Synology

Synology C2 Suite Review

Posted on by Adam Fowler

Synology asked me to have a fresh look at parts their C2 suite – I’d previously dived into their C2 Backup for Business solution almost a year ago, and I’m keen to find out how they’ve progressed.

The solutions I was given to try were:

C2 Identity
C2 Password
C2 Backup

Encryption or Passkey Prerequisite

The C2 suite needs an Encryption Key which encrypts all C2 services, or the newly released Passkey option.

For the Encryption Key, there is also a Recovery Code as a backup if the Encryption key is lost – but without either, you can’t access any C2 service and your access is lost. The only option is to reset your C2 Encryption key which is destructive – all data in the service is lost because there’s now no way to decrypt the data Synology is hosting for you on the C2 services. I know this because I almost had to reset it (which would be fine, I was only using my own test data), but managed to remember what I’d entered as the key originally. It’s also worth noting that you can generate a 1 page PDF of your recovery code details – this would be worth printing out and putting in a safe in case of emergency.

Passkeys can be used instead of an Encryption Key, where biometrics/PINs are used, rather than a password. This is the more modern way things are going, so it’s worth setting this up.

C2 Identity

This is where Synology sees the C2 Identity cloud service sitting. Here’s where I can see it providing the best value:

“Sync users and groups from Windows AD or migrate seamlessly from Synology LDAP Server without the need to reset users’ accounts or passwords.” If you have an on-premises Synology device providing LDAP services, then seamlessly migrating it to C2 Identity would be a smooth approach to turning into a SaaS solution. Moreso, a company that has identity solutions all over the place could benefit from having this modular approach. If you were heavily invested and aligned with a single cloud provider, it may be best to use their pure native solutions end to end – but a mix of cloud auth providers, or a company who’s Microft Entra ID based who’s bought out another company that’s Google Cloud Identity based, could use this to bring in a standard and centralised authentication service.

Note that this service does not sync users/identities with cloud services such as Microsoft 365, but you can use that as a source for a one time import:

For my purposes (and because I don’t have a userbase!), I created a user manually – myself.

Managed Devices

C2 Identity isn’t just about usernames and passwords either, you can manage devices using an agent (both Windows and macOS supported)

The connect key has been regenerated since this screenshot :)

The install of the agent for me was very quick and easy, and just runs inthe background. Once registered, the device will show in the C2 Identity portal with some basic information:

Command

What’s better though, is the Command options you can apply to your managed devices. These are commands you can trigger – either any command you want to do yourself, or pick one of the inbuilt ones which will continue to grow. Easily triggering an Auto-update of Windows across your entire fleet, or easily selecting a device to remote desktop to (and ping at the same time – I remember doing this as my first manual step any time I used to RDP to a desktop at work!).

These commands can either be run on demand (manually) or on time schedules/events (event options are at startup or at login):

Although reasonably simple, I can see this being very useful for a small business or a business with light requirements. Giving your 1-3 IT staff a tool like this makes both identity management and computer management easier than using native tooling alone (as well as the cross-platform support of both Windows and macOS).

Application

Another useful option is being able to add external identity providers (a.k.a. Applications). This allows you to use the single identity from C2 Identity across multiple solutions such as Google Workspace, Microsoft 365, Dropbox, and anything that support SAML (which these days is most things!).

The Edge Server option lets you “Set up an edge server that retrieves directory information from your C2 Identity. This server will authenticate C2 Identity users’ access to on-prem resources.”. This can run off either a local Synology NAS, or anything running Docker.

Other options include the Log of actions in C2 Identity, as well as Settings which has many customisations for an administrator of the service – as well as being able to brand your instance of C2 with your company’s logo, or look at setting up Passwordless Sign-in (beta at time of writing).

C2 Password

C2 Password is a password management system, and is actually free for personal use! If you want to give it a try, here’s the link. Also, here’s Synology’s C2 Password Security White Paper for those interested in some of the security specifics of this solution.

