Azure App Service Automatic Scaling is a new feature that intelligently manages the number of instances of a web application. It analyzes real-time HTTP traffic and scales out (adds instances) or scales in (removes instances) to match demand. The most significant advantage of Automatic Scaling is that it simplifies web application management, offering a less complex approach than services like Azure Virtual Machine Scale Sets (VMSS) or Azure Kubernetes Service (AKS), which often require detailed rule definitions.

Par erreur, Microsoft a déployé la nouvelle application Copilot, correspondante à son IA, sur Windows Server ! Ceci est lié à une mise à jour du navigateur Microsoft Edge. Voici ce qu'il faut savoir !

Si vous utilisez Windows Server 2022 et que vous avez constaté la présence d'une nouvelle application nommée "Microsoft Copilot" dans la liste des programmes installés, sachez que vous n'êtes pas seul. Au-delà de son nom, elle est facilement identifiable grâce à son logo désormais utilisé un peu partout par Microsoft. De plus, sa taille est surprenante : seulement 8 Ko.

Que se passe-t-il ? Tout a commencé par l'introduction de "Copilot" dans les versions "Preview" de Windows Server 2025. En effet, depuis plusieurs mois, nous avons accès à des versions de Windows Server 2025 qui donnent un aperçu des nouveautés à venir et des changements opérés par Microsoft.

• Comment installer Windows Server 2025 ?

S'il y a bien un changement qui n'a pas plus, c'est l'ajout de l'IA "Microsoft Copilot" à Windows Server 2025. Suite aux nombreuses réactions négatives, Microsoft a pris la décision de retirer Copilot de Windows Server 2025. Mais, alors, comment cette application est-elle arrivée sur Windows Server 2022 ?

Microsoft Copilot ajouté par une mise à jour du navigateur Edge

Sur la page de son site destinée à évoquer "les problèmes connus", Microsoft s'est expliqué : "Les mises à jour de la version 123.0.2420.65 du navigateur Edge, publiées à partir du 28 mars 2024, peuvent installer de manière incorrecte un nouveau package (MSIX) appelé "Microsoft chat provider for Copilot in Windows" sur les appareils Windows. En conséquence, l'application Microsoft Copilot peut apparaître dans les applications installées dans le menu Paramètres." - Ceci affecte Windows Server, ainsi que Windows 10 et Windows 11.

Autrement dit, ceci ne correspond pas à l'ajout complet de Microsoft Copilot à Windows Server 2022, et cela ne permet pas d'utiliser l'IA directement depuis la barre des tâches du serveur. "Il est important de noter que le fournisseur de chat Microsoft pour Copilot dans Windows n'exécute aucun code ou processus, et n'acquiert, n'analyse ou ne transmet aucune donnée relative à l'appareil ou à l'environnement à quelque titre que ce soit.", précise Microsoft, afin de rassurer ses clients.

Cette application vise à préparer l'activation future de Microsoft Copilot sur certains appareils Windows, dont les serveurs Windows Server ne devraient pas faire partie. Désormais, l'entreprise américaine cherche une solution pour supprimer cette application : "Nous travaillons sur une solution et fournirons une mise à jour dans une prochaine version de Microsoft Edge."

Source

The post Par erreur, Microsoft a ajouté l’application de l’IA « Copilot » à Windows Server first appeared on IT-Connect.

I. Présentation

Dans cet article, nous allons nous intéresser à Sysmon, un outil qui permet une meilleure journalisation des évènements de sécurité système sous Windows. Il s'agit d'un élément indispensable pour une surveillance efficace des évènements de sécurité.

Nous allons notamment voir que les évènements Windows par défaut ne permettent pas d'avoir une détection très précise des activités systèmes et des attaques telles qu'elles sont opérées aujourd'hui, et comment Sysmon permet d'améliorer cette détection.

Nous verrons également comment l'installer et le configurer à l'aide de modèles de configuration proposés par la communauté, et analyserons ensuite concrètement les journaux produits par Sysmon.

II. Sysmon : qu'est ce que c'est ?

Sysmon (pour System monitor) est à la fois un service et un driver fournit dans le package SysInternals de Microsoft. Il vise à améliorer la journalisation des évènements Windows avec un focus sur la journalisation des évènements de sécurité système. Il s'agit plus d'un outil de détection que de prévention, dans le sens où il permet une meilleure journalisation des évènements, mais ne permet pas à lui seul de bloquer des activités malveillantes.

Depuis Sysmon 14, Microsoft a revu sa stratégie concernant Sysmon. Celui-ci peut maintenant bloquer des exécutables malveillants ("FileBlockExecutable") ainsi que la suppression de fichiers via certains outils ("FileBlockShredding"). Cette protection n'est cependant pas parfaite et ne remplace par une solution dédiée (EPP/EDR).

Pour être plus clair, voici une partie de la liste des évènements que Sysmon peut surveiller et journaliser :

• Création de processus
• Modification de l'heure de création d'un fichier
• Connexion réseau
• Modification de l'état du service Sysmon
• Fin d'un processus
• Chargement de pilote
• Chargement d'image (injection de DLL)
• Evènement CreateRemoteThread (création d'un thread par un processus)
• Evènement RawAccessRead
• Requête DNS
• ProcessTampering
• etc.

Tous ces évènements peuvent paraitre très (trop) précis pour être intéressants. Mais, tous correspondent à des attaques et modes opératoires bien identifiés et connus des attaquants. Sysmon permet alors de retracer bien plus précisément que les logs par défaut une activité malveillante sur un système.

En plus de journaliser ces évènements clés pour surveiller l'activité d'un système, il inclut plusieurs éléments importants du point de vue des équipes de sécurité et relatifs au contexte de l'évènement :

• les condensats (ou hash) des images des processus lancés
• les GUID des processus (facilite la corrélation des évènements)
• des informations précises sur les connexions réseau (processus source, adresse IP, numéro de port, etc.)
• Integrity Level du processus
• des informations relatives aux métadonnées des processus (signature, auteur, description)
• etc.

Ces différents éléments facilitent également l'investigation numérique ainsi que la recherche et corrélation d'évènements, par exemple, grâce aux IOC (Indicators of compromise) publiés par la communauté ou une équipe interne de Threat Intelligence (adresse IP, nom DNS, hash d'un binaire, etc). Rien de mieux qu'un exemple pour illustrer cela. Comparons la journalisation de l'évènement "Création d'un processus" entre les logs par défaut Windows et les journaux créés par Sysmon (cliquez sur l'image pour zoomer) :

L'eventID 1 (à droite de l'image) créé par Sysmon est beaucoup plus verbeux en contenu technique. Il fournit plus d'informations de contexte autour de l'exécution du processus. Ces informations vont notamment grandement faciliter la recherche et la détection d'activité malveillante qui ont lieu sur le système.

Il faut savoir que l'intérêt de Sysmon est aussi la journalisation d'évènements qui ne sont pas du tout journalisés par Windows (au contraire de la création d'un processus, qui est le cas le plus simple pour exposer les capacités de Sysmon). Nous verrons ensuite que, grâce à la configuration que nous allons utiliser, les TTP (Tactics, Techniques and Procedures ) relatifs à tel ou tel évènement journalisé sont aussi indiqués. Nous comprenons donc bien ici que l'intérêt de Sysmon est d'avoir des logs plus précis, orientés autour d'évènements de sécurité très importants sur un système d'exploitation et facilitant la détection et l'investigation numérique.

Enfin, comme tout élément capable de générer des journaux d'évènement, la puissance Sysmon est décuplée si ces évènements sont centralisés et analysés par une plateforme de type SIEM (ELK, Splunk, etc.) et traités par un SOC (Security Operation Center).

Le code source de Sysmon est public et peut être consulté librement. Ainsi, vous pouvez découvrir précisément comment il fonctionne : Github - Sysinternals/SysmonCommon

III. Logs Windows : quelques trous dans la raquette

Les journaux d'évènements Windows peuvent paraitre complexes au premier abord. D'apparence, ils sont assez verbeux et consultables à travers un outil de visualisation/recherche peu efficace ("Observateur d'évènements"). Il est difficile de trouver exactement ce que l'on cherche si l'on n'y est pas familier.

Également, la politique d'audit par défaut de Windows passe sous silence des évènements importants de l'activité sur le système. Pour illustrer ce constat, intéressons-nous aux journaux produits durant trois étapes d'attaque d'un système. Pour faciliter cette analyse, j'ai créé un filtre de journalisation dans l'Observateur d'évènements qui centralise tous les Event ID, peu importe leur source :

Admettons qu'en tant qu'attaquant, j'exécute le binaire "mimikatz64.exe" :

.\mimikatz64.exe

Par défaut, cette activité n'est pas journalisée comme nous le montre "auditpol.exe" :

Tel que recommandé dans le guide "Recommandations de sécurité pour la journalisation des systèmes Microsoft Windows en environnement Active Directory" de l'ANSSI, nous pouvons positionner la stratégie d'audit "Suivi Détaillé" > "Création du processus" à "Réussite". Alors, si l'on réitère la même opération, un évènement avec l'Event ID "4688 - A new process has been created" sera créé :

La moindre des choses que l'on puisse dire est que cet évènement est peu verbeux. Les seuls éléments concrets dont nous disposons sont : le nom de compte ayant exécuté la commande, le nom du processus créateur et le nom du processus. Par exemple, le simple fait de renommer "mimikatz64.exe" en "itconnect.exe" suffit à contourner l'un des principaux éléments sur lequel une détection serait possible (le nom du processus) :

Dans un second temps, je décide d'ajouter un moyen de persistance en modifiant le contenu de la clé de registre "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run". Cette clé de registre est utilisée pour lancer des binaires au démarrage (voir Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder). Il s'agit d'un moyen de persistance très connu et souvent utilisé par les attaquants, qui leur permet d'avoir une connexion vers leur serveur C2 (Command & Control) dès le démarrage du système compromis :

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v mabackdoor /t REG_SZ /d "Z:\backdoor.exe"

J'utilise ensuite la CmdLet PowerShell "Get-EventLog" pour récupérer les évènements 4657 – A Registry Value Was Modified relatifs à la modification d'une clé de registre :

À nouveau, aucun évènement n'est journalisé par défaut sous Windows lors de la modification des clés de registre. Enfin, je vais initialiser une connexion réseau vers un serveur malveillant afin de récupérer un ransomware :

À nouveau, aucun évènement journalisé.

Comment nous le voyons à travers cet exemple, les journaux d'évènements produits par Windows par défaut ne sont pas suffisants pour tracer exactement le déroulement de mon attaque et de mon activité sur le système. Par défaut, ils ne sont pas tous activés et lorsqu'ils le sont, leur contenu n'est pas assez détaillé pour une investigation numérique efficace.

Autrement dit, si vous subissez une cyberattaque et que, par chance, vos journaux d'évènements sont préservés (externalisation, centralisation, voire sauvegarde), ceux-ci ne seront pas suffisants pour que l'équipe d'investigation numérique ou de remédiation puisse vous dire précisément ce qu'il s'est passé, par où est passé l'attaquant, quelles ont été ses actions, etc.

IV. Déploiement de Sysmon

A. Installer Sysmon de façon classique

Nous allons à présent voir comment installer Sysmon sur un système Windows (serveur ou client, la procédure est la même). Pour acquérir la dernière version de Sysmon, il faut le télécharger depuis le site de Microsoft : SysInternals - Sysmon.

Attention à bien télécharger le binaire depuis le site de Microsoft, et nulle part ailleurs.

Une fois que ce binaire est téléchargé, décompressé et présent sur notre système cible, nous allons ouvrir une Invite de commande en tant qu'administrateur, puis exécuter le binaire avec l'option "-i" :

.\Sysmon64.exe -i -accepteula

Voici la sortie attendue :

L'installation de Sysmon64 entraine notamment la création d'un service "Sysmon64" et l'installation d'un driver "SysmonDrv", dont le rôle est de capturer les évènements de sécurité côté kernel. Le driver échange notamment avec les API Windows et exploite l'Event Tracing for Windows (ETW) pour capturer les informations sur les actions qu'il souhaite surveiller.

Il est important de noter que l'installation de Sysmon est permanente, son service et son driver seront toujours présents et actifs après un redémarrage. Il peut toutefois être désinstallé simplement.

Le driver permet notamment à Sysmon d'utiliser des callbacks, aussi appellés hooks (crochet), sur des fonctions clés du système d'exploitation. Lorsqu'une fonction surveillée est invoquée, le callback associé au driver Sysmon est déclenché. À ce moment-là, Sysmon peut collecter des informations pertinentes sur l'événement en cours, telles que les détails du processus impliqué, les arguments de la fonction, les fichiers accédés, etc. Ces informations sont ensuite journalisées. On retrouve cette mécanique sur la plupart des services type EPP/EDR aujourd'hui.

Aucun redémarrage n'est nécessaire, en vous rendant dans le "Gestionnaire de tâches" puis dans "Services", vous devriez voir le service "Sysmon64" en cours d'exécution :

Vous noterez également qu'il est impossible d'arrêter ce service en tant qu'administrateur :

Cela est dû à une protection mise en place par Windows sur ce service : le Protected Process Light. Cette protection est notamment chargée de vérifier l'intégrité du code pour s'assurer que seul le code "vérifié" et "de confiance" est chargé dans le processus protégé. Ainsi, il ne peut être pris pour cible d'une injection de code ou de DLL et personne ne peut toucher à ce processus :

Grâce à cette protection, il sera plus difficile pour l'attaquant d'altérer le fonctionnement de ce processus en vue de mettre fin à la journalisation de ses actions.

Sysmon s'installe par défaut avec une configuration qui permet de journaliser certains évènements. Cette configuration par défaut peut être consultée via l'option "-s" :

.\Sysmon64.exe -s

Voici le résultat attendu :

Comme vous pouvez le voir, il s'agit d'une configuration au format XML. Celle-ci permet de définir les évènements à journaliser, leur Event ID et leur contenu. Exemple avec la journalisation de la création d'un processus :

Ici, nous voyons dans un premier temps la définition de l'event ID avec son nom et son ID ("1"). Les sections précédentes de cet article contiennent déjà un exemple d'évènement créé via cette règle, vous pourrez donc voir les champs déclarés par la configuration dans cet évènement. Par défaut, la journalisation de cet évènement est activée ("ruledefaut=include"). Ce qui n'est pas le cas de tous les évènements, exemple avec l'évènement "11 - Process Create" :

Ainsi, avec la configuration par défaut, vous ne constaterez aucun évènement avec l'ID 11 dans vos logs. Nous voyons ici qu'il faut savoir lire et comprendre cette configuration, au risque de ne pas être assez précis dans notre journalisation.

Pour visualiser les logs, ouvrez l'Observateur d'évènements, puis rendez-vous dans "Journaux des applications et des services" > "Microsoft" > "Windows" > "Sysmon".

En fonction de la configuration en place (pour l'instant, celle par défaut), vous verrez dès à présent différents évènements journalisés.

B. Installation discrète de Sysmon

Les attaquants les plus avancés vont toujours commencer par regarder quels sont les composants de sécurité en place sur un système avant de tenter d'aller plus loin dans leur compromission. Il s'agit d'une phase de prise d'information très classique, par exemple :

• Est-ce qu'un EPP (Endpoint Protection) est en place ? Ils peuvent pour cela regarder la liste des processus en cours d'exécution à la recherche de nom d'agents EPP connus (Trellix, Symantec, Sophos, etc.)
• Est-ce que Microsoft Defender est actif ? Si oui, quelle est sa configuration ? Contient-elle des exclusions intéressantes ? Sa base antivirale est-elle à jour ?
• Les journaux d'évènements sont-ils envoyés sur un autre système ? Ce qui serait le signal qu'un SIEM, voire un SOC peut enregistrer et voir son activité malveillante. L'attaquant peut pour cela regarder les processus et services actifs à la recherche d'agent de transmission de log connus, ou encore les connexions établies visant des ports connus, etc.
• Est-ce que Sysmon est installé ? Quelle est sa configuration ? Contient-elle des exclusions intéressantes ?

La réponse à ces questions permet à l'attaquant d'avoir une idée du niveau de discrétion dont il doit faire preuve pour ses prochaines opérations sur le système ou le réseau.

Cependant, Sysmon donne la possibilité aux administrateurs de dissimuler sa présence, notamment en modifiant le nom du driver et du service lorsqu'il s'exécute. Par défaut, comme nous l'avons vu, nous pouvons voir un service "Sysmon64" actif dans la liste des services en cours d'exécution :

Lors de la phase d'installation, Sysmon propose l'option "-d" pour permettre de donner un nom arbitraire au driver Sysmon (limité à 8 caractères). Quant au nom du service, il est déterminé par le nom du binaire exécuté lors de l'installation. Il nous suffit donc de le modifier avant installation :

Une fois cette opération effectuée, il sera plus difficile pour l'attaquant de détecter la présence de Sysmon sur le système :

Sur l'image ci-dessus, le processus Sysmon apparait bien comme "ITCProc". Dès lors, pour gérer le service Sysmon et par exemple, récupérer sa configuration actuelle, il faudra utiliser le binaire nommé "ITCProc.exe", l'utilisation de "Sysmon64.exe" ne fonctionnera plus.

Attention, cette méthode est une dissimulation et il existe d'autres moyens de détecter la présence du driver Sysmon (notamment via son altitude identifier).

V. Configuration de Sysmon

A. Récupération et étude d'une configuration XML Sysmon

À présent, nous allons configurer Sysmon pour qu'il journalise les évènements qui nous intéressent. La configuration par défaut est un bon départ, mais vous allez voir qu'il est possible d'aller beaucoup plus loin assez simplement.

Nous allons notamment nous baser sur des configurations connues et éprouvées créées par la communauté de la cybersécurité. La configuration la plus connue est celle proposée par SwiftOnSecurity, consultable et téléchargeable ici : Github - SwiftOnSecurity :

Cette configuration comporte plusieurs intérêts :

• Elle est éprouvée par la communauté et sa pertinence est reconnue. Vous pouvez notamment jeter un œil à son historique de modification Github.
• Elle est documentée, même si la lecture de son contenu peut être difficile à cause du format XML, elle contient différents commentaires permettant de comprendre ses principales sections, exclusions
• Elle est bien structurée, ce qui permet une compréhension et une modification aisée. Elle peut ainsi servir de base à une configuration propre à vos besoins et environnements
• Elle contient des cas d'exclusions permettant d'éliminer les faux positifs "classiques" sur les OS Windows, facilitant ainsi l'exploitation des journaux créés par Sysmon.
• Elle apporte des éléments de contexte supplémentaires sur chaque Event ID tels que les TTP du MITRE relatif à une action malveillante journalisée.

Bref, utiliser cette configuration apporte une réelle plus-value par rapport à celle par défaut et un gain de temps qui évite d'avoir à concevoir sa propre configuration XML, avec les difficultés que le format et la complexité des uses-case apportent. Avant de l'appliquer, je vous recommande tout de même de finir la lecture de cet article, puis de lire en détail le contenu de la configuration XML, afin que vous sachiez exactement ce qui sera journalisé et ce qui sera exclu de la journalisation.

B. Application d'une nouvelle configuration Sysmon

Il nous suffit donc de télécharger cette configuration XML puis de l'appliquer à Sysmon, nous pouvons utiliser l'option "-c" :

.\Sysmon64.exe -c .\sysmonconfig-export.xml

Voici la sortie attendue :

Pour vérifier que notre configuration est en place, nous pouvons utiliser l'option "-c" de "Sysmon" :

Les éléments de configuration affichés sont à présent très différents et bien plus verbeux que la configuration par défaut de Sysmon.

Nous pouvons à tout moment revenir à la configuration par défaut avec l'option "-c --".

C. Suppression du fichier de configuration

Maintenant que nous avons appliqué notre configuration à Sysmon, il est très important de ne pas laisser le fichier de configuration persister sur le système sous la forme d'un fichier XML. Si l'attaquant accède à ce fichier, il aura la possibilité de comprendre en détail les règles de détection en place, incluant ses potentielles exclusions et exceptions. Ainsi, il pourra construire une attaque qui exploite ou contourne les règles configurées.

En cela, il est mieux de laisser l'attaquant dans le noir et de supprimer cette configuration du système. Attention à ne pas non plus la laisser accessible sur un partage réseau trop ouvert auquel l'attaquant pourrait avoir accès.

Même si le fichier de configuration initial a été supprimé, Sysmon aura toujours cette configuration à disposition. Lors de l'import d'une configuration avec l'option "-c", Sysmon transforme cette configuration XML en blob de données et le stocke dans une clé de registre :

Ce blob de donnée n'est pas facile à parser et l'attaquant aura du mal à récupérer en clair les règles et exclusions de la configuration à partir de celui-ci.

VI. Exemple de journaux Sysmon

Comme nous l'avons vu, les journaux d'évènements Sysmon sont stockés dans "Journaux des applications et des services" > "Microsoft" > "Windows" > "Sysmon". Si je réitère mon activité malveillante initiale (celle qui n'avait pas été ou peu journalisée par les logs par défaut de Windows) : voici ce que je peux voir dans les logs Sysmon (cliquez sur l'image pour zoomer) :

Nous voyons clairement dans les logs : un event ID 1 - Process Create, un event ID 13 - Registry value set et and event ID 3 : Network Connecion detected. Ce qui correspond et retrace exactement les activités malveillantes réalisées sur le système. Dans la capture ci-dessus, nous avons les détails de l'exécution de "mimikatz64.exe", déjà exposé précédemment dans cet article. On peut noter la présence de nombreuses informations, dont le hash MD5 du binaire, qui ne changera pas en fonction du nom qui lui est donné (bien que des méthodes simples permettent de modifier ce hash pour qu'il ne colle plus aux signatures classiques).

• Pour en savoir plus sur ce qu'est un hash MD5, je vous oriente vers notre article : Gestion d’empreinte numérique sur Linux

Nous pouvons également regarder le contenu de l'évènement relatif à l'ajout d'une valeur dans une clé de registre :

À nouveau, nous avons un grand nombre d'informations à propos de l'évènement, le processus parent, le nom de la clé de registre modifiée, sa valeur, on y retrouve clairement l'exécutable malveillant, etc. Vous remarquerez également la présence du "T1060" dans l'attribut "RuleName", il s'agit de l'identifiant du TTP relatif à cette action malveillante. Cet ajout provient de la configuration SwitfOnSecurity et vise à aider l'analyste à comprendre la nature et l'impact d'un évènement de sécurité.

Pour mieux comprendre l'intérêt et les bénéfices de cette information, regardons par exemple le contenu du TTP T1060 sur le site du framework MITRE ATT&CK (le framework ayant été mis à jour récemment, l'action au TTP 1060 rédige vers son nouvel identifiant : T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder ):

Il ne s'agit là que d'un extrait, mais l'on comprend ici bien plus en détail les enjeux de cet évènement : l'attaquant a cherché à établir une persistance sur le système en modifiant une clé de registre contenant des binaires exécutés au démarrage.

Enfin, voici l'évènement relatif au téléchargement d'un binaire malveillant depuis un serveur appartenant à l'attaquant, action qui n'était pas du tout journalisée par les logs par défaut de Windows :

Là aussi, nous obtenons des informations claires et précises sur l'évènement, notamment l'IP, nom et port de destination, qui sont des informations importantes en termes de détection (grâce aux IOC) et d'investigation.

Pour mieux comprendre chaque évènement produit par Sysmon, nous pouvons utiliser la documentation Microsoft, qui référence précisément les eventID et leur définition : Sysmon - Events

VII. Conclusion

J'espère que cet article vous a aidé à mieux comprendre ce qu'est Sysmon, son utilisation standard ainsi que sa plus-value pour la sécurité d'un système Windows et plus globalement du système d'information. Nous n'avons pas fait un tour complet de l'outil, notamment en ce qui concerne les évènements plus techniques (CreateRemoteThread, RawAccessRead, Process Tampering, etc.), ni la construction complète d'un fichier de configuration avec ses exclusions, exceptions, etc. Mais, le contenu de l'article devrait être suffisant pour mettre en place et utiliser Sysmon au sein de votre système d'information.

Ce qu'il est important de retenir au-delà de Sysmon est l'importance d'avoir une journalisation la plus complète et précise possible concernant les évènements de sécurité, puis d'être capable de la centraliser (SIEM) et de surveiller activement et comprendre ces différents évènements. Dans cette démarche macro, Sysmon n'est finalement qu'un point de départ.

N'hésitez pas à donner votre avis dans les commentaires ou sur notre Discord !

The post Windows : utilisation de Sysmon pour tracer les activités malveillantes first appeared on IT-Connect.

GitHub Actions workflows for GitHub Pages just became generally available. GitHub Pages is a service that lets you host static websites on GitHub directly from your repositories. GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform provided by GitHub that allows users to automate their build, test, and deployment pipelines. This article takes you through using custom workflows to deploy static websites to GitHub Pages with GitHub Actions workflows.

Are NAS Drives Safe Enough to Use in 2024?

Are you a NAS owner? Perhaps you are considering buying a NAS based on a recommendation from a friend, work colleague, IT professional or even myself (Robbie) on YouTube. The appeal of owning your own server, cutting the connection with your subscription cloud providers such as Dropbox or Google drive, having all your data backed up in-house and that feeling of pure control/ownership is hard to underestimate. However, over the last 4-5 years or more, it has been hard to ignore that the brand has suffered a series of security issues surrounding the subject of ransomware – a process whereby your data is encrypted with a unique, near uncrackable cypher and a document (typically a .txt) is left for you with instructions for you to make a payment in bitcoin to a predesignated account in order for instructions and the key to recovery your data. Ransomware in of itself is not new and originally dates back to 1996 under the name cryptoviral extortion (you didn’t come here for a history lesson, but the wiki covers a lot of those early developments into the concept) and is frighteningly easy to conduct IF an intruder has access to your system and/or the means to inject the command to encrypt the data inside of any system. Words like virus, hack and malware have been thrown around the internet for the last 20-30 years, however, Malware feels significantly more organized and comparatively recent, as well as being something that has been enacted on all storage platforms, such as Google Drive (thanks to sync tools), Apple was directly hit in 2021 and over 300 BIG name companies that you WILL of heard of in the last 18 months that included:

Acer, FujiFilm, Northern UK Rail, Exabyte Web Hosting, Foxtons, The Salvation Army, Shutterfly Photography, Bose Sound, The NRA, Kronos CRM systems, Gigabyte Motherboards, Volvo, SPAR, Olympus Cameras, GUESS Fashion, ADATA, CD Projekt, Travelex, SK Hynix, Capcom, Crytek, Kmart

Those are just a brief scan of confirmed news reports and only a small fraction of the companies, brands and institutions that have been successfully targetted. Tech companies, media companies, charities and countless retail outlets. Why am I going through all this? Well, 1, these companies should have exceptionally sophisticated storage and remote access protocols in place, 2, cannot use the excuse of being companies with practically no formal association with high-level storage and 3, are companies with a responsibility to protect significantly custom databases that eventually fell foul (partially or fully) to vulnerabilities. Personally, I DO think, when NAS brands have blame on their side (eg Asustor/Terramaster with Deadbolt, QNAP with QLocker, Synology with SynoLocker, etc) that they need to acknowledge publically, make significant errors in these attack proactive management AND have handled a number of the follow-up actions to these incidents very poorly (both in terms of communication and execution) – They need to put their hands up and say “We F’d Up” and take responsibility, up to a point! However, I do also think that the end-user base is also not completely innocent and alongside ascertaining whether any particular NAS brand is safe to use in 2024, we should also think about how we store data, the limits of our own due diligence and our expectations from server devices.

