Synology IT support service is provided by our consultants both on-site and remotely.   We consult on more advance configurations. Here’s a scratch guide for a variety of random stumbling blocks to setup the Synology along with some well written resource links to get you started or contact us for on-site technical support today!

Quick Link Resources:

What Type of Organization requires Synology IT Support?

We found that most residential users use the Synology for photo and video archiving.   Businesses ranging from 2 to 20 use shared folder, map drive, and Synology Drive.   We have introduced many to imaging and cloud backups of email and file storage. It gets really interesting how the 20 users on up.  Lots of creative departments add it with limited knowledge of maintaining it long term or they hit a wall on scalability.   File distributions that lean on Azure and on-premise traditional server environment are some additional common uses we run into.

Recommended Synology’s NAS – Under 20 Users

Creative Department & Rackmount Solutions

 

How much space, processing power, and redundancy do you need?

Talk to a network consultant, our Synology IT support team, or Synology sales but a nifty little RAID calculator and NAS configurator will help with your decision.   Do not forget processing power and memory as key factors in your Synology purchasing decision.  For instance, an individual utilizing this for home running Plex and or surveillance requires a + series processor.  The 2 bay illustrated above will be fine for that.  It becomes questionable if utilize the Synology NAS for performing virtualization.  At the very least, upgrade the RAM but the 2 bay (DS218+) becomes questionable beyond one virtual OS.  The more robust 4 bay, more storage options, more processing power becomes the more fancy option.  However, the 2 bay should be fine for most budget concerned individuals.

Discovering your Diskstation on the Network  (After Synology has arrived and powered up for the first time)

Go to http://find.synology.com for discovering the device and initiating setup.

ProTip! Sometimes the URL above does not work because your firewall maybe prohibit it from scanning your network.  Use Synology Assistant or  some LAN scan tool instead.

Initial Setup Defaults include:

  • Create user admin account that is not “admin” and possibly a backup admin account to that. IMPORTANT: Disable “admin” for security purposes
  • No share folders on setup on the volume unless default packages are installed

 

Required Packages for Media and Syncing

  • Videos Station – Installs “video” share folder containing home video, TV shows, and movies.  *Create a service account called “media” if you plan to install this.  The service account will be used for network devices that will connect to the Synology.
  • Cloud Station – Creates file and folder sync. It requires you enable “user home folder” service.
    *To enable user home service, go to Control Panel > User > Advanced, and tick the box next to Enable user home service.
    *Click here to learn more about restoring previous files with CloudStation

Creating Users

  • Add two administrator accounts as a CYA measure and disable the default admin.  Otherwise, you will need a pin to reset the admin credentials.
  • When adding users, do not assign to groups, shared folders, and applications unless they are already setup.
  • Drop “everyone” from folder permissions of user’s “homes” folder if you run into a configuration issue
Synology IT Support in San Diego

Synology Group Setup

Pro Synology IT Support Tip!!

***The admin account has a strong possibility of getting hacked as you enable more remote services. Please limit your remote services and create additional admin accounts as a backdoor. Two Factor authentication will also help secure each account but reduce ease of use for the end users.

Groups

  • Groups are not assigned to shared folders upon initial setup because shares should not be present.  Same goes for Applications.
  • Once groups are set, add new users to place in the corresponding groups.  Administrators will need permissions to access Group folders.
  • Go back to “users” to add to the correct “groups”

Folders

Enable user homes service to create a personal home folder for each user, except for guest. All users can access their own home folder via CIFS, AFP, FTP, or File Station.

Users belonging to the administrators group can access all personal folders located in the homes default shared folder. The name of home folder is the same as the user account.

To enable the user home service:

  1. Check Enable user home service.
    *Users, advance tab… 2-step verification located there too.  It’s great security but annoying and sometime unreliable login process.
  2. If there are multiple volumes, select where you want the homes folder to be stored.
  3. Click Apply.

Additional Folder created:

  • Homes – Personal user home folder
  • Home – It’s a link to the user homes folder. Do not give readable permissions for users to “homes”

*The User Home feature automatically creates a “home” folder for every user account (except “guest”), which not only provides each user with a private space to store data that is only accessible by the user and DSM administrators, but also eliminates the time and efforts spent in repeatedly creating “home” folders for all accounts.  More folders are created under each user name as more services are installed that require personal access.