C2 Password has many supported platform extensions – iOS, Android, Google Chrome, Microsoft Edge, Mozilla Firefox and Safari. This should cover most normal business purposes, and is a nice cheap way of providing a managed password solution for both individuals, and a shared vault which can be handy for saving centralised/shared passwords (yes this is never great but you can’t control the password solutions of all your vendors)

The solution offers standard password generation options, as well as a ‘Login Security Overview’ which shows compromised passwords, weak passwords, reused passwords and Inactive 2FA (accounts without 2FA configured). This is visible to each user over their own vault, so is a nice easy way of putting concerns ‘in their face’ and to encourage better account management hygiene practises.

C2 Backup

C2 Backup for Business is a backup solution for both on-premises and cloud workloads. There is also an C2 Backup for Enterprise tier which has unlimited users, teams, and devices with 25TB available storage, and more available to add on. C2 Backup for Business however starts with:

5TB of available storage
250 maximum users
50 maximum teams
Unlimited devices

On-premises devices

This can either be personal computers or physical servers. Again, a backup client is required to be installed onto the device. The default policy is to back up the entire device (including anything plugged in externally such as a USB drive), which may be good for a very small business. However, there’s also the option to target just the system volume, or whichever volume you specify. This can be scheduled on a time basis such as daily, or event driven.

To manage your available space, you can use version control options too – maybe you just want the last 14 days of versions, or only the last 5 backups. You can also do tiered versioning (last day, week, month year) which may be a better option for on-premises servers.

If you have concerns about available bandwidth to a site, you can also define maximum upload speeds.

There is extensive documentation and guides on everything in the Synology C2 solutions, including how to restore a backup. If you want to do a bare metal restore, you can create recovery media on USB, or just recover certain files and folders to another computer which is just navigating through the version of the backup you want, picking the files/folders, and downloading. Easy!

Using the default policy on a home computer may capture a bit too much information!

Cloud Data

You can also backup Microsoft 365 data with the same subscription above – data stored on OneDrive for Business, SharePoint Online, Exchange Online, and Microsoft Teams. Once connecting to your Microsoft 365 tenant, the setup wizard will ask what you want to back up: which users, which sites (i.e. SharePoint Online), and which Teams. Although as part of setup you pick which items you want to back up, you also have the option of ‘auto-protection’ which will add anything newly created to the backup schedule, so you don’t have to go back each time and add them manually.

Your policy will also let you choose what data is backed up – Email, OneDrive, and Chat data. Again we have retention rules for versioning too.

For a small business, one of the nice aspects of this is a cloud to cloud backup (from Microsoft 365 > Synology C2). The bandwidth used between these two will have no effect on end users, especially important for sites with low bandwidth available.

To restore any of this data, there is a special ‘Recovery Portal‘ you can navigate to and restore the data locally.

Finally, in the Management section for C2 Backup you can look at a few options around notifications for events such as a backup failing, or when used storage is getting low. You can also see the state of each user and their used space for backups.

Summary

The Synology C2 Identity and Backup solutions are a good and relatively cheap priced (compare the prices for Backup and Identity) that are perfect for business that want to keep things simple. This can either be a business that has a mix of on-premises and cloud, or even purely Microsoft 365 cloud that needs a cheap backup somewhere just in case. I found the tools both portals and end user quite simple and easy to understand, laid out quite well. I will call out that being a simple solution, means it may not have the features or complexity requirements that some business may have – but the price of this solution reflects that. This can be a cheap way of ticking certain compliance options around data storage/backups and identity management too. The C2 web interface was incredibly snappy to use with every page and menu loading quickly – not something that can be said about many other solutions.

These solutions also have 30 day trials (Backup, Identity) that you can play around with, to see if they’ll suit your requirements.

Synology C2 Backup for Business Review

Posted on by Adam Fowler

Last year, I reviewed Synology’s Active Backup for Office 365 which is a cheap way of keeping another copy of Microsoft cloud data, as long as you have enough disks and space to fit it on.