Important note – If you are currently unaware of the severity of ransomware attacks, malware attacks and authentication bypass vulnerabilities, you need to subscribe to this page HERE on NASCompares. Also, if yo are in any doubt about NAS security and owning a system, REMEMBER, the very LEAST you can do is:

• Set your system software updates to automatic (either FULL or just security updates)
• Disable the ‘admin’ account (it should be disabled by default, but make sure!)
• Disable SSH / Terminal services if you are not using them (again, these should be ‘off’ by default, but check)
• Create exclusre login credentials to services/clients (eg Plex should/can have a user:plex + password, and then restrict that account to only the folders and services that it needs, then restrict or ‘ready only’ the rest
• Have at least one backup in place. Remember that a backup is a complete copy of all your data in a different system/location!!!
• Change random ports in the system for accessing the NAS (you tend to find NAS systems use 8000, 8001, 8080, 5000, etc. Change them to something random)
• Enable 2 Step Authentication / 2FA / OTP
• Do not F&*k around with your router or open ports unless you know what you are doing!

Additionally, if you have been affected by ransomware on your storage solution (QNAP, Synology, UnRAID or whatever brand), this post is not intended to play ‘blame games’ or detract from the impact (personally or professionally) that it has caused. I have experienced ransomware attacks, malware attacks through my browser, virus attacks on my OS and seen my fair share of attacks fail and (annoying) succeed. Please do not take this article in the spirit of ‘get stuffed, It’s your fault!”, but as a means of dissecting the current state of play with NAS devices and the realistic expectations/responsibilities of all involved.

PSA – GET YOUR BACKUPS IN ORDER!

Before you even go one paragraph further, I have a simple question for you – do you have a backup in place? If yes, then carry on to the next part. If not, and I cannot stress this enough, GET ONE NOW. The time you are spending reading this you could be susceptible to data loss in about 10 different ways without even factoring in ransomware (Power failure leading to hard drive corruption, Malware from a slightly iffy google search this morning, cloud storage provider going bust, OS failure on your device, etc). In this day and age owning a sufficient data backup is as sensible as buying a raincoat or looking both ways when you cross the street – you don’t do it because you like rain or like looking at cars, you do it because they are peace of mind, they are a safety net, they are for caution in case of the worst. It is a bit tenuous, but owning one or multiple backups always make me think of this quote from Shawshank Redemption by Stephen King:

“There are really only two types of men in the world when it comes to bad trouble,” Andy said, cupping a match between his hands and lighting a cigarette. “Suppose there was a house full of rare paintings and sculptures and fine old antiques, Red? And suppose the guy who owned the house heard that there was a monster of a hurricane headed right at it. One of those two kinds of men just hopes for the best. The hurricane will change course, he says to himself. No right-thinking hurricane would ever dare wipe out all these Rembrandts, my two Degas horses, my Jackson Pollocks and my Paul Klees. Furthermore, God wouldn’t allow it. And if worst comes to worst, they’re insured. That’s one sort of man. The other sort just assumes that hurricane is going to tear right through the middle of his house. If the weather bureau says the hurricane just changed course, this guy assumes it’ll change back in order to put his house on ground zero again. This second type of guy knows there’s no harm in hoping for the best as long as you’re prepared for the worst.” 

Get a Backup in place

More Ransomware Attacks on QNAP than Any other NAS Brand?

WannaCry, QLocker, eChoraix, Deadbolt, how, many, times…

Probably the most compelling argument against the safety of NAS for many buyers is the simple fact that NAS brands increasingly seem to been in the news more for reasons of ransomware attacks. Indeed, even a quick browse of the last 24 months on the site ‘Bleeping Computer’ for stories on QNAP shows you that there have been multiple vulnerabilities found in their software/access that have allowed encryption commands to be injected into the QNAP NAS system to execute the ransomware attacks. How can this one brand be such a soft target? What are they doing wrong? Well as it stands, reading through news posts before/after previous ransomware attacks, as well as the dissection of events on the official forums in the midst of the an attack, the consistent threads are:

• QNAP is rolling out software and services with weak default settings and acceptable minimums to allow inexperienced users to open up external access WITHOUT the users understanding the risks
• QNAP has weaknesses in it’s software that the brand arguably takes a more reactive, than proactive stance on repairing
• QNAP’s recommendations on actions to user post-ransomware attack both publically and in 1-to-1 dialogue with users has been felt unsatisfactory
• Your QNAP NAS is better off currently used offline/network only

As general as all that might sound (without letting personal opinions colour it) those are largely the four core issues for many that have voiced their feelings on this in the forums. Moving away from the hefty subject of data loss slightly (we will be returning to that in a bit, but that is a question of Backups and routines to discuss), there is the fact that there have been vulnerabilities found in QNAP 1st party applications and services – but then again, so have there been in different NAS brand’s own services too. A click look at their respective Security Advisory pages will tell you this. This doesn’t exonerate QNAP in any way here, as part of the ‘social agreement’ between the end-user and QNAP is that as long as we ‘follow due diligence in protecting the data inside the NAS as directed AND maintain our own network/router setup, the QNAP NAS should protect our data inside the NAS to the best of it’s ability. This is where it all becomes problematic. As QNAP have never successfully balanced the line between giving the user freedom, control and customization WHILST still preventing the user from doing anything self-harming without a full idea of the consequences. It’s a line that their biggest competitor Synology seems to toe better and this comparison only serves to re-enforce the feeling (and numbers) that QNAP are attacked more.

The Nature and Practice of Firmware Updates on ALL NAS Brand Devices – Prevention & Cures

“Remind me Tomorrow” click

Though sometimes NOT the means with which a vulnerability in the NAS software/services is achieved, it is still a factor in some instances that updating to a later firmware would actually have closed a vulnerability. However, this is a remarkably broad statement and the truth is a great deal more nuanced. First, we have to understand that ALL software that has a remote access component via the internet will likely be investigated by cybercriminals for weaknesses. Not just NAS ones – ALL of them, from Microsoft office and Android mobile OS, to your LG TV and Amazon FireTV. Hell, I bet there are people who have investigated the ‘buy now’ option of WINRAR in effort to see if an opening exists to use it as a ransomware entry vector. What I am saying is that as soon as a commercially popular software with internet access exists, people are going to try and take it apart to find out its weaknesses for exploitation. If/When these weaknesses are found and actioned (or submitted to the brand for bounty programs – whereupon brands ask people to try and break their software, so they can make it better/safer/improved), the brand then issues a firmware update to the affected software/services to its user base, then around the merry-go-round we go again! This is not a process that happens daily – but it definitely happens weekly or monthly (depending on the frequency of the brand to instigate the changes that are raised to them). This is why is it so common for companies that are affected by ransomware in their software/services to immediately highlight the need for firmware updates. At that point, the attack vector and vulnerability is reverse engineered, patched and closed. Many of these vulnerabilities are small. Very, VERY small sometimes. Indeed, it is for this reason that all the reputable NAS brands have security advisory pages that list current weaknesses, vulnerabilities and issues on their platform that are being investigated (Synology HERE, Asustor HERE and yes, QNAP HERE) and in all my time in the world of network-attached storage, I do not think I have ever seen one of these pages have ‘100% resolved’, but when something is resolved the resolution is invariably rolled into an update. So what we can take from this is that although firmware updates do not completely remove the possibility of new vulnerabilities being found in the future, they do seemingly close the bulk of existing vulnerabilities that have been found by/volunteered to the brand.

So why do we not install the firmware updates automatically? This isn’t limited to NAS of course! From the Mac notification that have been nagging you at the top right of your screen, to the windows update at the bottom right and all those applications on your phone that are asking you to please install the latest updates to your software – we choose to ignore them til ‘later’! Worse still, there is the old ‘if it ain’t broke, don’t fix it’ mentality that will often result in many users only installing smaller updates, but flat out avoiding the BIG updates as they can ‘change where everything is’ or ‘I heard it breaks a bunch of stuff’. Businesses in particular with shared files in their thousands are always reluctant to run any process that can suspend that access temporarily or change how something works. So, there we have a fine melting pop of ingredients that has led (in some instances, but not all – as we will go further go into) to many users being hit by ransomware attacks via vulnerabilities that, although patches were available, were not actioned. How do we resolve this? Forced update that leaves the user’s own hesitance out of the equation? Limitations of the system’s remote connectivity unless the latest firmware update is installed (console gamers will be very familiar with that method of course)? Or a 50/50 split where minor updates are optional, but larger ones are mandatory? It’s a tough tight rope to walk. So, let’s see how QNAP walked/walks this tight rope and how they could have possibly done it ALOT better.

System Updates and Updates – Should a NAS Brand FORCE Firmware Updates to Users?

Forced? Optional? Access Penalties?

As mentioned, tighter control of firmware implementation would allow the brand to ensure that a NAS that has internet accessibility is updated to a high/current firmware revision. Alternatively, the brand could limit the systems external connectivity and disable all settings if the firmware on the system is not up to date – simply running a check with the NAS brand connected domain when trying to access these services and settings and declining if the latest update is not installed. Xbox and Playstation users are more than aware of this as a fixed rule to ensure that installed software is officially licenced and checked in advance. However, those are closed systems and many buyers have selected NAS over cloud services precisely because of the flexibility and customization it offers. However, when NAS brands have previously FORCED firmware updates remotely for services, it has NOT been received well:

Forced updates are something of a taboo subject too, with the recent rather heavy-handed move by QNAP back in 2020 in light of the Deadbolt ransomware attack to remote push the latest firmware update to all QNAP NAS systems that were internet-connected without any notice to the end-users (overriding any settings that disabled or prevented this). Now, clearly, QNAP did this as an extreme and something to prevent the vulnerability of the system software and/or configuration from being exploited further (that have still not been fully confirmed in its attack vectors, with some users who have ridiculously high-security settings still getting hit). In non-ransomware instances, I think QNAP issuing a message to their user base with a “In 5 day’s there will be an essential system update on XX day XX month at XX:XX time” message, with even a brief explanation of why would have been infinitely more preferable and would have been met with a much more positive stance (as well as it also making many users update sooner). However, clearly, the decision for a forced update was more of a last resort/hastily decided choice and that forms part of another reason that many users find the QNAP platform to sometimes bring services and software to market that could do with a little more time in the oven. Whatever way you look at it, QNAP was going to be damned, whatever they did. But did they put themselves in this position? What about the expectations of the end-user and due diligence? What SHOULD be the expected skillset of a NAS buyer to start with?

The Extent of the End User Responsibility, Skillsets and Expectations? What Are YOUR Responsibilities as a NAS Owner?

How much should a user be expected to know about networking?

The simplicity of NAS systems can often be oversold. It’s annoying and I am as guilty as most of this, but given the wide range of users who install a NAS system into their storage environments, the ease of setup and use is not shared with the ease of setup and understanding of network security in your home or office. On the one hand, NAS brands have supplied multiple services and processes in their system software that make remote access easy, encrypted transmissions easy, SSL certificate applying easy, 2-step authentication easy, UPNP and router pushing easy – you name it, they have tried to make it easy. But should they have? The ease of setting up a number of these services (as well as non-randomized settings in some places) can easily give users a false sense of security. So, for those users of a higher skillset, it would be acceptable that a NAS should only be remotely accessed with the highest layers of security applied, and it should not allow remote level access to be possible without some unique intervention and set-up by the end-user (not just a password and/or disabling an admin account), although to stop presets of this nature would lead to a noticeable spike in the difficulty of setup, perhaps that is what is needed. This is by no means a new issue we are discussing and even a brief google search online finds examples of attack vectors and methods as far back as 1999 on public/org sites.

However, in reality, it simply would not work like this, The user base of most established NAS brands are just too varied and though these tougher and more unique security implementations would secure things, the less technically skilled users would hit hurdle after hurdle, once again, one of the prices of some (not all) of that flexibility. Alot of users who have been hit by ransomware attacks have specifically headed to official forums because they do not have the remote setup experience that might be deemed an acceptable minimum to start opening ports via the NAS settings or directly on the router. This once again brings us back around to what should be the expected skill level of an average NAS Drive owner, how much of the control and security profile of the storage system belongs to the NAS manufacturer and how much should the buyer be expected to do independently? You can buy a car, you can fill it with petrol and the manufacturer can tell you its top speed, and miles to the gallon – but no car manufacturer would feel the need to add to all their adverts “must have a driving licence”, do they? It’s a rather stretched simile I know, but the fact remains that users cannot expect to connect their storage to the internet in 2024, open up pathways to it via the internet and not at least make allowances or provisions that an attack could happen. This leads us to the hardest and coldest fact of practically EVERY SINGLE NAS related recent ransomware attacks that, although only applies to a % of users, is still depressingly true.

How Backups and Data Storage are Still being Misunderstood – UNDERSTANDING WHAT A BACKUP IS, AND A NAS IS NOT!

A frighteningly large number of victims with no backup. Acceptable backup levels?

One of the hardest choices for anyone that has been successfully targetted by ransomware attackers (not exclusive to NAS either) is the choice to pay or not. When I am asked to make recommendations for a home or business user in the free advice section here on NASCompares or the comments on YouTube, I will always ask what the user storage quote is currently (now then double annually over 5yrs), their user base (volume and frequency) and their budget? That last one is always a kicker for some, as no one wants to show their cards! I’m not a salesman and I do not work for a eRetailer, I ask because there is a lot of ground between a £99 DS120j and a £5000 RS3621XS+. However, budget is INCREDIBLY important and should not only be measured by the number of 0’s in the account, but also by the cost of if the data is lost! Many users are so busy thinking of how much it will cost to provision for the future, that they are not factoring in the cost of replacing the past! This is the exact personal vulnerability that ransomware targets and sadly, a lot of users still do not understand 1) what a backup actually IS and 2) what a backup actually ISN’T.

If your data ONLY lives on the NAS, then the NAS is not a backup. You likely knew that. But socially and conventionally, we tend to forget it quite easily. We make space on phones by deleting stuff because ‘it is backed up on the NAS’. We sync our laptops and MacBooks with a remote folder to keep our files safe on the NAS, but still make changes or delete files on the hoof. We take the NAS as red as a backup and at that point, it isn’t! Likewise there are things that SOUND like backups… RAID… Snapshots… Hot Spares… they sound very reassuring, but are not backups, they are safety nets! And are all typically found ‘in system’. A REAL backup is something that is the same files, ELSEWHERE!  There is no avoiding that a NAS (Synology, QNAP, TrueNAS, Whatever!) is NOT a backup solution in of itself, but can be used IN a Backup Strategy. All brands highlight at numerous points on their website that you should have a 1-2-3 Backup strategy, or a bare-metal and cloud backup, or a periodic USB backup, a NAS to NAS remote backup – or ALL of them! Sadly, there are a lot of users in the official NAS branded forums that have been hit by ransomware and did not have backups in place, with some knowledge that they needed a backup but their budget’s prohibited it. Whilst others say that a NAS brand publishes in its online literature that it’s a backup device, they bought it as a backup device, therefore the company missold it and that is the end of argument!

The sad truth is that the brand is not responsible for your backup routine or strategy, it supplies the means to store and access data and their responsibility (succeed or fail) is to ensure its hardware and/or software provides a default secure level of access, as well as the means to configure that access to the users control. There HAVE been vulnerabilities found and they have patched them, as is the usual process in these things (at least, they say they have at that is the best guarantee we can ever have from a brand in the circumstances), but they are NOT responsible for your backup routine. This now leads us to the subject of the NAS hardware, the NAS software and comparisons between brands.

Hardware vs Software Priorities – Is Synology Safer Than QNAP?

Hardware vs Software, QNAP vs Synology, Is the grass greener?

Way back in the mid twenty-teens, whenever I would discuss QNAP and Synology on the platform, I would always say that you go to Synology for the Software and QNAP for the Hardware. Synology’s DSM platform clearly makes up the bulk of the companies investment and attention, makes up a significant chunk of the price tag and is designed around keeping things as user-friendly as possible (within reason). This is why their devices at each generation refresh (DS918+>DS912+>DS923+ or DS218+>DS220+>DS224+) only make smaller increases on the previous generation – the software IS the focus. With QNAP we tend to see the hardware taking bigger leaps each generation. Better standard ethernet, better PCIe gens, Better CPUs much earlier and overall greater hardware at any given time. For PC builders and those that know a lot more about the contents of their laptop than the contents of their router, this is speaking THEIR language and makes the price tag translate better. Fast forward to now and although that logic still remains the same, these brands are more 60/40 in their architecture (where 60 = their preferred hardware or software bias). The issue starts when QNAP seem to rush their software out the door very quickly. Alongside a lot of more beta applications being available, they roll out a lot of new types of software that (and I am sorry to use that expression again, but) could have used more time in the oven. This approach to software development and release can be dicey and although it makes QNAP the more exciting platform (with its better hardware, more diverse software and continued AI or generally automated services), it also means that the platform has less of the layers of troubleshooting red-tape that Synology has (which inversely means the Synology product is going to be more expensive and less hardware rich, as that investment of time needs to be repaid to be justified). In recent years, QNAP has seemingly slowed down it’s hardware releases and rolled out more in software, introducing bounty programs for vulnerabilities, pen testing and is seemingly learning from their mistakes (we hope). Whilst Synology have further doubled down on software innovation, with solutions remaining longer in the market between refreshes) and continued on their path to continued dominance in NAS. Whether you look at the whole thing as a tortoise and the hare situation, or a case of ‘slow and steady wins the race’, there is no denying that Synology appears to take security more seriously than most other brands.

Look at the Apple TV box or Amazon FireTV / Firestick? Is it user-friendly? yes! Is it slick and intuitive? Yes! Is it flexible in the installation of 3rd party applications? NO (at least, not without workarounds)! Is it hardware-powerful? LORD NO! One glance on eBay will show you a thousand other media boxes at the same price with Android on board, 5-10x the hardware and customization coming out of the wazoo. Nevertheless, many users will not buy the apple/amazon media option because although they KNOW it will be slick and ‘hold your hand’ all the way, it will be a closed system, noticeably more expensive and even then “nothing is full proof, right?”. And a lot of the anger at QNAP for their increased ransomware targeting and handling of this needs to also be balanced against why a lot of users chose the QNAP NAS brand. The QNAP NAS platform does have good applications and services, some genuinely unique ones and ones that allow tremendous flexibility and customization – but users need to remain relative to what drew them to the platform and have sufficient backups AND safety nets in place. I would say this about QNAP, about Synology, hell… Google drive, DropBox, Backblaze… ALL of them have localized client tools that rely way too much on the success of versioning/roll-backs being possible on the cloud platform. None of them are 100% full proof and QNAP dropped the ball multiple times here, but none of these ways are unprecedented and should be provisioned for regardless of your NAS brand or cloud platform.

The Sad Truth about Servers, Security and Vulnerabilities

Vulnerability > Update > vulnerability > update > rinse > repeat

No platform, software or service is going to be 100% bulletproof. You can increase your personal layers of security (VPNs, Encryption, layers, restrictive white lists, etc) to hit 99.99% but whatever way you are looking at it, everything we use is software-based and therefore, fallible. Equally, users cannot pretend that it is still the early days of the internet anymore and still be annoyed when a statistical possibility that should have been factored against was not. Do I think NAS drives are safe? I’m sorry to say that the answer is never going to be a simple Yes/No. I think they provide what they say they provide and I think that NAS hardware is still the best in the market right now. But the majority of NAS brand software needs to be less rushed (I somewhat absolve Synology of this, as they seemingly take it 10/10 seriously!), the extra time/budget be spent on that software, or utilize a trusted 3rd party. The need to relinquish some of the customization of their platform in efforts to remove some of the configuration out of the hands of less tech-savvy users who end up overly reliant in defaults. Perhaps a much more rigorous setup policy that, on day 1, have an EXPERT door and a NOVICE door, with randomized defaults and extremely regimented update rules on the latter. Equally, the brand (though better than it was) needs to work on its communication with its end-user base, both in the event of critical issues and education on what the user base needs to have to increase security OUTSIDE of their product.

I still recommend the majority of turnkey NAS brands in the market in terms of their bse product and the range of security/system protection tools they include, but we need to be realistic and honest with ourselves about what we buy and our expectations. If I buy a NAS, I expect it to store the data I store in it and allow me access to it on my terms, but ‘my terms’ might be a lot more/less strict than the next person and with that comes due diligence in 2024. I hope that the last big ransomware attack, deadbolt from the start of 2022, is the last ‘big’ one we hear about moving forward, but I do not think it will be. More than just any one brand, one look at the vulnerabilities listed on security advisories of all the brands tell us that there is big money to be made by these intruders and the brands can only stay 1 step ahead. As always, me and Eddie here on NASCompares have been running a page that links to the bigger NAS security Advisory pages that gets regularly updated, so if you want to get notifications on these as they get added (pulled from the official pages themselves), then you can visit the page below and put your email in for updates when they happen. Have a great week and backup, backup, BACKUP.

Click Below to Read

 

Finally, If you are currently unaware of the Deadbolt ransomware attack that took place on QNAP NAS devices, you can find out more in the NASCompares article and video below:

 

SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE

 

Terramaster NAS Release TOS 6 in Beta

The release of Terramaster TOS 6 Beta for NAS devices marks a significant milestone in the evolution of NAS operating systems, with an array of new features and comprehensive improvements designed to enhance user experience, system performance, and security. This sixth iteration introduces a radically redesigned user interface and integrates more than 40 new functionalities while refining over 370 aspects, ensuring a top-tier upgrade for TNAS users.

Expanded Key Features and Improvements in TOS 6

• Linux Kernel 6.1 LTS Upgrade: Transitioning to the latest Linux kernel version, TOS 6 benefits from improved scheduling algorithms, enhanced memory management, superior file system support, optimized network performance, advanced security features, and better power management. This upgrade facilitates a more robust and efficient system, capable of handling the demands of both home and enterprise environments with ease.

• Revolutionized Docker Manager 2.0.16: This release introduces Docker Compose project management, adding a new dimension to container orchestration on TNAS devices. The addition of a container terminal and system notifications for Docker image operations streamlines container management. These enhancements, combined with UI and functionality optimizations, cater to developers and IT professionals seeking a versatile platform for containerized applications.

• File Manager Overhaul: With user feedback and industry best practices in mind, the File Manager has been retooled to offer an intuitive, efficient file navigation and management experience. Features such as enhanced directory navigation, column display mode for deep folder hierarchy exploration, tabbed browsing, adjustable thumbnail sizes, and a suite of new file operation tools significantly elevate user productivity.

• Online Disk Wiping: This new utility offers a straightforward solution for securely erasing all data from disks directly within the TOS interface, facilitating easy preparation of drives for repurposing or disposal without the need for external tools.
• Cloud Drive Mounting: Seamlessly integrate cloud storage services such as Google Drive, Dropbox, and more directly into TNAS. This feature enhances the flexibility of data access and management, allowing for efficient data synchronization and sharing between local and cloud storage.

• Security and Privacy Control (SPC): Introducing a robust security framework designed to prevent unauthorized execution of programs on TNAS devices. SPC enhances the overall security posture by ensuring only vetted and authorized applications can run, significantly reducing the risk of malware and ransomware infections.

• SMB Multichannel Support: By enabling multiple network connections for SMB file sharing, TOS 6 ensures higher data transfer speeds, improved reliability, and enhanced redundancy. This feature is particularly beneficial in multi-user environments where network performance directly impacts productivity.
• Direct Data Drive Mounting: Offering unparalleled convenience, this feature allows users to access data on external drives without the need for disk reformatting or repartitioning, preserving existing data while extending the storage capabilities of TNAS devices.
• Storage Pool Migration: Streamlines the process of migrating storage pools between TNAS devices, aiding users in hardware upgrades or replacements without the hassle of data migration or system reconfiguration.
• Advanced ACL Permissions: Delivers granular access control with 13 additional customizable permissions on top of the standard read, write, and deny options. This advanced permission management system enables precise control over data access, ensuring data security and compliance.

TOS 6 Beta System Enhancements

TOS 6 introduces a slew of system-wide enhancements aimed at delivering a more stable, secure, and user-friendly NAS operating environment:

• Performance and Stability: With the new Linux kernel and system optimizations, TOS 6 offers improved system stability and performance, ensuring that TNAS devices can handle intensive tasks and larger volumes of data more efficiently.
• Hardware and Innovation Support: Prepared for the future, TOS 6 includes support for the latest hardware innovations, such as Intel’s “Meteor Lake” chips, and introduces new data structures and error decoding capabilities for enhanced data processing and system reliability.
• Enhanced Security Measures: Building upon TerraMaster’s commitment to security, new features like customizable HTTPS certificates, optimized firewall rule settings, and the innovative SPC module significantly enhance the protection of user data against external threats.
• User Interface and Usability Improvements: From a streamlined desktop design and simplified navigation to a new “Start” menu and customizable user avatars, TOS 6 focuses on creating a more engaging and personalized user experience.
• Comprehensive Application and Service Enhancements: The update enriches the application ecosystem with new functionalities, improved file services, and advanced storage features, catering to a wide range of user needs from media indexing and scheduled task notifications to cross-platform data interoperability and USB storage device health management.

Through these extensive features and improvements, TOS 6 Beta not only advances the capabilities of TNAS devices but also sets a new standard for NAS operating systems, offering a sophisticated platform for storage, management, and security that meets the evolving needs of both individual and enterprise users.

How To Access the TOS 6 Beta – Update Instructions

Applicable models:
F2-221, F2-223, F2-422, F2-423, F2-424
F4-221, F4-223, F4-421, F4-422, F4-423, F4-424, F4-424 Pro, U4-111, U4-423
F5-221, F5-421, F5-422
T6-423
F8-421, F8-422, U8-111, U8-420, U8-423, U8-450, U8-322-9100, U8-522-9400, U8-722-2224
T9-423, T9-450
T12-423, T12-450, U12-423, U12-322-9100, U12-722-2224
U16-322-9100, U16-722-2224, U16-722-2288
U24-612, U24-722-2224

Applicable TOS Versions:
TOS 5.1.123 or later versions; if your device does not meet the update requirements, please do not update! Otherwise, system crashes may occur.

Precautions:
1. The Beta version is an early version of the program, containing most major functions but not yet completed, and may have some defects. This version is only released to specific groups or the general public for testing and feedback collection; the Beta version should not be used in work or production environments. If your TNAS device is running business operations or storing important data, please refrain from participating in this test.
2. Updating the system theoretically will not affect the data on your hard drive, but for safety reasons, please be sure to back up your data in advance.
3. After the update, if applications such as Plex, Emby, Aria2, etc., need to access new shared folders, you will need to reconfigure application user permissions.
4. Previously created firewall rules will be cleared, and you will need to create new firewall rules after the update.
5. If you are using port 5444, you will need to modify this port before updating.
6. After the update, TNAS will exit the domain, and you will need to rejoin the domain and refresh domain users.
7. After the update, if your encrypted shared file key contains special characters, you can only mount it by entering the key.
8. System configuration backups from TOS 5 cannot be restored to TOS 6.
9. Hyper Cache created before the update will become invalid after the update; it is recommended to uninstall Hyper Cache before updating.
10. Docker Manager versions 1.1.99 or earlier cannot run on TOS 6; please update Docker Manager before updating the system.

