tr0910

After 10 yrs with 6 unRaid servers the only one I've had go bad was one that I broke off with my foot. I now recommend nano sized thumb drives for klutzes

You might have a damaged USB boot thumb drive. Can you boot with a newly created fresh USB thumb drive?

My dual 2670 report AES enabled repeating the following 32 times. But when I change pfSense to support Cryptographic Hardware I get the following on pfSense 2.4.3-RELEASE (amd64) on noVNC: pfsense padlock0 no ace support root@Tower:~# grep flags /proc/cpuinfo flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm epb pti ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid xsaveopt dtherm ida arat pln pts I changed it back to disabled for now pending advice on this error. Is AES enabled in spite of this error?

My Intel based tams servers with ipmi card are happily on running 6.5.3. Same generation as the h8dme-2. Surprised me too...

Perhaps your problem is less severe than you think? I have about 10 tb of dear wife images on my server. Many millions taken in RAW, JPG and edited versions in PSD and Tiff. Trying to delete duplicates is an exercise in futility. Space is cheap. Trying to organize it is also a waste of time. Every way you try to do it is wrong in some way. What I need is a image search engine that makes it easy to find what you are looking for. Face recognition helps, but it would be nice to be able to query "Show me all the images of the cousins together" I am still looking....

After having used this for several months, I can say that it seems to be a keeper. I am still running on Dig Ocean, but would like to see an unRaid docker. Anybody with any ideas? What would it take to run this on unRaid as a docker? @Squid @sparklyballs @CHBMB @linuxserver.io @peter_sm

I can do some USA - China rsync tests. Today the transfer speed is highly variable ranging from 20 kb/sec during peak evening times to 10mb/sec when it wants to run and run...

@pwm regarding your labratory results with cutting power to btrfs during write operations. Was this to spinning media, SSD, or USB? Would you expect the results to differ depending on media?

Or you can have it located offsite at somebody else's house and connect over the internet for the key. I wouldn't suggest wifi as that is only one more thing to go wrong. But I don't see this as being an increased level of security for determined folks. If they really want you data, they will find the rpi. The only thing in you favor, is you may be able to destroy the rpi before they find it. If this is good enough for you, see @gridrunner and @bonienl approach using your cell phone as the rpi. Fundamentally the rpi doesn't add more security than your cell would. You can create your encrypted array by converting one disk at a time. Thankfully @dlandon has updated unassigned devices plugin to support encrypted disks. What you cannot do is format the disks via unassigned devices. And you cannot covert a disk in-place without having a spare disk to copy to. It really is the same process as converting your disks from ReiserFS to XFS or BTRFS file system.

Yep, I want to make sure that if by some strange bit of fate that the key is compromised, that the 2fa keeps them locked out. The timing you suggest would do it. And there could be a ramping up of the timing, after 3 sets of 3 failures, the server is locked for a few hours. This logic would have to be baked in very tightly, as you wouldn't want someone just changing the server bootup "go" file and defeating the security.

We would never want the 6 digit code being treated as a password. Of course it's not secure. But having it combined with an approved key file in classic 2fa way would be better than just the key file with no 2fa.

Might be your USB key having issues. When you finish the trial and before going live, you should verify the key is good enough for the long term. When I did my trial years ago, I wasn't careful enough and had to replace a USB key soon after go live. Sent from my Nexus 6 using Tapatalk

I''ve seen some very well thought out ideas here for starting encrypted arrays, but I haven't seen any discussion of some very strongly supported and well reputed 2 factor authentication systems like Google Authenticator, or Authy. Two factor authentication was first implemented by sending an unlock code via cell text message, but spoofing cell text messages have not proven as unhackable as hoped. I'll focus on Authy as it is my current solution but you might also want to look at Starling and Duo Security too. Authy is 2 factor authentication supporting Android, iOS, Chrome apps, as well as Win32, Win64 and MacOS desktop solutions. Authy creates a 6 digit random ever changing number for each service you link to it. The 6 digit number changes every 60 seconds. To use, you tell google that you want to set up 2 factor authentication, and then create an Authy secure entry that matches the google account. Then you can have Google force you to enter the random 6 digit number every time you login, along with your password, or more infrequently such as every time you reboot. (this is configurable based on your paranoia level). The nice thing about Authy, is that it works without needing cell phone coverage as it is fully offline once set up. I have changed stuff I want more secure over to Authy. Facebook, gMail, hotmail, Amazon, Digital Ocean, twitter, AWS, Teamviewer etc now all support this approach. Why Bank of America, Chase etc still don't support a system like this is beyond me. I have the Authy app on my phone protected by my fingerprint. If you are wanting more flexibility, you can have Authy replicate to another device (say a Chrome browser or desktop) so that if you lose a device, you can still manage the account and unregister the lost device. Could we lock down the unRaid encryption keyfile for encrypted array startup and only have it divulged based on a successful Authy 2 factor authentication challenge?

