Synology News & Security Recap – August 2018

Synology News

Synology News tileAugust started off slow as far a Synology Security bulletins are concerned. By the end of the month, there were eleven security bulletins. The good news is that two of them were just to tell us that while the software was used, it was unaffected. The bad news is that the number of unresolved issues is growing. A dozen bulletins that were released this year still have an ongoing status. Nine of those open vulnerabilities were released in July and August.
##Security Bulletins

Synology Security Bulletin SA-18:40 Synology Application Service addresses a moderate vulnerability in the Synology Application Service that allows authenticated remote users obtain “sensitive” information. It is resolved by updating to version 1.5.4-0320 or above.

Security Bulletins Synology Security Bulletin SA-18:41 Linux kernel and [Synology Security Bulletin SA-18:42 ISC Bind](https://www.synology.com/en-us/support/security/Synology_SA_18_41 “Jump to the security bulletin”) confirm that Synology software is not affected by these vulnerabilities, even though the software is used.

Synology Security Bulletin SA-18:43 MailPlus Server is rated as Important because it allows a remote denial-of-service attack against MailPlus Server. To patch the vulnerability upgrade to version 2.0.5-0606 or above.

Synology Security Bulletin SA-18:44 Linux Kernel addresses the FragmentSmack attack that can be used for a denial-of-service attack. Synology Router Manager (SRM) is not vulnerable thanks to being built on an older Linux Kernel. All version of DSM are vulnerable and not yet patched. According to the bulletin, the fix for DSM 6.1 and 5.2 will be to upgrade to DSM 6.2 once that version is patched. SkyNAS and VX960HD are also vulnerable and unpatched.

Synology Security Bulletin SA-18:45 L1 Terminal Fault is yet another Intel CPU vulnerability (aka ForeShadow Attack). This vulnerability is in DSM on models with an Intel chip. See the bulletin for a complete list. While rated as Moderate there’s a specific set of circumstances needed to exploit the vulnerability. The vulnerability allows one virtual machine to steal information from another virtual machine. So you’ll need to be running several VMs, at least one of which allows an untrusted person to install software on it (or be accessible of the internet). This is a significant issue for web hosts, less so for Synology owners. Like the previous bulletin, DSM 5.2 and DSM 6.1 will need to update to DSM 6.2 (once DSM 6.2 is patched).

Synology Security Bulletin SA-18:46: Internet Key Exchange V1 has an Important severity rating, which is the highest. It remains an ongoing issue, without resolution. It affects all version of DSM, SkyNAS and SRM 1.1. It also affects VPN Server and VPN Plus Server. Again, DSM 6.1 and 5.2 will require DSM 6.2 to get the fix. If you need immediate mitigation, refer to the Security Bulletin for Synology’s contact information.

Synology Security Bulletin SA-18:47 Samba affects Active Directory Server and Active Backup for Server. Currently, there is no mitigation.

Synology Security Bulletin SA-18:48 SRM announces a vulnerability that can be exploited by remote users. Upgrade to 1.1.7-6941-2 or above to plug the vulnerability.

Synology Security Bulletin SA-18:49 Ghostscript affects all versions of DSM and SRM if AirPrint is enabled. It’s rated as Important since it allows remote users to execute arbitrary commands. There’s currently no mitigation if you must use AirPrint.

Synology Security Bulletin SA-18:50 Drive describes a vulnerability in the Synology Drive package. It is resolved in Drive version 1.1.2-10562 and above.

Synology Security Bulletin SA-18:51 DSM affects all versions and variations of DSM. Upgrading to DSM 6.2.1-23824 and above will resolve the issue. SkyNAS and VS960HD remain vulnerable. Again, DSM 5.1 and DSM 6.1 must update to DSM 6.2 to get the patch.

##DSM & SRM Updates

Synology has updated their release notes to reflect DSM 6.2.1-23824, and the update is available on their FTP site. That said, it has not shown up in the automatic checks for any Synology NAS that I support. It was recently released, August 29th based on the release notes. I manually installed it on a DS218+ without any apparent problems. It’s a NAS I use for testing, for every other NAS, I’ll wait until it’s pushed to the NAS.

