A Synology can act as a local file server that is used to share a folder from a cloud account. You can use accounts with from Backblaze, Google Drive, Amazon, Alibaba, Dropbox, Azure, and others. This means you can use a Synology to provide LAN access to cloud solutions. Before you do, make sure you understand that if changes are made in the cloud and on a client computer at the same time, that you will end up not knowing which is right and so file-locking issues will come up. It’s best to use this strategy for home environments or come up with another mechanism for locking files. 

If you choose to use the sync option, open Package Center and search for Cloud Sync.

Click Install to install the package.

Once installed, choose the cloud you’d like to sync to your local network.

For this example, we’ll use Google Drive. Click on that option and then  when prompted, select the account to use (if you have multiple accounts you access).
 
Once you’ve selected an account, you need to give an entitlement to the Synology to sync with that api.

When prompted, click Agree.
 
Next, configure how the data will be stored on the Synology. Do so by providing a name to the connection and choosing a path on your local storage. 
 

You can also create a folder on the Synology to then share. We’ll do so here and then click OK.

Then select .which folder on your cloud volume (in this case, my Google Drive) that you want to sync and click Select. 

Select when the sync will run. In this example, every hour.

Click OK and then Next. You’ll be shown an overview of the options you selected. Click Apply.
 
And then the first sync will start.

While the sync is running, let’s click Settings and review the options for throttling speeds (so as not to destroy slower WAN links).

Click History to see logs. And viola, you now have a local copy of cloud accounts!

It’s not likely that your Synology is going to get infected with a virus of some kind. It’s also not likely that, if you’re switching to Synology from a macOS Server, that most of your clients will get infected or be using infected files. But you probably have that one Windows accounting machine in the back of the office. So you should scan your Synology routinely. To do so, Synology provides a clamav bundle, much like what I usually told people to use on macOS file servers.

To install antivirus on your Synology, open Package Center and search for antivirus. Click on Antivirus Essential and then click on Install.  

Once installed, open Antivirus Essential from the Main Menu. From here, you can perform a Full Scan, a Custom Scan (which allows you to select the shared folders to scan), or perform a System Scan (which scans everything else). To automate scans, click Scheduled Scan. 

At the Scheduled Scan screen, click Create. 

At the Schedule screen, choose the type of scan (the same options as when run manually) and when the scan should run. I definitely recommend daily scans. Then, click on OK and check the box for Enable. 

Click on Settings. Here, you can define what happens when an infected file is found (Quarantine is usually the best option as you can then click on Quarantine in the sidebar routinely to check on what files might have been moved). Whitelist allows you to define exclusions. Good files to exclude are Quickbooks files, and other files that aren’t very friendly to antivirus scanning, as they’re open a lot. And use the Update option to have the virus definitions updated before every scan. 

If you ever want to check that the definitions are indeed updated, click on Update in the sidebar. And that’s it, you’re now automatically scanning for viruses on the schedule you defined. I recommend setting a reminder to check on it every now and then. At first maybe weekly and later maybe monthly, depending on how many quarantined files are found when you check in. Just make sure the defs are up-to-date and sift through the logs every now and then and you should be good!

You can backup a Synology in a number of ways. Even if you have a local backup, you should have a backup offsite. Here, we’ll walk through backing up a Synology using Acronis True Image. Before doing so, it’s worth noting that the only things backed up this way are the ones that are by default accessible through an app, and that you’ll have to give access to each of those entitlements in order for the backup to run. These include Contacts, Photos, Videos, Calendars, and Reminders.

To get started, first go to the Package Center on a Synology. Then, search for Acronis.

At the listing for Acronis True Image, click Install. Once installed, make sure you’re accessing your Synology through the web interface directly rather than through QuickConnect. This would be http://<IPADDRESS>:5000. From there, open the Main Menu and then open Acronis True Image from there.

Now, install the Acronis Mobile app from the iOS App Store ( 

https://itunes.apple.com/us/app/acronis-true-image-mobile/id978342143?mt=8 ) on the iOS device you’ll be backing up. Once installed, open the app and tap on Back up to computer or NAS.
Then tap SCAN QR CODE.

Then provide access to the camera in order to scan the QR code. 

Then choose what you’d like to back up and tap on Back up now.

Once the backup is complete, you’ll see the backup shown on the Synology when you open up the Acronis app.

Backing up to iCloud is still the only way to get everything else. But it’s still useful in some ways (e.g. if you are a real estate agency and just want to back up Contacts and Photos in case something happens).

