TrueNAS SCALE: A “Datacenter-in-a-box”
Exploring Security Concepts and Backup Immutability – Part 1
FULL DOCUMENT HERE:
TrueNAS SCALE Datacenter in a box.pdf
Revision 1.1 - NickF
What is a “Datacenter-in-a-box"?
Datacenters are large, sprawling rooms lined with cabinets that are filled with servers, switches, routers, and firewalls. They require substantial investment in real estate, redundant electrical power, robust cooling systems, and multiple WAN connections. In recent years, many companies and individuals have shied away from capital investments in the infrastructure required to maintain or build datacenters. The market has shifted towards the “cloud”, where large capital investments are replaced with recurring monthly costs for subscription services. Software-as-a-service (SaaS), Hardware-as-a-service (HaaS).
Companies like Google, Amazon, and Microsoft have had record growth and profits in their cloud computing businesses. If the cloud is just someone else’s computer, why are the capital investments of these tech giants in their massive datacenters considered more valid than our own?
The Security Onion
Cybersecurity is a complex field involving years of study, certifications, and constant threats from malware. Most system administrators will never know everything about security, but understanding it in layers and following best practices is a sufficient starting point. This section covers how to “air-gap” data and applications and ensure that backups are “immutable”.
Laying the Groundwork: The “Air-gapped and Immutable” Backup
The “3-2-1” strategy for backups is a common guideline, suggesting two local copies of the data and one remote copy. This can be achieved through virtualization on a single physical server, ensuring data integrity and security at the hardware level using technologies like Intel VTd/IOMMU for PCI-E Passthrough.
System Specifications
This guide uses an iXSystems TrueNAS M50. It discusses the hardware requirements and configurations needed to set up a robust data security system using TrueNAS SCALE.
Getting Started
Initial setup involves creating datasets and managing storage configurations in TrueNAS SCALE, setting up a secure data bridge without physical network connectivity, and virtualization settings for secure data management.
Installing SCALE – Little Lenny’s Legacy Begins
This section provides step-by-step instructions for installing TrueNAS SCALE on a virtual machine, including setting up network interfaces, storage configurations, and initial boot settings.
Big Bertha: Building Our Pools and Datasets
Here, we configure the data pools and datasets on the primary server, discussing storage encryption, dataset creation, and the specific settings used for secure data storage and backup.
Little Lennie: Building Our Pools and Datasets
Setting up redundant storage configurations and encryption at the pool level on a secondary virtual machine to ensure data integrity and security.
Let the Replication Begin!
The process for setting up and initiating data replication between the primary system and the backup system, ensuring secure and reliable data backup.
Reviewing the Deployment Model
A summary of the system setup, including the configurations of encrypted datasets, virtual networks, and the replication setup, providing a comprehensive overview of the datacenter-in-a-box model.
In this guide, you’ve learned how to set up a robust and secure virtual datacenter using TrueNAS SCALE, ensuring the security and integrity of your data with advanced virtualization and networking techniques.