Based on the release notes there are a lot of fixes:

  1. Fixed an issue where users may not be able to delete snapshots when the volume is full.
  2. Fixed an issue where Windows may falsely detect an error on an exFAT format USB drive after it is used as the backup destination of Hyper Backup.
  3. Improved Snapshot Replication package stability.
  4. Fixed an issue where incorrect or incomplete update information may be displayed in the DSM Update tab.
  5. Fixed an issue where a single RAID with over 24 drives may fail to assemble a RAID 5/6/F1 or SHR 1/2 storage pool.
  6. Fixed an issue where boot failure might occur if the system was rebooted during the conversion process from RAID 5 to RAID 6.
  7. Enhanced the compatibility of certain drives on Synology NAS and Expansion Unit models.
  8. Fixed an issue where local users may fail to log in via SMB on specific Windows versions after adding their NAS to a Synology Active Directory domain.
  9. Improved Windows client’s clock synchronization with DSM after it is added to a Synology Active Directory domain. Upgrading Active Directory Server to version 4.4.5-0077 or above is required.
  10. Modified HDD hibernation mechanism to prevent HDDs from entering hibernation when a volume is degraded, crashed, or not created.
  11. Fixed multiple security vulnerabilities regarding Linux kernel (CVE-2018-1000199, CVE-2018-8897, CVE-2017-0861).
  12. Fixed a security vulnerability regarding OpenSSL (CVE-2018-0739).
  13. Fixed a security vulnerability regarding procps-ng (CVE-2018-1124).
  14. Fixed a security vulnerability regarding ISC DHCP (CVE-2017-3144).
  15. Fixed multiple security vulnerabilities (Synology-SA-18:51).
  16. Minor bug fixes.

##Product Releases & Updates

Synology has released a new model of their M.2 SSD adapter card, the MSD18. It is currently available in the retail channel. Amazon, BH Photo (US), Span (UK).

The RackStation RS1219+, Synology’s newest model, has also made it into the retail channel. Amazon, BH Photo (US), Span (UK)

0 comments

Synology News & Security Recap – July 31, 2018

Synology News

Synology News tileThe last half of July brought four new security bulletins. Some little-used DSM versions have yet to be patched. The Tomcat packages are also vulnerable, one of which won’t be fixed.

Security Bulletins

Synology Security Bulletin SA–18:37 Photo Station brings news of a vulnerability that allows a web session hijack in Photo Station. It’s fixed in version 6.8.7–3481 or above for Photo Station 6.1. It’s resolved in version 6.3–2976 or above for Photo Station 6.3.

The Tomcat packages have a vulnerability as described in [https://www.synology.com/en-us/support/security/Synology_SA_18_38](Synology Security Bulletin SA–18:38 “Jump to the Security Bulletin”). There are no plans to fix Tomcat 6. Tomcat 7 is listed as ongoing. Tomcat isn’t needed for the core functions or the most popular packages. Synology recommends you contact them (see the bulletin) if you use Tomcat 7 and are concerned about the vulnerability.

Synology Security Bulletin SA–18:39 covers a vulnerability in DSM. DSM 6.2, DSM 6.1 and Virtual DSM are all patched in their latest update. Other flavors of DSM are still not fixed.

The Synology Application Service has a vulnerability as described in Synology Security Bulletin SA–18:40. Version 1.5.4–0320 or above of the Synology Application Service fixes the vulnerability.

Other News

Synology has begun the beta program for Surveillance Station 8.2. More information is here.

0 comments

Synology News & Security Recap – July 15, 2018

Synology News

Synology News tileSecurity Bulletins

There are only two security bulletins so far in July.

The first is Synology Security Bulletin SA-18:35 File Station which patches a vulnerability that allows a remote attacker to access sensitive information. If you’re running File Station 1.2, then update to version 1.2.3 or higher. If you run File Station 1.1, then update to 1.1.5 or higher.

The second is Synology Security Bulletin SA-18:36 DSM which allows a remote authenticated user to obtain sensitive information. If you’re on DSM 62. the update to DSM 6.2-23739-2 or above. If you’re on DSM 6.1, then update to DSM 6.1.15284-2 or above. DSM 6.0, DSM 5.2, Virtual DSM, SkyNAS, and VS960HD are still waiting on a patch.

