Synology NAS solutions questions
bikegremlin
ModeratorOGContent Writer
There are threads touching upon this topic, but it they are old.
https://lowendspirit.com/discussion/3721/your-advice-how-to-store-20-tb-of-data-raid-array-at-home/p1
https://lowendspirit.com/discussion/4170/building-a-home-plex-server
I am considering to get a NAS for backups. Could people with experience with Synology chime in and correct me if I got something wrong?
- It would be cool for it to be idiot-friendly, and easy to reach via Internet.
- Ideally, have two separate units, at two separate locations, sync with each other (or have one "main" and another one that syncs with it) - as I don't consider any RAID to be reliable enough as a backup, especially in case of theft or fire and similar.
- Full volume encryption would be very, very practical and welcome.
- Being able to play a 1080p mp4 film from it, without having to FTP-dowload the film would be nice, but not a must-have.
It is my understanding that Synology's DSM 7.2 offers a full-volume encryption.
https://kb.synology.com/en-global/DSM/tutorial/Which_models_support_encrypted_volumes
Questions:
1)
How does Synology's SHR RAID (so, not their SHR2) play with non-Synology hard disks (I'm eyeing Seagate IronWolf Pro NAS 8TB drives)?
They seem to "stongly discourage" the use of non-Synology drives with their SHR RAID - and say that one should use third-party drives with "classic" RAID (like RAID5 and similar).
2)
Does it make any sense whatsoever to go with a model that has 8GB of RAM?
Comparing the prices of DiskStation DS923+ and DiskStation DS1522+, one difference seems to be the extra RAM (923+ has 4GB, 1522+ has 8GB).
Right now, my best man Gox and I have under 8 TB of data worth storing, but that will grow over time. I was thinking about getting three 8TB drives in RAID5 (or Synology SHR if possible with third-party drives), then add one more 8TB drive if needed (Synology should let me do this and expand the volumes if I got it all correctly).
1522+ has more room for expansion, but I don't think we will use up the storage provided by 923+ in the next 5 to 10 years (though there is no amount of memory that human stupidity can't fill up).
I would rather not mess with building a NAS using desktop or similar stuff. If Synology software is as good as it sounds, it's worth the extra price IMO.
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Comments
1) Works perfectly fine, no issues with third party disks, it is basically just LVM under the hood)
2) Buy one that allow you to upgrade RAM, anything 16GB or above (after own upgrade) you will be bottlenecked by CPU anyway
Generally I have been very happy with my Synology, adding a NVMe RAID to store all your Docker containers or VMs make it really snappy. UI have been really easy for non tech-savvy people
The only disadvantage is the full volume encryption's key is default to be stored on the same device, so anyone who stole the whole unit can still decrypt it
Currently the best setup that works for me is self-host a remote key management system (KMIP Server) so Synology connects to it. Even if the server is offline you can manually unlock it using the .key file it generated
This script helps with both NVMe RAID and non-official storage
https://github.com/007revad/Synology_HDD_db
Sorry if it's a stupid question:
Is it not possible to just "mount" the drive/volume using a password (and have it require the password after having been turned off)?
Regarding RAM:
I don't plan to run any VMs.
Just host backup files, and occasionally watch an .mp4 film from the storage.
Do you thing 4 GB should suffice for that, or should I look for 8 (or 8 + expansion module with another 8 GB)?
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
4GB is fine, also stay away from any SMR drives. The Ironwolfs or Ironwolf Pros are fine, WD Reds are the ones to avoid. 923+ sounds good for your current use, you can always upgrade to a newer unit in future and the 923+ can be your backup NAS. Synology has a built in program called Hyperbackup (basically rsync behind the scenes) which enables one click backup of NAS to NAS/B2/other cloud storage.
You can also add more ram to the 923+ in the future should your requirements change.
For file sharing just share the data as a NFS/SMB share and your clients can see it that way
If you don't want prebuilt there is also openmediavault, unraid and/or freenas to look at
Nope I have similar concerns as what you have now before I own one
That would be the old folder based encryption with a lot more limitations. Sadly Synology seem to only focus on 2 options now:
.keyfile that were obtained during creation step)4GB should be sufficient but in my opinion additional RAM is very helpful for cache. Consumer SSD as a cache is quite bad as it can wear out quickly.
If the price for both your options (1522+ vs 923+) doesn't differ by too much, go for 1522+ as it comes with 1 more HDD slot, 1 more eSATA port and 2 more RJ45 port, which is very good for expansion (RAM is the less significant "pro" here as you can also do 4+4GB on your 923+)
Run XPnology on a standard x64 PC and you get the best of both worlds.
The all seeing eye sees everything...
I would rather avoid that, for several reasons (running a basically desktop PC and dealing with non-static IP connections to it).
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Curious, besides the hardware, what is the difference?
XPEnology is basically the OS Synology uses. Synology is forced to release the software to the public because GPL.
The all seeing eye sees everything...
Hardware is one thing - not a small one (decent quality hardware may be cheaper for lower performance, but isn't free). There's also the size and space needed (physical).
Also, connecting remotely to the NAS over a home non-static IP is another potential problem. I'd like to go with as close to set-and-forget and plug-and-play as possible.
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
I can see that.