This time, I’m looking at their Synology C2 | C2 Backup solution for businesses – which has a 90 day free trial (credit card details not required). This is a cloud based backup service – so no hardware required. Their support for Microsoft 365 data is quite new, and right now will cover user Exchange Online mailboxes, with OneDrive support coming in Q2 2022. Synology asked me to look at this and answered a few questions around timeframes; they’ve previously given me hardware to review, but this is not paid for content.

C2 Backup is one part of the C2 offerings, but you can pick and choose which components you want without requiring the others:

C2 Password
C2 Backup
C2 Transfer
C2 Identity
C2 Storage

At the time of writing, Synology have 3 regions you can choose from for C2 Backup: Europe – Frankfurt, North America – Seattle, and APAC – Taiwan. I’ll run through setting this up while giving a bit more information around what it is.

After creating an account, the first step is to pick your subscription – Monthly or Annual. The rates (which I won’t quote here in case they change, go have a look on their website) is per month and per terabyte, with the minimum at 5TB and the maximum 200TB.

I will note that there is an individual option that works a bit differently, but won’t run through that in this article. The data limits are smaller at 500GB, 2TB or 5TB and I’m sure there are other differences in the service vs the business option.

Next is setting up your domain, which will be a subdomain of c2.tw. You can’t change this later!

As I’m just doing a trial, I’ll skip the payment information, but it warns:

Continue without setting up a payment method? If you do not set up a payment method before the end of your free trial period, your subscription will not be automatically renewed.

Next is setting up the C2 Encryption key. This is like your password, but to all the data the service will hold. Synology point out they don’t store this – so you need to secure it yourself. If you lose it, you can’t decrypt your data and nor can Synology. They do provide a recovery code once this is done, which again you’ll need to keep – think of it as a backup password. This will be prompted to download a txt file containing the recovery code onto your computer.

Next is choosing the source of the data you want to back up. This screen will just jump you to the page for either – you’re not making a single choice between the two – it can do both.

Briefly looking at the On-premises device option, there’s 2 types of backup it can do: Personal Computer or Physical Server. There’s also Backup Policy where you can set the backup rules such as frequency, schedule and scope.

Backing up a computer or server will require an agent to be installed and signed into. Once done, a Backup Policy needs to be configured so the C2 platform knows what to backup and when. The policies are pretty simple, and the default policy will just back up everything daily, and keep all versions forever.

On the Cloud side of backup sources, we have support for Microsoft 365. You’ll need to sign in with an account that can grant access to certain areas of Microsoft 365.

It will need a little bit of time to connect before you can start configuring (about 30 seconds wait for me).

The next screen lets you pick which users to back up – which will most likely be all of them.

You don’t have to worry about adding future users in manually, there’s an option for Auto-Protection which will detect new users daily and just add them in. Note the 250 user maximum on this.

Once done, you’ll see the list of users you chose with the status ‘Not backed up yet’. You can trigger a backup now through the ellipsis button rather than waiting for the daily cycle.

The first backup will probably take quite a while – but after that first one is complete, future backups are incremental so will run a lot quicker.

The recovery portal is viewed in a per user state, you can choose which version you want to browse through (by date), and search if you’re looking for something in particular.

When restoring emails, you can either choose the emails you want to restore, or just restore everything. For specific emails, you can choose where to restore (either where they came from, or in a different restore folder) and if you want to overwrite existing items or not (only when restoring to original folder).

Restoring a single email for me only took a few seconds. Searching for emails was also very quick, with results coming up within a few seconds again.

Leaving the service going for a week, it has backed up successfully each time, and I can wind back to the daily versions for mailbox content with ease:

It also provides self-service restoration portal where end users can browse backups and recover files by themselves.

I’ve reviewed and tested a few other backup solutions; this is one of the easiest to do out there, but I’m also hanging out for some of the features still on the roadmap. If you only care about emails via Exchange Online, then the platform is ready to go.

It will be interesting to see how far Synology takes their C2 Backup service; being quite new I’m impressed that they’ve got the most important items (emails) backing up reliably, with a simple to restore process. If you’re looking for a ‘forever’ copy of everything in a mailbox on a daily basis, this is worth checking out.

