Building an Enterprise-Grade TrueNAS Storage Server

Views: 352
November 8, 2025

Whenever I explore "enterprise" solutions, I get frustrated, as their often exorbitant price tags lack added value. TrueNAS excels at delivering storage solutions using top-tier ZFS technology, even for its enterprise offerings, which are far more cost-effective. Major clients like NASA, Adobe, Cisco, and 60% of Fortune 500 companies rely on it.

TrueNAS modernizes how organizations store and protect data with a mission critical high performance self healing architecture, all while simplifying operations and drastically reducing costs. The platform harnesses the power of the legendary ZFS file system to easily scale unified storage with the reliability and performance demanded by virtualization, backup, and many other data-intensive workloads.

I follow a simple rule: evaluate the cost of each percentage point of availability or security and determine if it’s worth it. If I can achieve a high-availability setup with two or more replicated devices at half the cost of an "enterprise" solution, the choice is obvious—better uptime and availability at a lower price. After all, we’re engineers, not sales people!

Enough with the rant—let's move on. There will be another post about the "de-engineering" issue.

I’m a big fan of HP’s MicroServer line, starting with the N54L and continuing with the Gen8 models. My goal is to consolidate three production microservers (one N54L and two Gen8s) into a single, more efficient, and higher-capacity machine. This new server will improve resilience and overcome the four-drive limitation of the microservers. By moving to a 12-drive setup, I can improve data protection with two parity drives and include one spare drive.

The new server will deliver the following capabilities:

  • Primary Storage: Centralized storage for efficient data management across devices with monthly sync to Azure and Backblaze for off-site and disaster recovery.
  • Backup Storage: Secure backups for my computers, phones, and personal cloud services (OneDrive and Google Drive). Advice: Avoid relying solely on free cloud accounts for critical data, as their terms often disclaim liability for data loss, plus you don't have any kind of control about the data stored on their servers: Google refuses to reinstate man’s account after he took medical images of son’s groin. Even enterprise accounts can be wiped due to a misconfiguration: How Google Cloud Deleted a $125 Billion Account
  • Storage Snapshots (SMB Previous Versions): Automated snapshots with hourly, daily, weekly, monthly, and annual schedules, retained for 10 years.
  • Hypervisor for Virtual Machines: A platform to host and manage multiple virtual machines for my home lab.
  • Home Assistant Server: Dedicated hosting for Home Assistant to manage smart home devices in multiple locations.
  • Plex Media Server: A platform to organize, stream, and manage my photo and video library across devices.

One of the pools from a Gen8 microserver will be migrated as it is, a 4x4TB RAIDZ-1 pool while a new pool will be created from 8x8TB RAIDZ-2 with one spare, in total 12 drives and over 46TB of available storage.

Bill of materials:

Total cost: hardware 1536 euro + 1827 HDD storage = 3363 euro.

Similar setups from providers like Synology, Dell or HPE hover between 5300 up to 15.000+ euro.

Similar capacities and features from cloud providers like wasabi, backblaze, AWS S3, Azure Files are between 180 - 600 euro/month.

I recognize that the power supply remains a single point of failure in my server setup. To mitigate this, I selected a Seasonic power supply with a 10-year warranty for its reliability and longevity. For those unwilling to accept this risk, dual ATX power supply options are available such as FSP twins or Silverstone Gemini.

Accessing the IPMI interface:

After entering the defaults, the interface redirects you to set a new, stronger password right away.

ASRock Rack's IPMI interface is offered completely free of charge, requiring no subscription or licensing fees, with all core functions, including the remote console (KVM/iKVM) and virtual media mounting, fully accessible without any paywalls.

From the Remote KVM we can access the display, power on the server and mount the ISO image with TrueNAS downloaded from https://www.truenas.com/download-truenas-community-edition/

After mounting the virtual CDROM we can start the installation.

After installation we can access the web interface:

Disks and pool creation:

I will name the pool "OctoVault" (from 8 drives) and I will enable AES-256-GCM encryption with a passphrase stored on my YubiKey. TrueNAS supports native ZFS dataset encryption using AES-256-GCM, which is a high-performance authenticated encryption mode.

