Your Synology DiskStation is mostly a set-and-forget kind of device, low on maintenance. But you’d better become familiar with the most common settings in case you need them along the way.
This is the sixth part in a series on getting started with your NAS: configuration and maintenance.
Configure And Maintain Your Synology NAS
Now that you have your DiskStation up and running, it is time to dig a level deeper to keep it running in the long term.
First, I will show you some settings that you made during the initial installation and allow you to change them if needed.
Next, we go through some settings that help you make your DiskStation operate more securely.
Review Initial Setup
During the initial installation, I encouraged you to enable QuickConnect. QuickConnect is a zero-configuration technique that lets users connect over the internet to the DiskStation. However, be aware that all traffic to and from the DiskStation is relayed via Synology servers. Apart from the delay compared to a direct connection, you could have privacy concerns. In addition, everybody can connect to your device, so invalid login attempts are possible.
Another catch is Photo Station, which you might run later to manage your photo collection. Albums with permissions set to Public are automatically exposed to the internet when QuickConnect is active.
Therefore, I suggest switching it off until you need it, like for help from somebody who gives you support.
Open Control Panel, QuickConnect in the Connectivity group, and remove the checkmark at Enable QuickConnect. Click the Apply button to confirm the change.
During the initial installation, there were two other instances where you could choose: device analytics and share network location. To control these settings afterward, open Control Panel, Info Center in the System Group, Device Analytics tab. Here you see both options, and you can change them anytime you like.
Your DiskStation has an operating system (DSM) and applications or services (packages) that run on it. Synology regularly updates both. You can configure whether or not these are updated automatically or manually.
For updates of DSM, open Control Panel, Update & Restore in the System Group. The first tab, DSM Update, shows the model name, current DSM version, and status. Click on the Update settings button. Here you can choose between either an automatic update or a notification that a new update is available. For DSM updates, I prefer a notification. Also, note the schedule for when the DiskStation checks for updates.
When you receive a notification, you go to this same page, and the status will offer you an update link.
For the DiskStation to be able to notify you, you have to configure your email address.
In Control Panel, Notification in the System Group, enable email notifications and fill in the fields. I found that the Subject prefix is very handy as it helps me recognize instantly which email comes from my DiskStation.
For updates of packages, open Package Center and click on the Settings button in the top-right corner. On the General tab, enable mail notifications if you like to receive an email notification about package updates. You can also enable desktop notifications, which means that you are notified of an update when logging into the DSM desktop. The Package Center has a red dot and the notification icon as well.
Select the Auto-Update tab, and check Update packages automatically if you like this setting. You now have the choice between automatic updates of all packages or only selected packages.
There are a few recommended network configurations that you can consider. Open Control Panel, Network (Connectivity group).
The first recommendation is to give your DiskStation a static IP address. It is quite common to give servers in a network a static address, in contrast to a dynamic address for clients. Unless you are familiar with IP addressing, I suggest skipping this step to prevent accidents.
If you are familiar with what an IP address is, go to the Network Interface tab, select the LAN interface connected, if your DiskStation has multiple LAN ports, and click on the Edit button. Choose Use manual configuration and fill in IP address, subnet mask, gateway, and DNS server. Click OK to confirm.
Next, move over to the DSM Settings tab. At the top of this page, you see the DSM ports. It is regarded as a safety measure to alter the default ports. But unless you plan to connect to your DiskStation over the internet, I see no reason to change it now.
The setting Automatically redirect HTTP connection to HTTPS is a good practice. The DiskStation comes with a certificate for this purpose. Please note, however, that because it is a self-signed certificate, your browser will complain about a security alert.
That is completely fine and follow the instructions in your browser to allow using this certificate and the HTTPS connection. Below this setting is Enable HTTP/2. Enable this too.
There are also a few recommended security configurations that you can consider. In Control Panel, select Security (Connectivity group). You might not find these relevant if you do not open your DiskStation from the internet. That is true, but not entirely. Consider that your internet router or a client on your network is compromised, and malware is looking on the same network for new targets. This is not science fiction but an everyday reality.
First, notice the logout time at the top of the Security tab. The default is 15 minutes. Also, note two check marks for ‘Improve protection against…’ and ‘Improve security with…’. The next option, Do not all DSM to be embedded with iFrame, is also recommended.
Next, switch over to the Protection tab, and enable the DoS protection.
Last, switch over to the Account tab, and enable autoblock. This will automatically block an address after failed login attempts. Stick to the default values and enable block expiration. Unblock after 1 day. This is to prevent that you from forever block yourself.
Click on the Allow/Block List button. Click on Create, select Subnet at the top, and enter the IP address range and subnet mask. If you are not familiar with this matter, skip this step or ask a friend who is.
Theme And Regional Configurations
After all these sophisticated nuts and bolts, now some more fancy stuff for a change. Open Control Panel, Theme (System group). On the Login Style tab, you can change the login page. On the Theme tab, you can choose between a Light and Dark theme.
In Control Panel, go to the Regional Options (System group). On the Time tab, under Date & Time, change the date and time format to your liking and adjust the time zone if necessary.
Your DiskStation can inform or alert you about a broad range of conditions whenever they occur, like a volume in low capacity or backup status. You can receive notifications via email, a text message (SMS), or a mobile device. Please install the DS finder app on your mobile device for the last option.
In Control Panel, go to Notification (System group). On the Email tab, configure your email account. Send a test email with the button at that tab.
Go to the Advanced tab. Browse through the list of events and make any changes if needed. Note that services or applications that you install later are added to the list with their own events. Therefore it makes sense to come back later and make necessary changes to notifications.
In Control Panel, open Hardware & Power (System group). Review the settings on the General tab. Most settings are self-explaining, like beep control and fan speed mode. You can even adjust the brightness of the LEDs on the exterior of your DiskStation.
Switch to the Power Schedule tab. Here you can create a startup and shutdown schedule. Before you ask yourself why you should do this first, it is widespread to leave a DiskStation powered 24/7. If not in use, it goes into sleep mode.
However, if you use your DiskStation only a few times per week or for backup only during an hour at night, you can define power schedules. Maybe you like to start your DiskStation manually if necessary, but define a shutdown schedule at 11 pm every day.
In case you have a UPS or uninterruptible power supply, switch to the UPS tab. Make sure you have the USB cable connected between the UPS and the DiskStation. Enable UPS support (check), shutdown UPS when the system enters Safe Mode (check), and if you have more DiskStations, also Enable network UPS server (check) and configure the other DiskStations via the Permitted DiskStation Devices button.
Your DiskStation can make a backup of its configuration. I immediately warn that not all configurations are in this backup, but some are better than nothing. I discuss the configuration backup in the module on backups in more detail.
For now, it is enough to make such a backup and store it on your computer.
In Control Panel, go to Update & Restore (System group) and open the Configuration Backup tab. Click on the Backup configuration button. After a message about what is backed up, click Yes, and the backup is downloaded to your computer. The file has the following format: DiskStation-name_timestamp.dss.
Good description: https://www.howtogeek.com/318693/how-to-back-up-and-restore-your-synology-nas-configuration/
The Log Center is an application you find in the Main menu. It is installed by default. Click on the Main menu and open it. You might find a message about advanced functions. Click OK (after reading the message). It basically says that you can install Log Center from Package Center. This will replace the limited Log Center application with a more feature-rich version. I discuss the Package Center in the next module.
In the column at the left, select Logs. In the pane at the right, you see a list of log entries. These are from the General log, as you can see at the top of the pane. Click on General and select Connection from the drop-down list. Different log entries appear. Look at the user names that are listed in the log. I assume these names are familiar. That’s good.
There is more to it, but for now, I am happy that you know that there is a log and know where to find it. It is a good source for troubleshooting.
Two-step verification, or two-factor authentication, is a very secure way to verify that it is you who logs in and not somebody else pretending to be you, like somebody who happens to know or guessed your user name and password. Even the strongest password has its weakness because it is based on a single factor: knowledge. Not relying on a password only for authentication is so much better. Introduce a second factor, like possession or what you have, mitigates the risk involved in authentication to a minimum.
I encourage you to enable 2-step verification for at least the administrator account(s) on your DiskStations. When you log on with a user name and password, a second verification step takes place by entering a six-digit number. This number is generated each minute and expires after that period. You can use one of the many authentication apps on your smartphone to generate that number. When you set up 2-step verification, your user account is linked to the authentication app so that the numbers align.
In DSM, you can enable 2-step verification at two levels. One for a specific user and one for users in general. In either case, you must set up your email account in DSM if you lost your smartphone.
To enable 2-step verification for a user, log in as that user. Open the user menu in the top-right corner of DSM, and select Personal. On the Account tab, tick the box Enable 2-step verification. You might get a warning that email notification is not enabled. If so, click Yes and enable it. Next, click on the 2-Step Verification button to start the wizard and follow the instructions on the screen. Make sure you have your smartphone ready and installed an authentication app like Google Authenticator or Authy.
To enable 2-step verification for users in general, open Control Panel, User. Open the Advanced tab. Go to the 2-Step Verification section, tick the checkmark, and select either the Administrators group users or All users. Notice that further configuration is handled per user at the next login.
In case you lost your phone, you can get an emergency code sent to your email account. There is a maximum of 5 emergency codes. Note that you can disable 2-step verification with a physical reset (Level-1 reset).
Paul Steunebrink / Storage Alchemist