Figuring out old data center stuff is terribly frustrating. You must be a person who never gives up.... I'd hate to think what your bill would be if you got to charge for the time you invested. Maybe you can bill tams?

I am noticing that with a Windows 10 vm idling, that my server power consumption jumps by 50-70 watts. This is with a Intel 2600cp2 mb and dual e5-2670 cpu's. Top reports lots of qemu cpu usage as above and htop reports cores 1, 13 and 15 being the most heavily used. This doesn't match to the cores assigned to the vm (12,28,14,30) but maybe this isn't comparable.

It will be interesting if you get any help here. Those of us who use unRaid for outside the box tasks (not movie downloading and playing) are unable to get much help. You might try creating a VM inside unRaid that is more closely set up for this type of task. Of course if you can find a docker that would be awesome. But some tools are already built. https://www.reddit.com/r/DataHoarder/comments/6fcin1/scraping_subreddit_text/

I do a lot of rsync over ssh. Anything that makes it better would be appreciated Sent from my Nexus 6 that hates Tapatalk

What you may have not considered, is that you don't need dedicated GPUs for this kind of system. If you are willing to access the machine via RDP, all you need is internet connection. Then machines anywhere on the same network can RDP into VM's on the server. This is a much simpler way to use an unRaid server including VM's in an office environment. The performance of office apps like browsing, using ms office work just as well via RDP as directly connected to a passed through GPU. The beauty is no need to wire USB and HDMI cables all over the place. Even wi-fi connections are useful for this. But gigabit wired connections are best. What doesn't work well is gaming, and video streaming is still watchable, but not quite as good. What you need is a laptop and an RDP client. There are also thin clients.

All mine are from Tams. Yeah some of them had the guts removed and newer mb installed. Your problems are either power, mb, cpu, or ipmi card. Seems like you have tried replacing most of these. Since these are enterprise boxes with redundant PS, I wonder if power could be your issue. Can you boot them with a bog standard normal powersupply?

Some of us have used old Areca controllers to allow us to use several old small drives and bundle them up and present unRaid with a single large drive. For example 4 old 2tb drives can be hardware raided together into one 8tb drive and used as parity. It adds a level of admin complexity, but it has been done. Sent from my Nexus 6 using Tapatalk

What is the history of the parts you are testing? Did they once work? Do you have a spare mb to test? I had 5 of these and now have 2 still working. They have been rock solid. Sorry, don't have any salvaged components. Mine were dual core AMD. Mine are all working as off site remote backup servers. They are too slow and power hungry for daily use. (A raspberry pi sits listening at all times and when a server needs to do something the raspberry sends the ipmi startup command over the local lan. )

My use is purely business too. I have Win10 N (stripped of the media junk) running in 12gb of disk space, but it definitely grows with updates. A major update needs another 10gb minimum during the updating process so I usually go with 30gb for lightweight VM's but I have some that run in 20gb. Being able to easily grow the VM disk space would be nice.

So unRaid is not the bare metal hypervisor? unRaid is a vm itself inside Hyper-V? Would you consider using unRaid as the bare metal hypervisor? Win 8 was a virus that never got loaded on my machines (LOL). I transitioned from Win7 which I loved to Win10. I don't have any horror stories so far, but I have several dual 2670 rigs, on Intel 2600cp2 mb, and one of them is getting more duty as a bare metal hypervisor of Win10 RDP clients under unRaid. So far so good, but I only have less than 6 so far. With 128gb RAM, there is really no limit for me to continue this process. I have never let Win10 start with low RAM and then allow it to grow exponentially like you are. I usually just set them up with 8gb and forget about it. Maybe I should play around with your dynamic memory model??? My main complaint with unRaid as a bare metal hypervisor is requiring VM's to be shut down before you can stop the array. That is a pain and requires scheduling to make sure it doesn't affect other people...

Interesting use. Why 8.1 instead of Win10? All accessed via RDP? What are you using for RDP clients? How much memory for each VM? And finally, what problems did you have to resolve to make this stable enough for your business.

I use the same keyfile/passphrase on the backup server so that I can mount on the primary server. The problem is very puzzling and may simply be USB3 related. Formatting XFS-Encrypted on a backup server is the only convenient way today to add an encrypted drive to UD.