TOP 6 Updates for Home Users - Synology DSM 7.2

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right how's it going y'all so DSM 7.2 has finally come out and so I really want to go ahead and do a video on the top upgrades for DSM 7.2 specifically for home users 2007.2 had a lot of great features that I felt like were really more business oriented but there's some really great stuff that I think dsm7.2 brings to the home user and this is going to be the top six of those I really tried to get it down to five and it's five with an asterisk because number one is actually also available on DSM 7.1 but I'm still going to count it with DSM 7.2 because it essentially out at that same time so one unfortunate thing about this list is not 100 of the features are available to all users and all Synology nasas the vast majority of them are and one of them also requires you to set it up from the very beginning and so it's not going to be super useful to users who just are updating from DSM 10.1 to 7.2 but without further Ado let's go ahead and get started and number six is actually something you would not really expect but it is a really nice feature to have and that's the fact that now added in a built-in mail server it's not really built in mail server more of the ability to use synology's mail server which is huge actually so if you come into control panel and go into your notifications you'll see that you are actually able to use the Synology mail server to actually start sending you emails for when things go wrong so I'm going to just go ahead and hit apply and it's already tied to my Synology account here and so we can see that now if you have a warning or critical or even all it will actually use synology's mail server to send you an email okay why is this so useful previously if you wanted email notifications you had to use your own mail server and so you could do it with Gmail or you do with Outlook both of those Services were a huge pain because after you set it up Gmail might update and say you know actually we're going to update the way we want our tokens to work everybody's got to re-authenticate and so what that mean is all of a sudden your Nas would just not be able to send emails anymore and it would not be able to send you an email to let you know it cannot send you emails anymore and so because of that now if a hard drive starts failing and you don't check DSM or you're not near it you might never know because you're not getting the email notification that something's going wrong now you can just throw on here and this is never going to sign you out at least it shouldn't and so this is a great fallback the one thing you can't put in here which makes sense is you can't put personal emails so for example there's the email you can do whenever a new user signs up so you can say send a notification mail to the newly created user if I click on that it's going to say hey you've not set up your own mail server so we can't do that you cannot use synology's mail server for that which makes sense you do not want random people being able to start sending emails to a bunch of random people and start using synology's mail servers as spam which is probably fair so this is only going to be for DSM notifications such as hard drive failing and it's only going to be able to go to your email account that is associated with your Synology account but this is a great feature and something I would actually recommend pretty much everybody just enabled at worst you're going to get extra emails if you are getting too many emails and it's annoying to you you can just set it to critical but it's just really nice knowing that if something goes wrong with your Nas you will get an email about it which is very nice so that was number six but before we go on I'd like to thank delete me for sponsoring this section of the video so delete me service goes through and it requests your personal information to be removed from public listings from different data Brokers and other sites and so that way your personal information is not publicly googleable this can actually reduce both spam emails and spam phone calls alright so how does it work it actually works pretty easily you essentially just sign up for delete me and then you get to choose how much information you would like to give them the more you give them the more they can remove so then delete me uses this information to search online for any matches and then we'll request it to be taken down then throughout the year delete me will continue to scan for your personal information online and continue to remove it then delete me will continue to keep you in the loop by sending you reports on everything that they have found and removed you've already limited what information ever gets online by self-hosting your own files take the next step and start removing your private information online by signing up for delete me using the link in the description I'd like to thank delete me for sponsoring this section of the video all right now back on to number five number five is one that actually should have been much higher on the list but due to two key reasons it is not number five is encrypted volumes in DSM 7.2 full volume encryption which is something I was really looking forward to it was actually the thing I was most excited about and don't get me wrong I actually still am quite excited about it and I do think it's very useful but it is not as useful as it could have been and that is going to be for two reasons one the first one I do not blame Synology for this at all it is just a fact of the way encryption works it would have been nice if they had fixed it but it probably would have put data at risk and I don't think it would have been possible considering it's volume level so the first is the fact that these are non-migratable so if you start with a non-encrypted volume you cannot switch it to an encrypted volume so that means that users updating from DSM 7.1 to 7.2 are not going to be able to use the encrypted volumes because you have to set it up at the beginning and so what you have to do if you want to use this feature is you have to blow away your data and restore from backups is generally the easiest way to do it I have had a few users on the forums who have