Synology Active Backup for Business Review and Walkthrough

Posted on by Adam Fowler

Previously I’d already covered Synology’s Microsoft 365 Backup software which I was a big fan of, for simplicity of use and an incredibly cheap price point for a small to medium business as a Microsoft 365 data backup solution.

This time, I’m looking at Synology Active Backup for Business on their new DiskStation 1621xs+. Just like Microsoft 365 Backup, Active Backup for Business is free as long as you have a supported DiskStation model:

Applied Models

  • 21 series:DS1621xs+, DS1621+, DVA3221
  • 20 series:FS6400, FS3600, FS3400, RS820RP+, RS820+, DS1520+, DS920+, DS720+, DS620slim, DS420+, DS220+, SA3600, SA3400, SA3200D
  • 19 series:RS1619xs+, RS1219+, DS2419+, DS1819+, DS1019+, DVA3219
  • 18 series:FS1018, RS3618xs, RS2818RP+, RS2418RP+, RS2418+, RS818RP+, RS818+, DS3018xs, DS1618+, DS918+, DS718+, DS418play, DS218+
  • 17 series:FS3017, FS2017, RS18017xs+, RS4017xs+, RS3617xs+, RS3617RPxs, RS3617xs, DS3617xs, DS1817+, DS1517+
  • 16 series:RS18016xs+, RS2416RP+, RS2416+, DS916+, DS716+, DS716+II, DS416play, DS216+, DS216+II
  • 15 series:RS815RP+, RS815+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, DS415+
  • 14 series:RS3614xs+, RS3614RPxs, RS3614xs, RS2414RP+, RS2414+, RS814RP+, RS814+
  • 13 series:RS10613xs+, RS3413xs+, DS2413+, DS1813+, DS1513+, DS713+
  • 12 series:RS3412RPxs, RS3412xs, RS2212RP+, RS2212+, RS812RP+, RS812+, DS3612xs, DS1812+, DS1512+, DS712+, DS412+
  • 11 series:RS3411RPxs, RS3411xs, RS2211RP+, RS2211+, DS3611xs, DS2411+, DS1511+, DS411+, DS411+II

The support goes a long way back years wise, which is great to see. They have a comprehensive overview of this application and it’s abilities, but I’ll cover it all more briefly here while sharing my experience setting each type of backup up.

Installing the software on a Synology DiskStation is easily done via Package Center and a very quick activation process that requires a free Synology account:

After activating, you’ll immediately see the overview screen. At a glance, it gives a good idea on the sorts of things you can back up:

PC and Physical Server backups

Backing up a physical PC or Server is pretty easy, and the wizard takes you through the steps. Windows 7 SP1 and above is supported, as is Windows Server 2008 R2 and above, and needs the ‘Synology Active Backup for Business Agent’ installed. After a next, next finish, install, you’ll need to specify the IP/name of your DiskStation, and username/password:

After connecting and confirming the details, the PC is registered against Active Backup for Business, and the agent continues to run in the tray:

The agent will show when you last backed up, and if a backup is currently running:

No backups will run yet though, because we need to create a backup task back on Active Backup for Business. Again, a wizard will take you through this and let you choose what options you’d like for backup. I’m going to just back up everything, with the data compression and encryption options (which are default)

You then define when you want your backup to run – manually, or on a schedule:

I do quite like some of the options here – backup by event of screen locked or signing out is a nice way of making sure it doesn’t interrupt someone using the PC and slow things down while they’re actually working. Also having backup windows, so you can block out the working day if needed.

Next is the retention policy, a good way of reducing space taken – is there a difference between a backup 5 months ago vs 5 months and 1 day? Probably not, and very unlikely that you had something worth restoring on your PC only for 1 day.

At the end of the wizard and a summary screen, you have the option to back up now. I kicked this off, and the agent immediately showed the progress and events related to backing up.

This was a really easy and painless setup to back up a PC, but what about restoring? You can either create recovery media for a full restore, or you can use the Restore Portal to navigate through backups and pick what you’d like to restore:

The bottom time line lets you pick from what point in time you’d like to restore, with a dot showing each available time point.

