Table of Contents
- :: Site-to-site VPN
- :: Snapshot Replication (SR)
- :: Hyper Backup (HB)
- :: Hybrid Share (HS)
- :: Disaster Recovery (DR)
This article will cover some possible scenarios in which we can use multiple NAS devices (focusing on Synology models and packages) either in a single location or distribute across multiple ones. It will also include the Synology cloud platform (C2) as one of the potential sites. If you are a novice in the world of NAS or maybe the option of having multiple devices is not apparent, hopefully by the end it will become more clear as to why and how these scenarios can be configured, as well as how they might be beneficial.
Depending on the type of scenario, there might be a need for one or more NAS devices from a certain class, as well as stable and fast local and public network access.
Most Synology devices will be able to support various scenarios listed below, but in some cases, models from the "+" or better segment will be needed. So if we are using not necessarily an older device but from a lower end of the lineup, it might not be possible to configure some configurations.
In order to cover all the options listed below or to be able to run even more services and options that are not listed, it would be best to have:
- multiple devices from the "+" or better segment
- 1G or faster LAN (including devices with multiple adapters)
- fast public WAN link with as low as possible latency (50Mbit or more)
- stable and powerful router
Everything written here can be scaled to fit specific needs. A household of four, or a company of 1000. So with that in mind just be sure to get a strong enough NAS or to have a fast enough network. As an example, a device like DS220+ or better would already be enough.
Most of the scenarios that will be covered here can work both in local and remote implementation. The reason why those are separated is that local scenarios do tend to be tied to a local instance or a local host, while remote ones require a certain configuration towards a remote unit or service. This does not mean that they can't work locally as well, so for most scenarios that follow it is possible to use them in both setups.
: Local scenarios
Starting off with the most common cases and situations where multiple NAS units might have benefits. Right off the bat that would have to be back up. Better to say backup of a backup. While most users with multiple NAS devices do use it as a secondary unit, there is a lot more that you can do with your multiple NAS setup. In the next section, we will see what some of those scenarios are as well as how to set and configure them up.
:: Multiple role assignments
Roles that a NAS device can have in a configuration with another device of the same or similar class are many. Apart from a classic "additional backup" scenario (explained later on) here are some that some might not find obvious right out the gate.
If in multi-NAS setup access to local services or resources is something that is needed, instead of exposing both devices to the Internet we can consider setting up a reverse proxy on one of them and keep all the rest behind the proxy. This way we are minimizing the potential attack vectors towards multiple devices as well as keeping your LAN that much safe.
The way this works is that all of the needed resources are exposed to the Internet using a publicly accessible name(s), and redirecting all traffic towards the reverse proxy. There, the public name is configured and redirected to a local destination inside our LAN. So no direct access to the device hosting the content is given, and a secure route is established.
There are many ways to configure and use a reverse proxy. Synology DSM already has a built-in reverse proxy (NGINX) that we can configure to specific needs. If there is a need for a custom, more versatile solution or implementation of said platform, we can install and configure a custom version. One way to do it would be to use the Docker platform on selected and supported Synology NAS models ("+" lineup or better). For more details on using one of those implementations (like the NGINX Proxy Manager), feel free to read more in the following article.
Incoming VPN server
The second scenario when one can use multiple NAS setups is hosting an incoming VPN on one of them. For those that are unfamiliar with the terminology, VPN (or virtual private network), is a configuration setup that allows access to a local network from a remote location (while being outside of the local network) and interacting with services just like while being inside the network. What that means is that there is no need to publish services out to the Internet (like in the case of reverse proxy), or use any other methods (DDNS) in order to get back to your content and apps.
There are many implementations of VPN today, and this is nothing groundbreaking, but why would one host an incoming VPN server on the NAS and not on the router? While routers can as well host such a role, not everyone has a capable router that can host or allow for multiple user VPN access (for example when using an ISP-driven router), or you are not allowed to do it (again, in most cases ISP's firmware will not support it). Another reason is that the router is just not powerful enough to handle VPN tasks.
Whatever the reason might be, there is no reason not to host it on the NAS. In most cases, even the entry model NAS is far more capable and stronger than a router, and because of it, it is possible to use it as a VPN server.
As said before there are multiple VPN implementations and protocols that are out there today, so using the right one will in most cases depend on what best fits a specific need. Some protocols require an endpoint (device), and compatible clients, others, on the other hand, don't. Some might work best to be compliant with your company policy. In any case, it is something to look at before deciding.
