Solved 3 Disks and ZFS, best topology?

freezr

freezr

This week I'll have finally the time to fix my computer broken from months...

And I decided that I want to change completely the topology of the disks.

My workstation, which is a decent (slightly old) laptop can host up to three disks: 1 m2 and 2 2.5" sata; my potential options are:
  1. Create a ZFS Mir and use the third one as local backup
  2. Raidz-1 and use all the 3 disks...
Now that I wrote this post I do believe that option 1. is better; what would be your recommendation instead?
And, should I encrypt the disks with GELI for a computer that is supposed will never leave its desk?

Thanks in advance... 🙏

p.s. this time no more dual boot with Linux 😏
 
What are you optimizing for? Do you need performance, do you need the most capacity? If performance, what is your workload: small writes vs. sequential streaming? In general, building a RAID array (including mirror) out of disks of differing performance or size is a bad idea, since you end up restricted to the smallest/slowest of the set. But your requirements may be easy enough that the loss is not so important.

Both mirror and 3-disk RAID-Z1 give you the same fault tolerance against whole disk failure, they can handle one fault.

I'm not a fan of data encryption at rest. It only helps for the threat of someone physically stealing your disk (or the whole computer) and then trying to read it. For laptops that travel with you (left in the car, sitting on the table at a coffee shop) that makes sense. For computers that stay at home, most people don't have data important enough to worry about. If a burglar has broken into your house, usually you have bigger problems than the data on your laptop.
 
ralphbsz said:
I'm not a fan of data encryption at rest. It only helps for the threat of someone physically stealing your disk (or the whole computer) and then trying to read it. For laptops that travel with you (left in the car, sitting on the table at a coffee shop) that makes sense. For computers that stay at home, most people don't have data important enough to worry about. If a burglar has broken into your house, usually you have bigger problems than the data on your laptop.
Click to expand...
I am a huge fan of data encryption at rest, so my suggestion is: absolutely, yes. Today, a burglar can even make money by selling your data, let alone trying to approach non-tech-savvy family members with a fake social media account to then trick them to sending them money. Furthermore, many uses do not have an inventory about their data, so invoices, financial data, temporary data like bank statements etc. may give nice insights for someone who is looking to make money out of that. And usually a burglar is in need of money, so he will think about how to make money via various illegal ways. He may also threaten you by exposing data of your employer, risking your job. So better encrypt your disks and do not worry about all kinds of things that can go wrong. I have seen quite some creative ways how stolen random devices do get people in serious trouble.

I would just use raidz1. Backups should really not be on the same device, but on a different one, ideally on a remote site. With prices like 5$ per Terabyte per month this is quite affordable for most users in western civilizations.
 
ralphbsz said:
For computers that stay at home, most people don't have data important enough to worry about. If a burglar has broken into your house, usually you have bigger problems than the data on your laptop.
Click to expand...
After a very tech savvy & security conscious friend died unexpectly, his wife had no access to his computers as everything was "secured down" tightly. Disk encrypted, unguessable passwords, ssh keys etc. He was managing it all and his wife had left it all up to him.... She could get to bank, brokerage accounts etc through old paper trails but anything that was only online was lost. This is something that should be discussed with your spouse/loved ones even if you are quite healthy....
 
ralphbsz said:
What are you optimizing for?
Click to expand...

I need regular desktop use with an emphasis on design and coding.

Both mirror and 3-disk RAID-Z1 give you the same fault tolerance against whole disk failure, they can handle one fault.
Click to expand...

Thus, using the third disk as a backup is a good idea.