Synology is able to do everything a macOS Server could do, and more. So if you need to move your VPN service, it’s worth looking at a number of different solutions. The most important question to ask is whether you actually need a VPN any more. If you have git, mail/groupware, or file services that require remote access then you might want to consider moving these into a hosted environment somewhere. But if you need access to the LAN and you’re a small business without other servers, a Synology can be a great place to host your VPN services. 

Before you setup anything new, first snapshot your old settings. Let’s grab  which protocols are enabled, running the following from Terminal:

sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:enabled

sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:enabled

Next, we’ll get the the IP ranges used so we can mimic those (or change them) in the new service:

sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges

Now let’s grab the DNS servers handed out so those can be recreated:

sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index
sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index

Finally, if you’re using L2TP, let’s grab the shared secret:

sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:L2TP:IPSecSharedSecretValue

Once we have all of this information, we can configure the new server using the same settings. To install the VPN service on a Synology, first open the Synology and click on Package Center. From there, click on All and search for VPN.

Then click on the Install button for VPN. Once installed, open VPN Server from the application launcher in the upper left-hand corner of the screen. Initially, you’ll see a list of the services that can be run, which include the familiar PPTP and L2TP, along with the addition of Open VPN.

Before we potentially open up dangerous services to users we might not want to have access to, click on Privilege. Here, enable each service for each user that you want to have access to the VPN services.

Now that we can safely enable and disable each of the services, click on PPTP in the sidebar of the VPN Server app (if you want to provide PPTP-based services to clients).

Here, check the box for “Enable PPTP VPN server” and enter the following information:
  • Dynamic IP address: The first DHCP address that will be given to client computers
  • Maximum connection number: How many addresses that can be handed out (and therefore the maximum number of clients that can connect via PPTP).
  • Maximum number of connections with the same account: How many sessions a given account can have (1 is usually a good number here).
  • Authentication: Best to leave this at MS-CHAP v2 for compatibility, unless you find otherwise.  
  • Encryption: Leave as MPPE optional unless all clients can do MPPE and then you can enforce it for a stronger level of encryption.
  • MTU: 1400 is a good number.
  • Use manual DNS: If clients will connect to services via names once connected to the VPN, I’d put your primary DNS server in this field.

Click Apply and open port 1723 so clients can connect to the service. If you’ll be using L2TP over IPSec, click on “L2TP/IPSec” in the sidebar. The settings are the same as those above, but you can also add a preshared key to the mix. Go ahead and check the enable checkbox, provide the necessary settings from the PPTP list, and provide that key and then click on Apply. Note that the DHCP pools are different between the two services. Point UDP ports 1701, 500, and 4500 at the new server to allow for remote connections and then test that clients can connect.

That’s it. You’ve managed to get a new VPN setup and configured. Provided you used the same IP address, same client secret, and the ports are the same, you’ll then be able to probably use the same profile to install clients that you were using previously.

Don’t let the name fool you, RADIUS, or Remote Authentication Dial-In User Service is more widely used today than ever before. This protocol enables remote access to servers and networks and is frequently a fundamental building block of VPNs, wireless networks and other high-security services that have nothing to do with dialup bulletin boards from the 80s. 

I’ve run RADIUS services on Mac servers for years. But as that code starts to become stale and no longer supported, let’s look at running a basic RADIUS service on a network appliance, such as a Synology. To get started, open Package Manager, click All in the sidebar and then search for RADIUS. 

Click Install for the RADIUS service.

Once installed, open RADIUS Server from the application menu in the upper left hand corner of the screen.

The options aren’t like raccoon. You can select a port, choose a directory service (which covers the authentication and a bit of the authorization portions of RADIUS. Click Clients and then Add.

Here you can configure a shared secret for a client, and allow for the source IP and netmask. To grab your certificate for deployment to clients, open the Control Panel, then Security, then Certificate and export the .p12. If you’re using this RADIUS service to enable other services for Macs, you’ll likely then want to distribute that certificate in a profile. We’ll cover how to leverage RADIUS for other services in other articles.


Web services was always easy to install on macOS Server and it’s no different on a Synology. To do so, open Package Manager from the home screen.

Click All in the sidebar and enter web into the search box.

Click Web Station.

Click Install. This installs a few dependencies. Click Open once the install is finished.

Click General Settings. Note that the default web server is Nginx. You can install Apache and then Apache will be available in the HTTP back-end server list. If you’ll be using a different service (Apache) then do the switch before you proceed. 

Otherwise (or after you switch to Apache), click on Virtual Host.

Click on Create.