How to Update to TOS 6 Beta on Your Terramaster NAS?

1. Download the TOS 6 Beta update package: TOS 6 (md5:821b697ddb27dbc9c95ce2be398c791b)
2. Go to TOS > Control Panel > General Settings > System;
3. Under “Manual Update”, upload the update package;
4. Click “Apply”;
5. After the system update is complete, you will need to refresh your browser;
6. Your TNAS IP address may change after the system update. If you are unable to connect to your TNAS using the previous IP address, please use the TNAS PC client to search for the new IP address again.

Other Software Downloads:
TNAS PC for Windows OS: https://tos-downloads.oss-cn-hongkong.a … .1.352.exe
TNAS PC for macOS: https://download2.terra-master.com/TNAS … versal.dmg
TNAS Mobile for Android:https://download2.terra-master.com/TNAS … 3.2.31.apk
TNAS Mobile for iOS: Download from the iOS App Store. SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE

 

Proxy server settings can be automatically deployed to clients using the Web Proxy Auto-Discovery Protocol (WPAD). This protocol utilizes a Proxy Auto Config file (PAC), which can be provided via IIS. A Group Policy setting instructs web browsers on how to find the PAC file.

I. Présentation

Dans ce tutoriel, nous allons apprendre à capturer une image de référence Windows 11 23H2 avec MDT. Cette image, préparée par nos soins, pourra ensuite réutilisée en tant que master afin d'être déployée sur un ensemble de machines de votre parc informatique.

• Cliquez ici pour regarder la vidéo sur YouTube

La méthode que nous allons employer aujourd'hui consiste à :

1 - Prendre une machine Windows 11 qui servira de référence. Sur cette machine, nous pouvons modifier la configuration du système, installer des applications, déposer des fichiers de configuration, etc... Selon les besoins

2 - Capturer cette machine avec MDT afin que l'image Windows dans son intégralité (système + applications) donne lieu à une image WIM

3 - Ajouter cette image WIM à la liste des systèmes d'exploitation de MDT

4 - Déployer cette image de référence, qui est notre master, sur X ordinateurs

Ceci permet d'avoir une image prête à l'emploi, avec tous nos prérequis, ce qui en fait un master sur-mesure. Néanmoins, préférez autant que possible le déploiement d'applications par l'intermédiaire de MDT : ceci est la recommandation, et c'est aussi plus simple pour gérer les versions que vous souhaitez déployer, car l'image WIM capturée est figée (même si nous pouvons toujours agir dessus via les étapes de post-installation).

Dans certaines situations, cette méthode s'avère très utile, voire indispensable, et permettra d'éviter bien des galères aux équipes IT... Surtout, elle permettra de gagner un temps fou. Lors d'une précédente expérience, j'ai eu de nombreuses applications spécifiques à installer sur des machines, du style AutoCAD, Revit, Cadwork, etc... Elles sont à la fois lourdes et difficiles à déployer de façon silencieuse. De ce fait, les applications étaient installées sur une machine Windows 11, puis l'image capturée, ce qui permettait d'avoir une image prête à l'emploi avec ces applications préinstallées.

Voici quelques ressources complémentaires :

• Déployer Windows 11 23H2 avec MDT
• MDT - Intégrer les machines à l'Active Directory

II. Préparer la machine de référence

Pour cette démonstration, une machine sous Windows 11 Pro 23H2, déployée par l'intermédiaire de MDT (via la procédure décrite dans le précédent tutoriel) sert de point de départ.

Pour simuler quelques changements sur le système, je procède à l'installation de deux applications : la suite LibreOffice et VLC Media Player. Vous pourriez également décider de durcir la configuration du système à l'aide d'un outil comme HardeningKitty.

En complément, les VMware Tools sont installées dans la VM. Ainsi, lorsque cette image sera capturée puis de nouvelles VM déployées, elles bénéficieront directement des VMware Tools.

Ceci n'est qu'un exemple afin d'avoir un "master" à capturer. De votre côté, faites ce dont vous avez besoin.

Remarque : vous ne devez pas chiffrer la machine de référence avec BitLocker, sinon la capture échouera.

III. Les permissions sur le DeploymentShare

Si vous avez suivi notre tutoriel sur l'installation de MDT pour déployer Windows 11, vous avez créé le compte "Service_MDT" et vous lui avez attribué des permissions en "Lecture seule" sur le partage DeploymentShare. En fait, il s'agit de l'utilisateur déclaré dans les paramètres de MDT et utilisé par le LiteTouch (WinPE) pour se connecter au DeploymentShare.

Nous devons modifier les permissions car l'utilisateur doit pouvoir écrire dans le répertoire "Captures" afin de venir écrire l'image WIM.

Modifiez les permissions de partage :

1 - Effectuez un clic droit sur le dossier du DeploymentShare puis cliquez sur "Propriétés". Cliquez sur l'onglet "Partage" puis sur "Partage avancé".

2 - Cliquez sur le bouton "Autorisations".

3 - Sélectionnez l'utilisateur dans la liste, ici "Service_MDT".

4 - Attribuez la permission "Modifier" à cet utilisateur.

5 - Validez avec "OK".

Modifiez les permissions sur le système de fichiers NTFS :

1 - Cliquez sur l'onglet "Sécurité".

2 - Cliquez sur "Modifier".

3 - Sélectionnez l'utilisateur "Service_MDT" dans la liste.

4 - Attribuez la permission "Modification" à cet utilisateur.

5 - Cliquez sur "OK".

Voilà, cette étape est terminée.

IV. Créer une tâche Sysprep and Capture pour Windows 11

À partir de la console Deployment Workbench, créez une nouvelle séquence de tâches (via un clic droit sur "Task Sequences"), dans votre DeploymentShare.

Commencez par nommer cette séquence de tâches, par exemple "Capturer Windows 11" et poursuivez.

Lors de la sélection du template, choisissez "Sysprep and Capture".

À l'étape suivante, prenez une image système correspondante à la version que vous allez capturer. Mais, je crois que cela n'a pas de réelle importance puisque nous allons capturer notre image complète par la suite.

Poursuivez jusqu'à la fin... Tout en sachant que ces informations seront écrasées par la future tâche de déploiement de l'image.

Finalisez la création de la séquence de tâche.

Avant d'aller plus loin, accédez aux propriétés de votre DeploymentShare, puis dans l'onglet "Rules", assurez-vous d'avoir la ligne suivante :

SkipCature=NO

Sinon, l'assistant ne vous permettra pas de lancer la capture car l'étape de capture sera masquée.

En complément, si vous avez configuré le CustomSettings pour l'intégration au domaine Active Directory, vous devez commenter les lignes correspondantes, sinon l'étape "Capture Image" de l'assistant LiteTouch ne s'affichera pas (il s'agit probablement d'un bug). Une fois la capture effectuée, vous pouvez "réactiver" ces lignes.

V. Capturer image Windows 11 23H2 avec MDT

A. Démarrer la capture de l'image de référence

Désormais, nous allons initier la capture de l'image Windows 11. Vous ne devez pas démarrer en boot PXE sur le LiteTouch pour cette étape. À partir d'une session, sur la machine Windows 11 à capturer, accédez au DeploymentShare de votre serveur MDT.

À partir du nom ou de l'adresse IP. Puis, dans le répertoire "Scripts", exécutez le fichier "LiteTouch.vbs".

\\SRV-WDS\DeploymentShare$\Scripts
\\192.168.14.11\DeploymentShare$\Scripts

Actuellement, vous êtes toujours sur Windows 11, connecté à la session, et le LiteTouch démarre !

Sélectionnez la séquence de tâche "Capturer Windows 11" créée précédemment puis continuez.

Choisissez "Capture an image of this reference computer". Vous pouvez éventuellement donner un nom personnalisé à l'image WIM. Ici, la capture va générer l'image "CAPTW11-01.wim".

Continuez jusqu'à la dernière étape puis cliquez sur "Begin".

B. Le Sysprep

Le LiteTouch va commencer par initier un Sysprep sur la machine Windows. Cette étape est cruciale car Sysprep efface toutes les informations spécifiques à la machine : le SID, le nom de l'ordinateur, etc... Afin de préparer la machine au clonage ou à la création d'une image de référence (notre cas).

Patientez...

Le Sysprep est l'étape la plus délicate, disons.

Il y a régulièrement des plantages à cette étape, notamment à cause des applications Appx provisionnées dans une session et pas dans une autre. Si vous rencontrez une erreur, consultez ce fichier journal :

C:\Windows\System32\sysprep\Panther\setupact.log

Vous pouvez constater des lignes comme celle-ci :

SYSPRP Package <Nom du package> was installed for a user, but not provisioned for all users.

Dans ce cas, vous devez utiliser PowerShell pour essayer de faire le nettoyage nécessaire. Ceci peut bloquer sur une première application, puis sur une deuxième, donc consultez bien les logs si l'erreur revient après avoir fait le nécessaire.

Remove-AppxPackage -Package <Nom du package>

Pour lister les paquets de Microsoft, vous pouvez utiliser cette commande :

Get-AppxPackage -AllUsers | Where PublisherId -eq 8wekyb3d8bbwe | Format-List -Property PackageFullName,PackageUserInformation

Si vous ne parvenez pas à supprimer le paquet, essayez des commandes en supplément :

Get-AppxPackage -AllUsers <Nom du package> | Remove-AppxPackage -AllUsers
Remove-AppxProvisionedPackage -Online -PackageName <Nom du package>

Vous pouvez consulter cette page de la documentation Microsoft puisqu'elle aborde ce sujet.

Quand le Sysprep sera terminé et effectué avec succès, la machine va redémarrer.

C. Création de l'image WIM

Au redémarrage, la machine va automatiquement poursuivre la capture et procéder à la création de l'image WIM. Ceci signifie que l'image WIM est envoyée dans le répertoire "Captures" de votre DeploymentShare.

Patientez jusqu'à la fin... Ici, la capture s'est déroulée sans problème !

Sur le serveur MDT, il y a bien une nouvelle image WIM. Son poids est d'environ 9,4 Go.

VI. Ajouter l'image de référence à une séquence de tâches

Nous avons fait la capture de notre image de référence, c'est bien, mais comment l'utiliser ? Comment déployer cette image sur des ordinateurs ?

A. Importer l'image WIM dans MDT

Tout d'abord, nous devons importer l'image WIM dans MDT, en tant qu'image de système d'exploitation.

Sur "Operating Systems", effectuez un clic droit et cliquez sur "Import Operating System".

Un assistant s'exécute. Choisissez "Custom image file" comme type d'OS.

Puis, à l'étape "Image", cliquez sur "Browse" pour sélectionner l'image WIM générée par la tâche de capture. Cochez également l'option "Move the files..." pour que l'image WIM soit déplacée dans le répertoire "Operating Systems" de votre DeploymentShare. Sinon, elle sera copiée et elle occupera deux fois plus de place sur votre serveur...

Poursuivez jusqu'à la fin en suivant l'assistant... Il n'est pas nécessaire de changer les autres paramètres, si ce n'est nommer le répertoire de destination.

Voilà, l'image WIM est importée !

B. Associer l'image WIM à une séquence de tâches

Désormais, nous allons associer l'image WIM capturée à une séquence de tâches dans le but de la déployer sur des appareils. Vous pouvez créer une nouvelle séquence de tâches, ou éditer une séquence de tâches existante. Ici, nous allons éditer la tâche "Déployer Windows 11 Pro 23H2".

1 - Rendez-vous dans "Task Sequences".

2 - Double-cliquez sur la séquence de tâches à modifier.

3 - Cliquez sur l'onglet "Task Sequence" pour accéder à la liste des tâches.

4 - Sous "Install", cliquez sur la tâche "Install Operating System".

5 - Sur la droite, cliquez sur "Browse", ceci vous permet de choisir l'image WIM à déployer !

Sélectionnée l'image correspondante à votre capture :

Validez. Vous pouvez cliquer sur "OK" car c'est la seule modification que nous devons apporter à la séquence de tâches.

VII. Déployer l'image de référence avec MDT

Tout est prêt, nous n'avons plus qu'à tester cette nouvelle configuration !

Prenez une machine sur laquelle tester le déploiement... Pour ma part, ce sera une nouvelle machine virtuelle. Puis, démarrez en boot PXE pour charger l'image LiteTouch de votre MDT.

Vous voilà sur l'écran "Task Sequence" où vous pouvez sélectionner la tâche "Déployer Windows 11 Pro 23H2" à laquelle est rattachée l'image WIM de référence.

Suivez les prochaines étapes pour associer un nom à la machine, etc... Puis lancez le déploiement !

Voilà, le déploiement est terminé ! Nous avons une nouvelle machine déployée à l'aide de notre image de référence ! Les applications LibreOffice et VLC Media Player sont bien présentes, tout comme les VMware Tools !

VIII. Conclusion

En suivant ce tutoriel, vous devriez être en mesure de capturer une image de référence personnalisée avec MDT, pour créer votre propre master sur-mesure à déployer sur les machines de votre parc informatique !

The post MDT – Comment capturer et déployer un master Windows 11 23H2 ? first appeared on IT-Connect.

Vous utilisez Microsoft Edge sur Windows Server et il se ferme au bout de quelques secondes ? Sachez que vous n'êtes pas le seul et que ce problème serait lié à la version 123 du navigateur Edge. Faisons le point sur ce problème.

La Build 123.0.2420.53 de Microsoft Edge semble donner du fil à retordre aux administrateurs systèmes qui exploitent ce navigateur sur Windows Server. En effet, cette version ne semble pas fonctionner correctement : une page blanche s'ouvre au démarrage, puis quelques secondes plus tard, le navigateur se ferme tout seul. Ceci peut s'avérer très problématique sur certains serveurs, notamment les hôtes de sessions Bureau à distance (RDS) où les utilisateurs se connectent directement !

Ce problème fait suite à l'installation de la version 123.0.2420.53 sur Windows Server. Une version disponible depuis quelques jours sur Windows et Windows Server puisqu'elle a introduit le canal Stable de Microsoft Edge le 23 mars 2024.

Comment résoudre ce problème ?

Actuellement, la solution consiste à revenir en arrière, c'est-à-dire sur une version antérieure de Microsoft Edge. D'ailleurs, sur le forum de Microsoft une ligne de commande a été fournie par un utilisateur pour expliquer comment revenir en arrière à partir du package MSI d'une précédente version d'Edge grâce à l'utilisation du paramètre "ALLOWDOWNGRADE=1" :

msiexec /I Microsoft Edge_122.0.2365.106_Machine_X64_msi_en-US.msi ALLOWDOWNGRADE=1

Vous pouvez télécharger la version de Microsoft Edge de votre choix à partir de cette page. Sur la page du forum Microsoft, l'agent qui a répondu confirme que d'autres utilisateurs ont rencontré ce problème ! D'ailleurs, ces dernières heures, Microsoft a retiré cette mise à jour de son catalogue et elle n'est plus distribuée via WSUS : preuve qu'il y a un réel problème avec celle ! En attendant, si elle est déjà passée sur vos serveurs, vous risquez de rencontrer ce problème !

Et vous, rencontrez-vous ce bug sur Windows Server ?

PS : merci à Fabien Guérout de chez Délibérata (un ancien collègue !) de m'avoir signalé ce dysfonctionnement et confirmé que le downgrade vers une version antérieure permettait de corriger ce problème !

The post Sur Windows Server, Microsoft Edge 123 ne fonctionne plus ! Que se passe-t-il ? first appeared on IT-Connect.

Depuis plusieurs jours, le sujet affole les administrateurs systèmes : la mise à jour de mars 2024 pour Windows Server fait planter les contrôleurs de domaine à cause d'une fuite mémoire liée au processus LSASS. Microsoft vient à la rescousse de ses utilisateurs grâce à un correctif qui corrige le problème ! Voici ce qu'il faut savoir !

Rappel : les serveurs se figent et redémarrent suite à l'installation de la mise à jour de mars 2024 pour Windows Server (Windows Server 2022, Windows Server 2019, Windows Server 2016 et Windows Server 2012 R2). Ce problème a été constaté sur les contrôleurs de domaine Active Directory. Assez rapidement, Microsoft a confirmé l'existence de ce problème étant à l'origine d'une fuite de mémoire extrême pouvant faire planter le processus LSASS. L'entreprise américaine a également confirmé que les mises à jour publiées le 12 mars 2024 à l'occasion du Patch Tuesday étaient à l'origine de ce dysfonctionnement.

Le vendredi 22 mars 2024, Microsoft a publié de nouvelles mises à jour en urgence pour venir en aide aux administrateurs systèmes et aux organisations impactées. En effet, jusqu'ici, la seule "solution" était de ne pas installer la mise à jour cumulative, ou de la désinstaller afin de revenir en arrière.

La liste des correctifs de Microsoft

Voici la liste des correctifs proposés par Microsoft :

• Windows Server 2022: KB5037422
• Windows Server 2019 : KB5037425
• Windows Server 2016: KB5037423
• Windows Server 2012 R2: KB5037426

Au sein de l'article de support qui accompagne chaque mise à jour, Microsoft précise : "La fuite de mémoire se produit lorsque les DC Active Directory sur site et dans le Cloud traitent les demandes d'authentification Kerberos. Cette fuite importante peut entraîner une utilisation excessive de la mémoire. De ce fait, LSASS peut cesser de répondre, et les DCs redémarreront lorsque vous ne vous y attendez pas."

Vous devez installer cette mise à jour sur les contrôleurs de domaine Active Directory concernés par le bug lié à la mise à jour de mars 2024. Il n'est pas nécessaire d'installer la mise à jour de mars 2024, puis celle-ci ensuite, puisqu'il s'agit d'une mise à jour cumulative : installez directement celle-ci, dans tous les cas, et Windows Server installera uniquement ce dont il a besoin.

Comment télécharger la mise à jour ?

Pour télécharger le package d'installation de cette mise à jour hors bande, rendez-vous sur le Catalogue Microsoft Update. En cliquant sur ce lien, vous devez retrouver toutes les mises à jour, sinon effectuez une recherche directement sur le numéro de KB. Pour vérifier la présence du correctif pour Windows Server 2019, vous pouvez rechercher "Update Windows Server 2019" et regarder la date du correctif le plus récent.

Microsoft que cette mise à jour n'est pas disponible avec WSUS, ni avec Windows Update, donc vous devez impérativement utiliser le Catalogue Microsoft Update (ce qui ne vous empêche pas de l'ajouter ensuite à votre WSUS).

Merci aux différentes personnes qui m'ont signalé l'existence de ce correctif.

The post Reboot Windows Server avec la mise à jour de mars 2024 : voici les correctifs de Microsoft ! first appeared on IT-Connect.

Microsoft a confirmé que la mise à jour de mars 2024 pour Windows Server était à l'origine d'une fuite de mémoire pouvant entrainer le plantage et le redémarrage des contrôleurs de domaine Active Directory.

• Windows Server : la mise à jour de mars 2024 fait planter et redémarrer les contrôleurs de domaine !

Autant vous le dire dès maintenant : il n'y a pas encore de solution officielle ! Néanmoins, Microsoft a identifié le problème et les équipes de l'entreprise américaine devraient proposer une solution dans les prochains jours. "La cause principale a été identifiée et nous travaillons sur une résolution qui sera publiée dans les prochains jours.", peut-on lire sur le site de Microsoft.

Microsoft évoque une fuite de mémoire extrême pouvant faire planter le processus LSASS sur les contrôleurs de domaine, ce qui force le serveur à redémarrer de façon brutale. Les mises à jour publiées le 12 mars 2024 à l'occasion du Patch Tuesday sont bien à l'origine de ce dysfonctionnement.

Il est important de préciser que ce problème affecte les versions suivantes de Windows Server : Windows Server 2022, Windows Server 2019, Windows Server 2016 et Windows Server 2012 R2. Ceci signifie que de nombreuses organisations sont susceptibles d'être impactées ! Par ailleurs, Windows 10 et Windows 11 ne sont pas affectés.

Si vous rencontrez le problème suite à l'installation de la mise à jour, la seule solution viable pour le moment, c'est de désinstaller la mise à jour à l'origine du problème. Sur votre serveur, ouvrez une Invite de commandes ou une console PowerShell en tant qu'administrateur, puis exécutez la commande suivante (en indiquant le bon numéro de KB, selon votre OS) :

# Windows Server 2016
wusa /uninstall /kb:5035855

# Windows Server 2019
wusa /uninstall /kb:5035849

# Windows Server 2022
wusa /uninstall /kb:5035857

Si vous n'avez pas encore procédé à l'installation des mises à jour de mars 2024, nous vous recommandons de patienter...

Le vendredi 22 mars 2024, Microsoft a mis en ligne des correctifs. Plus d'informations dans cet article :

• Windows Server - Bug de mars 2024 - Les correctifs de Microsoft

Source

The post Microsoft avoue que la mise à jour de mars 2024 fait planter les contrôleurs de domaine ! first appeared on IT-Connect.

Les mises à jour de mars 2024 pour Windows Server sont à l'origine d'un nouveau dysfonctionnement sur les contrôleurs de domaine Active Directory. Ce problème, lié au service LSASS, fait planter le serveur, ce qui le pousse à redémarrer. Faisons le point !

Disponibles depuis le mardi 12 mars 2024, de nouvelles mises à jour cumulatives sont disponibles pour les différentes versions de Windows Server encore prises en charge par Microsoft, notamment les KB5035855 et KB5035857. Ces derniers jours, plusieurs messages ont été mis en ligne sur Internet, notamment sur Reddit et sur le site de Microsoft, afin d'évoquer un problème de stabilité à la suite de l'installation de la mise à jour de mars 2024.

Une nouvelle fois, ce problème serait lié au processus LSASS (Local Security Authority Subsystem Service) : une fuite de mémoire engendrerait une "surconsommation" des ressources sur le serveur. Ce dernier finit par figer et redémarrer car le processus consomme toute la RAM disponible !

D'après les quelques messages visibles sur Internet, les contrôleurs de domaine sont directement impactés par ce problème qui concerne au moins Windows Server 2016 et Windows Server 2022.

"Nous avons eu des problèmes avec lsass.exe sur les contrôleurs de domaine (2016 Core, 2022 avec DE et 2022 Core) où il y a une fuite de mémoire également. Au point que tous les contrôleurs de domaine se sont bloqués pendant le week-end et ont provoqué une panne.", peut-on lire sur cette page.

Est-ce qu'il y a une solution ?

Pour le moment, Microsoft ne s'est pas exprimé à ce sujet, et la seule solution temporaire, c'est de désinstaller la mise à jour, ou de ne pas l'installer pour le moment. Pour rappel, l'utilitaire wusa.exe natif dans Windows peut vous permettre de désinstaller une mise à jour :

wusa /uninstall /kb:<numéro de KB>
wusa /uninstall /kb:5035855

Ce problème doit rappeler de très mauvais souvenirs à certains d'entre vous, puisqu'en décembre 2022, Microsoft avait corrigé un bug aux conséquences similaires : le service LSASS consommait trop de mémoire et faisait planter le serveur contrôleur de domaine. Ce problème était directement lié aux mises à jour du Patch Tuesday de novembre 2022.

Avez-vous rencontré ce problème ? N'hésitez pas à faire des retours en commentaire !

Les dernières informations officielles de Microsoft, dans cet article :

• Microsoft avoue que la mise à jour de mars 2024 fait planter les contrôleurs de domaine !

Le vendredi 22 mars 2024, Microsoft a mis en ligne des correctifs. Plus d'informations dans cet article :

• Windows Server - Bug de mars 2024 - Les correctifs de Microsoft

Source

The post Windows Server : la mise à jour de mars 2024 fait planter et redémarrer les contrôleurs de domaine ! first appeared on IT-Connect.

I. Présentation

Dans cet article, nous allons partir à la découverte de l'offre Public Cloud de l'hébergeur suisse Infomaniak. Ce sera l'occasion de vous présenter le tableau de bord et l'interface de gestion avant de vous expliquer comment déployer une instance Windows Server 2022 en quelques minutes.

• Cliquez ici pour regarder la vidéo sur YouTube

II. Quelques mots sur Infomaniak

Avant d'entrer dans le vif du sujet, il me semble important de vous présenter l'hébergeur Infomaniak, ainsi que ses valeurs. Créé en 1994, en Suisse, ce fournisseur Cloud propose une large gamme de services : hébergement web, hébergement WordPress, serveur VPS, infrastructure Public Cloud, housing, etc.... Sans oublier la solution collaborative éthique kSuite qui regroupe des fonctions de stockage en ligne de type Drive, un système de visioconférence, de messagerie électronique, de chat, etc. Dernièrement, Infomaniak a lancé sa propre intelligence artificielle souveraine accessible au travers d'une API.

Aujourd'hui, Infomaniak compte plus d'un million d'utilisateurs et plus de 200 collaborateurs.

Au cœur des priorités d'Infomaniak, il y a la sécurité des données, le respect de la vie privée et l'écologie. L'intégralité des données des clients sont stockées dans des centres de données (Tier 3+) conçus par Infomaniak et situés en Suisse. Ceci est en adéquation avec la volonté d'Infomaniak de proposer des solutions souveraines et adaptées aux données sensibles.

Sur le plan de son empreinte écologique, le fournisseur cloud suisse effectue un travail remarquable depuis 2007 ! Le Green IT est dans l'ADN d'Infomaniak : au-delà de réduire sa consommation en énergie, l'hébergeur utilise exclusivement de l’énergie renouvelable, construit ses propres centrales solaires et prolonge la durée de vie de ses serveurs jusqu’à 15 ans pour limiter son impact au maximum sur la Planète. De plus, Infomaniak ne climatise plus ses data centers depuis 2013, compense à 200% la totalité de ses émissions de CO2, et va encore plus loin avec son nouveau data center D4.

Comme l'explique cet article, ce data center n’a aucun impact sur le paysage, car il est construit sous le parc d’un écoquartier. Son originalité ? Il revalorisera 100% de l'énergie consommée par l'infrastructure et la chaleur dégagée sera utilisée pour le chauffage de milliers de ménages en hiver et pour chauffer l'eau des sanitaires en été. "Cette innovation fournira à pleine capacité 12 750 MWh soit l’équivalent de 5500 tCO2 de pellets par an pour chauffer jusqu’à 6000 ménages", peut-on lire sur le site officiel.

• En savoir plus sur Infomaniak

III. Le Cloud Public Infomaniak

Le Cloud Public Infomaniak correspond à une offre de service de type IaaS où vous pouvez déployer l'infrastructure correspondant à vos besoins et ceux de votre organisation : instance serveurs (CPU/GPU), object storage (compatible S3), stockage bloc (Ceph/Cinder), réseau haute performance, etc.

Ce qui est intéressant, c'est qu'en plus d'être une solution européenne et souveraine, les services d'Infomaniak sont moins coûteux en comparaison de ceux proposés par les géants américains : Microsoft Azure, Amazon Web Services (AWS) et Google Cloud Platform. Consultez cette page pour en savoir plus.

Voici un exemple fournit par Infomaniak :

Un calculateur en ligne vous permet d'estimer votre consommation, ce qui peut être un exercice intéressant, notamment si vous avez déjà des services chez un autre fournisseur.

Tous les tarifs par heure ou par mois sont disponibles sur cette page :

• Les tarifs du Cloud Public Infomaniak

D'un point de vue technique, le Cloud Public d'Infomaniak s'appuie sur la technologie de Cloud computing open source OpenStack. Il s'agit d'une solution populaire reconnue dans le monde entier et utilisée par des centaines de fournisseurs Cloud, ainsi que des organisations. OpenStack peut être utilisé sur une infrastructure locale, hybride ou entièrement Cloud.

Grâce à une API et au fait qu'OpenStack soit une technologie ouverte, vous pouvez utiliser d'autres outils populaires pour gérer et déployer votre infrastructure : Terraform, Ansible, Docker, Kubernetes, etc....

Lors du déploiement d'une instance de type "serveur virtuel" sur le Cloud Public d'Infomaniak, vous avez le choix entre plusieurs images prêtes à l'emploi, aussi bien en Linux (Debian, Ubuntu, Oracle Linux, Arch Linux, Alpine Linux, Red Hat Enterprise Linux, etc.) qu'en Windows Server avec une prise en charge de Windows Server 2019 et Windows Server 2022.

La gestion de ses projets Public Cloud s'effectue à partir de l'interface Manager d'Infomaniak, où vous pouvez retrouver l'ensemble de vos services. Chaque "tenant" Public Cloud est associé à un ou plusieurs projets, où chaque projet à ses ressources, ses utilisateurs, etc... Ce cloisonnement est intéressant pour effectuer une séparation par projets ou par clients selon nos besoins.

A. Créer un projet

La première étape consiste à créer un nouvel environnement avec un projet. Ceci va permettre d'avoir un accès à OpenStack avec un utilisateur dédié. Cette étape s'effectue facilement. Il suffit de se laisser guider par l'assistant.

• Envie de tester le Cloud Public Infomaniak ? Vous pouvez utiliser ce lien.

Une fois cette première étape complétée, nous devons nous connecter à l'interface d'OpenStack à l'aide de notre nouvel utilisateur.

Voilà, nous sommes sur l'interface OpenStack !

C'est ici, que nous allons pouvoir créer nos instances, c'est-à-dire nos serveurs virtuels, mais également configurer les réseaux, le stockage, etc... En effet, nous pouvons créer un ensemble de réseaux virtuels, connectés ou non à Internet, de routeurs pour assurer les communications entre nos réseaux et les communications entre ces réseaux est sécurisé grâce à des groupes de sécurité (security groups).

B. Le coût d'une instance Windows Server

Comme je l'évoquais précédemment, vous pouvez déployer différents systèmes d'exploitation sur vos instances. Si vous choisissez d'utiliser Windows Server, au-delà du coût de l'instance, vous devez aussi louer la licence Windows Server. Ceci est proposé directement par Infomaniak, vous n'avez pas besoin d'apporter votre propre licence.

Actuellement, le tarif est le même pour toutes les versions et éditions de Windows Server. Il s'agit d'un tarif par CPU. Voici, à titre d'exemple, un tableau extrait du site Infomaniak :

IV. Déployer une infrastructure Windows Server

A. Schéma de l'infrastructure cible

Avant de vous expliquer comment utiliser l'interface d'OpenStack, nous allons nous intéresser à notre infrastructure cible. Elle contiendra une seule instance, sous Windows Server, mais nous allons effectuer toute la configuration du réseau virtuel afin de mettre en pratique la création d'un réseau, d'un sous-réseau, d'un port, d'un routeur ou encore d'un groupe de sécurité, en plus de l'instance en elle-même. Ceci vous permettra d'être plus à l'aise et plus ambitieux par la suite.

En résumé, nous allons accomplir les actions suivantes :

• Création d’un réseau nommé "servers-net" et d’un sous-réseau nommé "servers-net-windows" (10.10.10.0/24), avec DHCP activé, et une adresse IP de passerelle définie
• Création d’un port sur ce réseau, avec une adresse IP statique (pour qu’elle soit attribuée à la future instance) – 10.10.10.2/24
• Création d’un routeur connecté au réseau "ext-floating1" pour avoir accès à Internet et avec l'adresse IP "10.10.10.1/24" pour la communication avec notre sous-réseau
• Ajout d’une interface sur le routeur pour faire le lien avec le sous-réseau précédemment créé
• Création d’un groupe de sécurité et ajout d’une règle pour autoriser le protocole RDP (Bureau à distance)
• Ajout d’une adresse IP flottante pour la rattacher au port créé sur le réseau (avec l'adresse IP 10.10.10.2/24)
• Création d’une instance Windows Server
• Connexion à l'instance Windows Server, via RDP

B. OpenStack : créer un réseau

Commençons par la préparation de l'infrastructure réseau virtuelle. La première étape consiste à créer un réseau puis un sous-réseau. Sous "Réseau", cliquez sur "Réseaux" puis sur "Créer un réseau". Il est à noter que nous pourrions directement connecter notre instance sur le réseau "ext-net1" mis à disposition par Infomaniak. Pour plus de contrôle et de souplesse, nous allons créer notre propre réseau.

Vous devez commencer par nommer ce réseau : servers-net. Cochez la case "Créer un sous-réseau" avant de passer à la suite pour créer le sous-réseau dans la foulée, via les onglets correspondants.

Basculez sur l'onglet "Sous-réseau" afin d'indiquer le nom du réseau et l'adresse du réseau : adresse IP + masque de sous-réseau. Ici, nous utilisons l'IPv4, mais nous pourrions utiliser l'IPv6.

• Nom du sous-réseau : servers-net-windows
• Adresse réseau : 10.10.10.0/24
• Adresse IP de la passerelle : 10.10.10.1

Le dernier onglet, nommé "Détails du sous-réseau" est tout aussi important. En effet, nous pouvons activer ou désactiver le service DHCP sur ce sous-réseau. Dans cette démonstration basée sur Windows Server, nous allons attribuer une adresse IP statique à notre instance, donc nous pourrions avoir envie de désactiver ce service. Pourtant, nous devons bien cocher l'option "Activer DHCP" sinon l'instance ne pourra pas être déployée correctement (il manquera une route réseau, ce qui posera problème pour stocker le mot de passe de l'instance).

En complément, nous pouvons indiquer le(s) serveur(s) DNS de notre choix pour la résolution des noms. Cliquez sur "Créer" pour valider.

Voilà, vous venez de créer un réseau et un sous-réseau dans OpenStack.

C. OpenStack : créer un port

La seconde étape consiste à créer un port dans notre réseau afin de lui associer une adresse IP statique. Elle sera affectée à notre future instance, ce qui nous assure que l'instance aura toujours la même adresse IP.

Dans la section "Réseaux", cliquez sur le nom du réseau "servers-net", basculez sur l'onglet "Ports" et cliquez sur "Créer un port".

Donnez un nom à ce port, par exemple "VM-WS-2022-01", ce qui fait référence à ma future instance. Choisissez "Adresse IP fixe" et précisez l'adresse IP fixe. Par exemple : 10.10.10.2. L'association entre le port et l'instance sera effectué par la suite. Cliquez sur "Créer".

D. OpenStack : créer et configurer un routeur

Vous venez de créer un réseau, mais ce dernier est isolé. Nous avons besoin que notre future instance puisse accéder à Internet. Nous allons créer un routeur pour mettre en place cette connectivité vers le monde extérieur. Sous "Réseau", cliquez sur "Routeurs" puis "Créer un routeur".

Nommez ce routeur, par exemple "servers-net-router", choisissez le réseau externe "ext-floating1" et validez.

Grâce à cette action, vous venez de créer un routeur connecté à Internet, mais sans aucun lien avec votre sous-réseau personnalisé (servers-net-windows). Pour cela, vous pouvez ajouter une interface en cliquant sur le routeur ou à partir de la vue topologie en cliquant sur le bouton "Ajouter une interface".

Choisissez votre sous-réseau, correspondant à "10.10.10.0/24". Il n'est pas nécessaire de préciser une adresse IP de passerelle, puisque nous l'avons déjà déclarée dans notre sous-réseau (10.10.10.1/24). Cliquez sur "Envoyer".

Voilà, l'aperçu "Topologie" montre bien notre routeur qui fait le lien entre deux réseaux : ext-floating1 et servers-net.

Passons à la suite de la configuration.

E. OpenStack : créer un groupe de sécurité

Vous devez créer un groupe de sécurité pour gérer les flux entrants et sortants à destination de votre instance. Un groupe de sécurité sert à créer des règles d'autorisation de flux en partant du principe que tout ce qui n'est pas autorisé sera refusé.

Par défaut, il y a le groupe de sécurité "default" qui bloque tous les flux entrants et autorise tous les flux sortants. Vous allez créer votre security group personnalisé en cliquant sur le bouton "Créer un groupe de sécurité" présente sous "Réseau" puis "Groupes de sécurité".

Nommez ce groupe de sécurité, par exemple "servers-net-sg".

Vous pouvez constater la présence des deux règles par défaut pour autoriser tous les flux sortants. Vous devez ajouter au moins une règle de flux entrant pour autoriser le protocole RDP vers votre instance afin de pouvoir vous connecter en Bureau à distance à Windows Server.

Cliquez sur "Ajouter une règle".

Renseignez les différents champs du formulaire pour autoriser le port 3389/TCP en entrée, puisqu'il correspond au RDP. Vous pouvez jouer sur les paramètres "Distant" et "CIDR" pour autoriser une adresse IP source spécifique (ceci peut s'avérer utile pour éviter de trop exposer le port RDP). Cliquez sur "Ajouter".

La règle est bien présente :

Vous pouvez passer à la suite !

F. OpenStack : associer une adresse IP flottante à un port

Dernière étape avant la création de l'instance : vous devez associer une adresse IP flottante au port qui va être utilisé par votre instance. Ainsi, elle va bénéficier d'une adresse IP publique !

Sous "Réseau", cliquez sur "IP flottantes", puis cliquez sur "Allouer une adresse IP au projet".

Choisissez le pool "ext-floating1" et cliquez sur "Allocation d'IP". Nous pouvons définir un nom de domaine DNS, si besoin.

Ensuite, vous devez associer à l'adresse IP flottante. En l'occurrence, l'adresse IP publique doit être associée à l'adresse IP "10.10.10.2" qui sera utilisée par notre future instance Windows Server. Sans cela, l'accès direct à notre instance depuis Internet sera impossible. Cliquez sur "Associer" pour valider.

Nous allons pouvoir créer notre instance Windows Server !

G. OpenStack : créer l'instance Windows Server

Pour créer une ou plusieurs instances, que ce soit sous Linux, Windows Server ou un autre système, à partir de l'interface web, vous devez cliquer sur "Compute", puis "Instances" afin d'accéder au bouton "Lancer une instance".

Un assistant s'ouvre... Nous allons devoir y aller étape par étape.

L'étape "Détails" sert à spécifier le nom de l'instance et la zone de disponibilité (redondance géographique). Nous pouvons aussi décider de déployer plusieurs instances.

Quelle est la source pour cette nouvelle instance ? Il pourrait s'agir d'un instantané d'une instance existante, mais dans le cas présent, nous partons de zéro. Nous allons sélectionner une image : vous pouvez sélectionner l'image de votre choix dans le catalogue d'Infomaniak. A ce jour, il y a 33 images différentes. Sélectionnez : "Windows Server 2022 Standard".

Remarque : vous pouvez importer vos propres images personnalisées. Différentes sources sont prises en charge : ISO, VDI, VHD, VMDK, etc.

L'étape "Gabarit" se présente à vous. L'objectif étant de choisir un modèle de machine virtuelle (ou flavor pour reprendre le terme OpenStack) qui correspond à vos besoins, notamment en termes de vCPU (processeur), RAM, et capacité de disque. Vous pouvez personnaliser l'espace de stockage pour ajouter un volume avec une taille spécifique.

Par exemple, vous pouvez prendre le modèle "a2-ram4-disk80-perf1" pour avoir 2 vCPU, 4 Go de RAM et 80 Go d'espace disque. Ceci me semble cohérent pour démarrer un Windows Server (disons, que c'est le minimal).

Passez l'étape "Réseaux" puisque vous devez associer directement un port réseau à l'étape "Ports réseaux". Il n'y a pas d'intérêt à associer l'instance aux deux à la fois. Ici, avec le bouton qui contient une flèche vers le haut, vous allez sélectionner le port "VM-WS-2022-01" créé précédemment. Pour rappel, ce port correspond à l'adresse IP "10.10.10.2" sur le sous-réseau "servers-net-windows".

Passez à l'étape "Groupes de sécurité". Ici, vous allez associer à l'instance le groupe de sécurité "servers-net-sg" créé préalablement. Une autre méthode consisterait à associer le groupe de sécurité au port, ainsi l'instance pourrait en hériter.

Poursuivez.

L'étape "Key Pair" s'affiche. Ici, vous devez "Créer une paire de clés" SSH. Avec une instance Linux, cette clé sert à sécuriser la connexion SSH vers votre instance pour que l'authentification soit effectuée à l'aide de votre clé privée. Avec Windows Server, l'authentification s'effectue avec un identifiant et un mot de passe. Toutefois, cette paire de clés sert à sécuriser le processus de récupération du mot de passe par défaut : si vous n'avez pas la clé privée, vous ne pouvez pas lire le mot de passe.

Nommez cette paire de clés et cliquez sur le bouton "Créer une paire de clés".

Une paire de clés (clé publique + clé privée) sera générée. Vous devez copier la chaine correspondante à la clé privée afin de la stocker en lien sûr (dans votre gestionnaire de mots de passe, par exemple). Elle sera utile par la suite.

Poursuivez... L'étape "Configuration" sert à préciser le contenu d'un script de personnalisation de Cloud-Init (pour Linux), ce qui peut permettre d'automatiser la configuration de l'instance, en post-déploiement.

Poursuivez jusqu'à la fin en prenant connaissance des dernières étapes puis cliquez sur "Lancer Instance".

Ensuite, vous devez patienter pendant le déploiement de l'instance. Quelques minutes vont suffire. Pour suivre de plus près le déploiement, vous pouvez cliquer sur le nom de l'instance pour ensuite cliquer sur l'onglet "Console" afin de visualiser la console de la VM.

Quand le déploiement sera terminé, vous pourrez visualiser l'écran de verrouillage de Windows Server :

Comment se connecter à l'instance ? C'est ce que nous allons voir dans la prochaine partie !

H. OpenStack : se connecter à l'instance Windows Server

Pour établir la connexion à cette instance Windows Server, nous devons utiliser le protocole RDP. À partir d'une machine Windows, le client Bureau à distance peut être utilisé. Mais, quelle est l'adresse IP ? Quel est le nom d'utilisateur ? Et le mot de passe ?

• L'adresse IP, vous la connaissez puisqu'il s'agit de l'adresse IP publique correspondante à l'adresse IP flottante rattachée au port de l'instance.
• Le nom d'utilisateur est le suivant : Administrator

Pour le moment, quelques manipulations sont requises.

À partir de la liste des instances, cliquez sur la flèche au bout de la ligne de l'instance Windows Server, puis cliquez sur "Récupérer le mot de passe". D'ailleurs, ce menu donne accès à de nombreuses actions : prendre un instantané (snapshot), arrêter l'instance, redémarrer l'instance, etc.... Pour faire des économies, vous pouvez arrêter l'instance quand vous ne l'utilisez pas (chaque heure étant facturée).

Une fenêtre s'ouvre. Vous devez coller votre clé privée (vous savez, celle générée précédemment) ou charger le fichier de clé privée. Puis cliquez sur "Déchiffrer le mot de passe". Et là, le précieux sésame s'affiche au sein du champ "Mot de passe". Vous n'avez plus qu'à le copier. Vous l'aurez compris : pas de clé privé, pas de mot de passe. Pas de bras, pas de chocolat, finalement.

Vous n'avez plus qu'à ouvrir le client RDP sur votre PC ! Indiquez l'adresse IP publique, puis le nom d'utilisateur et le mot de passe afin de vous connecter.

Quelques secondes plus tard, vous êtes connecté à votre instance Windows Server 2022 !

La suite des opérations vous appartient : installation d'applications, de rôles Windows Server, etc... En fonction de vos besoins ou des tests que vous souhaitez effectuer.

V. Conclusion

En suivant ce tutoriel, vous devriez être en mesure de faire vos premiers pas avec l'offre IaaS Public Cloud d'Infomaniak dans le but de déployer une VM sous Windows Server 2022 Standard ! Vous pouvez même déployer une distribution Linux si vous le souhaitez, car finalement, à part pour se connecter à l'instance suite à la création, le processus reste le même !

• Envie de tester le Cloud Public Infomaniak ? Vous pouvez utiliser ce lien.

Souhaitez-vous en savoir plus sur le Cloud Public Infomaniak ? N'hésitez pas à commenter cet article pour évoquer vos idées, poser vos questions, etc.

Cet article inclus une communication commerciale.

The post Déployer une instance Windows Server 2022 sur le Public Cloud d’Infomaniak first appeared on IT-Connect.

The Topton N305 NAS Motherboard+CPU Combo – Should You Buy It?

If you have come to this article on the Topton N305 NAS Motherboard, then chances are you are a very specific kind of NAS user! When you want to build your own NAS from scratch, there is always the balance between POWER and POWER EFFICIENCY! The former, means you can get so much more done, as quickly as possible – the latter is a pursuit to ensure that this 24×7 DiY NAS server is not going to cost you a small fortune in electricity costs! Until recently, the 2020/2021 released Topton N5105/N6005 NAS+Mobo combo was considered the best balance in the market to provide a fair balance of performance, capability and power efficiency. However, because Intel has moved forward with its refresh of their processors into the newer generation (largely killing off the Intel Celeron and Pentium naming) AND brands such as Topton have now vastly improved their development techniques, many MANY eyes have now moved over to the newer Topton Intel N305 and N100 NAS Motherboard. Most ‘Build Your Own’ (BYO) NAS buyers are considering this highly praised little M-ITX combo for their new Plex Build, their new modest Container/VM server with Proxmox, or scaling up from a private cloud to a 5-6 drive UnRAID or TrueNAS server! But, is the N305 NAS motherboard actually any good? What are the main differences to consider between the N305 and N100 model? And is it reliable enough for your data? In this article we dig into the hardware and share what we find!

Note – You can watch the Topton N305 full hardware review and dive HERE on YouTube

Additionally, find our lists of the recommended NAS CPU+Mobo Combos HERE on NASCompares in a dedicated article

Where to Buy (Amazon / Aliexpress)	ALIEXPRESS $279 HERE (Upgrades Available) Amazon $348 HERE (Board Only)
Component	Specification
Processor	Intel Alder Lake-N i3-N305
Memory	1x SO-DIMM DDR5 4800MHz, up to 16/32GB
Storage	2x M.2 NVMe 3×1 Slot, 2x SATA3
PCIe Slot	PCIe 3×1 (cut)
Graphics	Intel UHD Graphics
Display Outputs	2x HDMI, 1x DP, 1x Type-C (all 4096 x 2160@60Hz)
Network Card	4x Intel i226-V 2.5G
4G LTE/SIM	Yes
Wireless?	MICROPCIe Slot (Shared with PCIe 3×1 Slot)
USB Ports	5x USB2.0, 1x USB3 via FPanel and Pins
Cooling	Passive cooling with fanless heatsink
BIOS	AMI EFI BIOS with various supports
TDP	9-15W
Power Input	DC 12V (External PSU option)
Case Material	Aluminium Alloy
Expansion	PWM fan power connector, TPM Pin
Dimensions	158.0mm x 126.5mm x 60.2mm
Color	Black or Gray (random)
Installation	Desktop, Wall-mounted
Operating Environment	0°C to 70°C, 5%-85% Humidity

 

---

Topton N305 DiY NAS CPU+MoBo Combo – Hardware Design

The Topton N305 Board is offered on Aliexpress with various pricing options based on the included components. The basic package, which includes just the CPU and motherboard, is priced at $319. For an additional $10, customers can obtain the package with a SAS fan-out cable for enhanced storage capabilities, totalling $329. The most comprehensive option includes everything mentioned plus an external PSU, available for $359. This tiered pricing structure provides flexibility for buyers based on their specific needs and desired configurations.

The latest version of the Topton N305 ITX motherboard now includes a metal, high quality fan-assisted heatsink. This new feature aims to enhance cooling efficiency for the system. It’s a significant update for those looking for improved thermal management in their ITX setups.

The N305 CPU, a central component of Topton’s latest NAS and DiY switch motherboard, showcases Intel’s innovative engineering through its Alder Lake-N architecture, catering specifically to efficiency and performance. With its Intel 7 lithography, the processor strikes a balance between power consumption and computational prowess, offering a TDP of 9-15W. This optimization allows for reduced energy usage while maintaining high performance, making it an ideal choice for NAS systems where efficiency is paramount.

Embedded within the motherboard, the N305 CPU supports advanced memory capabilities, including DDR5, ensuring broad compatibility and future-proofing for evolving storage technologies. The processor’s ability to handle up to 16GB of memory alongside its versatile support for various memory speeds up to 4800 MHz underlines its capacity to manage intensive data transactions and storage operations. This flexibility is crucial for NAS applications, which demand rapid access to and processing of voluminous data sets.

Furthermore, the integration of Intel UHD Graphics within the CPU provides substantial support for multimedia tasks, extending the motherboard’s utility beyond mere storage. This feature, coupled with the processor’s support for multiple displays and high-definition outputs, enables the N305 NAS Motherboard to serve as a central hub for not only storage but also media streaming and light graphical tasks. The inclusion of advanced technologies like Intel Quick Sync Video highlights the CPU’s adeptness at encoding and decoding video streams efficiently, thereby enhancing the functionality of NAS systems built with the N305 motherboard for a variety of applications.

The Topton N305 NAS Motherboard incorporates a single SO-DIMM slot for memory, strategically located on the motherboard’s rear, optimizing space and accessibility. This design choice underscores the board’s compact and efficient layout, catering to users seeking a balance between performance and form factor in their NAS solutions. However, it’s important to note that this system does not support ECC (Error-Correcting Code) memory. The absence of ECC support is typical for systems prioritizing cost-effectiveness and simplicity over the error correction capabilities critical in enterprise-level servers. Despite this, the motherboard’s memory compatibility, supporting up to 32GB of DDR5 RAM at speeds of 4800MHz (and compatibility with 5200/5600MHz), ensures robust performance for various NAS applications.

At the top section of the Mini-ITX NAS motherboard, there are two distinct SATA connection ports available for direct drive connections. Additionally, it features an SFF-8643 output. This output enables the connection of four more SATA drives. The connectivity expansion is facilitated through a compatible cable.

The motherboard utilizes a JMB585 controller for enhanced SATA drive management, bridging the gap between PCIe hosts and SATA/AHCI storage devices. This integration allows the board to support five SATA ports through the JMB585, enhancing its storage capabilities.

The controller also enables Port Multiplier support, significantly expanding potential storage configurations. This setup is particularly beneficial for users looking to maximize their storage options, offering a versatile solution for a variety of storage needs.

Example:

It supports command-based switching (CBS) and FIS (Frame Information Structure)-based switching (FBS). JMB585 also support TRIM to the SSD and can transmit and receive data by both of AHCI mode and legacy IDE mode to and from the host respectively.

Although this review is of the DC output version of the Topton N305 NAS board, there is also two 4-POWER (12V) connectors at the rear corner of the motherboard to supply additional power for bulk storage needs as required in some enclosures and backplanes.

This review focuses on the DC output variant of the Topton N305 NAS motherboard. Additionally, it features two 4-POWER (12V) connectors located at the rear corner. These connectors are designed to supply extra power for extensive storage needs. This capability is especially useful in certain enclosures and backplanes where additional power is necessary for bulk storage management.

The Topton N305 DC motherboard is supplied with an external power supply unit (PSU), specifically a 180W model produced by Chicony, a name that may not be familiar to all. No, me neither…

The fan-assisted CPU cooling system on the Topton N305 NAS motherboard receives commendation for its efficiency, producing minimal noise while maintaining a surprisingly low profile. This design choice enhances the overall user experience by ensuring effective thermal management without adding bulk or disruptive sound to the setup.

The N305 NAS motherboard facilitates M.2 NVMe storage through two 2280 slots. These slots are strategically located on the rear or base of the motherboard for easy access and efficient space utilization. This configuration allows for high-speed storage solutions to be incorporated seamlessly into the system, enhancing its performance capabilities.

The M.2 connectors on the N305 NAS motherboard are specified as PCIe Gen 3×1, providing a maximum bandwidth of 1000MB/s for each slot. While it may be seen as a drawback that 3×4 NVMe drives will operate in these 3×1 slots, limiting their maximum speed, this configuration remains noteworthy. Considering the motherboard’s compact scale and the overall allocation of 9 PCIe lanes, the inclusion of these connectors and their performance capability is still an impressive feat, balancing system expansion with available resources.

Our examination through SSH terminal within UnRAID has verified the configuration of the slots. It’s confirmed that they operate at the downgraded bandwidth of 3×1. This adjustment aligns with the system’s specifications and ensures compatibility within its infrastructure.

During our disk speed tests on the motherboard, a standard PCIe 3×4 NVMe drive was tested using a 1GB file. The results showed a sequential read/write speed of approximately 750-780MB/s. This performance is indicative of the operational bandwidth limits imposed by the 3×1 slot configuration on the motherboard.

In our tests transferring data between two M.2 NVMe drives with a 1GB file, the speeds achieved ranged from 320-330MB/s. This suggests that the two NVMe slots share a single lane or path on the motherboard. The shared pathway is likely the reason for these specific transfer speeds, indicating a bottleneck at the shared connection point.

Located at the front-bottom of the motherboard is a PCIe slot, specifically designed for further system enhancements and expansions. This slot opens up opportunities for additional upgrades, allowing users to customize their setups according to their specific needs. It represents a key feature for those looking to extend the motherboard’s capabilities beyond its initial configuration.

The PCIe slot on the motherboard operates with Gen 3×1 specifications, offering a maximum bandwidth of 1,000MB/s. Despite this limitation, it has been physically designed to accommodate longer cards, such as x4, x8, or x16. This thoughtful design ensures compatibility with a wider range of expansion cards, providing users with greater flexibility in upgrading their systems. It is something of a compromise between bandwidth capability and physical compatibility, enhancing the motherboard’s adaptability for various use cases. The limitations in PCIe speed and lane allocation on the motherboard stem from the CPU’s architecture, which provides 8-9 lanes. This constraint not only affects the N305 model but also has implications for the N100 version of the motherboard and CPU NAS combo. The lane count directly influences the number and types of devices that can be supported concurrently, impacting overall system expandability and performance. This highlights the importance of the CPU’s lane capacity in determining the motherboard’s capability for expansions and upgrades.

Located on the back of the motherboard is a MINIPCIe slot, primarily intended for adding a wireless network card. This slot, while versatile, is not suitable for a wide range of other expansions. Its inclusion provides an option for wireless connectivity, enhancing the board’s functionality without significantly diversifying its expansion capabilities. The MINIPCIe slot located at the rear of the motherboard is shared with the main PCIe 3×1 slot, meaning they cannot be used simultaneously. This configuration limits the ability to expand the system’s connectivity and upgrade capabilities at the same time. Users must choose between utilizing the MINIPCIe slot for wireless networking or the PCIe slot for other expansions, highlighting a trade-off in the motherboard’s design for flexibility versus functionality.