This is nothing specific to {Sy,XPE}nology though. You'll need DDNS, which {Sy,XPE}nology conveniently provides a UI for it.
The all seeing eye sees everything...
Would be possible to translate the usage of such setup to a dentist? Thanks.
Dentistry is my passion
I've further looked into this - both the auto decrypt on boot and the KMIP.
Correct me if I'm wrong, but this seems like it was designed by idiots (pardon for the harsh language).
You could steal the NAS and get all the data.
Or, if KMIP is used - if KMIP unit fails or gets stolen, your encrypted data is lost - correct?
This looks like a deal-breaker from my point of view.
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Store and backup data you don't won't unauthorized people to see.
And share some family photos and films (this needn't be encrypted, but should be preserved, i.e. backed up).
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Interesting ! Many thanks for explaining it
Dentistry is my passion
You can probably you use a VPS to get around that. Haven't tried it but NAS connecting to vps with wireguard and you connecting to same should work.
Alternatively I know clouflare tunnels can get around the dynamic ip issue, but unsure if they'll freak out re loads of video data.
And then there is classic dyndns
Tailscale https://pkgs.tailscale.com/stable/#spks
re: xpenology/syno - I used to have one syno and an xpen as a backup NAS and then upgraded the synology to a newer model, kept old one for backup and then the backup xpenology as a backup backup NAS.
I was using Synology's Hyperbackup for ease of use, but have been migrating to Duplicacy (https://forum.duplicacy.com/t/duplicacy-web-edition-1-7-2-releases/7323)
A moment of inspiration:
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Smoking serbijan tobacco packet near the nice bike
Dentistry is my passion
For Serbian standards: while it is not in the bin, it is near enough!
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
I see no gremlin
How are the serbian bike roads??? How is the quality?
Dentistry is my passion
The best - all the bikes from Germany and Austria go here!
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Sorry I forgot to answer this question.
Yes I agree that it is a bummer that they implemented it this way. Yes there's a risk that when KMIP unit fails / gets stolen the encrypted data is lost.
However, this is what happened when you create an encrypted volume via KMIP:
.keyfile for manual decryption if necessary in the futureIn this case, the key is always stored at 2 places (1 in KMIP, another in your local device / laptop / mobile). When your Synology boot, it will first try to reach the KMIP server to auto decrypt on boot. If this failed, you can go to Synology DSM to manually decrypt it by uploading the
.keyfile.To be safe, you can encrypt the KMIP Server data / the
.keyfile using VeraCrypt or similar mechanism so it is securely stored unless you have the password.It is not user friendly for non-tech savvy, but it is a workaround that is useful enough that it is not a deal breaker for me
Thank you for the explanation. I agree that is the best way to do it as it is now.
I intend to wait a bit to see if they'll figure out how stupid their current key storage system is and fix it, as well as to hear feedback on how the HAT3300-8T and HAT3300-12T hard disks perform (the 12TB version is with helium so it could be less noisy despite having "higher revs"). My current pick for drives is Seagate Ironwolf, but if these are at least a bit more quiet, even if slower, and reliable enough - they are worth considering. The price in Germany seems to be on par with the Ironwolf, and it is my understanding that Seagate builds these for Synology.
Synology Plus (HAT3300) drive series specs:
https://www.synology.com/en-us/products/drives/hdd/plus-hat#specs
Looking for a not-too noisy and idiot-friendly solution, that is still secure enough in case of theft.
Edit:
If the full volume encryption remains broken, I suppose I could use encrypted folders, and store non-compressed archives there, just to avoid any path-length-limit problems?
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
I am using third-party disks as I dont want to pay for the premium (WD Ultrastar, Toshiba N300), both Helium. The noise is not bad because I store it inside a cabinet. I prefer getting drives from different vendor / models as it helps to reduce the risk of all disks failing at the same time. For some reason I dont have much luck on Seagate (all failed within 1 year) but would recommend the following:
The 5 year warranty on Enterprise drives mean you have less to worry about, can just send in RMA to get a replacement if anything goes wrong
The “folder” encrypt option seems to be allowing you to not store the key on the NAS.
A lot more performance lost, but it should be secure enough.
I’ve had very good experience with Toshiba so far. The prices are good too.
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Yup that's what I use before moving to full volume encryption. The biggest issue with that for me is there's a character limit of 143 characters (or 47 Unicode characters, which is quite easy to hit), some metadata is not encrypted as well. I didnt do any benchmark but full volume encryption should be faster.
Mix and match different brands so you can see which one last longer
Honestly - just get Ironwolf's and be done with it. With the money you save you can get a spare. Maybe buy from different stores so you get a range of serial numbers/batches. With the script I posted above you can use any drives and it marks it them as fine with the Synology - https://github.com/007revad/Synology_HDD_db - I just run it before and after each update. Synology has some arrangement with Seagate as they have extra Ironwolf health check support in the firmware but it's much of a muchness.
If you want silence the enterprise drives ones are usually louder, too.
I'm against WD Reds because of the SMR WD Red mess a few years ago and often Ironwolf's are cheaper in my region anyway.
Oh, and if you do go Synology always update the firmware/OS of the unit a few weeks after it's released - I always check reddit first to make sure it hasn't nuked the early adopters.