10 Oct 2025
The Zema Board 2 is presented as a capable and compact device, offering significant upgrades over its predecessor in processing power, RAM speed, and networking capabilities. It serves as an excellent foundation for a comprehensive home lab, adeptly handling virtualization, advanced firewall functionalities, and containerization.
The Zema Board 2 arrives with robust packaging, including a protective headband and a message emphasizing sovereign data control and digital pioneering. The device itself is perceived as a strong candidate for a firewall due to its solid, futuristic, and silver design, reflecting robust construction and modern aesthetics.
The Zema Board 2 maintains the same compact form factor as its predecessor but features a more contemporary futuristic design, contrasting with the Zema Board 1's retro-futuristic aesthetic. The Zema Board 2 is heavier due to its metal casing and offers an upgraded port selection including a PCIe slot, two SATA ports, two USB ports, a display port, and two Ethernet ports.
The Zema Board 2 is powered by an Intel N150 quad-core processor with speeds up to 3.6 GHz, representing a significant performance upgrade. It features 8GB of LPDDR5X RAM at 4800 MHz, effectively doubling the speed of the previous model, with a 16GB model also available. Networking is enhanced with two 2.5 Gigabit Ethernet ports utilizing Intel chips, a substantial improvement over the prior 1 Gigabit Realtek ports. The PCIe slot is upgraded from 2.0 to 3.0, and USB ports from 3.0 to 3.1. Graphics frequency increases to 1 GHz, and the device supports both fanless and active cooling solutions.
Early bird pricing for the Zema Board 2's base model, featuring 2.5 Gigabit NICs and an advanced processor, positions it as a premium device. A Kickstarter special offers a slight discount for early adopters, and a 16GB RAM version is available. Additional bundles include a PCIe NVMe adapter with a two-bay HDD rack, a Smart Home Kit (featuring a GPU docking station and a USB Wi-Fi 6 adapter for $400), and a comprehensive Master Kit priced at $769, potentially including two units.
The Intel N150 processor offers 40-70% faster performance compared to its predecessor, the N3450, attributed to its new Grace Mont core architecture which provides 35-45% better Instructions Per Cycle (IPC). The LPDDR5X RAM operates at twice the speed, significantly boosting memory performance. The integration of Intel Ethernet chips enables hardware offloading, a critical feature for high-performance firewall applications.
The Zema Board 2's X86 architecture is a key advantage, facilitating easy installation of Proxmox, unlike ARM-based single-board computers. The device offers full virtualization support (VT-x and VT-d), making it an ideal platform for hosting a robust home lab with multiple virtual machines and containers.
The strategic plan involves installing Proxmox as a type-1 hypervisor. This setup will host two primary virtual machines: pfSense, configured as a powerful firewall with advanced features like Intrusion Detection/Prevention Systems (IDS/IPS) and deep packet inspection, and an Ubuntu VM designated as a versatile lab machine. Additionally, LXC (Linux Containers), a feature integrated directly into Proxmox, will be utilized for running various other services with minimal overhead.
Setting up Proxmox required accessing the BIOS by pressing the Escape key to ensure virtualization settings were enabled, followed by booting from a USB drive containing the Proxmox ISO. Accessing the Proxmox web graphical user interface involved configuring a static IP address on the connected laptop, facilitating remote management of the device.
The pfSense ISO was downloaded, a process that required account registration. A virtual machine was subsequently created for pfSense, allocated 50GB of storage, two CPU cores, and 3GB of RAM. The initial goal involved using PCI passthrough to dedicate both 2.5 Gigabit network interfaces directly to the pfSense VM for optimal performance.
Attempting to pass through both network interfaces directly to pfSense inadvertently caused Proxmox to lose network access. The immediate solution involved deleting the pfSense VM and temporarily utilizing an external PCIe Ethernet card to restore Proxmox management. Subsequently, a virtual Linux Bridge was planned for Proxmox's management network. Identifying specific Ethernet ports within the Proxmox configuration, which lacked clear indications, was resolved by using specific command-line tools.
Following initial network connectivity issues on the WAN port, which resolved after a system reboot, pfSense was successfully installed. The WAN port was configured to receive an IP address via DHCP, and a LAN port was set up for the local network.
Snort, an Intrusion Detection and Prevention System, was installed and configured within pfSense. All available rules were enabled to create maximum overhead for performance testing, and a free Snort account was used to acquire updated rule sets. Snort was then enabled on both network interfaces.
