I've always used ZFS because it's vastly superior to other options. When I see storage companies building without fault tolerance, or without a merkle tree (so that you can backup deltas efficiently without having to recompute them) it's a sign their marketing team has more influence over the company than their engineers.
Sadly, the few ZFS COTS options have been somewhat underpowered. QNAP supports ZFS filesystems, but their backup configuration won't let you arrange for a nas to pull from the source (instead of the source doing a push.) You can still pull it off by scheduling your own cron job, but this somewhat defeats the purpose of paying extra for a vendor solution.
UBNT is still supporting my 15 year old edgerouters with security updates, and their interface is clean and usable for anyone with basic network experience. And their video surveillance solutions are unusual in that they allow you to keep your footage entirely onsite and offline, an uncommon level of privacy. If they can bring the same polish to their storage solutions, I'll be using these new products for a long time.
The same is true for our AI processing on the cameras. This is entirely local and private. You can even air gap the UniFi Protect system from the Internet and it'll operate fine.
> This is entirely local and private. You can even air gap the UniFi Protect system from the Internet and it'll operate fine.
One week ago 3 guys broke into my shop while I was traveling. They had sense enough to power down the starlink that was providing internet which would have taken out all of the remote camera options.
They did not realize that almost everything they were doing was being recorded via the unifi system. In the end about the only thing of value left in the building was the hard drive with all of their pictures on it.
The police have used the footage to identify all of them and it will be pretty open and shut when they see a court room. Offline and air gapped the whole time they were there but did exactly what it was installed to do.
A 7U cabinet in an overhead space that is difficult to access. Installation and configuration were a bit of a headache but ended up being worth it. There was a NAS in the office and they stripped 7 drives, sleds and all, out of it.
I'm guessing with such an obvious endpoint for the camera storage it never occurred to anyone there was a second box. I had something like this in mind when I wired the building. It seemed like a good idea to make onsite security footage much harder to find given the cameras were obvious and anyone breaking in would probably look to damage or destroy the system.
I really thought the cameras themselves were the deterrent, but these guys gave it a shot anyway. Cutting the cable to the starlink and walking off with the NAS drives seemed to be the plan.
In the future I'm going to add a local battery backed alarm connected to external siren and strobe that is immediate on opening the office door to draw attention. I was driving down to WWDC when the starlink went offline and saw the notice on my phone but wrote it off to equipment failure which gave them enough time to clean the place out pretty well.
The hole in my strategy was thinking nothing could happen without notification, but being in a car in the middle of Norther CA with spotty cell coverage and lots of distractions blew that up pretty hard. I'm also thinking one of ubiquiti's cellular backups is in my future. Starlink offline is annoying but not the attention grabber that a still of a guy walking in the door would have been. Cellular backup would have gotten me that.
> In the future I'm going to add a local battery backed alarm
Wait, you have an office full of expensive equipment but decided to half-ass DIY the security? No wonder you were targeted.
A proper monitored alarm system would have prevented this. They pretty much all have built-in cellular backup now. Do yourself a favor next time and call a professional.
Don't blow your entire budget on cameras then wonder if you need an alarm system because the only good the cameras will serve is to watch your stuff disappear. You mentioned California so expect these guys to be roaming free in short order if they see any jail time at all. Good luck with seeing any restitution or getting your stuff back.
Any video surveillance system is foiled by a simple mask. Thieves who know to plan a break-in when you're away usually do their homework and come prepared.
This is why I think someone should market a cheap SIGINT tool that collects BT/BTLE/Wi-Fi data from nearby devices.
I've got this setup running on a Raspberry Pi near my front door and it collects all sorts of useful data, even from people walking by on the sidewalk, 30 feet and two walls away.
At some point, I'd love to explore vehicle emissions more, too.
Funny enough a router collecting this data near a busy enough highway can bog itself down by collecting unique Wi-Fi identifiers from all the passing cars' networks, not to mention all the hotspots on passing commuter trains.
It never occurs to router makers a static base could see a million Wi-Fi networks come and go every week.
I am unable to accept that it is fully local, since you have to bind your network to their cloud just to accept the EULA. [0] I have 0% trust that a subsequent unbind truly severs the link, because this is such a shady thing to require in the first place.
I've been so impressed with Ubiquiti that I've decided to target FreeBSD for my current side project. Their camera system is wonderful. Their DreamMachine is a massive upgrade for my home network. Their APs are rock solid, no hassle, just work, and it integrates so well. I have my work / home on different subnets. I have the kids on a different subnet and behind a firewall providing some protection against ads.
The processing can happen within the camera, and it's nice when it does...but that doesn't mean that the only other option is something cloud-based, like some might assume.
Open-source NVR software like Frigate can do things like the object-detection/license plate/face recognition game on local hardware, with the cheapest available IP cameras. It's just a program that runs on a computer with a network and some storage and some processing ability like a GPU.
Those cheap cameras don't have to be trusted; with things like VLANs, they can hang out on the Group W bench where they have no access to anything important or the outside world. :)
(But yeah, it does represent much more of a DIY effort than something from UBNT does.)
I do like the onboard AI, and it works well for entity detection (like people). We haven't found the face detection to be very reliable in outdoor security applications. There doesn't seem to be a way to correct/combine classes if someone's detected as multiple individuals on different occasions, so we end up with the same person detected as 5 "unknown"s. This is not a hard problem to solve. You'd just allow embedding matching to different face groups, but it's annoying as a user.
With face detection? License plates? Tamper protection?
I'm guessing you're thinking Reolink or other Chinese ultra-commodity cam. It's fine, it's just in a different product class and ecosystem - and that's where enterprises fit in, they want that support+ecosystem and not DIYing.
> With face detection? License plates? Tamper protection?
I do that with my Unifi Protect doorbell. RTSP streams. Google Coral. Frigate. Scales very well. Do ML on low quality stream. Look/save the high quality stream. You do it all centralized, and you can put the camera(s) on a seperate VLAN. They don't even need internet access. If you run them over PoE twisted pair, the attacker would need physical access to perform MITM. Wireless, one should assume the camera is insecure (e.g. KRACK).
(not the parent poster, but same setup): Is it better than UI Protect? No, but you can make it about the same.
I have the same popular setup (Frigate) although I just use ONNX on an 11th-gen Intel CPU instead of a Coral (unless you are trying to do something fundamentally goofy like use a Raspberry Pi as an NVR, Coral doesn't really perform better than even a several-generations-old iGPU or iNPU).
This is the typical OSS story: you can duct tape a giant leaning tower of janky stuff (Frigate + go2rtc + HomeAssistant + various connectors + some kind of VPN/proxy solution for away-from-home access) together and get something that's fairly close to the commercial solution, where you click a button. The open source solution is fun and more customizable in highly niche ways (you can bring your own image recognition models and tagging, adjust the resolution and encoding for everything in infinite detail, and so on) and the commercial solution is easy and works. Chose your path.
I will say I've liked the Frigate stack, though. I'm making some recognition tweaks for recognizing animals on my property, the software works well enough, and I do like having a really, truly on-prem solution for this specific thing.
I have rather a lot of Reolinks ... and Frigate on Home Assistant. The cameras are on a VLAN with rather minimal internet access (ie none) I make pool.ntp.org etc resolve to my own NTP servers too.
I think they're definitely not Avigilon, Genetec, Verkada, but we run a few hundred UI cams in some edge areas. It works, esp if you don't demand orchestration.
IME those sub-$100 Chinese IP cameras have you at the mercy of whatever firmware they cut from the master branch the week they shipped it. People don't buy UI because they win on specs-per-dollar. They buy it because they win on results-per-dollar.
ECC support depends on the processors that the NAS uses. A few of their NASes allow you to use ECC memory but you'd need to swap the memory installed to ECC memory. A lot of their systems use Intel cpus that don't support ECC at all so you need to carefully pick and choose.
Some do. I got the TS-873A a few years back, it works. Their software is kind of weird, and I wouldn't connect it to their cloud offering, but it does work.
The stock symbol for Ubiquiti is actually UI, not UBNT. UBNT was the symbol for the old name that hasn't been used since 2019. I have no idea why changing the name also changed the stock symbol, but shrug
Thanks, I think. I usually write UBNT because it's distinct and spelling out "Ubiquiti" hurts my soul in ways that I find difficult to properly articulate.
Ubiquiti's biggest feature is no monthly recurring cost. I really hope they continue the streak on products like this. Seems like anything else bought up these days is switched to an MRR model with no vision into the long term viability.
The founders being the erstwhile Apple routers team, I believe they are playing the Apple game — sell good quality hardware; free the software that runs the hardware.
They've been at this for a while. They do have offerings you subscribe for and pay monthly. They have also consistently offered an option for each of those offerings to bring your own or self host. They've earned my trust.
Recently they removed the option to take certain types of backup locally (for the Network app). Now it only does it to the cloud, for those who allow this. It’s these small things that make me cautiously pessimistic that long term Ubiquity won’t pull the rug from under the customers.
Once you invest thousands in network equipment or cameras you’re less likely to jump ship when they start sneaking things in. And this is long lived equipment, not the kind you anyway replace every couple of years. So that’s a relatively strong lock-in.
They would be shooting themselves in the foot in the long term.
I was surprised to learn that Ubiquiti is a publicly traded company, but also the CEO and founder owns the mass majority of the shares, so he is not beholden by shareholders wanting to enshittify the company for the same of increased stock prices.
Sure. But all you can do, when deciding with whom to do business, is base your decision on what they have already done. It's not viable to refuse to do business with a company on the basis of "they might one day get bought by PE and introduce customer hostile changes".
In my opinion, as long as the majority of their profits come from people continuing to buy the self-host devices, it is fairly unlikely they'll ever stop offering those devices. Why change a working business model?
Yes, subscription models are enticing for that recurring revenue... number must go up, right? /s
If a majority of your sales are not in subscription products though, I think it would be foolish for a business to blow off its own leg trying to chase that particular dragon.
Then again... businesses have made dumber calls in the past out of nowhere...
They can sell subscriptions to people who buy them and allow self contained as possible. For securities sake requiring off-site storage of a security system is a non-starter.
I don't believe this. They've been around since 2003, and the Unifi line started in 2010. If they were going to enshittify it would have happened by now. Cynicism is not always warranted.
If you think that is bad, look into the spacex ipo. That tiny public offering is for stock that can barely vote and cannot bring shareholder actions, making them more NFTs than proper "shares" imho.
> I genuinely curious what bottlenecks you've hit.
1. My UDM Pro absolutely chokes and stalls with intrusion detection enabled on the firewall and 8 cameras connected. Network goes down, cameras disconnect, devices disconnect from Wi-Fi every time a car drives past a camera due to AI features triggering, etc.
For something meant for small businesses I wish they would just shove an Intel i5 or something in it. They make great switches, great APs, great everything else, just too stingy on processors on the few pieces of central equipment that people would actually be willing to spend more on.
And for a $3999 enterprise NAS with dual 25 Gbps SFP ports and 16 drives? It could surely use something more beefy than a Neoverse N2. I'd say an i7 or even i9 is warranted here.
3. The UNAS 8 I don't own but I believe it would struggle with >1Gbps links and encryption enabled
1. Same here - but it's only become a problem as protect has gained features (# of cameras stayed the same). I got a UNVR Instant and all the issues went away (I have been waiting for an updated 1U NVR but still not out yet). It sucks, but otoh protect is light years better than it had been.
I dont mind using ARM for NAS, but (to be fair I have not looked in a while) the issue is they tend to not have many pcie lanes. Looks like the N2 can have up to 64 @pcie5 so if it's built well, I don't think the CPU will be too much of a bottleneck.
Hell I'll put it out there - some company should make a NAS-specific ARM chip line to make lines of way less expensive (well pre the current troubles) base NAS enclosures with lots of NVMe etc.
Unifi docs say that the AI feature run directly on the camera or via optional devices like the AI Port or AI Key. Odd that it impacts your UDM Pro and wifi.
I'm sure even if the camera runs the neural net, the detection itself triggers clips to be stored, re-encoded, indexed, etc. and the UDM Pro's processor is underpowered even for this.
