Professional cheap NAS solution
Posted by tapplz@reddit | sysadmin | View on Reddit | 59 comments
We've used Windows hosts, on an ESXi mini stack at every (17 different) locations, with the windows VM playing SMB host.
With ESXi renewals being pricey we've dumped the need for VM's at the locations, but still need the network shares, and still have these capable HPE servers at each location.
I'd prefer to simplify and get rid of Windows as well. I know TrueNAS is an option, but my superiors fear the phrase 'open-source' based (don't get me started, I know). Are there any closed source bring-your-own-hardware NAS solutions?
If I have to replace them (they're old-ish servers anyways), are there reliable NAS units that aren't $3000+ each? Synology and QNAP seem like cheap garbage, Ugreen is too new to trust in a sensitive environment, and Unifi UNAS doesn't support Active Directory without a crazy subscription (I bought one and tried, no dice).
dustojnikhummer@reddit
Well, they can pay for TrueNAS if they really want to... But man, management that fears opensource... Truly a 1980 brain.
tapplz@reddit (OP)
Sounds like them, yeah.
notarealaccount223@reddit
You could also consider something like Azure Files or Azure Files Sync.
Just do everything over the Internet or cloud backed cashed locally.
Then you get one solution that supports all sites.
tapplz@reddit (OP)
That's, not the worst idea I've heard. Added as something to look into.
Danny-117@reddit
You could just move to proxmox and keep the windows VMs
tapplz@reddit (OP)
If I'm keeping Windows I'll just install bare metal. Plus then I have to worry about protecting/updating/etc. I've got a chance to ditch the high maintenance and simplify. I'm just dreading the idea of going to a plastic Synology box. Used them in the past a few times and I've never been a fan.
SimpleSysadmin@reddit
Why would you want to do bare metal? Even if only running 1 VM on hardware it’s still worth it, it makes backups, restores, migration so much easier.
tapplz@reddit (OP)
Esxi renewals x17 locations make the small benefit not worth it. Hypervisor is just windows on bare metal with extra steps. And the only part I care about is the smb data, which I can back up to a remote central nas. And all other virtualization options are open-source. See ridiculous anti-open-source issues above.
bageloid@reddit
You know you have to protect and update Linux too, right?
Vast_Fish_3601@reddit
>I'd prefer to simplify and get rid of Windows as well.
>Unifi UNAS doesn't support Active Directory
>>>>>Active Directory
>but my superiors fear the phrase 'open-source' based
>are there reliable NAS units that aren't $3000+ each?
>Synology and QNAP seem like cheap garbage, Ugreen
This is just rage bait?
Install hyper-v server, run 1 VM with a file server? How do these replicate? Million other questions and considerations, the problem is not the NAS in this post.
xxbiohazrdxx@reddit
Windows makes for a piss poor file server.
If op wants to do bare metal then I’d suggest the ZFS route so you can actually have snapshots/previous versions
tapplz@reddit (OP)
Meaning a linux distro instead? I'm mulling it. My team isn't linux savvy, so there would be training added. Also assuming I can avoid the open-source argument.
Anticept@reddit
Your superiors need to be shown how currently open source rules the world.
There are more Linux servers than windows servers.
The global market share of android is 70+% compared to apple iOS
A significant, maybe even a claim of majority, amount of routing products firmware is Linux based.
Maybe they think open source = shitty support? Red Hat exists. Ubuntu Pro exists. TrueNAS support exists. Proxmox support exists. Opnsense, pfsense...
Maybe they just need to hate on something. I'f you can figure out what it is about open source they are so afraid of, maybe you can direct it to something specific that deserves the ire.
tapplz@reddit (OP)
No need for any virtualization. I just need an SMB share that's running off something more reliable then a Synology unit, and cheaper than a brand new Netapp.
TrueNAS fits the bill but I've been shot down due to their open source fears.
And UNAS is a walled garden that refuses to play with active directory.
thebotnist@reddit
I know you probably know this, but all the big boys also use open source. I know for sure Synology is some kind of *nix, and I wouldn't be surprised if Qnap is the same. Of course they put their special sauce on top and offer support.
I suspect they'd feel better with a support plan perhaps? TrueNAS offers such.