Click into the hostname field and provide the name of the site. The ports can stay as are unless you’d like to customize the port that a site runs on. Then select a document root. This is where you’ll place your index.html or index.php file that sits at the root of a site.

Select the back-end server (e.g. Nginx or Apache 2.4) and then the PHP Profile (I usually stick with the default profile unless I’m using a method in PHP that’s unsupported in 7.x).

Click OK. And that’s it. Put your web directory into the document root, and viola – you have a new web server.

Services that run on a Synology are constantly being updated. Software updates for the binaries and other artifacts can quickly and easily be updated. To do so, open the Synology web interface and then open Package Center. From Package Center, click Update for each or Update All to upgrade all services at once, as seen below.

You will then be prompted to verify that you want to run the update.

Any services that are being updated will restart and so end users might find those services unresponsive or have to log back in after the service comes back online.

Over the years, I’ve setup dozens of Synology Network Appliances for customers and friends. But I never thought of doing much writing in the NAS space, be it for ReadyNAS, Thecus, Buffalo, etc. The interfaces seemed to change too fast and my focus was always on the management and connectivity of Apple devices. Slowly, over the years, small business servers have gone from being something you could make a decent living to something that should probably be hosted in the cloud.

Unless you have a design requirement that just can’t work in the cloud. And for that, there are a ton of options. Today we’ll cover the basic setup of a Synology to fill one of those options. Synology has a number of models. There are those that have multiple drive bays that allow you to run a RAID 50 and there are those with just two drive bays, that allow you to run RAID 1, or 0. But most have a similar, and sleek setup process. Start by putting all the drives in the bays and then powering up your device.

When the device comes online, plug in your Ethernet cable (preferably to a gig or 10gig interface) and then open your web browser and go to http://find.synology.com. You’ll see a pretty basic screen with details about the device. Click Connect.


When prompted, click Set Up.

When prompted, install the latest security updates (note: you want to do this before you start sending sensitive credentials over the wire. It’s fast. )

This is important. Those drives you put in that Synology were empty, right? ‘Cause if you proceed here, they better be. Or they will be after. If they are empty, check the box and click OK.

At the “Create your administrator account” screen enter the hostname you want to be given to your server, a username, password, password a second time to make sure, and blood type. Wait, blood type goes on the next screen, so click Next.

Sike! No blood type required. At the superfluous Congratulations screen, click next again!

At the maintenance window, select a time that the device can install updates and reboot. Also, it’s a good idea to check both of the boxes at the bottom – S.M.A.R.T. tests don’t always save you from catastrophic data loss, but it does save you way more than if you don’t use it. And bad sector warnings aren’t good either. Click Next.

A QuickConnect account allows you to access your server remotely. That’s a great thing to have. If you have one, provide it here; otherwise, give Synology an email address and password and they’ll make it simple to manage your device remotely (which includes grabbing files off it when you’re at work, etc).

Copy that link (although it’s kinda’ easy to remember as it’s QuickConnect.to/<DEVICENAME>). 

I’m ok skipping the recommended packages, as I like to have more control of what’s installed on my devices, but if you’re just going to use a Synology as a basic file or Time Machine server and want as few steps as possible here, click Install. 

That’s it, click OK to be donezo. 

When you finally get into the main screen, notice that it’s kinda’ like a stripped down KDE interface. The main two things to know are Control Panel and Package Center. If you skipped installing some of the packages in the previous step, you’ll do that in Package Center. But first, let’s check out the global device settings by clicking on Control Panel.

At the Control Panel, the main things most users will want to do first are manage accounts and addresses (if you’re going to connect client computers to a file server, for example, you’re gonna’ want a static IP). So let’s click Network to configure a network interface. 

The General tab is for configuring your default gateway, upstream name servers, etc. Click Network Interface so we can enter a static address for a LAN interface. But before you do, take note that the Traffic Control tab provides the ability to do some basic traffic shaping if this box is going to run multiple services.
 
Let’s click on the LAN interface.

Here, you can enter the IP, subnet mask, gateway, and name server. Make sure the IP doesn’t overlap with an existing device or with a DHCP pool. I won’t go into configuring a Synology for VLAN tagging or to be a first class citizen on an 802.1x network, but note that both of those options are available here. Click OK to save your changes.

You didn’t pay good money for this thing for no reason. So next, let’s close these screens and go back to the main screen. Open Package Center. 

As you can see, there are a ton more services here than, for example, the built-in services on a macOS Server. And it’s as easy as clicking on the Install button to get started with each.