DiskStation Manager (DSM) Updates

DSM 6.2-23739-2

As mentioned in the Security Bulletin section, DSM 6.2-23739-2 was released. The official release date was July 12th although I have not seen it in the update section for any NAS that I support. If you need the update, you can find the firmware for a manual update here.

The update contains the following fixes:

  1. Adjusted power saving mechanism to improve PCIe compatibility.
  2. Fixed multiple security vulnerabilities regarding Linux kernel (Synology-SA-18:01).
  3. Fixed an issue where iSCSI Manager might not open for the incompatible format of iSCSI LUN configuration files set up before DSM 5.2.
  4. Enhanced package start-up performance.
  5. Fixed a security vulnerability (Synology-SA-18:36).

DSM 6.1.7-15284-2

As mentioned in the Security Bulletin section, DSM 6.1-15284-2 was released.

Unlike the DSM 6.2 update, I have seen this update in the update section for all my NAS units still running DSM 6.1.

The update contains the following two fixes:

  1. Adjusted power saving mechanism to improve PCIe compatibility.
  2. Fixed a security vulnerability (Synology-SA-18:36).
0 comments

Synology News & Security Recap – June 30, 2018

Synology News

Synology News tileNot much news since the mid-month update. These days there’s always a security bulletin or two. A DSM and SRM update bring those security patches along with some bug fixes.

Security Bulletins

All versions of DSM had a vulnerability that allows authenticated users to execute arbitrary OS commands, or obtain sensitive information. For DSM 6.2, upgrade to version 6.2-23739-1 or above. For DSM 6.1 upgrade to 6.1.7-15284-1 or above. The older DSM 6.0 and DSM 5.2 also need to be upgraded to the latest version to patch the vulnerability. While rated as Important, user authentication is required to exploit the bug, which may make it less critical in your environment. The security bulletin is Synology Security Bulletin SA-18:33.

Synology Router Manager (SRM) has the same bug, which is patched in the latest SRM update (1.1.7-6941-1 or above). See Synology Security Bulletin SA-18:34 for more information.

DiskStation Manager (DSM) Updates

Synology release notes indicate that DSM 6.2 was updated to version 6.2-23739-1. I have not received this update on any Synology NAS, and it’s not in the download center for my NAS models. It is in the download archive for manual update. I haven’t applied the update, and will wait until Synology actively pushes it out. All the Synology NAS devices I support have trusted users that already have admin access. The security patches require privilege escalation, so it’s not critical for me. If you need the update, you can find it here.

The update fixes the following issues:

  1. Fixed a security vulnerability regarding Linux kernel (CVE-2018-8897).
  2. Enhance the performance of Surveillance Station when deleting recordings in btrfs volume.
  3. Fixed multiple security vulnerabilities. (Synology-SA-18:33)
  4. Fixed an issue where VAAI might fail after iSCSI LUN was recovered by LUN Backup.
  5. Fixed an issue where LUN configuration might be inconsistent.
  6. Minor bug fixes.

Synology Router Manager (SRM) Updates

SRM was updated the version 1.1.7-6941-1.

  1. Fixed a security vulnerability regarding Wget (CVE-2018-0494).
  2. Fixed a security vulnerability (Synology-SA-18:34).
  3. Fixed multiple security vulnerabilities regarding CPU Spectre on RT2600ac (Synology-SA-18:01).

Synology News

Synology has officially released Virtual Machine Manager Pro. The VMMP was previously available as a beta. Now that it’s official, licenses must be purchase. (Press Release) Licenses are available in 3 and 7 license packs. This page has information about the licenses, supported models, and differences between the Standard (free) and Pro (paid) versions.

0 comments

Synology News & Security Recap – Mid-June 2018

Synology News

Synology News tileThe first half of June brought some Synology news. Synology released the beta for a new software package and moved another package from beta to official release. Both of these products promise recurring revenue to Synology.

Vulnerabilities continue to be found in Intel chips, along with a couple software vulnerabilities. At least the software bugs were patched. The CPU vulnerabilities are a harder to solve problem.

Security Bulletins

Web Station has a vulnerability that allows phishing attacks. The vulnerability is patched in version 2.1.3-0139 and above. The vulnerability has conflicting ratings in Synology Security Bulletin SA-18:29. The bulletin header rates it as Important while the bulletin body rates it as Moderate.

The Synology SSL VPN Client has a vulnerability that allows a man-in-the-middle attack. This is rated as Important in Synology Security Bulletin SA-18:30. The vulnerability is patched in version 1.2.5-0226 and above.

Intel CPUs have yet another vulnerability as described in Synology Security Bulletin SA-18:31. The vulnerability is rated as Moderate by Synology and is unresolved. Currently, only a small number of models are affected, the DS36, RS36, and RS34. See the previously linked bulletin for the latest list. All DSM versions running on vulnerable Intel CPUs are vulnerable.

Synology released Synology Security Bulletin SA-18:32 to let us know that their products are not affected by the latest ISC BIND vulnerability (CVE-2018-5738).

Synology News

Synology continues to expand its services business by releasing the official version of Active Backup for Office 365, which was previously in beta. This software backs Office 365 data to your local NAS. Active Backup for Office 365 has 10 free licenses on any Synology NAS that supports it. More information is available here.

Synology Active Backup for Business is a new offering that’s now in a beta period. Active backup for Business allows backing up Windows PCs, Windows Servers, and virtual machines. The software is free during the beta, but will then require a separate license per host being backed up once the beta is over. More information is available here.

0 comments

DSM 6.2 Upgrade (From DSM 6.1)

Synology News

DiskStation Manager 6.2 (DSM 6.2) has been out for a couple of weeks, and you may be considering the upgrade. Here’s the overall process to follow and what to expect.

Prep Work

There are a few things to do before you begin the upgrade.

Updates

Update DiskStation Manager to the latest version of DSM 6.1. Also, update all installed packages to their most recent version. While this isn’t an absolute requirement, it’s the safest way to upgrade.

I also like to reboot the NAS before the upgrade. The reboot gives me extra confidence that there’s no problem hiding in the old software. I admit to skipping this if there’s been a reboot in the last few days.

Backups

Make sure you have backups and that you can restore the data from them. If you use Hyper Backup, you can verify the backup integrity. Select the backup task, then click the drop-down hamburger menu and select Check backup integrity.

Screenshot of Hyperbackup Check Backup Integrity menu selection

If the backup is encrypted, you’ll be prompted for the encryption password. Then you’ll be prompted to select the type of check to do. You’ll want to confirm that the data can be restored, so check that box. The integrity check will take a long time, and depends on the amount of data that you have.

Screenshot showing the Backup Integrity check options

The Integrity Check will the begin.

Screenshot showing the backup integrity check progress.

Wait for it to finish.

Obsolete Features or Packages?

Make sure you aren’t using any features or packages that can’t be used on DSM 6.2. There are only a few things that lose support with DSM 6.2. These include:

  • The WiFi dongle won’t support parental controls or the device list if set in bridge mode.
  • Virtual Machine Manager will no longer support creating clusters on older DSM versions.
  • SSH authentication by DSA public key is prohibited for security reasons.
  • Office 2.x and below are not compatible with DSM 6.2.

The full release notes are here.

The Upgrade

Even though the update settings are set to “Newest DSM and all updates” the new DSM 6.2 version will not be made available (at least not at this time).

Screenshot of my update settings

To do the upgrade go to the Update & Restore section of Control Panel.

Screenshot of Control Panel

The top of the DSM Update panel will have a link to the Synology website.

screenshot of the DSM update panel

Click the link to go to the download section of the Synology website. It will automatically find the downloads for your Synology NAS. Click the Download (pat) link to download your firmware. Remember the download destination.

Screenshot of the firmware download page

Once the firmware file download is complete, return to DSM Update in control panel and click the Manual DSM Update button.

Screenshot showing the Manual DSM Update button

Use the open file dialog to select the file that you just downloaded.

Screenshot showing the firmware file selection

When you click OK, you’ll receive a confirmation prompt. When you click Yes to this prompt, the upgrade will start.

Screenshot of the confirmation dialog

The 10 to 20-minute estimate is generic, and not based on how long your own NAS will take. My DS1815+ took less than 5 minutes to do the upgrade.

Once the upgrade is done, and the NAS reboots, the login screen will be displayed. Go ahead and log in. You’ll have to confirm (or deny) some privacy settings.

You should also check notifications to see if anything else needs to be done. In my case, I had two related notifications. I needed to update a couple packages and setup bad sector warnings. Click the link in the message to go to the correct location to make the change.

Screenshot of the after upgrade notifications

Clicking on the Package Center links opens it up. In my case, I had to update Virtual Machine Manager and Storage Analyzer. Click the Update All button to save time.

Screenshot of Package Center showing package upgrades needed.

Clicking on the disk warning setup link opens Storage Manager and automatically goes to the HDD/SSD General section. Make the changes you feel are appropriate. My choices are shown below.

Sceenshot of my HDD/SSD General tab

The upgrade is complete, and everything is ready to use.

0 comments

Synology News & Security Recap – May 31, 2018

Synology News

Synology News tileThe big Synology news in May was the release of DiskStation Manager 6.2 (DSM 6.2). Data protection and enterprise features were the primary focus of this update. The user interfaces for several system features (such as storage manager and package manager) also received facelifts and streamlining. Here’s the press release. I wrote about the release here.

Security Bulletins

PHP has a vulnerability that allows a remote attacker to execute arbitrary code. Synology has given this their highest severity rating. It affects PHP 5.2, PHP 5.6 and PHP 7.0. A fix for this vulnerability is not yet available from Synology. Full details are in Synology Security Bulletin SA-18:20 PHP. Refer to the bulletin for contact information if you need immediate assistance.

DiskStation Manager (DSM) has a security vulnerability introduced by a flaw in the Linux kernel. The vulnerability is currently unresolved. This has the highest severity rating (Important) on DSM 6.1 with a Moderate severity rating on other DSM versions. Refer to Synology Security Bulletin SA-18:21 Linux Kernel for a complete list of models and DSM versions affected.

Synology released Synology Security Bulletin SA-18:22 EFAIL to let us know that their products are not affected by the EFAIL vulnerability which affects some email clients.

The Spectre related CPU vulnerabilities continue to expand. Synology released Synology Security Bulletin SA-18:23 Speculative Store Bypass to track the latest Spectre related vulnerability. Synology rates the vulnerability as moderate, and it affects all DSM versions. Refer to the security bulletin to see if your NAS model uses an affected CPU. There is no current mitigation.

DiskStation Manager has a vulnerability that allows remote authenticated users to execute arbitrary code, or set a new password without verification. Synology rates this as Important, although since it does require user authentication, you may be less concerned, depending on how much you trust your users. This is covered in Synology Security Bulletin SA-18:24 DSM. While it is listed as resolved, the resolution is to upgrade to DSM 6.2 which you may not be ready to do. DSM 5.2, 6.0 and 6.1 are all affected.

Synology Router Manager has a vulnerability rated as Moderate. This allows a remote attacker to inject arbitrary scripts or HTML code. The resolution is to upgrade to SRM 1.1.7-6940 or above. See Synology Security Bulletin SA-18:25 SRM for more information.

DiskStation Manager has a second vulnerability that allows remote users to inject arbitrary web scripts or HTML. This doesn’t affect the newly released DSM 6.2 and is rated as a moderately severe for other DSM versions. Older versions of DSM can be upgraded to DSM 6.1.4-15217-3 or above. The only mitigation for DSM 5.2 and 6.0 is to update to DSM 6.1.4-15217-3 or above. This is also the only patch option for DSM 5.2 and DSM 6.0. Full details are in Synology Security Bulletin SA-18:26 DSM.

Universal Search has a vulnerability that’s rated as Moderate. Authenticated users can bypass permission checks to access directories. Universal Search is installed via Package Center, although it is automatically installed and run. It can’t be disabled. To resolve the vulnerability use Package Center to update the package to version 1.0.5-0135 or above. Full details are in Synology Security Bulletin SA-18:27 Universal Search.

The SSO Server package has a vulnerability rated as Important, which is the most severe rating. It allows remote attackers to conduct clickjacking attacks. If you use the SSO Server package, you should upgrade to version 2.1.3-0129 or above. Full details are in Synology Security Bulletin SA-18:28 SSO Server.