When you enable encryption on a pool or dataset, TrueNAS creates an encrypted ZFS dataset with the following key characteristics:

  • Algorithm: AES (Advanced Encryption Standard)
  • Key Size: 256 bits (military-grade)
  • Mode: GCM
  • Provides confidentiality + integrity/authenticity
  • Detects tampering (unauthorized changes)
  • No separate MAC needed
  • Performance: Hardware-accelerated on modern CPUs (Intel AES-NI, AMD equivalents)

RAIDZ2 means there are 2 parity drives. I am using 7 of the 8 drives as the 8th drive will be used as a spare. Total capacity will be a bit over 37TB.

During the pool creation TrueNAS will query the drives for the sector size. Most modern HDD drives are 4K native. TrueNAS will set the ZFS ashift=12 to enforce 4 KB (2¹²-byte) block alignment, matching the physical sector size of all drives in the vdev.

Modern enterprise and NAS HDDs universally use 4 KB physical sectors for density and efficiency. The Seagate ST8000NT001 drives are 4K native (4Kn), exposing 4096-byte logical and physical sectors directly to the host with no emulation layer.

In contrast, the Western Digital WD8005FFBX uses 512e formatting—emulating 512-byte logical sectors for legacy compatibility while maintaining 4 KB physical sectors internally. ZFS ignores logical sector emulation entirely and aligns I/O to the ashift value. Without ashift=12, ZFS would issue misaligned 512-byte writes, triggering write amplification: each 4 KB physical sector must be read, partially updated, and rewritten, inflating I/O by up to 8×, reducing sustained throughput by 30–50 %, and accelerating NAND-like wear on the platter. By locking ashift=12 at pool creation, every ZFS block maps 1:1 to physical sectors on both 4Kn (Seagate) and 512e (WD) drives, eliminating amplification, delivering optimal sequential and random performance, and preserving drive longevity across the mixed vdev.

To check for the ashift value we can look in the shell:

truenas_admin@truenas[~]$ zpool get ashift OctoVault
NAME PROPERTY VALUE SOURCE
OctoVault ashift 12 local

Initially the pool will be encrypted with a key, to change to passphrase go to Datasets - click on the pool name OctoVault - right bar menu Encryption and click Edit:

Everytime the system is restarted the pool will need to be unlocked.

Short and quick config:

  • move the system dataset to the boot pool (must be done before encrypting the storage pool)
  • configure the network, DNS, timezone, http to https redirection, show console messages, etc
  • configure the email method, I am using AWS SES, detailed 90% decrease in transactional emails cost – going to AWS SES
  • configure MFA
  • install Scrutiny for S.M.A.R.T. monitoring

Creating Periodic Snapshot Tasks

As I said, I am looking to have automated snapshots with hourly, daily, weekly, monthly, and annual schedules, retained for 10 years. This snapshots will be available in TrueNas for restoration, available to sync to off-site locations and also visible in the SMB shares as previous versions.

Having this tasks running without overlap is a bit tricky, let's see the table below:

Task Day(s) of Month Time
Daily 2-6, 8-13, 15-20, 22-27, 29-31 2:00 AM
Weekly 7, 14, 21, 28 3:00 AM
Monthly 1st 4:00 AM
Yearly January 28th 5:00 AM

Power consumption is between 130-160 W.

Conclusion: Unmatched Economics for Enterprise-Grade Resilience

The economics are unequivocal and indifferent to vendor positioning.
A one-time capital expense of €3,363 delivers 37 TiB usable in a fully redundant, self-healing ZFS RAIDZ2 topology - yielding €0.084 per GiB at deployment. Comparable cloud capacity (Wasabi, Backblaze B2, AWS S3, Azure Files) incurs €180-600 per month, translating to €6,480-21,600 over a three-year horizon.

The only recurring operational expense is electricity. Measured average consumption is around 160 W. At the prevailing European rate of €0.20/kWh, this equates to €280 annually, or €840 over three years.

Total Cost of Ownership (TCO): €4,203 - €0.11 per GiB amortized.

This build achieves enterprise-grade availability, integrity, and performance at a fraction of the lifecycle cost, with complete data sovereignty and zero recurring licensing or egress fees. The conclusion is not ideological - it is mathematical.

I’m not paying a subscription to store my data.
I’m not betting my backups on a terms-of-service clause.
I built a server that heals itself, encrypts at rest, survives two drive failures, and costs less in three years than one year of “enterprise” cloud.

Engineers solve problems. Salespeople sell fear.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.