NAS or Dedicated Server

I have a need to expand HD space and share files through multiple PC's in the house. I have been thinking about a NAS like: http://reviews.cnet.com/external-hard-drives/buffalo-terastation-home-server/4505-3190_7-31765598.html?tag=prod.txt.3

I have seen these cost about $500 for 1 TB.

But looking in the "Desktop" section here I see a "barebones" setup that I could use a PC as a server that can have multiple bays and cost about the same.

Why would you get a NAS like above versus a Home built server?

grazzt

 

http://www.newegg.com/Product/Product.aspx?Item=N82E16822165075
1 TB for about half the price.

 

Why you need another server? I assume that you run Windows XP Home. Just add another hard drive into your main computer and create a share folder. Why do you have to waste money on another computer?

 

Me personally i would go for the Nas so that way if I'm trying to do something and someone wants to transfer a file it wouldn't have to come off my pc. Like ex. If i'm playing CS and someone is trying to transfer files = me lag = me die but that's just my take.

 

Good point. I currently do this now. But the desktop has become more of a work PC than a home PC. I would like to separate the 2. Also I would like to have the RAID capabilities.

 

Well, Just buy a RAID card? You are not going to get NTFS security with NAS. I can tell you that. I assume that your main PC had more than enough RAM, so addistional hard drive isn't going to slow down your pc at all. If you are going to buy another PC, I would just buy rack for RAID. It would make much more sense and cheaper than buy another PC.

 

Thanks for the quick response. My current PC does not have enough power/ram (5 years old). I will be building a PC. If I go with a full tower with 4 3.5 bays, I could use the PC as a server for everything I guess. Make the PC powerful enough to handle the extra HD space?

You mentioned NTFS security? What do you mean by this? I thought you can make any HD with an NTFS partition?

Would you also be concerned with putting all of your eggs in one basket? Meaning that all of you HD's are in the main PC.

Thoughts?

 

NAS external boxes use a Linux dev, and they're mostly limited to FAT32.

 

With this in mind, no 4.6 gig ISO files correct? I believe this is a limitation correct?

 

Some of the info given is incorrect on the file systems. Fat32 is limited to 2Gig.

NAS's are great, I use them if you look at my signature. SNAP 4500 + S10, Snap2200. Deciated so you do not have to have a PC on 24/7. What most do not reliese is the CPU Power to get RAID5 parity calculations. Most all are software raids. You will need a P4 class CPU or better if you want GigE performance. Hardware raid solutions are in most cases better since the card contains the CPU for doing the parity calculations. The major problem with them is $$$$ and if one fails you will need the same card to read your arrays. This is the reason most use Software Raid, and leave the hardware raids to corporations that have the resources.

NAS can be accessed from anywhere using FTP or VPN if you like. None of my NAS have the file restriction because they run Native Linux File System. With SAMBA doing the conversion for non linux hardware, MS. And I believe with most you can define what file system you want or need. When running non-linux file systems you are limited to that file system restrictions. If using Linux FS with Samba your restrictions is Samba limits if any is applied to it. So with FAT32 you have a max file of 2gig. But if you choose NTSF your restriction is what NTSF. If that is not large enough you must use Native NFS. The same applies to file names. Most of the time you are restricted to 32 chr. not 256ch like NTSF, you also have to be aware of the number of chr used in the total path. This one is a little odd, it just like path names on a ISO CD, max 8 deep ....

The cheap boxes are good for most users, it all depends on your application. If you want it for external storage or shared space they work fine. What you must realise is that the performance is not real good on most. Some have GigE ports but only have the speed of 100baseT. If you have need for Apple OS (v9 or X) most will give you the MAC OSX because it supports native Linux but not OS9.

If you are going with NAS you need to decide if you want to run RAID for data redundency. Most give you a option of RAID 0, 1, 5, with some 10. RAID 0 is not a redundent array. It is just the opposite, loose 1 drive in the set all is lost. Most prefer RAID 5 with 3 or 4 HD due to your yield is better than RAID 1.

If I recall SmallNetBuilder.com has done reviews on most Small NAS for home use. And has also articles on how to build your own.

Home Built vs commercial. The commercial will have all of the cmd in a GUI, end user friendly. Where as homebuilt you must know all of the linux cmds for everything. One wrong cmd and every thing is gone. So if your very good with Linux and don't mind the cmd line interface thats fine but beware one syntax error and yoiu may loose everything. But 99% of the time a user is much better off with a commercial package. If you build your own use good hardware expect to spend $2k for a system. So you are not really saving any money, with the only savings in the video card, bare minimum. If you are going to run MS Home Server, it's like anything else MS does, so expect it to be buggy.

 

Thanks blue! Now that was pretty detailed. Ideally I want to use it for the following:
- Music (Which I have gigs and gigs of)
- Videos (would like to store DVD movies, this is where I would see NTFS needs)
- Pictures (Which I have gigs and gigs of)
- Would like to have redundanance for protection purposes
- Would like to to link it with my PS3 to play misc, videos, pictures, etc. through.
- Network storage for 3 PC's in the house.

As for Linux, I would be a newborn as to I never used it before.

So in the end, would it be a NAS or Server that I should consider. Simple is good on my end but, learning something new is not out of the question.

grazzt

 

To grazzt

If I were you, I would just buy a new machine, which is you are going to buy it anyway. I also buy RAID card, so you got a hardware RAID to offload your CPU. Now, you got redudancy problem solved. You just share the folder with NTFS security. NTFS is far superior than Linux file system anyway. Since you are going to limit the access to certain folders, NTFS is the only answer.

Sure NAS that base on Linux is great for the old computer. It is still software RAID not hardware. You are getting a new computer anyway. Just go with the Windows. Personally, I did play with NAS, and I am not really impress with it. If it is for home, I would use Windows XP Pro or Vista. Windows is capable of FTP too. Sorry Linux people, I think Windows is an instrustry standard not Linux.

Of course, I user my server 2003 as file server at work. People can access my server either through UNC name or FTP.

 

Grazzt,

There are some Home NAS (Nexus) that should support your needs. There are 2 basic way to handle this. What I did was map a drive pointing to my NAS directory that had my music. The other way is have a server runing software. This was one of the reason MS came out with it's home server, trying to get that market. Now if your PS3 supports mapped drives, that is the way to go. If it supports FTP you will get almost twice the speed as SMB (MS overhead).

If you are going to buy a RAID card that has its own cpu expect it pay in excess of $1000. There is nothing wrong with a software raid. Particulary since Intel has added it to most of its chip sets. The cards in the $300-400 range are not Full CPU raid cards. On the MB with raid controllers you have to set this up before you install software. Most are through the BIOS and may require a small software patch for the OS.

The Nexcus 550? (not sure of the model) supports RAID5 with 5 drives, the normal setup would be a 4 disk array with a HOT spare. So if a drive fails it is automaticly picked up and starts the rebuild of the array. In raid 5 your capacity is the total drives -1 for parity. So 4 1T drives will yield ~ 3T. But in any case you still need to do backups. This is were most home users are lax. They expect the RAID to be safe enough. But do not take in consideration of a hardware failure, Then loose all. In business they do two things, one is backing up server to server, this allow for instant roll over, encase somethings happen. The other is tape backup. In any case you will need a UPS system to do auto shutdown encase of a power failure. You DO NOT WANT TO BE DROPPING THE POWER ON NAS's. These must be shut down properly to prevent corrupting your data. And what ever you get, you need to test your system before your in panic mode. I spent 2 weeks testing my Snap4500 to make sure it was solid. Even to the point that I was pulling the plug during writes trying to corrupt the array. Being a $5000 NAS it has a lot of features to keep this from happening, and worked well. And it has AV software installed for doing automated AV scans. Most Small home NAS do not have these features and the firmware not as polished.

Smallnetbuilder.com did some testing on these Home NAS's and raid controllers, I would suggest reading them so you know what you will be getting into.

Personally I like the stand-a-long NAS. Most all run Linux firmware which is more secure than MS, requiring 1/100 of the overhead.

Now there is software out like FreeNAS (still in beta) that can turn most any PC into a NAS. This works pretty well provided you use HW supported by FreeBSD v6. Then there are several packages for turning a PC into a FTP Server.

And if you want outside access you have to have some defense against hackers. Mine was getting pounded 24/7 from china, (brute force attack). This is where very strong PW are required for all users (and admin) if it can be access from the outside world. So I blocked their ISP complete network and changed ports. So far they have not found it yet.

 

Not in the $500 range, but take a look at Infrant/Netgear ReadyNAS. I've had one for a while now, and am about to upgrade the drives to 1TB drives, to give me ~2TB in a RAID 5 configuration (3 drives). When I need more space, I can add another 1TB drive. I access it from Vista, OS X, Linux and XP with no problems.

 

I was once Ddos'd from China as well so I routed all of their traffic toa null router. Still ate up some bandwidth though.

 

Out of curiosity, are you a network engineer or system admin? What kind of network are you running? What is your backbone server, router, swictch, firewall? What type of your business? The reason I ask because I run a large network with 4500+ employees and I never really seen a real threat from any hacker yet! I may have seen some people try to sniff openning port, but it wasn't big deal for me.

What type of firewall are you running? Do you use PIX or you use ISA server? How you set up your DMZ? I got my web server out there on my DMZ, and I haven't see anyone try to hack my organization web server yet. Yes, I do secure everything according to MS. I do belive that MS offers better infrastructure management than Linux. Kerboros authentication on Active Direcory can't be break or crack until this moment.

Do you have IDS? If you do, what kind of IDS you are running? How do you secure your port in your NAS? What kind of authentication that you use for your FTP? Are you using VPN? If you do, you are using PPTP ot L2TP? orsome types of certificate like SSL?

I pesonally never seen anyone can overwrite NTFS permission yet either!! My filer server is much more secure that a lot of people think. Have you try IPSec? You can sniff my traffic all day but you can't crack the encryption from my server, which is Server 2003. Yes, I endorse MS because it offers better solution of a large infrastructure than any server OS.

Any opinions would welcome.

 

Just a question what makes you think that someone hasn't already infiltrated your network and you just don't know it yet? MS isn't bad really, but in my honest opinion I think Linux is more secure. What certifications do you have to back up your opinions as I'm just curious, it seems that every person I've came into contact with who has a Microsoft server cert. thinks Microsoft is god, when really sadly no. As a matter of fact one of my best friends just got his micro server cert. and turned his back on going for his ccna/ ccnp which is a huge mistake imo. I'll stick to my CCNA/ CCNP going for CCIE, then possibly go for a microsoft cert. but not before. Cisco is where the jobs are in the current market, no one can deny that.

Also you do know that your firewalls and encryptions wouldn't stop DDoS attacks and it would be your network to its knees right? You might want to look into some new protection because these types of attacks are happening more and more from India/ China/ Russia mostly just IRC bot attacks. I've been hit before and it's not fun, I would recommend setting up a null router. Some ISPs will also set this up for you.

 

Oh, it is going to be a heat argument. I love it!! First, I would not ask you questions if I don't know what I am asking. I am not going to say what I have, but let put it this way. You aren't the only one who has CCNA/CCNP or MS Certs. I know what traffic go through my network, so I don't worry about hacking. DDoS isn't going to bring my network down. I can assure you that. There is just much more than just secure the perimeter network. I amn't just about firewall and all the stuff. I don't think you can hack my PIX. I have my DNS on my DMZ, and I don't see anyone can getin and make a copy of my zone yet. I don't think MS is a God, but they offer a products that can help your organization running. I mean running well.

How do you deploy application such as antivirus, spyware product, software or even the OS itself on Linux? How do you secure hardware device on Linux? MS can. I can prevent you from using USB all together from my console. This is just a small thing that MS Server 2003 can offer your organization. I amn't even talk about IPSec or password Encryption while you logon into your email from public network.

NASDAQ had SQL 2005 as a backbone. California power grid uses server 2003, and Hilton hotel also user MS. I am not saying that Linux is bad, and don't forget that Linux is open source unlike MS, so everyone can look at the kenel and make a modification or hack it.

Thanks for concerning my network, it is still up and running good. I am planning to move away from OSPF to EIGRP. Are you going to say it is a bad move too?

P.S. I can monitor my network traffic up to application layer not just network layer, so I think, it am fine. Got to go to luch. I love to hear back from you because we may learn something from each other. Our consultants from CISCO are CCIE too. They used to audit my network, so I think I learn a lot of tricks from them.

 

I'd like to know why you think DDoSing you're network wouldn't bring it to its knees. What kind of protection do you have agaist it? Is your ISP filtering all unwanted traffic to a null router? Are you? Odds are you aren't as 85% of business and ISPs don't have any protection once so ever. First Data one of the safest networks in the world (Visa, Master Card, AmEx, Discover, Bank Data) uses Linux for the reason that they can modify the kenel to make it that much more difficult to the points it's pretty much a completely diffrent system. You forget that there are more Pros then Cons to having Linux with an open Kenel if you have the resources to change it yourself.

I am really interested in what you have to stop DDoS, maybe try flooding your network with traffic and see what happens, I don't beleive you have any adequate protection to stop it at the moument especially if you have that many employees there's no way you're rerouting all unwanted data.

Edit- Also forgot to add if you're filtering all unwanted traffic to a null router it's still eating up YOUR bandwidth therefore the DDoS is still working just isn't bringing your network to its knees just making it slower and laggy depending on how much data you're being hit with. The only surefire way is to have your ISP filter it which most dont do and the ones who do charge a HUGE fee.

 

First, why you are so afraid of DDoS?Since firewall doesn't return ICMP or limited ICMP packet, excessive ICMP packet that tries to probe the network would be drop automactically. This is just a basic, and I am not going to give away the main strategy on this public forum. You are only worry about one type of attack. How big is your network? Are you even run one? You can sit a try to flood the packet through my firewall all day. If I have my firewall discard the packet, what else can you do? First, if I assume you are a hacker, I won't let you where I am on the network. What can you do? I am invissible on the network. You can spend all day to probe me, but it is pointless probe something that isn't even there. You got my point?

Trust me, they use Linux for their custom application or web server application. The backbone is still Windows. You can't get away from Windows. Our custom database application is run on Linux Suse too, but our backbone is still server 2003. A few people use Linux to run their infrastructure, they use Linux to run certain application like E-commerce, database like transaction or book hotel, airline, and etc. You have to know the different and role of the servers. Let me ask you this. If you don't use Windows, what else you use to replace active directory? Are you using Novell in your company?Well, we don't.

We have many CCIEs audit our network. I would take CCIEs words than your. Don't worry. I run everything that CISCO has in their products lines. MS uses their products that they sell too. I haven't seen they have been hack yet? I ever run the big network? I don't see you say anything beside DDoS. There are plently of attack out there, but know what I am doing, so I don't really worry about anything.

Hey, certifications don't mean anything to me. I don't have to brag about what I got because it isn't what I aim for. I want to be more dynamic and adaptability to the situation. Have you ever run ISA 2004? How do you know it bad? Do you know what is the different between PIX firewall and ISA 2004? Do you know the weakness of PIX and ISA 2004? You have to answer those question first. Don't just come and say that I don't have adequate protection, and you aren't even know my network layout. You aren't evenknow what port I have on my firewall. You aren't even know where I am. Right now, I am in the dark, so there is no point for you or someone else to attack me if you don't know where I am.

You can have as many weapons as you want, but it is pointless if you can't shoot at me. You get my point? The bad guys from whereever can do whatever they want, but they don't know where I am, so I am fine. I monitor my incomming and outgoing packets all the time, so I know when I am being attack or infiltrate. The CIO would not keep me around if I don't know what I am doing. Just my 2 cents.

 

Everyone,

Thanks for the advice. I really liked the http://www.smallnetbuilder.com/ website. Lot of good information there. I will be building a new machine but I want to make it as small as possible. The machine may go out every once in a while so I would like to keep the network separate.
grazzt

 

Sorry I completely forgot about this thread until just today.
You asked why I'm so worried about DDoS, well what is the number 1 reason networks go down today? What is the biggest threat to US cooporations? Ddos from China/Japan. There's no way you're completely in the dark unless you don't allow your users to browse the internet at all, which they probably do, unless you're a Data Center? With top notch security ex. no usb ports, no disc drives , no floppy drives no nothing. Maybe you are then what you're saying makes sense otherwise no.

If you don't think DDoS is a threat to your network, especially if you're not what I listed above you're gravely mistaken. They may not get any information that's not what I'm talking about. If you have a limited number of bandwidth and you're getting DDoS it's going to cripple it. You'd be flooded by hundreds of thousands of IRC bots (Individual computers) or possibly a spider bomb both of which would overload your firewall and either shut your network down or criple it enough so that your other employees can't get what they're suppose to get done.

Also what do you mean that MS has never been hacked? That's not entirely true, a few years back the ME kenel was stolen, though it didn't really matter as XP was already out. Possibly a disgruntled employee who knows.

I'm not saying your network is unsecure you should ALWAYS assume it is or you're going to end up making a big mistake, everyone knows that. No network is ever 100% secure, and no network ever has 100% uptime. Just remember there's always going to be someone whos better and knows more then you do, also what kind of brute force protection do you have? Any? What about keylogging chips in the keyboard do you check for these regularly? It sounds to me like your network is suppose to be gaurding something private although I'm not sure what, my guess is something to do with financial data. Anyways if you think your Firewall or network are going to just walk over a mass scale ddos attack you're sorely mistaken unless you've taken the precautions that I've given you earlier, and it's still going to eat up your badwidth like no tomorrow.

What kind of ACLs do you have currently setup? What kind of access filters do you have currently setup? (Assuming you have international employees), whats going to happen when someone steals their laptop and logs onto your network from a diffrent location? Are you just going to rely on the MAC Address? Password? Finger prints?

About three years ago Berkshire Hathaway (They own Wells Fargo, DQ, numerous other businesses) had one of their international employees kidnapped in Yemen. BH thought they were safe because you needed the laptop + his finger print to get onto the network they were sorely mistaken. The employee was transported to India and then done away with(Without being to graphic) The only thing that stopped them from getting to much information is the giant filter they have, that sniffed an IP from India in which they currently have zero employees. They were able to stop them within 10 minutes of the attack, but within that 10 minutes over 100,000 credit cards were stolen. If you all remember you getting a new debit/credit card while your old one wasn't expired around 2-3 years back you now know why.

All the banks are connected to the same branch of networks, that way you can go to one banks atm and still withdraw money etc etc.

I'd encourage to test your network agaist DDoS and see how it does agaist it.