Then, you can navigate through the disk you need, and go through the folders which match the file structure at the time of backup. Once you’re on the single file, multiple files or folder you want to restore, you can choose the “Restore” option to put the files back in their original location, or somewhere else, and decide if you want to automatically overwrite existing files or not.

Download however, will just download the file you selected like any other browser based download, or multiple files will come through as a single ZIP file.

File Server Backups

If you don’t want, or can’t have an agent on a file share, you can instead remotely back up via SMB or rsync:

After entering the remote server details:

It will verify they work, then let you set up a task:

The options are Multi-versioned, Mirroring and Incremental. They cover the different scenarios you might want to use – Multi-versions will take up the most space, where mirroring can only ever be as big as the source files, and incremental is half way between the two, without the versioning component:

You can then choose what to back up in the file share:

And then finish creating your task by giving it a name, telling where to backup the files to locally, and set a schedule.

The other option you’ll notice here is ‘Enable CSS for SMB File Shares’. If the source share supports this, then the backup can be taken without interruption to access of these files, which has been fairly standard for a while – so turn this on if you can.

The restore process is pretty much the same as PC / Physical Server, so I won’t go into detail on that part.

Virtual Machine

Both VMWare Hypervisor and Microsoft Hyper-V are supported Virtual Machine platforms. As I haven’t touched VMware for years, we’ll look at Hyper-V only. It’s worth noting that cross platform restores are supported – you can restore a Hyper-V VM to VMware vSphere too.

Creating a Hyper-V backup is again an easy process:

First, you’ll need to put in the Hyper-V Host details. If you’re trying to back up VMs on a Windows 10 laptop you have, there’s a few small requirements:

Set up WinRM by running ‘WinRM QuickConfig’ in an elevated command prompt. You’ll need to make sure none of your network connections are set to ‘Public’.

Have a local admin account ready to use, and allow SMB2 through the Windows Firewall by allowing ‘File and Printer Sharing’ on Private networks.

The Hyper-V Backup Task wizard will give you hints as to where you might be stuck, and at the end you’ll have your host listed:

The Hyper-V Virtual Machines will then be automatically detected and listed, but they’re not configured for backup yet – we need another task. Clicking ‘Create Task’ will start by asking you where you want your backups:

Then you can choose the Hyper-V VMs to back up:

One selecting, we have several settings we can configure:

The default options are shown.

Maximum quantity of concurrent backup device(s) can be up to 10.

Enable Changed Block Tracking – Only transfer blocks that have changed since the last backup, rather than all blocks to reduce backup times drastically.

Enable application-aware backup – Use Volume Shadow Copy to ensure consistency with backups

Enable data transfer compression – Suggested for slow networks to improve transfer rates

Enable data transfer encryption – Self explanatory :)

Enable source datastore usage detection – to prevent running out of space

Enable backup verification – Checks the backup when complete

Once you’ve selected the options you want, you’ll see the familiar Schedule Backup Task window, retention policies etc:

I always prefer an agentless backup where possible, so it was good to see no agent was required to backup Hyper-V VMs.

Backing up a Windows Server 2019 VM was rather quick – especially since the laptop hosting the VM was connected via Wifi.

Restoring is again pretty simple, you can navigate to the location of the backups and see a copy of the vhdx for each VM, with other files I expect keep other incremental change data:

The Restore Wizard starts by letting you pick witch platform you’re restoring to- Synolgoy Virtual Machine Manager gives extended options for management and recovery and is recommended for flexibility in production environments. For a lab, you should be able to get away without it:

Restore Type – Instant Restore and Full Virtual Machine Restore are the two choices:

You can then pick which VMs you want to restore and which restore points:

Restore Mode lets you choose if you’re replacing the current live VM, or restoring to a different location as a copy:

Finally, the summary screen with the option of automatically powering on the VM when complete.

Phew! That’s the runthrough of the backup types and restore options Active Backup for Business supports.

