HI, I’ve been doing some research and have not been able to turn up an answer to my question.
Are there any limitations using SFTP for TrueCloud backups vs a cloud storage provider like S3 Storj, etc? I’m specifically thinking limitations on restoring and/or managing how much history is kept.
Thanks!
There are always limits, even on the latest and biggest IBM mainframes.
What limitations are you talking about? Capacity, IOPS, throughput, latency, etc?
What specific requirements/use-case are we talking about?
S3 storj offers very poor performance.
And if ever intend to download data and not only upload it, it is also pretty expensive.
Specifically I’m interested to know if there are any limitations around managing backups, rotation schedules, restoring, etc.
To answer your question: Yes.
But I guess you wanted to know some values. 
In my experience those values per se do not help so much. In general you can assume that ZFS and TrueNAS, being enterprise-grade, support much more than what you need in a private context.
So it would be helpful if you could provide some context. What are you trying to achieve? Please be as specific as possible. Otherwise we cannot help.
Chris,
Thank you for the reply!
Sorry I’m having a hard time being specific here, I’m very new to TrueNAS and I’m just doing my research before diving in.
My use case would be this: TrueNAS on site (my home) for storing files, photos, music, etc. (I currently have a Synology DS418j serving this purpose.) I would also use the TrueNAS machine to run Docker VMs as well as Frigate NVR (and possibly some other community supported “apps”)
Ideally I would then move my Synology offsite and use it for backing up the TrueNAS. However, if there are a lot of drawbacks to that solution I would probably bite the bullet and purchase some more hardware to build an off-site TrueNAS. But since I have the Synology now, I’d really like to leverage that instead of spending more money.
Given all of that, I’m trying to discover 3 things:
Thank you again for your information so far!
“The choice between TrueCloud with SFTP and traditional cloud storage depends on your specific needs for security, accessibility, and data management. SFTP (Secure File Transfer Protocol) is useful for securely transferring files and integrating with legacy systems, while cloud storage solutions typically offer more scalability, collaboration features, and direct application integration. If you need structured file transfers with strict security controls, SFTP may be the better option. However, for seamless access, sharing, and backup capabilities, cloud storage might be more efficient. What are your key priorities in choosing between the two?”
No idea where this comes from (“AI” ?) but it is not really helpful. These are very broad statements that are either only valid when certain prerequisites (which are not mentioned) are met. Or they are downright wrong.
That is something we can work with :-).
This is, in my view, a reasonable setup. It does, however, require a network connection between the two machines, which almost certainly comes down to a site-to-site VPN connection. If you have experience in this field, great. If not, it will likely be somewhat prohibitive.
I never worked with Synology, but assume that you can transfer data with something like rsync or simply SFTP. I would certainly not start with getting a second TrueNAS machine right from the start.
I have not used StorJ but do encrypted cloud backups to OneDrive and to a local cloud provider via SFTP. Both work well for me.
A remote NAS that you own is a bit of a two-edged sword. Depending on the distance there is the time to get there if something goes wrong. Also, you have no control over the environment. So as an additional target, why not. But I would not see it as a full replacement of a cloud backup that ends up in a proper data center.
Allow me to quibble. It really comes down to the connection with the remote site and whether you can do the initial replication either locally (with the to-be-remote machine on-site) or via sneakernet (i.e. replicate the local machine to a HDD array, carry the array to the remote site, replicate the data to the remote system). Local replications are incredibly fast, sneakernet can be also.
The primary benefit of a remote machine under your control is speed. If your local machine is lost due to fire, etc. the speed with which you can be back up and running is not comparable to the time it will take to replicate all your data from a remote datacenter to your to-be-rebuilt local machine. Yes, some datacenters allow HDD copies of your data to be overnighted to you, but it’s usually $$$ and not part of consumer backup packages.
The downside of controlling two NAS’ is having to maintain two NAS’ as well as building up a reliable, reasonably-fast VPN between the two. I heartily recommend using Mikrotik gateways (aka routers) and Wireguard for this purpose (see the Network Berg “Ultimate Wireguard Series” on Youtube for more info). But there are other ways to do it also, i.e. Tailscale, etc.
Replication to a remote NAS or datacenter works reasonably well as long as the speed of the connection is commensurate with the amount of data that changes on the local machine on a in-between-replication basis. For the OP use case, even the restrictions imposed by Comcast et al on upload speeds should be OK.
@ChrisRJ and @Constantin
Thanks for the input!
The remote NAS would be physically located less than a mile from my home, so easy to run over for maintenance.
I had not gotten to doing a lot of research on the site to site VPN yet, but I was considering Tailscale for ease of use but need to dig deeper into all of that.
I’m trying to avoid purchasing hardware for the VPN because of expense.
Look into your current hardware… For instance Fritz! boxes can provide a VPN access.
@etorix Thanks for that idea! The Synology box has Openvpn as an option. I’ve been doing some research and would set up the remote Synology as the server and TrueNAS as a client into the server. I’m choosing this because the remote network will essentially only be the Synology box and this way I don’t need to open up port forwarding on my router and expose my network on that port.
Does that sound like a logical decision?
OpenVPN doesn’t have the same performance as either Tailscale or wireguard. Back when I still used EdgeRouters from Ubiquiti, getting OpenVPN to work with DHCP based internet service providers was a complete pain in the butt. Incomplete documentation, hours of googling and finally an aha! moment when someone mentioned something somewhere that was not documented by UBNT and suddenly it just worked - slowly.
Synology more likely than not has either a wireguard or a Tailscale app to play with.
Tailscale is available for Synology, not sure about wireguard.
Will investigate Tailscale. I had done some very preliminary investigation on it and the information I found seemed that it was more geared toward remote access not point to point. Time to dig deeper! 
That’s the thing, Tailscale can be lots of things and it’s a much newer protocol than OpenVPN. I would try to get it to work at home, then take it for a spin at the remote location.
I love the Mikrotik DDNS / Wireguard implementation because you just have to follow a recipe and you’re done. Stuff that works as expected is a huge time saver. Stuff like the IPSec or OpenVPN implementation at EdgeRouter ultimately costs you more than the device because it’s a huge time waster.
I have also heard good things about using even more powerful gateways like the OPNSense gear but I have no experience with it. @dan might be able to help you with that, but for now I reckon just getting tailscale VPN to work between your NAS and the Synology would be the way to go.
Importantly, it’s pretty much Wireguard with a coordination layer on top. And it’s designed in such a way that you don’t need port forwards or any other complications. I’m behind double-NAT right now, but Tailscale just doesn’t care.
The OpenVPN server on OPNsense is pretty well-documented, and I’d expect it to work fine with a dynamic IP address as long as you had some form of dynamic DNS set up. But I haven’t used it, even though it’s still configured on my router, since I set up Tailscale (in my case, hosting my own coordination server using Headscale).
If anything, Tailscale is the opposite–though it can be used in other modes, they really want every device joined to the tailnet. Join both NASen to Tailscale, and you have a secure communication channel between them.
@dan Thank you for the information. Sounds like Tailscale is the way to go! I’ll start doing more research on that and get things set up on my Synology box as a test.
