Categories
Homelab Synology

Automated Offline Hyper Backup USB Drive Rotations

Disclosure: some of the links below are affiliate links, meaning, at no additional cost to you, I will earn a commission if you click through and make a purchase.

I’m relatively new to the Synology device ecosystem and have been spending time learning the nuances of what I can and cannot do within it. As part of my overall backup strategy, one of the things on my list to figure out was: rotating multiple USB backup drives. I’m a big, big, fan of keeping a set of offline, air gapped backups. Keeping cold backups on standby is a great strategy in protecting yourself from ransomeware, data corruption, or a total system meltdown.

I already had Hyper Backup configured for other backup tasks and trusted its capabilities, so I wanted to use it for this job if possible, too. With a little trial and error, I have a working USB drive rotation solution using only Hyper Backup, a Thermaltake BlackX drive dock, and an iHome Smart Plug. The process is completely automated except for occasionally physically rotating the drives. I don’t have a robot to do that part for me, yet.

The drive dock is connected to the Synology NAS via USB. Any SATA drive can be dropped in and used for backups after a little first time configuration. I’ve configured two drives to rotate, but I don’t see why you couldn’t rotate more if you wanted. Prior to a backup task starting, the iHome Smart Plug powers up the drive dock, DSM mounts the drive, Hyper Backup runs the backup task, then unmounts the drive when it’s done. The unmount is a key step in the automation process. Unmounting the disk allows the smart plug to power down the drive without upsetting DSM, and gives you a chance to freely rotate your drives.

I have the smart plug and Hyper Backup configured to power up and run backup tasks twice a week in the middle of the night. The drives just need powered up long enough for your backup task to actually complete and a drive consistency check to occasionally run. Out of 168 hours in a week, one drive is only ever attached to the NAS and powered on for four of them.

Smart Plug Configuration

I chose the iHome Smart Plug because it’s compatible with Amazon Alexa, Google Assistant and HomeKit. It’s worked out so well that I bought two more for another project. Controlling it is simple; just download the iHome Control app from your respective App Store. Once the you have the device added to the iHome app, setting up a schedule is very straightforward. Here’s what mine looks like:

Drive #1 Configuration

1. After everything is hooked up, drop in your first drive. Login to DSM, open Control Panel, click External Devices, find your new USB Disk, then Format it.
2. In Control Panel, click Shared folder
3. Click Create to start the Shared Folder Creation Wizard
4. Enter a Name and Description, uncheck Enable Recycle Bin, click Next
5. Check Encrypt this shared folder if you want to encrypt your remote backups while at rest, click Next

  • If you choose to encrypt your shared folder, you will need to manually mount the shared folder every time your device reboots or configure Key Manager.

6. Click Apply
7. The Edit Share Folder window will appear, choose a user to have Read/Write permissions, click OK

Backup Task Configuration

1. Open Hyper Backup, click the + in the lower left corner, click Data backup task
2. Under the Synology section, click Local folder & USB

  • Click Local folder & USB (single-version) if you don’t need file versioning

3. The Backup Wizard will launch, toggle Create backup task, then click the Shared Folder drop down and select the share that you just created on your external disk, enter a Directory name; this will be the name of your backup file, click Next

4. Do not select any shared folders, click Next

  • Selecting no shares will save you time and hassle later. Hyper Backup will create an very small backup file that you’ll need to copy to your other drives later. Don’t worry, we’ll circle back and update these settings to actually backup shares.

5. Select any applications that you’d like to backup, click Next
6. The Backup Settings configuration is important and will vary by scenario, here’s the key points:

  • Check Remove destination device when the backup task has successfully finished; this what forces the disk to unmount after the task completes, allowing it to gracefully power off
  • Set the backup schedule to what fits your scenario; this schedule should match your smart plug config, but start a few minutes after so the disk has time to mount
  • Enable the integrity check to run during your scheduled backup window, after your backup task has had time to complete


7. After clicking Next, set your Backup Rotation settings; If you don’t want to think about it, choosing Smart Recycle is always safe—read more about these options here—click Apply

  • Skip this step if you choose the single-version backup task earlier

8. Choose to back up now
9. After the backup is complete, remount the backup disk
10. Open File Station, find your backup share and locate the backup file

11. Copy the .hbk to a temporary location off of the USB drive of your choice
12. Unmount the disk and remove Drive #1 from the dock