DiskStation Manager (DSM) and Synology Router Manager (SRM) Updates

DSM 6.1.7-15284 was released concurrently with DSM 6.2 and includes needed security patches for those of us not immediately upgrading to DSM 6.2. The full list of fixes includes:

  • Improve stability of Docker when using Btrfs under low memory configurations
  • Improved stability of the snapshot replication feature
  • Enhanced stability of MCS in Windows environments
  • Fixed an issue where a file’s Last Opened Date may be incorrect when using Spotlight
  • Fixed an issue where enabling SSD Trim may cause file services failure in a high-availability cluster
  • Fixed an issue fan where changes to speed settings do not apply immediately in a high-availability cluster
  • Fixed a security vulnerability regarding Wget (CVE-2018-0494)
  • Fixed a security vulnerability regarding PostgreSQL (CVE-2018-1058)
  • Fixed a security vulnerability regarding Linux kernel (Synology-SA-18:21, CVE-2018-1000199).

SRM 1.1.7-6941 was released. It contains much more than the previously mentioned security fix. The complete list is:

What’s New

  • Added support for IPv6 relay
  • Added support for IPv6 DS-Lite
  • Added support for FLET’s IPv6 service in Japan
  • Added support for subnet mask configuration for guest network
  • Updated Privacy Statement and adjusted related settings

Fixed Issues

  • Fixed an issue where Traffic Control might not work properly on 3G/LTE interface
  • Fixed an issue where channel selection for 2.4GHz band might not be available with 40MHz bandwidth
  • Fixed an issue where PPPoE might not work properly with certain ISPs

Security Updates

  • Fixed a security vulnerability regarding PostgreSQL (CVE-2018-1058)
  • Fixed a security vulnerability (Synology-SA-18:25)
  • Fixed multiple security vulnerabilities regarding Linux kernel (CVE-2017-15649, CVE-2018-1000199)
  • Fixed a security vulnerability regarding DHCP (CVE-2018-5732)
  • Fixed a security vulnerability regarding 7-Zip (CVE-2017-17969)

Synology News

Synology has released a new NAS model, the DS1618+. It has six internal drive bays and is expandable to 16 drives with two optional expansion units. Synology says this is their “fastest Plus series NAS ever.”

0 comments

DSM 6.2: A Fresh Install

Synology

I’ve been running the DSM 6.2 beta software on a Synology DS218+ for several months. Now that the official DSM 6.2 release is out, I decided to do a fresh install of DiskStation Manager, to clear out any crud that may have been left by a bug in the beta software, and to become familiar with any changes to the installation process.

So I did a factory reset (Control Panel -> Update & Restore -> Reset (tab) then click the big red Erase All Data button).

Screenshot showing a factory reset through Control Panel

A factory reset results in an installation process that’s the same as the first installation on a newly unboxed Synology NAS.

Once the NAS reboots (or powers up), and is online, it will beep. Open a browser on your computer and go to http://find.synology.com. After searching a bit, it will list the Synology NAS devices that are on your local network. If you have multiple devices, you can use the arrows to scroll through the devices.

Click the Connect button to start the installation.

The web assistant will list any Synology devices it finds on the network.

A license agreement will pop up, and you’ll have to check the box to agree before moving on.

The next screen will start the setup process.

Screenshot of the web assistant showing the setup button

What happens next may change since this is all web-based Synology can modify it at any time, and it may vary by hardware model. In the past, the assistant has automatically installed from the web, although with DSM 6.2 I’ve had to download the file. Downloading the firmware to your computer is more reliable since an unexpected network outage won’t affect the installation.

If you need to download the firmware, click the Synology Download Center link.

Screenshot of the firmware upload screen

Your browser will open the Synology Download Center in a new tab (or window, depending on your browser settings) and automatically open the download section for your NAS model. Click on the Download (pat) link for the firmware of your NAS. Remember your download location.

Screenshot showing the firmware download link

Return to the Synology Web Assistant and browse to the firmware file that you just downloaded, then click the install button.

Screenshot showing the Synology firmware selection screen

You’ll then have to confirm that you know any existing data will be lost. Once you do that, the installation will kick off.

Screenshot of the Synology firmware installation progress.

Once the installation finishes the NAS will reboot, and the configuration phase will start.

Screenshot of the administrator account creation screen

Give your NAS any name you like, and pick a username and password. This account will have full access to your NAS as it is the default admin account. Avoid the name admin. Currently, a user called “admin” is automatically created, but it is disabled by default. Using a well-known account name as an administrator account is frowned upon for security reasons. Once you’ve filled in the information, click Next.

