Tutorial: Synology Hyperbackup to TrueNAS Via S3

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
tom here from lauren systems and if you're like me you like synology and you like truenass and maybe you have both of them i've talked about the pros and cons and i'll leave a video down below of what is good and bad about each of these and well in some cases i end up with both of them synology i think is a wonderful platform truenast is a wonderful platform they each have their strength they each have their weaknesses but one of the challenges might be to back up your synology and have a nice holistic backup and maybe you don't want to use the synology c2 service or pay some cloud provider to hold all your data and maybe you have a true nas that is in a geographically separate area or maybe even a more broader scenario where you have multiple synologies like we do and you want them all backed up to one single truenast and a very easy way to handle it this is where s3 object storage comes in i've done a video where i've dove deep how truenasts and it was freeing us back when i did the video but you can use the minio which is built into the truenas server and use it as an s3 target and because the synology hyper backup supports s3 targets and you can set up different buckets for different synologies you can take many different synologies and back them all up there in a very easy way the other advantage using this protocol is it can be transported across the internet even if you don't have a vpn now i would still recommend putting everything behind a vpn things should be as secure as possible but the s3 protocol when using https does offer a layer of encryption and as long as no one gets your keys to that uh it is safe as you may have heard from different security problems that occur when people leave their buckets open or leave the keys out somewhere where they can be acquired and people can log into those buckets provided those two factors are mitigated you can now transport this the other option is if you know the ip address from which the synology will be coming from you can also just set your firewall rules to filter for only the ips that you have put on allow list and make this a pretty secure setup overall but before we get started in these details if you want to learn more about me and my company head over to lawrencesystems.com click to hire for a project there's a hires button right at the top if you like to support this channel other ways there's affiliate links down below to get your deals and discounts on products and services we talk about on this channel the first thing we need to do is set up the s3 storage i have another video where i've dove deep into this topic there's a lot of different fun things you can do with it but we'll go through the basics in here just to show you how easy this gets set up we are using truenast 12.0u 6.1 the latest release as of november of 2021 and we're going to have to create a spot for this data to go we're going to go over to the storage to pool and we're just going to add a data set and we'll call this data set s3 for synology now the nice thing is this is very simple because we call this s3 first analogy and leave everything else here absolutely generic and hit submit you don't have to worry about permissions because that's going to happen over here when we go to services you're going to go over to the s3 service and we'll actually call this one synology i'd actually apparently set this up before so i already had a key in there and we'll call the key synology one two three i highly recommend you choose something more secure than this and the port choose the port that you're looking for buying the ip address one that you're looking for as i mentioned you can transport this over the internet this what makes it very simple when you're dealing with s3 object storage it's port 9000 or import whatever you set it to and that's the only thing that needs to be done so even if you're doing this over a vpn or routed network there's not a bunch of ports to configure there's not a bunch of different things or if you're routing this publicly over the internet you could always filter and have a firewall rule that says only allow coming from the ips of maybe remote analogies you have are the only ones allowed to talk to that so a couple different options you can think about here it does use a certificate we're going to use the freenas default certificate for the transport it will work with synology with an unsigned certificate but of course you could go through and set this up to have its own science certificate if you wanted even possibly use a let's encrypt goes beyond the scope of this video but those are all possibilities here and we're going to leave enable browser checked and then we're going to choose that s3 for synology it's selecting a data set with min i o removes all existing permissions for the data set in any nested directories so you have to make sure you're either creating this new or willing to lose whatever is in there it's going to set all the permissions and delete everything within that now mid-io is the video topic that i said i'll leave a link down below if for example because we only can set one key one access key one secret key for this particular bucket if you wanted to set multiple you'd build them all in separate individual jails just a little side note then we hit save pretty simple then we just go down here to the s3 we're going to enable it and uh definitely want it to start automatically so now it's going to start on startup that's all we have to do inside of trueness over here in synology you'll notice that i've had at least one job running right now i wanted to make note of this that if you are running any type of iscsi it needs to have a separate backup the hyper backup does not back up the iscsi and this is a really simple task to set up you can say lun backup task with the lund backup task does is goes ahead and sets up a schedule if you put it on schedule if you only want to run once but probably you want things backed up on a schedule you set this to run and it creates a backup of the iscsilon into a file that can be backed up or series of files in a folder so if we go and see where we target it under