Home •Search •Dr. Hain •Clinic website •Information for Dizzy Patients •Music •FLW • Various and Sundry
See also: playing around with linux using your Synology NAS
Bottom line: The Synology NAS devices are not safe for a medium sized business or a home. They are not commercial grade.
We right now would favor getting fiber and using an encrypted cloud backup for the backup portion. We are not sure how to deal with the need for large amounts of fast local storage.. Probably the best idea is to buy a large device (i.e. 8 slots), use a very safe RAID format (i.e. raid 10), and put in lots of memory. The QNAP device (reviewed here) works much better than the Synology devices, probably because it has these characteristics, and as well because the QNAP people seem to be pulling ahead of the Synology people year over year.
Medical practices use a lot of files, and one needs a secure place for them. If one loads them into one's EMR system, then you are "locked" into that particular EMR forever. Of course, nothing is forever, and EMR companies are always going under or merging. In other words, a prudent person puts as little data into their EMR as possible. This also prevents "EMR bloat" -- you ask for 2 days of hospital records and end up with 500 pages of computer generated garbage and redundant copies of the same data.
Dr. Hain thinks that small medical practices should use a distributed computer model, with several servers. The point of this is to be safe, and also to separate data (i.e. reports) from notes. The Synology 415+ device with hardware encryption should be much faster than the older devices with software encryption, and tentatively it sounds like a great idea. There are just so many problems though -- we don't think anybody should be getting the Synology devices for commercial purposes (see all of the painful detail below). Medial practices have a LOT of data -- we are talking here about many T-bytes. Medical data is not something you want to have in the cloud as it costs too much, and even worse, who knows who is looking at your data. So encrypted NAS is pretty much your only option.
Well -- getting back to what I can directly comment on -- lets consider the Synology 412+ NAS, and related devices (we now have several 1813 NAS). These are electronic file cabinets. They are very fast, small "appliances" for file saving and backup (i.e. it doesn't need much expertise to get it going). Although a reasonable configuration costs about $1500 (box, hard-drives, UPS, gigabyte switch), compared to the cost of a business crash, it is cheap. It does not need any substantial support -- as it has a nice GUI, and doesn't require you to get "into the guts" of the Linux operating system.
The Synology box is a Linux box. Understandably, they do not provide documentation for Linux -- they don't even mention the distribution that they base it on. That's probably a good thing as users really should not be fiddling with the internals (it is horrifyingly dangerous). Still, it could use a LOT better documentation. Many critical functions are completely undocumented, and are basically trial/error.
- The Synology boxes are not anywhere near "rock solid". They fail, usually for inexplicable reasons, roughly 50% of the time. The more you poke them, the more they fail. Sometimes very critical things fail (like nfs mapping). Keep this in mind. The support is so lacking that you will likely be down for a long time. Buy three (yes really) if you can, use one to mirror the other, and keep the third one as a spare. Bigger boxes are more stable. Do not purchase a 4-drive box unless you are very fault tolerant. Perhaps more accurate is -- don't purchase a 4-drive box at all unless you don't care much about your data.
- Let me emphasize again - -Do not rely on Synology boxes. Do not assume they will work. Assume they will fail. They are not a business class server - -they are consumer grade backup boxes.
- Synology software is buggy. If you have something important to keep safe -- don't use Synology software. Just use your Synology box for basics. A place to backup files.
- Synology NAS systems are fragile. Do not look too hard at these boxes. Do not even think about jostling them. Do not eat crunchy potato chips - -they are hot, they run all the time, and they don't like movement. Do not store your NAS on your bookshelf (because when you take down a book, it may crash).
- When something goes south -- perhaps you ran a Synology program, and all of a sudden -- everything is dead. Your first step -- turn it off, and then turn it back on.
- Synology boxes are not fast enough to backup in a reliable way to an optical disk. To do this, you have to copy from the NAS to a local USB hard drive, and then move the USB drive to your windows PC. Of course, nobody uses optical disks anymore, so this doesn't matter much.
- When your Synology NAS crashes, it can take your entire network down too. These boxes put out crazy amounts of garbage on the network when they go down. Or in other words, if your network goes down, a good second thing to do (after turning off your NAS and turning it back on) is to unplug your NAS from its network cable. This has happened to us over and over (we had about 8 of these boxes). We are gradually getting rid of them.
- When they break, nobody from Synology will help you. You are on your own. Lets imagine -- your business NAS goes south. You email customer support. One week later, you get a useless email back from Synology. Think about this.
- Synology NAS boxes gradually degrade over years. After 5 years, they are all either broken or very slow. We don't know why -- perhaps errors in the chips.
The thing to know about Synology is that bigger means both more storage and faster hardware. This means that usability is not proportional to the # of disks, rather it increases with roughly the square of the # of disks. Remember that hard disks are mechanical devices, and that all mechanical devices will fail. The idea of a NAS is that you are trying to preserve your data. This is not so easy when you use mechanical drives that keep failing, and cost quite a bit each. One should PLAN to periodically replace hard drives, and one should keep a spare hard drive around to "pop in" as soon as one fails. This is bound to happen. The disks do not have to be the same size. You can put in a much bigger one.