Lastly, I don't know the situation but it sounds like they don't trust you. Did you pitch them with something like "open source can do it?" or "I know this free software that can do it?"? If so, I wonder if the conversion would have went differently if you simply said you have the solution and you'll get right on getting rid of those windows servers.
tapplz@reddit (OP)
The guy above me scared the board and C level years ago. It'll take time to undo the mistrust.
thebotnist@reddit
Ahhh that stinks! Maybe try pitching the TrueNAS with support?
tapplz@reddit (OP)
"it's based on open-source".
I think their worry is others can see and find exploits easier since the code is out there. It's not a good argument at all, but they've made up their mind on the topic long before I ever started working there.
Cormacolinde@reddit
The TCP/IP stack in Windows was based on open source, for fuck’s sake.
FRSBRZGT86FAN@reddit
Do you even work in IT? Your job is literally to prove the best solution.
The answer is literally any Nas solution. Do you have internal vuln scanning? Do you have standards like ISO or SOC to follow?
Buy a nas and keep it up to date and lock your environment down appropriately
tapplz@reddit (OP)
Must be nice to work in an IT dept where you can just dictate how everything will work, and you don't have to report to board that is scared of everything in the world coming to get their data.
Either you work in a tiny office you can control without question, or you're far enough down the totem pole in an enterprise that you don't need to deal with the office politics.
FRSBRZGT86FAN@reddit
Absolutely not I work at a 1500+ person company and I explain everything to the board with my CIO. Constant politics. You are either burnt out or not trying hard enough.
You can get a dual controller Synology to reduce risks and keep it up to date, you can get a truenas, or spend more for something smb native. Your post lacked a ton of detail so people are rightly roasting you for it.
tapplz@reddit (OP)
You're the only one being a dick so far. Others are just offering suggestions.
macmanca@reddit
I don’t know how running bare metal vs Hyper-v is easier. Sure you have 2 servers to update but as a file server you can setup for auto update windows update to make easier.
tapplz@reddit (OP)
The goal is zero copies of windows and zero reason to ever log on to the thing/monitor it/curse and scream about windows update breaking some basic part of it. I've got many other Windows Server instances to manage, 17 more bare metal is crap. 34 more, half bare metal, half virtualized doesn't help anything.
macmanca@reddit
Understand but you said your team does not handle Linux so you’re mostly a Windows shop. For me adding 2 servers on top of the 100+ I manage is nothing.
tapplz@reddit (OP)
17 locations x 2 servers. If it were just 2 I'd be with you on that.
macmanca@reddit
Got it you have 17 off site locations and each need file shares. What space are you thinking? I would normally not suggest Sharepoint but if the shares are small it might work. Since you don’t want symbology and mangement does not want TrueNAS your very limited to Linux or Windows servers with SMB
LaxVolt@reddit
Go buy the ixsystems supported version of TrueNAS. They make excellent products and have great support.
A little secret for you. Every major storage provider leverages open source technologies.
tapplz@reddit (OP)
Oh I know that part. But the all-in-one unit does offer a feeling of complete product. Might fly under the radar. Thanks
n3t_admin@reddit
what fears do they have exactly? They're working with closed source Microsoft garbage that fucks them in the ass, but they still manage to shit on FOSS because... reasons? I don't even know what to recommend at this point in time. I am not aware of any closed source software for self hosting (because who would pay for that when you have excellent FOSS alternatives). Only other option would be Windows Server. Please don't go down the Synology route, we have two of those and they are the worst (and overpriced as well).
tapplz@reddit (OP)
Oh I didn't say their argument was rational, just their policy and line in the sand/hill to die on.
DonutHand@reddit
I don’t know. Seems like Trunas on your existing hardware or Synology are your best options based on most of your requirements.
Dry_Inspection_4583@reddit
Not to be flippant, but your leaders are idiots and shouldn't use computers if they are afraid of open source. If they think for one instant that open source code or direct implementation isn't in windows, android, all the things... Yah.
tapplz@reddit (OP)
Yep
renderbender1@reddit
I can't even figure out what youre asking for. Just run Linux with Samba
BWMerlin@reddit
Do you really need SMB shares or do you think you do? Could you shift to SharePoint?
tapplz@reddit (OP)
They want it local if the remote location loses internet. And I'm not running independent share points at each location
BWMerlin@reddit
Why would you need to run an independent SharePoint for each location?