In an interesting move, likely catering to prosumer uses like pfsense and OpenWRT builds, the motherboard includes a 4G LTE/SIM card slot. This addition is somewhat unexpected but expands the board’s utility by enabling direct cellular network access. It suggests a broader vision for the motherboard’s applications, potentially appealing to users requiring remote or backup internet connectivity. Integrating the 4G LTE/SIM card slot for cellular network access into NAS systems like UnRAID may present challenges, as such operating systems might not support this type of cellular network interface. This limitation underscores the importance of verifying compatibility with the intended NAS OS to ensure full functionality of the onboard features. The presence of cellular connectivity options expands the potential use cases for the motherboard, although users must navigate the constraints of OS support.

The motherboard is equipped with four 2.5GbE network ports, each powered by an Intel i226-V controller. This setup significantly enhances the board’s networking capabilities, providing robust, high-speed connections suitable for demanding network environments. The inclusion of multiple 2.5GbE ports allows for flexible network configurations and supports advanced networking features, making it an ideal choice for users looking for high-performance networking options in their NAS setups. The integrated network card on the motherboard enables it to achieve a default network bandwidth of over 1GB per second. This high capacity can be distributed across multiple client devices or utilized fully by a single device through advanced networking techniques such as SMB3, load balancing, LAG, or trunking with a compatible smart switch.

This feature significantly enhances the motherboard’s network performance, catering to both distributed and concentrated network demands. Integrating a 10GbE NIC upgrade into the motherboard’s PCIe 3×1 slot could potentially elevate the network bandwidth to 2GB or 2000MB/s. This enhancement would leverage the available PCIe slot to significantly boost the networking capabilities of the system. Such an upgrade indicates a strong potential for achieving superior network performance, making the system well-suited for high-demand networking tasks. The performance ceiling for the two NVMe drives on the motherboard, even when configured in RAID 0/1, is around 1000MB/s. Meanwhile, connecting 5-6 SATA drives, depending on whether they are HDDs or SATA SSDs, can result in varying performance. With HDDs, expect around 600-800MB/s, and with SATA SSDs, performance can reach up to 1000-1100MB/s. This variation is due to the JMB585 SATA controller operating on a Gen 3 lane, influencing the overall throughput of connected storage devices.

The motherboard is designed with an abundance of USB ports, catering to various connectivity needs. Among these, two ports are uniquely positioned internally, providing a convenient option for connecting an OS boot drive directly on the motherboard. This feature enhances the flexibility and functionality of the system, allowing for streamlined setup and efficient use of space.

The motherboard features six USB 2.0 ports in total, with four positioned on the rear and two internally on the board, designed for versatile connectivity options, including the possibility of an OS boot drive connection. Additionally, it supports USB 3.2 connectivity through front panel and internal pins, expanding its compatibility with faster USB devices.

The motherboard is equipped with HDMI 2.0 and DisplayPort 1.4 outputs, supporting 4K resolution at 60FPS. This capability ensures high-quality video output for tasks requiring detailed visuals. Such features make the board suitable for applications beyond traditional computing tasks, including media playback and content creation that demands high-resolution displays.

We conducted a video analysis of the Topton N305 NAS Motherboard+CPU combo, exploring its BIOS features and conducting various tests using UnRAID. This in-depth examination aimed to understand the motherboard’s capabilities, performance, and how it handles in different scenarios, particularly focusing on its compatibility and performance with UnRAID as a potential NAS solution. This process provided valuable insights into its suitability for various computing tasks and its overall performance metrics.

The Topton N305 NAS Motherboard+CPU Combo – Should You Buy It?

As of 2024, the Topton N305 NAS motherboard stands out for its balance between power efficiency and functionality, especially at its price range. Its CPU, with a flexible TDP ranging from 9 to 15 watts, impressively manages to offer an 8-core, 8-thread configuration capable of reaching up to 3.8 GHz per core. This makes it an excellent choice for tasks like 4K transcoding on a Plex Media Server, with the potential to handle 8K content thanks to its integrated graphics hitting 1.25 GHz. Despite the limitation of having only 9 PCIe Gen 3 lanes, the design efficiently allocates these resources, supporting up to six SATA drives, two M.2 slots, and a PCIe expansion slot, all on a compact MITX board. While the N100 version presents a more cost-effective and slightly less powerful alternative, the modest increase in power consumption of the N305 variant justifies its higher performance capability, making it a superior choice for those needing a more potent setup. The N305’s design, which mirrors the physical and lane layout of the N100 while significantly enhancing performance, demonstrates an impressive achievement in maximizing the utility and efficiency of a small form factor motherboard.

Where to Buy (Amazon / Aliexpress)	ALIEXPRESS $279 HERE (Upgrades Available) Amazon $348 HERE (Board Only)
Component	Specification
Processor	Intel Alder Lake-N i3-N305
Memory	1x SO-DIMM DDR5 4800MHz, up to 16/32GB
Storage	2x M.2 NVMe 3×1 Slot, 2x SATA3
PCIe Slot	PCIe 3×1 (cut)
Graphics	Intel UHD Graphics
Display Outputs	2x HDMI, 1x DP, 1x Type-C (all 4096 x 2160@60Hz)
Network Card	4x Intel i226-V 2.5G
4G LTE/SIM	Yes
Wireless?	MICROPCIe Slot (Shared with PCIe 3×1 Slot)
USB Ports	5x USB2.0, 1x USB3 via FPanel and Pins
Cooling	Passive cooling with fanless heatsink
BIOS	AMI EFI BIOS with various supports
TDP	9-15W
Power Input	DC 12V (External PSU option)
Case Material	Aluminium Alloy
Expansion	PWM fan power connector, TPM Pin
Dimensions	158.0mm x 126.5mm x 60.2mm
Color	Black or Gray (random)
Installation	Desktop, Wall-mounted
Operating Environment	0°C to 70°C, 5%-85% Humidity

SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE

 

Plex Media Server Vs Synology Video Station on a NAS

One of the most popular reasons that users choose to buy a network-attached storage (NAS) device is for use as a media server. The appeal is pretty clear. With most users now owning decades of media (either in digital form or ripped from optical media at home), the ability to enjoy these box sets and Movies on the latest devices can be complicated. Despite this, streaming all of your multimedia from a NAS to all of your TVs, phones, tablets and other devices are growing increasingly popular and a lot of this is thanks to the increasing affordability of NAS from brands like Synology and QNAP and free software from companies like Plex and Emby. The most popular NAS for home media tends to be Synology, with its support of numerous media server applications and its own premium video service app too. This combined with the oversaturation of third-party online streaming services that ask you to pay a subscription (such as Netflix) with little control or right to ownership of the media you watch means that many users just want to enjoy their own unique media collections. So now that a lot of users are choosing to switch from the likes of Netflix and Prime Video towards an in-house media server, the next question is which piece of software they should choose.

The most popular private media server app right now worldwide to counter the likes of Netflix is Plex Media Server, software available in host and client form that allows you to transform your media collection into a glossy, slick and informative UI that genuinely rivals big online streaming platforms. Synology on the other hand would likely prefer users to stick with their own fully-featured media server application, Synology Video Station, which they have invested well in and developed to an impressive standard that easily rivals that of Plex. So today I want to compare these two media server choices and help you decide which one is the ideal media server choice for you.

Important – ‘Free’ Vs Paid Media Server Services on a NAS

Before going any further, it is worth addressing the elephant in the room, namely that a number of key media server services that are included with Plex Media Server are locked behind a paid subscription service known as Plex Pass. Whereas Synology Video Station is an application that is included with your NAS on Day 1 at no additional cost. All that said, neither service can technically be called free, as both still require you to purchase a Synology NAS. Additionally, it is still worth highlighting that some more recent Innovations in Plex online services and utilisation of hardware transcoding (the ability to use the CPU’s embedded graphics or an available graphics card to adapt files on the fly to make them better suited to a client) is not available on the free tier of Plex, but ARE available by default in the Synology Video Station application. You can still utilise software transcoding on Plex for free and this will deal with a large degree of transcoding requirements, but the fact that you have to pay extra within the Plex app to utilise the hardware already available on your NAS is something a number of users find difficult to accept. Throughout this article, any feature that is only available as a paid Plex Pass feature will be highlighted as such.

Plex VS Synology Video Station – Installation and First Time Setup

Installation of either the Synology Video Station or Plex Media Server application is near enough identical. Both are readily available in the Synology app centre and can be installed within two clicks. Both media server applications do not require your multimedia files to be stored in a pre-designated/directory location and the sources for TV shows, Movies and more can be scanned and indexed by each media server application after they are installed. In fact, the initial installation on both is incredibly straightforward and there is really only one main difference between them. That difference is that whereas the Synology Media application uses your original NAS login credentials, Plex will require you to set up an account with them online in order to use the software, even if you only intend to use your Plex Media Server on the local network/DLNA. As Plex is a third-party application, this is a little understandable if a tiny bit annoying for some. 

It is also worth highlighting that both media server applications will receive regular updates during their lifespan and this is treated slightly differently too. As Synology Video Station is a first-party app, as soon as an update is available, you will be notified immediately in the app centre and even have the opportunity to apply these firmware updates automatically. Plex updates on the other hand will almost always need to be installed manually, as the available default Plex application on the Synology app centre is updated considerably less frequently and as soon as you setup Plex for the first time, it will ALWAYS inform you that there is a new update available straight away. The Plex Media Server application itself will tell you when an update is available regularly at the top right and in the settings menu, but requires you to download the latest Plex server update to a connected computer and then you need to upload this update directly to the Synology NAS app centre manually. It is only a small inconvenience really, but does mean that regular updates on your media server of choice are handled more easily and with likely more frequency on Synology Video Station rather than Plex.

Plex VS Synology Video Station – GUI, Media Support and Browsing

The user interface of Synology Video Station and Plex Media Server are quite similar when viewed on a client device, such as a console, TV and Amazon Fire TV stick. With all of your available Movies and Boxsets clearly shown and the metadata collected by each media server application creating a great user interface for your connected users. 

However the back end/server view of each media server application is considerably different and where the Synology Video Station application is designed exclusively around video media options and configuration (as Synology have a wide range of applications for different Media types and general NAS server maintenance already available), Plex, on the other hand, is a far better equipped tool for a complete server, with the bulk of server maintenance and customisation options built into the single Plex GUI. If you are something of an IT novice, the wide range of options that Plex Media Server throws at you for system maintenance can be a touch intimidating and because Plex is designed around many different kinds of media support (something we will touch on later) it’s configuration needs to be noticeably broader than the video-centric options in the Synology official video application. These additional options, if you take the time to go through them, will definitely lead to a better media server user experience and a far better multimedia streaming system overall, it’s just a question of how bespoke and how elaborate you want your media server to be.

As mentioned, there is a clear difference in the multimedia types supported in Plex Media Server or Synology Video Station. In terms of handling of video Media, they are near enough identical with some exceptions with regard to specialist audio handling for certain dense Media. However, much like the back-end server control mentioned earlier, Synology Video Station only handles video media and relies on alternative applications such as Synology moments, photo station, Synology photos, audio station and download station to play and obtain other kinds of multimedia. Plex Media Server is a much more diverse multimedia tool with support of your photo collections (AI-assisted too), album collections, podcast streaming and several online video streaming services included. In both cases, it makes a lot of sense why they are designed this way, but some users may prefer their media server to be more of a Swiss army knife and others may want their video streaming, music streaming and photo streaming to be different services for different devices and clients. Neither Plex or Synology Video Station really gain any advantage here but simply show how they are different in their architecture. If you want simplicity in the user interface, go with Synology Video Station. If you want simplicity in your media server as a whole, go with Plex Media Server.

Plex VS Synology Video Station – Meta Data Scraping

The scraping of metadata in a media server is precisely what separates a bog-standard selection of files and folders on your screen from a slick graphical user interface that is engaging, informative and a joy to use. When we talk about metadata, we are talking about thumbnails, box art, media descriptions, cast listings, review scores, trailers and more. When we say scraping, that is the process of the software accessing numerous online databases to retrieve and store this information locally to the NAS. The result is your years of TV and movie collection being transformed into something near identical to Netflix and Amazon Prime video in presentation. Metadata ultimately benefits connected users and their client hardware devices, with both Plex and Video Station being very similar in how they look to a client device, albeit with a few branded differences in colour and config.

However, on the server-side, both Synology Video Station and Plex have gone a different way with metadata scraping at a setup level. Of the two, Synology Video Station is definitely the less option-heavy and although this is thanks in many ways to a lot of key options being found in the general server GUI outside of the app, it is still pretty thin on the ground for configuration of your video media server. This is not an enormous surprise given how Synology have generally erred towards keeping things as user-friendly as possible and this is often done by simplifying configurations and sitting numerous settings to system default. The options for scraping metadata on the Synology are surprisingly thin on the ground and some more advanced options require you to sign up to some resource database websites to obtain a two-way key. Despite this, Synology still manages to scrape a tremendous amount of metadata without this key and resource linking. Indeed, although the number of supported databases for metadata listed on the Synology Video Station app is few and far between, it was still able to find the same level of metadata found on the Plex Media Server application and displayed all of the test media perfectly. 

Plex Media Server has access to significantly more online databases and although the system will generally ask you to select which one individually you wish to scrape for metadata in each library, it does do it with a high degree of accuracy. It also manages to scrape this metadata for more than just your Movies and applies this also to your music collection and podcast collection too within the app. Metadata scraping via Plex Media Server also does not require any kind of log-in to these individual databases and is largely automated off the bat, with users being able to switch designated databases for each Media type and folder on the fly. Of course, this all doesn’t guarantee accuracy and will still always be based on the format and layout of your Media in many cases (tv shows listed as S01E01 for season 1, episode 1, etc), but nevertheless, it has to be said that with more available resources and less configuration required for each of them, that Plex Media Server has the broader and more likely to succeed position on metadata scraping.

Plex VS Synology Video Station – Playback and Transcoding

This is one of the most important parts of any media server in the grand scheme of things – multimedia playback and transcoding. This is typically the action of changing a media file into a version that is more acceptable to the client device that you are enjoying it on (TV, Phone, Console, etc). This extends to but is not limited to, changing the resolution, changing the bitrate, changing the file format and ultimately compressing a file into a smaller version in most cases. Because Plex and Synology Video Station are available on the same NAS system, it means that media variations with regard to codecs, compressions and file types will be equally supported at the default level. If a file can be played back in its original version on Plex, it can be played back on Synology Video Station. However, it is when these files need to be adapted with transcoding that we see clear distinctions between each of them. Transcoding is something that remote accessing client users will likely use without even realising it, as they might well be on a limited data connection (speed or coverage at the time) or using a smaller device (such as a phone) to playback a monster 4K 60FPS movie that is overkill on that hardware. So, transcoding is at its best when you do not notice it is being done OR it is adaptable in as many ways as possible to cover all your likely scenarios.

When the NAS needs to perform a transcode on a file on the fly (eg, so you need to convert a video file into a better-suited version for the client watching device upon request and without delay) it will typically do it with software transcoding or hardware transcoding. Software transcoding is when the system uses the raw resources of the CPU and memory inside the NAS to convert the file. Hardware transcoding is when the NAS system features a graphical component (such as embedded graphics featured on a CPU) or an available graphics card that is installed – as these are designed for handling video files and/or graphical manipulation tasks, and will therefore utilise considerably fewer resources. Plex Media Server only provides hardware transcoding in the paid subscription service Plex Pass and then needs to be enabled in the encoding section by selecting the option ‘make my CPU hurt’. Software transcoding is available for the free version of Plex Media Server but is far less efficient and will result in much higher-end Media in 4K and 1080p playback consuming the majority of hardware resources to transcode or will simply not play at all. 

Synology Video Station on the other hand, because it is a native first-party app, has full access to the hardware transcoding element of the NAS and therefore allows users to take advantage of it easily and immediately, and at no additional cost. This has been one of the driving forces behind the popularity of Synology Video Station application, as although the majority of NAS brands have their own video player, Synology is the only one that manages to merge the slick meta-data supported graphical user interface found in Plex but still manages to provide the free and unlimited limited access to the hardware resources you would expect after spending several $100s on a NAS. That said, the way that Synology handles the subject of transcoding in its user interface is a little peculiar, especially for users who are trying to balance the best possible playback vs the most appropriate transcoding level on the fly/manually. 

When you wish for the NAS system to transcode a file in the Video Station user interface, you are presented with the options for adjusting the picture quality to high, medium, low, very low, etc. This is exactly what one might expect from a brand that wants to consistently keep things as simple as possible, however, for those who want to select a specific quality level to playback the file or want a better idea of the best quality level in future should be for other files, this will be extraordinarily limiting. Plex Media Server on the other hand allows you to switch between an automatic transcode option that changes the file to the recommended quality level for the client and connection, or you can specifically switch one of numerous video quality levels that break down into both resolution and bitrate in several places. Overall, the ability for Video Station to be able to take advantage of hardware transcoding at no additional cost and with little or no intervention from the end-user is still ultimately the best thing here. I just wish they gave uses a better degree of control and choice as found in Plex Media Server.

Plex VS Synology Video Station – Client Support

Having a slick and well-performing media server is always good, but if you cannot watch the media inside it on the devices you regularly use, then it’s all a bit pointless. Most people are already well aware that the multimedia collections they have on a NAS can easily be streamed over the local area network via popular methods such as DLNA and UPnP (digital living network alliance and universal plug and play). However, they are much more file and folder, breadcrumb level streaming and in order to enjoy the pretty GUI of Plex and Synology Video Station, an official client app needs to be available on the respective app centre or made unofficially and manually installed. This is an area where Plex Media Server almost completely wins over Synology Video Station, as it simply cannot compete with the variety and accessibility of the Plex client availability in popular app centres. 

Full credit to Plex, they have really taken the time to make sure their platform is available on pretty much any modern device, in what multiple client or media server application forms. They also take the time after an official update of services and then push these updates across each available downloadable client. This is largely impossible for Synology to compete with and they instead opt for a much more targeted client support regime, supporting all modern mobile phone OS’, desktop operating systems and some of the major sofa accessible app centres on TVs and streamers like Amazon fire TV. In  8 out of 10 cases, your device will support both Plex and Synology Video Station, but this is by no means total and sometimes a hardware client (such as an off-brand Android phone, tablet or media box) that you hope to support Video Station will sadly not. 

It is once again worth mentioning that Synology separates different multimedia types towards their own individual client apps, for example, DS Audio or Audio Station for music and DS Photo for photography. Indeed, some of these apps are quite advanced with practically unique connectivity to the likes of Amazon Alexa (something currently impossible on any other NAS platform without a 3rd party application like ‘my-media’ Alexa skill. But this, unfortunately, does not make up for being truly overshadowed by the wider degree of support available on Plex across numerous clients and smart Home devices – though the latter does require a Plex Pass. For sheer volume of connectivity on the clients, Plex wins by an absolute landslide.

Plex VS Synology Video Station – Conclusion

Throughout this comparison of Plex Media Server and Synology Video Station, it has become abundantly clear that one tool is designed around being a Swiss army knife of features and functions, whilst the other performs a smaller but key range of services exceptionally well. Those who have been using Plex Media Server for a number of years are highly unlikely to make the jump to Synology Video Station, as it may feel less feature-rich and perhaps a tad bare-bones. However, those users who are new to the idea of private NAS based multimedia streaming would do very well to try out Synology Video Station first, as I genuinely believe when it comes to concentrating on video streaming services, it is genuinely one of the best platforms out there – albeit clearly restricted to just Synology NAS devices. Plex Media Server attempts to do many things in its pursuit of being the go-to media server of choice for those jumping ship from Netflix and succeeds in most cases, it is just worth remembering that in recent years the platform has perhaps tried to diversify a tad too much. 

PLEX MEDIA SERVER	Synology Video Station
Best for Mixed Media Best for Ease of Access on Client Hardware Best for Transcoding Control Best for Add On Services Best for Metadata Sources	Best for Price Best Performance for Transcoding Best for Ease of Use Best for Ease Setup Best for Updates & Firmware Revs

Thanks for reading and I hope this guide helps you choose the perfect multimedia server for streaming with your friends, family and colleagues. If you are still lost on the right NAS, multimedia software or ideal backup system for your needs, then take advantage of the free advice section below. This is a completely free and unbias service to help work out their ideal data storage solution for you. It is manned by my myself and EddieTheWebGuy, so although replies may take an extra day or so, we will answer your email and have your best interests in mind! Have a great week.

SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE

 

CWWK AMD 7840HS NAS Motherboard – Any Good?

If you have been in the market for building your own NAS from scratch on a budget, then if you push past all the Intel Celeron, Pentium and Core CPU+Mobo combos that are flooded in the market, you might well come across this recently revealed AMD powered monster of a CPU+Motherbaord combination – The CWWK AMD-7840HS board. Arriving under several retailer brand (including Topton), this board arrives with an 8 Core CPU that can burst up to 5.1 Ghz, 2.7Ghz int. Gfx, 4x 2.5GbE, a PCIe Gen 4×8 slot, USB 4, 2x Gen 4×2 M,.2 slots an d support for up to 9 SATA drives. I mean.. WOW. The TDP is a little higher than some might like, the ECC support is up for debate (more on that later) and the 20 Lane CPU is definitely being spread out pretty wide – but there is no denying that this is a serious bot of kit. So, what exactly do you get when you pay $499+ for this SoC Mobile CPU and Motherboard combo? What’s the design like? And should you be considering this for your next TrueNAS Build? Let’s take a closer look at the AMD-7840HS NAS board.

Here are a few examples of where you can get this board online: (Topton) 8-Bay / 9-Bay Board AMD-7940HS $489 (AliExpress) HERE (Topton) The AMD-7940HS CPU+Board + 1TB NVMe + 32GB DDR5 + SFF Cables + CPU HS $729 (AliExpress) HERE (KingNovy) Complete Board + AMD-7940HS $509 (AliExpress) HERE Learn more about other Recommended M-ITX CPU+Mobo Combos HERE in an article or HERE on YouTube

Note – Performance Testing and NAS Building are still ‘WiP’ on this board as I wait for the last few components to arrive for YouTube. I will update this article with additional information resources after testing is concluded

Specification	Detail
Architecture	Zen 4 (Phoenix)
Cores / Threads	8 / 16
Base / Boost Frequency	3.8 GHz / 5.1 GHz
TDP (Thermal Design Power)	35 W (Configurable 35-54 W)
Memory Support	DDR5, LPDDR5x up to 7500 MT/s; Dual-channel; ECC support (in specific configurations of CPU)
Integrated Graphics	Radeon 780M; Graphics engine boost clock: 2700MHz
PCI-Express	Gen 4, 20 Lanes (CPU only)
Cache (L1/L2/L3)	64 KB per core / 1 MB per core / 16 MB shared
Process Size	4 nm
Socket Compatibility	FP8
Production Status / Release Date	Active / January 2023
Part Numbers	100-000000955 (FP7r2), 100-000000964 (FP7), 100-000001129 (FP8)
Maximum Temperature (tJMax)	100°C
Features	AVX, AVX2, AVX-512, ECC Memory Support, AMD-V, Precision Boost 2

---

CWWK AMD 7840HS Mobo Physical Design

The CWWK 7840HS CPU+Motherboard combo represents a significant leap in compact computing, catering to a wide range of users from enthusiasts to professionals requiring high-performance systems in small form factors.

This combination of AMD’s Ryzen 7 7840HS processor and a feature-rich Mini-ITX motherboard offers an intriguing blend of power, efficiency, and expansion capabilities, making it an ideal choice for various applications, including gaming, content creation, and server use.

The motherboard itself is a lovely bit of engineering, designed with a matte black PCB and a high-density, moisture-free fiber 10-layer circuit board, ensuring both aesthetic appeal and durability. This design philosophy extends to the motherboard’s support for AMD’s “Zen 4” architecture Ryzen 5/7/9 series processors, providing users with the ability to choose a CPU that best fits their performance needs without compromising on form factor.

One of the standout features of this motherboard is its expansion capabilities, particularly notable given its 17×17 standard Mini-ITX form factor. It includes a PCI-E x16 slot (PCle4.0 x8 signal) for graphics or network card expansions, two M.2 NVMe (PCle4.0 x2) slots for high-speed storage, and SFF-8643 sockets that support up to four SATA 3.0 connections via cable.

This level of expandability is uncommon in Mini-ITX motherboards, offering users the flexibility to build a compact yet powerful system that can handle demanding applications and storage needs.

Memory support is another area where the 7840HS CPU+Motherboard combo shines. With dual-channel SO-DIMM DDR5 slots supporting up to 5600MHz (and backward compatibility for server-grade ECC notebook memory), it allows for high-speed, reliable memory configurations up to 64GB. This capability is crucial for application ons requiring fast data access and processing, such as video editing and 3D rendering.

HOWEVER, there is definitely a debate as to whether you can actually use ECC memory! CWWK lists 4 different CPU SKUs for this mobo and only 1 of them (the 7735HS) actually supports ECC. So, in order to investigate, I installed 1x 16GB Kingston ECC SODIMM 4800Mhz module and ran some SSH commands. Sadly, it appears that the default 7840HS version of this motherboard combo does NOT support ECC (SEE VIDEO ABOVE)

The combo’s connectivity options are equally impressive, featuring four Intel i226-V 2.5G RJ45 UDE network ports, HDMI+DP+Type-C triple display outputs supporting 4K@60Hz, and multiple USB 3.2 and Type-C interfaces. Such comprehensive connectivity ensures that users can connect a wide array of peripherals, displays, and network connections, making the system versatile for different setups and applications.

The CWWK 7840HS CPU+Motherboard combo is a great example of modern computing’s direction towards more efficient, powerful, and versatile systems within increasingly compact form factors. Whether for gaming, professional work, or server applications, this combo offers a compelling option for those seeking the pinnacle of performance and flexibility in a small package.

Its combination of a high-performance processor, expansive memory and storage options, and robust connectivity makes it a standout choice for enthusiasts and professionals alike.

The CWWK 7840HS CPU+Motherboard combo features ASMedia SATA controllers, specifically the ASM1166 and ASM1164 chips, which are central to its enhanced SATA connectivity. These chips enable the motherboard to efficiently manage SATA connections, ensuring stable and rapid data transfer rates for a range of storage devices.

The inclusion of two SFF-8643 connectors, influenced by these ASMedia components, significantly boosts the motherboard’s storage expansion capabilities. These connectors allow for up to eight SATA devices to be connected through breakout cables, optimizing storage scalability within a compact form factor. However, it’s important to highlight that these connectors do not support NVMe drives, focusing instead on maximizing SATA device compatibility.

This motherboard also boasts a single standard SATA port, complementing the SFF-8643 connectors to offer comprehensive support for SATA-based storage configurations. The strategic integration of ASMedia SATA controllers underscores a commitment to providing versatile and reliable storage solutions, tailored for users prioritizing a balance of speed, capacity, and efficiency in their builds.