The dashboard gives a great ‘at a glance’ overview of everything going on, and we even have de-duplication of data! This is what it looks like with some real data in it, compared to the first screenshot of this post:

There’s a bunch of other first party Synology apps available too:

Plus third party apps:

And with solutions like Docker, you can use your Synolgoy to host many other solutions available in containers, and run them off this little black box.

I’ll say the same thing about Synology Active Backup for Business I did in my Synology Microsoft 365 Backup Review – this is pretty impressive for ‘free’. Yes, you have to buy the Synology DiskStation itself, and you’ll need disks, but that’s it. Even if you use it as a single nightly backup for having a local and quickly accessible restore point to provide as much business continuity as possible, it’s an entire solution at an incredibly cheap price point.

Because you can do both Microsoft 365 data AND Hyper-V VMs on this single device, it should be an option that any small to medium business should investigate. The interface is easy to use, the logs show detailed information about what’s going on – and even for a home business setup, it’s very much a set and forget event.

Migrating from a Synology 8 bay NAS to a 6 bay NAS

Posted on by Adam Fowler

I currently have a Diskstation 1813+ 8 bay NAS which is doing a great job, but since Synology gave me a 1618+ to review, and the 1813+ is 7 years old, I’m migrating over to that instead. The catch is that I have 7 drives already in the 1813+ in a single SHR setup. How do I get that across to the newer 6 bay NAS? This is actually a writeup of the planned migration, rather than the success at the end… and the goal is to reduce costs. I could just buy 6 new 10TB drives and have an easy migration!

Yes, I’ve lied in bed at night thinking about this and the best approach. I have 40TB of space, ~30TB in use in a SHR setup:

If I had somewhere to just copy 30TB of data to temporarily, it’d be easy. Copy the data off, move 6 of the drives, create a new SHR, copy the data back and done. Except, I don’t have 30TB of space anywhere.

It isn’t possible to take a disk out of the SHR setup (i.e. shrining the volume size and somehow telling it to abandon one of the disks), so I can’t get a disk that way. I can however, take one disk out and break it’s redundancy while moving data. Risky, but that could give me at least the 12TB disk to use as temporary space. That’s a start.

It’s unavoidable, I’ll need to buy some more disks for temp space. I can get two external 10TB Seagate HDD for $283AU each and use those as temporary space along with the 12TB disk. That’ll get me my 30TB to copy everything off while I juggle the rest of the disks.

That leaves me with 2x 10TB and 4x6TB in the old SHR setup. There is a limitation of SHR which is worth understanding:

For SHR: The capacity of the drive you intend to add must be equal to or larger than the largest drive in the storage pool, or equal to any of the drives in the storage pool.
Example: If an SHR storage pool is composed of three drives (2 TB, 1.5 TB, and 1 TB), we recommend that the newly-added drive should be at least 2 TB for a better capacity usage. You can consider adding 1.5 TB and 1 TB drives, but please note that some capacity of the 2 TB drive will remain unused.

https://www.synology.com/en-au/knowledgebase/DSM/help/DSM/StorageManager/storage_pool_expand_add_disk

What that means is, if I take the very slow approach of building up a SHR with just the two 10TB disks, then look to add more disks after, I can’t add a 6TB disk.

However, I can move all 6 remaining disks across and create a new SHR giving me a bit over 30TB:

Once that’s done, I can then copy all the data off the temporary 2x10TB and 1x12TB disks to the new Synology DiskStation 1618+. Great, except I want to use all four 6TB disks elsewhere and the end result would leave me with 4x10TB, 1x12TB and 1x6TB. I can’t remove the last 6TB disk without having an equal or bigger disk to replace it with, and I don’t want to but a third 10TB disk at this stage.

What I can do is set up the SHR being 1 disk short, leave out the last 6TB disk so I have 2x10TB and 3x6TB, which will give 28TB of space. Enough that I can then copy the contents of any two of the three temporary stoage disks (2x10TB and 1x12TB), and as they get cleared, add them to the SHR.

Each time I add a disk to the SHR it might take a day or two though – this process will take a while. I’ve got multiple points of failure (original SHR has no redundancy, single temporary storage disks all have no redundancy). I can only change one disk at a time.

