Setting up a Synology offsite backup is a great and cost-effective way to protect your data from the unthinkable.
If you have any kind of important data stored on your computer, backing up that data should be a top priority. Using a NAS or external hard drive to increase your storage space and protect against hardware failures is a great starting point. The next step is to consider a Synology offsite backup to protect your data in the event of some catastrophic loss like a fire or flood.
In a previous post, I wrote about backing up your Synology NAS using Amazon’s AWS service and Hyperbackup. Cloud storage services like AWS are fine options if you have a relatively small amount of important data to back up. Things like documents don’t take up much space so backing them up to the cloud can be cost-effective in the long run. However, once you start expanding your data storage at home, you will find that backing up your NAS to the cloud can get very expensive, very fast. Setting up a Synology offsite backup can be a much more cost-effective solution in the long run.
Cloud Offsite Backup Cost
At the time of writing this post, Synology’s own C2 cloud service is priced at $60 annually for 1TB of cloud storage. This isn’t terrible, but the price doesn’t scale well. 6TB of cloud storage will run you over $400 annually at their new Seattle datacenter (even more for their Frankfurt datacenter due to the Euro-Dollar exchange rate).
Now consider that you can buy and build (at the time of this post) a second no-frills Synology NAS and 6TB of RAID-1 storage for almost the same price. All that’s left to do is to set up remote access to your new “backup NAS”, take it to an offsite location like a friend or family member’s house, and configure your Synology offsite backup.
Cost-Effective Synology NAS
We don’t need a powerful NAS to serve as a simple backup server so stick with this build and buy whatever size drives you think you will need for your backups. The 6TB Western Digital drives below are at a great price right now.
NAS: Synology DS220j – $169 (Quad Core, 512MB DDR4)
HDD: 2x Western Digital Red 6TB NAS Drive (WD60EFAX) – $125
Going with two 6TB drives using Synology Hybrid Raid (SHR) will give us a total of 6TB of storage, with one-disk redundancy (RAID 1). If one disk fails, your data is still safe on the mirrored disk.
Prerequisites & Steps for Setting up Synology Offsite Backup
1 – You’ll need to have two Synology NAS units, your primary NAS and the offsite NAS.
2 – You’ll want to configure the offsite NAS on your main network first then move it offsite. You could also do it the other way around, and VPN into your home network from offsite to do the configuration on the primary NAS side but it’s probably best to test your new equipment at home first.
3 – Access to port forwarding on both home and offsite routers.
1 – Configure remote access to the offsite NAS.
2 – Set up HyperBackup Vault, create a new shared folder and user account on the offsite NAS.
3 – Set up HyperBackup task on the primary NAS.
4 – Create firewall exceptions and port forwards on the offsite router (and your home router if testing from home first).
Set Up Remote Access using Synology DDNS
Synology DDNS is an easy way to set up remote access to your offsite NAS if you only have one or two tasks that need to be done remotely. For a more advanced remote access configuration, check out my article on setting up a domain name with SSL for your NAS.
You might be wondering about using Synology QuickConnect and while that does work for accessing the Diskstation Manager (your NAS’ web interface), it doesn’t work with HyperBackup. Also, it sometimes acts as a relay, rather than a direct connection to the remote NAS which can result in latency and other issues.
Before you start making changes, now would be a good time to verify that you’ve taken steps to secure the offsite NAS (turn on the firewall).
Create a DDNS Entry
On the offsite NAS, start by adding a DDNS entry. Do this under Control Panel > External Access > DDNS > Add. Set the Service Provider to Synology, create a unique hostname and log into your Synology account, then you can test the connection and click OK.
You should be prompted to allow DSM to obtain and configure a free SSL certificate from Let’s Encrypt – click yes and the system will set everything up automatically. With the cert in place, you’ll have a trusted SSL when you try to access the NAS remotely over HTTPS.
If all goes well, your DDNS entry will be listed and show a “Normal” status. You can also check your free certificate under Control Panel > Security > Certificate.
Install HyperBackup Vault
HyperBackup Vault is a simple app that you can install on the offsite NAS to easily see your backup tasks, logs, statistics and other useful things. Install it from the package center.
Create a New Shared Folder
Create a new Shared Folder on the offsite NAS called “HyperBackup” or whatever you want. You don’t need to mess with any permissions on this end since we will be explicitly specifying permissions for the backup user account.
