Help Building Home PoE Surveillance System

[Cavalry Canuck]

Looking to set up a home security system. I would like to go with exterior PoE cameras that I can integrate into my current network, storing the video data on my NAS.

 

I’m looking for recommendations for Cameras, software, and any special consideration towards storage.

 

I don’t need the Cameras to be anything more than 1080p, but night vision is a must, and they must be able to operate in all weather conditions, including down to -40c ambient.

 

As to recommend programs, I really have no clue where to start.

 

For storage, my original intent for the NAS was to run 6 1TB Samsung Evo 860 SSDs in a software-based RAIDZ2/RAID 6 configuration. Will this be sufficient storage? I know there would be a lot of write/re-write cycles, so would I better off opting for a separate storage array dedicated to the video footage? If so, what kind of drives should I use, and how do I calculate my space requirements?

 

Sorry if this is the wrong sub-forum for this. I couldn’t find one with a suitable description.

[Theguywhobea]

I've been using some cheap bullet style cameras I found on Amazon that are over wifi and they have been outdoors for nearly two years now with no issues. Might not be typical, but they are 1080p (claimed) and they do night vision pretty well. 

 

For reference on your storage needs, I have 3 cameras recording 24/7 at 20fps and with a single 2TB Hard drive it gets around 23-25 days of recording time per camera.

 

As for software I have only tried QNAP's and Synologies. Synologies security camera software is much much better, however I think for both of these you have to pay a license fee to unlock more than 2 cameras.

[Cavalry Canuck]

1 minute ago, Theguywhobea said:

I've been using some cheap bullet style cameras I found on Amazon that are over wifi and they have been outdoors for nearly two years now with no issues. Might not be typical, but they are 1080p (claimed) and they do night vision pretty well. 

 

For reference on your storage needs, I have 3 cameras recording 24/7 at 20fps and with a single 2TB Hard drive it gets around 23-25 days of recording time per camera.

 

As for software I have only tried QNAP's and Synologies. Synologies security camera software is much much better, however I think for both of these you have to pay a license fee to unlock more than 2 cameras.

Thanks for the quick reply.

 

I suppose I should have said this in the OP, Wifi won’t do. Local thieves are beginning to use jamming devices that disrupt wifi signals. 

[Theguywhobea]

1 minute ago, Cavalry Canuck said:

Thanks for the quick reply.

 

I suppose I should have said this in the OP, Wifi won’t do. Local thieves are beginning to use jamming devices that disrupt wifi signals. 

Oh yeah I figured, I should have been more specific. I just meant to use it as kind of an example that you can get away with some decent security cameras even using the cheaper ones on Amazon and even if you're over wifi. For your reference I think I paid about $50 for each camera. I wish I had a better suggestion for these, but the only others I've done any research or seen anything on are the ubiquiti cameras

[metaleggman]

Hardware wise, I think any enterprise switch with PoE ports will work, so you won't have to spend too much on that.  Buying refurbished enterprise gear is generally a-ok, since they generally get upgraded fairly quickly.  That being said, if they are actively cooled, they will be loud.  So either throw it in a closet or look for a passively cooled unit.  I believe some switches are also managed, vs unmanaged, though I can't remember whether a managed switch would be helpful to you.  That being said, if you're using your wireless router to route your ethernet traffic, it might not be powerful enough to handle all the added traffic.  Some of the high end consumer wireless routers should be fine though.  If you do notice issues, look into building a small server to run pf-sense on.  Wouldn't have to be an insanely powerful rig, though a couple gigabit nics would be helpful.  If you went that route, you would use your current wireless router as an access point.  There's also the option of getting a cheaper consumer gigabit switch and using PoE injectors, but with enough cameras, you're better off with a PoE enabled switch (note, not all ports on a switch with PoE will be PoE ports.  Double check before buying so you have enough for your camera).

Can't say anything about cameras , but in terms of software, there's a number of open source solutions, like kerberos.io, iSpy, ZoneMinder, and more.  That being said, I've never used any of them personally, just looked at them when I was looking into uses for my server.  What's your server's spec?  If it's powerful enough, you could run something like kerberos in a docker container.  I'm assuming you're using some sort of appliance with ZFS support, since you mentioned RAIDZ.