The installer will do some configuration, and then ask how you want to receive updates and do maintenance.

Screenshot of the DSM Update & Maintenace screen in the installer.

Because updates will often reboot the NAS, I pick the “Notify me…” option and make sure I have notifications properly set up to email me. If you’d prefer a more hands-off approach, you can pick the “Install the important updates…” option, and pick a convenient time to do the updates. I don’t recommend selecting the first option, “Install the latest…” automatically as this could result in significant changes after an update and break things until you can attend to them. The “important updates” option will give you all security updates, so you’ll remain secure.

Once you select an option, you’ll be prompted to choose the day(s) and time for the update (or update check). The installer randomizes the days and times to avoid overloading Synology’s update servers. Pick whatever is convenient for you. Since I don’t automatically install any updates, I check daily. I also recommend doing the SMART tests and bad sector warnings to monitor drive health.

Screenshot showing my update settings

Next, you’ll be prompted to set up QuickConnect. QuickConnect requires setting up an account with Synology. If you don’t want to do this, then click Skip this step at the bottom of the page. QuickConnect allows you to connect to your NAS when you’re away from the home or office. To set it up, fill in the information or log on to your existing Synology account. If you are re-installing or replacing an existing DiskStation, you can re-use the QuickConnect ID. You’ll be prompted to confirm that it’s OK to re-use the old ID on this new device.

Screenshot of the QuickConnect setup screen

After setting up QuickConnect (or skipping it), you’ll be prompted to install Synology’s recommended packages. You can skip this by clicking Skip this step at the bottom of the screen, and then install only the packages that you want. If you do click Next, the packages will be queued to install. The installation wizard will not wait for them to finish before proceeding. It’s likely you’ll see the DSM desktop before all the package installations end, so you’ll need to wait. I prefer skipping this step and then installing the packages when I’m ready to use them. If you do install them all, you can quickly remove them at a later time.

Screenshot showing Synology's recommended packages

You may have to approve more terms of service or privacy policies, but you should soon see the message:

Screenshot of the installation completion screen

I typically uncheck the “Share my Synology device’s network location…” since I don’t have a need for it, and to be honest; I’m not sure exactly what it enables and what the security implications are. Click Go once you’ve made your choice.

Once you click go, you’ll be prompted to accept (or decline) more privacy and the terms of use, and then be presented with a series of popup tips.

If you created a new Synology account, you’d have received an email to activate the account. Go to your email and click the link that they sent to activate the account.

Ther Synology NAS is ready to use.

0 comments

Synology Releases DiskStation Manager 6.2

Synology News

After a long beta period, Synology has released DiskStation Manager 6.2 (DSM 6.2). This is Synology’s major release for the year. DSM 6.2 is a little later than usual for Synology’s yearly release, DSM 6.1 was released in February 2017.

DSM 6.2 is now being pushed out through their update channel and it’s available in Synology’s download center. I’ve been running the beta version for several months on a DS218+. The beta has been relatively stable and mostly problem free. That said, you shouldn’t expect the upgrade to be problem free. Waiting for the first update to DSM 6.2 is always the safest path, but if you don’t want to wait, allow some time in your schedule to sort out any problems. There aren’t any officially supported ways to downgrade back to DSM 6.1. While there are ways to downgrade, plan to restore everything from backup if you do a downgrade. So as always, have good backups before you upgrade.

The update has appeared in the updates for my DS815+ & DS1511+. It does not appear on the DS218+ which is running the beta (updates have never appeared on the DSM 6.2 beta software), so I upgraded manually.

The most visible changes include

  • A redesigned package center
  • An updated storage manager.
  • If 2-factor authorization is enabled then email notifications must also be set up.