Drive #2 Configuration

1. Drop in your second drive, open Control Panel, click External Devices, find your new USB Disk, then Format it
2. In Control Panel, click Shared folder
3. Click Create to start the Shared Folder Creation Wizard
4. Enter the same Name and Description that you used on Drive #1, uncheck Enable Recycle Bin, click Next
5. Check Encrypt this shared folder if you want to encrypt your remote backups while at rest; again, use the same encryption information as Drive #1, click Next
6. Click Apply
7. The Edit Share Folder window will appear, choose a user to have Read/Write permissions, click OK
8. Open File Station, and copy over your backup .hbk file to the your new share

  • At this point, both drives should have identical share names with the same .hbk backup file inside of it

Backup Your Data

1. Open Hyper Backup
2. Select your backup task, then in the lower right corner, click Settings
3. On the folders tab, select all of the shares that you’d like to backup, click OK
4. With your backup task still selected, click Back up now
5. Go get a beer
6. Once the backup completes, pull the drive from the dock and drop in the other
7. With your backup task still selected, click Back up now
8. Go get a beer

Wrapping Up

After you finish hydrating, your drives are ready to rotate. Use the iHome app to power off the dock and wait for the automation to kick in.

Categories
Homelab Synology

Synology NAS USB Hub Support

Disclosure: some of the links below are affiliate links, meaning, at no additional cost to you, I will earn a commission if you click through and make a purchase.

I chose Synology DS918+ for a home office network storage device, but it came with a drawback: only two USB ports. I needed to attach four USB devices to fit my backup strategy: An external USB hard drive (Seagate 4TB Expansion USB 3.0), an external USB hard drive dock (Thermaltake BlackX), a USB attached battery backup (APC 1500VA),a flash drive (anything USB 2.0 will suffice), and of course, a USB hub.

From what I’ve read and what has worked for me, the key is to use a USB 2.0 hub. Sure, you’ll have to sacrifice transfer speeds to USB 3.0 devices, but that may be an acceptable trade off to you. I dusted off a powered Belkin hub that’s been sitting in storage for almost a decade and it has been working perfectly. While mine has been long discontinued, this hub should work just fine if you’re in the market. I have the USB 3.0 drive plugged into one port and the hub plugged into the other.

Here’s what everything looks like in DSM:

Categories
Homelab Synology

Backup a Synology NAS to a remote Synology NAS

Disclosure: some of the links below are affiliate links, meaning, at no additional cost to you, I will earn a commission if you click through and make a purchase.

Given the amount of security breaches in the news recently, I thought it was time to bring my personal data backups back under my control. I wanted control over everything and to not rely on a cloud provider to store off site backups. To me, with the amount of data I’m storing, the piece of mind is worth the cost. If there’s a data loss, I can only blame myself.

I’ve been running a Synology DS918+ for network data storage for a few months, which has exceeded all of my expectations. Especially after migrating from an outdated HP ProLiant MicroServer. Configuring DSM’s Hyper Backup to run local backups to an external USB Seagate 4TB drive was a breeze. After letting the process gain my trust, it was time to figure out how to ship backups off site. Previously, I was using CrashPlan to run backups to a set of hard drives that I would rotate through a Thermaltake BlackX docking station. Whenever I made the 100+ mile trip to my parent’s house, I’d pull the current drive, physically carry it with me, lock it in their fire proof safe, then take back the dated drive. A bonus was that I always had a backup in cold storage, which is essential for protecting yourself from ransomware.

The backup strategy worked well and I could probably recreate something similar on my new Synology platform, but it had a few drawbacks that I wanted to overcome. Of course, driving the backup drives back and forth wasn’t ideal. However, the biggest issue was: I had to remember to take and actually rotate the drives. Being human, rotating backups wasn’t always the first thing on my mind and I don’t make the trip very often. So, if I forgot to take a drive, the backup would slowly grow old and less useful. This time, I wanted to eliminate the sneaker net, remove any effort on my part beyond setup, and maintain control over the data.

While clicking through the Hyper Backup Backup Wizard to weigh out my options, I found that I could choose a Remote NAS device as a destination. The only problem was, I didn’t have another Synology NAS. You’ll want to pick the device that best fits your needs, but consider that as a backup device, you likely won’t need all of the features of your primary storage device. Here are some options that won’t break the bank:

  • DiskStation DS118
    • Low cost with one drive bay, but offer’s no RAID for drive redundancy
    • Maximum raw capacity of 12 TB
  • DiskStation DS218+
    • Two drive bays; supports RAID for drive redundancy
    • Maximum raw capacity of 24 TB
  • RackStation RS217
    • Rack mountable
    • Two drive bays; supports RAID for drive redundancy
    • Maximum raw capacity of 24 TB

I already had a small wall mounted rack at my parent’s, so I ultimately went with the RackStation RS217. To cut some costs, I re-purposed a few old 2TB drives that I had laying around. As a backup device, their performance doesn’t really matter to me and RAID will allow for one drive to fail. If you’re going to buy new drives, I highly recommend Western Digital Red. They’re purposely built for NAS devices and have a reputation for reliability.