successfully done it I'll leave a link to that down in the description below for their process and it did work it's just very risky and very tough and you just you're always a little nervous whenever you're doing those things and it can be a little bit nerve-wracking during that time so the inability to migrate from a non-encrypted to an encrypted volume is unfortunate it's nice that going forward there is the encrypted volume there so it's just going to be easy to recommend for people but it is not able to be updated and switched over room now number two is on synologies and that is the fact that the keys by default are stored locally so they are stored on the local key Vault these are the encryption keys that are used to decrypt the volume what this means is anytime you're storing Keys locally and you're not using a trusted platform module or a TPM that's what actually Windows 11 starting to require anytime you're storing Keys locally like that you're always going to be subject to having a physical attack be able to get the encryption cues now it is a massive step forward compared to non-encrypted it gives you about 80 percent of the way there but it's not 100 of the way there to get the 100 the way there you need to use what's called a kmip server which allows you to store your encryption keys on another device and so that is a lot more complicated to set up and it's additional work to do there I wish they had a third option where you essentially just had to upload the key to DSM every time the nas booted this is not something I would recommend for most people but for people who this is really important to it is nice having that option to know that you have the key and without that key nobody can do anything as soon as the nas power Cycles you know it's just wiped off of there so I do wish they had that as a third option though that would be risky because people are liable to lose those keys and and things like that another compromise would have been also just to force somebody to put in the password for the key manager to decrypt the volume at boot which would have a great layer protection as well I still do recommend people's out of the encrypted volume who are looking for data encryption because it requires somebody to not only have physical access to your Nas but they also have to be able to take out all the drives stick it into a Linux system be able to change the actual boot firmware that Synology is using to actually exploit this so it's not like just some random person can really Google their way through it too easily so it's a lot better than an unencrypted volume where literally you just booged up and you're able to password reset or restore it from another volume it's a lot more complicated than that but it is not perfect and just for information the exact same exploit works if you store the shared folder-based encryption keys in the key manager so if you use the key manager and store your encryption keys to Shared folders on there the exact same exploit would work so with that being said full volume encryption is still a great option for home users because you get the ability to have that encryption it still has a slight vulnerability but it's really complex and not worth your personal data and you don't get any downsides so one of the biggest downsides to using shared folder-based encryption was the fact that btrfest snapshots if you wanted to restore one of them you could not just see previous versions of files instead you'd either have to completely restore the shared folder or actually clone the snapshot to a new name and so it made restoring files way way harder than using unencrypted shared folders because with an unencrypted SharePoint folder you can just make snapshots visible and just see previous versions of files phenomenal right through Windows File Explorer or Mac OS finder it's a great feature for business with full volume encryption you can do the exact same thing which is really nice so you get the encryption while also not having the limitations of shared folder based encryption next up is going to be number four which is container manager container manager had a massive update that should have put it at number two on this list but because they changed the name it has been dropped down to number four on this list the the reason changing the name heard it so bad is previously container manager was Docker and so every tutorial you've seen has referenced docker and so now it is very confusing because there's no Trace between Docker and container manager so when people go in and try to follow a tutorial from DSM 7.1 and before even though that exact same tutorial would work on container manager now they have no idea about that because they don't see Docker in their package Center so that is my big right Wonder Tech point that out I had not thought about that and I have already started seeing that in comments for videos where it's like hey I can't find Docker in my package Center anymore and it's just one of those really tough things because when you make a tutorial you don't expect the entire thing to change like that but the update to container manager still made it on this list because it finally brought about Docker compose Docker compose is going to make deploying Docker containers on a Synology Nas 100 times easier and actually be able to have Version Control and really start following things without having to do all this annoying typing and things like that so for people who don't know about Docker compose I've already done an entire video on DSM 7.2 container manager and how Docker compose works and all that stuff I'll leave a link to that in the description below but what it allows us to do is it allows us to just copy and paste all these config files these project yamls that have been created on the internet and just stick them right in our Synology and get them going super easily so for example if I wanted to deploy a WordPress site on my Synology Nas using Docker and I wanted it to build the database and everything all in one Fell Swoop I would have to do a ton of stuff back with a previous version of Docker because it did not support Docker composing ammo files but now with this new project tab right here I can just create a project I'll give it a name a path