Why FreeNAS and pfSense Are Not Comparable

  • Service Provider

    It has come up, and I admit it is an intriguing question, as to why products like FreeNAS, NAS4Free or OpenFiler are warned against and products like pfSense or SmoothWall are not. In both cases we are talking a standard OS, adding a simple to use interface and packaging it so that end users get an appliance with a simple, dedicated interface to do a single task or set of tasks (SAN or NAS storage on one hand, firewall on the other.) So why is one perfectly fine and the other such a bad idea?

    There are small factors, such as complexity, which should be considered. But these are not universal. One very large factor, however, is universal:

    Storage is highly stateful while other types of appliances are highly stateless.

    This mostly sums up the issues at a technical level. But let's expand at the business level:

    Other services are trivial and non-critical to replace or work around. Storage is uniquely positioned as high risk because we face not only an inconvenience but the possibility of loss of data.

    Everything we do when talking about reliability, security, etc. is talking about securing our storage, at the end of the day. Storage is where all of the data and value resides. Storage holds the financial data, the customer data and other things that can not be recreated. Everything else in IT is IT, it's the infrastructure. Storage is the one place where we hold everything else, the one system where the impact is not an IT impact but a business impact directly.

    To give it an analogy, think of the entire IT infrastructure as Ft. Knox. The firewall is the guard station and the outer fence. The storage is the gold itself.

    The US Government might be annoyed if the guard stations, fence, buildings, vehicles, etc. from Ft. Knox. But all of those things on their own are ancillary. All of them only exist to protect, service or use the gold that is stored there. They are all replaceable, the gold is not. Don't treat your gold supply the same as you treat guard station; don't confuse the stuff that matters with the things that only matter when they are in the service of the thing that matters.

  • Service Provider

    From a perspective of stateless, it is relatively trivial, and often actually trivial, to reproduce or recreate any aspect of an IT infrastructure as long as the storage is still intact. In many modern cloud architectures we can actually rebuild an entire network in a matter of minutes without needing to go to backups or to even take backups. Data storage is unique as the only component of many modern network designs that even has a reason to have backups taken of it!