It's even underpowered for streaming -- I found Protect to be extremely laggy, taking often 30+ seconds to open the camera stream when 3-4 stream receivers were connected.
I have a udm se, 10 g3 cams, 4k bullet+ai, door entry + cam +ai, couple of the display viewports running all day and a nano hd access point and symmetric gig with intrusion etc turned on. I also have wireguard users connecting in remotely.
No problems with performance whatsoever at this point.
Ok its not enterprisy its just a small business with 20 people but seems fine to me. I run synology servers.
He did say intrusion detection so that's probably it. That, and if you're using any kind of complicated firewall rules, those aren't HW accelerated like enterprise gear, so throughput tanks.
Basic routing and switching - expect line speed.
Don't expect analysis features to run at line speed - 30-50% penalty could be normal depending on throughput.
Stay away from IPS and complicated firewall rules which usually are done in CPU, and you should be fine. HW acceleration for those (esp. TLS decryption) is a major reason fancy firewalls are very expensive. You're better off building an IDS or picking up a smaller FortiGate or Palo Alto firewall if you really want to get serious there.
The Cloud Key Gen 2 is underpowered depending what you do with it, and it runs hot. UniFi seriously needs to refresh it. (At least it’s better than the Gen 1. The Gen 1 was disastrously bad.)
The ENAS looks like fairly nice hardware. It even has ECC RAM. Not cheap, though.
It says 8 Arm Neoverse N2 cores in the blog post. So not directly ARM Cortex, derived from ARM Cortex-X3 but same family as NVIDIA Grace, Google Axion and AWS Graviton4.
It's based on Neoverse N2 which in our other platforms (e.g., ENVR Core, UDM Beast, EF Core) has contributed to vast improvements in performance versus ARM Cortex.
That’s just patently not true for Ubiquiti. You enter the Enterprise space with them and you are paying monthly. Their very expensive Identity Enterprise monthly per user subscription and their per site support charges to be able to get help with their latest rushed release. Paying extra for Apple wallet support. And you don’t even get complete APIs in return, or proper SCIM integrations. Can’t even pull access logs via API. Infuriating company that just do not function at scale.
The biggest concern about Ubiquiti to me is still its software/infrastructure quality.
Off top of my head, besides all the UI/UX glitches:
- They once allowed a human employee to access static AWS root access key.
- Their employee once claimed "remote access" was end to end encrypted, but later people figured out they probably just meant TLS in transit.
- They had a configuration error that allowed some users to access other users' camera feeds. They corrected the error, but never explained how the hell was it even possible or if they made any architecture design change to prevent that from happening again.
Now, ZFS is nice. But even after years of iterations, I still need to do 50% of my operations via SSH on my Truenas system. I can't imagine Ubiquiti to do any better
First hand experience many times over: there is little more regrettable than placing Ubiquitis latest test-it-in-prod release in to an Enterprise setting.
> "Dual 25 Gigabit SFP28 ports and redundant power supplies for resilience"
Can you actually saturate the links with the spinning drives?
I've had the hardest time making my TrueNAS ZFS server fast when it was filled with HDD spinning disks. I initially also had 12 of them trying to get maximum speed. I have 128GB RAM and a 10G ethernet connection. I tried all types of optimizations like L2ARC via NVMe, etc, and it wasn't very effective and just too much time spent tweaking and testing.
Instead I just threw up my hands and replaced all the spinning disks with NVMe drives for the data I actually shared (8x 4TB NVMe drives.) And now it very usable and no need for LRArc, etc. Random or streaming access is equally fast.
Best choice I made. Now I did do this over a year ago so I skipped the NVMe price inflation.
I still keep 4 spinning disks but it is for archival data that I expect to never access unless something bad happens. It is slow and I use it like a tape drive.
It does have a dual NVMe cache; those in RAID-0 will saturate (e.g. I believe just one Samsung 990 Pro can write at just over 50Gbps).
The bigger risk is the CPU. This is an issue with the Ubiquiti UNAS Pro 8, their ~$800 USD 8 bay NAS. In theory it has 10gig networking. In practice the CPU physically cannot transfer bits fast enough, because its a dinky underpowered ARM CPU that they clearly chose to hit that quite affordable price point. Its a decent trade-off, because similar units from Synology are more like $1600, and you can meaningfully hit somewhere between 2.5gig and 10gig; but saturating 10gig is out of the question.
The ENAS has a beefier CPU so it might keep up with 25gig (could this do 50gig bonded?). But only testing will tell.
You can hit 10 gig aggregate on an A57 quite easily, given standard memory bandwidth (I've done it). They must be doing something stupid on the software side, like too many copies. Or if you're trying to shove 10 gig in one flow at 1500 mtu yeah that might be painful.
I have a backup node with a 40G NIC & a ZFS pool of just 8x HDDs set up as a pool of two RAIDZ1 vdevs striped together (i.e. 4x drives in raidz1-0 & 4x drives in raidz1-1 make up the "backup" pool). Restoring full backup images to another server I usually get ~11-12 Gbps over NFS, no flash cache or anything involved.
Honestly, outside of random access/small file access, my primary NVMe ZFS server isn't all that much faster in raw throughput - despite being 22x NVMe drives going direct to the CPU instead of 8 HDDs going through a SATA controller. I think it's easier to hit other bottlenecks with ZFS/network transfers well before the disk throughput itself. E.g., enabling jumbo frames for NFS did still give me a decent perf/efficiency bonus.
I got a 10G ethernet network card for my NAS only to realize it has to overlap with my modem's supported bandwidths (IIRC 2.5G, 5G).
Knowing nothing about the space, I had assumed it would use max(node1, node2), but instead it negotiated a 1G link. So it was faster to use the mobo's built-in 2.5G port.
I think you're right we only get two SSDs on NVME as the cache, but it looks like we can run the rest (16) as SATA SSDs, which is often fine if you primarily care about random IOPS and capacity over pure throughput.
I did end up ditching the modem since I wrote the article. I ended up using a TP-Link 8411 router though. Having everything TP-Link has its benefits for observability and maintenance.
That's still only 1/3rd of a single U.2 or a 6th or single U.3 drive... and the IOPS over SMB/NFS is significantly lower than a local drive, even with a big ethernet pipe.
> Can you actually saturate the links with the spinning drives?
There can easily be a bottleneck depending on how the setup the sata/sas, but if you can get sustained sequential reads or writes, 16x drives at 6 Gbps sata should be able to saturate 2x 25 Gbps ethernet. The store link shows two expansion ports as well which should help get bandwidth to the point where 25 Gbps is useful.
Less likely with random reads/writes or mixed use.
How did you configure the array? If you did a single RAID-Z2 say then uncached reads are limited about what a single disk will do. Writes should saturate though.
with the zil/slog on nvme yes -- you would want redundant power, UPS and a raid of nvme drives but with all that in place the data would get securely written to flash media before being flushed to spinning rust.
That seems reasonable, I don't buy NAS for datacenters (just run a modest 80tb one for my home lab) but equivalent rackmount 16-bay ones from other vendors would be more expensive (maybe $5k-6k?) and with less polish.
I paid ~$4900 in October 2021 for a TrueNAS MiniXL+ with 8x14TB, 2x480G SSD (L2ARC/ZIL) and 64GB RAM, 2x10Gbps, with 3 year support direct from IxSystems. The CPU is an 8 core Intel(R) Atom(TM) CPU C3758 @ 2.20GHzStill going strong. I had drive failure and they replaced it. I had a fan failure and they replaced the fans. The price of the UI kit in 2026 seems to be reasonable.
That's without storage. They are charging $750 each for 24tb HDD's, so filling it up brings that cost to $16k. Only need to run it for 13+ years and have zero HDD failures in that time, and then pay for all the media you are going to load it up with. Not exactly sure this would be cheaper or easier than just paying for streaming services and cancelling them when you don't need them.
As a Synology owner, I would not recommend anyone to get into Synology at this point after the drive BS they pulled off. I'm planning on building myself a DIY server with Unraid instead.
I’m still on DSM 6, and just added a new unapproved drive, and it was just a click through warning. Is it much worse on the newer DSM versions?
EDIT oof yeah that’s pretty horrible, I take back my Synology recc. Looks like it’s partly model-based restrictions. That’s a shame, they were nice as relatively low maintenance devices.
I was literally looking today to see if there was any news on this, because it’s been widely assumed that they’d release it.
$4000 is… a lot. I can buy a used CSE-846 for about 1/4 of that, an X10–era mobo for a few hundred bucks, and have 1.5x the bays (tbf, also 4U instead of 3U). Managing ZFS is just not that hard; it’s not Ceph. If you want easy mode, throw TrueNAS on it, and you’ll get an awesome UX that abstracts away everything difficult.
If this were < $3000, I’d probably buy it. I’ve been holding off on replacing my two CSE-826 because I’ve been waiting for this to come out. Disappointing.
This is not a homelab replacement part. It’s enterprise with all the positive and negatives that come with that phrase. The second you start talking about old X hardware, it’s a different product class.
For that use case I recommend UNas from ugreen or the minis forum ryzen Ai stuff.
Think about the competitors - they're aiming at the Synology RackStations and similar, which are $3-5k without drives.
The segment UI and Synology are in are 10x more than the minisforum, beelink, qnap, cwwk type devices, but still 1/10 of the price of getting started in enterprise gear from HPe, Dell, Pure, etc.
Is this some xBSD or UniFi OS (debian) with ZFSoL? Can't tell from what they've written. 8C+64GB: enough for essential block+file service, but not for dedup and other demanding ZFS features. Also, doesn't appear the controller is redundant; just the power supplies. iSCSI is headlined; nice they didn't limit this to file. No mention of object store, or NVMe-oF.
Seems like a nice, basic, affordable platform for workgroup/SME stuff. Not NetApp/Pure Storage "enterprise" grade though.
They seem to follow the anti-corruption layer model for most of their offerings, so I would expect they use what ever OS is best supported by the upstream.
It is a large reason they can mitigate vendor risk IMHO, offering different tiers of switches as an example without being held hostage by on particular switch IC vendor like many brands.
I do wish someone would take up comstar though, netapp bought and killed several jbod lines etc… to kill it before Oracle bought Sun and also killed it to protect their enterprise storage offerings.
NVMe-oF may be a possibility because there are FPGA IP vendors but without comstar there are some challenges IMHO.
I always forget that these things aren't for me. My immediate thought is always immediately "just build your own NAS with a vanilla Linux box and set up Samba or something because then you can make it however you want".
But of course, if I'm someone who knows how to build a NAS and is inclined to do such a thing, then I'm sort of inherently not the kind of person that would be interested in such things and not the audience they're marketing towards, which is obviously fine.
I've been a sysadmin for decades, dealt with *nix based servers since the late 90s, yet for the most part I've used devices like Synology servers, simply because I don't want to have to manage technology to that degree at home.
I've built my own NAS when my last synology died, and I'm not sure I'll build one again. I've dealt with all sorts of issues that I just haven't had to deal with with a packaged solution, and I really just want to not think about that stuff when I'm not working.
Yes, I can absolutely do it for cheaper, better, and with more flexibility myself. Doesn't mean I actually want to.
What kind of issues? I just set up a very home tier NAS setup for my home server.
Got a 4 bay usb hard drive enclosure and then just set up a btrfs raid array since my drives are all different speeds and capacities. The thing is only about as fast as a single hard drive but it does pool all the storage in to one unified storage and is way faster than google drive.
> I really just want to not think about that stuff when I'm not working.
This is my exact attitude but I don't have decades of sysadmin experience to lean on so I'm completely lost on what approach to take setting up my first NAS.
My requirements are simple: (1) Should be plug and play (hardware + software) (2) Must support ZFS since I already set up a pool in my beefy desktop PC.
What would you recommend? I've looked into Synology's offerings and they look perfect except for the fact that they don't support ZFS only Btrfs. I clicked into this thread expecting Ubiquiti's offering would be what I want, but all I see here is hardcore enterprise gear for the prosumer crowd.