Synology ServicesDocuments folder is added for windows folder redirection.  This works well in a desktop environment but can be a mess in a laptop environment.  Microsoft Folder Sync in a workgroup environment does not help the remote cause just simply adds more frustration.

 

Remote Accessibility and The Most Secure Options

There several options for your users and the synology IT support team can connect remotely:

1) https://custom_DSM_name.synology.me:5001
3) https://QuickConnectID  ***not recommended
4) https://custom_DSM_name.your_domain_name.com
5) VPN

Three is the easiest but does not secure your data completely.  Four is pretty secure and intuitive naming convention if you purchase the third party SSL mentioned above.  Five is the most secure but kills the use of the DiskStation mobile apps.  In this case, look into integrating Box app with Synology Cloud Sync.  2) Is the free and relatively secure option.  The web browser still prompts you with that scary “this server is not secure” message but otherwise you are good to go.  It doesn’t confirm with a third party database saying this is indeed the server you should be talking to and not some crazy man in the middle attack.

  • Enable services like DynDNS or Synology.me in control panel, external access, DDNS.
  • DSM – Disk Station Manager – Allows users to remote in on their desktops from a remote locationQuickConnect:

QuickConnect is the alternative to DDNS access.  It comes in handy when you don’t have access to the router GUI admin console.  Register QuickConnect ID. Quickconnect is essential service for avoiding poking holes in the firewall. ***Please Note***
QuickConnect is not encrypted. Sensitive data could be exposed.  Bottom line.  I prefer DDNS or a static WAN IP situation.

Enabling QuickConnect triggers the following services active:

Cloud Station – Enable Basic Features

Generally users can and should have access to the application called “Cloud Station Server” unless you really don’t trust them.  In that case, terminate the user.

synology it support

Cloud Station – Shared Folders Syncing

  • Privileges – Services Account enabled. Deem one user account for Cloud Station purposes.
    *change to read/write for service account
  • Folders – Share and sync specific folders (see picture below) to be shared amongst Synology devices

Note:  Check package service is running.  Stop and Start if backup is failing.   Cloudstation service does not appear after install.  It requires reboot. Files on the diskstation are located /homes/username1/cloudstation

Cloud Station

Cloud Station

Cloud Station Drive

Make sure you enable the group or user for access Cloud Station access to the shared folder.  Go confirm if you checked the users application privileges within Control Panel > User > UserName > Edit > Applications and make sure the user has privileges to the Cloud Station Server application

synology IT support

Share and Drive Mappings

Create shares not NFS files and folders unless necessary.

  • Share data or contents shouldn’t be revealed unless authenticated \\diskstation
  • User home folder appears under \\diskstation\home (windows) if authenticated with that user and is a link from path /homes/user_names on Synology
  • \\DISKSTATION\home

-Remove credentials in windows manager

-From command line, check net view

-From command line, check net use. Net use * /delete to remove legacy network connections

  • Map below after all old network connections have been removed. Diskstation_name\user_name

Backup Options  ***Complete command line instructions and http authorization

Hyper Backup – Definitely Recommended

Synology Cloud Hyper Backup – Recommended

  • Use Synology C2 for backing up to the cloud.

Crashplan and Synology Backup – Not recommended

iDrive Backup – Synology iDrive App – Not recommended

If you have logged in to the System as a different user other than Admin, you could face this issue. You should go to vi /etc/passwd file, change /sbin/nologin to /bin/sh corresponding to your username, and then refresh the application browser. Read more or reference below…

I am unable to launch the iDrive backup application. I am getting a 404 error in the browser. What should I do?

  1. Log in to the Synology machine via SSH as admin.
  2. Run the ‘sudo su’ command and enter the admin password.
  3. Run the find command ‘find /usr/local/ -name IDrive.conf’
  4. Find command will display the results like the following example:
    • /usr/local/etc/httpd/sites-enabled-user/IDrive.conf
    • /usr/local/etc/php/fpm.d/IDrive.conf
  5. Remove the listed items by running the ‘remove’ command (rm) as below:
    • rm /usr/local/etc/httpd/sites-enabled-user/IDrive.conf
    • rm /usr/local/etc/php/fpm.d/IDrive.conf
  6. Make sure that you have removed all the IDrive.conf files.
  7. Restart the ‘Web Station’ package.