Going forward, I’ll assume that you already have the basic setup with volumes created complete on both your primary and backup NAS devices. You can approach your remote backup configuration one of two ways:

  1. Install your  Backup NAS at a remote location from the start, then backup your entire data set over the Internet.
  2. Temporarily install you backup NAS locally, seed your entire backup set over your local network, then move the device to a remote location.

Since I’m backing up ~2TB of data, I went with the latter option to avoid waiting a month to complete the first backup. So, that’s the process that I’ll be covering below.

Prerequisites

  1. QuickConnect ID setup for backup NAS device on our local network.
  2. Configure port forwarding to the Backup NAS; this process will vary depending on your network configuration. If you already have ports forwarded to your Primary NAS, you’ll have to choose new ports to avoid a conflict. Here’s what my configuration looked like on my Ubiquiti Unfi Security Gateway (USG):

Backup NAS Configuration

1. Login to DSM
2. Open Package Center
3. Under Explore, click Backup
4. Install Hyper Backup Vault
5. Hyper Backup Vault requires no configuration
6. Open Control Panel
7. Under File Sharing, click Shared Folder
8. Click Create to start the Shared Folder Creation Wizard
9. Enter a Name and Description, uncheck Enable Recycle Bin, click Next
10. Check Encrypt this shared folder if you want to encrypt your remote backups while at rest, click Next

  • If you choose to encrypt your shared folder, you will need to manually mount the shared folder every time your device reboots or configure Key Manager.

11. Click Apply
12. The Edit Share Folder window will appear, choose a user to have Read/Write permissions, click OK

  • Best practice is to create a dedicated user account for remote backups.

Primary NAS Configuration

1. Login to DSM
2. Launch Hyper Backup
3. Click the + in the lower left corner, click Data backup task
4. Click Remote NAS device, click Next
5. Leave Create backup task toggled
6. In the Server name or IP address field, enter your Backup NAS QuickConnect ID

  • If you click the drop down, the Backup Wizard will attempt to locate the Backup NAS on your local network. You do not want to do this. Configuring the backup task using the QuickConnect ID will force Hyper Backup to connect over the Internet, which is essential once the device is moved to the remote location.

7. Set Transfer encryption to On
8. Leave Port set to 6281; ensure that the port is forwarded to the Backup NAS
9. In the Username field, enter your Backup NAS user account
10. In the Password field, enter your Backup NAS user account password
11. Click the Shared Folder drop down, the Backup Wizard will now connect to your Backup NAS and list the backup shared that you created earlier, click the name

  • If you receive an error here, double check that your Backup NAS network configuration and port forwarding at your router.

12. In the Directory field, give your back up directory a unique name
13. Click Next
14. From this point forward, the remaining Backup Wizard configuration is no different from configuring any other backup task; choose the shared folders that you want to backup, click Next
15. Select any DSM applications that you want to backup, click Next
16. In the Task field, enter your backup task name
17. Check Enable task notifications if you want to receive notifications when the job runs
18. Check Compress backup data
19. Check Enable backup schedule, then configure the run at time

  • Consider that you’ll be backing up over the Internet and your backup speed will be limited to the slowest Internet connection in the pair. The frequency should be at least far enough apart to complete an average backup.
  • You can leave this field unchecked if you want to manually run the backup tasks yourself.

20. Check Enable integrity check schedule; the default values will suffice,  but you can uncheck this field to run integrity checks manually
21. Check Enable client-side encryption if you want the backup encrypted at the client, click Next
22. Check Enable backup rotation
23. Configure backup rotation settings

  • Rotation settings should be set to fit your backup scenario. If you don’t want to think about it, choosing Smart Recycle is always safe. The Synology Knowledge Base has more information on this topic if you’d like to learn more.

24. Click Apply
25. Run the back task to begin seeding your backup

Wrapping Up

Once the backup is complete, reinstall your Backup NAS at a remote location. The piece to remember here is that you must reconfigure the proper port forwarding at the new location. Otherwise, the remote backup task won’t be able to connect and fail.