Hardware

• Synology DiskStation DS1621+ 6-Bay NAS Enclosure
• 1x WD 12TB Red Plus NAS Drive
• 1x Toshiba 12TB MG Series Enterprise Drive (MG07ACA12TE)
• 1x CyberPower CP1500PFCLCD PFC Sinewave UPS System, 1500VA/1000W, 12 Outlets, AVR, Mini Tower

General Setup

I poked through the settings myself for a while to try to turn on all of the security settings, and lock everything down as much as possible. Afterwards, I checked this guide to find anything I had missed. Some important things I remember overall:

• Enable daily quick SMART tests, with monthly extended SMART tests (spaced a day apart per drive)
• Enable monthly data scrubbing
• Enable 2FA for logging into the DSM locally
• Turn on the firewall to block everything, and then only allow a very small set of traffic through
• Turning a snapshotting schedule
• Turning on a storage analysis schedule
• Setting up email notifications

Universal Search

One thing the guide above didn’t cover is enabling Universal Search, which should (hopefully) allow indexing and better searching of the whole NAS. I’ve enabled that now, following the instructions here, and have also gone into the settings to enable additional memory to be used as a cache.

Redundancy / Backup Strategy

I have multiple tiers of backup and redundancy planned / implemented, following the 3-2-1 rule.

• 1 copy of my data across my various PCs (in total, with each PC having some different data). Most of the PCs don’t have any sort of redundant storage.
• 1 copy of my data aggregated on the NAS, which is using SHR to provide some robustness to disk failure.
• 1 copy of my data uploaded to an offsite cloud backup provider (Backblaze).
• 1 copy of my data uploaded to another Synology NAS at someone else’s place. The cloud is really just “someone else’s computer”, so this can be considered a cloud backup too!

Backblaze Backup

It seems Backblaze is relatively cheap compared to other cloud storage options, with cheap egress as well. I opted to just back up my entire NAS to Backblaze, since I don’t actually have that much data, and it can be backed up as compressed data too. Plus, the first 10GB are free! There’s a guide here that goes into detail on how to do the setup. Turns out it’s pretty straightforward now that Backblaze has an S3-compatible API.

Other Synology NAS Backup

TODO, but eventually I’ll use HyperBackup to also make a copy of my NAS data at someone else’s place, in case I decide I want to stop paying Backblaze some money every month.

Aggregating Data With Syncthing

Somewhere on Reddit, I found a link to Syncthing, which seems to be a neat way to continually synchronize files between two separate devices. I’m trying out using it to sync my home directory on various machines (e.g. multiple laptops, desktops, etc) with a copy on my NAS, in a /HomeStuff shared folder. The folder looks something like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

HomeStuff
    |-- Machine1
        |-- Documents
        |-- Downloads
        |-- ...
    |-- Machine2
        |-- Documents
        |-- Pictures
        |-- ...
    ...

This way, I can maintain a local home directory on each of my machines, and then have it backed up continuously to my NAS. The other backup software running on the NAS can then make sure this data gets replicated further, and synchronized to e.g. cloud storage / offsite backups. This even works across the internet, though I’ve turned that feature off.

NAS Docker Setup

1. On the NAS, install the Docker package, and then open it.
2. Install the Syncthing package from Linuxserver.io (this one), rather than the official one syncthing/syncthing, since the linuxserver one gives you the ability to set UID / GID easily with environment variables.
3. Click Create, and then select the linuxserver/syncthing:latest image.
4. Network - leave these settings alone (defaults to bridge).
5. General Settings - enable auto-restart, leave the rest alone (off by default). Then, click on Advanced Settings, and set the following. This makes the synced files get created as not-root.
   1. PGID -> 1000
   2. PUID -> 1000
6. Port Settings - in Local Port, use the same port as the Container Port, rather than using Auto. In other words, Local Port 21027 for Container Port 21027, etc.
7. Volume Settings - Click on Add Folder, then add the following mappings:
   1. /HomeStuff -> /sync
   2. /NasStuff/Syncthing -> /config
8. Summary - check that everything looks good, then hit Done. This will run the container by default.
9. Add the following firewall exceptions:
   1. Allow ports 8384,22000 for TCP
   2. Allow ports 21027,22000 for UDP
10. Fire up a terminal into the docker container that’s now running, and navigate to /sync. Use ls -lah to check that /sync has sufficient permissions to allow the 1000:1000 user to manipulate the directory - this should just be 777. Use chmod a+rwx /sync if not. This didn’t seem to be necessary for the /config folder for me.

PC (Local / Client) GUI Setup

Windows

1. Grab the SyncTrayzorSetup-x64.exe download from the releases page. This is a wrapper around Syncthing which adds auto-start and a nice tray icon for Windows. Install SyncTrayzor, and launch Syncthing.
2. Add your home directory (e.g. C:/Users/vasu) as a folder within Syncthing, and delete the default folder. Give it a name that describes your machine somehow (hostname is a decent idea).
3. Click into the new folder you just added, and add any ignore patterns you want. For me, on Windows, that’s /AppData.
4. Let it scan for a while and find all of the files in your newly added folder.
5. Configure the folder on your PC (under Advanced) to be a Send Only folder, and tick the Send Ownership and Send Extended Attributes options (see picture below). This ensures that we’re only syncing to the NAS one way, and not accidentally deleting everything on the PC if the NAS goes up in flames. There’s more details on that idea here.
6. Afterward, click the Add Remote Device button on the bottom right, and follow the instructions to add the NAS as a remote device.
7. After the NAS accepts, go to the home directory folder you created, and share it with the NAS.

