FULL Review of the TrueNAS Software – And Now For Something Completely Different…
Have you been considering a NAS for a few years, but looked at the price tag that off the shelf featured solutions from Synology or QNAP and thought “wow, that seems rather expensive for THAT hardware”? Or are you someone that wants a NAS, but also has an old PC system or components around that could go towards building one? Or perhaps you are a user who wants a NAS, but HAS the budget, HAS the hardware, but also HAS the technical knowledge to understand EXACTLY the system setup, services and storage configuration you need? If you fall into one of those three categories, then there is a good chance that you have considered TrueNAS (formally FreeNAS). The community supported and highly customizable ZFS storage platform that is available for free and along with regular updates has adapted over recent years towards diversifying different kinds of users, their setup’s and their requirements of TrueNAS. Today I want to review the TrueNAS software. In order to do this, I have been supplied with a Mini X+ 5 HDD/2 SSD Desktop system (hardware review on that soon) by iXsystems, a company with established ties with TrueNAS and the platform’s official enterprise hardware solution partner. This review is going to be conducted a little different than my normal NAS server reviews. Unlike a review of a new piece of NAS hardware, TrueNAS is a software platform that is significantly more flexible in it’s installation (ultimately available in one form or another on a custom PC build or even much smaller shuttle case builds). Equally, unlike many who have reviewed TrueNAS and it’s previous versions or recent splinters (e.g. FreeNAS, Core, Scale, Enterprise, etc), today’s review is going to be a fresh look at this platform, what it does better than Linux NAS systems like Synology or QNAP, what is does worse and ultimately help users who are thinking of moving towards the steeper learning curve of custom-built TrueNAS. What TrueNAS lacks in the ease and simplicity of traditional NAS drives, it can more than makeup for it in its sheer scope and potential to be more powerful, efficient and flexible overall. So, let me guide you through my highlights of 30 aggregate hours of use with TrueNAS.
TrueNAS Review Disclaimer – As mentioned in my introduction, my review of TrueNAS today was made on an iXsystem Mini X+, an 8-Core Intel-based system that featured 32GB of DDR4 memory, as well as arriving with 2x 10GbE ports, PCIe Upgradability and mixed storage media support. The system arrived with 5x WD Red Drives and 2x 2.5″ SSDs. This hardware does not impact the bulk of this review as TrueNAS is available as an open-source download that can be installed onto a custom PC, flashed server etc. However, the iXsystem Mini X+ arrives with TrueNAS Core and a few smaller extra bits that are exclusive to this more complete hardware+software package. Where appropriate, I will highlight it, however, the bulk of the features, settings and stand out areas of attention below can be applied to the free, standalone version of this platform. Additionally, there are references to enterprise features and TrueNAS Command (a wider remote deployment monitoring and management portal tool) that may be exclusive to that platform. Finally, my personal background is largely focused on traditional turn-key NAS solutions and therefore I decided to present this review on how things are done differently to NAS brands such as Synology and QNAP.
Review of TrueNAS – Quick Conclusion
It will come as absolutely no surprise to anyone that when it comes to TrueNAS is a fantastically capable software for managing your storage. It even manages to swerve the downfall of being ‘too enterprise’ but arriving as an open source free software platform to be enjoyed by businesses and storage enthusiasts. There is no avoiding that it IS quite a technical mountainous learning curve if you are arriving at it from a position of zero storage or network experience, but the last few big TrueNAS system updates have gone a long way to update some UI elements to be more intuitive, software wide help notes available at all times and the community support is as on-point at it has ever been. If you are a home users looking for a hurdles setup or a day-1 deployable system for your small business, then TrueNAS may be too big a jump for you and you would be better off with a traditional off-the-shelf NAS system. However, if you have the know-how, you have the willingness to get your hands dirty and already have the hardware in mind/in-house, then TrueNAS stands in a class of it’s own and thanks to some very unique architecture choices that are almost utterly unique to this platform, it’s pretty unparalleled in its scope.
Review of TrueNAS – GUI & Deployment
First-time deployment of TrueNAS (after the initial installation of the software on the hardware system which will vary based on whether you have opted for an iXsystem solution or a custom build) is very straightforward. Once the system is booted, connected to your network and initialized, finding the device is possible via truenas.local. or obtaining it’s address from your switch or using an IP Scanner.
So, the first thing that I want to discuss about TrueNAS is the design. Finding a very interesting middle ground between providing all the configuration options in a single screen, whilst still not overwhelming the end-user, getting it pretty close to nailing it.
Alot More Hints and Tips than I was Expecting!
The first thing I was very surprised by in the design and deployment of the TrueNAS GUI was the sheer number of hints and information ‘i’s around every single screen. As TrueNAS and FreeNAS before it are built on FreeBSD, although there I expected a GUI, I did think it would still be rather command-line heavy still. However, not only are the controls of TrueNAS almost all displayed in a clearly visible GUI, but also I struggled to find a single option or choice that didn’t have a tip or guidance suggestion. This was a particular surprise as one of the biggest hurdles for most users considering moving from a turn-key NAS solution towards TrueNAS (custom or an iXsystem) is that intimidating climb up the steeper learning curve. It was a genuine and extremely welcome surprise to see how much guidance was available to even small and insignificant choices in the storage system setup where available.
Presentation of Storage and Resource Use is VERY Clear
Another thing that I fully expected to be present, but not to this level, was how the information on your storage areas (Pools, data sets, individual drives, etc) and the monitoring of your resources were displayed both analytically AND clearly. Of course, I expected TrueNAS to have the means to assess the system hardware health and status, but like most of my early personal experience with FreeNAS, UnRAID and FreeBSD years before, I thought this information would be available less in the GUI and more in command retrieval. However, the resource monitor and storage status (both, when delving into the system deeper and just via the initial splash screen of the GUI) provide an excellent level of information and in the case of the former, can be broken into a report form. Getting the presentation of storage on a GUI that can suit both the novice and the veteran techie is a tremendously tough line to balance and although there are a few areas where TrueNAS tends to ‘info-dump’ you a little, this area was no one of them.
Sharing Tab and its Breadcrumbs (WebDav, iSCSI, SMB, etc) Are More Intuative than Most
Another part of the TrueNAS graphical user interface that sets it apart a little from off the shelf NAS hardware+software is how the menu bar is displayed. With most NAS brands having their GUI comparable to popular operating system desktops (primarily Windows, MacOS or Android for the most part), TrueNAS’ GUI is a little bit more comparable to WordPress for the most part. The bulk of the config and service options are all located on the left-hand side of the screen and although there is only a handful at first glance, each one breaks down into subcategories quite quickly. The responsiveness of this menu system is particularly impressive and it’s easy to forget that you are accessing a remote system. Although the bulk of the tabs and options are where you would hope, one particular stand out example of things being done in a different and better way than most brands in the sharing tab/menu. Although most NAS brand software and GUI have tabs dedicated to sharing files (as well as contextual menus on files and folders), once you start breaking down into different sharing protocols, things get a little distance out and you end up having to keep multiple windows open to create and manage your cross-platform sharing environment. TrueNAS on the other hand has bulked these all together into the single tab and allows navigation through and between considerably more intuitive. Equally, the customization and configuration of shares and you delve deeper (although increasing the learning curve) are significantly more diverse to allow tweaking and improvements based on your setup.
Live Reports of System & Processes are Very Detailed and Quick to Navigate
Much like the Storage Presentation and Resource Use, getting reports of historical system information and active processes are much more detailed on the TrueNAS platform than I have seen from many NAS brands. TrueNAS uses Graphite for metric gathering and visualizations. Some general settings can be found in System > Reporting. Once again, it’s a fine line to have information regarding the server be presented in a fashion that is digestible to less storage-experienced users without potentially dumbing things down a little. Luckily these do still seem to present all the information that either tier of user is going to need and is done so by the information being broken down into sections that in turn can be delved deeper into by degrees. The UX of TrueNAS has clearly been thought about a lot and although many FreeNAS veterans might have disliked the changes in some areas towards making it simplified in places, there are still options for drilling down into system heath and history quite significantly.
