The NAS that makes it so you can use a NAS and cloud storage without having to "trust" anyone
If you work in IT, you're familiar with the utility of a NAS. In my professional experience, they have often functioned as a temporary data transfer mechanism. For many years the limitations of most NAS devices meant that they weren't useful in any long-term capacity for the types of clients that I've served. When you are dealing with massive amounts of data that you need rapid access to, a SAN is still your go-to device when dealing with local storage. For clients that didn't need a SAN (smaller data-sets and more manageable data transfer speed requirements), I'd often recommend some form of cloud storage. The Synology line has changed things for the better though. There is now a way to get the best of all worlds. I'm sure some of my AWS / GC / OpenStack friends are screaming some variation of "CLOUD ONLY!!!" Hear me out though, there are some issues with all cloud, all the time. So before I go into the Synology, let's go into some of the downsides of either a SAN or Cloud Storage.
SAN SANs are really great at
- Data expandability
- Local disk redundancy
- Blazing fast performance
If you have 10 petabytes of data that you need insane disk read/write access to, you will be using a SAN - full stop. You will never get local SSD RAIDed performance from cloud storage. SANS have numerous downsides though.
SANs are not great at
- Price (they run in the 10s and 100s of thousands of USD)
- Offsite backup capabilities are mixed (many SANs offer mirroring capabilities - but now you need two data centers...)
- Cloud capabilities are mixed (some units offer cloud linked capabilities - it's early days here though...)
- Staffing requirements (You need to know what you are doing with a SAN. Get your iSCSI / fibre device name wrong? Ooops - all the data is gone...)
Cloud Storage Cloud Storage (with AWS / Google Cloud / Rackspace / ... whoever) is really great at
- Deployment speed
- Staffing requirements
- Sometimes Cost (this one is a GIANT "it depends")
If you are dealing with a few hundred Gigabytes to Terabytes of data, and you don't need insane data transfer performance, this is probably where you should be.
Cloud Storage is NOT great at
- Data transfer speed (even with a GigE Uncapped pipe, you won't see the level of performance that you will from on-site SSDs... generally)
- Sometimes Cost (Cloud providers will always tell you that their prices are lower than doing it yourself. This is often true. It is almost certainly true if you have to keep someone on-staff because you went and purchased a SAN. It's not always true though.
This is where the NAS comes in.
What if you need GigE or more data transfer speed, you care about off-site redundancy, but you don't have big budgets or on-staff IT? Get a NAS right?
Not so fast. In the past, I'd often be posed this scenario, and I'd have to say "Yes... but." With the list of issues consisting of:
- What about data theft in the simplest sense? A NAS is no different from a desktop PC in that it can walk away. Are you seriously going to keep all of your data in the office with no redundancy somewhere else? If so, you are insane.
- Beyond all of the data going poof, data theft can also mean PII (Personally Identifiable Information) just went out the door. Congratulations! You are going to court... and maybe bankrupt.
- What about backups? Now using a NAS doesn't inherently mean that you haven't setup a proper backup mechanism - any more than using a SAN or Cloud Storage, but in practice... it often does.
The Synology Line The DS218+ towards the lower-end of the line, and certainly their larger units have changed this dynamic. For the first time in my career, I've deployed a NAS to a client as primary storage - and I don't feel bad about it. That may not sound like a ringing endorsement, but it is. Here's why:
- Disk Encryption
- This is nothing new in most contexts, but for many years it was hard to find on a NAS. Synology offers this as a built-in feature. NOTE however, they will recommend that you store the keys on an external USB key. I do NOT agree with this recommendation for a simple reason. If you do this, it will indeed allow the NAS to restart unattended, but for that benefit you give up almost all of the benefits of disk encryption. If you store the keys on a USB that is left plugged into the NAS at all times (be honest, this is what will happen), what is the consequence of someone stealing the NAS itself? Well you left the keys plugged in, so the thief turns it on, and has a much easier job at getting to your data.
- Local snapshots
- This is a NAS managed version of shadow copies essentially. For minimal disk space loss, you can retain nightly (or more often) snapshots of a shares state going back years (if you like). One caveat: If you enable share encryption (which you should), you won't be able to revert a file to the previous version with the built-in Windows tools. You'll need to mount up the old snapshot as a different share to copy the data over, or replace the entire share. Assuming that you aren't having to do data reversions constantly, this is manageable.
- Cloud backup capabilities
- You'll be able to utilize "CloudSync" to keep a copy of your entire NAS on one of countless cloud storage providers. Assuming that you're using this for backups, Backblaze was one of the cheaper options as of the writing of this article.
- What about hacks or malicious actors at the Cloud Storage provider though??... this is handled with the next huge feature.
- Zero-Knowledge Encrypted CloudSync
- While you setup your sync job to Backblaze B2 / S3 / whatever - you have the option of specifying another password. This is utilized to on-the-fly AES encrypt data on the NAS before it gets sent up to the cloud storage. This gives you the best of both worlds in terms of having off-site data protection, but not giving up any of your data privacy to the cloud provider. You also address the possibility of a hack on your cloud storage as the data they would see is garbled. The only thing they would "get" is file-names. No data.
- One caveat to this. CloudSync to B2 at least, is slow. It took over a week to upload 1.5TB of encrypted data. That's on an uncapped 100 Megabit pipe.
Conclusion Is getting a Synology NAS right for everyone? Absolutely not. Does it open up new cost-effective ways to address client needs, without sacrificing security or disaster readiness though?
Absolutely, it does.