Welcome to Part 2 of an ongoing series about how I integrated the Synology DS1517+ into my personal photography workflow.
In Part 1 we already covered how you can integrate your Synology DiskStation into your Adobe Lightroom workflow and what services have to be enabled in order to access the file structure right from your laptop's Finder or Explorer window. Next to this, I showed you how to create a task within the Synology USB Copy package to create a local backup of your content on an external drive of your choice.
In this part, I'd like to show you some possibilities and insights on my remote setup for using the Synology DS1517+. Therefore, we cover topics like configuration of HTTPS/VPN access, cloud services for off-site backups and how to access the NAS from the internet, by using your laptop or mobile device.
Note: To keep this post in a reasonable size, I'll only explain some of the possibilities for remote scenarios, mostly of what worked best for me and my own workflow. Nevertheless, I will link further information at the end of this post and might also cover additional topics in the future.
Remote Access - QuickConnect vs. DDNS vs. VPN
When it comes to accessing your DiskStation remotely, you'll have several technologies to realise a connection between your client device and the NAS. Each of these approaches is based on a specific technology stack, therefore needs to be configured differntly.
The approach, which needs the least effort and knowledge to configure, definitely is Synology's QuickConnect. QuickConnect can easily be set up within DSM and allows you to reach your DiskStation from outside via the internet, without the hassle of setting up port forwarding rules and other settings on your router device. Setting this up makes it possible to access your content from everywhere, even by using Synology apps on your mobile devices. After providing the necessary information, you'll receive a customized URL, which from now on can be used to reach your DiskStation.
If you haven't already created a QuickConnect account during your initial setup of the DiskStation, you can do so by opening the Control Panel in DSM, and navigating to the QuickConnect tab.
Once you opened the QuickConnect settings, please activate the checkbox next to Enable QuickConnect. After that, you either need to provide your log-in credentials or register a new account for using QuickConnect. Please proceed respectively.
When logged in, you'll see your QuickConnect ID and the URL for accessing the DSM inside the blue box, like shown in the screenshot above. With the provided URL and ID, you'll be able to access your DSM from anywhere in the world via a web browser or Synology's mobile apps.
Please hit the Advanced tab on top of the window in order to tweak some settings for better performance.
Within the Advanced window, please make sure to check all settings, like you can see in the screenshot above.
The first option enables Synology's QuickConnect relay service, in case you can't get a direct connection to your DiskStation when trying to access it from remote. This can happen for example, when firewalls or foreign routers are involved, whose settings could block your connection and avoid forwarding your request to the NAS device. So make sure to keep this enabled for having a fallback solution in those moments.
The second option tries to create port forwarding rules on your home's router device. What actually happens here is, that the DiskStation tries to open the required ports on your router by creating a rule for each port. These rules define the reachability of your DiskStation from outside of your local network, like for example when accessing the NAS from the internet. Not all routers support this and this is where the relay service would act as a stand-in. If your router supports this setting though, you'll gain a noticeable speed improvement versus the relay option.
When all worked out, you know should be able to access your DiskStation with the provided URL from everywhere you are.
DDNS (Dynamic DNS)
While setting up a remote connection by using QuickConnect is pretty straightforward and easy to realise, even for beginners, using DDNS is way more complex. I don't like to go too much into detail here, as the setup can vary quite much, based on your devices and overall technical environment. In most network environments, devices get a new IP address from time to time. This means, that IP addresses aren't stable, and will be changed by the Internet service provider regularly. This would make it impossible to locate your DiskStation from outside, as you no longer would know the new IP address to find it.
To solve this problem, one can set up a DDNS (Dynamic Domain Name System) for the Synology device. It works in a way that you register the device under a stable domain name, which never changes. The device, in our scenario the DiskStation, will notify this domain service every time the IP address changes. So when you try to access your NAS from the internet, by using your registered domain name, the service immediately knows where to find the DiskStation, as he is aware its actual address.
To enable this feature, we have to set up several things, so let's get started.
First, we need to register for a service, which provides DDNS. There're several ones on the internet, which makes it hard to decide, but luckily Synology comes with its own, free DDNS service. To register for it, open the DSM Control Panel and navigate to the External Access tab.
Please press the Add button and choose Synology as a service provider from the drop down menu and hit the Register Now button, to provide further details. After that, you have to choose a hostname of your choice, provide an email address and password and you should also enable the Heartbeat functionality in order to receive alerts regarding the status of your mapped host. Further information to this can be found here.
Now please hit the Router Configuration tab on top of the window. Do you still remember when I talked about port forwarding rules and how QuickConnect uses the Synology relay servers to overcome this limitation, in case they're not set up on your router? Now this time, we definitely have to set up those forwarding rules, in order to make the Synology DiskStation reachable from outside the local network.
First thing we need to do here is pressing the Set up router button. This will run a test against your router device for retrieving information about if port forwarding rules can be automatically applied right from DSM. If your router passes the test, you can hit Next and Apply and then follow along with the steps below (Note: If your router isn't compatible, please read up on how to manually set up port forwarding rules in the user guide of your router device).
Once your router passed the test and you applied the changes, the connection between your Synology device and the router is set up.
Please hit the Create button on top. Check Built-In application as option and hit Next.
Here is where you choose which ports shall be opened on your router. This should be based on the functionalities or service you want to reach from outside. So please mark your ports of choice here and hit Apply (Note: You should only open ports that you really need in order to avoid security gaps. Imagine each open port to be a be a potential entry door for attacks).
Make sure, that your chosen ports are not blocked by your firewall settings. These can be found in the Control Panel -> Security -> Firewall.