Lots of Theme Customizations and a Theme Maker
A very surprisingly detail of TrueNAS is how much the GUI can be customized. Most NAS brands and their software allow the end-user (i.e that current user of many that have access credentials) to change minor details. The Wallpaper, their login icon and time/date display and pretty much the full range of choices. Given the fact most off-the-shelf NAS solutions are designed with being more user-friendly and attempting to de-mystified network storage for average users, I was VERY surprised that it was TrueNAS that had a greater degree of customization available in how the GUI is displayed. Colour schemes, logo changes, scaling, icon replacements, fonts, accents and changes to the top bar. There is a comparatively large amount of choice and customization compared with turn-key NAS solutions from Synology and QNAP and leans very well into the already established idea that TrueNAS is designed around custom builds.
No Avoiding That it is Still Very Stat and Tech Heavy some less experienced Users
As much as I like the GUI fo TrueNAS and how it has melded the controls very well to remain accessible to the experienced and inexperienced user, it has to be said that this is not done 50/50 and although there are hints, guides and recommendations by the system through all choices, it is still a very tech-heavy product and although the basic/top-layer decisions are user friendly, it isn’t going to be long before the full pages fo customization and configuration choices presented in the TrueNAS GUI are going to be a little overwhelming for those that are more used to these tougher decisions being hidden behind presets or set up behind a scaled option of security. In a few other areas of TrueNAS, this is addressed with an ‘advanced’ tab or mode option that until pressed will hide these tougher elements of the setup unless needed. Sadly this is not a system-wide design choice in the GUI and the TrueNAS UX is something that can demand accelerated learning. Alot of this might be solved with ‘easy’ ‘intermediate’ or ‘expert’ table opens on the bulk of pages, but as it stands it can sometimes be a bit of a ‘cannot see the wood because of all the trees’ situation when looking for a specific option in a menu, as there are 10-15 choices/boxes on the screen. The TrueNAS UI in the latest version IS very good and considerably more user-friendly than I thought it would be, but I would still be reluctant to call it novice-friendly.
No Search Functionality at the Home Screen
This was something that, despite the arguably higher skill level that TrueNAS commands in it’s user base, I was still surprised was absent – A search feature from the main GUI. It would not be a commonly used feature, however, I have met plenty of less experienced users or those in a rush looking for a specific option/service/setting that would appreciate a search functionality to be available. There ARE a few services and options in the menus that feature search functionality, but they are generally always limited to that specific function and not system-wide.
Review of TrueNAS – Storage
Realistically, THIS is the thing that is going to be paramount to most users of TrueNAS, Storage! But simply storing data is not enough, it is about how well it stores it, how customizable it is to different user environments, how secure it is in terms of backups and redundancy, how robust it is and the maintenance of that storage moving forward. TrueNAS arrives with ZFS (zettabyte File System), an enterprise-ready open source file system, RAID controller, and volume manager with unprecedented flexibility and an uncompromising commitment to data integrity. It eliminates most, if not all of the shortcomings that veteran storage professionals claim are apparent in ‘EXT4’ or the much newer ‘BTRFS’ file systems from brands such as Synology and QNAP NAS devices. Alongside the widest support of ZFS currently available in the market, TrueNAS also is one of the most scalable solutions available in the world (in part thanks to that freedom in building the hardware architecture being available and the open-source design of the platform allowing migration being considerably more seamless as you change out hardware over time. ZFS also brings big advantages in deduplication and compression techniques that improve how much data is being written to the system, whilst simultaneously simplifying the internal pathways of the system to larger bulks of users. In recent years, turnkey solutions from Synology and QNAP (as well as more affordable brands such as Asustorand Terraamster) have provided a degree of duplication on their platforms (QNAP seemingly extending this more than most) but ZFS has most of the architecture for these processes natively built into it and although you WILL need to bulk up on your hardware (16GB memory recommended in most cases if you want both for example), it still allows TrueNAS to stand out. Here are the elements of TrueNAS storage that stood out for me.
Exceptionally High Level of Access Control Options and Configuration of Data Sets
If there are two areas of consistency throughout TrueNAS storage that need to be highlighted above all others, it would be control and security. At practically every tier of the system’s internal storage management, you are able to apply numerous measures of bespoke user choice protection. More than the fact that standard elements of encryption, ACL and storage segmentation are available here, but more the sheer depth of it. You are able to assign extremely rigid access controls to your storage pools, zDevs, zVols and data sets from the ground up, as well as the branch these security measures into select user and group access (which can be changed by a superuser on the fly with ease). Along with that, ACL support is extremely wide-ranging, giving you the means to create areas of storage that are completely inaccessible (in either direction) by the greater system that ensure that storage can be created quickly, but without opening doors to your mission-critical storage. This bespoke control extends quite heavily to the configuration of Access Control Levels, as access Control List (ACL) is a set of account permissions associated with a dataset and applied to directories or files within that dataset. ACLs are typically used to manage user interactions with shared datasets and are created when a dataset is added to a pool. TrueNAS seemingly allows a create degree of control on this than most NAS systems on the market right now.
Excellent level of support of SED Media and Encryption levels in General
Then with Security, TrueNAS covers this in a few key areas. First off, several methods/protocols of encryption are supported by the system (giving the end-user a choice at the setup level) and generally ‘choosing’ your encryption method is not something offered by most brands to this extent (or at all in many cases). Next, there is the fact that encryption can be applied at every level of thes storage is required. When we look at some other NAS brands that included encryption, they tend to include encryption at the shard folder or volume level (pool level is supported with the use of encrypted drive media). TrueNAS is one of the very few several software on the market that provides native and configurable encryption at every level (storage pool, volumes, data sets, etc) and along with support of key management, there are additional failsafe options available that also passphrase support too. Finally, you have the support of self-encrypted drives (SEDs) in the system that can be fully utilized and that additional encryption be afforded to the greater storage system with the others. In short, you can create a fantastically encrypted storage system to an unparalleled degree in trueNAS. Again, not too shabby for an open-source bit of software!
Unrecommended Storage Configuration Choices Need to be ‘Forced’ to be actioned
One issue that will inevitably come to providing software that is highly customizable is giving the end-user too much rope to hang themselves with! Once you make your way past the rudimentary aspects of storage, the end-user can start putting together the building blocks of their storage inefficiently (or worse still dangerously) and run the risk of creating a basis for their storage for years to come that is inherently flawed. Balancing that line of allowing complete control and customization, whilst stopping a user from doing the wrong thing is a tough line to tread (QNAP have been walking this one as best they can for years too). TrueNAS has addressed this with a (very) soft lock system. When building your storage, if you are configuring the resources in a less than optimal/safe way, the system will give you a warning on the screen that details the potential downside/detrimental effect of your action. This warning can then be closed/dismissed and in order to continue, the ‘continue’ option will be joined with a button ‘force’. This is TrueNAS’ middle ground to allow creative freedom, whilst letting the end-user know that the action they are performing has a layer of risk attacked. For example, you are configuring a RAIDZ2 (think RAID 6) and you are using 8 disks that are not all uniform in capacity, but you do not care/want to proceed anyway. This is where the system would present you with a warning to ‘force’ through. The same thing when you build pools without redundancy or use differing media interface types outside of a fusion pool or cache setup. It is by no means a perfect solution, but at least TrueNAS have clearly understood that they need to steer things a bit at times.
Copy on Write Architecture is an additional Layer of File Level Error Recovery
An interesting architectural advantage of TrueNAS utilizing ZFS is the support of CoW (Copy on Write). This is a system of checksum built data health that involves a brief period of two actions of write occurring on any data being sent to the TrueNAS serve, which are then compared for consistency and then a single final, verified version of that data resides. ZFS does not change the location of data until a write is completed and verified. This ensures that your data isn’t lost during an interrupted task such as a power outage. ZFS uses a 256-bit hash of the data in a file system block, known as a checksum. This checksum ensures data integrity during writes. The way it handles and tests writes means that each write is tested, eliminating storage degradation such as bitrot. It also eliminates the write hole which allows for silent data corruption within RAID. Similar methods of data health and verification are utilized in other storage technology (such as ECC memory and in the write actions of BTRFS) but not to this extent and in such a widespread way. Writes do not overwrite data in place; instead, a modified copy of the block is written to a new location, and metadata is updated to point at the new location.
