Fast (immutable) NAS for Backup | Hardware recommendations

DeepB

New Member
Jul 25, 2019
14
1
3
Hi,

we have an old qnap nas where we store our backups (veeam backup, iscsi). We also have a Tape-backup where the latest is offsite.

However I want/need to replace the qnap nas. I am looking for a _fast_ backup solution with some kind of immutable storage (If I have malware on the backup server it can encrypt all the backups on the NAS and I need the tape. I really do not wand to need the tape)

I thought about a linux server, 100gbe, HDD ZFS-raidz, pcie4-ssd either as cache or (temporary) incoming directory. (source is on a all-flash-raid)

1) Any general suggestions?
2) Is there a software (nas...) that offers something like that out of the box?
3) On a system like that, what is usually the bottleneck? I thought about 100gbe, 64gb ecc-ram, 4tb fast m.2 pcie4-ssd, Ryzen 5-5600.

Thanks
Daniel


Edit: I am considering buying the following hardware. Critique requested ;).

CPU: Amd Ryzen 5 5600
Mainboard: Asrock X570S PG Riptide
Ram: Samsung Rdimm 2x32GB, DDR4-3200 reg ECC
Network: Intel E810-CQDA2 100G 2xQSFP28
Case: Either Inter-Tech 3U-3416 3HE or Fantec SRC-4240X07 4HE
HBA: whatever I find with at least 2x SFF-8087
HDD: 4x 18TB Toshiba MG09ACA
SSD: 4TB Seagate FireCuda 530 (either as a cache or as share for incoming files)
 
Last edited:

Rand__

Well-Known Member
Mar 6, 2014
6,081
1,458
113
Truenas also has an option to automatically set new data as read only after 15 minutes.
Not sure how granular that works though, only have seen it in the SMB options
 

Stephan

Active Member
Apr 21, 2017
401
233
43
Germany
Stay in the Veeam ecosystem. We usually do a HPE DL380 with 12x10 TB LFF or similar in front for storage, 2nd riser with 2x SSD in the back for OS and 2nd CPU to drive it, connected to tape drive with a E208e, 10/25Gbps network, running Veeam on some Windows Server OS. Large, random passwords for this machine different from everything else on the client's premises, machine is NOT a domain member, also firewalled except for what Veeam VMware Backup proxy needs. So a bastion host that ingests backup data from a VM that has the Veeam Backup Proxy role, but is quite hard to get into. Next to fooling the receptionist wearing some outfit from ebay that you are the new IT guy.

You will have to play with Veeam multistream TCP in global settings, to even saturate 10 GBps properly. Try 12 instead of default 5 for starters. Bottleneck depends on data and what the VM proxy has in terms of CPU power to compress data. With spinning rust 1-2 GByte/sec backup speed should be easy on first try, on entry 8-10-core Xeon Silver CPUs.