and now I can either upload or just create a Docker compose file and I'm just going to create one by going over here I just Googled Docker compose for WordPress I'm just going to copy and paste it in here technically I should change all the usernames and passwords in here but just for this quick demo I'm just going to keep it the same with the one thing being I'm going to change it to Port 8080. so that is it really nothing on there we can change the passwords and everything but we're not going to bother with that because it's just for the demo and now I'm just going to hit deploy and now what it's going to do is it's going to pull all the appropriate Docker containers down it is going to extract them it is going to run them and it's going to link them all together all from that one line it makes running these things so much easier and you can get up and running a lot quicker this is a phenomenal piece because it means that you don't have to keep typing all these things out because you have to put everything in the right field in the GUI instead now you can just copy and paste these guys in and it just works and just like that it was successfully built so now if you go to 8080 boom WordPress up and running just like that we have the WordPress Docker container running without having to do any extra typing or all these fields if you've ever done anything in Docker in the previous versions you know how great this is so that put container manager back on the list for them because it is so useful and so much easier now all right and so now number three is something that's going to be absolutely phenomenal for home users and it's just going to be an easy thing to recommend for pretty much everybody so it is adaptive multi-factor authentication automatically for admin accounts what this means is if you have a sign Allen from a public IP address that's never done that before or a weird location or any of that kind of stuff where similar to how your bank Works where if you sign in from across the country they're going to say hey is this you and send something to your email address the exact same thing now works for actual admin accounts on Synology DSM which is great for larger businesses having actual true two-factor authentication where you've got something on your phone is still going to be better but this is a 90 solution at probably 10 the annoyance whenever you have your own two-factor authentication you have to make sure you've got an email server that's working you have to make sure your time's Inked there's so many things that can be really annoying when hosting your own two-factor authentication or as adaptive multi-factor authentication is really focused on remote connections and things like that and so it's super useful and really easy to set up and so that makes it a no-brainer to recommend for most people just because it's something that is not going to get in the way of using the nas to set it up it's really easy just go into control panel security account and right here enable adaptive multi-factor authentication for admin users and it essentially is a backup here where if you do not have two-factor authentication set up and you're signing in from Awan if you're going in from an unrecognized device anything that would essentially trigger a bank to do the exact same thing it will force you to actually get an email to your inbox and input that I tested this by signing in using quick connect and on my phone off of Wi-Fi and I did get the email and it worked perfectly it is something that does not get in the way in my opinion and it can add 90 the security of two-factor authentication without all those downsides and annoyances of having to use it every single time and things like that so I really like this all you need to do is you basically come in here you click enable you have to have been signed in with a Synology account and now you just go into your admin account up here in the upper right hand corner and just add your email address for me I've already verified this so I don't have to do the verification but if you have set this up for the first time on a box you're just going to have to get another verification email to your inbox and then it will work and allow you to do it so that is great because it's also not able to be used to get into an account where you forgot the password so you don't have to worry about just because somebody has access to your email they do not strictly have access of an ass because they still need your password first unlike some things where you can do a password reset just using an email account so that is multi-factor authentication you absolutely get the email and it's super easy to use and you just type it in just like you do with your bank so that is number three really useful feature really easy to recommend so now number two is my personal favorite and is a no-brainer for every single business and is more of a nice to have for actual home users and that is immutable snapshots unfortunately this is not available on all devices I will leave a link down description below to what it is available on but immutable snapshots are the ability to have a snapshot that cannot be deleted for a period of time by an administrator they are immutable snapshots for themselves are almost immutable already because they do not allow you to modify them they only allow you to delete them so essentially all immutable snapshots are is the restriction for an administrator to be able to delete a snapshot until a certain period of time this is actually the exact same setup used by worm write once read mini which restricts administrators from being able to modify them but this is much more useful I believe because you don't have the same restrictions and annoyances but you use that same technology so theoretically even if your command line trying to get in and delete these things you cannot do it it also works by not using the same system clock as you so even if you go in and set the system clock to two weeks in advance those snapshots should not change in time either so you still actually have to wait the physical time the reason this is so useful is ransomware and I'm not talking just ransomware or one computer on your network gets a virus and then basically starts encrypting