When we initially deployed our handbuilt colocated servers for Discourse in 2013, I needed a way to provide a VPN channel in for secure remote access and troubleshooting. Rather than dedicate a whole server to this task, I purchased the inexpensive, open source firmware friendly Asus RT-16 router, flashed it with the TomatoUSB open source firmware, removed the wifi antennas, turned off the WiFi and dropped it off in our colocated rack to let it act as a dedicated VPN access point.
The scooter comparison is very true, even down to the material these things are made of (and the same rough edges here and there). Sure they don’t have Apple über attention to details, but they look neat nevertheless.
I also went down this route to secure my home network a bit more, and learn some things in the process. I picked almost the same hardware, but with wifi and a low power Braswell Celeron chip, since I am as concerned with performance as with power drain and heating (this thing is supposed to run at my place, I don’t want it to set fire to the cabinet where it sits). I once looked at Intel’s NUCs, but they are too expensive indeed, and the product configurations are impossible to figure out given their obnoxious names.
Mine will be replacing a much older Sheevaplug, with the added benefits of wifi, dual LAN, and much better performance. The Sheevaplug, although not under high loads tends to get quite warm in its plastic casing. These, whilst dissipating more watts (on paper at least), don’t come anywhere near the same temperature in normal operation.
Having a solid Linux distro to back these is a fundamental aspect to security. Constant updates are key, and being able to upgrade without spending a whole afternoon is important if you want to maintain a reasonable family life.
I actually just ordered a similar all-in-one box from AliExpress with a Celeron 1037U and dual Intel Gb LAN ports Link for use as a pfSense router at home. My 7+ year old Alix box can’t handle my upgraded internet speed, so it’s time for an upgrade.
Based on the testing of even this Celeron chip I’ve seen, this is massive, massive overkill for the bandwidth I have (150/150), but I wanted the ability to play with various packages and not have to worry about VPN performance.
For less than $200, you have a router that would give most commercial solutions costing 4x more a run for their money. It’s also much more stable, flexible, and powerful than the consumer junk routers out there.
With the copious AV inputs and outputs, these things look like they’d make pretty rad little home theater PCs as well (assuming your media is on a NAS or something and you don’t care about having an optical drive).
I also thought about buying a NUC6, but seeing this, the price of a NUC6i3 with Core i+ 6100U is even higher, than this, with the highest available Core i5 with Iris graphics. And also, the 5th gen Core i5 CPUs have much larger performance than the 6100U. I will consider buying this stuff instead of a NUC.
One thing to consider is the NICs included in your setup. It’s anecdotal of course, but all the boxes like this I’ve setup with Realtek’s have developed odd networking issues, especially when the system gets hot. Since I switched to units with Intel Gb NICs I’ve had no failures. Are these units you’re sourcing available with Intel NICs?
I’ve been using pfsense boxes recently just because they’re easy, but a lower cost, faster solution with Intel NICs would very appealing.
Jeff, you might be interested in this post I came across recently. This person ditched all their dedicated network appliances and replaced them with standard boxes running a general purpose OS.
Some years ago, I was working for a company where our “embedded” systems were really just hardened PCs in a form-factor not dissimilar to this. They were more expensive (again, because “hardened”), but I was pleasantly surprised by just how much firepower we could get out of even the older generation of that hardware. Of course, it helps that we weren’t trying to run any kind of GUI on these things, but still, they really just flew, with specs that made me think they ought to barely walk.
The PC industry has set up a narrative that you have to pay a lot for speed. That’s true for a desktop or laptop computer (especially laptop), because you’re also carrying the burden of a GUI and often doing a lot of relatively heavy things simultaneously, especially if you’re a coder. But when your needs are simpler, the exact same logic that says, “I could run a VM for that and it would be plenty fast enough” works here. And for something that needs to be dedicated, like a VPN box, real hardware makes more sense than a VM (and I love VMs!).