destination here we directory iscsi backup we go over here to file station iscsi backup there's those files it does not keep revisions of them it just runs as a schedule whatever schedule you may set but if you do not do this when you're doing the next hyper backup task you'll notice that iscsi is not part of what gets backed up at all that's why they have that separate and we're going to go over here to the data backup task so easy enough here and then we're going to go over and choose s3 now instead of amazon s3 we're going to choose custom server url and the server address is going to be https 192 1683.213 colon 9000 don't need to slash at the end now this colon 9000 and the 213 that's the ip address of the true nas system that we had set up on there also if we want to test we can test something real quick we're going to open up a new browser put that in and then we can try our synology and synology one two three and everything goes well hey we're in here and we're able to log in and as i said we got the ip address from the machine itself and then we told it which one to bind to if you have multiple ip addresses i mean you can have them on multiple or have them on all of them i only have it bound to this particular ip address back over to here we do want to choose v4 then we want to choose the access key of synology and then our not so great passwords of synology one two three bucket name there's no buckets in here so we're going to create a new bucket it's at this point if i were to type the password wrong it would have told me it wouldn't be able to talk to it so we're going to say synology backup and i pressure spell backup right there we go all buckets are supposed to be fully lower case but dashes are acceptable so we can put a dash in there if we want but they do have to all be lower case to not cause any errors directory albert one happens to be that this system is called albert i will just leave it at that because it really doesn't matter then we go next and ask what do you want to back up i was going to check the box and say back it all up so this is everything that's in here surveillance station and things like that please note when you're backing up surveillance station that may not be ideal for you to back that up because this is specifically backing up all the data that's in there this can be a problem if you're backing up offsite because well if you're creating a lot of data a lot of recordings with surveillance station it may not be able to transport over so we'll go ahead and actually maybe skip that like this and yeah we'll leave it on for now i guess but you kind of get the idea that you got to think about that one before you're doing it this is local so we can do this i want all the applications backed up now this is where you get another option for surveillance station you can go back over here and not back up any of the data within surveillance station so we can do it like this next but then go here and back up package only or recordings only i like this feature because you have a lot of work you may put into setting up 20 cameras configuring them setting all the options on those cameras and you make sure those package settings are all backed up this is an easy way to do that but if you want to back up the recordings as well it can do that and i recommend doing it through this method right here and i'll show you why when we do it so i'm going to back up them just for example purposes but like i said if you're doing off-site backups that can be a problem now here is the problem actually we should call this true mass s3 backup you can choose all the different options here for task enable change log compressed data highly recommend compressing it enable transfer encryption hey why not you can't have enough encryption so encrypt things that are going over encrypted connection sounds like a great idea when you want it to run client-side encryption i actually really recommend this and we're going to put a really weak password in here the reason i really recommend doing it this way is because you never know what can happen to the box on the other end if the box on the other end gets compromised if you encrypt it right here it's encrypted prior to it leaving so i'm always just more encryption's better says this is referring to the transport layer encryption but usually you want the files at rest to be encrypted too but warning if you lose this password you also have no way to restore anything so if you ever have to restore this analogy you don't know what password you use you're in a lot of trouble recommend saving that password and password manager then we're going to get the warning after you've encrypted if you forget this password key is lost your backup will never be restored yes we understand this backup rotations from the earliest version just keep number of versions smart recycles actually really clever and it's one i kind of recommend if you're not sure what to do just click the smart recycle and you'll have eight weeks six weeks four weeks and two weeks so you have high density and then it starts purging them and scattering them out so you only keep some of the really old versions there in case you have to go back really far but it's you can also do customized retention settings beyond the scope here to go in all of them there's so many different scenarios but just kind of decide how many revisions of things or how many days you'd like to keep things and that's what the retention options are so we're going to hit done of course now we want to say backup now yes and we got here this little file that downloaded was a key encryption if we need to upload if we don't use the password we can actually use this key to go ahead and do that and the backup is running right now now there's not a whole lot on this analogy so it's completed relatively quickly so we have all of 86 megabytes that are backed up right now and you may notice that it does not perform an integrity check that is actually part of the schedule but you can force an integrity check anytime you want to double check to integrity of these backups by default when you go into settings and schedule the integrity check is going to run once a week just to double check all of your backups and see if