I have been using Synolgoy Nas’es for several years now. Currently, there are two in the home lab a DS1621+ and a DS923+. Both are used for various tasks, like regular file shares, iSCSI for VMware, Podman, and so on. In this post I’m focusing on the DS923+ and how to back up data to an external backup that is only on when needed.
Thanks again to Synology, who have provided me with both systems!
The idea is simple; if the system gets affected, an untouched backup medium is needed to restore the data. If it is live replicated, there is a chance the secondary system will get infected as well. See the 3-2-1 rule.
There are different ways of creating immutable backups on Synology, which I have written about (here). But I thought, this solution I’m about to show is a quick and relatively cheap way to have your data backed up to an extra drive.
It’s really quite simple. You already might have a drive that is large enough to hold your data. You might even have an older raid system that has a Raid 1 or JBOD. The must-have for this to work is, it needs an external power supply. Shouldn’t be an issue with an older, external Raid box, but a 2.5 inch drive in a usb case will not work. Same for external SSD that draw their power from USB.
What will we use to remotely turn the drive on is a remote power switch; I have a bunch of iBoots around the house. It’s pretty much a black box with power in, power out, and an Ethernet connection and a webserver.
The external drive will be connected to an available USB port of our Synology box. When I want to back up files, I log into the iboot and turn the power on of the external drive.
The NAS recognized the drive.
I’m using USB Copy to copy files over. It’s available in Synology’s app store. I have different jobs set up. Be aware, this setup mirrors all the data from the Synology to the external drive. There are no increment of differential backups, it’s an all or nothing. This does take longer, but I don’t mind, as I don’t have to sit and watch, nor does it affecting anything I’m doing on various systems.
You have the option filtering for file types as well, if you only want documents to be copied over for example.
You can even automate it, so when a drive is plugged in it runs a job and then ejects the external drive
And finally running a job:
After the jobs are completed, make sure to eject the drive and turn it off on your iBoot (or similar device).
I’ve been using this setup for a while, and it has worked well. I’m fully aware this is sort of the cheap backup/copying hack, but as a part of my backup strategy, it makes sense. An external hdd case does not cost much, and you might have a drive lying around that could be put to good use!
The question remains if this is really air gapped. I would argue, while there is a moment in time when the backup medium is connected and could be infected, this holds true for other air gapped technologies as well. Thinking about Tape, when writing backups to tape it is exposed as well.
The best way to ensure your backups work remains the same; Test them! 😉