For storage, you might want to switch to HDD for this, since constantly writing to a consumer SSD 24/7 will wear it out well before an enterprise HDD for sure.  Granted, consumer SSDs usually have more life than people think, but there's a reason companies will use HDDs.  The extra speed of an SSD won't matter, the storage is cheaper per TB, and there's no issues of write endurance.  I'd also suggest just using a mirror vdev, rather than RAIDZ, hell even a three-way mirror if you're particularly cautious.  You'll get faster resilvering times, which is important if you're worried about a failed drive.  RAIDZ1 and RAIDZ2 are more for when you need to still need to read and write heavy workloads during a resilver, afaik.  Since you're just writing to the drives for the most part, and the writes over the network won't be huge, a mirrored vdev will be more than adequate, and, as I mentioned, resilvering times will be faster.  The faster your drives are resilvered, the better; for my NAS, I'm using mirrored vdevs because I'm much more concerned of getting that second copy up and running and not using the data during the resilver, than having multiple drive failures simultaneously (though that's why I might go three-way mirrors down the line).  It's why huge RAID vdevs can end up failing during resilvering, with a second or third drive failing during the longer resilvering time, since RAIDZ resilvers are a CPU intensive workload.

And of course, make sure you have some sort of on-site and off-site back for however long you need this data to be persistent, since a mirror or RAID is not a back up (mentioning it just in case).

 

17 hours ago, Cavalry Canuck said:

I suppose I should have said this in the OP, Wifi won’t do. Local thieves are beginning to use jamming devices that disrupt wifi signals. 

Damn, I was wondering when that would start happening.  It's part of why I'd only go with a wifi solution if I also had some back up wired cameras.

[Cavalry Canuck]

4 hours ago, metaleggman said:

 

Damn, I was wondering when that would start happening.  It's part of why I'd only go with a wifi solution if I also had some back up wired cameras.

 

Yea. I don’t even know what those things cost. Seems pretty high end for a couple meth heads looking for something to take to the chop shop.

 

The NAS was originally intended as backup storage. RAIDZ2 was what I was going to be putting into it for that purpose.

 

I did some research into drives last night. Not sure to go with WD Purples or Seagate’s Surveillance, but for the use case HDDs seem to be the clear way to go. If I do integrate it into the NAS, I’ll make it a separate partition used only for video recording.

 

But this leads into my new/next questions. The NAS is just an old I3 4170. Will that be a sufficient processor for 3/4 different 1080p feeds? If not, can I just swap in a beefier processor from that generation, or will I need to build a dedicate rig? If a dedicated rig, what hardware would be sufficient?

 

As for the Switch, I was thinking about something like this: https://www.amazon.ca/TP-Link-Lifetime-Protection-Aggregation-TL-SG105PE/dp/B08D73YD5S/ref=asc_df_B08D73YD5S/?tag=googlemobshop-20&linkCode=df0&hvadid=459080112631&hvpos=&hvnetw=g&hvrand=5758020418569002074&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9001432&hvtargid=pla-995623112537&psc=1

 

While I do have a wireless router for tablets, laptops, and phones,  my house is fully wired. If possible, I’d like the Surveillance network to go straight from the switch to a separate network card on the NAS. 

[metaleggman]

21 hours ago, Cavalry Canuck said:

The NAS was originally intended as backup storage. RAIDZ2 was what I was going to be putting into it for that purpose.

Is it running FreeNAS?  You're mentioning RAIDZ2, which is a ZFS parity type.

 

21 hours ago, Cavalry Canuck said:

But this leads into my new/next questions. The NAS is just an old I3 4170. Will that be a sufficient processor for 3/4 different 1080p feeds? If not, can I just swap in a beefier processor from that generation, or will I need to build a dedicate rig? If a dedicated rig, what hardware would be sufficient?

From what I understand, that's a big "it depends".  I believe the cameras are sending encoded video to the computer, so it's not like you'd need to encode anything, the processor just needs to deal with file I/O and network I/O.  Now, decoding all 4 streams at once might be an issue, but it's possible you could just throw a cheap video card in there that could do hardware encoding.