I wonder if the third disk might be bigger for instance 1TB Mir, 2TB Backup... 🤔

I am sorry about that, I am very bad at storage and backup... 😩
 
freezr said:
1 m2 and 2 2.5" sata
Click to expand...
Is the M.2 disk SATA or NVMe? If it's SATA RAID-Z1 would make sense. But if it's NVMe you don't want to mirror or RAID it with one or more of the SATA drives. That'll totally kill any performance gain NVMe would give you.

freezr said:
Now that I wrote this post I do believe that option 1. is better; what would be your recommendation instead?
Click to expand...
How about installing the OS and various applications on the NVMe and mirror the two SATA disks and use them for storing important data you don't want to lose in case of a disk failure? The OS and its applications are easily and fairly quickly reinstalled on a new drive, your data cannot be "recreated" without considerable effort.
 
bakul said:
After a very tech savvy & security conscious friend died unexpectly, his wife had no access to his computers as everything was "secured down" tightly. Disk encrypted, unguessable passwords, ssh keys etc. He was managing it all and his wife had left it all up to him.... She could get to bank, brokerage accounts etc through old paper trails but anything that was only online was lost. This is something that should be discussed with your spouse/loved ones even if you are quite healthy....
Click to expand...

And this is something I thought about...
 
SirDice said:
Is the M.2 disk SATA or NVMe? If it's SATA RAID-Z1 would make sense. But if it's NVMe you don't want to mirror or RAID it with one or more of the SATA drives. That'll totally kill any performance gain NVMe would give you.


How about installing the OS and various applications on the NVMe and mirror the two SATA disks and use them for storing important data you don't want to lose in case of a disk failure? The OS and its applications are easily and fairly quickly reinstalled on a new drive, your data cannot be "recreated" without considerable effort.
Click to expand...

If I recall properly that slot can host both SATA and NVME disk, but you have your point, and it might be a fine decision!
 
bakul said:
After a very tech savvy & security conscious friend died unexpectly, his wife had no access to his computers as everything was "secured down" tightly.
Click to expand...
I've been in that situation but it was a co-worker.
So I understand the desire, but there needs to be a recovery plan for others. At work, mandate the encryption passwords are stored somewhere in corporate. At home? Write them on a Post-It. Yeah I know defeats the purpose, but seriously at home think about the spouse trying to get banking or other info.

I would lean towards OS/boot device NVME as a singleton, use ZFS so you get the advantage of Boot Environments for upgrade. Then a mirror pair on the other two for strictly user data like your home directory.
That gives you a bit of protection on the important data and lets you freely upgrade/reinstall the OS bits.
I would not do whole disk encryption.

Oh, just my opinions
 
Thank you guys,

I do believe single disk OS and home ZFS MIR, can be a good solution.
Encryption, I guess I'll pass this time...
 
mer said:
At home? Write them on a Post-It. Yeah I know defeats the purpose, but seriously at home think about the spouse trying to get banking or other info.
Click to expand...
If you don't encrypt the disk, you can usually bypass everything in an emergency, given physical access. In my friend's case his wife and kids searched everywhere for a paper copy of his password but to no avail. Ideally you'd save that postIt in a safe location (which you may forget about, unless it is your safe deposit box at the bank!) but people tend to not think about such things.... The point being you're much more likely to die than be burgled!
 
Another thought... Put the O/S on the mirror for improved reliability, and buy a USB3 carrier for the M.2 stick and use it for off-site backups.
 
bakul said:
The point being you're much more likely to die than be burgled!
Click to expand...
Yep.
That's why I can logically make a case for "Work" system that is mobile and I use everywhere like a coffee shop or car dealership, but for a desktop at home that does not go walkabout? I can't see it. As an aside, but related, I think Win11 is starting to enforce BitLocker everywhere.
 
gpw928 said:
Another thought... Put the O/S on the mirror for improved reliability, and buy a USB3 carrier for the M.2 stick and use it for off-site backups.
Click to expand...
I'm not sure I agree with this; sure mirror gives boot reliability but external device for data backups? I don't think I'd take that tradeoff.
 
bakul said:
After a very tech savvy & security conscious friend died unexpectly, his wife had no access to his computers as everything was "secured down" tightly. Disk encrypted, unguessable passwords, ssh keys etc. He was managing it all and his wife had left it all up to him.... She could get to bank, brokerage accounts etc through old paper trails but anything that was only online was lost. This is something that should be discussed with your spouse/loved ones even if you are quite healthy...
Click to expand...
Just last week I sent an updated list of the institutions where my assets and accounts are located to my executors. There were no details, but they will know where to look when the time comes. As you point out, in this electronic era, paper trails can be extremely tenuous.
 
