Discovering the features of QNAP QGD-3014 - a hybrid of a PoE switch and a NAS
Usually, the infrastructure of video surveillance systems in buildings is hidden in telecommunication cabinets, installed in isolated rooms, away from prying eyes and ears. However, not every company can afford a dedicated space for NVR equipment, and an alternative solution may be to install a DVR at the workplace of an administrator or security officer. It used to look wild, but with the spread of the concept of peripheral computing (Edge), it began to be perceived as something ultramodern.
In general, QNAP loves experiments, and so far remains the only manufacturer that sells unusual, bold and bright solutions. The QGD-3014 model is just one of those. This is a typical 4-disk NAS for the SOHO/SMB segment, built on a 4-core Intel Celeron J4125 processor (Gemini Lake Refresh generation), with 8 GB of memory and a 16-port PoE switch. This device single-handedly replaces both the guard's terminal, and the gateway, and the switch and the host for launching containers and the center for automating the IoT park. Restaurants and hotels, shops and beauty salons should tear off such devices with their hands, but will they? Let's reflect.
Design
QNAP calls its brainchild not a NAS, but an Edge Smart Switch, as if hinting that storage functions are secondary here. You can argue with this, but many will agree with me that among other network switches, the QNAP QGD-3014 looks just beautiful. In design, the company has moved away from cubic blown shapes towards a strict horizontal layout with a matte-glass front panel and round legs. If this device is destined to be in full view of visitors or employees, it will definitely attract views.
In the central part of the front panel there is a segmented LCD screen with diagnostic information, and under it there are two rows of icons, buttons and a USB 3.2 Gen 1 port.
Storage subsystem
Disk compartments in the amount of 4 pieces are hidden behind a matte lid attached to magnets. The device has 4 3.5/2.5 inch bays, and it is recommended to use a pair of internal M.2 SATA slots for caching. In total, you can install six SATA drives in the QGD-3014: 4 for creating a Capacity layer and 2 for caching or for a Performance layer.
In the interface settings, there are functions for optimizing SSD wear, in particular, you can reserve an unmarked space to increase the number of spare cells of the drive, thus extending its service life.
It is important to remember once and for all: let the QNAP marketers call this device Edge Switch, but you and I know that it is primarily a NAS, so attributes such as RAID 0/1/5/10, Samba/NFS/iSCSI access, installation of additional packages for downloading from the Internet, data backup, snapshots, replication - all this has not gone away, and is fully present in QGD-3014, although we will not touch on this, since the features of QNAP file storage and various speed optimizations have been repeatedly reviewed by us in other articles (use the search).
Interfaces
QNAP has been implementing the idea of using a NAS as a terminal device for quite a long time, connecting it directly to an LCD screen or monitor. For these needs, the QGD-3014 has 2 HDMI ports with a resolution up to 3840x2160, and an additional pair of USB ports of the USB 3.2 Gen 1 standard, to which you can connect all the peripherals of the workplace through the hub.
Among the programs for organizing a workplace directly on the NAS, you are offered an office software package, a Firefox browser, a Skype client and, more importantly, a video surveillance system client, QVR Smart.
In addition to the actual console access to the NAS, you can configure a remote desktop connection via VNC.
Cooling
A 120 mm automatic fan is responsible for cooling the disks and electronics here, plus a second fan is installed on the processor, although this is an obvious excess, because the CPU consumes no more than 10 watts. Interestingly, even if you have programmatically turned off the NAS, the fans continue to spin, cooling the power supply and the network switch.
Included with the NAS are two small radiators for RAM chips, which you can glue onto the chips of SSD disk controllers if you install them in M.2 slots.
Network
Of course, here the functions of the network hub are given a central place. Physically, the switch is placed on a separate board, and in general is an independent device that can even work when the NAS is overloaded to install updates or is turned off in Standby mode. Yes, even when you turn off the QGD-3014, power is supplied to the PoE ports and network traffic between the Downstream ports passes. A total of 16 PoE ports are installed in the device, of which 2 have a hybrid RJ45/SFP design.