That being said, if your NAS is using an old desktop chip, whether your current one works out or not, you might want to consider upgrading to a server platform, specifically an older Xeon chip paired with a server motherboard from someone like SuperMicro and some ECC memory.  You'll also get server grade features like IPMI, which is incredibly useful (though there are some i3 server boards out there, so you might be using one of those).  I just built homelab server/NAS for about $600 besides the cost of the drives.  It's got an 8 core hyperthreaded E5-2680 and 64gb of ECC ram on a SuperMicro X9srl-f in some cheap coolermaster case I found on Amazon, which will be plenty for me in the future.  You could, however, just swap a more powerful chip from the same generation; that would be a totally valid option as well.  My thinking, though, is that if you're considering doing all these server-y tasks, it might be time to consider investing in some server grade parts.  And you could use your current NAS rig as either an on-site or off-site backup (a friend or family's house), or if it's got enough gigabit ports or a gigabit nic installed, you could turn it into a pfSense server to upgrade your home networking setup.

 

 

21 hours ago, Cavalry Canuck said:

As for the Switch, I was thinking about something like this: https://www.amazon.ca/TP-Link-Lifetime-Protection-Aggregation-TL-SG105PE/dp/B08D73YD5S/ref=asc_df_B08D73YD5S/?tag=googlemobshop-20&linkCode=df0&hvadid=459080112631&hvpos=&hvnetw=g&hvrand=5758020418569002074&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9001432&hvtargid=pla-995623112537&psc=1

Looks good.

[Cavalry Canuck]

3 hours ago, metaleggman said:

Is it running FreeNAS?  You're mentioning RAIDZ2, which is a ZFS parity type.

I haven’t settled on which software controller I will use for the NAS. I only mentioned RAIDZ2 because ZFS is one of the options, and the NAS will have 6 SSDs in the OS/Storage Array.

 

When I was setting up RAID on my desktop, many members advised me to consider a software controller rather than the Intel controller. I went with the Intel controller for my PC anyway; but, I want to try a software controller for the NAS if only to develop my knowledge base.

 

If a software controller will allow me to run both the SSD array AND the separate Surveillance Storage Array (looking at running two 4TB WD Purples), all the better.

3 hours ago, metaleggman said:

From what I understand, that's a big "it depends".  I believe the cameras are sending encoded video to the computer, so it's not like you'd need to encode anything, the processor just needs to deal with file I/O and network I/O.  Now, decoding all 4 streams at once might be an issue, but it's possible you could just throw a cheap video card in there that could do hardware encoding.

That being said, if your NAS is using an old desktop chip, whether your current one works out or not, you might want to consider upgrading to a server platform, specifically an older Xeon chip paired with a server motherboard from someone like SuperMicro and some ECC memory.  You'll also get server grade features like IPMI, which is incredibly useful (though there are some i3 server boards out there, so you might be using one of those).  I just built homelab server/NAS for about $600 besides the cost of the drives.  It's got an 8 core hyperthreaded E5-2680 and 64gb of ECC ram on a SuperMicro X9srl-f in some cheap coolermaster case I found on Amazon, which will be plenty for me in the future.  You could, however, just swap a more powerful chip from the same generation; that would be a totally valid option as well.  My thinking, though, is that if you're considering doing all these server-y tasks, it might be time to consider investing in some server grade parts.  And you could use your current NAS rig as either an on-site or off-site backup (a friend or family's house), or if it's got enough gigabit ports or a gigabit nic installed, you could turn it into a pfSense server to upgrade your home networking setup.

Are the video streams stored in their encoded format, or are they decoded and then stored? I am far less concerned about bogging down the cpu to review footage than I am about bogging it down while processing and then storing the data. That being said, it looks like a substantial number of consumer grade NVRs in the 2014-2016 era actually used the I3 4170. So I might be good, or at least have something workable to begin with. In the long term, when I upgrade my PC, the 4790k that is in it now will replace the 4170 in my NAS.

 

As I alluded to above, the NAS is kind of a learn as I go project. I don’t have my head wrapped around a lot of server features and applications yet. For example, no clue what IPMI is.

 

I initially intended to build the NAS as strictly backup storage, and then figure out what else I could do with it/add on to it from there. Examples included things like as a Minecraft server, mini mining rig, making it accessible from the internet so that other friends/family members could use it as backup storage, etc. Giving it double-duty as an NVR was an option, but one I thought I would have more lead time in planning and developing. The recent spike in local crime, and how sophisticated it has become, has expedited this particular aspect of the project. Had I known I would immediately be diving into the NVR side of things, I would have abandoned the upgrade path I laid out and started off with better, all-new components.

 

 

 

Something I haven’t touched on at all yet. Can I also use the NAS as a firewall between the live feed and the rest of the network? What about securing the stored footage? I want to be able to easily access it from the rest of my home network and phone, without making it easy for anyone else to break into my network and access the feed/footage themselves.