To eliminate the need for the external PCIe card, a Linux Bridge (VBR7) was created within Proxmox and assigned a dedicated IP address (10.64.0.10). An interface on the pfSense VM was configured with an IP on this same network (10.64.0.1), effectively making pfSense the default gateway for Proxmox. This 'inception-like' setup restored Proxmox management access through pfSense.
An Ubuntu virtual machine, complete with a graphical user interface, was configured with two CPU cores and three gigabytes of RAM. This VM was assigned to the newly established pfSense network, which handles all its routing needs. DHCP was subsequently enabled on this network within pfSense to automatically assign IP addresses to connected clients like the Ubuntu VM.
LXC containers were explored as a low-overhead alternative to Docker. A Rocky Linux template was downloaded for a 'my little buddy' container. Due to incompatibility issues with Pi-hole on Rocky Linux, an Ubuntu container was then created and named 'Pi-hole'. Pi-hole, a DNS server for ad blocking, was successfully installed and configured on this Ubuntu container, and pfSense was updated to use it as the primary DNS server.
Initial iPerf throughput tests between the Ubuntu VM and a laptop connected via an unmanaged Gigabit switch yielded approximately 100 Mbps, indicating the switch as a bottleneck. When the laptop, featuring a 2.5 Gigabit port, was connected directly to the Zema Board 2's LAN port, throughput increased to 1.09 Gbps, surprisingly with lower CPU utilization on the Zema Board 2.
With Snort IDS/IPS enabled on both pfSense interfaces, throughput still reached over 1 Gbps during iPerf testing. However, CPU utilization spiked significantly, often exceeding 100%, demonstrating the substantial overhead introduced by deep packet inspection. Despite the high CPU load, the Zema Board 2 maintained impressive throughput for its size and capabilities.
A personal data breach experience highlights the widespread issue of data brokers collecting and selling personal information, as well as the advanced techniques like OSINT and AI used by hackers. Incogni, the video's sponsor, provides a service to automatically request and manage the removal of personal data from data broker websites, offering a solution to protect identity and save significant time.
The Zema Board 2 is highly lauded for its ability to operate a full home lab environment, including Proxmox, pfSense with IDS/IPS, multiple VMs, and containers, all within a portable form factor. Its primary limitation is the fixed 8GB RAM in the base model, which can be a bottleneck for extensive virtualization; the 16GB RAM model is recommended for more demanding setups.
The Zema Board 2 is highly suitable as a primary home lab device, a portable travel lab, or for creating an isolated, air-gapped network. It can host a UniFi controller in a container, allowing connection of an access point to establish a dedicated Wi-Fi network separate from existing infrastructure.
If all goes well, this device might be one of the most amazing things you can buy for your home lab.
| Feature | Zema Board 1 | Zema Board 2 | Performance Insight |
|---|---|---|---|
| Processor | Intel N3450 | Intel N150 (4 cores, up to 3.6 GHz) | 40-70% faster with Grace Mont cores (35-45% better IPC) |
| RAM | DDR4 (speed not specified) | 8GB LPDDR5X 4800 MHz (16GB model available) | Double the speed, significant for virtualization |
| Ethernet Ports | Two 1 Gigabit | Two 2.5 Gigabit | Major upgrade for high-speed networking and firewall |
| Ethernet Chip | Realtek | Intel | Enables hardware offloading, better pfSense performance |
| PCIe Slot | 2.0 | 3.0 | Improved bandwidth for expansion cards |
| USB Ports | 3.0 | 3.1 | Faster data transfer speeds |
| Graphics Frequency | 0.7 GHz | 1 GHz | Modest increase in graphics capability |
| Cooling Support | N/A | Fanless & Active Cooling | More versatile thermal management options |
| Architecture | X86 | X86 | Broad software compatibility, crucial for Proxmox |
| Max Throughput (IDS/IPS Enabled) | N/A | ~1.1 Gbps (CPU highly utilized) | Maintains gigabit speeds even with advanced security features |
| Primary Limitation | N/A | 8GB RAM (base model) | Can be a bottleneck for extensive virtualization; 16GB model recommended |
| Base Model Price (Early Bird) | ~$89 | ~$200 range | Considered a premium device; value dependent on specific needs and bundles |