I’m considering doing this based on this and the Ars article. Is pfSense where it’s at in terms of setup/management for a router-based OS? I maintain three Linux boxes at home, plus three routers running DD-WRT, so I’m hoping this endeavor wouldn’t be too much to tackle.
Can you elaborate on mounting the 2.5 inch drive? From the pictures on AliExpress I couldn’t quite tell where the drive would go. The screws look like they are on the bottom, so does the drive go under the motherboard?
Judging by the pictures Jeff posted, the motherboard attaches to the cover, where the heatsink is. I would assume then that the drive goes on the base.
See my post a few up. I found a number of boxes using dual-Gb Intel, which I was specifically looking for due to pfSense (FreeBSD) being sometimes finicky with Realtek. Try a search on Aliexpress/Ebay for 82574L, which is a common Intel NIC chipset.
Well, we are expecting great network throughput from these boxes, so that’s a concern. Hopefully Ubuntu Server 14.04 LTS works better with Realtek network hardware than FreeBSD does… I guess we’ll find out!
I have two specific needs: it must be quiet, and it must have at least 6 SATA ports, 4 of which must be able to be routed to externally-accessible eSATA connectors. Has anyone seen a mini-PC that fits the bill? Details of the scenario follow.
My computer, in a standard plain black ATX case, was built 6 years ago and it’s getting about time to upgrade. I have an aftermarket quiet cooler on the CPU and a fanless dual-HDMI PCIe video card. The motherboard has 8 SATA connectors. Inside the case there’s an SSD as the boot drive and a BD-ROM/DVD-RW drive. Four of the remaining SATA ports are connected to two of these eSATA PCI slot brackets:
And externally those ports are connected to four of Thermaltake BlacX ST0005U SATA hard drive docks (Amazon ASIN B001A4HAFS–as a new user, I can’t post this as a second link).
With this arrangement I can easily insert/mount/unmount/remove my various (many) hard drives for my work. The optical drive is necessary, too, so I would need an additional fifth external SATA port for it in a mini-PC solution. And it would be great if it had a PCIe port for the card in my video capture setup (Matrox MXO2).
I haven’t seen a mini-pc that would fit your requirements yet. That’s a whole lot of eSATA.
How small do you want this thing to be? You could build your own with a Mini ITX case that has a optical drive and then use the same SATA to eSATA adapters. It won’t be as small as the box Jeff found but it might get you in the right direction.
Maybe the Thermaltake SD101 case with the Gigabyte GA-H97N motherboard? That has 6 SATA so you can use 1 for a boot drive, 1 for optical, and 4 for eSATA.
Both items are on NewEgg. I’d post links but I can’t quite figure out how to do that in Chrome on a iPhone.
EDIT: looks like that case has half-height/low profile expansion slots so you would need new adapters too.
Thanks for the input, Kevin. To answer your question regarding how small: “as small as I can get with these requirements”. The idea here was to finally join this revolution of miniaturization in desktop PCs that everyone else has got to enjoy. And yeah, as I figured, mini-ITX is probably going to be it.
The problem with the Thermaltake SD101 is that there’s only two PCI brackets. I’d need two for the eSATA brackets, one for the video capture hardware’s PCIe card, and, if the motherboard I choose doesn’t have dual monitor outputs, one for another video card. (I note that the Gigabyte board you suggest has both DVI and HDMI on-board.)
However, I suppose I could just cut out some of the venting on the lower back of the case, below the PCI brackets, and just run the four SATA cables out through there. That wouldn’t be a big deal. I’d have to machine down the MXO2’s card’s bracket, and unfortunately I can’t just cut the insertion end, I’ll have to cut the handle end and bend it back into an L-shape. Maaaybe I better wait for a cheap spare to turn up on eBay just to be on the safe side.
The idea here was to finally join this revolution of miniaturization in desktop PCs that everyone else has got to enjoy. And yeah, as I figured, mini-ITX is probably going to be it.