Companies are also much more inclined to spend money to solve a problem while hobbyists are much more likely to get enjoyment out of the process of building. I'm firmly in the latter category, having built a rather robust ZFS array on NixOS with a pretty gnarly NVMe cache hierarchy built on LVM. It was fun to do.
I don't have the NVMe cache but I too have quite a robost ZFS array on NixOS. I feel less guilty about running it now since it is powered almost exclusively off solar in my backyard :)
This is interesting, I'm not sure I fully understand how this compares to their UNAS offerings. I can't remember off the top of my head if UNAS does m.2 cache drives.
I bought the 8-bay UNAS ($799.00) but have yet to put a drive in it yet since the costs are out of control for hard drives currently. I'm still using my 2x 12-bay Synology for now.
I hope they don't abandon or lose focus of their UNAS offerings (and/or they get better) since I had planned to buy 2-3 more 8-bay UNAS units once I can afford the drives for them.
The price looks kinda rough. I built a server that stomps this for under a grand (vs their 4k). Stronger CPU, likely faster ram, optane zfs cache instead of nvme...
Admittedly my 1 grand is referenced off pre AI insanity pricing. Call it 1.5 today
Point is someone willing to roll the dicey on AMD consumer CPUs doing ECC can beat everything else out there
[for those contemplating...asus crosshair viii dark hero is where you want to start looking ) And reminder that these boards take UDIMMs not RDIMMs...do not assume suppliers understand the difference
Been a long time fan of Ubiquiti, and I think this product will do particularly well in small-medium businesses. Think of the local marketing firm with 40 employees. They likely have an office with Unifi networking, and they LIKELY hire an MSP to do their IT work. An MSP will easily try to sell this as their storage solution since they can manage the infrastructure with one login to the UBNT dashboard.
It's nice that they're doing this, but don't bet the farm on this product until they release a second version. Not saying I've been burned by them pulling a product and then memory-holing its existence, but, um.
i like their gear, I bought a whole bunch, but I couldn't and can't figure out how to give my wife access to their Protect app as well. It's absurd to the point where their MFA sent doesn't work when trying to authorize her - and judging by reddit posts etc I'm not the only one. Such mundane things are where UI falls apart, wrong details. Instead of giving elves resources to pack each individual rackmount screw, if they spent some more time on workflows and software, they'd be a truly great company.
I haven’t encountered this bug, but I have been frustrated that there’s no way to give a babysitter temporary access to the cameras in the kids’ rooms.
I ended up hosting a local site that embeds the RTSP feeds, which works pretty well, but I was surprised that there’s no native way to do it
Synology also don't (didn't?) offer a ZFS product, which is why I bought a QNAP. Restriction-free and ZFS storage. Apparently you can also completely replace the OS if you want, although I haven't tried it.
It's true for HDDs. They don't maintain a list of compatible third-party HDDs, but you use them perfectly fine. No errors, drive health monitoring works, etc.
>Now, with the release of DSM 7.3, Synology has quietly walked the policy back. Third-party hard drives and 2.5-inch SATA SSDs can once again be used without triggering warning messages or reduced functionality. Drives from Seagate, WD, and others will work exactly as they did before—complete with full monitoring, alerts, and storage features.
They still require you to buy their overpriced (even by AI bubble standards) NVMe drives with zero third-party support. There is a project that adds third-party SSD support for newer Synology devices, but you need to redo it every time your NAS updates, so it's very much unsupported. Would definitely not say that they "recanted immediately".
What is the current state of ZFS? I know it had some licensing issues traditionally, despite it being a delight to use every time I've tried it. Is it back?
Never went away, Linux is now the primary target platform for OpenZFS (which is basically synonymous with ZFS these days). TrueNAS/iXSystems (probably the main commercial company using ZFS) moved from FreeBSD to Linux. Major new features like pool expansion have been added after years of requests. Etc., it's a good time for ZFS on Linux.
There ARE licensing issues related to shipping it compiled into the kernel, but you can install it as a kernel module on every mainline distro nowadays which is functionally the same from a user perspective.
ZFS on Linux works great, but with most distributions, it will compile the kernel module on device upon installation. Only Ubuntu distributes binaries.
As a consequence, you don't necessarily want a rolling distro, as the ZFS module can get out of sync with the kernel.
ZFS itself is build for both BSD and Linux from the same source, so there's feature parity there.
I've been using ZFS on linux for like... 14 years now? I've migrated through centos, ubuntu, and debian during that time and the zpools never had any issues that weren't hardware related.
ZFS is my favorite filesystem. I even use it on single drives because its snapshots and online data integrity checking are so great.
I even use it on single spinning rust USB drives. Zero problems.
I am highly interested in this, especially if it works well with Time Machine to do backups over the network. I've got a fully 10GbE + WiFi 7 network w/ Ubiquiti gear already, would love to ditch my janky DIY NAS setup for something that is integrated with the rest and could potentially give me a better backup setup for my photography as well as enough storage to act as a media server.
I have a UNAS-Pro, which runs the same Unifi Drive software as this, and it works great for Time Machine backups. Dead simple.
I also have tons of other Ubiquiti gear, and honestly there's not a ton of synergy between the NAS and everything else. It's a great NAS though. And also, it's only a NAS. It's not an application server like a Synology NAS.
Wireless Time Machine backup works until one day, Time Machine decides to shit the bed. Do not trust it. Invest in a different backup solution if your data is at all important to you. Something like Arq or Backblaze or tarsnap.
I hear this sentiment a lot, but I've not had a problem with Time Machine in years across multiple MacBooks in my household. Backing up to TrueNAS. Unifi networking. It Just Works.
I just checked any my oldest TM backup for the MacBook from which I'm typing is 2023-09-14. This MacBook has a 2 TB SSD and I have the TM volume quota set to 3 TB. TM culls old backups as needed.
The TM GUI is still terrible, but you can use `tmutil listbackups` to easily access backups from the command line.
I've had all manner of issues, backing up via Ethernet and Wifi to FreeNAS and then to Synology. The only backups with Time Machine I had no issue with were to local USB drives.
Time Machine would work and work and work until one day... "Cannot write to your backup" and the whole thing would be corrupt and not even readable.
Flirted with Acronis TrueImage which was worse. Hell, even before catastrophic corruption, attempting to restore a file from a decent size catalog even over 10gbE would generally cause a beachball for minutes and then you had to be very careful to browse exactly to the location and file you wanted to restore (poking around trying to find it would inevitably totally crash the client, and even being careful sometimes would).
I ended up moving to Carbon Copy Cloner to Synology, with the Synology taking a snapshot 10 minutes before CCC starts its nightly run.
A few months in and it has been rock solid. If I want to restore I can just browse the snapshot in Synology and either copy a file directly from the Snapshot browser or mount the entire snapshot as a shared folder.
I use the 3-2-1 strategy for backups. I keep one copy off-site by using cloud backups, currently I primarily use Backblaze for that purpose but am considering alternatives for several reasons. I keep a second copy on an external SSD via Time Machine, and I keep one copy on-device. I'd like to use network Time Machine to get rid of the inconvenience of having a bunch of USB external SSDs floating around, especially since none of them are large enough to backup my entire drive if I get close to filling it.
I appreciate the perspective, I definitely take backups seriously for my photography.
Gives the peace of mind that even when the sparsebundle shits the bed, you can rollback to a suitable snapshot and only lose a small period of backups, rather than having to lose the entire history and start again from scratch.
(I say when, not if, through considerable experience over the last 15 years that it will always, inevitably, shit the bed.)
A 2-drive Synology (e.g. DS225+) in RAID 0 or RAID 1 works fine for this, for 90% less than this beast. Synology documented their optimal settings for Time Machine a couple years ago, too. Hope this is helpful. [1]
Or if you want something from a vendor butting running decade old hardware configs and trying to lock people into their drive ecosystem, UNas or many other options.
I already have a DIY NAS w/ 14x 14TB drives in it running ZFS on FreeBSD. It does not play nicely with Time Machine over the network though, and has some other bugbears that I've resolved to fix by migrating to Linux and running ZFS on Linux, but have never got around to doing.
A 2 drive anything is not replacing my existing NAS + solving my backup use case, although I appreciate the sentiment of saving money.
My experience of Ubiquiti is through their Dream Router 7. What a piece of crap that is. Can't even get good WiFi in adjacent rooms where same ancient Asus router wasn't breaking a sweat. Connection drop outs are a nice bonus. Don't forget booting for ages, fan noise etc.
If other products are so bad like that one, I don't know what is the hype for this company.
Then-still-independent Sun sold storage appliances, and during their development and debugging it was noticed that vibrations effected performance… by yelling at the drives:
Are Ubiquiti products commonplace for companies that contract with the US government outside of the DoD/DoW?
Since DoD/DoW generally requires STIG compliance, and none authored are for any specific Ubiquiti product, we can cross that off the list. Sure they can get exceptions or use a more generalized STIG but stakeholders generally have pre-defined limitations on what they will and will not allow on networks they sponsor.
The Defense Industrial Base is 10s of thousands of companies. May are small businesses. Many need to obtain CMMC Level 2, which has requirements for FIPS certified encryption. Our systems do not directly connect to Government systems and those STIGs may not apply directly. So, could I use Ubiquiti in some places? Maybe, not to store controlled information in this case. I could probably store previously fips encrypted files there. Would I want to use Ubiquiti cloud services? No.
I built a 12-bay NAS recently. I snagged a 5900X/Supermicro server board/128GB DDR4 ECC combo for only $680 on eBay right before memory prices went apeshit. It has IPMI and 2x10g. Suffice to say I belive you can roll your own appliance like this for considerably less money, and have far more control over it. I say this as a Unifi fanboi.
Nice that it's plain OpenZFS, no paid license layer, yay! Ubiquiti sometimes ships v1 hardware and ghosts their own roadmap, but this kinda neuters the downside. If they lose interest, you just pull the disks and zpool import on any box (assuming feature flag parity). That's a saner path than Synology, with their "unauthorized" drive warnings.
I love by Dream Machine Pro. Seems to just work and keep everything up to date. I have it running my security cameras as well and it has been pretty much bullet proof.
What needs do you have for a router that the Cloud Gateway is missing or is bad at? A PiHole equivalent is about all I can think I'm missing.
IPv6 support is basic at best. The zone-based firewall is very prescriptive and limited. ACL stuff is not great. To increase the MTU of the physical interface connected to the ISP I would need to hack a systemd unit that did it on boot (I either need it at 1508 so the PPPoE interface uses 1500, or I need to MSS clamp it and have it effectively reduced to 1492). Initial configuration requires the device to be connected to the Internet.
There were a few other niggles, and in the end I just found it easier to do what I need on OpenWRT.
The MTU thing is a bit bizarre - all connections I've seen on PPPoE in practice (fiber or DSL) used 1492 MTU to fit data into frames (and ISPs configured their routers like that too). What are you trying to hack with this unusual 1508 frame size?
It's not a hack. It's literally having the tunnel at 1500 MTU.
Check my answer to the sibling comment [0]. It's also known as mini jumbo frames, and is documented in RFC4638 [1]. And here's a post [2] talking about using it on OpenReach FTTC, which is similar to my own infrastructure, only I'm FTTP.
PPPoE introduces an 8 byte overhead per packet. The "MTU of the Internet" is 1500, so that's what more or less everything defaults to.
This includes physical NICs on Linux, but the PPPoE interface has to tunnel through one of such physical NICs.
If the physical NIC has an MTU of 1500 (and can't be changed), the PPPoE NIC must do MSS clamping, effectively reducing the MTU from my network to the Internet to 1492. This increases fragmentation and overhead.
If I can increase the physical NIC's MTU to 1508 (and the ISP supports it, which mine does), then the PPPoE tunnel can use the full 1500 when talking to the Internet.
So, it's technically not _required_ but it's an improvement I should be able to implement easily (in OpenWRT I literally type 1508 on the MTU box for the NIC, or issue a single uci command).
+1 for Dream Machine Pro. Own one at home and have stretched them pretty far in SMB environments.