The AMD Ryzen 7 7840HS is a notable entry in AMD’s mobile processor lineup, launched in January 2023. Part of the Ryzen 7 series and built on the advanced Zen 4 (Phoenix) architecture, this chip is designed to deliver high performance for laptops and portable devices. With 8 cores and 16 threads thanks to AMD’s Simultaneous Multithreading (SMT), the 7840HS offers substantial multitasking capabilities. Operating at a base frequency of 3.8 GHz with the ability to boost up to 5.1 GHz, it combines speed with efficiency, all within a 35W thermal design power (TDP). This processor also supports DDR5 memory and has integrated Radeon 780M graphics, making it well-suited for both productivity tasks and gaming.

Physically, the Ryzen 7 7840HS is manufactured using TSMC’s 4 nm process technology, which houses 25,000 million transistors on a 178 mm² die. This compact yet powerful CPU is designed for AMD’s Socket FP8, underscoring its mobile-oriented design with a configurable TDP range of 35-54W. It supports a wide range of features, including ECC memory for data integrity and PCI-Express Gen 4 for high-speed component communication.  The Ryzen 7 7840HS stands out with its inclusion of the latest Ryzen AI technology, aimed at enhancing generative AI applications, and its leading-edge Radeon 780M integrated graphics. This combination not only boosts traditional computing tasks but also opens up new possibilities in AI and gaming. The processor’s architecture enables significant improvements in instructions per cycle (IPC), benefiting from larger caches and faster memory support up to LPDDR5x-7500. Its performance is competitive with top-tier processors in its category, reflecting AMD’s commitment to delivering powerful computing solutions.

The discussion around ECC (Error-Correcting Code) memory support on the CWWK 7840HS CPU+Motherboard combo reveals a nuanced landscape of compatibility and performance considerations. While the motherboard touts support for “server-grade ECC” memory, indicating an ability to correct data corruption on-the-fly and enhance system reliability, the reality of ECC support is more complex. It requires alignment across the CPU, motherboard, and the memory itself. The AMD Ryzen 7 7840HS processor, integral to this combo, along with other CPUs offered by CWWK, presents a mixed picture regarding ECC compatibility. Despite AMD’s general support for ECC across many of its CPUs, the specific models available with this motherboard, including the 7840HS, do not officially support ECC, highlighting a disconnect between processor capabilities and motherboard features. This discrepancy underscores the importance of thorough compatibility checks for users who prioritize ECC for its error-correcting capabilities, especially in environments where data integrity is paramount.4

The situation is further complicated by the motherboard’s design and the marketing of DDR5 memory with “on-die ECC,” which does not equate to traditional ECC memory’s error-correcting functionality. This type of ECC, often referred to as a marketing gimmick, fails to provide the same level of error correction and data integrity assurance as server-grade ECC memory. As enthusiasts and professionals debate the motherboard’s ECC support, it becomes evident that while the hardware may technically support ECC, the practical benefits and implementation may fall short without the full cooperation of the CPU and explicit support from the motherboard’s firmware. This scenario leaves users in a precarious position, needing to navigate between marketing claims and technical specifications to determine the true extent of ECC support and its relevance to their specific use cases.

Given the technical details and specifications of the CWWK 7840HS CPU+Motherboard combo, we can infer some positive and negative points about this hardware combination despite the inability to access the specific Reddit page for user insights.

===== Further Testing – COMING SOON =====

Check our YouTube channel for further videos on the AMD-7840HS NAS Motherboard for testing first (such as the video below):

---

CWWK AMD 7840HS NAS Motherboard Review Conclusion – Pros and Cons

Spec Highlights – 4x AMD MobileRyzen Options, SODIMM DDR5 Slots×2, ECC Supported, 2×M.2 2280 4×2 SSD Slots, PCIe 4×8 connector ×1 (x16 Physical), SFF-8643 x2 Connectors for SATA III, 4x 2.5GbE, USB 4 (20Gbs Limits) , Internal USB 2.0  – $489 on AliExpress and Check on Amazon

The combination of the AMD “Zen 4” architecture Ryzen 5/7/9 series processors with a very unique motherboard offers a high-performance platform that is particularly suitable for building a low scale, but HIGH POWER Network Attached Storage (NAS) server. The Mini-ITX form factor of the motherboard, compatible with 1700 series CPU coolers, ensures that it can fit into compact NAS cases while providing adequate cooling for the powerful processors housed within. In the realm of NAS servers, storage options and connectivity are key. The motherboard’s two M.2 NVMe (PCIe 4.0 x2) slots are ideal for high-speed storage drives that can handle intense read and write operations typical in a NAS environment. The inclusion of 2 * SFF-8643 sockets, which support up to four connections each and a total of 9 SATA 3.0, is an advanced feature that provides flexibility and scalability for storage expansion. This is particularly beneficial for NAS setups where large storage pools and redundancy (such as RAID configurations) are important. Network connectivity is another critical aspect of NAS servers, and this motherboard delivers with its 4 * Intel i226-V 2.5G RJ45 UDE network ports, allowing for high-speed data transfer and network redundancy or link aggregation if required. However, the lack of 10GbE port might limit the network throughput if higher speeds are needed, in which case the PCIe Gen 5×16 slot could be employed for an additional network interface card, although this might be considered an inefficient use of this high-bandwidth expansion slot. Lastly, the wide array of USB ports, including USB3.2 Gen2 Type-C with a 20Gbps rate and additional USB3.2 and USB2.0 ports, adds to the versatility of this motherboard. The built-in set of USB3.2 pin sockets also allow for further expansion and connectivity options, essential for a NAS that may need to accommodate a variety of peripherals or provide additional data transfer interfaces.

PROS High-Performance CPU: The AMD Ryzen 7 7840HS processor, with 8 cores and 16 threads capable of reaching up to 5.1GHz, offers excellent performance for demanding applications and multitasking. This makes the combo suitable for high-end gaming, content creation, and computational tasks. Comprehensive Connectivity and Expansion: The motherboard’s design, featuring a PCI-E x16 slot (physically, in reality it is x8 operational), dual M.2 NVMe slots, multiple SATA3.0 connections, and 2.5G RJ45 network ports, provides a wide range of connectivity options. This allows for extensive storage solutions, high-speed internet connectivity, and the possibility of graphics or network card expansions, making it versatile for various use cases. Advanced Memory Support: With dual-channel SO-DIMM DDR5 slots supporting up to 5600MHz and server-grade ECC notebook memory (still being investigated about it’s compatibility in Mobo vs CPU in the 7840HS), the combo offers cutting-edge memory technology with high-speed and reliable memory options, beneficial for workstations and servers requiring error correction for stability. Efficient Power Consumption: The TDP rating of 35-54W for the CPU indicates efficient power usage, which is crucial for keeping the system cool and reducing energy costs, particularly in environments where the system might be running continuously, such as servers or media centers. Compact and Durable Design: The Mini-ITX form factor is ideal for users looking to build small, space-efficient systems without compromising on performance. Additionally, the high-quality, moisture-free fiber circuit board with full protection enhances the durability and longevity of the motherboard.

CONS Power Supply Requirements: The recommendation to use a power supply of more than 500W with 9 disks may necessitate a higher initial investment for users aiming to fully utilize the motherboard’s storage capabilities, especially in compact builds where space and cooling for large power supplies can be a concern. Complexity for Beginners: The wealth of features and expansion options, while beneficial for experienced users, may overwhelm beginners. The technical nature of managing multiple storage devices, optimizing memory configurations, and ensuring compatibility with various components requires a certain level of expertise. Limited PCI-E Bandwidth: The single PCI-E x16 slot operating at x8 signal might limit the performance of high-end graphics cards or other PCI-E devices. This could be a bottleneck for users aiming to achieve maximum graphical performance or looking to install multiple high-bandwidth PCI-E cards. Cost: Given the high-end specifications and features, the CWWK 7840HS combo is likely to carry a premium price tag. This cost might be prohibitive for budget-conscious builders or those who do not require the advanced features offered by this combo. Cooling Considerations: The compact Mini-ITX form factor, while advantageous for space-saving, may present challenges in terms of cooling, especially when housing high-performance components like the Ryzen 7840HS. Users will need to carefully consider cooling solutions to maintain optimal temperatures and prevent thermal throttling.

 

Here are a few examples of where you can get this board online: (Topton) 8-Bay / 9-Bay Board AMD-7940HS $489 (AliExpress) HERE (Topton) The AMD-7940HS CPU+Board + 1TB NVMe + 32GB DDR5 + SFF Cables + CPU HS $729 (AliExpress) HERE (KingNovy) Complete Board + AMD-7940HS $509 (AliExpress) HERE Learn more about other Recommended M-ITX CPU+Mobo Combos HERE in an article or HERE on YouTube

SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE

 

CPU and Motherboard Bundles to Build a DiY NAS (UPDATED)

It’s fair to say that the DIY NAS construction journey has seen remarkable simplification over the past ten years. With a variety of custom cases hitting the market, designed to help you create a streamlined personal cloud, and the advent of bundled compact ITX motherboards that streamline the assembly, crafting your own NAS is more accessible than ever. Nonetheless, it’s not entirely plug-and-play; while assembling the hardware has become more straightforward, selecting compatible components remains a technical challenge, often mired in jargon. For those looking to build a NAS tailored to specific needs, whether it’s high performance, media hosting with Plex, business applications, or personal use, I have a few CPU and motherboard pairings to suggest. These combinations are chosen with different user priorities in mind, ensuring that your build-your-own NAS project aligns with your intended use.

In a rush? Let’s Cut to the chase!

If you’re in a rush and simply want to know about the best CPU and motherboard combo to build your best DIY NAS system, below, you can find direct links to each of these bundles that can be purchased predominantly on AliExpress, but some of these options are also available on retailers such as Amazon and Newegg. If you were going to shop at these retailers anyway, why not use the links below as it will ensure that we act as comparers could earn a small fee from these shops. It allows us to keep doing what we do.

 

Here are ALL the Motherboard+CPU Combos that we cover in this article: (The Best) i3-N305 M-ITX BoardCheck AliExpress ($289-349 with Memory) HERE and Amazon HERE (x4 m.2 @ Gen 4×4) The Minisforum AR900i CPU + M-ITX Motherboard Combo ($399) Amazon HERE (Best for PLEX) Erying 13th Gen i9 Combo 14C / 20T $459  HERE (Gen 5 M-ITX) MINISFORUM BD770i ITX Motherboard $489 (AliExpress) HERE and $399 (Amazon) HERE (Plex Alternative #1) Erying 12th Gen I9 Combo 14C / 20T $389 HERE (ECC M-ITX Combo) CWWK 8-Bay / 9-Bay Board AMD-7735HS/7840HS/8845HS/7940HS $489 (AliExpress) HERE (Plex Alternative #2) Erying 11th Gen i7 8C / 16T = $262  HERE (Best Storage) X99 Motherboard + 32GB RAM = $158 HERE or E5-2680 V.4 CPU + 32GB RAM = $176  HERE (Best Value) Intel N6005 + Motherboard = $229 HERE (Best Value EXTRA) Intel N6005 + Motherboard + 8GB RAM + 128GB SSD = $275 HERE AMAZON – Intel N6005 + Motherboard = $169 HERE

---

ECC CPU+Motherboard M-ITX Combo – The CWWK 8-Bay / 9-Bay Board AMD-7735HS/7840HS/8845HS/7940HS

Spec Highlights – 4x AMD MobileRyzen Options, SODIMM DDR5 Slots×2, ECC Supported, 2×M.2 2280 4×2 SSD Slots, PCIe 4×8 connector ×1 (x16 Physical), SFF-8643 x2 Connectors for SATA III, 4x 2.5GbE, USB 4 (20Gbs Limits) , Internal USB 2.0  –

CWWK = $488 on AliExpress , TOPTON = $489 on AliExpress and Check on Amazon

The combination of the AMD “Zen 4” architecture Ryzen 5/7/9 series processors with the Minisforum motherboard offers a high-performance platform that is particularly suitable for building a Network Attached Storage (NAS) server. The Mini-ITX form factor of the motherboard, compatible with 1700 series CPU coolers, ensures that it can fit into compact NAS cases while providing adequate cooling for the powerful processors housed within. In the realm of NAS servers, storage options and connectivity are key. The motherboard’s two M.2 NVMe (PCIe 4.0 x2) slots are ideal for high-speed storage drives that can handle intense read and write operations typical in a NAS environment. The inclusion of 2 * SFF-8643 sockets, which support up to four connections each and a total of 9 SATA 3.0, is an advanced feature that provides flexibility and scalability for storage expansion. This is particularly beneficial for NAS setups where large storage pools and redundancy (such as RAID configurations) are important.

Network connectivity is another critical aspect of NAS servers, and this motherboard delivers with its 4 * Intel i226-V 2.5G RJ45 UDE network ports, allowing for high-speed data transfer and network redundancy or link aggregation if required. However, the lack of 10GbE port might limit the network throughput if higher speeds are needed, in which case the PCIe Gen 5×16 slot could be employed for an additional network interface card, although this might be considered an inefficient use of this high-bandwidth expansion slot. Lastly, the wide array of USB ports, including USB3.2 Gen2 Type-C with a 20Gbps rate and additional USB3.2 and USB2.0 ports, adds to the versatility of this motherboard. The built-in set of USB3.2 pin sockets also allow for further expansion and connectivity options, essential for a NAS that may need to accommodate a variety of peripherals or provide additional data transfer interfaces.

Feature Category	Specifications
Processor Support	Equipped with AMD “Zen 4” architecture Ryzen 5/7/9 series high-performance processors
Form Factor	17×17 standard Mini-ITX form factor compatible with 1700 series CPU coolers
Expansion Slots	1 PCI-E x16 slot PCIe 4.0 x8 signal supports expansion of graphics card/network card, etc.
Storage	2 * M.2 NVMe (PCIe 4.0 x2) slots 2280 size
SATA Support	2 * SFF-8643 sockets support one to four via cable and support 9 SATA 3.0
Memory	Dual-channel SO-DIMM DDR5 slot supports 5600MHz backward compatibility by default<br>Dual-channel SO-DIMM DDR5 slot supports server-grade ECC notebook strip
Networking	4 * Intel i226-V 2.5G RJ45 UDE network ports support AllinOne and other applications
Video Output	HDMI+DP+Type-C triple display output supports 4K@60Hz
USB Ports	3 * USB3.2+1 Type-C (USB4) interface 20Gbps rate<br>Built-in set of USB3.2 pin sockets can be connected to the panel through connecting cables<br>Built-in two USB2.0 sockets support U disk encryption and other applications and partial system boot

Given these specifications, the Minisforum motherboard with an AMD Ryzen processor is well-equipped for a NAS server build, offering a balance of processing power, high-speed storage capabilities, and robust connectivity options.

Where to Buy the CWWK 8-Bay / 9-Bay Board AMD-7735HS/7840HS/8845HS/7940HS Motherboard Combo: Check AliExpress ($489 with Memory) HERE Check Amazon HERE

---

Best Gen 5 CPU+Motherboard Combo – MINISFORUM BD770i ITX Motherboard

Spec Highlights – BD770i-AMD Ryzen 7 7745HX, 8 Cores/16 Threads (5.1 GHz) OR BD790i-AMD Ryzen 9 7945HX, 16 Cores/32 Threads (up to 5.4 GHz), SODIMM DDR5 Slots×2 Max 64GB, 2×M.2 2280 PCIe5.0 SSD Slots, PCIe 5.0 X16 connector, 1x 2.5GbE and Lack of SATA! – $489 on AliExpress and $399 on Amazon

The Minisforum BD770i and BD790i motherboard and CPU combo represents a cutting-edge solution for enthusiasts and professionals seeking powerful performance in a small footprint. With the BD770i featuring the AMD Ryzen 7 7745HX and the BD790i equipped with the AMD Ryzen 9 7945HX, these systems offer unparalleled processing power that caters to a wide range of demanding tasks, from advanced computational workloads to intensive multitasking scenarios. The AMD Radeon 610M GPU, integrated into both models, while not designed for high-end gaming, capably supports everyday graphics needs, including casual gaming, video streaming, and content creation, making this combo a versatile choice for various computing needs.

The inclusion of PCIe 5.0 support stands out as a significant advantage, offering double the bandwidth of its predecessor, PCIe 4.0. This enhancement ensures that users can take advantage of the fastest available SSDs and expansion cards, dramatically reducing load times and facilitating quicker data access. This forward-thinking feature ensures that the system is prepared to handle future technological advancements, making it a wise investment for tech enthusiasts looking to stay ahead of the curve. However, it’s important to note the absence of traditional SATA ports, which means users with SATA drives will need to consider alternatives such as SATA M.2 adapters or adding a PCIe card to accommodate these devices. This requirement might necessitate additional planning and investment for those who wish to integrate existing storage solutions into their new setup.

Specification	BD770i	BD790i
Processor	AMD Ryzen 7 7745HX, 8 Cores/16 Threads<br>(32M Cache, up to 5.1 GHz)	AMD Ryzen 9 7945HX, 16 Cores/32 Threads<br>(64M Cache, up to 5.4 GHz)
GPU	AMD Radeon 610M	AMD Radeon 610M
Memory	DDR5 Dual channel<br>(SODIMM Slots×2, up to 5200 MT/s, Max 64GB)	DDR5 Dual channel<br>(SODIMM Slots×2, up to 5200 MT/s, Max 64GB)
Storage	2×M.2 2280 PCIe5.0 SSD Slots	2×M.2 2280 PCIe5.0 SSD Slots
Expansion Slot	PCIe 5.0 X16 connector ×1	PCIe 5.0 X16 connector ×1
Wireless Connectivity	M.2 2230 Key E Slot	M.2 2230 Key E Slot
Video Output	HDMI2.0 ×1<br>DisplayPort1.4 ×1<br>USB-C ×1	HDMI2.0 ×1<br>DisplayPort1.4 ×1<br>USB-C ×1
Audio Output	HDMI2.0 ×1<br>DisplayPort1.4 ×1<br>USB-C ×1<br>Line Out ×1	HDMI2.0 ×1<br>DisplayPort1.4 ×1<br>USB-C ×1<br>Line Out ×1
Ethernet	RJ45 2.5G Ethernet Port×1	RJ45 2.5G Ethernet Port×1
USB Ports	USB3.2 Gen2 Type-C Port ×1 (Alt DP)<br>USB3.2 Gen1 Type-A Port ×2<br>USB2.0 Type-A Port ×2	USB3.2 Gen2 Type-C Port ×1 (Alt DP)<br>USB3.2 Gen1 Type-A Port ×2<br>USB2.0 Type-A Port ×2
I/O Ports	4-pin CPU Fan header ×1<br>4-pin System Fan header ×2<br>4-pin SSD Fan header ×1<br>USB 3.2 Gen 1 header ×1<br>Front Panel Audio header ×1<br>System Panel header ×1	4-pin CPU Fan header ×1<br>4-pin System Fan header ×2<br>4-pin SSD Fan header ×1<br>USB 3.2 Gen 1 header ×1<br>Front Panel Audio header ×1<br>System Panel header ×1
Form Factor	Mini-ITX Form Factor (170x170x1.6mm)	Mini-ITX Form Factor (170x170x1.6mm)

A notable constraint in this powerful combo is the provision of a single RJ45 2.5G Ethernet port. While this port offers a solid network connection suitable for most applications, users with specialized networking needs or those looking to expand their network connectivity may find this limitation challenging. The necessity to potentially use the high-speed PCIe 5.0 slot for a network interface card upgrade, just to augment networking capabilities, could be seen as an inefficient use of this high-bandwidth resource. This situation highlights a trade-off between the advanced PCIe support and the flexibility in networking expansion, prompting users to carefully consider their priorities when planning their system configuration.

Despite these considerations, the overall package offered by the Minisforum BD770i and BD790i is compelling. The combination of cutting-edge CPU performance, robust PCIe 5.0 support, and a variety of connectivity options, including USB 3.2 ports and multiple video outputs, provides a solid foundation for a high-performance, compact computing solution. #

Furthermore, the support for up to 64GB of DDR5 memory and the inclusion of two M.2 2280 PCIe 5.0 SSD slots offer ample room for memory and storage expansion, enhancing the system’s capability to handle future needs. This blend of high-end features, coupled with the Mini-ITX form factor’s space efficiency, makes the BD770i and BD790i an attractive option for users seeking a powerful, yet manageable, computing platform.

 

Where to Buy the MINISFORUM BD770i ITX Motherboard Combo: Check AliExpress ($489 with Memory) HERE Check Amazon ($399) HERE

 

---

Best CPU+ Motherboard for a Premium Feature but Low Power Consumption NAS – The i3-N305 M-ITX Board

Spec Highlights – i3-N305, 4x Intel i226-V 2.5G Nics, 2x M.2 NVMe. 6x SATA, 1*DDR5 SODIMM, HDMI2.0 + DP – $289 on AliExpress

Currently, the “build your own” favorite across many forums, the new Intel N305 processor, an 8-core, eight-thread i3 processor, comes pre-installed on a Mini-ITX board. It not only provides a remarkably low 7-watt TDP when needed but also offers significant scalability in terms of both clock speed and power efficiency. The $289 N305 version of the CPU and Motherboard combo presents a practical and economical choice for commercial use (making it the perfect upgrade/alternative to the Topton N6005 / N5105 that was so popular last year for first time NAS DiY’ers). It is equipped with the Intel® Core i3-N305 Processor, which is a part of the Alder Lake-N series. This processor boasts eight cores and eight threads, with a max turbo frequency of 3.80 GHz, offering ample computing power for everyday tasks and certain commercial applications. The processor is fabricated using Intel 7 lithography technology, which is indicative of its advanced and efficient design.

Memory support on this combination is versatile, with the motherboard supporting a SO-DIMM DDR5 memory slot, compatible with frequencies of 4800/5200/5600MHz. Although the processor supports a maximum memory size of 16 GB, which is a consideration to keep in mind, the motherboard can handle up to 32 GB, potentially allowing for future upgrades if the board’s capacity is indeed supported by later CPU models or firmware updates.

The integrated graphics, Intel® UHD Graphics with 32 Execution Units, can dynamically operate at up to 1.25 GHz and support 4K content at 60Hz, making it suitable for high-definition displays and basic graphical tasks. Here’s the specification of the $289 N305 version of the CPU+Motherboard combo:

Specification	Detail
Model Number	NAS-N100-N305
Processor Brand	Intel
Processor Models	Intel® Alder Lake-N i3-N305 (up to 3.8 GHz)
Type	MINI PC / PC Stick
Origin	Mainland China
Brand Name	YSJMNPC
Use	Commercial
Memory	– Support notebook DDR5 technology
	– 1 SO-DIMM DDR5 slot
	– Compatible with 4800/5200/5600MHz
	– Max capacity: 32GB
Storage	– 6 x SATA3.0 6Gb/s interface
	– 2 x M.2 NVMe 2280
Graphics Card	Integrated Card (depending on processor model)
Network Card	4 x Intel i226-V 2.5G RJ45 network port
I/O Panel	– 2 x USB 2.0
	– 1 x USB 3.0
	– 1 x Type-C (2.0 rate)
	– 1 x HDMI
	– 1 x DP
	– 4 x RJ45 2.5G network port
	– 1 x AUDIO 3.5mm interface
Motherboard Features	– Matte black PCB
	– Moisture-free fiber 8-layer circuit
	– Full protection (USB, audio, network)
TDP	9-15W
Structure	MINI-ITX (17.0cm x 17.0cm)
Capacitor Design	All solid capacitor
Expansion Slots	1 PCIe x1 (shared with 2nd M.2)
Onboard Interface	– F_PANEL pin
	– TPM pin (compatible with ASUS TPM module)
	– USB2.0 pin
	– CPU_FAN 4-pin (temperature control)
	– SYS_FAN 4-pin (temperature control)
	– 24+4 ATX power interface
Cooling	– Compatible with 115X radiators
	– Silent temperature-controlled radiator
	– Support for two high-performance radiators

In terms of connectivity, the combo is well-equipped with a variety of interfaces, including multiple USB ports with different standards, HDMI 2.1, and DisplayPort 1.4 for video output, and an Intel i226-V 2.5G RJ45 network port for fast wired internet connections.

The inclusion of PCIe lanes and M.2 slots provides additional expansion capabilities, allowing for further customization and the addition of peripherals or storage solutions. The motherboard’s MINI-ITX form factor makes it a compact solution that can fit into small cases, suitable for workspaces with limited room. EASILY the easiest choice of all the NAS Mobo+CPU options on this list, as one of the newest, lowest in price – yet impressively powerful, despite its lower TDP.

Where to Buy the i3-N305 CPU + M-ITX Motherboard Combo: Check AliExpress ($289-349 with Memory) HERE Check Amazon HERE

---

Best CPU+ Motherboard+ Memory Combo for a Business File Server – The X99 Motherboard Kit (ITX)

Spec Highlights – Business X99 Motherboard Combo ITX LGA2011, C612 for NAS Router+File Server, 6×2.5GbE I226, 10xSATA, 1x M.2 (OS), 14Core / 28 Thread Intel Xeon E5-V3 V4- $176 on AliExpress

This combination is ideal for business users needing power and scalability. The X99 motherboard with an older Xeon CPU balances performance, connectivity, and storage expansion. It supports 10 SATA drives and a M.2 NVMe slot, alongside 15 gigabits of network bandwidth across six 2.5G Ethernet ports. The NAS CPU+Memory combo anchored by the Intel Xeon E5-2680 v4 is a robust solution for a NAS file server. The CPU’s 14 cores and 28 threads are engineered for multitasking and can efficiently manage the demands of multiple simultaneous data transactions, which is a common requirement in NAS setups. The motherboard’s ten SATA ports and an M.2 NVMe slot offer versatile and ample storage options, facilitating both high-capacity and high-speed data storage solutions. This combination of CPU power and storage flexibility makes it an excellent choice for a NAS system.

owever, the Intel Xeon E5-2680 v4 processor’s launch date in Q1’16 might give pause to some users considering the latest advancements in processor technology. While newer CPUs may offer improved power efficiency and the benefit of ongoing support from Intel, the E5-2680 v4 still holds its ground as a reliable workhorse. Its architecture, although not the newest, delivers steadfast performance which, alongside its competitive pricing, presents an exceptional value proposition for budget-conscious setups or where cutting-edge efficiency is not the primary concern.

Specification	Details
Processor	Intel Xeon E5-2680 v4, 14 cores, up to 3.30 GHz Turbo
Chipset	Intel C612
Memory Support	2x DDR4 DIMM slots, up to 64 GB, supports ECC
Storage Options	1x M.2 NVMe, 10x SATA Ports
Expansion	1x PCIe 3.0 x16
Network	6x Intel i226 2.5 Gigabit Ethernet
Power Supply	ATX 24 Pin + 8 Pin
Video Output	VGA
RAID Support	RAID 0/1/5/10
Form Factor	Mini-ITX, CEB
Socket Type	LGA 2011-3
Launch Date	2013
LAN Speed	Up to 2500Mbps
Audio	2.1 Channels

In essence, for organizations or users seeking a cost-effective yet powerful NAS solution, this CPU and motherboard combo remains compelling. The Intel Xeon E5-2680 v4, despite its age, is a testament to enduring performance in server environments. Users leveraging this processor for a NAS will find it to be a cost-effective solution that capably handles storage demands, making it an excellent value for its price point. To explore more about this processor’s capabilities and see how it might fit into your NAS plans, you can visit the Intel specifications page.

