On March 24, 2020 Tulsa issued a COVID stay at home order. As I locked our office door that night, I had no idea when I’d be back. My real concern wasn’t work-related, it was the April 19 due date of my daughter’s second child, exactly on what was predicted would be the very worst day for COVID hospitalizations in Tulsa.
How naive that seems now.
Thanks to our office Synology I’d set up for remote access months before I wasn’t worried about our ability to work from home.
There are two ways to provide remote access to a Synology. The complicated one involves opening router ports, obtaining a static IP address or subscribing to a service like DynDNS, then activating a VPN to provide secure connections and keep randos out.
The easy, quick, all but point and click way is to use Synology’s free Quickconnect service. Quickconnected Synologies register their presence with a Synology server and update it whenever an ISP changes its IP address; that’s DynDNS-type service for free. No VPN required. No need to open router ports and expose the Synology to those randos pinging around the ‘net looking for vulnerable ports.
This is very similar to, likely exactly the same as, how Apple’s MobileMe encrypted connection service worked.
There’s an obvious point of insecurity in Quickconnect. Synology becomes by definition a “man in the middle.” A computer seeking to connect to a given Synology sends its data, encrypted, through Synology. Synology’s virtual switchboard then identifies the right unit and establishes a connection. In theory, it’s possible Synology could read the traffic. I concluded, after watching Father Robert Ballicer’s recommendation in favor of Quickconnect security, the risk was lower than if I managed to geek out and set up that VPN while leaving router ports open for those randos looking for them.
Once a Synology can be accessed by a remote computer, whether Quickconnect or another method, it’s possible to enable Synology Drive. Drive works very much like Dropbox; it puts a folder on the local computer and auto-syncs everything in a related shared folder on the Synology. Synology Drive folders can be accessed on multiple systems simultaneously. Drive honors application file locking, which helps protect data from being overwritten by blocking access by more than one user to files in programs, like LibreOffice, which enable file locking.
Once the Drive folders are set up the files in them are instantly available on local systems because the folder on local computers and the Synology are constantly and automatically synced.
This means files can be shared with authorized users, across the net, without putting them in a third-party cloud, simply by adding them to a Synology Drive folder.
This is an enormous time-saver. It means users can work directly from files accessed with local speed but which, when saved, automatically transfer to the Synology and then to other users.
Pretty much ends the question, “do you have the latest version?”
Set up correctly, everything is encrypted and can only be accessed through the Synology switchboard server with the correct user-configurable ID for the Synology unit, the complex user-created password, and, yes, a Google Authenticator Two Factor Code unique to that Synology.
I’ll close with a brief overview of Synology backup.
Thanks to Synology Drive, our main working files, which are all in Drive, are simultaneously stored on multiple computers. Several computers and the Synology itself could die at the same time and all the files would still be available on more than one local system.
Our main Synology is the same 1019+ model Allison and Steve have. But even with decades of work files and scans of whole drawers of legal documents, our work files fit comfortably within the 2 TB provided by 5 500 GB Samsung SSDs.
That 1019 backs up daily to an older DS-213+ model stored in our office’s fireproof vault. I also regularly back up the 1019 to local USB-connected drives I rotate in and out of the vault.
Whatever the backup target, Hyper Backup creates an impenetrable encrypted “blob,” file type .hbk. I tried every method I could to open one without success – which doesn’t promise a three-letter agency couldn’t do better. After the original is on the drive, subsequent backups are incremental. Users can specify how many incremental updates to keep to save storage.
If needed, it’s easy to access an .hbk “blob” using Synology’s free Hyper Backup Explorer program available in versions for Mac, Linux, and Windows.
Mac users are familiar with such “blobs” as the Hyper Backup .hbk file works much like an encrypted .dmg – when mounted it’s much like reading a normal external drive.
Synology makes it relatively easy to backup to a cloud service. As COVID cases started rising I decided to add a cloud backup to ours and chose Google Drive which is free in our grandfathered Google for Charities Account. My original backup to Google required “2 Days, 9 Hours, 8 Minutes, and 3 Seconds.” Thursday’s nightly incremental backup took just 4 minutes and 40 seconds.
It is possible to back up one Synology to another, over the Internet, using Quickconnect. I had the office Synology doing that to mine at home but I must have changed a security setting on one or both as the backup now times out instead of backing up. Curiously it does fine when the two Synologies are both attached to the office local network.
As I conclude this I’ve just received an email from the office Synology – there’s a lightning storm over the City – which is probably why the Synology briefly switched to its stout Uninterruptible Power Supply. Be sure to have one – and check its status and battery condition.
I’m providing some helpful Synology links: