSD over-provisioning if you're using SSDs, and when the system should alert you regarding free space. You're then presented with a summary page telling you the settings for the storage pool before you click Create to start the process.

      Now that you have a Storage Pool created, you can make one or more volumes that live in that pool. Since I only have four drives, I created a single volume.

      There are three types to choose from. The more basic form is the Static Volume. It's created directly on the RAID group and has the best performance for random file access, but lacks advanced features such as snapshots, that you may want to use as part of a backup plan. The second type is a Thick Volume. This volume type provides snapshots, can be easily extended, and is what QNAP recommends for most uses. Finally, you can create a Thin Volume. This type only uses the storage space as data is written to the volume and are useful when creating multiple volumes as they ensure space is used efficiently. The prevailing theme continues here: These are awesome features for larger arrays, but for a small four-bay array, Thick Volumes are the way to go.



      After selecting the volume type, you select how much of the pool is allocated to the volume, and what size blocks you want. If you're working with large files, like pictures or video, selecting a larger block size will improve performance, whereas smaller files could benefit from a smaller block size.



      As with the other QNAP wizards, you're presented with a summary page that lays out all of your selections before you finalize the configuration. The actual length of time it takes to create the volume depends on the size and speed of the drives.

      Performance
      There used to be a time when different NAS devices had somewhat significant differences in read and write performance on a regular Gigabit Ethernet connection, but those days seem to be gone, with NAS devices practically saturating the connection.





      The QNAP TS-453D is no exception. Transferring large (multi-gigabyte) files to and from the NAS device yielded 113 MB/s, while copying smaller (several megabyte) files to and from the NAS was slightly slower, clocking in at around 104 MB/s. Both are very fast and about the maximum you can expect from the network.

      Where things get interesting is with the TS-453D's built-in 2.5GbE NIC. In theory, this promises 2.5x the performance, assuming you have a network that supports these speeds. For the review, QNAP sent me the QSW-1105-5T, a 5-port unmanaged switch. Since the switch is unmanaged, there's no configuration. Simply plug it into your network, and you're good to go. The QSW-1105-5T retails for roughly $110.



      After running through a series of file transfers, I found that copying large files clearly showed nearly a 2.5x speed improvement. Instead of the copies capping out at 113 MB/s, I saw up to 280 MB/s, a significant improvement. When it came to copying small files, the increase was only 2.2x, increasing from 102 MB/s to 222 MB/s, but that's still a great bump in performance.

      If you want to upgrade your network to support 2.5GbE, you'll be extremely happy with the performance of the QNAP TS-453D.

      Virtualization
      I first explored QNAP's virtualization in the TS-451 back in 2014, and it's clear the company has improved the user experience since then. To get started, simply download the VirtualizationStation from the App store.

      The first difference I realized was that there's no longer a need to use the second NIC to access the virtual machines, a welcome improvement. After installing VirtualizationStation or ContainerStation, the system automatically creates virtual switches that manage the internal networking of the devices.



      The entire interface of VirtualizationStation 3 has streamlined the process extremely well. In addition to creating your own VMs, there's a VM Marketplace. Similar to the QNAP App store, these marketplace has ready-to-use appliances. To use one, simply select it, provide some basic information like the name, CPU cores, and memory, and QNAP takes care of the rest.



      VirtualizationStation also has a button on the main page to "Try a free Windows VM" for browser testing. Clicking this automates the process of downloading a Windows 7 or Windows 10 image with a specific version of Internet Explorer or Edge for your testing. Alternatively, you could use this as a way to build a secure browsing environment, similar to the process I described using VirtualBox.



      If full operating systems aren't your thing, you can look into QNAP's ContainerStation, which allows you to pull Docker images from any registry (Docker Hub by default). Simply type what you want and the image is automatically pulled down.

      Since I only had 4GB of RAM in the review unit, virtualization was difficult. By default, the Windows 10 image wanted to use 4GB of RAM itself, but after accounting for the QNAP OS, I only had three to spare. I was able to modify the requirements, but that negatively impacts performance: It took over two minutes to boot up the Windows 10 VM. It also means that, unless you're running small instances, you won't be able to do much with the virtualization unless you upgrade to 8GB of RAM.

      Miscellaneous Observations
      The review has really only touched upon the main features of QTS, but there are many more I haven't looked at, such as iSCSI targets, snapshots, and HDMI output. There are also a wide variety of apps to make the NAS device do whatever you want, from serving up music and photos, to running a full-fledged Content Management System with Joomla. Many of these features (like Joomla) probably require a much bigger box, but the point is that the only limit to a NAS is your imagination.

      Running QTS feels very similar to Synology's DSM, but there are some key differences. From my experience, the DSM interface is a little cleaner and more streamlined, whereas QTS has more features provided front and center. For example, snapshots are a menu option in QTS, whereas in DSM, you have to download the Synology Replication Service. Snapshots can negatively impact performance, as QNAP states a reduction between 5 and 30 percent. Both approaches have their pros and cons.



      The one (very minor) complaint I have about QTS is that applications are installed in the middle of the desktop. This means when you're using various tools, the icons are covered up and it's harder to access them, whereas DSM puts the icons on the left side of the screen, out of the way. It's a minor observation, but one that I've often thought should be user configurable.



      The other observation I wanted to make is that the black plastic that covers the drive bays attracts dust like no other device I've seen. The material, especially in a Minnesota winter, has a lot of static electricity that just pulls in dust particles. So while it looks sleek right out of the box, if you have any pets at all in your house, expect their fur to cover the front within hours, if not minutes.



      Finally, the QNAP TS-453D does support a PCIe Gen 2 x2 card. This can be used to provide 5GbE or even GbE. You can also purchase a QM2 card that allows installation of M.2 SSD slots if you want to add more storage. Although I haven't tested this, but unlike Synology, QTS apparently allows users to configure those drives as extra storage instead of just cache.

      Conclusion
      The QNAP TS-453D is a robust piece of hardware that supports many advanced features, although many of them won't be useful on this model due to lack of drive bays and RAM. However if you're looking for a small device for your home environment that packs great performance along with amazing transfer speeds at a reasonable price, this NAS device should be on your short list. While most people don't have a 2.5 GbE switch, adding one to your network is a relatively cheap upgrade compared to the performance increases you'll see and is definitely a worthwhile upgrade.



      If you have bigger storage needs, or want to do more with virtualization or other features that require more performance, QNAP has other devices that might fit the bill.