Another way to put this, is that the cost of the Synology devices goes up linearly with the # of drives, but the utility goes up as the square. We think that the best cost/benefit ratio would be two 1515's, but the cost for this solution is very high (think 16 hard disks -- about $1600, and 2 expensive NAS -- about $700 each).
Once you realize this, other options become a little more logical -- such as using a fast Linux server running on a small box like the "gigabyte" BRIX, and a set of two disk arrays - -ideally 4 each, that have a built in RAID. This could provide one with both a fast operating system as well as doubly redundant storage.
Synology bundles in with their file server a "cloud" application. In typical Synology style, it is almost entirely undocumented, and one has to "discover" what it does by trial/error. First, lets be clear -- this is not a "Dropbox". It much less sophisticated. There are two critical differences.
On the Synology server, you can assign "shares". There is no finer control -- if you have 1000 gig on the synology server directory, it will attempt to "sync" 1000 gig to your home PC. Not very useful, as too much for a sync. They need finer control. Dropbox does this.
On your synced Windows PC as well as your Synology server, you are given a different directory for uploading than downloading. You have to discover the directory yourself -- Synology does not tell you that the files you put on your PC end up in your home directory on the disk station. It does not tell you that the files you put into the synced directory on your Diskstation, end up in a directory under /users/NAME. You have to figure this out yourself. This lack of documentation is shameful.
As recent events in 2014 with the "synlocker virus" have shown, it is crazy to put a Synology box on a public IP address. This means that this application should be never used.
This is another installable program that essentially "offloads" the syncing process of Dropbox (or whatever cloud you like) to a synology station. You can then attach the synced share drive. This gets rid of the local computer overhead of dropbox. This is a good idea but it doesn't work. It takes a lot of processing resources, and you should keep this in mind. First, this application is hamstrung by some of the super slow hardware that Synology puts on their boxes. The "216" is an awful choice for this, as it is as slow as molasses in January. It is faster with the bigger boxes, but the core problem is that it breaks. Frequently.
Imagine -- you are depending on your sync application to keep a local copy of a large dropbox at home synced with work. Then all of a sudden, it stops working. You don't notice. A week later, you figure out that Synology (or Qnap) failed again. This happened to me.
Another thing that happened -- QNAP updated their sync program. It not only didn't work, but it didn't stop either. Imagine -- doing a local "delete" operation and having it propagate to the cloud. Awful situation.
A much better solution is to map a large ISCI drive from your NAS, and then use the dropbox application running on a PC. Setting up an ISCI drive is well documented on the web. With a little difficulty you can find the place in the Dropbox app to change the root directory. Then things are good -- the NAS does what it is good at -- file handling, and the Dropbox program does what it is good at. Of course, it costs you more money -- you have to come up with a PC that can just sit around all day and do dropbox.
There are two backup problems for file servers -- using it to backup other devices, and backing it up.
For backing up other devices -- Synology does not help you. You have to find a suitable program yourself. We use "Syncovery -- AKA super flexible file synchronizer" on Windows. It is very good. There are some problems here too involving logins-- the problems involve permissions of the Syncovery service-- but you can configure this program to do the job through some difficult to find parameters.
For backing up the Synology device, Synology has a several programs. Of course, you have to have a huge device to back it up. The "time backup" application of Synology looks superficially good, but actually it is useless -- when your NAS crashes, time-backup crashes too. So what is the point. If you write everything on one drive to the other, you wear out your disks.
Strangely enough, large file system copies -- i.e. copy 1TB from this to that Synology NAS, take days (yes!). We are not sure if the NAS does this on purpose, or if it is just so slow that it really takes this long. So -- if you have a crash and need to restore for backup, plan to be down for a long time. Or better, make your backup a "mirror" device, and then just swap the pointers.
One of our major crashes was triggered by attempting to backup a synology NAS. Very dangerous.
The hi-availability server has been a minefield of issues. I use the word minefield, because the problems are hidden, and gradually pop up as one proceeds down the garden path. Here they are.
The Hi-availability configuration has, in our experience, crashed twice in the last 6 months. When it crashes, TWO devices go down, not one. You double your risk. This appears to be due to Synology software problems. We spent a lot of money on SSD's, and enterprise drives. They did not help. The pattern seems to be that the smaller boxes just don't work. Do not use the 4-hard-drive diskstations for this. This "feature" doesn't work.
1: After plugging in the "heartbeat" cable, both the passive/active server became inaccessible. I found this difficult to understand, and after it happened many many times, I asked support if a cross-over cable was needed. The answer was no. Finally, I managed to get around this by using a PC on the same switch as the two servers. I also turned off the switch I was using and turned it back on after plugging in the heartbeat connector. I don't know which of these worked, but perhaps this will help someone else. The error messages were not helpful at all.
2. Next I got a menu asking for the IP address/mask of the new cluster. I made up a new name, and I put in a vacant local IP address with our usual network mask (255.255.255.0). The documentation was silent on what to put in, and there was nothing from users online -- so hopefully my guess was right. The lack of user feedback online is disturbing.