The network topology of the device is quite interesting: QNAP QGD-3014 has 2 physical 2.5-gigabit RJ45 ports, which are used for NAS functions, for access to embedded applications and containers. They are implemented on the basis of Intel i225-V controllers, one for each physical port. In addition to this, the device has two internal network ports on a very good 1-Gigabit Broadcom BCM5720 server controller, which are designed to communicate with a PoE switch. For internal network controllers, a DHCP server is running, distributing by default the IP addresses 169.254.6.60 and 169.254.6.65, which you can change manually. By default, these two internal network controllers connect the Downstream ports of the PoE Switch to the Docker NAS network, which runs its own QNAP NVR applications. That is, by default, the PoE network is isolated from the corporate network, to which the NAS is connected via 2.5-gigabit interfaces.
In general, QNAP has a very good, perhaps the best-in-class NAS network management tool, with clear visual diagrams, which will be very useful to us in understanding the setup.
As can be seen from the diagram, the internal adapters are connected to the NAS Docker network, which is necessary for the operation of video surveillance applications installed in containers. It should be understood here that the connection speed of IP cameras with the NAS will be limited at best to 2 Gbit/s, that is, the total speed of the internal two adapters, which corresponds to approximately 128 Mbit/s per 1 PoE switch port. According to research by Fortinet, 5-megapixel IP cameras with H.264 codecs create a network stream of up to 8 Mbps each, and usually even less. The full report can be found on the company's website (read PDF), and the table below shows data for different IP cameras with the H.264 codec.
That is, the speed margin between Downstream and NVR is huge here, and together with video surveillance functions, you can also bring Wi-Fi infrastructure, IP telephony or IoT to the Downstream. However, to do this, you will need to configure Internet access, which is not available by default for PoE ports. The easiest way to do this is to create a virtual switch that will combine Upstream and Downstream networks in bridge mode. When configuring, we cannot choose the Dowsntream port, and this is natural, because the PoE switch, as mentioned above, works independently of the NAS, but we can choose internal network adapters connecting the PoE switch and the NAS.
For the resulting bridge, you can set the NAT mode to hide all clients connected to the PoE switch from the corporate network, or simply give them access to the Upstream network, and in this case the entire NAS will act as a switch. The connection speed between 1 Downstream and 1 Upstream ports via a software switch is 947 Mbit/s, that is, the maximum for a 1-gigabit port, and the processor load of the device increases by only 10% when processing network packets.
To differentiate the access of Downstream clients to services running on the NAS, you can use the Guardian vSwitch mode, which gives us the opportunity to create isolated VLAN connections with PoE switch ports on one internal NAS network interface. In simple terms, you configure the mapping of tagged traffic on the internal interface and VLAN ID on the PoE ports of the switch, which is recommended when using the switch in the distribution layer of the network. For example, if you want to connect cheap access points to separate ports instead of IP cameras without advanced security settings, and give them to IoT/AVR devices using a management system running in a virtual machine on the NAS.
Please note that we are not talking about simple isolation using VLAN tags, as on any other managed switch - we are talking specifically about a virtual network interface, which in the future we will be able to connect to the VM in the Virtualization Station, for example, in the pfSense software gateway.
The following diagram shows that we have made basic settings: our NAS, like all its services, is connected to the company's general network, the PoE switch ports are installed on the Container Station, in which video surveillance applications are running (which we'll talk about a little further), and one port is isolated from others in the local network and routed to the enterprise's general network through an access gateway, where we can wrap traffic in VPN tunnels for greater security and communication with branches.
Perhaps this will put an end to the issue of configuring the network topology and isolation of services running on the platform. As you can see, everything is very simple and visually understandable, although it is a pity that a virtual switch cannot be thrown into the container network. But, life is not limited to internal services, and let's look at the settings of the switch itself, since in our review it is of the greatest interest.
The built-in switch supports the PoE+ (802.3af) standard on all 16 ports with a total budget of 140 watts, with a port limit of up to 30 watts. This allows you to connect even outdoor access points and heated IP cameras to the switch, which easily consume 20-25 watts, although a conventional indoor IP camera or access point usually takes 4-7 watts. In the settings, you can limit the connection speed to 10 Mbit/s per port in order to increase the range of operation if the device is unstable at a distance of 100 meters via cable, but there is no long-range function, which is so in demand when laying cables over a distance of 100 meters.
The switch is built on the Microsemi SMBStaX VSC7425 processor, which is a single-chip solution with 18 ports with integrated PHY. This processor supports such second-level functions as VLAN, QoS traffic prioritization, channel aggregation (LACP + Static), port speed limitation, IGMP Snooping support, loop protection, and basically that's it. The switch has a 4 Mbit packet buffer, which is enough to work with an intensive file load. In general, this is a modern processor designed for such interesting integrations. It has a computing core with a frequency of 416 MHz for management and supports connection via the API, therefore, a separate application QuNetSwitch is allocated in the QNAP interface to manage the switch.