Debian-based Linux

1. Follow the instructions here to install Syncthing on your debian-based Linux system
2. Add the /usr/bin/syncthing daemon as a startup application. For me, that’s done via a nice GUI tool in Cinnamon. Then, either reboot (or maybe just relog), and syncthing should be running. Alternatively, just open up a terminal and run syncthing for the first setup.
3. Navigate to 127.0.0.1:8384 to get to the Syncthing GUI
4. Configure it as above for Windows
5. Note that there’s also a bunch of other tools listed here that might add better integrations with the toolbars, but I’m not using any of them atm.
6. Per the instructions here, you might need to increase the inotify limits. Supposedly it takes about 1 KB of memory in the kernel per inotify instance, so choose the limit accordingly.

1
2

echo "fs.inotify.max_user_watches=8192000" | sudo tee -a /etc/sysctl.conf
echo 8192000 | sudo tee /proc/sys/fs/inotify/max_user_watches

NAS (Remote / Server) GUI Setup

1. You should be able to log into the GUI at <NAS IP>:8384. It’ll mention that you should set a UI password, so set that to something secure, and store it in a password manager. Also enable HTTPS for the GUI.
2. You should be prompted to accept the remote connection from the PC.
3. You should then be prompted to accept the folder share request from the PC. Do that, making sure to change the Folder Path to /sync/[folder_name] rather than /config/[descriptive_folder_name]
4. If you get errors with permissions around folder creation, ensure that you’ve changed the permissions on the /sync folder to 777 via the terminal for the docker container. If not, do that, and then restart the container. You may also need to delete and recreate the connection to the PC.
5. Configure the NAS folder to be Receive Only (probably not necessary, with the PC set to Send Only), with the various Sync options turned on, as per the picture below. This link also mentions using the Ignore Delete option, but the documentation marks that as highly discouraged, so I’m not going to turn it on. I have daily snapshots turned on, and they’re preserved for a while, so while it’s not quite as immediate as LTT’s setup where their deleted files are instantly replicated, it’s probably good enough for me.
6. Wait a while for everything to sync.

Network Setup

Consider disabling the network relay connection, and instead only allowing sync when you’re on your local network. The below configuration forces listening only on port 22000 for any interface with IPv4 and IPv6, and only operates on the local network, with no global discovery.

I only did this on the NAS, since blocking one end of the link seems good enough.

The NAS should still be reachable once I set up a home VPN connection, which I might do as a docker container running WireGuard on the NAS itself.

Memory Upgrade

I’d like to upgrade the memory, because:

1. Why not?
2. My utilization seems very high (~85%) since installing the SSD cache.
3. The overall system responsiveness seems to have taken a nose-dive as a result.

Options

The official RAM upgrades on the compatibility list are:

1
2
3

D4ECSO-2666-16G - DDR4 ECC Unbuffered SODIMM 2666 MHz CL19 Dual Rank - $326
D4ES01-8G - DDR4 ECC Unbuffered SODIMM 2666 MHz - $179
D4ES01-4G - DDR4 ECC Unbuffered(?) SODIMM 2666 MHz - $109

To be absolutely sure, though, we can look at the RAM already installed in the system via SSH:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

vasu@DataHoarder:/$ sudo dmidecode --type memory
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 3.1.1 present.

Handle 0x001E, DMI type 16, 23 bytes
Physical Memory Array
        Location: System Board Or Motherboard
        Use: System Memory
        Error Correction Type: Multi-bit ECC
        Maximum Capacity: 64 GB
        Error Information Handle: 0x0021
        Number Of Devices: 2

Handle 0x001F, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x001E
        Error Information Handle: 0x0022
        Total Width: 72 bits
        Data Width: 64 bits
        Size: 4096 MB
        Form Factor: SODIMM
        Set: None
        Locator: DIMM 0
        Bank Locator: P0 CHANNEL A
        Type: DDR4
        Type Detail: Synchronous Unbuffered (Unregistered)
        Speed: 2667 MT/s
        Manufacturer: 017A
        Serial Number: 44102479
        Asset Tag: Not Specified
        Part Number: D43.23180S.007
        Rank: 1
        Configured Memory Speed: 2400 MT/s
        Minimum Voltage: 1.2 V
        Maximum Voltage: 1.2 V
        Configured Voltage: 1.2 V

Handle 0x0020, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x001E
        Error Information Handle: 0x0023
        Total Width: Unknown
        Data Width: Unknown
        Size: No Module Installed
        Form Factor: Unknown
        Set: None
        Locator: DIMM 0
        Bank Locator: P0 CHANNEL B
        Type: Unknown
        Type Detail: Unknown
        Speed: Unknown
        Manufacturer: 0000
        Serial Number: Unknown
        Asset Tag: Not Specified
        Part Number: Unknown
        Rank: Unknown
        Configured Memory Speed: Unknown
        Minimum Voltage: Unknown
        Maximum Voltage: Unknown
        Configured Voltage: Unknown

Here’s a selection of compatible memory from Newegg. It seems that using 2666 MHz as a filter removes everything under 16 GB. There are 32 GB sticks available, which seems to be supported in theory (based on the specs above), but it’s probably not necessary to put that much RAM in the system, nor is it worth going outside the official supported specs (which only go up to 32 GB), so I removed it from the filter. This RAM claims to be equivalent to the 16 GB official Synology module, so I’ll probably just get this.