One of the most popular ones today would be OpenVPN, IPSec, and a relatively new player, WireGuard. The general rule is that most follow the same principle. Configure the server side, install the client, and connect. Depending on the chosen protocol some will offer different protocols, custom ports, DNS settings, and more. VPN while allowing for transparent use of your local resources even while outside your network has a penalty. The traffic is encrypted and in order to provide that security element to the whole VPN experience, your speed will not be at its usual max. To be fair, this is not true when using WireGuard, as it is really well balanced and speeds inside the tunnel are running at near maximum speeds same as with no active VPN session.
Synology DSM does not support WireGuard protocol at the time of this article but there is a way to get it running on a Docker-capable device. For more details on the process read the following article(s).
Storage vs services
This is one category that I personally use in my multi-NAS setup when looking at local setup options. Running multiple NAS devices means that most of them can do the same tasks but in certain cases, those devices are more tuned to provide content to a large number of users rather than battle video transcoding. So, why not separate them, and use multiple devices as part of a single platform?
One example would be to host raw content on one device (maybe one with more space and faster drives) while having the client solution hosted on another unit that is maybe smaller but is running a "smarter" or more powerful CPU. In those situations, we are using the best of both worlds to have the best experience possible from the client side of things. On top of this, we are not hosting both the content and the app on a single NAS that might be also beneficial from a troubleshooting configuration side of things or scaling vertically/horizontally.
This scenario can also be viewed from a security element, as we are again in a situation where access to a device that users need, is the one exposed closer to the edge, and not the content itself.
Video streaming is one example of this kind of separation. Exposing the service (on one or more devices) to the users doesn't mean that there is a need to do the same for the unit housing the actual content. Separating the two also means that you can have multiple client-side exposed devices (or services) hosting the same content. So, clients can come from multiple directions via targeted devices for that particular task, while consuming the same content from a larger third unit deep inside your network.
:: Test environments
One final example (as there are many) would be to use a second unit as a test environment for apps, new DSM versions, or services not yet implemented. While it might sound expensive to have an additional NAS just for that, it is rarely the case. The NAS can serve as a test device but also on top of that it can host other services in parallel. DSM on selected models that can run Virtual Machine Manager, offers configuration of one additional (free of charge) DSM instance in a virtual setup (VDSM) that can also be a proper test environment for testing, leaving the actual NAS DSM (bare-metal one) intact.
This will also take the stress off the main NAS unit and allow it to run at full speed for the tasks delegated to it.
:: iSCSI storage
Similar to the previous scenarios we can also use NAS devices as pure storage destinations for various other devices that are better geared towards the specific roles. One that comes to mind is virtual machine need. Unlike using the previously mentioned VMM, NAS can also be used in combination with much faster and more powerful (CPU and RAM) devices that can have the role of a virtual machine hypervisor. Because most NAS devices are optimized for low power consumption, and lots of storage, they usually lack the CPU/RAM power to become the full package.
Using a custom or 3rd party hypervisor is a method of again using the best of both worlds. NAS will be a housing device tasked with holding the virtual machines and backups, while the hypervisor will provide the horsepower needed to run the VMs. If we scale that further, we can have multiple hypervisor machines all using a single powerful NAS to store the data. This can be done utilizing the iSCSI protocol that DSM supports as well as NFS, whatever fits your needs better.
One example can be reviewed in the following article as part of an overview of one NAS geared towards that kind of specific role.
This particular case also has many benefits that come with the separation of roles in case of maintenance, replacement, troubleshooting, as well as migration, and upgrades.
Local usage of multiple NAS devices has many other possible cases with specific apps and services in mind but for now, let's see how else you can use them in remote scenarios as well. It is important to note that some of these solutions can also be implemented in a local configuration as well.
: Remote scenarios
Local implementation of multiple devices has a lot of advantages, some of which were not mentioned (like high availability), but running a multi-NAS setup really shines when deployed across multiple locations. In the next few examples, we will see the type of deployments as well as the packages that would be needed to execute them.
:: Site-to-site VPN
Just a quick mention of site-to-site VPN. While not something that can be implemented on a Synology NAS, it is a way to connect multiple locations where the devices might be located. This is the reason why S2S is popular as it allows for a "stretched" LAN setup over the Internet that once again minimized exposure, configuration, and firewall management while offering speed, ease of use, and security.
Prerequisites for such a setup do require supported routers on each site that we want to connect to, and most routers do support it. All Synology routers support this setup as well, including the latest RT6600ax model.
