Synology Backup Amazon Glacier
Why using back up on a personal scale ? because at home in my Synology NAS i got all my photos and important files. I got a RAID 5 in case of HD failure, but what happen if my house burn or if i got robbed ? for these kinds of risks i decided to set in place a remote back up roughly once a month.
So I was during a while backuping part of my Synology to a friend's Synology. But this friends has a very low maintenance level of his Synology!! So, for reason unknown, my backuped failed most of the time ...
So i recently decided to look for another solution. I first thought of using this web server as a Rsync backup, but the cost would have been too high. Indeed it's a hosted server not aiming to backup lot of files. I'm mostely backuping my Photos and some important Files: Roughly 30GB, but over time it will grow obvisouly.
So during my search i found several different type of solution and i chose to look more closely into Amazon Backup Glacier: It's very low cost, and for my needs the price would be negligeable... Take my word carefuly for the moment since I just start to use it yesterday ! I will come back to edit my saying if i'm wrong!
one of the advantage of amazon glacier, is that it's 100% compatible with your Synology: "There is an App for it !" ;)
2. Amazon Glacier
Amazon Glacier is a secure, durable, and extremely low-cost storage service for data archiving and long-term backup. Customers can reliably store large or small amounts of data for as little as $0.007 per gigabyte per month, a significant savings compared to on-premises solutions. To keep costs low, Amazon Glacier is optimized for infrequently accessed data where a retrieval time of several hours is suitable.
and your data are encrypted using AES 256. But even with that i would recommanded you to encrypt them yourselves, i will explain it later.
2.2 account creation
To be able to use glacier, you obvisouly need an account on the amazon console aws. You can use the same account for Amazon and Amazon Web Services ... personnaly i decided to create a new one, because i don't like to have everything in one account ... if my girlfriend decided to delete my aws by mistake for example ...
once you have created your account, you can access the aws console management that should look like something like this :
you can click on the Glacier icon (use ctrl+F ;) ), but first you need to define a security key to allow your NAS to connect to Glacier API.
To do so, you must go to « Your Security Credentials » by clicking your name on the upper right.
Then go to : Access Keys (Access Key ID and Secret Access Key) and create a new key. Keep it near you since we will use it soon
3.1 Encryption (optional)
I'm working in security and i'm kinda paranoid ! So i encrypt most of my files i define as "sensitive". Thanks to my Synology it's quiete easy. the idea behind it is to prevent someone stealing my NAS to be able to retrieve my sensitive data. i won't go into much more details on this point since it's not the main topic here.
In our cases the good point of encrypting our data will be that in amazon, even if it's also encrypted. if someone too curious as access to our vault or if amazon got breached, they won't be able to read our data as well.
If you are thinking on data transmission for back up and the rsync mechanism. don't worry, on the synology the data are encrypted using small blocks ,so only the changed blocks will be upload, not the entier vault.
anyway, here is a small details on DSM 5.1 on how to encrypt a directory :
go into your NAS admin page, and open control Panel > Shared Folder. you should have something like that :
As you can see, some of my folder have an open lock. It means they are encrypted on the NAS but i already open the "vault". If i reboot my NAS, i will have to give my password or my certificate to give user access to again.
So i advice you to create a new folder define to be your Sensitives vault. For my i got 3. feel free to make as much as you want. If you have already existing directory you want to back up, it's not possible to encrypt it. So create a new encrypted one, then copy all the file into it.
to create an encrypted folder, click "Create" and tic the "Encrypt this shared folder". Set a password. be careful to remind it ! and i strongly advice NOT to tic "Mount automatically on startup"!
Once it's done, after each reboot you must come back here and click on your encrypted folder and click the button on the top "Encryption" and click "Mount", it will ask your password and it will then be available like any other folder.
i would advice against it only if your folder is a very "living" folder meaning with a lot of change into it, because it will mean a lot of encrypted chunk change that will have to be upload again. But for Photos, documents & Co you should be ok!
3.2 Install Glacier App
To use glacier, we must download the App. To do so, launch the "Package Center" and click "All" and search for the App "Glacier Backup". Install it and start it. You should then have a new icon into your main menu (top left button) like this :
click it and it will show you a window very similar to the standard synology backup window:
Here you can see my previous and next schedule as in standard backup synology windows. Obviously yours will be empty for the moment!
To start configuring your backup, click on "backup" then "Action" > Create:
select a name for your backup task and tic the conditions:
then you must give your Access Key and Secret Key you generated previously in 2.2. I advice you to chose a location ear you. I personnaly select Ireland but feel free to use any other.
tic the "Enable transfer encryption" obviously ! concerning the "Preserve backed up files at destination" i'm not sure of what behavior will happen with the encryption ... i keep it tic for the moment and i will come back to give some feed back here after a moment. I not sure it's a good idea since we encrypted our directory before sending it. Anyway do as you prefer for the moment !
And finally, important part : set the chuck as small as you can: here 2MB, it will limit your upload rate!
then you can select the folder(s) you want to back up. i decide to separate each task, but you can do as you like.
And finally you must plan your backup schedule. i personnaly decided to make it once a month like this :
then you can complete your task by starting your first backup right now. Be aware that the first one could be rather long because it will have to send the whole data! Next backup will be faster because it will send only what changes. Here the encryption will cost us a bit more since we have to send each changed encrypted block. But even with it, it shouldn't send too much anyway (see 3.1)
And that's it ! you set up your backup ! if you want to ensure your data are securely encrypted you can try the "backup explorer" ... and it shouldn't work since amazon doesn't now your synology encryption key!
4. Data recovery
i didnt test this part yet, but i will soon but it seems pretty easy. you should try it someday on a dummy folder to ensure it's working well.