[metaleggman]

1 hour ago, Cavalry Canuck said:

I haven’t settled on which software controller I will use for the NAS. I only mentioned RAIDZ2 because ZFS is one of the options, and the NAS will have 6 SSDs in the OS/Storage Array.

 

When I was setting up RAID on my desktop, many members advised me to consider a software controller rather than the Intel controller. I went with the Intel controller for my PC anyway; but, I want to try a software controller for the NAS if only to develop my knowledge base.

 

If a software controller will allow me to run both the SSD array AND the separate Surveillance Storage Array (looking at running two 4TB WD Purples), all the better.

Ahh, so you haven't fully setup the NAS yet, gotcha.  So this is good to know, because I can kind of explain how ZFS works.  Essentially what you would want is two data pools, one for your SSDs (say, for video production or something like that where you don't do a lot of writes, but want really fast reads), and another for your HDDs (since your surveillance cameras will be doing a ton of writing).  Inside of a pool are these things called vdevs, which are basically a collection of harddrives.  The cool thing about pools is that you can modify what vdevs you're using based on the use case.  For example, if you have 6 drives, you could run them in two three-way mirror vdevs, giving you the size of two of drives, you could lose two drives in each vdev, and you'd possibly get some really wild read speeds.  Or you could do 3 two-way mirror vdevs of two disks each, giving you a pool size equivalent to three disks.  But you could also do two vdevs of three drives in RAIDZ1, giving you more space than what you'd get with two drives, and each vdev could lose a disk.  And you could also do a vdev of RAIDZ2 will all 6 disks, and you could lose any two drives.  People could have good reason to use any of these setups.  And you could have a second pool just for your HDDs, likely in a mirrored vdev.

See how flexible ZFS can be? Add on the fact that with regular scrubbing of the drives (i.e. having the entirety of the drive read), it checks to see if there's any bit rot happening, which can creep up on you if you're not careful.

Mind you, TrueNAS Core, which used to be FreeNAS, takes up the entirety of whatever drive you use to install it.  You can't partition the drive so that it only uses some of that space.  This is where SATA DOMs can be useful, since they're small drives that, from the right manufacturer, have really nice write endurance.  Only issue is you'll likely need a molex adaptor to power it since they're generally meant to be powered from a port on the board, or through a specially powered SATA port on the board.

You also mentioned using an Intel RAID controller.  I'm not sure if you mean the one on your motherboard or not, but be sure to not use any sort of hardware RAID with TrueNAS.  You want to give it complete control over your drives.  Some motherboards can cause issues if they have specific RAID functions built in, but this is more of an issue when getting PCIe cards that allow you to hook up more drives to the system.
 

1 hour ago, Cavalry Canuck said:

Are the video streams stored in their encoded format, or are they decoded and then stored? I am far less concerned about bogging down the cpu to review footage than I am about bogging it down while processing and then storing the data. That being said, it looks like a substantial number of consumer grade NVRs in the 2014-2016 era actually used the I3 4170. So I might be good, or at least have something workable to begin with. In the long term, when I upgrade my PC, the 4790k that is in it now will replace the 4170 in my NAS.

I believe it is saved directly as a file, but check with the camera/surveillance software you use.  But yeah, I would imagine the 4170 should be fine to start out with.

 

1 hour ago, Cavalry Canuck said:

As I alluded to above, the NAS is kind of a learn as I go project. I don’t have my head wrapped around a lot of server features and applications yet. For example, no clue what IPMI is.

That's great!  You gotta start somewhere.  IPMI is Intelligent Platform Management Interface.  It's one few ways that you can interact with an enterprise grade server, even if it's turned off.  It allows you to manage power, fan control, enabling and disabling features, managing boot and bios options, let you load ISOs over the network to install operating systems, and even allow graphical access to what the computer is doing.  It's often referred to as "lights out management".  It's how a server admin can restart a computer or server even when they're on or off call somewhere else.
 

 

1 hour ago, Cavalry Canuck said:

Had I known I would immediately be diving into the NVR side of things, I would have abandoned the upgrade path I laid out and started off with better, all-new components.

At least in terms of enterprise related hardware, not only will you likely have to go used, it's often totally okay!  Companies generally upgrade hardware enough that most hardware doesn't get even close to their expected lifespan.  I bought an Intel enterprise SSD to act as a SLOG for my TrueNAS server (I needed an SSD with power failure protection), and despite having been powered on for a few years, it only had like 2 disk writes to it (meaning the entire capacity of the disk was only written to twice, which is well below the like 5 disk writes per day it was rated for).  My used Xeon worked great too.