I use it with 8 APs in a mesh and a few switches, all UI, and it just works. I also have a lot of success helping out some local SMBs by setting up UI for them.
I'm slowly in the process of migrating from an EdgeRouter and Edgeswitches (including the 16XG for my SAN backplane) to Unifi. Am comfortable at the command line (and actually just had Claude help me build a bunch of configs and an IaC harness for my whole infrastructure) but the SPOG will be nice - that and Ubiquiti has basically abandoned the Edge* line. This was prompted by not wanting to by having persistent problems with the Cat 6 STP termination and the length of the run between my office and the rack in my garage, and my Mac Studio and Edgeswitch would generally only negotiate at 5gbps and even then be error prone, so I got a Unifi switch with 8 ports and 2 SFP+ and ran fiber to the garage for the uplink, and just a short 10' run between the switch and my studio gave me rock solid 10gig (I just run the controller, for now, on a small VM, with my 2 WAPs, but will go all in when I pull the trigger, though, oof, $2,500 for everything I need).
I went with eero and really wish I'd gone with unifi
Apart from the shitty software and basic features either missing or locked behind a monthly cost, the network itself is not bad at all, I get 600-700mbps on wifi throughout the house and have my servers wired on 2.5gbe
But the one thing I really thought I was buying into by choosing an amazon brand was ease when it came to buying upgrades, and yet I ended up having to buy extra hardware (like the wired gateway) from ebay and sellers in the US as amazon does not sell their own hardware everywhere
I started with Unifi and it's been pretty great overall. I've integrated all the cameras into Home Assistant, it's all local, and can bridge with HomeBridge so it all shows up and plays nicely with HomeKit as well. Rock solid and very few complaints.
I've had standalone routers, Eero Pro, Google Wifi, TP Link Deco, TP Link Omada, and probably some I'm forgetting. They all had something that just enraged me.
I finally bought a Unifi and I'm very happy with it so far, 6 months in. There's a few things I haven't tried, like rebooting it while it doesn't have an internet connection (I'm looking at you, Deco!), but so far my big complaints are that it's opinionated about the initial setup, and setting up a static IP for a device that isn't connected yet is a serious PITA. I had devices on my old system that I didn't want to have to change IPs (because the computers talk to each other) and that was not easy. If I had to do it again, I'd probably just let it do what it wants and deal with changing all those configs to the new IPs.
FWIW, I just have it as a router, and my Wifi is still some of my expensive standalone Asus wifi routers acting as just access points. I didn't see a point in replacing them when they were working great as APs.
Who said it was bad? I thought we were all pretty much in agreement that it was good, and the only thing holding it back from wider adoption into e.g. the Linux kernel was the poison-pill of Oracle's ownership and licensing.
Some years ago, there were mud-slinging myths being thrown around about ZFS.
Things like "ZFS needs 1GB of RAM per 1TB of storage" and "it requires that RAM to be ECC" were once common to find online.
These sort of thing seemed to lead to widespread beliefs that it was inefficient, expensive, and fragile. None of that is true, of course, but folks might remember and believe these myths and conclude that it is (or was) bad.
(But it's pretty excellent. I've been using it for about a decade, now. It'd be nice if it fit into the Linux kernel better, but I manage anyway.)
Yep. They be wrong. Many of the myths about ZFS seem to originate from the TrueNAS forums, and the working assumption is that they're motivated to be this way because they're a bunch of gatekeeping losers.
More RAM is better -- of course it is. Otherwise-unused RAM can gets used for stuff like caching (such as the ZFS arc), and caches are faster than disks. That's good for performance.
But ZFS isn't really any more thirsty in this way than other filesystems are, unless special features -- stuff that many other filesystems lack entirely, like deduplication -- get used.
And these days, dedup can use an SSD instead of RAM for the heavy lifting so that's not a huge concern either. (Not that I'm recommending dedup; it works and it is reliable, but it doesn't fit very many workloads.)
I would absolutely be comfortable running ZFS with 12TB on 6GB. Or 2GB, for that matter. It's fine. Send it.
I've personally done more with less and had excellent results. No regrets.
(There's ways to tune arc performance, too. As an example, I've got a dataset that is full of many terabytes of Linux ISOs. I don't need that data to be cached...like, ever. If it were to be cached, it would just consume resources that would be better spent elsewhere. But I do want it to be indexed quickly. So I set that dataset to primarycache=metadata and that works great for me.)
another thing holding it back is the threat of a lawsuit from Netapp.
source: used to work for a storage vendor that was marketing a NAS based on ZFS and got credible threats from Netapp to the point that we sought a partnership with Oracle that included indemnification under Oracles settlement with Netapp.
I remember all this too. The time period that I was in this scene was AFTER 2010 though so who knows. As mentioned in response to the sibling "credible sources" bro, I was just a lowly support engineer so i had to trust that the CEO wasn't lying to us about all this.
Maybe he was ... they do that sometimes.
I looked around a little. the C&D from Netapp was in ~July 2010 and the partnership and product with Oracle in the Fall (Around the cease fire) and we continued with that (via the Oracle Partnership) through 2011-2015 when the company ran out of cash and laid us all off.
sorry, don't have a link to the CEO telling us that we were signing a partnership with oracle that included the indemnification.
I was just a lowly support engineer so not privy to all the legal details that the executives were dealing with. I too had to just take them at their word.
I'm glad to see UBNT in this space.
I've always used ZFS because it's vastly superior to other options. When I see storage companies building without fault tolerance, or without a merkle tree (so that you can backup deltas efficiently without having to recompute them) it's a sign their marketing team has more influence over the company than their engineers.
Sadly, the few ZFS COTS options have been somewhat underpowered. QNAP supports ZFS filesystems, but their backup configuration won't let you arrange for a nas to pull from the source (instead of the source doing a push.) You can still pull it off by scheduling your own cron job, but this somewhat defeats the purpose of paying extra for a vendor solution.
UBNT is still supporting my 15 year old edgerouters with security updates, and their interface is clean and usable for anyone with basic network experience. And their video surveillance solutions are unusual in that they allow you to keep your footage entirely onsite and offline, an uncommon level of privacy. If they can bring the same polish to their storage solutions, I'll be using these new products for a long time.
The same is true for our AI processing on the cameras. This is entirely local and private. You can even air gap the UniFi Protect system from the Internet and it'll operate fine.
> This is entirely local and private. You can even air gap the UniFi Protect system from the Internet and it'll operate fine.
One week ago 3 guys broke into my shop while I was traveling. They had sense enough to power down the starlink that was providing internet which would have taken out all of the remote camera options.
They did not realize that almost everything they were doing was being recorded via the unifi system. In the end about the only thing of value left in the building was the hard drive with all of their pictures on it.
The police have used the footage to identify all of them and it will be pretty open and shut when they see a court room. Offline and air gapped the whole time they were there but did exactly what it was installed to do.
How did you hide it so that the thieves didn't find it?
A 7U cabinet in an overhead space that is difficult to access. Installation and configuration were a bit of a headache but ended up being worth it. There was a NAS in the office and they stripped 7 drives, sleds and all, out of it.
I'm guessing with such an obvious endpoint for the camera storage it never occurred to anyone there was a second box. I had something like this in mind when I wired the building. It seemed like a good idea to make onsite security footage much harder to find given the cameras were obvious and anyone breaking in would probably look to damage or destroy the system.
I really thought the cameras themselves were the deterrent, but these guys gave it a shot anyway. Cutting the cable to the starlink and walking off with the NAS drives seemed to be the plan.
In the future I'm going to add a local battery backed alarm connected to external siren and strobe that is immediate on opening the office door to draw attention. I was driving down to WWDC when the starlink went offline and saw the notice on my phone but wrote it off to equipment failure which gave them enough time to clean the place out pretty well.
The hole in my strategy was thinking nothing could happen without notification, but being in a car in the middle of Norther CA with spotty cell coverage and lots of distractions blew that up pretty hard. I'm also thinking one of ubiquiti's cellular backups is in my future. Starlink offline is annoying but not the attention grabber that a still of a guy walking in the door would have been. Cellular backup would have gotten me that.
I have found that the fog generating alarm systems are the ones that will stop burglars in their tracks.
If they can't see, they're not going to hang about and if they've tooled up with NV then that's a whole different threat model.
> In the future I'm going to add a local battery backed alarm
Wait, you have an office full of expensive equipment but decided to half-ass DIY the security? No wonder you were targeted.
A proper monitored alarm system would have prevented this. They pretty much all have built-in cellular backup now. Do yourself a favor next time and call a professional.
Don't blow your entire budget on cameras then wonder if you need an alarm system because the only good the cameras will serve is to watch your stuff disappear. You mentioned California so expect these guys to be roaming free in short order if they see any jail time at all. Good luck with seeing any restitution or getting your stuff back.
Any video surveillance system is foiled by a simple mask. Thieves who know to plan a break-in when you're away usually do their homework and come prepared.
This is why I think someone should market a cheap SIGINT tool that collects BT/BTLE/Wi-Fi data from nearby devices.
I've got this setup running on a Raspberry Pi near my front door and it collects all sorts of useful data, even from people walking by on the sidewalk, 30 feet and two walls away.
At some point, I'd love to explore vehicle emissions more, too.
Funny enough a router collecting this data near a busy enough highway can bog itself down by collecting unique Wi-Fi identifiers from all the passing cars' networks, not to mention all the hotspots on passing commuter trains.
It never occurs to router makers a static base could see a million Wi-Fi networks come and go every week.
No prosecutor is going to waste their time trying to convict someone based on metadata. Even video is often insufficient for a conviction.
I am unable to accept that it is fully local, since you have to bind your network to their cloud just to accept the EULA. [0] I have 0% trust that a subsequent unbind truly severs the link, because this is such a shady thing to require in the first place.
[0] https://community.ui.com/questions/e3d50641-5c00-4607-9723-4...
I've been so impressed with Ubiquiti that I've decided to target FreeBSD for my current side project. Their camera system is wonderful. Their DreamMachine is a massive upgrade for my home network. Their APs are rock solid, no hassle, just work, and it integrates so well. I have my work / home on different subnets. I have the kids on a different subnet and behind a firewall providing some protection against ads.
Very happy customer here.
>I've been so impressed with Ubiquiti that I've decided to target FreeBSD for my current side project.
As much as I wish Ubnt are using BSD in their product, which they are not. I am understanding how FreeBSD relates here.
An assumption, I made. Failed, it was.
The processing can happen within the camera, and it's nice when it does...but that doesn't mean that the only other option is something cloud-based, like some might assume.
Open-source NVR software like Frigate can do things like the object-detection/license plate/face recognition game on local hardware, with the cheapest available IP cameras. It's just a program that runs on a computer with a network and some storage and some processing ability like a GPU.
Those cheap cameras don't have to be trusted; with things like VLANs, they can hang out on the Group W bench where they have no access to anything important or the outside world. :)
(But yeah, it does represent much more of a DIY effort than something from UBNT does.)
Any way to get Protect iOS notifications if using local mode only? Eg, using local local login but away from home.
I do like the onboard AI, and it works well for entity detection (like people). We haven't found the face detection to be very reliable in outdoor security applications. There doesn't seem to be a way to correct/combine classes if someone's detected as multiple individuals on different occasions, so we end up with the same person detected as 5 "unknown"s. This is not a hard problem to solve. You'd just allow embedding matching to different face groups, but it's annoying as a user.
The cost is just insane though. $4-$500 for a camera that I can get equivalent specs for $50-100.
With face detection? License plates? Tamper protection?
I'm guessing you're thinking Reolink or other Chinese ultra-commodity cam. It's fine, it's just in a different product class and ecosystem - and that's where enterprises fit in, they want that support+ecosystem and not DIYing.
Reolink CX820 8MP $129 https://reolink.com/product/cx820/
Unifi G6 8MP ~$300 https://techspecs.ui.com/unifi/physical-security/uvc-g6-dome...
Avigilon H6A 8MP ~$1200 https://www.avigilon.com/security-cameras/h6a-dome
> With face detection? License plates? Tamper protection?