There are some limitations added with this version

  • This will be the last DSM version that will support IPv6 Tunneling in Network Interface.
  • USB device drivers will no longer be updated.
  • The WiFi dongle does not support parental controls and device list if set as bridge mode.
  • Virtual Machine manage will no longer support creating clusters on older DSM versions.
  • SSH authentication by DSA public key is prohibited for security reasons.
  • The original RAID scrubbing schedule tasks will be migrated to smart data scrubbing. In addition, data scrubbing will automatically be executed shortly after the upgrade.
  • This will be the last major DSM release for some models. They will receive updates to DSM 6.2 for at least two years. These include:
    XS Series : RS3412xs, RS3412RPxs, RS3411xs, RS3411RPxs, DS3612xs, DS3611xs
    Plus Series : RS2212+, RS2212RP+, RS2211+, RS2211RP+, RS812+, RS812RP+, DS2411+, DS1812+, DS1512+, DS1511+, DS712+, DS412+, DS411+II, DS411+, DS213+, DS212+, DS211+, DS112+
    Value Series : RS812, RS212, DS413, DS411, DS213, DS212, DS211, DS112, DS111
    J Series : DS413j, DS411j, DS411slim, DS213air, DS212j, DS211j, DS112j
    Others : DDSM

There aren’t any general release notes yet. While my link appears to be model specific based on the page title, it is all-inclusive. See the full release notes here. The marketing page is here.

0 comments

Synology C2: Tier 2 Data Deduplication

Synology

White clouds in a blue skyI’ve been backing up to the Synology C2 Backup service since it became available worldwide. For the first month, I used the Tier I plan. This tier comes with low prices, but it also has some limitations. I then looked at the Tier II plan, to see what benefits it brought in real life. The two significant differences (besides price) are unlimited backup version and data deduplication.

The price of unlimited backup versions is that all those versions count against your quota. Whereas, the Tier I plan only counts size of the size of the files that are on your NAS and ignores the backup versions. Synology promotes data deduplication as a way to save the space used. They also say “However, the Plan II-exclusive deduplication can help you reduce duplicated data across different backup versions, thus optimizing the storage usage.” But, is this really the case? In my testing, I found data deduplication does not save space across backup versions.

The Tier II plan offers data deduplication which might reduce the space used on the C2 service, and therefore how much you can back up for your money. While there are indeed specific cases where data deduplication on Synology C2 can save significant space, for typical home and small business users it won’t help very much.

If your thinking about switching to a Tier II plan for Synology C2 Backup, these are the things to consider.

HyperBackup does file-level data deduplication

According to the documentation, HyperBackup does file-level deduplication. To be deduplicated, the file contents must be the same. These means a small change in any file will result in a new file being backed up and the old file saved as a backup version. I confirmed this in my testing.

HyperBackup does not deduplicate across backup tasks

Files are not deduplicated between two Synology NAS devices, or even two different backup tasks configured on the same device. I did confirm this with testing, with and without using encryption.

So if you want to backup your primary NAS along with a backup that has the same files, you won’t be saving any space. To maximize deduplication on the Synology NAS, you’ll want everything backed up to Synology C2 in a single HyperBackup task.

HyperBackup does deduplicate identical files with different names or attributes.

In my testing, I renamed some files, and they were deduplicated correctly. The amount of storage used did not increase when I copied, then renamed 12 GB worth of files and backed them up. (There is some overhead, my storage usage increased about 50 MB.)

I also touched that 12 GB worth of files to change the modified date (this doesn’t change the file contents). and the files were properly de-duped. In this case, the old files are now a backup version, and the new files are the current backup.

There may be cases where data deduplication fails

In one of my tests, not all the files were properly deduplicated. In one test I had five identical 2.4 GB files, but with different names. After the backup, there was 8 GB of additional space was used on Synology C2, which indicates only a couple of the files were deduplicated.

To verify the files could be deduced I then backed up one of the files on its own, and then the other 4 in a second backup. In this case, all four additional coped were deduplicated.

Data deduplication takes place on the client

HyperBackup will do the deduplication before sending the file to Synology C2, which has the benefit of saving both bandwidth and time.

Summary

A Synology C2 Backup Tier II plan allows more flexibility in your backup strategy. You can keep backup versions for years, or one version per day for however long you want. But, that flexibility needs to be weighed against the added cost in space used. By their nature, the backup versions are different files and therefore won’t benefit from deduplication.

Deduplication will be of limited benefit in many situations. Unless you frequently have the same file scattered around different locations on your Synology NAS, there won’t be much space savings.

While there are reasons for wanting a Tier II plan, deduplication will not save you space over a Tier I plan if you will be keeping a lot of backup versions. You can adjust your backup rotation, but if you’re too liberal in your scheduling, you could hit the 1GB quota and be required to pay an additional €69 for the 2GB plan.

0 comments