Of the interesting features, I would mention power prioritization, thanks to which you can turn off unnecessary devices while remaining within the acceptable PoE budget if power on other ports suddenly increases. This happens at access points when the power consumption increases twofold from a high load. Another option for power management is to enable PoE on a schedule: this way you can save not only the total budget, but also the electricity consumed.
Surprisingly, the switch has basic L3 functions, in particular, you can configure the rules for passing TCP and UDP packets between IP addresses. There is no filtering by MAC addresses - this function is already obsolete today, but what is missing from the fresh one is the PoE Watchdog function, which automatically overloads hung devices. In the world of video surveillance today, this is a very useful thing!
The switch receives an IP address via DHCP from a virtual switch with internal adapters, so that from Downstream devices it is theoretically possible to connect to its Web panel, bypassing the common QNAP interface.
Video surveillance
Today, QNAP offers a modern NVR Pro video surveillance platform capable of meeting the requirements of most customers. The system scales up to 16,000 cameras, and the basic free license allows you to connect up to 8 IP cameras at once. For live viewing, there are QVR Pro clients for working via a local HDMI monitor, mobile applications and, of course, a classic client for workstations on Windows, Mac OS and Linux.
Also in the arsenal of QNAP there are software packages for face recognition and compiling statistics on visits. Moreover, the analysis can be performed both live from the camera's RSTP stream, and from the archive of video recordings.
In general, the topic of video surveillance on QNAP is extensive enough to fit into our review. We will try to make a separate analytical article on it in the future.
Technical specifications
- Device class - PoE Edge Switch / NVR / NAS
- CPU - Intel Celeron J4125, 4 Cores, 2.0-2.7 GHz
- RAM - 8 ГБ (2x 4 SO-DIMM DDR4)
- Storage bays:
- 4 x SATA 3.5/2.5 Hot-Swap
- 2 x M.2 SATA 2280
- Network interfaces:
- 2x 2.5 Gbps
- 14x1 Gbps PoE+ RJ45 + 2 hybrid RJ45 / SFP 1 Gbps
- Internal 2 x 1 Gbps
- PoE specifications:
- Total power budget: up to 140 Wt
- Single port power up to 30 Wt
- PoE+
- Internal power supply unit 110-240V
- Dimensions: 130х295х224.8 mm
- Weight: 4 Kg
Modern Celeron-level processors are quite sufficient for the operation of network gateways, simple RAID arrays, video surveillance systems without artificial intelligence and home automation control systems. During all our tests, the CPU usage did not exceed 40%.
Conclusions
No one knows what the ideal Edge device should be, so each manufacturer does something different: someone suggests attaching servers to walls, someone naively thinks that there will be a server rack and a cooled cabinet everywhere for him, and QNAP says that in any place, be it a geological exploration tent or a mobile office in a converted bus, there will always be a desktop on which there will be a place to install such a beauty as QGD-3014, and I agree with them.
What I liked:
From a technical point of view, the NAS is exactly what should take root in Edge conditions, because for decades its software has been refined, polished and added new functions so that it "is able to do everything!". And he can, so if yesterday you were required to transfer the infrastructure to virtual machines, and today to containers, you will run both yesterday and today on it, and what will happen tomorrow. Recently, there was a requirement to isolate access at the L2 level from inside the perimeter - and voila, QNAP can do it, and everything is configured from a single interface. For those who like to hide clients behind NAT, there is also a complete order here, as well as for those who just want to connect all interfaces to a common network without bothering with routing.
What didn't you like:
The main drawback, from my point of view, is that QNAP cannot consolidate its functions, and the same direction is spread across different applications. In our review, you saw that the parameters of the network switch are configured in one window, the device network is configured in another, the main QVR Pro platform is supplied for video surveillance, and additionally, if necessary, programs are installed to expand functionality: QVR Center and QVR Guard. The NAS interface grows and becomes too cumbersome. Plus, it's time to release a single cloud service for monitoring and predictive response to possible breakdowns - we've been waiting for this for years. The switch does not have PoE Watchdog functions and the ability to connect IP cameras via a cable longer than 100 meters.
In general, QGD3014 is a great fresh idea that will save on connections and facilitate the setup and further maintenance of the network.
Michael Degtyarev (aka LIKE OFF)
19/01.2022