all the files it has access to is probably access to the nas because it's mounted over SMB and starts encrypting files on that snapshots are a phenomenal way to protect yourself against that though you really should have a backup but having snapshots at least gets you the ability to very quickly get back up and running even if you do get ransomware what these immutable snapshots protect you from is somebody getting full admin access to the nas because if they attempt to encrypt those files they are going to be unable to delete the snapshots with the previous versions of files for 7 or 14 days whatever you set it to so this means that during that period if you realize your files are encrypted you will be able to go back to those previous snapshots and the adversary who has full admin access to your Nas has your root credentials will not have been able to remove those snapshots those snapshots containing your data so that is absolutely awesome I will say this is not necessarily something you set up for every single person because it means that if you delete a file and you really need to get your space back you have to wait for 7 or 14 days whatever you set it to to be able to get your space back even if you're the administrator trying to do it manually so that is just one thing I want to throw out there but you just come into snapshot replication and we can just come into some snapshots and say hey I want my snapshots to be immutable for seven days and so then if we come in here and we look at the list we'll see that these are actually locked out and we are going to be unable to unlock them for a specific number of days one other thing I want to mention here is it actually looks like the clock is only while the Nas is powered on I had this Nas powered off for a while and so you can see this snapshot was taken on 522 and it's been 15 days since I had that but it's still going to be locked out for another five days that's because I shut the Nas Down after taking the snapshot for that video and so the clock is not running unless the NASA is on and so it's really hard to bypass this because even if you set the system clock or in this case it's a legitimate case because we actually have waited that time it's still going to say no I've not been powered on for all that time I cannot verify that that works and so these immutable snapshots are absolutely awesome for True hardcore ransomware protection making sure that even if somebody gets admin access to your Nas so say somebody gets admin access than asked to on this date and starts encrypting all the files well now they are not going to be able to remove this snapshot which contains the good version of the files for five days and so that means that as soon as you realize that this happened to you you can come in here block out them obviously and then go in and actually use that snapshot to recover your data super powerful and really easy to implement I really love this feature it is great though it is not a replacement for a Backup backup your data and now on to number one and number one doesn't technically even count for the 7.2 because it actually is now also available on DSM 7.1 but I'm still going to count it in here as well because it is so great and that is SMB multi-channel SMB multi-channel is something that home users are going to have a great time with because it allows you to double or quadruple your performance by just adding more network cables and it actually works it's not like I'm coming here saying double your performance only on this this in this case now it doubles your performance whenever you're using SMB and you have enough connections it is super useful and really not that complex to set up at all I just threw two ethernet cables into my computer two ethernet cables into the nas plug them into a switch and it just worked no extra messing around or anything like that the only configuration I need to do was come into file services SMB settings advanced others and enable SMB V3 multi-channel and that was it and it just worked Mac OS detected it Windows detects it really really really easy I'll leave a link down in the description below to that video and it just works it's one of those things that just allows you to really easily get way faster sequential speeds if you only have a one gigabit connection it is so easy to set up and run and it's just a no-brainer in my opinion for most people there's some more information in that video about who should and who should not use it but for people who are stuck with a one gigabit connection and don't want to upgrade most NASA's have multiple connections on the back of it so you can just use those multiple connections to get much faster speeds now this is not available on the regular J models or the non-plus models I think it's only available on the actual Intel x86 CPUs but the vast majority of those non-intel x86 processors only have a single one gigabit cable on it anyway so it doesn't really help you anyway you do need two one gigabit connections at least to be able to use SME multi-channel because what it's doing is it's routing traffic through two network connections rather than one so that is the one asterisk on that is you have to be able to have two network connections to both your computer and to the nas though what you can do is you can actually have a 2.5 gigabit connection from your computer to a 2.5 gigabit switch and then still use two one gigabit connections to connect the nas to that switch and you will get two gigabits of throughput because it will still work like that really great I'll leave a link down in the description below for that video alright well that's gonna be it for this video the SM 7.2 was a really solid update that brought about a lot of really nice quality of life features if you have any other questions I've got forums.spaceracts.com I'll leave a link to that description below where I've started building out forms so I can answer more complex questions if you want to hire me for a project there's a link for that in description below all right have a good one bye foreign [Music]

Info

Channel: SpaceRex

Views: 26,579

Rating: undefined out of 5

Keywords:

Id: S4FrFn06-Yw

Channel Id: undefined

Length: 24min 29sec (1469 seconds)

Published: Thu Jun 29 2023