I do that with my Unifi Protect doorbell. RTSP streams. Google Coral. Frigate. Scales very well. Do ML on low quality stream. Look/save the high quality stream. You do it all centralized, and you can put the camera(s) on a seperate VLAN. They don't even need internet access. If you run them over PoE twisted pair, the attacker would need physical access to perform MITM. Wireless, one should assume the camera is insecure (e.g. KRACK).
Wow, that's cool, learned something new today. Does that work better in your estimation than the UI Protect software?
The purpose of my comment had only been pointing out those features don't come onboard a $100 cam.
(not the parent poster, but same setup): Is it better than UI Protect? No, but you can make it about the same.
I have the same popular setup (Frigate) although I just use ONNX on an 11th-gen Intel CPU instead of a Coral (unless you are trying to do something fundamentally goofy like use a Raspberry Pi as an NVR, Coral doesn't really perform better than even a several-generations-old iGPU or iNPU).
This is the typical OSS story: you can duct tape a giant leaning tower of janky stuff (Frigate + go2rtc + HomeAssistant + various connectors + some kind of VPN/proxy solution for away-from-home access) together and get something that's fairly close to the commercial solution, where you click a button. The open source solution is fun and more customizable in highly niche ways (you can bring your own image recognition models and tagging, adjust the resolution and encoding for everything in infinite detail, and so on) and the commercial solution is easy and works. Chose your path.
I will say I've liked the Frigate stack, though. I'm making some recognition tweaks for recognizing animals on my property, the software works well enough, and I do like having a really, truly on-prem solution for this specific thing.
I have rather a lot of Reolinks ... and Frigate on Home Assistant. The cameras are on a VLAN with rather minimal internet access (ie none) I make pool.ntp.org etc resolve to my own NTP servers too.
I never really thought of Ubiquity as enterprise always felt more of the premium small to mid sized business but I am sure some enterprises use them.
The new enterprise NVRs work pretty well.
I think they're definitely not Avigilon, Genetec, Verkada, but we run a few hundred UI cams in some edge areas. It works, esp if you don't demand orchestration.
IME those sub-$100 Chinese IP cameras have you at the mercy of whatever firmware they cut from the master branch the week they shipped it. People don't buy UI because they win on specs-per-dollar. They buy it because they win on results-per-dollar.
They're not all $500, some are $150-300. Overall price comparable to Honeywell, but more than, say, Lorex.
All the basic G6 cameras are in the $200 range and have edge compute?
What's the comparison at $50-100?
Can I use it without running some inane management VM?
The UDM runs mine, but prior to that I ran a Docker container with it. It worked well.
https://hub.docker.com/r/linuxserver/unifi-controller
You can't run UniFi Protect like this, only the network controller
Genuine question, if you're running unifi, why don't you want the management vm? Synology makes a decent NAS without the controller.
Synology hardware stopped being decent a while ago.
Plus their drive type restrictions which are poison in a cost-sensitive NAS.
(Seemingly rolled back recently, but a roll back can be easily rolled back itself. I don't trust them enough to count on that not happening.)
I like the hardware, cannot stand needing to run another machine just for management.
If you get one of the Cloud devices, you won't need to, as they bring their own.
> QNAP supports ZFS filesystems
Do they have ecc on those models? Do you have an example model on hand?
ECC support depends on the processors that the NAS uses. A few of their NASes allow you to use ECC memory but you'd need to swap the memory installed to ECC memory. A lot of their systems use Intel cpus that don't support ECC at all so you need to carefully pick and choose.
Some do. I got the TS-873A a few years back, it works. Their software is kind of weird, and I wouldn't connect it to their cloud offering, but it does work.
What's UBNT?
Stock symbol for Ubquiti, the company being discussed.
The stock symbol for Ubiquiti is actually UI, not UBNT. UBNT was the symbol for the old name that hasn't been used since 2019. I have no idea why changing the name also changed the stock symbol, but shrug
Shorter tickers are considered more valuable, because they are easier to say, type and remember.
A is for Agilent. C is for Citigroup. T for AT&T, the Telephone Company.
Thanks, I think. I usually write UBNT because it's distinct and spelling out "Ubiquiti" hurts my soul in ways that I find difficult to properly articulate.
But UI just seems so ambiguous. :)
Thanks. I wish people could just say the company name instead of using random aliases, but I guess it's some sort of cultural thing.
Ubiquity Networks Inc.
Ubiquiti's biggest feature is no monthly recurring cost. I really hope they continue the streak on products like this. Seems like anything else bought up these days is switched to an MRR model with no vision into the long term viability.
The founders being the erstwhile Apple routers team, I believe they are playing the Apple game — sell good quality hardware; free the software that runs the hardware.
*yet
They will at some point just cash out.
They've been at this for a while. They do have offerings you subscribe for and pay monthly. They have also consistently offered an option for each of those offerings to bring your own or self host. They've earned my trust.
>>they’ve earned my trust
Boy I hope Broadcom didn’t hear that…
Recently they removed the option to take certain types of backup locally (for the Network app). Now it only does it to the cloud, for those who allow this. It’s these small things that make me cautiously pessimistic that long term Ubiquity won’t pull the rug from under the customers.
Once you invest thousands in network equipment or cameras you’re less likely to jump ship when they start sneaking things in. And this is long lived equipment, not the kind you anyway replace every couple of years. So that’s a relatively strong lock-in.
They would be shooting themselves in the foot in the long term. I was surprised to learn that Ubiquiti is a publicly traded company, but also the CEO and founder owns the mass majority of the shares, so he is not beholden by shareholders wanting to enshittify the company for the same of increased stock prices.
Anything can be sold to PE.
Sure. But all you can do, when deciding with whom to do business, is base your decision on what they have already done. It's not viable to refuse to do business with a company on the basis of "they might one day get bought by PE and introduce customer hostile changes".
I mean, in the NAS space with a plethora of open source alternatives, that is a viable stance.
Yeah actually, there are tons of PE-proof ways to go about building a NAS.
My "NAS" is a NUC with a couple drives plugged into it using a USB DAS. apt install zfs samba, and away you go.
I tend to agree with you.
In my opinion, as long as the majority of their profits come from people continuing to buy the self-host devices, it is fairly unlikely they'll ever stop offering those devices. Why change a working business model?
Yes, subscription models are enticing for that recurring revenue... number must go up, right? /s
If a majority of your sales are not in subscription products though, I think it would be foolish for a business to blow off its own leg trying to chase that particular dragon.
Then again... businesses have made dumber calls in the past out of nowhere...
They can sell subscriptions to people who buy them and allow self contained as possible. For securities sake requiring off-site storage of a security system is a non-starter.
I don't believe this. They've been around since 2003, and the Unifi line started in 2010. If they were going to enshittify it would have happened by now. Cynicism is not always warranted.
They are already a public company.
93% owned by the founder.
I had to fact check this. Turns out it is true. I was not aware on US stock exchange you can have a public company with less than 10% public float.
This also makes the founder net worth of around $33B.
If you think that is bad, look into the spacex ipo. That tiny public offering is for stock that can barely vote and cannot bring shareholder actions, making them more NFTs than proper "shares" imho.
You can take a public company private and then run it to the ground. See also: Twitter.
How does that work now they are a subsidiary of SpaceX?
Does that make the rotting corpse of Twitter public again?
Yes. Although the amount of SpaceX stock that's available for public is fairly little.
And those classes available for the public has less voting rights than Elons stock so even worse.
I just wish they would put better processors in their stuff. Is this yet another NAS powered by an ARM Cortex?
I have heard others say the same as you about Ubiquiti devices. I genuinely curious what bottlenecks you've hit.
I've only been using Ubiquiti as a pro-sumer, but it has held up well for my use case of Plex and little game servers.
I use a Synology NAS for my storage though, which is a slightly beefier mobile AMD chipset.
I'd be very interested to know what I should and shouldn't expect from my ARM based network stack though!
> I genuinely curious what bottlenecks you've hit.
1. My UDM Pro absolutely chokes and stalls with intrusion detection enabled on the firewall and 8 cameras connected. Network goes down, cameras disconnect, devices disconnect from Wi-Fi every time a car drives past a camera due to AI features triggering, etc.
For something meant for small businesses I wish they would just shove an Intel i5 or something in it. They make great switches, great APs, great everything else, just too stingy on processors on the few pieces of central equipment that people would actually be willing to spend more on.
And for a $3999 enterprise NAS with dual 25 Gbps SFP ports and 16 drives? It could surely use something more beefy than a Neoverse N2. I'd say an i7 or even i9 is warranted here.
3. The UNAS 8 I don't own but I believe it would struggle with >1Gbps links and encryption enabled
1. Same here - but it's only become a problem as protect has gained features (# of cameras stayed the same). I got a UNVR Instant and all the issues went away (I have been waiting for an updated 1U NVR but still not out yet). It sucks, but otoh protect is light years better than it had been.
I dont mind using ARM for NAS, but (to be fair I have not looked in a while) the issue is they tend to not have many pcie lanes. Looks like the N2 can have up to 64 @pcie5 so if it's built well, I don't think the CPU will be too much of a bottleneck.
Hell I'll put it out there - some company should make a NAS-specific ARM chip line to make lines of way less expensive (well pre the current troubles) base NAS enclosures with lots of NVMe etc.
Yeah mine solved once I got a UNVR as well but I would have rather paid for a better processor in the UDM Pro and not needed to buy a separate UNVR.
Unifi docs say that the AI feature run directly on the camera or via optional devices like the AI Port or AI Key. Odd that it impacts your UDM Pro and wifi.
I'm sure even if the camera runs the neural net, the detection itself triggers clips to be stored, re-encoded, indexed, etc. and the UDM Pro's processor is underpowered even for this.
It's even underpowered for streaming -- I found Protect to be extremely laggy, taking often 30+ seconds to open the camera stream when 3-4 stream receivers were connected.
Yeah . Sounds like horseshit to me to be frank.
I have a udm se, 10 g3 cams, 4k bullet+ai, door entry + cam +ai, couple of the display viewports running all day and a nano hd access point and symmetric gig with intrusion etc turned on. I also have wireguard users connecting in remotely.
No problems with performance whatsoever at this point.
Ok its not enterprisy its just a small business with 20 people but seems fine to me. I run synology servers.
He did say intrusion detection so that's probably it. That, and if you're using any kind of complicated firewall rules, those aren't HW accelerated like enterprise gear, so throughput tanks.
This is worse with the older devices.
For example: https://www.youtube.com/watch?v=p4yKf044meY
https://community.ui.com/questions/UniFi-Gateway-Intrusion-D...
Turn off the intrusion detection and your throughput should be significantly better.
Basic routing and switching - expect line speed. Don't expect analysis features to run at line speed - 30-50% penalty could be normal depending on throughput.
Stay away from IPS and complicated firewall rules which usually are done in CPU, and you should be fine. HW acceleration for those (esp. TLS decryption) is a major reason fancy firewalls are very expensive. You're better off building an IDS or picking up a smaller FortiGate or Palo Alto firewall if you really want to get serious there.
The Cloud Key Gen 2 is underpowered depending what you do with it, and it runs hot. UniFi seriously needs to refresh it. (At least it’s better than the Gen 1. The Gen 1 was disastrously bad.)
The ENAS looks like fairly nice hardware. It even has ECC RAM. Not cheap, though.
It says 8 Arm Neoverse N2 cores in the blog post. So not directly ARM Cortex, derived from ARM Cortex-X3 but same family as NVIDIA Grace, Google Axion and AWS Graviton4.
It's based on Neoverse N2 which in our other platforms (e.g., ENVR Core, UDM Beast, EF Core) has contributed to vast improvements in performance versus ARM Cortex.
That’s just patently not true for Ubiquiti. You enter the Enterprise space with them and you are paying monthly. Their very expensive Identity Enterprise monthly per user subscription and their per site support charges to be able to get help with their latest rushed release. Paying extra for Apple wallet support. And you don’t even get complete APIs in return, or proper SCIM integrations. Can’t even pull access logs via API. Infuriating company that just do not function at scale.
The biggest concern about Ubiquiti to me is still its software/infrastructure quality.