Where to Buy the X99 ITX Motherboard Combo in 3 Configs Here: Check AliExpress: X99 Motherboard +  E5-2680 V.4 CPU = $129  HERE X99 Motherboard + 32GB RAM = $158 HERE X99 Motherboard +  E5-2680 V.4 CPU + 32GB RAM = $176  HERE

---

---

Best CPU+ Motherboard for High Speed M.2 NVMe Slots + PLEX – The Erying 13900HK CPU+Mobo Combo

Spec Highlights – ERYING DIY ITX Desktop Motherboard Set with Onboard 14 Core / 20 Thread CPU i9-13900HK, 3x M.2 NVMe (Gen 4 and Gen 3), PCIe 4×8 Slot, 2.5G+1G Port, USB-C, DDR5 Memory $419 on AliExpress

Designed for NAS builders focusing on media servers or intensive computing tasks. The Erying i9 combo, equipped with a 13th Gen Intel Core processor and a Mini-ITX motherboard, features three M.2 NVMe slots and is optimized for graphic-intensive operations. It’s ideal for Plex servers and virtualization.

The Intel Core i9-13900HK processor bundled with this motherboard is a top-tier choice for a NAS setup, especially for a Plex Media Server. Its high-speed multi-core performance, reaching up to 5.40 GHz with Intel’s Turbo Boost Technology, is ideal for on-the-fly transcoding, ensuring seamless media streaming across devices. This is particularly beneficial for users who require their NAS to handle high-resolution video transcoding, a task that the i9-13900HK can manage with ease due to its robust processing capabilities and advanced integrated graphics.

The motherboard’s triple M.2 NVMe slots are a game-changer for NAS configurations, offering not just ample storage potential but also blistering data access speeds. NVMe technology excels in high-demand scenarios, such as multiple simultaneous accesses to the NAS, which is common in VM / Container environments. Users can leverage these slots to set up a RAID configuration, allowing for either performance enhancement through striping or data redundancy for added security.

 

Moreover, the Intel Core i9-13900HK comes with Intel’s UHD Graphics, which supports 4K resolution at 60Hz over HDMI and DisplayPort outputs. This graphical prowess, in combination with the processor’s ability to support fast memory, adds to the NAS’s capability as a potent media server that can handle 4K content playback and transcoding without breaking a sweat.

Specification	Detail
Processor	13th Gen Intel Core i9-13900HK, up to 5.40 GHz
Graphics	Integrated Intel Iris Xe Graphics
Memory Support	DDR5, 2 slots, up to 96GB
Storage Options	3x M.2 slots (NVMe), 2x SATA 3 Ports
Expansion Slots	1x PCIe 4.0 x4, 1x PCIe 4.0 x8
Network	2x Onboard RJ45, WiFi
Audio	5.1 Channels
Back I/O Ports	2x USB 3.2/3.1 Gen 1, DisplayPort, 4x USB 2.0, HDMI 2.0, 3x Audio Jacks
USB Support	USB 2.0, USB 3.0
RAID Support	No
Form Factor	Mini-ITX
Chipset	Intel Others
Socket Type	Onboard CPU
Brand Name	ERYING
Origin	Mainland China
Certifications	RoHS, FCC, CE

Finally, while this CPU+Motherboard combo is positioned as an advanced solution for NAS setups, its high-end specifications suggest that it is overqualified for just storage purposes. The presence of the latest connectivity options, robust I/O support, and high-bandwidth LAN ports make it well-suited for a variety of other intensive applications, including gaming, content creation, and design. This versatility ensures that the investment in such a setup can be justified across multiple use cases beyond a typical NAS. For detailed processor specifications and capabilities, further information can be explored on Intel’s official product specifications page.

Bottom Line, there are going to be users who are looking at how expensive ‘turnkey’ NAS solutions can cost, then see what just the hardware parts would cost in a DiY alternative. For example, below is the cost of a fully specced out QNAP Intel Core build vs the cost fo JUST the CPU and Motherboard in the Erying board:

Needless to say, this is not a completely fair comparison. The QNAP includes all the building, the software, the PSU, cables, case, testing and all under a single warranty. Still, it IS food for thought for those that are happy to build their own NAS and save some $$$s.

Where to Buy the Erying Intel Mobo Combo (3 Versions): Check AliExpress: Erying 13th Gen i9 Combo 14C / 20T $459  HERE Erying 12th Gen I9 Combo 14C / 20T $389 HERE Erying 11th Gen i7 8C / 16T = $262  HERE C = Cores , T = Threads

---

Best POWER + Storage CPU+Motherboard M-ITX Combo – The Intel 13th Gen The Minisforum AR900i (4x M.2 4×4 and 5×16 PCIe)

Spec Highlights – Intel® Core i9-13900HX Processor, 24 C/32 T (36M Cache, up to 5.4 GHz) Intel® UHD Graphics for 13th Gen Intel® Processors, SODIMM DDR5 Slots×2, up to 5600 MT/s, Max 64GB, 4×M.2 2280 PCIe4.0 x4, SSD Slots PCIe 5.0 X16 connector, 1x 2.5GbE and Lack of SATA AGAIN!  – Check on AliExpress and $399 on Amazon

The Minisforum AR900i motherboard, in combination with the potent Intel® Core i9-13900HX CPU, forms a formidable base for power users. The AR900i is a Mobile Desktop (MoDT) motherboard that leverages the might of the 13th Gen Intel® flagship CPU, providing an exceptional 24 cores and 32 threads for heavy multitasking and demanding applications. Notably, the four M.2 2280 PCIe4.0 SSD slots are designed for rapid storage with RAID capabilities, reflecting a setup intended for high-speed operations and data security. The motherboard’s inclusion of SFF-8643 connectors represents an innovative shift away from static SATA ports, offering a dynamic and scalable solution for storage expansion. This approach is particularly beneficial for custom builds that require a neat cable management system and the flexibility to adjust storage configurations with ease. The PCIe 5.0 X16 slot on this motherboard is a forward-thinking feature, catering to the latest and most powerful GPUs and ensuring that the system is ready for the next generation of graphics and expansion cards.

However, it’s important to consider the networking capabilities of the AR900i. With only a single RJ45 2.5G Ethernet port, users who need enhanced networking may have to invest in a PCIe 5.0 compatible NIC, potentially sacrificing the valuable high-speed slot that could be used for other high-performance components. This choice underscores the need to balance the motherboard’s impressive storage and expansion capabilities with networking needs. The AR900i represents Minisforum’s dedication to compact, high-performance computing solutions. With support for triple-screen displays up to 8K, built-in AX210 wireless card for WiFi 6E, and Bluetooth 5.3, this motherboard offers comprehensive connectivity options for a variety of uses, from gaming to professional creative workstations.

Specification Category	Details
Processor	Intel® Core i9-13900HX, 24 Cores/32 Threads (36M Cache, up to 5.4 GHz)
GPU	Intel® UHD Graphics for 13th Gen Intel® Processors
Chipset	Intel® HM770 Chipset
Memory	DDR5 Dual channel (SODIMM Slots×2, up to 5600 MT/s, Max 64GB)
Storage	4×M.2 2280 PCIe4.0 SSD Slots
Expansion Slot	PCIe 5.0 X16 connector ×1
Wireless Connectivity	M.2 2230 Key E Slot
Video Output	HDMI2.0 ×1, DisplayPort1.4 ×1, USB-C ×1
Audio Output	HDMI2.0 ×1, DisplayPort1.4 ×1, USB-C ×1, Line Out ×1
Ethernet	RJ45 2.5G Ethernet Port×1
USB Ports	USB3.2 Gen2 Type-C Port ×1 (Alt DP), USB3.2 Gen2 Type-A Port ×2, USB2.0 Type-A Port ×2
I/O Ports	4-pin CPU Fan header ×1, 4-pin System Fan header ×2, 4-pin SSD Fan header ×1, USB 3.2 Gen 2 header ×1, Front Panel Audio header ×1, System Panel header ×1
Form Factor	Mini-ITX Form Factor (170x170mm)

The Intel® Core i9-13900HX processor, with its 24 cores and 32 threads, is a powerhouse suitable for a DIY NAS setup geared towards enthusiasts and professionals requiring robust performance for tasks such as media transcoding, file serving, and hosting complex databases. The processor’s 36M cache and peak speeds of up to 5.4 GHz ensure that multiple operations can be handled efficiently, supporting a smooth and responsive network storage experience. The addition of Intel UHD Graphics for 13th Gen Intel® Processors also allows for hardware-accelerated video encoding and decoding, which can be a significant advantage for a NAS serving as a media server. In terms of memory, the system’s support for DDR5 dual-channel RAM, with speeds up to 5600 MT/s and a maximum capacity of 64GB, provides ample bandwidth and storage for running a NAS operating system along with any additional services. This is particularly important for a NAS that may be handling simultaneous data-intensive tasks. The four M.2 2280 PCIe4.0 SSD slots offer high-speed storage options, ideal for caching or fast data access needs, enhancing the overall performance and speed of the NAS.

The connectivity options of this setup are also noteworthy. The motherboard’s Mini-ITX form factor is well-suited for NAS builds, where space efficiency is often a priority. The inclusion of a PCIe 5.0 X16 expansion slot allows for additional upgrades, such as adding a dedicated network interface card for improved network throughput or additional storage controllers if the four M.2 slots are insufficient. The onboard 2.5G Ethernet port provides a faster-than-gigabit connection, beneficial for transferring large files over the network. With a comprehensive range of I/O ports, including USB3.2 Gen2 and USB-C, the system can accommodate a variety of peripherals and external drives, making it a versatile choice for a DIY NAS setup.

 

Where to Buy the Intel 13th Gen i9 The Minisforum AR900i CPU + M-ITX Motherboard Combo: Check AliExpress ($289-349 with Memory) HERE Check Amazon ($399 NOW) HERE

 

 

---

---

Best Cheap CPU+MoBo+SSD+RAM Combo – The Topton N6005 CPU+Mobo Combo

Spec Highlights – Topton NAS Motherboard N6005, 4x Intel i226-V 2.5G Nics, Dual M.2 NVMe, Six SATA3.0, 2*DDR4 SODIMM, HDMI2.0, Mini ITX / M-ITX- $261 on AliExpress ($399 for 32GB DDR4 RAM and 1TB M.2 NVMe Included – see image below)

The Topton N6005 combo offers excellent value, combining an Intel Pentium N6005 processor, motherboard, 16GB RAM, and an NVMe OS SSD. Its popularity stems from its low cost and high performance, suitable for a variety of DIY NAS builds.

Component	Specification
CPU	Integrated Jasper Lake Intel Celeron N6005
RAM	2x SO-DIMM DDR4 slots, up to 64GB (2400/2666/2933MHz)
Storage	2x M.2 NVMe 2280 slots (PCIe 3.0 x1), 6x SATA 3.0 ports
Network	4x Intel i226-V 2.5Gbps network interfaces
Form Factor	Mini-ITX (17.0 cm x 17.0 cm)
System Support	Microsoft® Windows 10/11 64-bit, Linux
Main Characteristics	– Matte Black PCB
	– High-density moisture-proof fiber circuit board
	– Full protection (USB, audio source, network interface)
GPU	Integrated Intel UHD Graphics (24EUs for N5105, 32EUs for N6005)
IO Ports	2x USB 3.0, 4x USB 2.0, 1x HDMI, 1x DP
LAN	4x RJ-45 2.5G NET
Additional Features	– Auto power-on, Wake-On-LAN, PXE support
Structure	Solid Capacitor Design

Priced at $261 on AliExpress, and $399 when bundled with 32GB DDR4 RAM and a 1TB M.2 NVMe SSD, the Topton N6005 motherboard combo stands out for its affordability. This price point makes it an accessible entry for enthusiasts and professionals alike who are looking to build a high-performance NAS without incurring exorbitant costs. The inclusion of substantial RAM and fast NVMe storage in the bundle further adds to the value, offering what one might need for a robust NAS setup at a price that challenges many competitors in the market.

The CPU, an Intel Celeron N6005, is a Jasper Lake processor that strikes a balance between efficiency and capability. With a base frequency of 2.0 GHz and a burst frequency of up to 2.9 GHz across its four cores, it’s engineered to handle the multitasking demands of a NAS system. The 10W TDP reflects a design optimized for low power consumption, making it an economical choice for 24/7 operation, a critical consideration for NAS systems which are expected to be always on.

On the storage front, the Topton N6005 shines with two M.2 NVMe PCIe 3.0 x1 2280 slots for high-speed data transfer and six SATA3 6Gb/s ports for ample storage capacity. This allows users to install fast NVMe drives for the operating system and frequently accessed files, while the SATA ports can host larger hard drives for bulk storage. Such a combination is perfect for a NAS system, providing quick access to data and large storage pools for backup, media libraries, or network file sharing. If you are considering the Topton N6005 CPU+Motherboard combination for PLEX Media Server, I made a dedicated video on this using this CPU/Mobo in the Jobsno N2 NAS Case below, testing 4K Multimedia:

The Topton N6005 has garnered popularity among NAS builders for several reasons. It offers a mini-ITX form factor, which is ideal for compact builds, and includes four 2.5Gbps Intel i226-V network interfaces, enhancing its functionality as a home or small office server. Additionally, the CPU’s support for up to 64GB of DDR4 RAM means it can handle more demanding NAS tasks, such as running virtual machines or hosting databases. These features, coupled with its energy efficiency and expandability, make the Topton N6005 a sought-after component for building versatile and powerful NAS systems.

Where to Buy the TopTon N6005 Motherboard Check AliExpress: Intel N6005 + Motherboard = $229 HERE Intel N6005 + Motherboard + 8GB RAM + 128GB SSD = $275 HERE Intel N6005 + Motherboard + 32GB RAM + 1TB SSD = $399 HERE AMAZON – Intel N6005 + Motherboard = $169 HERE

---

---

Disclaimer – The Jonsbo N1, N2 and N3 are STILL the Best NAS Enclosures

Jonsbo’s range of NAS enclosures stands out as an industry benchmark for those keen on custom desktop NAS builds. These enclosures seamlessly blend aesthetics with functionality, showcasing a meticulous design ethos that addresses both the visual and technical demands of modern users. The build quality is exceptional, employing high-grade materials that not only ensure durability but also aid in efficient heat dissipation, a critical factor for continuous NAS operations. Furthermore, Jonsbo has consistently demonstrated a forward-thinking approach by incorporating features that cater to future expansion and adaptability. Their user-friendly design ensures easy installation and maintenance, making them a preferred choice for both novices and seasoned builders. Backed by positive user reviews and a reputation for reliability, Jonsbo NAS enclosures are, without a doubt, one of the best investments for those aiming to craft a high-performance, custom desktop NAS system.

Jonsbo N1 5/6 Bay Price (9/23) – $96	Jonsbo N2 5/6 Bay Price (9/23) – $89	Jonsbo N3 5/6 Bay Price (9/23) – $92

---

Recommended Add-ons and Extras to Remember for Your DiY NAS Build

Building a NAS involves more than just the CPU and motherboard; enclosures, memory, PSUs, and other accessories are essential. Future guides will detail these components, alongside recommendations for smaller, crucial accessories to enhance your DIY NAS server’s functionality.

 

M.2-to-6xSATA Adapter ($10-15) – HERE on AliExpress or HERE on Amazon.com

PCie Card to Add 4x M.2 to Your Mobo $20-50 (Check Lane/Speed of Mobo and Compatibility First) – HERE on AliExpress or HERE on Amazon.com

Compatible CPU Cooler (CPU Dependant)  $25-50- HERE on AliExpress or HERE on Amazon.com

SATA Fan Out Cable – HERE on AliExpress or HERE on Amazon.com

---

Here is our article on the BEST (and worst) NAS Enclosures and Cases you can find on AliExpress for your DiY NAS Build. Click the banner below to read the article, alternatively, you can watch the detailed video HERE. Alternatively, you can watch a video on the best and worst NAS enclosures on Amazon here instead.

---

SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE

 

I. Présentation

Dans ce tutoriel, nous allons voir comment effectuer une installation de CrowdSec sur plusieurs machines afin de répliquer les alertes et les décisions entre les différentes instances. Ainsi, lorsqu'un serveur banni une adresse IP, elle est également bannie sur les autres instances CrowdSec synchronisées.

Pour effectuer une installation multiserveur de CrowdSec, toutes les machines doivent avoir une instance CrowdSec installée en local. Ensuite, nous viendrons ajuster la configuration de chaque instance, notamment au niveau de LAPI. Si vous avez plusieurs serveurs exposés sur Internet (un cluster de serveurs Web, par exemple), vous pouvez déployer cette configuration pour que les adresses IP malveillantes soient bannies sur tous les nœuds.

Pour les échanges d'informations, CrowdSec s'appuie sur deux API :

• Local API ou LAPI : ceci correspond à l'hôte local lorsque l'instance CrowdSec fonctionne de façon autonome
• Central API ou CAPI : ceci correspond aux instances CrowdSec dans le Cloud, notamment sollicitées pour récupérer les listes d'adresses IP malveillantes communautaires et pour transmettre les signaux à la console CrowdSec.

Ce contenu est disponible au format vidéo :

• Voir la vidéo sur YouTube

II. Architecture avec un pare-feu PfSense et des serveurs virtuels

Pour le déploiement, plusieurs scénarios sont envisageables. Vous pouvez utiliser une machine CrowdSec destinée à centraliser toutes les décisions et toutes les alertes, et sur laquelle les autres machines viendront se synchroniser. Il est d'ailleurs possible de s'appuyer sur une base de données, pour des questions de performance.

Aujourd'hui, nous allons déployer un scénario basé sur deux machines :

• Un pare-feu PfSense, où CrowdSec sera installé et cet hôte sera utilisé pour héberger le rôle de "Local API" pour les trois machines
• Un serveur Windows Server, où CrowdSec sera installé avec le bouncer windows-firewall

Ici, il n'y a qu'un seul serveur exposé sur Internet, représenté par un serveur Web sous Windows Server, mais il pourrait tout à fait en avoir d'autres (y compris sous Linux). Je vais vous préciser les étapes à effectuer sur les noeuds que l'on pourrait appeler les "clients LAPI".

Remarque : dans la vidéo, le scénario est basé sur trois machines, avec un second serveur en DMZ, sous Linux, lui aussi serveur Web et exposé sur Internet également. Référez-vous à la vidéo si nécessaire, selon vos besoins.

III. Point de départ

Ce tutoriel n'abordera pas l'installation de CrowdSec sur les différents hôtes, ni même l'installation des systèmes d'exploitation. Pour cela, référez-vous aux articles suivants :

• Installer CrowdSec sur Windows Server
• Installer CrowdSec sur PfSense
• Créer un lab virtuel avec VirtualBox et PfSense
• Créer un lab virtuel avec VMware Workstation et PfSense

Quand votre environnement est prêt, vous pouvez passer à la phase de configuration.

IV. Configurer le serveur LAPI central pour CrowdSec

Sur le pare-feu PfSense, nous devons configurer CrowdSec pour qu'il soit en écoute sur une adresse IP du pare-feu, afin de ne pas être accessible uniquement en local. Sans cela, les autres hôtes ne pourront pas venir s'inscrire sur ce serveur LAPI car par défaut l'hôte LAPI est configuré sur l'adresse IP de boucle locale : 127.0.0.1.

Connectez-vous à l'interface d'administration de PfSense, cliquez sur "Services" puis "CrowdSec". Ici, descendez jusqu'à trouver l'option "LAPI host" et remplacez "127.0.0.1" par le nom d'hôte (DNS) de votre pare-feu PfSense, ou l'adresse IP de l'une de ses interfaces. Dans cet exemple, je précise "192.168.200.1" car il s'agit de l'adresse IP de l'interface "DMZ" de mon pare-feu et le serveur Web se situe dans cette zone réseau.

Quand c'est fait, sauvegardez la configuration avec le bouton prévu à cet effet.

Il est à noter que cette modification, bien qu'elle soit effectuée via l'interface web de PfSense, pourrait être effectuée en ligne de commande en modifiant le fichier suivant :

/usr/local/etc/crowdsec/config.yaml

D'ailleurs, ce que nous venons d'effectuer en mode web a permis de modifier le fichier de configuration.

Passez à l'étape suivante.

V. Inscrire et autoriser les hôtes sur le serveur LAPI

Le serveur Web sous Windows Server va devoir s'inscrire sur le serveur LAPI CrowdSec, c'est-à-dire notre pare-feu PfSense. Ensuite, nous devrons approuver la demande d'inscription. Cette étape est à effectuer sur chaque serveur qui doit utiliser le serveur LAPI central.

A. Désactiver l'interface LAPI de CrowdSec

À partir du serveur Windows Server, où CrowdSec est installé, vous devez commencer par modifier le fichier de configuration "config.yaml" situé à cet emplacement :

C:\ProgramData\CrowdSec\config\config.yaml

Dans ce fichier, vous devez ajouter la ligne "enable: false" sous "server:", et commenter la ligne "listen_uri" afin de désactiver la LAPI de CrowdSec. En effet, ce n'est plus utile sur ce serveur puisque nous allons solliciter la LAPI de l'instance CrowdSec installée sur le pare-feu PfSense.

Attention à la syntaxe, notamment aux espaces, car YAML est très pointilleux là-dessus.

Une fois que c'est fait, sauvegardez le fichier.

• CrowdSec - Documentation - Fichier de configuration

B. Inscrire les hôtes CrowdSec sur le serveur LAPI

Toujours sur ce même serveur, ouvrez une console PowerShell ou une Invite de commande afin d'inscrire l'hôte sur le serveur LAPI. Exécutez la commande suivante, en adaptant l'adresse IP (et éventuellement le port, si vous l'avez modifié).

cscli lapi register -u  http://192.168.200.1:8080

Si l'on ne précise pas de nom, comme c'est le cas avec la commande ci-dessus, un ID aléatoire sera généré. Si vous souhaitez préciser un nom, afin que ce soit plus parlant, utilisez la commande de cette façon :

cscli lapi register -u  http://192.168.200.1:8080 --machine <nom de la machine>

Vous devez obtenir un résultat semblable à celui-ci :

Pour prendre en compte l'ensemble des modifications que nous venons d'effectuer, redémarrez le service CrowdSec :

Restart-Service crowdsec

Passez à la suite.

C. Approuver les hôtes CrowdSec

Basculez sur le serveur LAPI, c'est-à-dire sur le pare-feu, afin d'approuver la machine que l'on vient d'inscrire. Connectez-vous à la console, via SSH, par exemple.

Exécutez la commande suivante pour lister les machines :

cscli machines list

Ceci va permettre d'obtenir une liste avec deux machines :

• La machine locale, ici "pfsense"
• La machine distante que l'on vient d'inscrire, identifier par le nom "3f8ba55c46b54537aadaac7c5b7717a44wNuYECMrmksQ9Mm" (car je n'ai pas précisé de nom ; j'ignorais l'option permettant de nommer la machine à ce moment-là)

Désormais, il faut valider / approuver cette nouvelle machine en attente. Pour cela, exécutez la commande suivante :

cscli machines validate <nom de la machine>
cscli machines validate 3f8ba55c46b54537aadaac7c5b7717a44wNuYECMrmksQ9Mm

En principe, vous devriez obtenir un message de confirmation, comme celui-ci :

Passez à la suite.

VI. Déclarer les nouveaux bouncers

A. Ajouter un bouncer et obtenir une clé d'API

Toujours sur le serveur LAPI, à savoir PfSense, nous allons devoir déclarer la machine distante comme étant un bouncer. Ceci signifie qu'elle aura la permission de venir déclarer de nouvelles alertes et décisions pour bloquer des adresses IP malveillantes.

La commande suivante permet de déclarer un bouncer nommé "SRV-WS2022". Vous pouvez reprendre le nom d'hôte de votre machine.

cscli bouncers add <nom de la machine>
cscli bouncers add SRV-WS2022

Comme le montre l'image ci-dessous, nous obtenons une clé d'API pour cet hôte :

Cette clé d'API va lui permettre de s'authentifier sur le serveur LAPI en tant que bouncer.

B. Configurer le bouncer sur l'hôte

Retournez sur le serveur distant. Pour ma part, c'est le serveur Web sous Windows Server. L'objectif va être de configurer le bouncer Windows Firewall installé sur cette machine pour qu'il déclare les décisions sur le serveur LAPI central, plutôt qu'en local. Ceci implique d'installer le bouncer sur le serveur, au préalable.

Éditez le fichier suivant :

C:\ProgramData\CrowdSec\config\bouncers\cs-windows-firewall-bouncer.yaml

Dans ce fichier, vous devez modifier deux options :

• api_endpoint
• api_key

Elles sont mises en évidence sur l'image ci-dessous.

Pour l'option "api_endpoint", vous devez indiquer l'adresse IP (ou le nom d'hôte) ainsi que le port de votre serveur LAPI central (soit le PfSense).

Pour l'option "api_key", vous devez indiquer la clé d'API obtenue précédemment via la commande "cscli bouncers add".

Ce qui donne :

Quand c'est fait, redémarrez le service Windows correspondant au bouncer Firewall :

Restart-Service cs-windows-firewall-bouncer

Du côté de PfSense, si nous regardons l'onglet "Bouncers" présent sur la page de statut de CrowdSec, nous pouvons voir deux bouncers valides ! Il y a le bouncer présent en local sur PfSense et notre hôte distant sous Windows Server.

La configuration est prête, vous allez pouvoir la tester...

VII. Tester la configuration

Pour tester cette configuration, nous allons devoir simuler un comportement malveillant. Dans le cas présent, mon serveur Web Windows Server est accessible grâce à une règle de NAT (car le reverse proxy n'est pas configuré sur le pare-feu) créée sur le pare-feu PfSense.

À l'aide d'une machine distante, je vais accéder à ce site Web qui est celui par défaut de IIS. Il s'agit d'un Lab et l'interface WAN de mon PfSense a l'adresse IP "192.168.1.60", donc j'effectue un scan Web sur cette adresse IP à l'aide de l'outil Nikto.

Ci-dessous, l'action est effectuée à partir d'une machine Kali Linux. Ce scan effectué par Nikto est bruyant et devrait alerter rapidement CrowdSec.

En effet, nous pouvons constater qu'il y a bien eu une décision prise par CrowdSec : bloquer l'adresse IP correspondante à mon hôte Kali Linux. Le résultat ci-dessous est issu de la machine Windows Server.

Nous pouvons voir qu'il y a eu plusieurs alertes générées :

Mais, comment savoir si c'est le pare-feu ou le serveur web qui a pris la décision de bloquer cette adresse IP ?

Pour cela, nous pouvons regarder les détails de l'alerte. Par exemple, l'alerte avec l'ID numéro 4 correspondant à du "http-xss-probbing". Pour cela, nous devons exécuter la commande suivante :

cscli alerts inspect 4

Dans les détails, nous pouvons voir la ligne "Machine :" accompagnée par un nom d'hôte. Ici, j'obtiens un ID de machine (souvenez-vous, la machine n'a pas été nommée lors de son inscription initiale). Cet identifiant correspond bien à mon serveur Web, donc c'est ce serveur qui a bloqué l'adresse IP.