Support of RAIDZ Means that Initial Building is Faster and Recovery More Precise
One of the long understood advantages of ZFS that TrueNAS provides immediately (perhaps to the jealousy of EXT4 and BRTFS system users) is the utility of RAIDZ. RAID (redundant array of independent disks) is the ability to combine multiple media drives into a single storage pool that provides some/all of the benefits of increased storage performance, storage performance and redundancy (eg a safety net to still access/recover your data in the event of a drive failure). RAID and RAIDZ are similar on the face of it (with support of striping and mirroring), but it is a lot of difference in the larger arrays in terms of building, writing and recovery. RAIDZ has some interesting benefits, the first and most obvious is that a RAIDZ compared with a RAID5 takes minutes, not hours to build! Additionally, RAIDZ has a better understanding of empty blocks and that becomes beneficial in the event of a RAID rebuild, as in the event a drive fails and you introduce a new HDD/SSD, RAIDZ will ONLY need to rebuild the areas onto the replacement disk that data original resided on (using parity data from the other present disks) and then just zero’ing the rest of the disk. Similar systems like this have arrived from Synology on their platform for after RAID recovery (still using TBRFS) but still not as fluid and native as in ZFS. Striped VDEV’s, Mirrored VDEV’s and Striped Mirrored VDEV’s are essentially the same as RAID0, RAID1 and RAID10 accordingly with one difference; automatic checksumming prevents silent data corruption that might be undetected by most hardware RAID cards. ZFS uses the additional checksum level to detect silent data corruption when the data block is damaged, but the hard drive does not flag it as bad.
- RAIDZ (sometimes explicitly specified as RAIDZ1) is approximately the same as RAID5 (single parity)
- RAIDZ2 is approximately the same as RAID6 (dual parity)
|RAID5 example of parity|
|Disk 1||Disk 2||Disk 3||Disk 4|
RAID5 places blocks in a regular pattern. You only need to know the block number (address) to determine which disk stores the block, at what address, and where the corresponding parity block is. Also, with N disks, exactly one parity block is stored for every N-1 data blocks.
In RAIDZ, ZFS first compresses each recordsize block of data. Then, it distributes compressed data across the disks, along with a parity block. So, one needs to consult filesystem metadata for each file to determine where the file records are and where the corresponding parities are. For example, if data compresses to only one sector, ZFS will store one sector of data along with one sector of parity. Therefore, there is no fixed proportion of parity to the data. Moreover, sometimes padding is inserted to better align blocks on disks (denoted by X in the above example), which may increase overhead. However, we have still not touched on two more core advantages of ZFS and it’s RAID management…
3 Disk Redundancy is Available and Should Get More Kudos!
TRIPLE DISK PARITY! Now, if you don’t know what that is, then you can be forgiven for wondering why I have put that in capital letters. However, those that know, love it. In short, RAIDZ3 is the 3 disk fault-tolerance storage pool configuration that is largely unavailable conventionally in any other RAID configuration, requiring at least 5 disks (again, HDD or SSD) it means that you can withstand 3 drives failing. Now, if that sounds like tremendous overkill, then let me share a fun fact with you! Most drive failures that I have witnessed (and I welcome commentors to contribute on this) do NOT stem from poor treatment of a single drive, dropping an enclosure or poor individual handling. No, the bulk of drive failures I have witnessed have stemmed from three causes (looking at logs and SMART info):
- Inherent fault at the point of manufacture or in the logistics chain that has developed over time
- Overworked system hitting RAID arrays harder than intended 24×7 etc, or just designed drive workloads being exceeded in general
- Critical larger system failure in the middle of a widespread write action (eg power failure as all drives are engaged for writing)
Now, in THOSE three examples, the key factor to keep in mind is that in none of them is an HDD or SSD on its own. At manufacture in bulk, in transit in crates of 20x at a time or in larger setup RAID array – the things that harm the storage media is hitting several at once. Even if you ignore the degenerative factors of exceeding workloads and system critical failure damage, there is no avoiding that when you buy multiple HDD/SSD from a single e-retailer (eTailer?), they do NOT provide you with multiple drive with each drive from a different crate/carton. No, that would be spectacularly inefficient for any retailer. No, you have to accept that there is a % chance that as soon as 1 drive fails that (without identifying to cause) that another drive in the array could fail for the same reason soon. So a double disk redundancy such as RAIDZ2 or RAID 6 would give you extra time – but how much time? Who known. But if your data is mission-critical and you weigh up the cost of another HDD in a custom build design such as TrueNAS, a triple parity RAID system starts to make a lot of sense.
ZFS ReSilvering Often Overlooked Safety Net
Another wildly overlooked and misunderstood advantage of ZFS and TrueNAS’ utility of it is in the support of Re-silvering. For those unaware, resilvering is when a drive that WAS part of the RAID array is disconnected and reconnected in a brief window that allows the system to identify that the drive belongs in the original pool and re-embraces it quickly. In practical terms, imagine your system suffers a very brief SATA/Controller board malfunction and a drive is dismounted (software level). Alternatively (and something surprisingly more command than you might think) an HDD in a tray/bay of the NAS might be accidentally physically ejected. Resilvering would allow the system to KNOW that the drive is part of the set and reintroduce it. In EXT4 or BTRFS, that brief disconnection would result in the RAID pool changing to a degraded status and the end-user would be forced to 1) endure a slower system as data is being exchanged with the pool in this parity-reading state as 2) the system wipes the former HDD/SSD to re-write all the data it had already and 3) unnecessary stress is placed on the system resources throughout. In ZFS and TrueNAS, the system would SEE that the recently ejected/dismounted drive is part fo the pool, verify that it has the data in place and then re-introduce the drive. the time this takes is largely based on how long the drive was disconnected (and data written in the interim) but it can genuinely take seconds or minutes – unlike the hours to days that a RAID recovery from a degraded state would take.
USB Storage Media is Visible and Managed in the Storage Manager
It is a very small detail but one I think is worth highlighting. Namely that USB storage media in TrueNAS is handled much differently than in other turnkey NAS solutions from Synology and QNAP. In those latter examples, USB storage is treated at arms length, visible in the file manager in the GUI of course, but then only really visible for use in the backup tools (which is still great). In TrueNAS however, USB storage media is visible, configurable and manageable directly from the storage manager. Now, obviously spreading a RAID over SATA storage media and a USB drive would be ridiculously dangerous for storage, however, there are still plenty of benefits and management advantages to having external storage visible alongside the management of the rest of the storage – aside from backup management and configuring the access privileges of the drive media, it also allows the USB drive to be managed for scheduled tasks and processes alongside the rest of the system and integrated into the reports and monitoring of the TrueNAS system. It is a small detail, but one that really stood out for me when comparing TrueNAS against Synology DSM and QNAP QTS USB media management overall.
Fusion Pools of Mixed Storage Media is Great and Rarer Than You Might Think
Another (relatively) recent addition to TrueNAS and its use of ZFS is the option to create fusion pools. A comparatively streamlined process, when you think about how technical and advanced the average options of TrueNAS can be to the end-user, fusion pools allow you to introduce mixed tiers of storage of different performance and combine them into a single visible pool, but in the background the system is sending data to the drive media that is best suited to supply it – so metadata on the SSD media, larger bulkier sequential data on the HDDs etc. ZFS sends writes to individual physical disks rather than just a RAID volume. This allows for stripe writes across RAID volumes and can perform synchronous writes to speed up performance. This model also ensures there are no long waits for file system checks. ZFS incorporates algorithms to make sure your Most Recently Used (MRU) and Most Frequently Used (MSU) data are stored in your fastest system storage media. Utilizing MRU & MSU combined with flash/NVDIMM ZILs/SLOGs and ARC/L2ARC devices, you can speed up your performance astronomically. Similar systems to this exist in QNAP’s EXT4 service ‘tiered storage’ and both they and Synology offer NVMe SSD caching services in conjunction with an existing pool/volume, but again this is done to a considerably higher and more customizable degree in TrueNAS. It just takes more time and knowhow to set up though.