Off top of my head, besides all the UI/UX glitches:
- They once allowed a human employee to access static AWS root access key.
- Their employee once claimed "remote access" was end to end encrypted, but later people figured out they probably just meant TLS in transit.
- They had a configuration error that allowed some users to access other users' camera feeds. They corrected the error, but never explained how the hell was it even possible or if they made any architecture design change to prevent that from happening again.
Now, ZFS is nice. But even after years of iterations, I still need to do 50% of my operations via SSH on my Truenas system. I can't imagine Ubiquiti to do any better
“Enterprise”
First hand experience many times over: there is little more regrettable than placing Ubiquitis latest test-it-in-prod release in to an Enterprise setting.
UI is so overrated.
> "Dual 25 Gigabit SFP28 ports and redundant power supplies for resilience"
Can you actually saturate the links with the spinning drives?
I've had the hardest time making my TrueNAS ZFS server fast when it was filled with HDD spinning disks. I initially also had 12 of them trying to get maximum speed. I have 128GB RAM and a 10G ethernet connection. I tried all types of optimizations like L2ARC via NVMe, etc, and it wasn't very effective and just too much time spent tweaking and testing.
Instead I just threw up my hands and replaced all the spinning disks with NVMe drives for the data I actually shared (8x 4TB NVMe drives.) And now it very usable and no need for LRArc, etc. Random or streaming access is equally fast.
Best choice I made. Now I did do this over a year ago so I skipped the NVMe price inflation.
I still keep 4 spinning disks but it is for archival data that I expect to never access unless something bad happens. It is slow and I use it like a tape drive.
It does have a dual NVMe cache; those in RAID-0 will saturate (e.g. I believe just one Samsung 990 Pro can write at just over 50Gbps).
The bigger risk is the CPU. This is an issue with the Ubiquiti UNAS Pro 8, their ~$800 USD 8 bay NAS. In theory it has 10gig networking. In practice the CPU physically cannot transfer bits fast enough, because its a dinky underpowered ARM CPU that they clearly chose to hit that quite affordable price point. Its a decent trade-off, because similar units from Synology are more like $1600, and you can meaningfully hit somewhere between 2.5gig and 10gig; but saturating 10gig is out of the question.
The ENAS has a beefier CPU so it might keep up with 25gig (could this do 50gig bonded?). But only testing will tell.
You can hit 10 gig aggregate on an A57 quite easily, given standard memory bandwidth (I've done it). They must be doing something stupid on the software side, like too many copies. Or if you're trying to shove 10 gig in one flow at 1500 mtu yeah that might be painful.
I have a backup node with a 40G NIC & a ZFS pool of just 8x HDDs set up as a pool of two RAIDZ1 vdevs striped together (i.e. 4x drives in raidz1-0 & 4x drives in raidz1-1 make up the "backup" pool). Restoring full backup images to another server I usually get ~11-12 Gbps over NFS, no flash cache or anything involved.
Honestly, outside of random access/small file access, my primary NVMe ZFS server isn't all that much faster in raw throughput - despite being 22x NVMe drives going direct to the CPU instead of 8 HDDs going through a SATA controller. I think it's easier to hit other bottlenecks with ZFS/network transfers well before the disk throughput itself. E.g., enabling jumbo frames for NFS did still give me a decent perf/efficiency bonus.
Made me think of this:
I got a 10G ethernet network card for my NAS only to realize it has to overlap with my modem's supported bandwidths (IIRC 2.5G, 5G).
Knowing nothing about the space, I had assumed it would use max(node1, node2), but instead it negotiated a 1G link. So it was faster to use the mobo's built-in 2.5G port.
The 2.5g/5g 'multigig' standard came out a million years after 10g-baseT. Cheap ex-enterprise 10g cards don't know how to do the middle speeds.
You can fill it with SSDs, and SFP28 is so common the prices are cheap:
https://www.fs.com/c/25g-sfp28-3215
But no, spinning disks won't saturate it, even if you were doing 100% sequential reads.
(I originally said fill it with NVMe - I was wrong)
It looks like you can put 2 nvme drives in it, for caching.
While that's the ARC, I would be surprised if they blocked you from building vdevs with SSDs.
Looking at the specs: https://store.ui.com/us/en/category/network-storage/products...
Hard Drive Capacity
(16) 2.5/3.5" HDD / SSD support
(2) M.2 NVMe SSD support
(2) Expansion ports support
I think you're right we only get two SSDs on NVME as the cache, but it looks like we can run the rest (16) as SATA SSDs, which is often fine if you primarily care about random IOPS and capacity over pure throughput.
Would you consider that a dealbreaker?
No I think it's perfectly fine, if I'm accessing files over a network I don't expect them to be blazing fast anyway.
FYI: you should upgrade to 10gbe if your network is slow. It isn't that expensive these days: https://ben3d.ca/blog/home-network-lessons
Not sure if you've looked into this but you can ditch Bell's router with one of these:
https://store.10gtek.com/1-25g-media-converter-sfp-slot-with...
Or a non-copper equivalent in your case. You just need to use the VLAN IDs that Bell expects, see https://www.reddit.com/r/bell/s/uUltTdyqFC
I did end up ditching the modem since I wrote the article. I ended up using a TP-Link 8411 router though. Having everything TP-Link has its benefits for observability and maintenance.
That's still only 1/3rd of a single U.2 or a 6th or single U.3 drive... and the IOPS over SMB/NFS is significantly lower than a local drive, even with a big ethernet pipe.
> Can you actually saturate the links with the spinning drives?
There can easily be a bottleneck depending on how the setup the sata/sas, but if you can get sustained sequential reads or writes, 16x drives at 6 Gbps sata should be able to saturate 2x 25 Gbps ethernet. The store link shows two expansion ports as well which should help get bandwidth to the point where 25 Gbps is useful.
Less likely with random reads/writes or mixed use.
I must have had a bottle neck somewhere.
How did you configure the array? If you did a single RAID-Z2 say then uncached reads are limited about what a single disk will do. Writes should saturate though.
https://arstechnica.com/gadgets/2020/05/zfs-versus-raid-eigh...
with the zil/slog on nvme yes -- you would want redundant power, UPS and a raid of nvme drives but with all that in place the data would get securely written to flash media before being flushed to spinning rust.
Store page: https://store.ui.com/us/en/category/network-storage/products...
$3999
That seems reasonable, I don't buy NAS for datacenters (just run a modest 80tb one for my home lab) but equivalent rackmount 16-bay ones from other vendors would be more expensive (maybe $5k-6k?) and with less polish.
I paid ~$4900 in October 2021 for a TrueNAS MiniXL+ with 8x14TB, 2x480G SSD (L2ARC/ZIL) and 64GB RAM, 2x10Gbps, with 3 year support direct from IxSystems. The CPU is an 8 core Intel(R) Atom(TM) CPU C3758 @ 2.20GHzStill going strong. I had drive failure and they replaced it. I had a fan failure and they replaced the fans. The price of the UI kit in 2026 seems to be reasonable.
Yeah, I'd certainly take it over this:
https://www.bhphotovideo.com/c/product/1618911-REG/synology_...
> a modest 80tb one for my home lab
I laughed.
Pays for itself in ~40 months of not paying $100/month for streaming services.
Edit: Drives are not included :(
That's without storage. They are charging $750 each for 24tb HDD's, so filling it up brings that cost to $16k. Only need to run it for 13+ years and have zero HDD failures in that time, and then pay for all the media you are going to load it up with. Not exactly sure this would be cheaper or easier than just paying for streaming services and cancelling them when you don't need them.
You don't have to buy from them, you can get third party hard drives. Although those are expensive too
Yeah, not dramatically cheaper.
Yes piracy costs less than paying for content. You could also just use a standard usb HDD to torrent to, or even stream torrents for free.
A more fair comparison is this nas vs another brands nas. Or compared to S3 if you just need a place to dump files.
The drives are the expensive part, though - 16x24TB HDDs adds another $11k.
(Not that you need that much for canceling streaming, I’d get a home Synology or diy TrueNAS for that anyway)
As a Synology owner, I would not recommend anyone to get into Synology at this point after the drive BS they pulled off. I'm planning on building myself a DIY server with Unraid instead.
I’m still on DSM 6, and just added a new unapproved drive, and it was just a click through warning. Is it much worse on the newer DSM versions?
EDIT oof yeah that’s pretty horrible, I take back my Synology recc. Looks like it’s partly model-based restrictions. That’s a shame, they were nice as relatively low maintenance devices.
I was literally looking today to see if there was any news on this, because it’s been widely assumed that they’d release it.
$4000 is… a lot. I can buy a used CSE-846 for about 1/4 of that, an X10–era mobo for a few hundred bucks, and have 1.5x the bays (tbf, also 4U instead of 3U). Managing ZFS is just not that hard; it’s not Ceph. If you want easy mode, throw TrueNAS on it, and you’ll get an awesome UX that abstracts away everything difficult.
If this were < $3000, I’d probably buy it. I’ve been holding off on replacing my two CSE-826 because I’ve been waiting for this to come out. Disappointing.
This is not a homelab replacement part. It’s enterprise with all the positive and negatives that come with that phrase. The second you start talking about old X hardware, it’s a different product class.
For that use case I recommend UNas from ugreen or the minis forum ryzen Ai stuff.
Think about the competitors - they're aiming at the Synology RackStations and similar, which are $3-5k without drives.
The segment UI and Synology are in are 10x more than the minisforum, beelink, qnap, cwwk type devices, but still 1/10 of the price of getting started in enterprise gear from HPe, Dell, Pure, etc.
I recently bought a used Dell R240 and 4x 20TB for less than this. From TechmikeNY if anyone's interested.
Is this some xBSD or UniFi OS (debian) with ZFSoL? Can't tell from what they've written. 8C+64GB: enough for essential block+file service, but not for dedup and other demanding ZFS features. Also, doesn't appear the controller is redundant; just the power supplies. iSCSI is headlined; nice they didn't limit this to file. No mention of object store, or NVMe-oF.
Seems like a nice, basic, affordable platform for workgroup/SME stuff. Not NetApp/Pure Storage "enterprise" grade though.
They seem to follow the anti-corruption layer model for most of their offerings, so I would expect they use what ever OS is best supported by the upstream.
It is a large reason they can mitigate vendor risk IMHO, offering different tiers of switches as an example without being held hostage by on particular switch IC vendor like many brands.
I do wish someone would take up comstar though, netapp bought and killed several jbod lines etc… to kill it before Oracle bought Sun and also killed it to protect their enterprise storage offerings.
NVMe-oF may be a possibility because there are FPGA IP vendors but without comstar there are some challenges IMHO.
Their other UNAS devices are based on debian11. I'm curious what the bootdrive on the ENAS runs since ZFS is dkms on debian
Could be Linux as well since ZFS on Linux is pretty good now. It would fit in with their other devices which are also Linux based AFAIK.
I always forget that these things aren't for me. My immediate thought is always immediately "just build your own NAS with a vanilla Linux box and set up Samba or something because then you can make it however you want".
But of course, if I'm someone who knows how to build a NAS and is inclined to do such a thing, then I'm sort of inherently not the kind of person that would be interested in such things and not the audience they're marketing towards, which is obviously fine.
I've been a sysadmin for decades, dealt with *nix based servers since the late 90s, yet for the most part I've used devices like Synology servers, simply because I don't want to have to manage technology to that degree at home.
I've built my own NAS when my last synology died, and I'm not sure I'll build one again. I've dealt with all sorts of issues that I just haven't had to deal with with a packaged solution, and I really just want to not think about that stuff when I'm not working.
Yes, I can absolutely do it for cheaper, better, and with more flexibility myself. Doesn't mean I actually want to.
What kind of issues? I just set up a very home tier NAS setup for my home server.
Got a 4 bay usb hard drive enclosure and then just set up a btrfs raid array since my drives are all different speeds and capacities. The thing is only about as fast as a single hard drive but it does pool all the storage in to one unified storage and is way faster than google drive.
> I really just want to not think about that stuff when I'm not working.
