Table of Contents

: Install process
: New notification options
: WORM folder protection
: Container Manager (Docker)
: Secure SignIn new features


📢
INFO: 08/03/2023 10:00 CEST - the DSM 7.2 beta page is back online and working. Use the link below.
📢
INFO: 07/03/2023 18:00 CEST - The DSM 7.2 links at the moment are redirected to the 7.0.1 landing page.

As of today, 07/03/2023, the new DSM 7.2 BETA is available, as it was announced during the 2023 and Beyond event at the end of last year.

Synology 2023 and beyond recap and news
Synology 2023 and Beyond event recap. New WRX560, DSM 7.2, upcoming x23 NAS models like DS923+ and DS723+, and much more

The installers are listed on the beta portal accessible on the following URL.

https://prerelease.synology.com/en-global/download/dsm72_beta

⚠️
WARNING: This is beta software! Do not install this on your production environments! Rollback is not officially supported. Make sure to have a backup in place before using this version!

The current version is DSM 7.2 - 64216 and the following release notes are below.

⚠️
IMPORTANT: There are certain limitations with this version in terms of device and package support! Be sure to read the notes before moving forward with the installation!

Important Note

  1. This beta software is for evaluation purposes only and should not be installed in production environments. Synology cannot be held responsible for any damage, such as accidental data loss, caused by this beta software.
  2. After installing this update, you will not be able to downgrade to a previous DSM version.
  3. This update will restart your Synology NAS.
  4. Starting from this version, logs for drives will no longer appear in Storage Manager > HDD and will be available only in Log Center.
  5. Removed the "Automatically create port forwarding rules" option from QuickConnect advanced settings to increase network security.

Known Issues

  1. Users of Surveillance Station should keep their current DSM version. The package update compatible with this DSM version is currently in development. Once the package update is officially released, it will be available for download in the Package Center.
  2. This DSM update is not applicable to the following models: DS418, DS218, DS218play, DS118 and HD6500. The update compatible with these models is currently in development and is scheduled to be available in the next release.

What’s New

  1. Added support for WriteOnce shared folders. This feature is based on the Write Once, Read Many (WORM) technology and can be enabled to prevent files from being modified, deleted, or renamed for a specified period.
  2. Added support for volume encryption. All volume encryption keys are stored in the Encryption Key Vault, which can be set up on a local Synology NAS or via KMIP on a remote Synology NAS.
  3. Added more Synology NAS models to support M.2 NVMe SSD storage pools. Learn more
  4. Added more SSD cache group management options, including changing the RAID type and replacing a drive.
  5. Added support for inline zero-block removal to increase the efficiency of data deduplication.
  6. Adjusted how drive information is presented in Storage Manager. Users can now quickly check the condition of their drives by looking at the "Drive Status" field.
  7. Users can now view the amount of used and free space for each storage pool and volume in Storage Manager.
  8. Added a warning notification for when the available shared folder quota is low.
  9. Supports deleting individual desktop notifications.
  10. Supports sending DSM notifications via additional webhook providers, including LINE and Microsoft Teams.
  11. Supports creating custom notification rules for system events, giving users greater control over what notifications to receive.
  12. Supports exporting a list of users and of groups.
  13. Added support for SAML to integrate DSM with external SSO servers.
  14. Added the option to allow non-admin users to safely eject USB devices.
  15. Users can now manually input the IP addresses or FQDNs of one or more domain controllers in the trusted domain. This allows Synology NAS to sync domain data directly with the specified domain controllers.
  16. Users can now enable Synology's email server to send DSM notifications directly to their Synology Account.

Limitation

  1. S.M.A.R.T. testing for M.2 NVMe SSDs is no longer supported.
  2. Starting from DSM 7.2 Beta, Virtual Machine Manager will no longer support creating clusters with older DSM versions. Please update each host in the cluster to the same DSM version or above versions for the Virtual Machine Manager cluster to operate properly.
  3. Virtual DSM running DSM 7.2 Beta requires Virtual Machine Manager 2.6 or above.



Install process

The installation process is almost identical to all the current DSM 7 installations.

A friendly reminder to enable the 2FA for the account
DSM 7.2 - 64213 beta is up and running



New notification options

One of the first things that we can see is the notification on the DSM desktop that is inviting us to set up a new notification setup.

DSM 7.2 notification section

The notification section has been remapped compared to 7.1.1. version with the removal of the SMS tab (it is now part of the webhook provider), and separating the Push and Webhooks options. One of the biggest changes here is the ability to change the actual event option and their values. This means an option to change two variables and any event messages.

Only two variables can be altered
But on the other hand, we can now change any message body for any message

This will for sure help out to bring out localized errors for your users in case the DSM itself does not support your language.

As seen in the first image, the email notification channel still exists and now uses Synology's email server ([email protected] as the sender's email address) to send all notifications that are generated in DSM.

We need to log in to an existing Synology Account for all this to work, but other than that, there is not much to configure here if we choose this method.

Push services on the other hand are quite simple in configuration, there is just a simple requirement to download and install DSFinder mobile app and activate the Push service options inside it.

On top of device push notifications, we have the option to choose a browser-based notification that will again be coordinating with Synology's notification.synology.com web service

Just confirm to grant the browser permissions for Synology's notification service

Last but not least, webhook options. Now, in DSM 7.2 webhooks have had a bit of an update in terms of providers. So no longer do we have Synology Chat and the rest of the world. Now there is official support for Microsoft Teams, as well as LINE.

Webhook providers in DSM 7.2

One example of a custom webhook integration would be with Mattermost. Configuring incoming webhook on the Mattermost side we can use that URL in the configuration wizard. The result would be that all notifications (or rule categories that were chosen) are shipped to the desired channel.