Purchase / Installation

After some deliberation, I ended up purchasing 2 sticks of this RAM - “Synology D4ECSO-2666-16G Equivalent 16GB DDR4 2666 ECC SODIMM Server Memory RAM”. I paid $55.79 each, before tax.

After installation, this is what I see in dmidecode:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

vasu@DataHoarder:/$ sudo dmidecode --type memory
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 3.1.1 present.

Handle 0x001E, DMI type 16, 23 bytes
Physical Memory Array
        Location: System Board Or Motherboard
        Use: System Memory
        Error Correction Type: Multi-bit ECC
        Maximum Capacity: 64 GB
        Error Information Handle: 0x0021
        Number Of Devices: 2

Handle 0x001F, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x001E
        Error Information Handle: 0x0022
        Total Width: 72 bits
        Data Width: 64 bits
        Size: 16384 MB
        Form Factor: SODIMM
        Set: None
        Locator: DIMM 0
        Bank Locator: P0 CHANNEL A
        Type: DDR4
        Type Detail: Synchronous Unbuffered (Unregistered)
        Speed: 2667 MT/s
        Manufacturer: 059B
        Serial Number: 210C922B
        Asset Tag: Not Specified
        Part Number: CT16G4TFD8266.18FE1
        Rank: 2
        Configured Memory Speed: 2400 MT/s
        Minimum Voltage: 1.2 V
        Maximum Voltage: 1.2 V
        Configured Voltage: 1.2 V

Handle 0x0020, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x001E
        Error Information Handle: 0x0023
        Total Width: 72 bits
        Data Width: 64 bits
        Size: 16384 MB
        Form Factor: SODIMM
        Set: None
        Locator: DIMM 0
        Bank Locator: P0 CHANNEL B
        Type: DDR4
        Type Detail: Synchronous Unbuffered (Unregistered)
        Speed: 2667 MT/s
        Manufacturer: 059B
        Serial Number: 210C922B
        Asset Tag: Not Specified
        Part Number: CT16G4TFD8266.18FE1
        Rank: 2
        Configured Memory Speed: 2400 MT/s
        Minimum Voltage: 1.2 V
        Maximum Voltage: 1.2 V
        Configured Voltage: 1.2 V

Here’s a diff of the before / after. The tl;dr is that the only differences from the pre-installed module seem to be the capacity (4GB to 16GB), the manufacturer info, and switching from single-rank to dual-rank. Apparently, dual-rank is meant for higher capacity, but comes at the cost of higher latencies.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

19c19
<         Size: 4096 MB
---
>         Size: 16384 MB
27,28c27,28
<         Manufacturer: 017A
<         Serial Number: 44102479
---
>         Manufacturer: 059B
>         Serial Number: 210C922B
30,31c30,31
<         Part Number: D43.23180S.007
<         Rank: 1
---
>         Part Number: CT16G4TFD8266.18FE1
>         Rank: 2
40,43c40,43
<         Total Width: Unknown
<         Data Width: Unknown
<         Size: No Module Installed
<         Form Factor: Unknown
---
>         Total Width: 72 bits
>         Data Width: 64 bits
>         Size: 16384 MB
>         Form Factor: SODIMM
47,51c47,51
<         Type: Unknown
<         Type Detail: Unknown
<         Speed: Unknown
<         Manufacturer: 0000
<         Serial Number: Unknown
---
>         Type: DDR4
>         Type Detail: Synchronous Unbuffered (Unregistered)
>         Speed: 2667 MT/s
>         Manufacturer: 059B
>         Serial Number: 210C922B
53,58c53,58
<         Part Number: Unknown
<         Rank: Unknown
<         Configured Memory Speed: Unknown
<         Minimum Voltage: Unknown
<         Maximum Voltage: Unknown
<         Configured Voltage: Unknown
---
>         Part Number: CT16G4TFD8266.18FE1
>         Rank: 2
>         Configured Memory Speed: 2400 MT/s
>         Minimum Voltage: 1.2 V
>         Maximum Voltage: 1.2 V
>         Configured Voltage: 1.2 V

Here’s a pic of the two different RAM sticks. Top is the old stick, bottom is the new stick.

Thoughts

The overall utilization seems to be about ~2GB now (~6% of 32 GB), down from the ~3.5GB being used before (~85% of 4GB). Hopefully, the responsiveness of the system improves, as things started to get very sluggish.