Key Points:

  • Enable admin account for a moment while using root access.   SSH and Admin should be disabled after making command line adjustments
  • You should be a part of the http user group and ensure the read/write permission is enabled on the web folder.
  • The Read more link is crucial for learning the ins and outs of iDrive.  Specifically, retention of archived backups.  Basically, iDrive never deletes data unless you specify.

Option 2

Amazon Glacier
•Back up data to Amazon Glacier (China Region and all global regions except GovCloud US)
•Restore backup task at the file-level
•Perform file-level incremental backup
•Schedule backup tasks
•Supports file-based deduplication within the same backup task
•When deleting data which has been uploaded within the past 90 days, a task will be scheduled to automatically carry out deletion 90 days after the file uploading time. This reduces the total cost charged for deleting data that is less than 90 days old.

https://www.synology.com/en-us/dsm/5.2/software_spec

But do catch – Why can’t I perform network backup from an rsync compatible server to my Synology product? https://www.synology.com/en-us/knowledgebase/faq/372

Security – Measures for consideration

– Maintain latest s/w patch release and timely hotfixes rollout including software (firmware) of your Modem/Router, web service and DiskStation.
– Use your administrators account to administer and use an user account to use your DiskStation.
https://www.synology.com/en-us/knowledgebase/tutorials/615
– Strengthen authentication with strong passphrase – can see my EE sharing
http://www.experts-exchange.com/articles/18309/Choosing-an-easy-to-remember-strong-password.html


Restrict connectivity
e.g. Open only the ports on your Modem/Router that are required by the services you are going to provide. If you stop the service, close the ports immediately.
e.g. Open a port that is not an internet default port (being used by users with unknown origin) you have to use other ports on the internet than the default for the specific service. Use the NAPT to translate the port internally
e.g. Enable the firewall on your DiskStation and configure it to only allow traffic that you want to have. Decline all other.
e.g. Only allow encrypted connections to your DiskStation to eliminate eavesdropping. Your DiskStation already has a certificate installed to be able to encrypt traffic.
e.g. For gaining remote access to delicate services you should use VPN instead of directly opening ports to the services from the internet.

Security Quicksheet

  • Disable the default admin account permanently
  • Enable 2 factor authentication
  • Enable HTTPS and Redirect HTTP
  • Enable DOS attack protection
  • Enable port forwardingportforward.com
    Note: Change external port # for increased anonymity of the port service

Remote Access Security

Synology remote access requires a key component called a SSL certificate for securing your data.  Webpage warnings can be avoided by adding the domain as a security exception, allowing you to access DSM normally. However, to verify the identity of the Synology NAS and ensure the connection is truly secure, you will need to a third-party certificate from a trusted certificate authority.   The less secure alternative is a self signing cert.  Below is instructions for a third-party certificate authority such as GoDaddy.

To obtain a third-party certificate for your Synology NAS, please make sure you have a registered domain name. You must also pay any expenses required by the certificate authority.

Check out our post on GoDaddy Certificate Setup for the Synology.

More Packages 

Surveillance Station *Service won’t work unless ports are open.  Surveillance Station is a web-based application that can manage IP cameras to safeguard your home or office environment.    It can watch and record live view videos, schedule,  and playback.

Cloudstation Sync for Windows and Mac *Service won’t work unless ports are open

  • Enable TCP port 6690.  DDNS will work properly once enabled.

PhotoStation *Service won’t work unless ports are open

  • General, Enable personal photo station service under admin and select HTTPS Redirect
  • Enable Person photo Station server under options of DSM for regular user account (this creates \home\photo folder for that particular user
  • Add https web services and certificate

Purchase below and contact Network Synology IT support today!!


Avoid costly visits from your Synology IT Support team.  Get a battery backup and grab insurance for your network.  Subscribe to Managed IT Service Agreement.

Alternatively, purchase DS1515+ good for 25 user/10 designer environment.  This option will help defer future Synology IT Support projects.  It scales well for next 5 years at a rate of TB a year.

Bonus Resources