This is my exact attitude but I don't have decades of sysadmin experience to lean on so I'm completely lost on what approach to take setting up my first NAS.
My requirements are simple: (1) Should be plug and play (hardware + software) (2) Must support ZFS since I already set up a pool in my beefy desktop PC.
What would you recommend? I've looked into Synology's offerings and they look perfect except for the fact that they don't support ZFS only Btrfs. I clicked into this thread expecting Ubiquiti's offering would be what I want, but all I see here is hardcore enterprise gear for the prosumer crowd.
Companies are also much more inclined to spend money to solve a problem while hobbyists are much more likely to get enjoyment out of the process of building. I'm firmly in the latter category, having built a rather robust ZFS array on NixOS with a pretty gnarly NVMe cache hierarchy built on LVM. It was fun to do.
I don't have the NVMe cache but I too have quite a robost ZFS array on NixOS. I feel less guilty about running it now since it is powered almost exclusively off solar in my backyard :)
This is interesting, I'm not sure I fully understand how this compares to their UNAS offerings. I can't remember off the top of my head if UNAS does m.2 cache drives.
I bought the 8-bay UNAS ($799.00) but have yet to put a drive in it yet since the costs are out of control for hard drives currently. I'm still using my 2x 12-bay Synology for now.
I hope they don't abandon or lose focus of their UNAS offerings (and/or they get better) since I had planned to buy 2-3 more 8-bay UNAS units once I can afford the drives for them.
The price looks kinda rough. I built a server that stomps this for under a grand (vs their 4k). Stronger CPU, likely faster ram, optane zfs cache instead of nvme...
Admittedly my 1 grand is referenced off pre AI insanity pricing. Call it 1.5 today
Point is someone willing to roll the dicey on AMD consumer CPUs doing ECC can beat everything else out there
[for those contemplating...asus crosshair viii dark hero is where you want to start looking ) And reminder that these boards take UDIMMs not RDIMMs...do not assume suppliers understand the difference
Been a long time fan of Ubiquiti, and I think this product will do particularly well in small-medium businesses. Think of the local marketing firm with 40 employees. They likely have an office with Unifi networking, and they LIKELY hire an MSP to do their IT work. An MSP will easily try to sell this as their storage solution since they can manage the infrastructure with one login to the UBNT dashboard.
Ubiquiti is an interesting company. It seems to be well-managed
https://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffe...
https://krebsonsecurity.com/2015/06/crooks-use-hacked-router...
https://www.bankinfosecurity.com/ubiquiti-insider-hacker-sen...
https://www.theverge.com/2021/3/31/22360409/ubiquiti-network...
https://www.bankinfosecurity.com/ubiquiti-insider-hacker-sen...
https://www.theregister.com/security/2022/03/30/ubiquiti-sue...
In the case of the fake whistleblower, it sued a journalist for defamation but its counsel could not spell the word "damning"
Was it meritless. Would it have been dismissed for failure to state a claim
If yes, this might explain why Ubiquiti agreed to a stipulated dismissal
https://dn721900.ca.archive.org/0/items/gov.uscourts.vaed.52...
It's nice that they're doing this, but don't bet the farm on this product until they release a second version. Not saying I've been burned by them pulling a product and then memory-holing its existence, but, um.
To be that person, trusting a vendor for an out-the-door NAS is nice from a usability perspective, but also:
https://www.ui.com/legal/privacypolicy/
i like their gear, I bought a whole bunch, but I couldn't and can't figure out how to give my wife access to their Protect app as well. It's absurd to the point where their MFA sent doesn't work when trying to authorize her - and judging by reddit posts etc I'm not the only one. Such mundane things are where UI falls apart, wrong details. Instead of giving elves resources to pack each individual rackmount screw, if they spent some more time on workflows and software, they'd be a truly great company.
I created a user for my wife, set up the Protect App on her phone and she has the same access to the cameras as me.
I haven’t encountered this bug, but I have been frustrated that there’s no way to give a babysitter temporary access to the cameras in the kids’ rooms.
I ended up hosting a local site that embeds the RTSP feeds, which works pretty well, but I was surprised that there’s no native way to do it
I really want a object store in my storage appliance :(
Would be nice to have a CSI, but I can probably just use democratic-csi like I already do on my homemade ZFS based storage appliance.
> with ... no firmware restrictions on drive models, organizations can scale capacity without being restricted by proprietary hardware ecosystems.
This looks like a dig at Synology, who do this.
Synology also don't (didn't?) offer a ZFS product, which is why I bought a QNAP. Restriction-free and ZFS storage. Apparently you can also completely replace the OS if you want, although I haven't tried it.
They did it for a very short time. The community backlash was so bad that they recanted immediately.
I'm not at all surprised that Ubiquiti is getting ahead of that and promising it from the start.
Kinda, NVME devices still need to be on their HCL and are priced about what you would expect.
Not immediately, it took about half a year of watching sales numbers drop, and they still have restrictions.
> Synology recanted immediately
Is that correct? Looking at a common flagship model, the 4-Bay DS925+
and then the "Compatibility list" here https://www.synology.com/en-global/compatibility?search_by=d...
I see only Synology branded drives.
Synology do not make their own hard drives. They are rebadged.
It's true for HDDs. They don't maintain a list of compatible third-party HDDs, but you use them perfectly fine. No errors, drive health monitoring works, etc.
https://www.guru3d.com/story/synology-reverses-policy-bannin...
>Now, with the release of DSM 7.3, Synology has quietly walked the policy back. Third-party hard drives and 2.5-inch SATA SSDs can once again be used without triggering warning messages or reduced functionality. Drives from Seagate, WD, and others will work exactly as they did before—complete with full monitoring, alerts, and storage features.
NVMe SSDs are different.
They still require you to buy their overpriced (even by AI bubble standards) NVMe drives with zero third-party support. There is a project that adds third-party SSD support for newer Synology devices, but you need to redo it every time your NAS updates, so it's very much unsupported. Would definitely not say that they "recanted immediately".
This… this is just a low-content marketing page. Have we really sunk so low?
What is the current state of ZFS? I know it had some licensing issues traditionally, despite it being a delight to use every time I've tried it. Is it back?
Never went away, Linux is now the primary target platform for OpenZFS (which is basically synonymous with ZFS these days). TrueNAS/iXSystems (probably the main commercial company using ZFS) moved from FreeBSD to Linux. Major new features like pool expansion have been added after years of requests. Etc., it's a good time for ZFS on Linux.
There ARE licensing issues related to shipping it compiled into the kernel, but you can install it as a kernel module on every mainline distro nowadays which is functionally the same from a user perspective.
ZFS on Linux works great, but with most distributions, it will compile the kernel module on device upon installation. Only Ubuntu distributes binaries.
As a consequence, you don't necessarily want a rolling distro, as the ZFS module can get out of sync with the kernel.
ZFS itself is build for both BSD and Linux from the same source, so there's feature parity there.
I've been using ZFS on linux for like... 14 years now? I've migrated through centos, ubuntu, and debian during that time and the zpools never had any issues that weren't hardware related.
ZFS is my favorite filesystem. I even use it on single drives because its snapshots and online data integrity checking are so great.
I even use it on single spinning rust USB drives. Zero problems.
Isn't this massively overpriced? What does this buy you over a supermicro box running ubuntu?
Have you priced a Supermicro box with 16 bays and SAS running Ubuntu?
I have, in pre-COVID days, though. The total bill including a skylake xeon E3-1285 v6 CPU, 64 GB ECC RAM, and the supermicro X11 board + chassis (https://www.supermicro.com/en/products/archive/chassis/SC836...) was under $1k.
The current-gen 3U SuperChassis alone is $1200USD.
Try again with 2026 RAM prices.
Anyone know what types of full disk encryption this will support?
I am highly interested in this, especially if it works well with Time Machine to do backups over the network. I've got a fully 10GbE + WiFi 7 network w/ Ubiquiti gear already, would love to ditch my janky DIY NAS setup for something that is integrated with the rest and could potentially give me a better backup setup for my photography as well as enough storage to act as a media server.
I have a UNAS-Pro, which runs the same Unifi Drive software as this, and it works great for Time Machine backups. Dead simple.
I also have tons of other Ubiquiti gear, and honestly there's not a ton of synergy between the NAS and everything else. It's a great NAS though. And also, it's only a NAS. It's not an application server like a Synology NAS.
I only wish UNAS support ZFS.
Wireless Time Machine backup works until one day, Time Machine decides to shit the bed. Do not trust it. Invest in a different backup solution if your data is at all important to you. Something like Arq or Backblaze or tarsnap.
I hear this sentiment a lot, but I've not had a problem with Time Machine in years across multiple MacBooks in my household. Backing up to TrueNAS. Unifi networking. It Just Works.
I just checked any my oldest TM backup for the MacBook from which I'm typing is 2023-09-14. This MacBook has a 2 TB SSD and I have the TM volume quota set to 3 TB. TM culls old backups as needed.
The TM GUI is still terrible, but you can use `tmutil listbackups` to easily access backups from the command line.
I also use Arq to B2.
I've had all manner of issues, backing up via Ethernet and Wifi to FreeNAS and then to Synology. The only backups with Time Machine I had no issue with were to local USB drives.
Time Machine would work and work and work until one day... "Cannot write to your backup" and the whole thing would be corrupt and not even readable.
Flirted with Acronis TrueImage which was worse. Hell, even before catastrophic corruption, attempting to restore a file from a decent size catalog even over 10gbE would generally cause a beachball for minutes and then you had to be very careful to browse exactly to the location and file you wanted to restore (poking around trying to find it would inevitably totally crash the client, and even being careful sometimes would).
I ended up moving to Carbon Copy Cloner to Synology, with the Synology taking a snapshot 10 minutes before CCC starts its nightly run.
A few months in and it has been rock solid. If I want to restore I can just browse the snapshot in Synology and either copy a file directly from the Snapshot browser or mount the entire snapshot as a shared folder.
I use the 3-2-1 strategy for backups. I keep one copy off-site by using cloud backups, currently I primarily use Backblaze for that purpose but am considering alternatives for several reasons. I keep a second copy on an external SSD via Time Machine, and I keep one copy on-device. I'd like to use network Time Machine to get rid of the inconvenience of having a bunch of USB external SSDs floating around, especially since none of them are large enough to backup my entire drive if I get close to filling it.
I appreciate the perspective, I definitely take backups seriously for my photography.
I think a combination of:
1/ ZFS datasets with hourly (or daily) snapshots
2/ Samba with vfs_fruit
Gives the peace of mind that even when the sparsebundle shits the bed, you can rollback to a suitable snapshot and only lose a small period of backups, rather than having to lose the entire history and start again from scratch.
(I say when, not if, through considerable experience over the last 15 years that it will always, inevitably, shit the bed.)
A 2-drive Synology (e.g. DS225+) in RAID 0 or RAID 1 works fine for this, for 90% less than this beast. Synology documented their optimal settings for Time Machine a couple years ago, too. Hope this is helpful. [1]
[1] https://kb.synology.com/en-us/DSM/tutorial/How_to_back_up_fi...
Or if you want something from a vendor butting running decade old hardware configs and trying to lock people into their drive ecosystem, UNas or many other options.
Stay away from synology.
I already have a DIY NAS w/ 14x 14TB drives in it running ZFS on FreeBSD. It does not play nicely with Time Machine over the network though, and has some other bugbears that I've resolved to fix by migrating to Linux and running ZFS on Linux, but have never got around to doing.
A 2 drive anything is not replacing my existing NAS + solving my backup use case, although I appreciate the sentiment of saving money.
My experience of Ubiquiti is through their Dream Router 7. What a piece of crap that is. Can't even get good WiFi in adjacent rooms where same ancient Asus router wasn't breaking a sweat. Connection drop outs are a nice bonus. Don't forget booting for ages, fan noise etc.
If other products are so bad like that one, I don't know what is the hype for this company.
I'm reminded of the Sun Fire X4500 "Thumper" for which ZFS was originally developed. 48 SATA drives packed in a slide-out rack: https://www.youtube.com/watch?v=-zQ5RLAyA7w
Then-still-independent Sun sold storage appliances, and during their development and debugging it was noticed that vibrations effected performance… by yelling at the drives:
* https://www.youtube.com/watch?v=tDacjrSCeq4
Looks interesting, but likely lacks FIPS support which makes it an issue for companies that work with the government.
Maybe worth noting that TrueNAS added FIPS in 2024:
* https://www.truenas.com/blog/truenas-security-in-2024/
FIPS mode is the greatest
Are Ubiquiti products commonplace for companies that contract with the US government outside of the DoD/DoW?
Since DoD/DoW generally requires STIG compliance, and none authored are for any specific Ubiquiti product, we can cross that off the list. Sure they can get exceptions or use a more generalized STIG but stakeholders generally have pre-defined limitations on what they will and will not allow on networks they sponsor.
The Defense Industrial Base is 10s of thousands of companies. May are small businesses. Many need to obtain CMMC Level 2, which has requirements for FIPS certified encryption. Our systems do not directly connect to Government systems and those STIGs may not apply directly. So, could I use Ubiquiti in some places? Maybe, not to store controlled information in this case. I could probably store previously fips encrypted files there. Would I want to use Ubiquiti cloud services? No.
Not really deal breaker for most customers
I built a 12-bay NAS recently. I snagged a 5900X/Supermicro server board/128GB DDR4 ECC combo for only $680 on eBay right before memory prices went apeshit. It has IPMI and 2x10g. Suffice to say I belive you can roll your own appliance like this for considerably less money, and have far more control over it. I say this as a Unifi fanboi.
Nice that it's plain OpenZFS, no paid license layer, yay! Ubiquiti sometimes ships v1 hardware and ghosts their own roadmap, but this kinda neuters the downside. If they lose interest, you just pull the disks and zpool import on any box (assuming feature flag parity). That's a saner path than Synology, with their "unauthorized" drive warnings.
I've never been a fan of Ubiquiti's proprietary solutions, but this might actually be one product that I can be enthusiastic about.
They are getting better.
After a long time they introduced ONVIF into their camera products which basically opened it to everyone.
I've recently been convinced to implement a Unifi stack for my home network. I got a Cloud Gateway, a 10G switch and a couple WiFi APs.
The Cloud Gateway will be sold or given away. It's utter crap. I'm now building an OpenWRT container on IncusOS as my Internet gateway/router.
The switch is meh. It's easy to admin, which is nice - though I'm having to run UnifiOS on another container on said IncusOS.
The APs are fine. Decent power and the central administration with the switch is actually quite nice.
If I knew everything I know now, I wouldn't have bought any of those but they will do for now.
I love by Dream Machine Pro. Seems to just work and keep everything up to date. I have it running my security cameras as well and it has been pretty much bullet proof.
What needs do you have for a router that the Cloud Gateway is missing or is bad at? A PiHole equivalent is about all I can think I'm missing.
IPv6 support is basic at best. The zone-based firewall is very prescriptive and limited. ACL stuff is not great. To increase the MTU of the physical interface connected to the ISP I would need to hack a systemd unit that did it on boot (I either need it at 1508 so the PPPoE interface uses 1500, or I need to MSS clamp it and have it effectively reduced to 1492). Initial configuration requires the device to be connected to the Internet.
There were a few other niggles, and in the end I just found it easier to do what I need on OpenWRT.
The MTU thing is a bit bizarre - all connections I've seen on PPPoE in practice (fiber or DSL) used 1492 MTU to fit data into frames (and ISPs configured their routers like that too). What are you trying to hack with this unusual 1508 frame size?
It's not a hack. It's literally having the tunnel at 1500 MTU.
Check my answer to the sibling comment [0]. It's also known as mini jumbo frames, and is documented in RFC4638 [1]. And here's a post [2] talking about using it on OpenReach FTTC, which is similar to my own infrastructure, only I'm FTTP.
[0] https://news.ycombinator.com/item?id=48589677
[1] https://datatracker.ietf.org/doc/html/rfc4638
[2] https://blah.cloud/networks/enabling-mini-jumbo-frames-rfc46...
just genuinely curious about your MTU use case and why this is required...?
PPPoE introduces an 8 byte overhead per packet. The "MTU of the Internet" is 1500, so that's what more or less everything defaults to.
This includes physical NICs on Linux, but the PPPoE interface has to tunnel through one of such physical NICs.
If the physical NIC has an MTU of 1500 (and can't be changed), the PPPoE NIC must do MSS clamping, effectively reducing the MTU from my network to the Internet to 1492. This increases fragmentation and overhead.
If I can increase the physical NIC's MTU to 1508 (and the ISP supports it, which mine does), then the PPPoE tunnel can use the full 1500 when talking to the Internet.
So, it's technically not _required_ but it's an improvement I should be able to implement easily (in OpenWRT I literally type 1508 on the MTU box for the NIC, or issue a single uci command).
+1 for Dream Machine Pro. Own one at home and have stretched them pretty far in SMB environments.
I use it with 8 APs in a mesh and a few switches, all UI, and it just works. I also have a lot of success helping out some local SMBs by setting up UI for them.
I really like the DM Pro and have it deployed to an office of about 50 people. It's a pretty no-fuss solution and fairly simple to manage.
For my personal setup, I decided to go with OPNSense and I couldn't be happier. Much more control, at the cost of being a little more hands on.
I think the best (rough) comparison here is MacOS vs Linux (or more accurately in this case, FreeBSD).
I'm slowly in the process of migrating from an EdgeRouter and Edgeswitches (including the 16XG for my SAN backplane) to Unifi. Am comfortable at the command line (and actually just had Claude help me build a bunch of configs and an IaC harness for my whole infrastructure) but the SPOG will be nice - that and Ubiquiti has basically abandoned the Edge* line. This was prompted by not wanting to by having persistent problems with the Cat 6 STP termination and the length of the run between my office and the rack in my garage, and my Mac Studio and Edgeswitch would generally only negotiate at 5gbps and even then be error prone, so I got a Unifi switch with 8 ports and 2 SFP+ and ran fiber to the garage for the uplink, and just a short 10' run between the switch and my studio gave me rock solid 10gig (I just run the controller, for now, on a small VM, with my 2 WAPs, but will go all in when I pull the trigger, though, oof, $2,500 for everything I need).
My UniFi Fiber has an adblock integrated, wouldn't UDM also have it?
I went with eero and really wish I'd gone with unifi
Apart from the shitty software and basic features either missing or locked behind a monthly cost, the network itself is not bad at all, I get 600-700mbps on wifi throughout the house and have my servers wired on 2.5gbe
But the one thing I really thought I was buying into by choosing an amazon brand was ease when it came to buying upgrades, and yet I ended up having to buy extra hardware (like the wired gateway) from ebay and sellers in the US as amazon does not sell their own hardware everywhere
I started with Unifi and it's been pretty great overall. I've integrated all the cameras into Home Assistant, it's all local, and can bridge with HomeBridge so it all shows up and plays nicely with HomeKit as well. Rock solid and very few complaints.
I've had standalone routers, Eero Pro, Google Wifi, TP Link Deco, TP Link Omada, and probably some I'm forgetting. They all had something that just enraged me.
I finally bought a Unifi and I'm very happy with it so far, 6 months in. There's a few things I haven't tried, like rebooting it while it doesn't have an internet connection (I'm looking at you, Deco!), but so far my big complaints are that it's opinionated about the initial setup, and setting up a static IP for a device that isn't connected yet is a serious PITA. I had devices on my old system that I didn't want to have to change IPs (because the computers talk to each other) and that was not easy. If I had to do it again, I'd probably just let it do what it wants and deal with changing all those configs to the new IPs.
FWIW, I just have it as a router, and my Wifi is still some of my expensive standalone Asus wifi routers acting as just access points. I didn't see a point in replacing them when they were working great as APs.
What were your constraints and how were they not met? Looking to buy the same, Dream Machine specifically.
What do you know now then?
See the answer I gave to the sibling comment.
Did we decide ZFS is good after all this time?
Who said it was bad? I thought we were all pretty much in agreement that it was good, and the only thing holding it back from wider adoption into e.g. the Linux kernel was the poison-pill of Oracle's ownership and licensing.
Some years ago, there were mud-slinging myths being thrown around about ZFS.
Things like "ZFS needs 1GB of RAM per 1TB of storage" and "it requires that RAM to be ECC" were once common to find online.
These sort of thing seemed to lead to widespread beliefs that it was inefficient, expensive, and fragile. None of that is true, of course, but folks might remember and believe these myths and conclude that it is (or was) bad.
(But it's pretty excellent. I've been using it for about a decade, now. It'd be nice if it fit into the Linux kernel better, but I manage anyway.)
I still got told that I need 16GB of RAM to migrate my 12TB btrfs array from a Synology with 6GB of RAM (2GB actually used) - by TrueNAS people.
Are they wrong?
Yep. They be wrong. Many of the myths about ZFS seem to originate from the TrueNAS forums, and the working assumption is that they're motivated to be this way because they're a bunch of gatekeeping losers.
More RAM is better -- of course it is. Otherwise-unused RAM can gets used for stuff like caching (such as the ZFS arc), and caches are faster than disks. That's good for performance.
But ZFS isn't really any more thirsty in this way than other filesystems are, unless special features -- stuff that many other filesystems lack entirely, like deduplication -- get used.
And these days, dedup can use an SSD instead of RAM for the heavy lifting so that's not a huge concern either. (Not that I'm recommending dedup; it works and it is reliable, but it doesn't fit very many workloads.)
I would absolutely be comfortable running ZFS with 12TB on 6GB. Or 2GB, for that matter. It's fine. Send it.
I've personally done more with less and had excellent results. No regrets.
(There's ways to tune arc performance, too. As an example, I've got a dataset that is full of many terabytes of Linux ISOs. I don't need that data to be cached...like, ever. If it were to be cached, it would just consume resources that would be better spent elsewhere. But I do want it to be indexed quickly. So I set that dataset to primarycache=metadata and that works great for me.)
another thing holding it back is the threat of a lawsuit from Netapp.
source: used to work for a storage vendor that was marketing a NAS based on ZFS and got credible threats from Netapp to the point that we sought a partnership with Oracle that included indemnification under Oracles settlement with Netapp.
Oracle and NetApp 'mutually dismissed' in 2010:
* https://www.theregister.com/off-prem/2010/09/09/oracle-and-n...
* https://www.computerworld.com/article/1585889/opinion-patent...
NetApp originally sued then-independent Sun in 2007, and Sun counter-sued.
Free/TrueNAS/iXsystems has been offering ZFS-based solutions for many years now, and I haven't heard NetApp going after them:
* https://en.wikipedia.org/wiki/TrueNAS
* https://en.wikipedia.org/wiki/IXsystems
I remember all this too. The time period that I was in this scene was AFTER 2010 though so who knows. As mentioned in response to the sibling "credible sources" bro, I was just a lowly support engineer so i had to trust that the CEO wasn't lying to us about all this.
Maybe he was ... they do that sometimes.
I looked around a little. the C&D from Netapp was in ~July 2010 and the partnership and product with Oracle in the Fall (Around the cease fire) and we continued with that (via the Oracle Partnership) through 2011-2015 when the company ran out of cash and laid us all off.
Do we add this corp. body count to Oracle then? I'm pretty sure that Oracle partnership wasn't cheap.
Who knows. I'm sure it was pretty expensive. Was certainly more comfortable on that side of their legal desk though I'm sure.
only threats, no court cases or journalist writing about ZFS indemnification? IOW please provide links to credible sources.
sorry, don't have a link to the CEO telling us that we were signing a partnership with oracle that included the indemnification.
I was just a lowly support engineer so not privy to all the legal details that the executives were dealing with. I too had to just take them at their word.
ETA: I searched a bit. Here's a link
https://www.enterprisestorageforum.com/networking/netapp-thr...
Maybe threats were enough? I certainly wouldn't want to test it myself.
ZFS was always good. Linux support for ZFS was not so good for longer than you'd hope, but it's been reliable for some time now.
ZFS is amazing. It feels like magic.