Smart/Intuitive Option to Define Drive Media Use
Then there is an interesting storage setup choice that TrueNAS offers that is actually quite a bit of fresh air versus the more complex elements of it’s configuration. Namey that the system also includes an option to specifically designate a soon to be created area of storage to a task/use. So, if you have introduced one or more drives to your custom build server, you can choose whether you want this to be an independent new pool as a hot spare, to factor as additional storage redundancy, dedicated deduplication storage, designate the space for metadata (SSD recommended of course) and more. It is a surprisingly user-friendly option amidst all the complexity and a welcome addition to save time and headaches!
No Native Browser GUI Based File Manager
One missing feature of TrueNAS that really surprised me was the absence of a browser-based file manager. Now, on the face of it, many will argue that the GUI of your storage system should be reserved for system management, configuration and for troubleshooting (some even erring away from browser GUIs entirely in favour of SSHing etc directly into the system as a superuser for these tasks for pace). Equally, once you have correctly created and configured your storage (along with creating shared paths and enabling the right file access protocol in TrueNAS) you will be able to mount and access your storage in a drive, folder and file level in your native OS (arguable BETTER). However, the ease and added benefits of ALSO being able to access your system storage from time to time in even a simple file/folder level in the GUI cannot be overstated. Sure, you CAN create a very based root directly breadcrumb style breakdown in a browser tab – but with most NAS brands offering the same OS-level native file/folder access AND offering a web browser GUI file management option (with copy, paste, archive, thumbnails, sharing, editing) AND mobile applications to do the same. It is really odd that this is not a native option in TrueNAS. You COULD use 3rd party tools of course to do this, but that would be a credit to those and not TrueNAS.
RAIDZ Still Takes Longer than Traditional RAID in ReBuilding Fuller Arrays
This is a small negative in the grand scheme of things and hardly something that leaves TrueNAS/ZFS reflected too badly against EXT4 and BTRFS setups, but although ZFS Raid rebuilding IS much faster if your actual capacity used is smaller (only building the data/space used and hashing/zeroing the rest), that advantage does not help in the event of your storage pool being much fuller and in testing a RAIDZ at 90% full vs a near-identical RAID5 on 4x4TB actually took a pinch longer on the ZFS pool. Again, the difference was small and largely down to the additional checksums and verification of ZFS, but still, something to note.
Potential Defragmentation in Copy On Write Methodology
Earlier, we discussed that ZFS utilizes copy on write (CoW) in order to create a 2nd copy of the data for ensuring the integrity of the write action. Unfortunately, this can mean that TrueNAS can suffer from data fragmentation as time wears on. There are direct performance implications that stem from that fact. This can be avoided with scheduled/periodic de-fragmentation, but this can be time and resource-consuming depending on the volume of your storage. So potentially, the fuller your storage pool is with actual data, the slower it will ultimately get. Write speeds in ZFS are directly tied to the amount of adjacent free blocks there are to write to in order to maintain the CoW process. As your pool fills up, and as data fragments, there are fewer and fewer blocks that are directly adjacent to one another. A single large file may span blocks scattered all over the surface of your hard drive. Even though you would expect that file to be a sequential write, it no longer can be if your drive is full. This can be an often overlooked and direct reason for long term performance drops in some systems over time if left unchecked. I have personally not experienced this, but it has been discussed online (forums, reddit, etc) and therefore I still thought I should address this.
Still Not Especially Novice or even soft IT knowledge Friendly User
Despite the big efforts by TrueNAS to demystify the complexity of storage management in several areas of its storage area (fusion pools being partially automated mixed media pools, the suggested vDev drive drop-down, USB management in that same area and ‘force’ warning options to name but a few), there is still no avoiding that TrueNAS is CONSIDERABLY more complicated to setup your storage and is a large jump from the frank simplicity of Synology and QNAP. Some would argue that the simplicity offered by turnkey/off-the-shelf NAS solutions are incredibly restrictive and inherently limiting, but there is still a substantial learning curve to setting up your storage in TrueNAS that needs to be appreciated and understood at the outset.
Review of TrueNAS – Accounts
Given the rather technical, bespoke and detailed nature of TrueNAS, it is easy to understand why the solution is aimed at business users who want things set up in a ‘certain way’. Although turnkey solutions are easier to deploy and are generally more user-friendly, they are more often than not too rigid and inflexible for businesses to use in their larger business models. In most cases, a TrueNAS custom-built (or iXsystem) will be deployed in the center of a business and accessible from many, many company staff for backups, email, document archives, hybrid sync storage and more. Therefore it is important to review how TrueNAS handles multiple accounts, how security is afforded to these accounts and how privileges and access to more mission-critical or confidential data are managed. TrueNAS features a quick and easy means to create multiple users and/or groups for the host user network (as well as connecting these with remote access as required). Let me talk you through what stood out for me in TrueNAS when it comes to account management.
Significant Range of Security and Account Configuration Options
Creating a user account in TrueNAS is incredibly straightforward, as well as making each account as secure as possible. Each account has the standard username and password settings you would expect, but then they delve quite a bit deeper into how you want these users to access the system, their subgroups (which then allows you to create bulk protocols/privileges for all users in that group quickly) and the nature of their account. Options such as which file directories this user can interact with can be set to rear only, write or full access are fairly standard, but I like the options for locking some user accounts easily, creating unique SSH keys, creating temporary admin powers and rotational/changeable passwords are a nice extra touch. As the system is predominantly designed to be remotely accessed via 3rd party client OS’ and 3rd party client software, the more customizable user account features of user images and bespoke desktop GUI found on NAS systems such as Synology and QNAP are absent, but this is still a very easy and detailed user creation element to TrueNAS.
Good Support of Microsoft Account Authorization
It’s a relatively small extra detail, but user account security in TrueNAS also includes an option to integrate the use of Microsoft account security when accessing the storage on the server. This is applicable to any system running Windows 8 or higher (including Windows 11) and allows the authentication methods that are used in the Windows operations system to be used to further verify the identity of a connected user. This user service is not exclusive to TrueNAS of course, but it is another neat piece of third party crossover support that the software includes in its open-source architecture.
Impressively Configurable 2-Step Authentication
The fact that TrueNAS features the support of 2 step authentication (also known as 2FA – 2 Factor authentication) is not going to be a huge surprise for many, given its ubiquitous appearance on pretty much all software clients in the last few years. For those that arent aware, in brief, two-step authentication allows you to have a 2nd degree of user authentication when logging into a service/software alongside your password, as your phone will need to provide a randomly generated code every time when you log in. You need to use one of the many authentication client tools available online (with Google Authenticator being one of the most used for mobiles), but it is surprisingly easy to set up. Where 2-Step authentication in TrueNAS differs from most is the level of configuration that is on offer within the 2FA settings.
Most systems will provide you with the option to simply synchronize with the authentication tool you are using (3D generated barcode or long passkey as best suited to the end-user). TrueNAS on the other hand allows you to change the authentication interval that the randomly generated code changes (usually 30 seconds) to longer for those that need it for accessibility support, as well as change the validity period/number of attempts before a potential lockout. Then you have the option to customize the length of the one-time password (OTP) to greater than the usual default 6 digits (something I have not seen offered by any other NAS brands in 2022). Finally, there is the choice to integrate the requirements for 2-step authentication into SSH logins (command line access with an SSH client window tool such as Putty), which given the huge degree of SSH access built into the typical TrueNAS use scenario, it definitely beneficial.
No Bulk Group or User Creation Options
One small but present absence that I noted in TrueNAS was the lack of an option to create bulk users at once or to import an existing CSV or .xlsx file. This is a very minor detail of course and only applicable to users who have larger volumes of users they wish to move over to a new server from an existing setup, but I am still surprised that it is absent in TrueNAS Core. I have contacted iXsystems to enquire about this and apparently it IS an option that is available in TrueNAS Scale, but nevertheless, I am disappointed that it is not available across the whole platform.
Review of TrueNAS – Alerts & Notifications
Most users who are looking at getting a private server, although initially heavily invested in tinkering and playing with the device, will eventually want the system to just sit in the corner, be quiet and do it’s job! It’s understandable, as interesting as the software and services are, ultimately a NAS (TrueNAS or otherwise) is a tool and as soon as you have set the device up to do the thing you specifically need it to, you want to go back to doing other things and whilst your NAS carries on. However, whilst that is true, in the event something is wrong or out of the ordinary system processes are noticed internally, you want the TrueNAS to tell you ASAP! Most NAS systems have inbuilt notifications and alerts that can be pushed to select/all end users that can be tailored to preferred client devices and methods. In the case of TrueNAS there are (as you might expect) a wide, WIDE variety of settings and choices for delivering those all-important notifications and although in the case of many apps being 3rd party (therefore having their own notification and alert schemes in place as appropriate), the greater storage system, network/internet connections and user behaviour alerts are still pretty extensive in their alert options. Here is what stood out in TrueNAS for me in this area.
VERY Customizable Alerts and Notification Customization
I really cannot stress enough how diverse the range of alert configuration options that TrueNAS allows you to adapt. The window above is just a small example of the many, many windows available although it is a long, long list of options, you cannot really suggest that TrueNAS didn’t cover all the scenarios. There are even slightly more customizable ones that you can add too. The delivery of these alerts is a little less straightforward than those found in Synology/QNAP (which have proprietary client apps for mobile and desktop that allow faster alert methods) but a large number of platforms are supported in TrueNAS for notifications that include email, Slack, AWS, InfluxDB, Mattermost, Pager Duty, SNMP Trap and more. Alongside incredibly concisely built alert parameters, each one can be scaled in priority and in turn, its urgency adjusted.
TrueNAS uses a 7 tier alert priority scale and you can adjust each alert & notification variable in the wide-ranging list to your own requirements. For example, if you were running a shared storage area with a team of 10 users and 8/10 of those users were accessing the system at once (potentially bottlenecking the network in a 1GbE network, depending on the file volume/frequency), you might want the system admin/IT to know this. It isn’t a high-level alert, more of a case of being aware of the additional network load. In that case you can setup an alert of bandwidth/zdev access above a certain level/% and suitable admin to receive a level 2 notification (NOTICE) so they are aware. Alternatively, example 2, there have been several failed login attempts under a specific user account, but eventually that user has logged in successfully. This might be a cause of concern as repeated password attempts could so easily be an unauthorized individual connecting to the greater system. You can set the # of failed login attempts before an automatic lockout OR set an alert of level 3 ‘WARNING’ to alert a system admin to look into this account behaviour to access the situation. Alerts and notifications become significantly more intricate (breaking down into encryption certificates, hardware health, critical system failure, SSH/Telnet logins. etc) and this easy 7 tier alert system can be applied to all instances.
Build In Support Lines, Business Support tiers, Direct System Messaging System and Issue Reporting Mechanism in the TrueNAS GUI
As TrueNAS is an opensource and community-driven NAS platform, you would be forgiven for wondering just how much this all means when you hit a technical wall, encounter system roadblocks, need advice on a setup or just generally looking for guidance. One of the main appeals of an off the shelf/turn-key solution from brands such as Synology and QNAP is that as a paid hardwware+software solution, you feel that there will be technical support lines via live chat, email and even phone in some cases (depending on the level of solution of course) that a homebrew/DiY solution will not be able to supply. However, the support on a TrueNAS system is a little more diverse than that. If you build your own NAS system from scratch and install TrueNAS Core onto your system, you will not have access to premium/commercial level support, but you do have links in the TrueNAS GUI to community support, details online guides and access to the Jira support system that allows your query for assistance to be submitted to the community pool. There are also provisions there to check if your issue has already been documented and resolved elsewhere. These links are immediately available from within the GUI in multiple areas.
But if you are a business user, despite the TrueNAS open-source/freely available status, you may well have opted for it for it’s customization and flexibility compared with off the shelf NAS solutions. Therefore you might still want paid/commercial/enterrpise grade support. This is where the distinction between going TrueNAS DiY and pre-built TrueNAS from iXsystems becomes a little clearer, as iXsystems are the official pre-build provider of TrueNAS and with their solutions, they offer a scaled range of support options that include numerous contact methods. In addition to all the TrueNAS CORE support options that are still available, TrueNAS Enterprise customers who purchase hardware from iXsystems can receive assistance from iXsystems if an issue occurs with the system. Silver and Gold level Support customers can also enable Proactive Support on their hardware to automatically notify iXsystems if an issue occurs. Here is how those support options scale and which systems support each tier:
|Software Help Desk||24×7||12×5
|Hardware Support||4 Hour
On-Site Support & Repair
|Next Business Day
On-Site Support & Repair
|Advance Parts Replacement||Return to Depot|
|Remote Deployment Assistance (60 days)||Yes||Yes||Yes||No|
|On-Site Hardware Spares Kit||Included||Optional||Optional||Optional|
|Proactive Support & System Monitoring||Yes||Yes||No||No|
|Advanced Hardware Replacement
||Delivered the next business day
|Delivered the next business day.||Delivered the next business day.||No|
|After Hour Maintenance/Upgrade Assistance||By appointment||By appointment||No||No|
|Online Support Portal and Knowledge base||Yes||Yes||Yes||Yes|
|S1: Not serving data or severe performance
degradation, critically disrupting business.
|Response within 2 hours, 24×7 Help Desk Support||Email Response within 4 hours, 6:00 AM to 6:00 PM Pacific Time (M-F)||Email Response within 4 hours, 6:00 AM to 6:00 PM Pacific Time (M-F)||Email support (Next business day) for S1 and S2 intermittent faults only|
|S2: Performance degradation in production or
|Response within 4 hours, 24×7 Help Desk Support||Email Response within 4 hours, 6:00 AM to 6:00 PM Pacific Time (M-F)||Email Response within 4 hours, 6:00 AM to 6:00 PM Pacific Time (M-F)||Email support (Next business day) for S1 and S2 intermittent faults only|
|S3: Issue or defect causing minimal impact.||Email Response within 4 hours, 6:00 AM to 6:00 PM Pacific Time||Email Response within 4 hours, 6:00 AM to 6:00 PM Pacific Time (M-F)||Email Response within 4 hours, 6:00 AM to 6:00 PM Pacific Time (M-F)||No support available.|
|S4: Request for information or administrative
|Next business day response.||Next business day response.||Next business day response.||No support available.|
The level of support afforded to each tier of the iXsystem hardware portfolio is not quite as straightforward, however, as smaller-scale systems only support upto a bronze tier. Therefore on closer examination, you can only access the highest/most-involved customer support tier when you are looking at the enterprise tier hardware systems. Now, on the face of it, that makes sense in terms of priority as it is those highest volume use systems that are going to want the fastest and most responsive support. Equally, the most modest systems will be used by smaller-scale users and have smaller scale utilities in mind. Still, I know more than enough NAS users who choose more modest NAS systems from Synology and QNAP, BUT will push for extended warranties, 5year warranty enterprise storage media, choosing to allocate their storage server budget towards lengthy support periods for peace of mind/insurance. Here is how the commercial support options spread across iXsystem hardware options:
|R-series||Not Available||Available||Available||3-Year Included|
|FNC||Not Available||Available||Available||3-Year Included|
|Mini||Not Available||Not Available||Available||1-Year Included. SW Warranty requires registration|
In the case of my review, I have been using a TrueNAS mini x+ and below is how the support prices are based on this model of the TrueNAS iXsystem mini. It is worth noting that only systems with all hardware provided by iXsystems are eligible for software support and warranty. Enterprise Bronze Support is only available for customers that have larger TrueNAS systems also under Enterprise Support Contract. Component swaps are the standard process for resolving major issues.
|Model||3-Year Silver||3-Year Bronze||3-Year Warranty||Warranty|
|Mini E, E+||Not Available||$299||$149||1-Year Included. SW Warranty requires registration.|
|Mini X, X+||Not Available||$399||$199||1-Year Included. SW Warranty requires registration.|
|Mini XL+||Not Available||$599||$299||1-Year Included. SW Warranty requires registration.|
Overall, I think TrueNAS (and iXsystems) have balanced the level of support and assistance options that are available to most kinds of NAS user. It makes sense that a free-to-download software platform would not be able to provide a commercial/enterprise-grade support level without having to financially support this behind a subscription service. And they do not leverage this against the community support, opening encouraging this as an option and facilitating multiple methods of looking up similarly submitted and solved issues, streamline the community support process as much as possible and still presenting the choice to go down the paid-support route when needed. The face this support is not available in non-iXsystem TrueNAS setup’s might be a bit of a downer for some, but as mentioned multiple times in this review, the money that some users are saving in a custom/DiY solution in TrueNAS vs a turnkey/off-the-shelf solution from Synology/QNAP needs to be paid in learning how it all works. I think TrueNAS and iXsystems found the best middle ground possible here.
Larger Range of Configuration Options Can be Overwhelming and Lacks Convenient Preset Options
When I said that there are a lot of alert and notification choices built into TrueNAS, I was not kidding. Even at a casual glance, they are in the triple figures, and that is jsut on the outset. It IS true that the bulk of them are automatically set to one of the 7 pre-set alert levels by default, but if you have a slightly more secure/closed setup in mind for your system notifications, you are going to be spending hours, not minutes adjusting them all to your unique needs. The same goes if you want to run a more open setup for testing, as the TrueNAS default settings are a pinch higher than I would class as ‘casual’ in scaled alerts (better safe than sorry). Now, other turnkey solutions on the market combat this by providing various alert/notification switches BUT also arriving with security councillors/preset configuration dropdowns. In brief, I wish TrueNAS had a range of preset notification levels, perhaps set as ‘low-medium-high-business-enterprise’ that changed these settings in bulk and THEN you can go in manually where needed and change a few, allowing you to create a custom profile which you can then save as ‘CUSTOM’. Similar tiered/scaled choices exist in other areas of TrueNAS for other services that change bulk options on the fly, as well as ‘advanced’ tabs in places when you want to get your hands a little dirtier and play with options at a deeper level in the GUI. Overall though, I prefer to have too many alert/notification options that are not enough though!
Review of TrueNAS – Network Management & Security
Aside from the storage of your data, another HUGE element of managing your NAS (TrueNAS or otherwise) is how well the system manages its network connectivity. This is such an important part of the perfect storage setup that it can often be the make-or-break of a system. This is especially true in 2022 as concerns of cyber security, ransomware, malware and remote access to your home/business network are extremely current! In the last 18 months, big turnkey/off-the-shelf NAS solution providers have been affected by ransomware and remote command injection-based attacks (Deadbolt, QSnatch, Dirty CoW, Dirty Pipe and more) and this has led to a large number of users rolling up their sleeves and deciding to move towards highly customizable/configurable solutions that allow them to craft a completely unique network security setup. Using TrueNAS to do this is arguably going to be a much more technical process BUT the range of customization and unique internal separate options that the platform offers is completely unique in many places and part of that stems from TrueNAS being built on FreeBSD (rather than Linux, as most other NAS platforms are built on, though there IS a Linux kernel TrueNAS option for those that want the benefits inherent to that platform in TrueNAS Scale). This allows a greater degree of partitional design that allows incredibly unique storage setups that brute force attacks and injected code methods can not overcome beyond a certain point. Eg If you think of TrueNAS on FreeBSD as a house, every single door in the house has a unique lock (multiple unique locks per door if you choose) and having keys to even a single door is just not enough to access everything. Even command-line/back-end access can be forbidden and for many that level of native isolation to the storage, backups and snapshots is damn near irresistible! Here are the elements of TrueNAS core that stood out for me in its network management and security.
Wide Range of Connections, Services and Protocols Supported but off by Default
The first thing that struck me about the TrueNAS system is how all of the available means to interact with the system (in terms of both file protocols, internal services and external communication services) can be configured quite extensively AND are all switched OFF by default. This is going to divide opinion a little, but I really, REALLY like this! For a start, having all of these services listed in a single place means that in the event of a system lockdown (eg you think your system may be under attack and/or you want to restrict processes that can be used as attack vectors/entry points), this makes shutting these processes down (or even lowering their individual access levels to allow existing critical services to continue) CONSIDERABLY easier! Additionally, some services that are necessary to system maintenance but crucially can be resource hungry might need to be temporarily suspended by the system admin (eg SMART disk checks) to ensure that other short term but high priority services have enough horsepower. Then you have the option to suspend some/all SSH/Command level access very quickly which can often be a catch-all method of suspending an active malware attack. These configuration and system service control also can be extended to which ones are available/active at start up (for those that are concerned at the impact of a firmware update restarting the system and activating/disabling specific services). These controls are available (for the most part) in the majority of turnkey solutions and off-the-shelf NAS drives such as QNAP and Synology, however they are not presented in such a single-portal access and config fashion, which can make all the difference when changes that are required are time sensitive!
Use of the JAILS system is Smart Once You Get Your Head Around it
The term JAILS is one that is thrown around a lot when people talk about security in the TrueNAS platform and for good reason. When it comes to installing a new third party tool/service that is not native to the platform, in TrueNAS you can install these additional components as completely contained areas of the system. These JAILS are excellent for securely and safely partitioning the system and services, that way in the event of troubleshooting, giving limited access to or quickly locking down a specific application or service. In essence, TrueNAS has two options to create a jail. Unusually for the platform, they even include a Jail Wizard (a hand holding guide, not a man in a big hat) which makes it easy to quickly create a jail. ADVANCED JAIL CREATION is an alternate method, where every possible jail option is configurable. There are numerous options spread across four different primary sections. This form is recommended for advanced users with very specific requirements for a jail. Many users might query why you would use a jail system such as this to run these contained storage/services, as opposed to a virtual machine or a container (as found more often in Linux). However, as jails run the FreeBSD operating system. These jails are independent instances of FreeBSD. The jail uses the host hardware and runs on the host kernel, avoiding most of the overhead usually associated with virtualization that requires hardware to be hard-locked or provisioned. The jail installs FreeBSD software management utilities so FreeBSD packages or ports can be installed from the jail command line. This allows for FreeBSD ports to be compiled and FreeBSD packages to be installed from the command line of the jail in a way that is considerably more configurable and more hardware efficient overall. That isn’t to say that TrueNAS ignores the versatility of Linux and containers, as their newer TrueNAS SCALE (Scale-out, Convergence, Active-active, Linux, Easy – doesn’t quite roll off the tongue, but covers the big advantages inherent to Linux kernel use) platform is built on Linux and takes advantage of those benefits too.
Ability to Bind the Admin GUI to a Specific IP and Port
This is a small but often overlooked setting, but when setting up your TrueNAS network interface ports, you can either leave the interfaces as dynamic and wide-ranging in access to the GUI – OR – you can craft an impressive static IP and fixed access credential to the administration GUI. Dynamic/Static IP control is widely available on most NAS systems (allowing the address of the NAS to be more fluid or fixed to ensure long term connections do not become interrupted between system/router restarts and/or updates) but the wider range of system controls and customization allow you to create incredibly closed admin control rules, thanks to authentication and white/black listing settings being used in conjunction. This is also applicable to the SSH/Command line-level access too. It is far from unique to TrueNAS BUT it is a great deal easier to build this routine on their platform than others (as well as arranging secure recovery methods).
Additional Interesting Passphrase Access Method for encryption alongside Key Use
Another unique piece of methodology by TrueNAS that (although far from new) is provided in a very interesting way on this platform is encrypted storage locking/unlocking. Alongside a very wide range of encryption options available to choose from when setting up every stage of the storage creation tiers (pool, volume, datasets, shares, etc) the TrueNAS also allows the user to create a passphrase. Now, on the face of it, I can hear a few seasons storage users saying “HOLD ON – THAT IS NO BETTER THAN A PASSWORD!”, but let’s dig a bit into this. Now, most users when they create an encrypted container (or whatever they are encrypting, run with it for a sec), the system generates an elongated key (depending on encryption algorithm of choice_), as well as the option of a downloaded key form. Now, it is ALWAYS highlight advice NOT to place this key (code or download) onto the NAS storage as that would massively undermine the whole security of the system. However, sometimes you do not have the encryption key available or just want momentary access. For that ease of access, during the setup of the encrypted setup, you are offered the chance to enter a passphrase in order to allow faster access to the encrypted storage. Now, this does not reveal the encryption key as it is not stored locally. Also, the passphrase is heavily limited in its # of entries and can be adapted to ensure that attempted bruit force hacks will lock the system down (like any other security setting). It is not going to be a system service that is widely used, however, it is still a nice additional option for faster access on the fly whilst not undermining the encryption.
Significantly Number of Options to Segment Admin/Controls Across System to Avoid a single ‘All-Power’ Control Panel if Desired
This all brings me to one of the most outstanding architectural differences that TrueNAS brings to the NAS market that a lot of turnkey solutions (by accident or design) do not fully offer, and that is the overall ability to completely remove creating a single all-power user. Now, on the face of it, I can hear some IT Admins fainting/getting angry BUT with most people’s storage business storage becoming physically spread wide BUT all connected over the internet, that is placing ALOT of power in the admin/power-users hands. There is absolutely a need in most Network/Data storage setups for a single account that can do and access EVERYTHING on a storage system, but that also means that this account, if exploited/accessed via a vulnerability, can be used to dismantle/destroy your storage system much, MUCH faster than anyone can physically disconnect individual components from the greater storage network. With the growing desire for enterprise towards hybrid storage and SD-WAN setups, interconnected storage is incredibly common and if your multi-site deployment doesn’t maintain uniform rigorously high-security standards across the board, one weak link can let the whole system down. But in the case of TrueNAS you have so many means to separate and compartmentalize the system, control access privileges to services, binding methods to users, groups and services, fixed connection rules and closed-shutter pre-emptive measures that can be adjusted to your needs (in an arguably complex setup it has to be admitted) means that you have the option in design to choose to create batches of locally powerful users instead of an all-powerful single user. Likewise, you can create multiple hierarchical rules that supersede others on the system that can create a checks and balances system of control that might well be better suited to many businesses that run in a more parallel style, all whilst the TrueNAS systems that are spread out can still communicate automatically and do their job. Again, this CAN be created to a very close degree on Synology and QNAP platforms, but you cannot truly remove the power user.
OpenVPN Support Integrated into the OS in the Available Service list
Most NAS systems in 2022 onwards have some form of support of VPN clients. This can stem significantly from brand to brand but in most cases, you find that they will select a handful of particular Virtual private network providers to provide tailored setup config options for (as well as generic setup options for others). In the case of TrueNAS, along with the support of WireGuard (which it is possible to connect your TrueNAS directly to via the WireGuard network with a few easy steps by creating some custom tunables to enable the service in the system settings menu) the system provides some great support of OpenVPN. OpenVPN (much like TrueNAS) is open source project and therefore free to use (non-commercial use, which requires the OpenVPN Access Server product which is sold by OpenVPN Inc. is not free). Within TrueNAS OpenVPN is a native service (so available from the start) and this allows much faster implementation and deployment of the VPN Server and/or Client functionality. This means TrueNAS can act as a primary VPN server to allow remote clients access to data stored on the system using a single TCP or UDP port. Alternately, TrueNAS can integrate into a private network, even when the system is in a separate physical location or only has access to publicly visible networks. OpenVPN includes several security options that, while not required in all user case scenarios, can help protect the data being sent into or out of the private network.
- Authentication Algorithm: This is used to validate packets that are sent over the network connection. Your network environment might require a specific algorithm. If no specific algorithm is required, SHA1 HMAC is a good standard algorithm to use.
- Cipher: This is an algorithm to encrypt data packets sent through the connection. While not required, choosing a Cipher can increase connection security. You might need to verify which ciphers are required for your networking environment. If there are no specific cipher requirements, AES-256-GCM is a good default choice.
- TLS Encryption: When TLS Crypt Auth Enabled is set, all TLS handshake messages are encrypted to add another layer of security. This requires a static key that is shared between OpenVPN server and clients.
OpenVPN is widely supported on the bulk of NAS providers but it is nice to see it here as a native application within TrueNAS, given that the platform is somewhat restrictive in the services it natively arrives with outside fo the app/add-on center.
Full System API Design
One thing that TrueNAS is always keen to highlight about the architecture of their platform (and for those that care for this, it IS a big design appeal of Core) is that pretty much the whole system is API designed. API is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other. If you are planning on connecting your server with one or more external services (more often as a database, but there are many other 3rd party client services that can communicate with a NAS) it can be somewhat of a security concern to provide login user credentials to these services so they can communicate with the system. API keys allow you to create a single access portal to a specific service to communicate with the NAS in a select and controlled fashion and without impact on the access control levels or privilege levels of your existing user groups. Remote connections with services can be made with all parts of the TrueNAS system services with API keys (rather than the administration/root login), aiding automated remote processes access without dangerously powerful credentials available to them. API keys can be generated on Synology and QNAP NAS systems, however not to the same system-wide extent thanks to the architecture of TrueNAS and that means that (once again) the platform is considerably more flexible than most – IF you have the time to craft it that way.
No Security Walkthrough? No Security Councilor?
I know I am starting to sound like a broken record here, but yet again, the thing that might well put a lot of users off the TrueNAS platform when it comes to security and Network management is the sheer complexity and intimidating scale of the options presented to you. In most cases, I think that TrueNAS takes an understandable hard position on storage complexity – you cannot be THAT customizable and configurable and keep things easy/straightforward. However, when it comes to network and security, I think TrueNAS could stand to benefit from further security and network setup guidance. They support the usual ‘?’ tips on most pages and links to the extensive community/official guides, which are a big help. But with fewer examples of dynamic help (setup wizards being mandatorily available on all network/security setups as you find on Synology and QNAP) as well as a security councilor/single-portal being absent to see all your system security in a single window (as TrueNAS DOES provide this in the storage manager) this is where many users will pause continuously in the early setup to triple check and unless they are a network security professional, will always feel that nagging sense of doubt. A security councillor or setup wizard may seem overly simplistic for TrueNAS, but it would serve as a useful alternative for some users who want to use a pre-set setup that they can customize down the line.
Review of TrueNAS – 3rd Party Tools, Applications and VM Deployment
One element of TrueNAS that divides opinion about the platform is its first-party services. TrueNAS offers a huge number of native services, tools and storage setup options that allow you to craft a fantastically bespoke and secure storage system, but the demands from most business/enterprise-class data storage users in recent years have changed dramatically thanks to the rise of cloud platforms and turnkey NAS solutions arriving on the scene to provide SaaS and PaaS solution – namely Software as a Service and Platform as a Service. These solutions (generally hybrid cloud/bare-metal such as Synology NAS + C2 or pure cloud such as Google WorkSpace or Office 365) provide your storage AND a range of applications and tools native to the brand (i.e 1st party) that allow you to interact and utilize your data in a closed ecosystem. This starts at tailored access to formats such as images, docs, music and video and inevitably extends to virtual machine deployment, native email & accounts management and more. Now, TrueNAS does not really provide any first-party/native tools that are comparable to this but DOES provides a fantastic base of operation that allows you to integrate a HUGE number of third party SaaS and PaaS provide to integrate with their system. Let’s discuss how TrueNAS handle that 3rd party support of add-ons.