there's any problems with them but like i said we can just force one i wanted to force one because this is one of the things it's going to ask is either a to upload that encryption key or put the password in i'm gonna set okay and let it kick off the integrity check real quick while it's doing the integrity check we'll switch back over to our true nas here and we can see that there's about 87 megs in here and not much compression that we're able to get out of it because well it's compressing the backups and so the backup size is roughly are going to be really close to each other because there's obviously a few other files that might be in here let's go back over to here our integrity check was successful and if we want we can even run another backup again and right now let's delete something for example so we can even go here or even better yet duplicate something so if we went ahead and all right i pasted this in so dumped a little bit more data in here we'll go ahead and run the backup again real quick so we have at least two backups we've run and then we'll do a test restore to show you how that works all right now we've run two backups on it and we can go here to the restore and see the revision so we go to data backup here's that one we see this now here we can restore and we'll see that the 936 or the 939 and this is any of the configurations first analogy don't do a system configuring store if we want to restore any of these shared folders the shared folder exists and it also be overwritten by the previous version so we have two versions here we can choose which version of the file set we want pretty simple to do or we can go next and restore one of the applications and actually that's the demo i really wanted to do is what happens when we have to restore a full application such as surveillance station and i think we have a camera in here with some recordings we do cameras currently disconnected we set up a test cam we were doing some demos here in the office and real exciting view of the wall there but it might be important to someone there's like two minutes of video of looking at the wall but let's pretend there's a lot more configuration that we spent a lot more time and it wasn't just looking at the wall so therefore it's important details and we're going to go ahead and hit delete and we want to remove all recordings including locked items right okay they're gone if i go back over here recordings i've lost my camera i've lost all the recordings related to it now what go back over here to our restore data to an ss3 next i don't need to worry about shared folder and even though i didn't choose this analogy surveillance station folder because we did choose to back up the recordings as well as the settings we're going to head here and hit next right the selected application will be disabled during restoration makes sense to me i need it back it's kind of broken right now so it's going to stop these applications running it's going to understand that i selected the synology surveillance station including all of the related folders that back up the data in there hit okay then we'll go over back to synology surveillance station go look at our recordings recordings are back i can look at the wall again there's those exciting wall videos if i look at the ip camera it's trying to talk to it but i know the camera is disabled so it's activating you and it'll eventually time out because the camera was well it's turned off right now it's not just looking at the wall using shrunk as an s3 target is really straightforward simple easy to route over the internet also if you have multiple synologies at multiple locations you want to back them up to one single central truenast that's easy enough to do and you can create buckets for each one of no they will share the same key for each one because they share the same key if one synology were ever to get compromised and some were able to somehow extract the keys out of that particular synology they would have the keys to get into that bucket so that may be a concern there is a use case in that point for maybe building out a series of separate jails each with their own key each with their own unique identity and different port numbers there's different strategies you can do to mitigate this to make things more isolated from each other but from a simplicity standpoint because this will transport encrypted over the internet and of course i highly recommend using a vpn but i know that isn't always as practical uh in some scenarios this is a great way to get especially your off-site analogies backed up or even just looking for an easy way to back up everything on your synology to your true nasa that is sitting next to it right there so pretty simple way to do it so i would make this tutorial hopefully it was helpful and thank you and thank you for making it all the way to the end of this video if you've enjoyed the content please give us a thumbs up if you would like to see more content from this channel hit the subscribe button and the bell icon if you'd like to hire a short project head over to lawrences.com and click the hires button right at the top to help this channel out in other ways there's a join button here for youtube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the description of all of our videos including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly so check back frequently and finally our forums forums.laurensystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thanks again for watching and look forward to hearing from you you
Info
Channel: Lawrence Systems
Views: 5,411
Rating: undefined out of 5
Keywords: LawrenceSystems, hyper backup restore, synology nas hyper backup, hyper backup, synology nas, synology hyper backup, synology nas backup, restore hyper backup, network attached storage, hyper backup vault, synology nas remote backup, Synology Hyperbackup, synology hyper backup restore, synology hyper backup vs snapshot replication, synology hyper backup to cloud, synology hyper backup nas to nas, synology hyper backup explorer, synology hyperbackup to truenas
Id: TGqSCX2qKqo
Channel Id: undefined
Length: 16min 51sec (1011 seconds)
Published: Mon Nov 15 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.