 

1 hour ago, Cavalry Canuck said:

Something I haven’t touched on at all yet. Can I also use the NAS as a firewall between the live feed and the rest of the network? What about securing the stored footage? I want to be able to easily access it from the rest of my home network and phone, without making it easy for anyone else to break into my network and access the feed/footage themselves.

I'm not sure I'd call it a firewall, but if the network switch powering the cameras is directly hooked up to server, the only device that should see them is the server.  As to accessing the footage, you'd do this through a secure remote connection to the server itself.  If you wanted something more sophisticated, you'd need a prosumer wired router or a server running pfSense.  With those, you can create VLANs, which are virtual networks.  These allow you to wall off certain devices from one another, while allowing certain devices access, or access in a certain way.  People will sometimes use VLANs to wall off their IoT devices, since some of the devices manufactured in the last decade have weak security that allows people to take control of them (think that news report of strangers talking to children over IoT baby monitors).

One thing I'd recommend, assuming you want to backup your NAS/NVR to the cloud, plan on creating some sort of array (could be RAID0, it's what I plan to do) on your main computer, and have the server sync all the data (or some, whatever you want backed up) to that PC.  This way, you can back up the contents of your server to most personal cloud backup services.  Most don't support backing up network drives, since that reasonably would allow companies to back up the entirety of their servers for $9/mo.  There are some plug-ins for TrueNAS that can help sync stuff together.

 

[Cavalry Canuck]

2 hours ago, metaleggman said:

Ahh, so you haven't fully setup the NAS yet, gotcha.  So this is good to know, because I can kind of explain how ZFS works.  Essentially what you would want is two data pools, one for your SSDs (say, for video production or something like that where you don't do a lot of writes, but want really fast reads), and another for your HDDs (since your surveillance cameras will be doing a ton of writing).  Inside of a pool are these things called vdevs, which are basically a collection of harddrives.  The cool thing about pools is that you can modify what vdevs you're using based on the use case.  For example, if you have 6 drives, you could run them in two three-way mirror vdevs, giving you the size of two of drives, you could lose two drives in each vdev, and you'd possibly get some really wild read speeds.  Or you could do 3 two-way mirror vdevs of two disks each, giving you a pool size equivalent to three disks.  But you could also do two vdevs of three drives in RAIDZ1, giving you more space than what you'd get with two drives, and each vdev could lose a disk.  And you could also do a vdev of RAIDZ2 will all 6 disks, and you could lose any two drives.  People could have good reason to use any of these setups.  And you could have a second pool just for your HDDs, likely in a mirrored vdev.

See how flexible ZFS can be? Add on the fact that with regular scrubbing of the drives (i.e. having the entirety of the drive read), it checks to see if there's any bit rot happening, which can creep up on you if you're not careful.

Mind you, TrueNAS Core, which used to be FreeNAS, takes up the entirety of whatever drive you use to install it.  You can't partition the drive so that it only uses some of that space.  This is where SATA DOMs can be useful, since they're small drives that, from the right manufacturer, have really nice write endurance.  Only issue is you'll likely need a molex adaptor to power it since they're generally meant to be powered from a port on the board, or through a specially powered SATA port on the board.
 

Why the Hell isn’t this a pinned post in the Servers & NAS subforum? Thanks for the walk through. So with zfs, I could run the six SSDs in a RAIDZ2 array, and the two HDDs in a striped array?

 

2 hours ago, metaleggman said:

You also mentioned using an Intel RAID controller.  I'm not sure if you mean the one on your motherboard or not, but be sure to not use any sort of hardware RAID with TrueNAS.  You want to give it complete control over your drives.  Some motherboards can cause issues if they have specific RAID functions built in, but this is more of an issue when getting PCIe cards that allow you to hook up more drives to the system.
 

I’m using the Intel RAID controller on the PC, not the NAS. I have to admit, I’m pretty happy with how straightforward it was to setup.

 

I do have a concern about what you said regarding additional ports. The mobo I’m using is an MSI Z87M-G43. It only has 6 SATA ports, which will be used for the SSDs. I ordered an IO Crest 4 Port non-raid PCIe card to plug the two HDDs into. Will this setup cause the conflict you described?