Nous pouvons le vérifier en faisant la correspondance entre cet ID et celui visible dans la liste des machines :

cscli machines list

Voici le résultat en image :

Remarque : nous pouvons également ajouter l'option "-m" aux commandes "cscli alerts list" et "cscli decisions list" pour ajouter une nouvelle colonne avec l'ID de la machine.

Du côté de l'interface Web de PfSense, cette adresse IP est également bannie ! La décision est bien synchronisée entre tous les hôtes. Ainsi, les deux machines vont bloquer tous les flux en provenance de cette adresse IP malveillante.

VIII. Conclusion

Grâce à ce tutoriel basé sur uniquement deux hôtes, nous voyons bien le potentiel et l'intérêt de CrowdSec dans une architecture multiserveur, notamment lorsqu'il y a plusieurs serveurs exposés sur Internet. Le fait de coupler les serveurs avec le pare-feu permet de bannir les adresses IP malveillantes directement en entrée du réseau, ce qui est intéressant pour protéger notre infrastructure.

Sachez que malgré la présence d'une authentification, tous les flux échangés entre les hôtes sont effectués en clair puisque le protocole HTTP est utilisé. Il s'agit de flux interne, entre le serveur en DMZ et le pare-feu, donc c'est acceptable. Toutefois, si vous envisagez d'utiliser un serveur LAPI externe ou qui implique que des flux vont transiter sur Internet, vous devez faire évoluer la configuration pour basculer les connexions en HTTPS.

The post Comment mettre en place une installation multiserveur de CrowdSec ? first appeared on IT-Connect.

DIY NAS vs Turnkey NAS: Which is Best for You?

Today, we’re going to try and quickly and (bluntly) answer a key question in the world of network-attached storage: should you build your own NAS (DIY) or opt for a turnkey solution in 2024? This topic has been hotly debated in our recent video, “Build Your Own NAS vs Turnkey NAS – Which Should You Buy in 2024?”, and we’re here to delve deeper into this discussion with a comprehensive analysis.

Note – We delve into this debate, analyzing the pros and cons of each approach. Watch our detailed discussion here.

In a rush? Let’s Cut to the chase!

If you’re in a rush and simply want to know about the best CPU and motherboard combo to build your best DIY NAS system, below, you can find direct links to each of these bundles that can be purchased predominantly on AliExpress, but some of these options are also available on retailers such as Amazon and Newegg. If you were going to shop at these retailers anyway, why not use the links below as it will ensure that we act as comparers could earn a small fee from these shops. It allows us to keep doing what we do.

Here are ALL the Motherboard+CPU Combos that we cover in this article: (The Best) i3-N305 M-ITX BoardCheck AliExpress ($289-349 with Memory) HERE and Amazon HERE (x4 m.2 @ Gen 4×4) The Minisforum AR900i CPU + M-ITX Motherboard Combo ($399) Amazon HERE (Best for PLEX) Erying 13th Gen i9 Combo 14C / 20T $459  HERE (Gen 5 M-ITX) MINISFORUM BD770i ITX Motherboard $489 (AliExpress) HERE and $399 (Amazon) HERE (Plex Alternative #1) Erying 12th Gen I9 Combo 14C / 20T $389 HERE (ECC M-ITX Combo) CWWK 8-Bay / 9-Bay Board AMD-7735HS/7840HS/8845HS/7940HS $489 (AliExpress) HERE (Plex Alternative #2) Erying 11th Gen i7 8C / 16T = $262  HERE (Best Storage) X99 Motherboard + 32GB RAM = $158 HERE or E5-2680 V.4 CPU + 32GB RAM = $176  HERE (Best Value) Intel N6005 + Motherboard = $229 HERE (Best Value EXTRA) Intel N6005 + Motherboard + 8GB RAM + 128GB SSD = $275 HERE AMAZON – Intel N6005 + Motherboard = $169 HERE

Cost Considerations

DIY NAS: The primary allure of constructing a DIY NAS system lies in its potential for cost savings. By selecting and purchasing individual components, enthusiasts can often build a system that outperforms entry-level commercial NAS units at a similar or lower price point. For example, by choosing a budget-friendly CPU that still meets performance requirements, such as an AMD Ryzen 3 or an Intel Pentium processor, and pairing it with affordable but reliable storage drives, users can significantly reduce costs. However, the economical aspect extends beyond initial setup; a DIY NAS’s running costs, including power consumption and potential upgrades, need careful consideration. While the hardware might be less expensive initially, software choices (free vs. paid NAS operating systems) and the potential need for future hardware upgrades to meet evolving storage demands can add to the total cost of ownership.

A Great example is HERE, the ERYING i9 Motherboard on Aliexpress – £387 for the Motherboard, an Intel 12th Gen i9 CPU pre-fitted and 16GB of DIMM Memory (Click to see on AliExpress)

Turnkey NAS: In contrast, turnkey NAS systems, such as those offered by Synology or QNAP, come with a higher upfront cost. This price not only encompasses well-integrated hardware and software but also the convenience of professional support and warranty services. The premium paid for a turnkey solution is often justified by the inclusion of proprietary software features, such as advanced backup solutions, multimedia streaming capabilities, and user-friendly security enhancements. For instance, Synology’s DiskStation Manager (DSM) offers a suite of applications for data management and security that can appeal to users looking for an out-of-the-box solution. Additionally, the long-term value of customer support and firmware updates that keep the system secure and functional over time cannot be understated.

Skill and Time Investment

DIY NAS: Building a NAS requires a notable investment of time and technical skill. The process involves selecting compatible components, assembling the hardware, and installing and configuring the operating system. For tech enthusiasts, this project offers an opportunity to learn and customize every aspect of their system, from the network settings to data management and security protocols. The DIY path can be particularly rewarding for those who enjoy troubleshooting and optimizing their setups. For example, choosing the right RAID configuration for your needs—be it RAID 1 for redundancy or RAID 5 for a balance of redundancy and storage efficiency—requires understanding the implications of each choice on performance and data safety.

Method	Turn-Key NAS (Synology/QNAP/etc)	Build Your Own / DiY NAS
‘Out the Box’ Setup time (i.e when it’s 100% setup complete and ready for day-to-day use)	20-30 Minutes for Build & Initialization 10mins to 12 Hours for RAID Synchronization (ZFS = Minutes, not hours)	60-120 Minutes for Build & Initialization 10mins to 12 Hours for RAID Synchronization (ZFS = Minutes, not hours)
I.T / Tech Skill Level Requirements (Out of /10)	Synology = 2/10 QNAP 5/10 Asustor / Terramaster = 4/10	TrueNAS Core = 9/10 TrueNAS Scale = 7/10 UnRAID = 6 / 10
Monthly Maintenance (Checking update, stability, logs, etc)	10-15 Minutes	20-30 Minutes
Expandability and Migration (i.e Long term lifespan in Hardware)	Limited to 1st Party hardware and system limitations (i.e Synolgoy DS923+ supports 1x 5-bay expansion, nothing else. Also, Synology NAS HDD/SSDs can ONLY be used in a Synology NAS) More Expansions on QNAP, via USB or SAS Expansion Cards	No hardware limitations (beyond actual 3rd party hardware compatibility) Can migrate to new hardware easily and with limitless scalability (i.e, 1-1000 HDDs) UnRAID much, MUCH more expandable than TrueNAS currently.
Warranty and Repairs (Options if the event of Issues and/or System Failure)	2/3/5 Year Hardware Warranty, 1 Party (Brand) Effective Lifetime Support and Warranty Included	Multiple Hardware Warranty to manage (Mobo, CPU, PSU, etc) Community led Support (Forums, Reddit, etc) Paid Support via TrueNAS/UnRAID Official Platforms)

Turnkey NAS: For those seeking a straightforward, time-saving option, turnkey NAS units are the clear choice. Brands like Synology and QNAP offer systems that are virtually plug-and-play, requiring minimal setup beyond initial configuration. This convenience is especially appealing in professional environments where time equals money. The user-friendly interfaces of turnkey NAS systems are designed with the non-technical user in mind, making tasks like creating user accounts, setting up file sharing, and managing backups as simple as a few clicks. This ease of use extends to maintenance and troubleshooting, which are often supported by extensive documentation and customer support services.

Flexibility and Freedom

DIY NAS: The most significant advantage of a DIY NAS is the unparalleled flexibility it offers. Users can handpick components to meet their specific performance, storage, and budgetary needs, creating a system that can grow and change with their requirements. For example, someone prioritizing media streaming might choose a CPU with strong transcoding capabilities, while another user might focus on maximizing storage capacity with a larger number of drive bays. This customizability extends to software, with a variety of free and open-source NAS operating systems available, such as FreeNAS (now TrueNAS CORE) or OpenMediaVault, which offer powerful features and plugins for a personalized setup.

Turnkey NAS: Turnkey solutions prioritize simplicity and reliability over customization. While these systems may offer less flexibility in terms of hardware and software modification, they are optimized for ease of use and stability. The integrated nature of hardware and software in turnkey NAS units ensures compatibility and performance, which is particularly beneficial for users who value a system that “just works.” However, some turnkey solutions still offer a degree of customization through modular designs that allow for easy hard drive swaps or expansions, as well as software ecosystems that support a range of applications and services.

Middle Ground Solutions

For individuals torn between the customization of DIY and the simplicity of turnkey solutions, there are products that blend these approaches. The Lincstation N1, ZimaCube, and Aoostar R1 represent a middle ground, offering pre-assembled hardware

Pre-built NAS Solutions with NO OS? Perfect Middle Ground?

For individuals torn between the customization of DIY and the simplicity of turnkey solutions, there are products that blend these approaches. The Lincstation N1, ZimaCube, and Aoostar R1 represent a middle ground, offering pre-assembled hardware with some level of customization still available. This section will delve deeper into these options and also introduce the concept of pre-built NAS solutions that come without an operating system, a category that bridges the gap between fully DIY projects and complete turnkey solutions. Pre-built NAS solutions without a pre-installed operating system offer a unique advantage. They eliminate the need for the user to source and assemble hardware components, a task that can be daunting for those without technical expertise. Yet, they still provide the flexibility to choose and install an OS that best fits the user’s needs, such as TrueNAS, OpenMediaVault, or even a customized Linux distribution. This approach allows users to benefit from the hardware reliability of a pre-built system while enjoying the software customization typically associated with a DIY NAS. For instance, TerraMaster and some lesser-known brands offer NAS units that come without proprietary software, enabling users to install third-party or open-source NAS software of their choice.

Comparing these pre-built, software-less NAS solutions to full DIY or complete turnkey solutions from Synology or QNAP reveals distinct pros and cons. On the one hand, they reduce the complexity and time required for a DIY build, since the hardware comes pre-assembled and tested for compatibility and performance. This can be a significant advantage for users who are confident in their ability to manage software but hesitant about building hardware from scratch. On the other hand, these solutions lack the out-of-the-box readiness of turnkey products, requiring users to invest time in selecting, installing, and configuring an operating system and any additional software. The primary advantage of these middle-ground NAS solutions is their potential for customization without the need to commit to the full DIY process. Users can tailor the system’s software to their precise requirements, optimizing for performance, security, or specific functionalities, while avoiding the potential pitfalls of hardware compatibility issues. However, this approach comes with its own set of challenges, including the need for a certain level of technical expertise to select and install the NAS operating system and manage system configuration and maintenance. Unlike turnkey solutions, which offer comprehensive customer support and software updates, users of pre-built NAS systems without pre-installed software must rely on community support or their own skills to troubleshoot issues and update software.

Pre-built NAS solutions without included software present an appealing option for those who seek a balance between customization and convenience. They offer a foundation that saves users from the complexities of hardware assembly, while still providing the freedom to choose and install preferred software, a feature that attracts users who desire a personalized setup but are not ready to embark on a full DIY project. This middle ground offers a compromise that can satisfy a broad range of needs, bridging the gap between the simplicity and support of turnkey solutions and the customization and learning opportunities of a DIY approach.

Conclusion – Which Should You Choose? DiY or Turnkey?

The decision between DIY and turnkey NAS solutions ultimately depends on your personal preferences, technical skills, and specific needs. If you’re a tech enthusiast with a penchant for customization, a DIY NAS offers an engaging project with flexibility and cost benefits. However, if convenience, support, and ease of use are your priorities, a turnkey NAS is the way to go. As you weigh your options, consider products that offer a middle ground, like the Lincstation N1, ZimaCube, or Aoostar R1. These solutions can provide a balance between customization and convenience, fitting the needs of a wider range of users. Remember, whether you build or buy, your NAS is a crucial part of your digital life. Choose the path that aligns with your skills, budget, and expectations for the best possible experience. Once again, the decision hinges on your preferences, skills, and needs. Tech enthusiasts might lean towards a DIY NAS for its flexibility, while those seeking convenience might prefer turnkey solutions. Consider middle-ground products for a balanced approach.

Best CPU+ Motherboard for a Premium Feature but Low Power Consumption NAS – The i3-N305 M-ITX Board

Spec Highlights – i3-N305, 4x Intel i226-V 2.5G Nics, 2x M.2 NVMe. 6x SATA, 1*DDR5 SODIMM, HDMI2.0 + DP – $289 on AliExpress

Currently, the “build your own” favorite across many forums, the new Intel N305 processor, an 8-core, eight-thread i3 processor, comes pre-installed on a Mini-ITX board. It not only provides a remarkably low 7-watt TDP when needed but also offers significant scalability in terms of both clock speed and power efficiency. The $289 N305 version of the CPU and Motherboard combo presents a practical and economical choice for commercial use (making it the perfect upgrade/alternative to the Topton N6005 / N5105 that was so popular last year for first time NAS DiY’ers). It is equipped with the Intel® Core i3-N305 Processor, which is a part of the Alder Lake-N series. This processor boasts eight cores and eight threads, with a max turbo frequency of 3.80 GHz, offering ample computing power for everyday tasks and certain commercial applications. The processor is fabricated using Intel 7 lithography technology, which is indicative of its advanced and efficient design.

Memory support on this combination is versatile, with the motherboard supporting a SO-DIMM DDR5 memory slot, compatible with frequencies of 4800/5200/5600MHz. Although the processor supports a maximum memory size of 16 GB, which is a consideration to keep in mind, the motherboard can handle up to 32 GB, potentially allowing for future upgrades if the board’s capacity is indeed supported by later CPU models or firmware updates.

The integrated graphics, Intel® UHD Graphics with 32 Execution Units, can dynamically operate at up to 1.25 GHz and support 4K content at 60Hz, making it suitable for high-definition displays and basic graphical tasks. Here’s the specification of the $289 N305 version of the CPU+Motherboard combo:

Specification	Detail
Model Number	NAS-N100-N305
Processor Brand	Intel
Processor Models	Intel® Alder Lake-N i3-N305 (up to 3.8 GHz)
Type	MINI PC / PC Stick
Origin	Mainland China
Brand Name	YSJMNPC
Use	Commercial
Memory	– Support notebook DDR5 technology
	– 1 SO-DIMM DDR5 slot
	– Compatible with 4800/5200/5600MHz
	– Max capacity: 32GB
Storage	– 6 x SATA3.0 6Gb/s interface
	– 2 x M.2 NVMe 2280
Graphics Card	Integrated Card (depending on processor model)
Network Card	4 x Intel i226-V 2.5G RJ45 network port
I/O Panel	– 2 x USB 2.0
	– 1 x USB 3.0
	– 1 x Type-C (2.0 rate)
	– 1 x HDMI
	– 1 x DP
	– 4 x RJ45 2.5G network port
	– 1 x AUDIO 3.5mm interface
Motherboard Features	– Matte black PCB
	– Moisture-free fiber 8-layer circuit
	– Full protection (USB, audio, network)
TDP	9-15W
Structure	MINI-ITX (17.0cm x 17.0cm)
Capacitor Design	All solid capacitor
Expansion Slots	1 PCIe x1 (shared with 2nd M.2)
Onboard Interface	– F_PANEL pin
	– TPM pin (compatible with ASUS TPM module)
	– USB2.0 pin
	– CPU_FAN 4-pin (temperature control)
	– SYS_FAN 4-pin (temperature control)
	– 24+4 ATX power interface
Cooling	– Compatible with 115X radiators
	– Silent temperature-controlled radiator
	– Support for two high-performance radiators

In terms of connectivity, the combo is well-equipped with a variety of interfaces, including multiple USB ports with different standards, HDMI 2.1, and DisplayPort 1.4 for video output, and an Intel i226-V 2.5G RJ45 network port for fast wired internet connections.

The inclusion of PCIe lanes and M.2 slots provides additional expansion capabilities, allowing for further customization and the addition of peripherals or storage solutions. The motherboard’s MINI-ITX form factor makes it a compact solution that can fit into small cases, suitable for workspaces with limited room. EASILY the easiest choice of all the NAS Mobo+CPU options on this list, as one of the newest, lowest in price – yet impressively powerful, despite its lower TDP.

Where to Buy the i3-N305 CPU + M-ITX Motherboard Combo: Check AliExpress ($289-349 with Memory) HERE Check Amazon HERE

---

 

Best 5 Bay NAS Build for Under/Around £250

This is often seen as the budget build for your Jonsbo N2 system. The list below provides a reasonably powerful Plex media server, the ability to run a compact and capable UnRAID server, a few robust container applications, and even lets you set up a combined NAS server and prosumer router using proxmox and pfSense, alongside your chosen open-source NAS software.

Jonsbo N2 + TopTon Intel n5105 Celeron / Pentium n6005 Build (+$35) Jonsbo N2 Case ￡74.04 – Check Amazon HERE – Check AliExpress HERE Topton N5105 + 128GB NVMe + 4GB RAM ￡193.48 – Check Amazon HERE – Check AliExpress HERE SATA 6 Connector ￡4.19 – Check Amazon HERE – Check AliExpress HERE 400W SFX PSU ￡24.36 – Check Amazon HERE – Check AliExpress HERE ￡264.64 (128GB M.2 NVMe + 4GB RAM + 400W PSU) (Optional/Swap) If you want to save some money: Topton N5105 (NO EXTRAS) ￡159.82 – Check Amazon HERE – Check AliExpress HERE Cheaper 250W SFX PSU ￡13.15 – Check Amazon HERE – Check AliExpress HERE (needed for cheaper PSU) SATA to Molex Adapter ￡0.78 – Check Amazon HERE – Check AliExpress HERE ￡247.47 (no M.2 NVMe and Cheap PSU) Note, you need an SSD for TrueNAS OS (USB for UnRAID)

(Component Prices and eShops – 9 Images):

This build, just a bit over 250 pounds, offers a well-built base system, 4 GB of memory to start, and an included gen 3 NVMe SSD for your boot drive. Additionally, it has four individual 2.5G Ethernet ports that can either be solely dedicated to your NAS or divided between your chosen NAS OS and router OS. If you’re on a tight budget or wish to save for storage media later, consider downsizing the PSU to a more economical 250-watt PSU and buying the memory separately. These minor tweaks might save you as much as 40 to 45 pounds, depending on the adjustments you decide on.

Pros:

• Exceptionally affordable
• Simple build as many components arrive pre-attached
• Low power consumption
• Several avenues for cost-saving
• Components aren’t overcrowded, reducing heat concerns
• Compatible with virtually every NAS OS available
• Flexibility for dual OS to cover both NAS storage and prosumer router needs

Cons:

• Underpowered for TrueNAS’s full feature set
• Limited PCI lanes
• Reduced M.2 NVMe support compared to other builds on this list
• Not suited for extensive use or demanding business apps

---

Best Jonsbo N3 Build for Under £500

At this price point, things get serious! Even if you exclude storage media costs and focus on the NAS hardware itself, $500 is substantial for DIY enthusiasts, especially when considering the time spent building the device and buying components from various brands. But if you’re willing to spend up to $500 on your custom-built NAS system with the Jonsbo N3 case, you’ll find a decent amount of flexibility. The subsequent build balances both internal and external performance against your budget. Moreover, the configuration below is priced around $450, allowing you some leeway in either saving extra cash, adding storage, or upgrading existing components (e.g., memory or network ports).

Jonsbo N3 + Intel Core i5 12th Gen + 16GB RAM + 10GbE Build Jonsbo N3 Case ￡94.25 – Check Amazon HERE – Check AliExpress HERE 2x SATA 6 Connector ￡4.19 (note only need 8x, but cheaper to buy 2×6) – Check Amazon HERE – Check AliExpress HERE 400W SFX PSU ￡24.36 – Check Amazon HERE – Check AliExpress HERE B660M ITX Motherboard £235.79 + Intel Core i5 12490F CPU + 16GB RAM – Check Amazon HERE – Check AliExpress HERE ARGB CPU Radiator Fan (LGA1700) ￡13.38 – Check Amazon HERE – Check AliExpress HERE (better option for CPU Fan) Noctua NH-L9x65 CPU Cooler £49 – Check Amazon HERE – Check AliExpress HERE X540-T2 Intel Chipset PCIe x8 Dual Copper RJ45 10Gbps ￡39.34 – Check Amazon HERE – Check AliExpress HERE Tbkoly Controller Card Motherboard Expansion Card 1 To 5 Port SATA £20.45 – Check Amazon HERE – Check AliExpress HERE (Optional) 2x M.2 NVMe PCIe 4 X 8 Card GLOTRENDS Dual M.2 PCIe 4.0 – Check Amazon HERE – Check AliExpress HERE Total $410.65 (i5 CPU + 16GB RAM + 2x10GbE + 400W PSU + Case + Cables) Note, you need an SSD for TrueNAS OS (USB for UnRAID)

(Component Prices and eShops – 8 Images):

This design of this build is significantly more future-proof than its predecessor, but it comes with increased power consumption. The build takes advantage of newer generation PCIe lanes, boasts more cores than the previous design, and confidently supports adding top-tier NVMe SSDs to your storage system in the future. It’s essential to note that this build requires a more hands-on approach. The base network port will need an added network adapter card to expand ports or boost existing port bandwidth to 10G. Finding off-the-shelf motherboards in mITX form with numerous Ethernet and SATA ports that also support modern Intel Core processors can be challenging. Because this design demands an Intel i5 12th gen CPU, the motherboard only features four SATA connectors. The Jonsbo N3 case accommodates up to six SATA drives, so to maximize this on this motherboard, you’ll need a PCIe SATA card with two additional SATA ports. Another option is to buy a different motherboard that supports more SATA connectors but sacrifices network speed, CPU support, or other features.

Pros:

• Lots of power for Plex and virtual machine use
• Full support for all major NAS software platforms
• Great for a medium or growing Plex media server
• Support for 2x NVMe SSDs for cache, Plex metadata, and even a separate SSD volume
• Option to upgrade to 10Gbe networking, depending on your future needs
• Lots of room for RAM upgrades

Cons:

• High power consumption and increased heat concerns
• Requires an additional PCIe card to maximize SATA drives
• Limited PCIe expansion due to the inclusion of a PCIe x1 and PCIe x4 slot
• Reduced options for processor upgrades, given the choice of the motherboard

---

Best Power User NAS Build for £750-1000

For those who want to build a NAS that rivals even the best off-the-shelf models available today, the following $1000 build offers some incredible performance. With this budget, you can get a truly formidable Plex media server, a robust virtual machine host, and even full surveillance with support for over 40 cameras (assuming you’re using an appropriate NAS software platform). The Jonsbo N3 NAS build is a powerhouse, providing enough capability for nearly any home or small business task.

Jonsbo N3 + Gen4/5 MoBo + Intel Core i5 12th Gen with Int Gfx + 32GB RAM + 10GbE Build Jonsbo N3 Case ￡94.25 – Check Amazon HERE – Check AliExpress HERE 2X SATA 6 Connector ￡4.19 (note only need 8x, but cheaper to buy 2×6) – Check Amazon HERE – Check AliExpress HERE 600W SFX PSU ￡43.78 – Check Amazon HERE – Check AliExpress HERE Asrock Z690M-ITX/AX gEN 4/5 Motherboard £171.20 – Check Amazon HERE – Check AliExpress HERE Intel Core i5-12600K 12th Gen £239 – Check Amazon HERE – Check AliExpress HERE Re: CPU, features: 1 x 2.5 Gigabit LAN 802.11ax Wi-Fi 6E Module 1 x PCIe Gen5x16 Slot* 4 x SATA3 6.0 Gb/s Connectors 1 x Hyper M.2 Socket (M2_1, Key M), supports type 2280 PCIe Gen4x4 (64 Gb/s) mode* • 1 x Hyper M.2 Socket (M2_2, Key M), supports type 2280 SATA3 6.0 Gb/s & PCIe Gen4x4 (64 Gb/s) modes* * Supports NVMe SSD as boot disks * Supports ASRock U.2 Kit Corsair VENGEANCE LPX DDR4 RAM 32GB (2x16GB) £59.99 – Check Amazon HERE – Check AliExpress HERE ARGB CPU Radiator Fan (LGA1700) ￡13.38 – Check Amazon HERE – Check AliExpress HERE (better option for CPU Fan) Noctua NH-L9x65 CPU Cooler £49 – Check Amazon HERE – Check AliExpress HERE X540-T2 Intel Chipset PCIe x8 Dual Copper RJ45 10Gbps ￡39.34 – Check Amazon HERE – Check AliExpress HERE Tbkoly Controller Card Motherboard Expansion Card 1 To 5 Port SATA £20.45 – Check Amazon HERE – Check AliExpress HERE (Optional) 2x M.2 NVMe PCIe 4 X 8 Card GLOTRENDS Dual M.2 PCIe 4.0 – Check Amazon HERE – Check AliExpress HERE Total £586.63 (Amazon) + ￡144.76 (Aliexpress) Note, you need an SSD for TrueNAS OS (USB for UnRAID)

(Component Prices and eShops – 9 Images):

At the core of this design is the Intel i7 12th gen CPU, boasting six cores and twelve threads. Complementing this, the motherboard has full support for up to 128GB DDR4 memory (with prices still fluctuating for such large kits). But even with 32GB or 64GB kits being relatively affordable, it provides an excellent base for this system. For networking, the base board has two 2.5GbE ports, with the option to upgrade to 10Gbe using a suitable PCIe network card. However, similar to the $500 build, you’ll need to make some compromises if you want to maximize SATA drive connectivity due to the limited SATA ports on the motherboard.

Pros:

• Extremely powerful for almost any task you throw at it
• Full support for major NAS software platforms and high-end features
• Outstanding Plex media server performance
• Abundant RAM support
• Flexibility in networking, from 2.5Gbe up to 10Gbe

Cons:

• High power consumption
• Likely overkill for casual or home users
• Requires additional PCIe card to maximize SATA drives
• Significant heat production, making adequate cooling essential
• Expensive

 

Conclusion:

Building a Jonsbo N2 NAS system is an exciting project, allowing you to tailor the system to your specific needs and budget. Whether you’re aiming for a budget-friendly media server or a high-powered machine for intensive tasks, the Jonsbo N2 case provides a solid foundation. Always remember that while building the hardware is crucial, choosing the right software and ensuring that it runs seamlessly is just as important. As the NAS market evolves, DIY solutions like the Jonsbo N2 builds will only become more prevalent, offering enthusiasts and professionals alike more flexibility and options. Happy building!

Jonsbo N2 NAS Build with TopTon Board Build (Complete Guide) – UnRAID/TrueNAS (click below)

SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE