The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
Nelf2013
1. What's New in
FreeNAS 8.3
Dru Lavigne
Documentation Lead, iXsystems
NELF, March 17, 2013
2. Outline
Introduction to FreeNAS 8.x
Features and ZFS Overview
What's New
Plugins Overview
ZFS Encryption Overview
Additional Resources
3. Introduction
Open source NAS (network attached storage)
based on an embedded version of FreeBSD
(nanoBSD) and released under 2-clause BSD
license
Enterprise-grade appliance (TrueNAS) is also
available in 2U/4U form factors with professional
support
4. Introduction
8.x is a rewrite of the original monolithic design to
a modular design (.7x EOL'd in 2011)
8.0 was released May, 2011 with a focus on NAS
core functionality
8.2.0 introduced the Plugins architecture
(released on July 20, 2012)
8.3.1 will be the current release (as of March 20,
2013)
5. Features
Create UFS or ZFS volumes (ZFS recommended)
Import existing UFS/ZFS RAID/z volumes
Import existing UFS, DOS, NTFS, EXT2/3
volumes
Create shares using Appletalk, NFS, and SMB
protocols
Configure access through FTP/SFTP, SSH, and
iSCSI
6. Features
Integration with OpenLDAP, Active Directory
Automated, secure replication via rsync/ssh
Automated ZFS snapshots and scrubs
Front-ends to cron, sysctls, loader.conf
Reporting graphs, scheduled S.M.A.R.T. tests,
automated alerts, UPS
7. Features
Link aggregation, failover, and VLAN support
DDNS, SNMP, and TFTP support
Control panel to stop/start and view the status of
services
Users Guide available in wiki, HTML, PDF, epub,
and Kindle formats
8. Features
Supports OSX Time Machine and Windows
Shadow Copies
OS is installed on USB stick/CF and is separate
from data on storage disks
Upgrades keep a backup of the old OS, allowing
for rollback
Administrative GUI accessed through a web
browser; 8.2 adds a web shell for command line
operations
9. ZFS
128-bit filesystem designed to be “self-healing”
with checksums to provide data integrity
Snapshots (point in time) only store what has
changed since the last snapshot (COW)
Scheduled scrubs verify integrity of disks and data
Deduplication saves space (removes duplicate
data)
Datasets have properties (quotas, compression)
10. ZFS
RAIDZ* levels designed to overcome hardware
RAID limitations
RAIDZ1: equivalent to RAID5
RAIDZ2: double-parity solution similar to RAID6
RAIDZ3: triple-parity solution
Caveats: resilvering takes time and can stress
disks
11. What's New in 8.2.0
Plugins provide the administrator the flexibility to
install additional software from the FreeNAS GUI
to meet the requirements of the NAS
As each Plugin (PBI) is installed, an icon will be
added to the FreeNAS menu (used to configure
the application) and its service will be added to
the Plugins tab of the Control Services menu so it
can be started
Documented API so users can create and
contribute their own PBIs
14. Installing Non-PBI Software
If a PBI is not available, you can still install
FreeBSD packages or compile ports within the
Plugins Jail
Software installed this way will not be integrated
into the administrative interface but can be
configured and started from the command line
Use FreshPorts.org to search for software that
has been ported to FreeBSD
15. Available PBIs
FreeNAS PBIs are still new (only available since
July 2012)
3 official PBIs: Firefly, MiniDLNA, Transmission
List of PBI requests:
http://doc.freenas.org/index.php/PBI_Requests
List of user-created PBIs:
http://forums.freenas.org/showthread.php?8470-
INDEX-Available-Plugins
16. What's New in 8.3.x
8.3.0:
ZFSv28 adds deduplication, RAIDZ3, improved
snapshot support, and a removable log device
autoexpand property allows pool expansion by
replacing existing disks with larger ones
8.3.1:
Encryption
17. Encryption
GELI full disk encryption for new ZFS volumes
(not ZFSv30 encryption which is closed source)
Full disk encryption, not per-filesystem encryption
Targeted at users who store sensitive data and
want the ability to safely dispose of disks
(independent of the encryption key) without wiping
them first
Encryption key is per ZFS pool
18. Encryption
Encryption key is protected by both a passphrase
and a recovery key
CPU that supports AES-NI is recommended,
especially if more than one disk in pool
Data in the ARC cache and the contents of RAM
are unencrypted
Swap is always encrypted, even on unencrypted
volumes
20. Encryption
Key management tools added to encrypted
volume's screen in GUI
Used to change the passphrase, download a copy
of the key, create a new key (which destroys the
old key), create and download a copy of the
recovery key, and change the recovery key
If the passphrase is forgotten, the recovery key
can be used (needed when importing a pool)
23. Resources
Links to Users Guide:
http://doc.freenas.org
IRC:
#freenas on Freenode
Links to mailing lists and instructional videos:
http://doc.freenas.org/index.php/
FreeNAS_Support_Resources
24. Questions
Contact:
dru@freebsd.org
URL to Slides:
http://slideshare.net/dlavigne/nelf2013