Also, please make sure that you redirect each HTTP connection to a proper and much safer HTTPS connection. This can be done under Control Panel -> Network -> DSM Settings, like shown in the picture below.
Please check the option, which is framed in red in the screenshot above. This makes sure, that each and every connection request against your NAS will be redirected to a secure HTTPS connection and its related port.
Alright, so we're almost done with the setup of the connection. It actually works already but there is one thing, which comes with providing security through HTTPS connections. And this is having a valid certificate for your domain. By providing a signed certificate, the Synology DiskStation can verify its authenticity towards each requesting device, like your laptop or smartphone. This way the client device can be sure, that it's really the Synology device it's looking for and not something which only pretends to be your NAS.
As explaining the whole procedure of signing and integrating certificates would break the mold of this post, please have a look right here for further information about the setup and why this is important.
The third and probably most secure option to set up remote access is using a VPN (Virtual Private Network). This comes with some disadvantages though, which mainly is the reduce in performance and the additional software which has to be installed or configured on both ends, the NAS and the client devices. This approach wasn't an option for me personally and I therefore I won't explain the setup in more detail. Nevertheless, I you're an advanced user and plan to set up a VPN environment for a specific reason, please follow the steps described by the Synology Knowledge Base.
Using cloud services for off-site backups
Now, as we have finished the setup for accessing the Synology DiskStation remotely, it's time to talk about some further steps to improve your backup strategy. In Part 1, I already showed you how to create a local copy of your DiskStation content on a portable device, like for example an USB drive. But this process is only one segment of a successful and fully secure backup strategy. Therefore, I'd like to cover some more topics in this section, on how to increase your overall security when it comes to your content.
Let's recap which backup levels we have so far. First, your Synology DiskStation's drives should run on some type of proper RAID level. Optimally, this is at least SHR Level 1 (Synology Hybrid Raid), which is able to recover your complete content, even when one of the physical drives in the DiskStation fails completely.
But what happens if several of the drives fail at once?
This might be a rare scenario, but has been reported by users in the past already. An imaginable scenario for example could be, that all drives in usage have been from the same production batch, wich all could suffer from a same technical issue. But no worries, because in this case we still would be fine with our local copy on the portable USB drive.
What else could happen then you might ask yourself. Well, how about a house fire or somebody breaking into your apartment stealing the DiskStation and all your portable drives?
In both scenarios you would loose your whole data and in case you're a freelancer like I am or you otherwise earn proper money with your content, you'd be screwed in a heartbeat.
This is why you definitely need an off-site backup of your content, which has to be up to date at all times. Of course, you could store your portable drive at another place, like your parent's or friend's house. And indeed a lot of people, including myself, do this. But this process makes it really hard to keep your off-site backup updated at all times. If you work on your content every day, you would need to update those drives each day as well. Pretty time consuming if you ask me.
Thankfully, storing content in the cloud has become pretty affordable during the last years and there're plenty of providers to choose from. The other good news is, that Synology has made it really easy to connect your DiskStation with your provider of choice. They offer a package called Hyper Backup, which is a fully integrated application to store your content offsite, whether you choose their own, very powerful cloud service Synology C2 or some other provider, like Google Drive oder Dropbox.
Let's dive into this package and see what it can do for us.
Head over to the Package Center in DSM and hit the Backup tab on the left. Once you've done that, select Hyper Backup and press Install.
Once it's installed go ahead and open Hyper Backup. On the main screen you'll see plenty of cloud services and options to choose from. Most of us do own some sort of service, like DropBox, Chrome Drive or Amazon Drive. So for the sake of this post, let's just use Google Drive as an example. Please, scroll down and choose Google Drive, or whatever you would like to use instead.
The fist thing you have to do, is granting Hyper Backup permission to access the file directory of your Google Drive account. So please hit Allow and follow all further instructions.
Once that is done, we have to create a backup task within the DSM wizard of Hyper Backup.
For this example I created a folder named test_GoogleDrive_HyperBackup under which all my backups should be stored on Google Drive. You can choose whatever name you like and you also have to name a directory. I called mine just test. Please hit Next afterwards.
On the next screen you have to choose all folders you'd like to back up on Google Drive. In my case this is my folder test_HyperBackup, which contains a couple of pictures, I'd like to store off-site. Choose your folders and hit Next after that.
Synology Hyper Backup also allows you to store applications and their settings off-site. In case you like to do this, please check your apps and hit Next again.
On the next screen, you have to create a task name of choice and you also have to enable some settings for the scheduling. Please choose your preferred settings here and move on to the next screen for rotation settings. These settings allow you to specify the time and granularity of content you like to backup. I'd suggest you to enable rotation as Smart Recycle. It should fit most peoples needs and for further information please take a look here.
Hit Apply and a pop-up will appear asking you to back up now. Answer with Yes to start your first backup immediately.
Like in the screenshots above, your backup task will show you the overall progress and when it is finished. But there is much more to see by hitting the little buttons below the progress bar.
The Backup Explorer lets you restore your files and also choose different versions, once several backups have been performed. Next to this you also get insights into your backup statistics and a lot of possibilities to set alerts for different scenarios.
Congratulations, you've just finished your first off-site backup, which is a huge step forward into having proper and secure content management strategy. Make sure to run these backup tasks regularly to always be on the safe side.
In the next tutorial I will show some more insights into Synology's own cloud service Synology C2 and why I think it is the best solution for working professionals, owning a Synology device.
Stay tuned and thanks a lot for following along.
Previous Synology Posts: