 Tom here from Warren systems. And if you're like me, you like Synology and you like TrueNAS and maybe you have both of them I've talked about the pros and cons and I'll leave a video down below of what is good and bad about each of these and well In some cases I end up with both of them Synology I think is a wonderful platform TrueNAS is a wonderful platform that each have their strength They each have their weaknesses But one of the challenges might be to back up your Synology and have a nice holistic backup And maybe you don't want to use the Synology C2 service or pay some cloud provider to hold all your data And maybe you have a TrueNAS that is in a geographically separate area Or maybe even a more broader scenario where you have multiple Synologies like we do and you want them all backed up to one single TrueNAS in a very easy way to handle it This is where S3 object storage comes in I've done a video where I dove deep how TrueNAS and it was free NAS back when I did the video But you can use the MinIO which is built into the TrueNAS server and use it as an S3 target And because the Synology Hyperbackup supports S3 targets and you can set up different buckets for different Synologies You can take many different Synologies and back them all up there in a very easy way The other advantage using this protocol is it could be transported across the Internet even if you don't have a VPN Now I would still recommend putting everything behind a VPN Things should be as secure as possible But the S3 protocol when using HTTPS does offer a layer of encryption And as long as no one gets your keys to that it is safe as you may have heard from different security problems that occur When people leave their buckets open or leave the keys out somewhere where they can be acquired and people can log into those buckets Provide those two factors are mitigated. You can now transport this The other option is if you know the IP address from which the Synology be coming from you can also just set your firewall rules to filter for only the IPs that you have put on allow list and Make this a pretty secure setup overall But before we get started in these details if you want to learn more about me and my company Have her to laurencesystems.com click to hire a short project There's a hires button right at the top if you like to support this channel other ways There's affiliate links down below to get you deals and discounts on products and services We talk about on this channel The first thing we need to do is set up the S3 storage I have another video where I've dove deep into this topic There's a lot of different fun things you can do with it But we'll go through the basics in here just to show you how easy this gets set up We are using true nas 12.0 you 6.1 the latest release as a November of 2021 and we're gonna have to create a spot for this data to go We're gonna go over to the storage to pool and we're just gonna add a data set and we'll call this data set s3 for Synology now the nice thing is this is very simple because we call this S3 for Synology and leave everything else here absolutely Generic and hit submit you don't have to worry about permissions because that's gonna happen over here when we go to services You're gonna go over to the s3 service And we'll actually call this one Synology. I'd actually apparently set this up before So I already had a key in there and we'll call the key Synology 1 2 3 I Highly recommend you choose something more secure than this and the port choose the port that you're looking for Bind the IP address the one that you're looking for as I mentioned you can transport this over the internet This what makes it very simple when you're dealing with S3 object storage It's port 9,000 or port whatever you set it to and that's the only thing that needs to be done So even if you're doing this over a VPN or routed network There's not a bunch of ports to configure there's not a bunch of different things or if you're routing this publicly over the internet You can always filter and have a firewall rule that says only allow coming from the IPs of maybe remote Synologies you have are the only ones allowed to talk to that so a couple different options You can think about here. It does use a certificate We're just use the free NAS default certificate for the transport It will work with analogy with an unsigned certificate But of course you could go through and set this up to have its own sign certificate If you wanted even possibly use a less than crypto goes beyond the scope of this video But those are all possibilities here and we're gonna leave enable browser checked and then we're gonna choose that S3 first analogy it's selecting a data set with min IO removes all existing permissions for the data set in any nested directories So you have to make sure you're either creating this new or willing to lose whatever is in there It's gonna set all the permissions and fleet everything within that now min IO is the video topic that I said I'll leave link down below Even if for example because we only can set one key Want to access key one secret key for this particular bucket if you wanted to set multiple You'd build them all in separate individual jails. Just a little side note if then we hit save Pretty simple, then we just go down here to the s3. We're gonna enable it and Definitely want it to start automatically. So now it's gonna start on startup That's all we have to do inside a true NAS over here in Synology You'll notice that I've had at least one job running right now I wanted to make note of this that if you are running any type of ice guzzie It needs to have a separate backup the hyper backup does not back up the ice guzzie And this is a really simple task to set up You can say one backup task with the one backup task does is goes ahead and sets up a schedule If you put it on schedule if you only want to run once but probably you want things backed up on a schedule You set this to run and it creates a backup of the ice guzzie one into a file That can be backed up or series of files in a folder So if we go and see where we target it under destination here We directory ice guzzie backup. We go over here to file station Ice guzzie backup. There's those files. It does not keep revisions of them It just runs as a schedule whatever schedule you may set But if you do not do this when you're doing the next hyper backup task You'll notice that ice guzzie is not part of what gets backed up at all. That's why they have that separate and we're gonna go over here to the data backup task so easy enough here and Then we're gonna go over and choose s3 now Instead of Amazon s3, we're gonna choose custom server URL and the server address is going to be HTTPS 192 1683 dot 213 colon 9000 don't need to slash at the end now this colon 9000 and the 213 that's the IP address of the true nas system that we had set up on there Also, if we want to test we can test something real quick We're gonna open up a new browser put that in and then we can try our Synology and Synology one two three and everything goes well Hey, we're in here and we're able to log in and as I said We got the IP address from the machine itself and then we told it which one to bind to if you have multiple IP addresses I mean you can have them on multiple or have them on all of them. I only have it bound to this particular IP address Back over to here We do want to choose v4 then we want to choose the access key of Synology and then our not so great passwords of Synology one two three Bucket name. There's no buckets in here. So we're gonna create a new bucket It's at this point if I were to take the password wrong it would have told me it wouldn't be able to talk to it so we're gonna say Synology backup and I pressure spell backup right there we go All buckets are supposed to be fully lower case But dashes are acceptable so we can put a dash there if we want but they do have to all be lower case to Not cause any errors Directory Albert one happens to be that this system is called Albert. I will just leave it at that because it really doesn't matter Let me go next Ask what do you want to back up? I was gonna check the box and say back it all up So this is everything that's in here surveillance station and things like that Please note when you're backing up surveillance station That may not be ideal for you to back that up because this is specifically backing up all the data That's in there This can be a problem if you're backing up off-site because well if you're creating a lot of data a lot of recordings With surveillance station it may not be able to transport over so we'll go ahead and actually maybe skip that like this and Yeah, we'll leave it on for now I guess but you kind of get the idea that you got to think about that one before you're doing it This is local so we can do this. I want all the applications backed up Now this is where you get another option for surveillance station You can go back over here and not back up any of the data within surveillance station So we can do it like this next but then go here and Back up package only or recordings only I like this feature because you have a lot of work You may put in setting up 20 cameras configuring I'm setting all the options on those cameras and you make sure those package settings are all backed up This is an easy way to do that But if you want to back up the Recordings as well it can do that and I recommend doing it through this method right here And I'll show you why when we do it so I'm gonna back up them just for example purposes But like I said if you're doing off-site backups that can be a problem Now here is the problem actually we should call this true NAS That's three back up You can choose all the different options here for task enable change log compressed data highly recommend compressing it Enable transfer encryption. Hey, why not? You can't have enough encryption so encrypt things that are going over encrypted connection sounds like a great idea when you Wanted to run client side encryption I actually really recommend this and we're gonna put a really weak password in here The reason I really recommend doing it this way is because you never know what can happen to the box on the other end If the box on the other end gets compromised if you encrypt it right here, it's encrypted prior to it leaving So I'm always just more encryptions better says this is referring to the transport layer encryption But you would see you want the files at rest to be encrypted to but warning if you lose this password You also have no way to restore anything So if you ever have to restore this analogy, you don't know what passwords you use you're in a lot of trouble Recommend saving that password and password manager Then we're gonna get the warning after you've encrypted if you forget this password a key is lost your backup will never be restored Yes, we understand this backup Rotations from the earliest version just keep number of versions smart recycles actually really clever And it's one I kind of recommend if you're not sure what to do Just click the smart recycle and you'll have eight weeks six weeks four weeks and two weeks So you have high density and then it starts purging on the scattering amount So you only keep some of the really old versions there in case you have to go back really far But it's you can also do customized retention sayings beyond the scope of here to go in all of them There's so many different scenarios But just kind of decide how many revisions of things or how many days you'd like to keep things and that's what the Retention options are so we're gonna get done Of course now we want to say backup now Yes, and we got here this little file that downloaded was a Key encryption if we need to upload if we don't use the password We can actually use this key to go ahead and do that and the backup is running right now Now there's not a whole lot on a analogy. So this completed relatively quickly So we have all of 86 megabytes that are backed up right now And you may notice that is not performed an integrity check That is actually part of the schedule But you can force an integrity check anytime you do want to double check to integrity of these backups by default When you go into settings and schedule the integrity check is gonna run once a week Just to double check all of your backups and see if there's any problems with them But like I said, we can just force one I wanted to force one because this is one of the things it's gonna ask either a to upload that encryption key or put the password in It's it okay and let it kick off the integrity check real quick While it's doing the integrity check, we'll switch back over to our true nas here and we can see that there's About 87 megs in here and not much compression that we're able to get out of it because well It's compressing the backups and so the backup sizes roughly are going to be really close to each other because there's obviously a few other Files that might be in here. Let's go back over to here Our integrity check was successful and if we want we can even run another backup again and Right now. Let's delete something for example. So we can even go here Or even better yet duplicate something. So if we went ahead and All right, I pasted this in so dumped a little bit more data in here We'll go ahead and run the backup again real quick So we have at least two backups we've run and then we'll do a test restore to show you how that works All right now we've run two backups on it and we can go here to the restore and see the revision So we go to data backup. Here's that one. We see this now here we can restore and we'll see that The 936 or 939 and this is any of the configurations for a analogy Don't do a system configure restore if we want to restore any of these shared folders The shared folder exists and it has to be overwritten by the previous version So we have two versions here. We can choose which version of the files that we want pretty simple to do Or we can go next and restore one of the applications and actually that's the demo I really wanted to do is what happens when we have to restore a full application such as Surveillance station and I think we have a camera in here with some recordings We do cameras currently disconnected. We set up a test cam. We were doing some demos here in the office and Real exciting view of the wall there, but it might be important to someone There's like two minutes of video of looking at the wall But let's pretend there's a lot more configuration that we spent a lot more time and it wasn't just looking at the wall So therefore it's important details And we're gonna go ahead and hit delete And we want to remove all recordings including locked items, okay, they're gone If I go back over here recordings, I've lost my camera. I've lost all the recordings related to it. Now what? Go back over here to our restore data Trunass S3 Next I Don't need to worry about shared folder and even though I didn't choose this analogy Surveillance station folder because we did Choose to back up the recordings as well as the settings. We're gonna hit here and hit next Disselected application will be disabled during restoration makes sense to me I need it back. It's kind of broken right now. So it's gonna stop these applications running It's going to understand that I selected the Synology Surveillance station including all of the Related folders to back up the data in there hit okay Then I go over back to Synology Surveillance station go look at our recordings Recordings are back. I can look at the wall again There's those exciting wall videos and if I look at the IP camera It's trying to talk to it, but I know the camera is disabled So it's activating and eventually timeout because the camera was well, it's turned off right now It's not just looking at the wall Using Trunass as an S3 target is really straightforward simple easy to route over the internet Also, if you have multiple Synologies at multiple locations, you want to back to one single central Trunass That's easy enough to do and you can create buckets for each one of note. They will share the same Key for each one because they share the same key if one Synology were ever to get compromised and some were able to somehow extract the keys out of that particular Synology they would have the keys to get into that bucket So that may be a concern there is a use case in that point for maybe building out a series of separate jails Each with their own key each with their own unique identity and different port numbers There's different strategies you can do to mitigate this to make things more isolated from each other But from a simplicity standpoint because this will transport encrypted over the internet and of course I highly recommend using a VPN, but I know that isn't always as practical in some scenarios This is a great way to get especially your off-site Synologies backed up or even just looking for an easy way to back up Everything on your Synology to your Trunass that is sitting next to it right there So pretty simple way to do it. So I would make this tutorial Hopefully it was helpful and thank you and thank you for making it all the way to the end of this video If you've enjoyed the content, please give us a thumbs up If you would like to see more content from this channel hit the subscribe button and the bell icon If you'd like to hire a short project head over to Lawrence systems calm and click the hires button right at the top To help this channel out in other ways There's a join button here for YouTube and a patreon page where your support is greatly appreciated for deals discounts and offers check out Our affiliate links in the description of all of our videos including a link to our shirt store Where we have a wide variety of shirts that we sell and designs come out? Well randomly so check back frequently and finally our forums Forums dot Lawrence systems comm is where you can have a more in-depth discussion about this video and other tech topics covered on this channel Thanks again for watching and look forward to hearing from you