Choosing the rule category, and entering the destination webhook URL
Depending on our webhook provider there might be a need to configure more headers, as well as select a specific content type and edit the body of the payload
As a result, any notification that has been sent from the DSM side will land a push notification inside Mattermost, thanks to the webhook integration

What notifications are being delivered will depend on the rules chosen for the webhook or email channel of communication (push notifications have no option to select specific rule categories).

On top of the three predefined rule categories (those can't be deleted or changed), we can make our own. This option in a combination with editing the events themselves is indeed a breath of fresh air when it comes to notifications.

Build rules that match your needs



WORM folder protection

The new WriteOnceReadMany folder protection is part of the shared folder creation wizard. As compared to the 7.1.1 version, the second step in the wizard will offer both encryption and WORM security features.

WORM settings
💡
INFO: The WORM feature will work only on BTRFS volumes, so be sure to create the folder on a compatible pool/volume

WORM works in two modes, enterprise, and compliance. The former will allow only administrator class users to delete the shared folder while the latter will not allow anyone to do the same.

On top of this, the auto lock settings will further protect the data with the use of lock and retention options.

WORM mode options and settings

In case we select the creation of a folder in compliance WORM mode, there will be a final warning, sort of a "point of no return" telling us that we will not be able to delete the folder once it is created.

WORM compliance folder - no option to delete it

The created folder will have its settings listed in the control panel as expected, and any additional modification on the WORM side of things will not be possible.

⚠️
WARNING: If the setting was not activated during the creation of the folder we will not have the option to activate it at a later date, the same as with the data checksum option.

WORM settings are locked and can't be changed once the folder has been created



Container Manager (Docker)

The new Container Manager (Docker) app as part of the new beta stream

While most beta versions of various DSM apps are updated to accommodate the new 7.2 version, some of them have had new features in them. One example is the Snapshot Replication which needs to be updated in case we want to replicate WORM folder.

Out of all packages, one package, in particular, has had a lot of love in the recent version, and that would be Docker, or as they call it in the latest version Container Manager.

The Docker package in DSM 7.2 has a new name and look, meet the Container Manager


Important Notes

  1. Container Manager is the successor of Docker and will be available for updates in Package Center.

Compatibility & Installation

  1. Container Manager 20.10.3 requires DSM 7.2 and above.
  2. Added support for the following models with the ARMv8 architecture: DS223, and DS420j.

What's New

  1. Revamped the package icon and user interface for a better container managing experience.
  2. Supports Docker Compose on the Project page.
  3. Supports displaying the health status of containers.
  4. Updated to be compatible with Docker Compose 2.5.1.
  5. Supports automatic update detection for images with the "latest" tag.

Fixed Issues

  1. Fixed an issue where the package might not be able to run after a DSM update.
  2. Minor bug fixes.

Limitation

  1. Docker Swarm is not supported on the following models with the ARMv8 architecture: DS420j, DS223.

As we can see in the release notes, apart from the look and feel, the CM has added support for docker-compose (Projects) and a big deal for many users, support for ARM8 CPUs. This means that some J models as well as value series are becoming Docker-capable, nice!

The main addition here is the mentioned docker-compose functionality. The editor includes syntax check and correction, so anyone not willing to use Portainer or pure command line, to run compose files, can use the webUI in the new Container Manager.

Docker-compose support with Container Manager
The process of the docker-compose will show up as soon as the creation of the container has been completed
The compose project will have YAML configuration as well as statistics options but no option to change the compose unless the container stops beforehand
Container details also got more information and options in terms of statistics and settings

As expected we can't edit settings until the container has been stopped, but that is to be expected. All in all a nice surprise I have to say, and a great effort from the Synology team that goes to show that they do support micro-services and containerization in general.



Secure SignIn - new features

I have written about Secure SignIn in the past when it was first got released as part of the new DSM 7. This time around there are several new features that will make use of your biometric-capable device as well as the new Passkey (Apple macOS/iOS feature).

DSM 7 - Synology Secure SignIn
See how you can use the new Synology Secure SignIN feature to log into your NAS using your mobile device
Initial Secure SignIn article

In order to configure and use Secure SignIn, we need to have DSM access configured over HTTPS and that excludes the QuickConnect option. So, DDNS or custom and valid 3rd party domain have to be in place before we can continue with the configuration.

As always, 2FA options are under Personal settings in the main user menu (upper right corner). Under the Security tab, there are now some new features when we select the 2FA option.

Sign-in method options
On top of Synology's Secure SignIn mobile app, or a 3rd party app (like Authy) we now also have more hardware-based login options
New Passkey and FaceID options

In DSM 7.1, USB and TouchID were the only options, so for example, Mac users that didn't have computers with biometric readers were unable to use this feature. Now, however, we can log in using a FaceID device like an iPhone.

Alternative method setup
Bitwarden, Authy, or any other TOTP support platform will work just as well
Scan it and enter the 6-digit one-time verification number to complete the setup
Configure a valid email address

Finally, the setup process is completed.

In order to log into DSM with the help of passkey and biometrics as our 2FA method the process is following.

Finally, just click "Continue" on the prompt and you will log in

This way, our 2FA step was substituted by using the passkey option that in the end got verified with the on-device biometrics, FaceID in this particular case.

As a side note, both PLEX and Wireguard work fine with DSM 7.2, and for more info on running Wireguard on your NAS read up in the following article

Wireguard SPK for your Synology NAS
How to build your Wireguard Synology SPK for DSM 6.2 or 7.1 using Docker to get support for the new VPN standard

Testing will continue and I will post any issue in this article. If anyone wants anything specific tested let me know in the comment section and if I am able to test it I will to the best of my abilities.