gpw928 said:
Just last week I sent an updated list of the institutions where my assets and accounts are located to my executors. There were no details, but they will know where to look when the time comes. As you point out, in this electronic era, paper trails can be extremely tenuous.
Click to expand...
electronic trails are good, but only if someone can access them :) Paper or a USB drive is just backup.
 
mer said:
but external device for data backups? I don't think I'd take that tradeoff.
Click to expand...
Physical off-site backups are a "trade-off" I have been making since approximately 1989, and not a habit I intend to break any time soon. They protect against a wide range of calamities. I could not think of a better use for that M.2 stick.
 
gpw928 said:
Physical off-site backups are a "trade-off" I have been making since approximately 1989, and not a habit I intend to break any time soon. They protect against a wide range of calamities. I could not think of a better use for that M.2 stick.
Click to expand...
I don't disagree with this but in the OP case, I'd still do single NVME for OS, mirror SATA locally for user data redundancy and if needed offsite backup of the user data bits.
OS portion? typically ISP related configuration (/etc/rc.conf has probably 90% of what you need).
That's why I default to redundancy on user data and keep a copy of OS level config.

OS level redundancy can be/is useful for something that is 5-9's. A home system? My opinion nice to have but my data is more important than the OS.
 
SirDice said:
How about installing the OS and various applications on the NVMe and mirror the two SATA disks and use them for storing important data you don't want to lose in case of a disk failure? The OS and its applications are easily and fairly quickly reinstalled on a new drive, your data cannot be "recreated" without considerable effort.
Click to expand...
While I agree with your point, and my FreeBSD server is indeed set up this way, I'm not sure this is a good idea any longer. Here's why: Today a full OS installation is relatively little data (dozens of GB, compared to user data, which tends to be hundreds of GB or multiple TB), and not really performance critical. On the other hand, having to reinstall the OS and all the configuration is a big hassle (takes me a day or two, getting everything "just right"). The beauty of having the OS on a mirrored configuration (carefully designed that one can boot from either mirror copy) is that the system remains fully functional during a disk failure.

Where I agree: OS stuff can be excluded from backup, in particular from off-site backup.

Now, if the workload includes things like very large files accessed sequentially (video storage), or data that has to be exceedingly durable and exists in many copies, or that requires extremely high performance, then segregating OS and data makes perfect sense. But for a software development workstation, that's unlikely to be the case.

gpw928 said:
Physical off-site backups are a "trade-off" I have been making since approximately 1989, and not a habit I intend to break any time soon. They protect against a wide range of calamities. I could not think of a better use for that M.2 stick.
Click to expand...
Sadly, for complete off-site backup, I'm still relying on a physical disk drive that is brought home once a week or month, updated with recent backups, and then stored at a building dozens of km away, so it is likely to not be affected by the same disasters (earthquake and fire is what we worry about here in California). I'm doing some cloud-based backup, but that is still not working completely, and restores from the cloud have never been debugged or tested. That is particularly embarrassing as for many years my day job was building cloud-based storage with inter-continent backup. I just don't have enough time to work on my home system.
 
I double check the manual, and this laptop doesn't support any NVMe disk, only sata...
The idea of two disks on mir and a third disk for local backup is again my best option...

I had a 250 WD Blue NVMe drive and it has been recognized... 👍
I only need to buy two SSD sata disk!
 
I got the NVMe and two 1TB sata...

I will install the system on the NVMe and the home on the ZFS Mir.

I hope to don't get any trouble with FreeBSD 15 rc3... 🤞
 
I use a one way data push to a separate drive. This provides data recovery against accidental erasure. Mirroring and raid schemes do not do this (learned the hard way).

Encryption is a PITA I avoid.

I built a ZFS1 NAS with a series of 4tb disks I had in stock for a movie server. Already full. Should have used big disks instead.
 
Encryption is easy (*). Key management is hard.

Footnote: It is not actually that easy if done at the hardware level. Which is the best way to do it.
 
You must log in or register to reply here.
Back
Top