Once I’m at 4x10TB and 1x6TB in the new SHR, I’ll have enough room to copy the 12TB of data off the spare disk, onto the SHR, then swap out the 6TB for the 12TB.

I also need to make sure for my own neatness, that the 6th bay doens’t have a drive in it at any time. Drives can’t be physically moved around in a SHR, so I don’t want to have 5 drives in a 6 bay NAS and have a ‘gap’ in the middle where there isn’t a drive. Not a dealbreaker on the move, but still :)

In summary:

  • Buy 2x10TB drives
  • Copy 20TB of the 30TB to the two drives I bought
  • Remove 1x12TB drive from SHR in the 1813+ NAS and break redundancy.
  • Copy remaining data to the 12TB drive mounted somewhere else.
  • Move 2x10TB and 3x6TB into the new 1618+NAS and create a SHR.
  • Copy the data off the 2x10TB drives to the new SHR.
  • Swap out one 6TB drive for a 10TB drive and repair the array.
  • Swap out the other 10TB drive for another 6TB drive in the array.
  • Copy the data on the 12TB disk onto the SHR.
  • Swap in the 12TB drive with the final 6TB drive.
  • All 6TB drives can go back in the 1813+ for other purposes

I think that’s my plan. I’ll update this post once I’m at the end of it (currently awaiting the arrival of the 2x10TB drives). Can you poke any holes in my plan?

21/07/2022 Long overdue update

The above did work, but I’ve moved a long way down the path since then. No 6TB drives to be seen, and I’ll do a new post about the updated setup – I’m now running 18TB drives! Still the same SHR and it’s nice that I’ve been able to continue to grow it without more muckarounds like the above!

Synology DiskStation Microsoft 365 Backup Review

Posted on by Adam Fowler

Synology sent me a new DiskStation to review after I’d acquired an older one myself to look at it’s ability to back up Microsoft 365 data (the updated name for Office 365). Being a Microsoft MVP in Office Apps and Services category, so I was very interested to see how it worked.

After reading up on and seeing that it was a completely free piece of software available as part of owning a DiskStation, I was hoping this would be a good solution at an incredibly low price – buy your DiskStation and disks, some time to set it up, and you’re done. To me, that’s already a very appealing offering, along with Synology having a good reputation for maintaining and supporting their hardware several years on – which was proved by the 7 year old DS1813+ I set up a few months ago.

I’ve left the new Intel-based DiskStation 1618+ – Quad Core CPU and 4GB RAM (expandable) running for about a month now, backing up my Microsoft 365 tenant’s data. I ticked ALL the options to see how it went. This tenant is just for me, so the data set is smaller than most tenants – but I do run a few live things through it like email and OneDrive. There’s also a little SharePoint Online data from Micrsoft 365 Groups and Teams I’ve played around with.

Here’s what the dashboard looks like now:

Some useful information there around what’s being backed up and how big it is. You might notice there’s a few errors on the summary. I drilled into those and each was because ‘The Microsoft Server is busy’, and a few minutes later it would try again successfully.

This is likely because I used a backup option to get incremental changes, rather than at a set time. Maybe I’m hitting it too much and getting blocked occasionally.

I know I’ve gotten ahead of myself here, so let’s go back to how to set this up. Assuming you have yourself a Synology DiskStation of some sort that supports ‘Active Backup for Office 365‘ – and which models are those? Here’s the list:

