NAS questions (some Synology specific)

[Grimson]

Grab a beer and settle in, it'll probably be a long thread!

So I picked up a Synology DS920+ and here's what I want to do with it. I have (2) 4tb Seagate drives to start with just to get it set up then I'll add (2) more 4tb drives after all my media is moved. This NAS will allow me to run VM's so I definitely want to take advantage of that and because of that I want it to be as secure as I possibly can make it.

Now the goods -

1 - I plan on setting up 3 pools; the first around 500gb for the virtuals, second around 50gb for small backups from my laptop and third will be the rest used for my media server.
1a - If something funky gets in my VM can it get to the other pools?
1b - I have friends that connect to my Emby media server so currently 8096 (I think) port is forwarded through my router. Will making this as secure as possible cause an issue with that or that port being forwarded cause an issue?

2 - I plan on using Synology Hybrid raid.
2a - It's my understanding that adding drives after the SHR is setup will allow me to tell the SHR where to allocate the new space, right?
2b - Do I need to tell the SHR what type of raid I want to use or will it determine that on its own?

3 - I'm pretty sure Synology has an antivirus package that I can choose to install.
3a - What exactly does that cover? I would still need to have an AV on each virtual machine, right?

It's late and I'm tired so that's all for now.

[Philip]

1. Sounds good. Your open port for media server is always going to be an attack vector... I suggest keeping the DSM updated, using strong passwords, and there is an option to ban users on repeat failed passwords, that should keep it safe. Not sure if the port is configurable too, using default ports begs for blind exploit scripts.

2. Synology Hybrid Raid (SHR) is good I suppose.. It allows for one drive to fail without loss of data on the 4-disk models. It performs best if all the drives are the same size, otherwise it is usually slow to rebuild volumes.
2a. I haven't tried different volumes.
2b. SHR is it's own custom type of raid. It is like RAID 5 I guess, but it allows for using different size HDDs.

3. The OS is a custom Linux distro, so it's one of the Linux AV packages I guess. Not sure about the VMs, probably would need separate packages for each.

[Grimson]

I don't think I can change the port that Emby runs on. I do keep the DSM updated and my passwords are insane lol. I also have users banned on 3 failures to login. Also, the 920+ has a firewall, I suppose it's worth trying out but I don't know anything about it. Seems like I've done as much as I can to keep it (my current 218j) safe so far so I'll carry that setup over to my 920+ when i do it.

Any tips or advice on setting up the ssh stuff? That's the certificate things, right? I'm a total noob on that stuff...I've never messed with it before.

I've been using raid 1 on the 218j, it works fine but it's just 2 drives so there weren't other options except raid 0 which didn't really matter. I'd rather have the backup than speed. I want to be able to easily expand to more/larger drives with little to no problems so I'm going to try SHR. Sounds like it works pretty well from what I've read. I always use the same size drives in my raid configs. I want to use SHR in Raid 5 instead of locking myself into true Raid 6. I can handle a single drive failure and have 12tb storage than need to survive a 2 drive failure and only have 8tb storage. Know what I mean? Storage space is king!

New question - I have a 120gb M.2 drive I'm putting in it for caching. Do you know if it'll default to using that or do I need to change something? Ignore this question, I found the answer.

All these questions and i haven't even put the drives in it yet. lol

[Grimson]

I just realized I misspoke before.... I'm setting up one pool and maybe multiple volumes. Still undecided on that part at the moment. I could just go one pool, one volume and multiple shared folders.

[Grimson]

Ugh... btrfs is required to run the virtual machine manager. I'm not crazy about that. :/

[Philip]

I don't think btrfs vs ext4 makes much difference for a NAS, it is managed already and you have some restricted choices that were consciously made for you... And they work ok. Btrfs is arguably better than ext4.

[Grimson]

I see so many people that talk about data loss on btrfs. Is it a low chance for that to happen?

[Philip]

I haven't read about such issues, in general btrfs should be just as safe for your data as ext4. Btrfs is more modern and it may be slower though, it would require some extra processing because of the added features (bit-rot protection/checksums, versioning, etc.)

[Grimson]

I did convert to btrfs btw.

[Philip]

Cool... I am not even sure what's on my Synology NAS as I gave it to my daughter, lol. I am using a full-blown Fedora distribution for my home NAS, but it's an old version, and using ext4