Set up appropriate document libraries based on job function and permission accordingly.
tapplz@reddit (OP)
I'll be honest. I've avoided SharePoint so long you're probably right. Either way, we're running executables directly from the shares (I know, terrible). SharePoint won't do that
BWMerlin@reddit
While I have not tried it assuming that the exe and any dependant files are synced to the local device it may actually work.
Probably still better overall to deploy the executables via your MDM and do things the right way.
tapplz@reddit (OP)
Also, I hate sharepoint with all the fabric of my being.
Toinsane2b@reddit
Kill it all and use some cloud solution.
tapplz@reddit (OP)
Needs to be available even offline or I'd just make one smb shared between the locations.
concerned_citizen128@reddit
Buffalo Terastation is decent and has options from 2 to 12 bay. If all you want is NAS, it's very good. fFeel free to DM if you have questions.
tapplz@reddit (OP)
I'll revisit them. We used them in the past and they didn't seem all that different from a Synology. I guess the sofware was a bit more focused, not trying to be a do-it-all operating system.
Admittedly it's been a decade since I last used those.
concerned_citizen128@reddit
I have several in use. It's basic, but solid. I have one with 5 yrs uptime, excluding a couple firmware updates. Drives are high quality (usually HDS) and support is good.
concerned_citizen128@reddit
They ship with drives and have up to 5 yr warranty. Perfect business NAS. Not FOSS, in fact it's closed source, no app store.
RCTID1975@reddit
You have a lot of words in there that don't belong in the same post. Enterprise, cheap, sensitive environment to name a few
tapplz@reddit (OP)
Yeah... I know.
I think the only real solution is to bare metal Windows onto the servers, do the whole full security best practices, and accept I've got 17 more instances of Windows Server to monitor.
RCTID1975@reddit
It's 2025. Baremetal is never the answer
MrChristmas1988@reddit
Unifi NAS does support Active Directory, you are very incorrect.
tapplz@reddit (OP)
I'd love to be incorrect on this. I have one on my desk, please enlighten me.
My research shows that I need to either pay for Unifi Identiy Enterprise for all of my users (for just a couple of SMB shares this is overkill). Or have a Unifi Gateway or NVR on site for their Identity Hub.
I looked into the identity hub idea, but then it just sync's the users from my AD to their units on a cycle instead of querying the AD server (WHY??). At that point I gave up. On top of buying a gateway I don't want or need, just to make this work, Identity Hub is also in beta with a warning not to use it in production...
MrChristmas1988@reddit
UniFi Identity Endpoint Overview – Ubiquiti Help Center https://share.google/v3rIVqhhYk8ZfIVxR
I believe this is what you are looking for, let me know if I'm totally wrong, but it says free.
tapplz@reddit (OP)
The AD part there I think is the sync option, but it does look like it might not need the gateway like Hub does. I'll dig deeper, thanks.
vermyx@reddit
It does but requires a subscription and is not real time (i.e. syncs users locally on a schedule) so i agree with OP that it doesn't support AD. We currently use it as a NFS target which works fine for our use case.
djgizmo@reddit
lulz. you don’t even sysadmin if you think Synology is cheap garbage and refuse to have a windows server.
Main_Ambassador_4985@reddit
How many Windows VMs at each location?
What backup solution?
If you have Windows Server licenses and Windows VMs already then Windows Server Hyper-V is included for the host. Proxmox is a good choice also. Hyper-V fits into existing Windows management solutions.
If it was (1) Windows VM for CIFS SMB then many non-Windows options are possible. The sky is the limit. TrueNAS, Nasuni, NetApp VM, any enterprise Linux with Samba. It all depends on budget and backup solutions.
I used TrueNAS for NFS for ESXi for a year while we shopped for more flexible storage and settled on NetApp.
tapplz@reddit (OP)
Sorry, updating the post for clarity. HAD virtualization, killed it, just need the SMB now. If I can kill windows as well, even better. Less maintenance and monitoring.
Backups are handled via SMB copy to a third party system. Agnostic to the software solution used.