 

2 hours ago, metaleggman said:

 

That's great!  You gotta start somewhere.  IPMI is Intelligent Platform Management Interface.  It's one few ways that you can interact with an enterprise grade server, even if it's turned off.  It allows you to manage power, fan control, enabling and disabling features, managing boot and bios options, let you load ISOs over the network to install operating systems, and even allow graphical access to what the computer is doing.  It's often referred to as "lights out management".  It's how a server admin can restart a computer or server even when they're on or off call somewhere else.
 

 

At least in terms of enterprise related hardware, not only will you likely have to go used, it's often totally okay!  Companies generally upgrade hardware enough that most hardware doesn't get even close to their expected lifespan.  I bought an Intel enterprise SSD to act as a SLOG for my TrueNAS server (I needed an SSD with power failure protection), and despite having been powered on for a few years, it only had like 2 disk writes to it (meaning the entire capacity of the disk was only written to twice, which is well below the like 5 disk writes per day it was rated for).  My used Xeon worked great too.

See, once the NAS was setup, being able to access it remotely from my PC is something I would have liked to do, if only to save me from having to swap around my keyboard/mouse/monitor (or buy a new set).

 

That’s not what I meant by new/used. I have no qualms about buying used equipment. Some of the parts I bought for my NAS were used, the only new parts being SSDs, the case, and now all the additions for the surveillance setup. What I meant was I had a bunch of old parts kicking around that I wouldn’t have otherwise integrated into the build.

2 hours ago, metaleggman said:

 

I'm not sure I'd call it a firewall, but if the network switch powering the cameras is directly hooked up to server, the only device that should see them is the server.  As to accessing the footage, you'd do this through a secure remote connection to the server itself.  If you wanted something more sophisticated, you'd need a prosumer wired router or a server running pfSense.  With those, you can create VLANs, which are virtual networks.  These allow you to wall off certain devices from one another, while allowing certain devices access, or access in a certain way.  People will sometimes use VLANs to wall off their IoT devices, since some of the devices manufactured in the last decade have weak security that allows people to take control of them (think that news report of strangers talking to children over IoT baby monitors).

So is pfSense something I could integrate into this build? I did my best to draw out my intended home network on my phone (thank God for Snapchat?). Yellow is my wifi/router/modem. My main switch is green. Red is my PC, printer, Xbox, PlayStation, etc. Blue is the NAS. Purple represents the PoE switch and Cameras. White lines are cat 6 connections. Only wireless device shown is the router/modem. I have ordered a network card for the NAS to facilitate the second wired connection to it. I would like to wall off everything below the dashed orange line in. Is this something I can do? 

[metaleggman]

On 2/17/2021 at 9:58 PM, Cavalry Canuck said:

Why the Hell isn’t this a pinned post in the Servers & NAS subforum? Thanks for the walk through. So with zfs, I could run the six SSDs in a RAIDZ2 array, and the two HDDs in a striped array?

Yup!  Though I think you mean a mirrored array, like RAID1; striped would mean half the data is on one drive, half on the other, like RAID0.  If you did mean striped, enterprise harddrives are fairly quick, quick enough to handle a few 1080p streams (I think 1080p is a MB/s or two, an enterprise drive is likely to be have sustained rights of big files at least around 50MB/s, if not higher (depends on capacity, number of write heads, etc.  (also there's plenty of more knowledgeable people here concerned ZFS or TrueNAS, I'm just the one who happened to see your post in the sidebar lol!)

Here's what one of my Seagate Exos x10 10TB (ST10000NM0086) drive shows:

I believe writing a large file (i.e. recording a video file) is a sequential task, so you should be able to easily handle 4 or so streams with a WD red NAS, Seagate Ironwolf Nas, etc., whatever the models are called.  Probably more like 10, even on the lower prosumer drives like the regular Ironwolves or barracudas.  Of course, before you install everything in your wall and such, you can let the cameras run a few days inside to see what their file sizes, network use (if applicable), etc.  If you get cameras that use H.264, you should be good with a lot of mechanical HDDs and just a handful of cameras.  If they're MJPEG (motion JPEG), maybe not though...those use a lot more bandwidth because it's an old, inefficient capture method.
 