While S2S is not mandatory it is one of the most secure ways to connect multiple sites. If this is not something that can be implemented it is not a problem in terms of using the following packages over the Internet. One thing to keep in mind is that port forward management will be needed in order to establish communication from both sides.
:: Snapshot replication
This is one of Synology's packages that is available on selected models (some "play" and all of the "+" and better units). It is comprised of two main functions, snapshots, and replication. Because of it, it can be used both in local and remote scenarios. Local root folders can be configured for local snaps, and on top of that those can be configured for remote replication as well.
Remote replication will require a compatible NAS with SR package support, so keep that in mind. Replication will also offer an active/passive method of configuration. That will offer a good disaster recovery option in case the active NAS is down for whatever reason. Switching to the passive unit will allow for all replicated folders to be accessible again.
In case a remote NAS is not an option, this package can be used to make local snapshots. These will not be useful as a backup solution in situations something happens to the NAS or drives, but they will be one of the fastest ways to restore from a user error, or in case of a ransomware attack. Because the snapshots are read-only, they make a great asset against a ransomware attack while offering an extremely fast way of restoration.
This might be one of the more obvious ways to use multiple NAS units, but it does come with some prerequisites as stated before. Be sure to read the article above for more details.
:: Hyper Backup
Unlike the previous solutions, Hyper Backup is one package that works with every single NAS model in the lineup. From the entry J to the massive HD units. The reason behind that is HB's use case. The main function is the backup of data already on the NAS itself. The main benefit is numerous destinations that HB can use as backup targets. From local NAS, remote Synology NAS, or any compatible rsync server to various "cloud" destinations including Synology C2.
Hyper Backup comes also with its companion app, HB Vault. It can be used to browser any HB vault content using the NAS devices. Also, there is a desktop version of the app that will allow restoring data from a compatible backup if the NAS unit is down. This means that if the NAS data are inaccessible, but we can get to the backup (on a remote NAS), opening the content will be possible from any device running the Vault app.
The most often case that HB is used would be backing up to a cloud or against another remote NAS device. This task can be performed over the Internet using public names/IPs or configuring a previously mentioned site-to-site VPN to create a stretched LAN setup. In any event, using this method we can configure multiple locations (or units) to back up to each other, essentially becoming both source of data and backup destination at the same time.
:: Hybrid Share
A relatively new addition to the whole Synology cloud environment. Hybrid Share is a feature that is offered as part of their NAS lineup as well as their C2 cloud platform. Bridging the best of both worlds, HS is here to help in a multi-site setup offering local caching of frequent data and syncing it to the cloud for fast and redundant access from any other connected location (up to 5).
Particularly useful when you need a large quantity of data accessible at a high rate but without the need to host all of it on the local device. HS offers a "streaming" feature that is useful when pulling a specific set of data is needed without the extra load of any other shared content. Also, it lives in the cloud so high download and upload speeds will be beneficial for locations where a limited bandwidth or speed is in effect. Mainly targeted at businesses with a price of €6.99/month for 1TB of space and HS feature, it is not something that an individual can't afford as well.
:: Disaster recovery
This is one of those things that we hope never to need but that needs to be set up or at least considered for a worst-case scenario. Disaster recovery is probably the best example of a multi-site/multi-NAS use case because it shows what needs to be done should something catastrophic happens to your main site(s). With multiple NAS devices on multiple locations, recovery doesn't just cover your data, but apps and services as well. With a well-placed plan, downtime can be minimal, and data loss as close to zero as possible.
In order to pull this kind of plan a specific NAS lineup might be needed, as well as some of the beforementioned packages, like Hyper Backup or Snapshot Replication. On top of this, the cloud can also present itself as a great asset in a difficult situation like DR.
One example can be the C2 Backup service, offering endpoint backup to the cloud. While there is an option to do the same locally on a NAS, using Active Backup for Business, in case that is not an option (due to any type of physical damage), the cloud restore can be that last resort. This can function either as a restore point to a secondary unit or directly from the cloud.
While these are just a few scenarios, hopefuly it has helped to get some idea weather or not it would be worth investing into multiple NAS setup. Personally, if you can, do it. Appliance devices such as Synology NAS are a long-term investment, and will surely pay off in the end. Using them in a single location or across multiple ones will provide a powerful and versatile setup for SOHO as well as business needs.
Offering redundancy, backup, high availability, multi-tier setup, and more, NAS has already become almost a necessary part of any household or business, regardless of the level of knowledge or the power of the commercial cloud. If you are still on the fence about getting one, or more, maybe this article helped you in some way with your decision. If not, ask and comment in the section below.