App Installation is Highly Customizable and Has Advanced Options
Thanks to that open-source architecture and large community/homebrew community available to TrueNAS, there is a wide range of options to connect your existing services and client tools with the system and TrueNAS has a plugin center immediately available from the GUI. As you might expect, it is remarkably configurable but also is not quite as intimidating as other areas of the system that require installation and setup to be refined in great detail (but it DOES have the advanced option to go down that road if you want), but for those that care about how well/secure applications will be running, there is a tremendous range of config options available that include storage location, network, privileges (limiting root access) to start with and then widen out dramatically towards who can access, how they access, what powers the tool will have, safeguards and much more. Perhaps you created your DiY TrueNAS server to serve a specific purpose and want that tool (Plex, Emby, NextCloud, Smart Home tools, etc) to have the lion share of the performance and hardware options at it’s disposal – that is incredibly scaleable and configurable in TrueNAS that is simply impossible in QNAP and Synology.
Choices of Different App Repositories and Homebrew Installations
At the outset, when viewing the available addons and tools afforded to the app center of your iXsystems NAS, you will see that there are very few tools immediately available to download and install. These tools are ones that have been better catered to the system in conjunction with iXsystems on the TrueNAS system but you are not limited to these and alongside the option to access the verified/unverified community applications list (which is significantly broader in its tools than the iXsystems list), but you also have options to install custom made plugins at the command line level (creating jails and cages quickly) and for those with the skillset, this makes the TrueNAS significantly easier to adapt towards specific 3rd party tools and custom server use. Once again, compared with the Synology or QNAP platform, although their range of 3rd party applications (and 1st party apps off course) are wider in support in their respective app centers, once you try to step outside of this portal, their system’s more closed architecture can be a real bind. Both of those turnkey platforms have their own homebrew communities in Synocommunity and QNAPClub, but you are still relying on 3rd party app crafting in a way that the TrueNAS platform otherwise allows direct homebrew tool creation and deployment more broadly.
Virtual Machine Deployment is extremely QUICK and scalable!
When it comes to hosting and deploying virtual machines, this is one of the most compelling cases for opting for TrueNAS for many users. Typically right now deployment of virtual machine infrastructure in businesses (even smaller businesses that want to deploy centralized virtual systems to their staff on a local level) fall into two categories. There is opting for subscription-based pure cloud services such as the SaaS and PaaS options mentioned earlier in the review to host virtual terminals/PCs in conjunction with a hypervisor platform such as VMware or Hyper-V OR host them on a physical/bare-metal server on-site for network/remote access. There is of course the option to combine the two via hybrid storage and the right hosting/sync tools, but this is mostly an enterprise option and we are entering the NetApp/EMC tier at this point for most hyperscale users. Now, the reason TrueNAS commands such a compelling argument for itself when it comes to Virtualization is that you have full control of the components and hardware that make up your server – something that is just not as open in choice to turnkey solutions (which by design are closed in hardware specifications and offer limited scalability). Virtual machine deployment on the TrueNAS platform is possible in several ways.
First, there is using the system’s own hypervisor level tools to deploy a VM natively which allow a number of virtual hardware emulation choices immediately, as well as configurable network and setup options that will dynamically use the system hardware (also allowing you to be flexible on how the system reserves that hardware when a VM is powered on. Alongside this, the open-source and configurable nature of TrueNAS means that pointing an existing hypervisor VM tool locally on a client system or via installation in a jail etc on the NAS itself is a great deal more frictionless than the fixed design of Virtualization Station and Synology Virttaulization Station. These tools from QNAP and Synology do an excellent job and are wide-ranging in the platforms, OS’ and existing 3rd party SaaS/PaaS provides they support in their presets, but on the whole, they are less flexible to bespoke VM deployment than TrueNAS and then further bolstered by the scalability and upgradability of TrueNAS in it’s hardware. Migrating your existing TrueNAS storage and services into a much more powerful DiY setup as the cost/efficiency/power of modern hardware arrives is much more open-ended, with most NAS provided hypervisors requiring migration to remain in the closed ecosystem (i.e you can only move your Synology VMM setuP to another Synology NAS and that brand’s choice of hardware). Virtual Machine deployment on TrueNAS is still much more of a technical affair than those of turnkey solutions and it also lacks a few of the 2-3 click deployment-ready Windows/Linux VM advantages of QNAP Virtualization Station, but it is still a fantastically customizable, highly scalable and extremely adaptable virtual machine platform.
Apps Cannot be installed in the Background
This is a remarkably minor gripe I know. But when installing multiple services via one of the means afforded TrueNAS, it is a slower process than those found in many turnkey solutions. Between the system being largely inaccessible via the GUI to a user when the system is installing an application, to a slight clunky feeling of their deployment, users who are familiar with the commercial OS design and UX of Synology and QNAP are going to find adding new and executing services dealt with a little more friction. Most of this stems from the TrueNAS platform being more ‘hands on’ in its maintenance, but ultimately being designed to be part of a larger setup silently in the background, rather than the primary interface on a regular basis.
Range of Applications Available out the Box Still Seems a Little Thin
Given the scale and years of history in the development of TrueNAS, it still seems rather odd that further development towards first-party applications and services remains comparatively short. New service support is regularly added, as are verified 3rd party applications in the add-on list, but TrueNAS proprietary applications still seem pretty thin on the ground. I understand the reasoning behind this – TrueNAS wants to focus on making the very best data storage solution it can be, leaving other tailored data specializations to those that produced popular tools, which it can then add support for in its platform. However, even simple areas such as 1st party tools for file management, local client synchronisation/backup tools that support file pinning/streaming natively in shared folders or a mobile application for allowing administrators to quickly access, configure or troubleshoot the system more conveniently would be appreciated I am sure. This is all very possible with 3rd party tools that support TrueNAS, as well as the platform themselves recommending specific tools in places. However, many might feel that with each service requiring at best a sign-up and at worse subscription plans, it still seems odd that after all these years TrueNAS Core (aka FreeNAS) has still opted to overlook this.
Review of TrueNAS – Conclusion & Verdict
It will come as absolutely no surprise to anyone that when it comes to TrueNAS is a fantastically capable software for managing your storage. It even manages to swerve the downfall of being ‘too enterprise’ but arriving as an open-source free software platform to be enjoyed by businesses and storage enthusiasts. There is no avoiding that it IS quite a technical mountainous learning curve if you are arriving at it from a position of zero storage or network experience, but the last few big TrueNAS system updates have gone a long way to update some UI elements to be more intuitive, software wide help notes available at all times and the community support is as on-point at it has ever been. If you are a home user looking for a hurdles setup or a day-1 deployable system for your small business, then TrueNAS may be too big a jump for you and you would be better off with a traditional off-the-shelf NAS system. However, if you have the know-how, you have the willingness to get your hands dirty and already have the hardware in mind/in-house, then TrueNAS stands in a class of it’s own and thanks to some very unique architecture choices that are almost utterly unique to this platform, it’s pretty unparalleled in its scope.
|Who is TrueNAS for||Who is TrueNAS NOT for|
|Those with unique storage requirements in terms of workflow or data structure
Users who are happy with/prefer community Support
Those Who Prefer an analytic GUI
Though who demand performance and happy to tweak things till they get it
Those who would rather spend their allocated budget on hardware, not software
Those with a dedicated IT Team/Individual
Users who like to fine-tune
Anyone that has ever built a PC
Anyone that prefers the power and customization of PC Gaming
Users who prefer a smaller but more concise number of plugins
|Those who want to purchase a complete hardware/software solution to replace Google/DropBox etc
Users who prefer commercial-grade support
Those Who Prefer a graphic GUI
Users who want a 1st party ecosystem of hardware, software, add-ons and tools
Those who would rather spend their allocated budget on software/services, not hardware
The less tech-savvy that want the system to arrive ready to go (turn-key)
Users who want a system to do X thing X way without friction
Users who want simplified Warranty
Users who prefer Console Gaming as it is much more convenient and easy to deploy and enjoy
Users who prefer a wider variety of plugins
📧 LET ME KNOW ABOUT NEW POSTS 🔔
Get an alert every time something gets added to this specific article!
This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below
SEARCH IN THE BOX BELOW FOR ANY OTHER NAS