 

On 2/17/2021 at 9:58 PM, Cavalry Canuck said:

I do have a concern about what you said regarding additional ports. The mobo I’m using is an MSI Z87M-G43. It only has 6 SATA ports, which will be used for the SSDs. I ordered an IO Crest 4 Port non-raid PCIe card to plug the two HDDs into. Will this setup cause the conflict you described?

It is a non-raid card, which is a good sign.  However, because of the fact it's not an LSI HBA controller, I'd steer clear mostly because it's chipset might not work with the drivers in TrueNAS, as well as the fact that it's using SATA connectors rather than SAS.  SAS is a more enterprise connection for faster mechanical drives that's backwards compatible with SATA, more or less from what I understand.  So with something like this is around the same price, because it's using sas connectors, you can break each sas port out to 4 sata ports using something like this.  So for around the same price, you're getting better better gear, from a trusted eBay refurbisher (apparently their store is popular in the TrueNAS community) and expansion of up to 8 drives.  Win, win, win, assuming you can return the product you ordered.  One reason I linked specifically to that eBay seller is because they make sure to flash the HBAs (or host bust adapters) to IT mode (initiator target), which is needed to bypass any RAID stuff and give ZFS full access to the drives.

 

 

On 2/17/2021 at 9:58 PM, Cavalry Canuck said:

See, once the NAS was setup, being able to access it remotely from my PC is something I would have liked to do, if only to save me from having to swap around my keyboard/mouse/monitor (or buy a new set).

 

That’s not what I meant by new/used. I have no qualms about buying used equipment. Some of the parts I bought for my NAS were used, the only new parts being SSDs, the case, and now all the additions for the surveillance setup. What I meant was I had a bunch of old parts kicking around that I wouldn’t have otherwise integrated into the build.

Ahh perfect then!  After you get the server running, the IPMI isn't as important, but good if you're on vacation and something borks and you need to reset the server, especially if somebody at home needs access for something (also if there's a power outage, you can turn the server on remotely once power is returned).  You can always access the TrueNAS Core web gui remotely, so those duties aren't connected to IPMI.  Honestly, as long as everything is properly backed up to the cloud, disk, VHS, whatever I guess, just try it with the current board and processor if you just want to get your feet wet, and upgrade down the line if you wish.  Technically, the longer you wait, the better stuff will be for a given budget lol!

 

On 2/17/2021 at 9:58 PM, Cavalry Canuck said:

So is pfSense something I could integrate into this build? I did my best to draw out my intended home network on my phone (thank God for Snapchat?). Yellow is my wifi/router/modem. My main switch is green. Red is my PC, printer, Xbox, PlayStation, etc. Blue is the NAS. Purple represents the PoE switch and Cameras. White lines are cat 6 connections. Only wireless device shown is the router/modem. I have ordered a network card for the NAS to facilitate the second wired connection to it. I would like to wall off everything below the dashed orange line in. Is this something I can do? 

So if you wanted to wall everything off below the dashed orange line, you'd have to run everything from a separate server running pfSense.  pfSense needs to be in between your internet and your network to properly manage it.  Generally people recommend having your network router run on a completely separate device for security reasons, but I think for a homelab, you'd probably be fine virtualizing it on TrueNAS core.  But I'm just giving you ideas about how far you can go with all this techie homelab stuff, maybe if you build another NAS down the line, your current build could act as a pfSense appliance.  If you did Virtualize pfSense, you'd have to pass your NIC to pfSense and somehow redirect the NAS's traffic through pfSense (not sure if this would be done virtually, or would need a NIC with enough cables for you to physically put a cable from a built-in or separate NIC to the NIC passed through to pfSense...it kind of gets complicated from what I know, so don't get too worried about pfSense just yet).

One thing to note about your diagram, though, do you really want your NAS walled off from the rest of your network?  What about running a plex or other media server and watching your movies on your consoles or phone?  I wouldn't worry too much about security stuff just yet; unless you happen to be Lara Croft or Nathan Drake, and some hackers are attempting to take down your security system for their raid on your valuables, the worst case I can imagine is someone trying to disable your cameras physically...like with a rock or spray paint.  Your biggest issue network/internet-wise would be accidentally leaving something exposed to the net, but that's not too hard to prevent.  Just make sure you don't forward any unnecessary ports, and when necessary, know how to protect the devices you're allowing to have ports forwarded from.  Running your pfSense device on another computer just helps to make sure something accidental setting on the hostOS doesn't muck things up.

Oh and when you setup your stuff, don't hesitate to message me for help.  I'd be happy to answer any questions.