  • 20 series:FS6400, FS3600, FS3400, RS820RP+, RS820+, DS920+, DS720+, DS620slim, DS420+, SA3600, SA3400, SA3200D
  • 19 series:RS1619xs+, RS1219+, DS2419+, DS1819+, DS1019+, DVA3219
  • 18 series:FS1018, RS3618xs, RS2818RP+, RS2418RP+, RS2418+, RS818RP+, RS818+, DS3018xs, DS1618+, DS918+, DS718+, DS418play, DS218+
  • 17 series:FS3017, FS2017, RS18017xs+, RS4017xs+, RS3617xs+, RS3617RPxs, RS3617xs, DS3617xs, DS1817+, DS1517+
  • 16 series:RS18016xs+, RS2416RP+, RS2416+, DS916+, DS716+, DS716+II, DS416play, DS216+, DS216+II
  • 15 series:RS815RP+, RS815+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, DS415+
  • 14 series:RS3614xs+, RS3614RPxs, RS3614xs, RS2414RP+, RS2414+, RS814RP+, RS814+
  • 13 series:RS10613xs+, RS3413xs+, DS2413+, DS1813+, DS1513+, DS713+
  • 12 series:RS3412RPxs, RS3412xs, RS2212RP+, RS2212+, RS812RP+, RS812+, DS3612xs, DS1812+, DS1512+, DS712+, DS412+
  • 11 series:RS3411RPxs, RS3411xs, RS2211RP+, RS2211+, DS3611xs, DS2411+, DS1511+, DS411+, DS411+II

From the DiskStation desktop, open Package Center and follow these steps:

  • Find and click ‘install’ on the ‘Active Backup for Office 365’ package
  • Click ‘Activate’
  • Click ‘OK’
  • Choose the endpoint – for most it’s the default ‘Office 365’ option
  • Accept the very long list of permissions required using an admin account for your Microsoft 365 tenant
  • ‘Agree’
  • You need a shared folder to save the backups to – ‘Go to Control Panel’
  • Enter a name and description for the shared folder
  • Encypt the data if you like
  • ‘Next’
  • Make any user permission changes you like and press ‘OK’
  • Again choose the Office 365 option applicable to your tenant
  • Pick the user(s) you want to back up, and what data
  • Choose the ‘Site’ tab to select which SharePoint sites you want to back up
  • Press ‘OK’
  • Choose your backup schedule – I used Continuous
  • Review all the settings and click ‘Apply’

This was a very easy setup to do – I took screenshots of every step involved, but it barely needs an explanation for anyone who’s an admin of a Microsoft 365 Tenant.

The program will then go off and start backing up what you told it. The ‘Activities’ section of Active Backup for Office 365 will show any backups running, and you can also use the inbuilt ‘Resource Monitor’ to see upload/download speeds, disk utilization etc.

It’s also worth noting that the backup you created has an ‘account discovery’ option where it’ll find any new accounts created and automatically add them to the backup, which is great for not having to change backup settings each time you have a new user start.

Running a backup is great, but how do you restore the data? There’s a second app you’ll need, ‘Active Backup for Office 365 Portal’. Launching this will take you to a web interface where admins can browse all data, and users can browse just their own (user access can be disabled if you prefer).

On this web interface, you can then find the file(s) you want to restore, and restore them. You also get a nice timeline down the bottom so you can move backwards and forwards to see a snapshot of a certain time.

Although Mail, Calendar, Contact, and Site (SharePoint) support searching across all backups for names and contents, at the time of writing this isn’t possible for OneDrive backups. It’s worth being aware of this – if someone requests a file restore you’ll need to know exactly when from. I don’t see this as too much of an issue though, as OneDrive has great version control natively, and an automatic recycle bin – so you’d probably rely on the native solution for finding a file, but still it’s worth knowing this existing limitation.

That was the only slight negative I could find while testing. Everything else just worked, was quick to browse and restore, and incremental backups appeared to be on the DiskStation within several seconds after creating a new file in OneDrive.

Again, this is an incredibly cheap Office 365 backup solution. Some may question if you need to back up Office 365 at all. You could set up infinite retention against all content, so why take a backup? To me it’s a definite grey area, and partly depends how much you value the data. Microsoft may never lose your data, but will it be available 100% of the time? What if that important document is in your OneDrive and hadn’t synced down, and there was an outage? We’ve seen a few outages lately, including ones that have broken authentication – your data is still there, but you can’t get to it. In that scenario, having a local copy of something time sensitive could be worth it. Considering the relative low cost of buying a Synolgoy DiskStation – your disks are probably going to cost more than the unit itself, I consider it a pretty easy sell.