3. The next issue I ran into was that it refused to proceed saying that the SHR needs to be turned off on both servers. As SHR is set up by default on Synology servers, this must be a problem for most users trying to get this working. However, there is nothing online about how to do this. Again, the lack of user feedback is disturbing, and I wonder if anyone else has ever gotten this far.
4. After I cancelled the HI-AVAILABILITY installation (not knowing what to do next), then all of my networked shares became unavailable. Perhaps they were unavailable at an earlier step too -- just don't know. I rebooted both the active and passive server, and 10 minutes later I got them back again.
This was not a good experience. I hooked up the wireless and bluetooth to an 1813+, it connected to the network, but the whole box became a boat anchor. One could not even look at the files on the thing, although it did put up the web management page. In other words, it "looked" as if it was working, but it wouldn't do anything at all. I suppose because network connectivity was gone. It only started to work again after I removed both the wireless and bluetooth. It didn't work even when I "disconnected" the bluetooth in the software management. I was unable to "disconnect" the wireless, as the software just refused to do it (even after I removed the dongle).
The wireless/bluetooth connectivity of the Synology 1813+ box needs more work. It seems to me that wireless/bluetooth should be "built in" to these boxes. With consistent hardware, perhaps the bugs could be worked out of the software.
The Bluetooth also failed on the QNAP. Looks like this is a bad idea for a NAS.
Amazingly, some smart but malignant hacker wrote a version of "Cryptolocker" that specifically targets the Synology NAS. Our IT guy was adamant that the Synology NAS does not belong on any public IP address. Clearly he was right -- you don't put an appliance that contains valuable data on a public IP address. It is suicidal.
This means that nobody with important data should be using Synology remotely either. VPN is OK, but "dynamic DNS" is not.
The idea is a good one - -why not put the processer at work indexing content. However, Synology did not come even close to getting this right. It is sooooo slow. Content indexing takes a lot of processing. The interface is very crude. These boxes don't have much of a processor. We think it would be best to turn this off. However, Synology does not allow you to uninstall this thing. The best you can do is to configure it so it never runs.
It is astounding that these boxes work at all given their tiny amounts of RAM. The 412+ has only 1 gig of RAM. The 1813+ has 2gig installed (wow) and an option to put in another 2 gig. I bought another memory chip, but when I tried to install it, I could not find a screwdriver that would open up the Synology box. Perhaps one has to buy one from Synology or drill out the holes. As the 1813+ is pretty much just a 412+ with 8 drives instead of 4, one might wonder why bother with the extra memory. Still, it is a lot better to have 8 drives as when one of them fail, you are better protected.
Encryption - -newer versions of Synology hardware come with "hardware encryption". So what does this really mean ? Well, if someone picks up your Synology box, and takes it home, they will not be able to read your data lacking your "encryption key". That's good. It also means that whenever there is a crash on a box that is just being used as a straight NAS (lets say every few months), nothing will work until someone who knows the encryption key, goes to the Synology diskstation admin panel, and remounts it. That's annoying, but these things do crash. Eventually of course, it is 100% certain that any hard disk will crash.
The Synology web server, as well as almost every other aspect of the Synology software, is inadequately documented. To get it working, requires some poking into internal config-- for example, to get the virtual host working. No documentation about this. While it uses Apache/Mysql, the configuration files are hidden, and you have to use Putty or SSH to get to them. We would guess that if there is some sort of system update, all our modifications to get Mysql, phpmyadmin, etc working (for example), may vanish.
Amazingly enough, the Synology help files cannot be printed. Imagine for a moment that you want to install some docker application on your Synology disk station. (not a good idea, as anything you put on a Synology box to play with will make it less likely that it's core functions will continue). Docker installation is not easy -- there are about 20 pages of documentation, complete with misspellings of common English words, how to do it embedded within the Synology help system (for 5.2). You cannot take the straightforward approach of printing off the documentation, and then going through the docker torture step by step, from hard copy. You have to run the help in one window, and the docker config in another.
The Synology linux component also seems to be explicitly unsupported, and subject to change at the whim of the Synology company - -in other words, if they "update" their linux system, then everything may stop working.
My experience with the email technical support has not been great either. In an early email interchange, when I was disturbed concerning file permissions, the tech person who responded told me that I should seriously consider buying a Windows server. A more responsible answer would be to join the active directory domain (which worked). Hope that this guy moved on to a less challenging job.
The Synology tech-support guys evidently hate providing tech support so much, that they try to send their customers to the competition. Sales must be good. Anyway, this device is a nicely engineered Linux box, but it is unsupported. Don't count on it working, and don't count on getting it fixed if it mysteriously fails either.
Synology does not have any method of updating your domain users other than you clicking on the update button -- yourself. You have to locate it in the control panel, and click on it. Domain services will shut down for a minute or so, and then come back updated. This is silly and unsafe (it should update itself every day). It is easy to see how an unwanted login could persist on the NAS, even though it was deleted from the domain server, as the "administrator" of the NAS has to go to each device, find this button and click on it.
|© Copyright September 20, 2020 , Timothy C. Hain, M.D. All rights reserved.|