Create a Backup User Account
Creating a specific user account just for HyperBackup to access the offsite NAS is a great idea and follows best practice when it comes to security. Create a new user (it doesn’t have to be in the administrator group). The user account should only have explicit read/write access to the share that we created earlier and should also have access to the HyperBackup Vault application.
HyperBackup Task – the Key App for Synology Offsite Backup
Download and install HyperBackup on the primary NAS if you don’t already have the package. This is the app that really makes the Synology offsite backup work. Its a smarter version of rsync that also provides versioning. Inside the app, click the plus (+) sign at the bottom left and select Data backup task. Select Remote NAS Device and click Next.
On the next page, specify your DDNS name for the server name field, turn on transfer encryption and click the Trust button. You should get a green “Pass” result for certificate authentication. This means the hyperbackup transfer to your offsite NAS will be encrypted in transit.
The default port can be changed or left as-is. Just be sure to make a note of the port number if you change it.
Enter your backup user account and password (created earlier) and click the drop down for Shared folder. The setup wizard will connect to the offsite NAS and return a list of shared folders available to the backup user, which ideally should just be the one you created for this task.
Lastly, enter a name for the directory where the backup task data will be stored. I like to make this directory the same name as the task description to keep things consistent.
On the next two pages, you can choose any shared folders and /or applications on the primary NAS that you would like to backup to the offsite NAS.
On the next setup page, you will specify the task name and options.
Note – If security at your offsite location is an issue, I would suggest enabling client-side encryption if you want to ensure your backups are password protected at the remote site. Be sure to safely store the password and .pem key because if you lose both, you will not be able to access your backups!
The last page is where you will set your rotation policy. I recommend using Smart Recycle and changing the “max number of kept versions” number until you find a timeline that suits your needs. The backup is incremental, meaning after the first full backup is created, only new data is backed up as a version. Smart Recycle removes older versions once it reaches the maximum number specified. It also keeps a higher number of recent versions, and fewer long-term versions so you have a good mix of restore options should you need them.
If you’ve turned on the NAS Firewall (and you should) you will need to allow at least two specific ports through the firewall. The first is for remote management. If you want to remotely manage the offsite NAS through HTTPS on the DSM web interface, you’ll need to enable the HTTPS port for DSM.
By default, this is 5001 but you can change it to something non-standard for additional security (control panel > network > DSM settings). Be sure to allow this same port through the NAS firewall.
The second port to allow through is the one you specified for HyperBackup when you created the backup task on the primary NAS.
Lastly and once again, read up on how to enable the built-in firewall on your offsite NAS. I’m not linking this article three times just to get clicks. It really is important that you understand that you are allowing some incoming traffic to be forwarded from your router to the NAS. It is critical to have the firewall turned on. Beyond these two ports, there are other settings you should be enabling and you should also be filtering by country if possible.
You will need to forward the two ports (HTTPS and HyperBackup) on your offsite router (and also your home router if testing from home first).
Make sure they point to the local IP address of your offsite NAS and your Synology offsite backup should be good to go! Also, it goes without saying but definitely set a static IP or DHCP reservation for your offsite NAS.
Housekeeping Tips & Potential Issues
Unfortunately, some residential ISPs may have a data cap – be sure to verify this before you start sending tons of data to your offsite location. You don’t want your family or friends to be over their limit because your NAS sent a terabyte of data through their connection in one day.
It would be beneficial to set up some reporting and email notifications on the offsite NAS. The Storage Analyzer package can be configured to generate a report and email you a link when done. This way you can keep track of the offsite NAS capacity over time.
Power surges or quick power outages are not as damaging to a RAID1 array as they are to disk arrays with parity. That said, it wouldn’t hurt to pick up a small UPS unit to protect against power surges and short power outages: APC UPS 600VA Battery Backup & Surge Protector – $60
No-Frills NAS: Synology DS220j – $169 (Quad Core, 512MB DDR4)
HDD: 2x Western Digital Red 6TB NAS Drive (WD60EFAX) – $125
Cost-effective External Drive: Western Digital 5TB Elements – $105
UPS Backup: APC UPS 600VA Battery Backup & Surge Protector – $60
Products mentioned are available through affiliate links at no extra cost to you. Using these affiliate links to purchase helps support the blog and allows me to bring you new content. Thank you!
Amazon Associate Program: As an Amazon Associate I earn from qualifying purchases.