mbennett Posted August 18, 2021 Report Share Posted August 18, 2021 Good Morning, I have been engaged in a long project to design a way to harden a Synology NAS so it can be used with Retrospect to make it ransomware-proof. I decided early on that I should make notes. Good thing. This is the result of months of work, and I hope it's useful to many users and dealers. Please leave notes and critiques, which I'll try to address as we go along. Good Luck, Mark Hardened Synology NAS.pdf 1 Quote Link to comment Share on other sites More sharing options...
DavidHertzberg Posted August 19, 2021 Report Share Posted August 19, 2021 (edited) mbennett, Magnificent job, which I'm not worthy to judge. 😁 (I back up my little home installation to 1 of 3 alternative portable USB3 HDDs, transporting the latest-week's HDD to my bank safe deposit box once a week. I don't have a NAS. My 2020 Mac "backup server" is never booted except when It's in use for backup, and it can only be accessed via my LAN, so I don't worry much about ransomware.) Your ransomware-proofing solution is IMHO much better than the new feature on pages 5–7 of the Retrospect Windows 18 User's Guide, because it isn't tied to the speed of communication to and from a cloud provider. Moreover it IMHO goes a long way towards solving the data-theft problem described by Malcolm McLeary starting with this post in his July 2020 thread. However its discussion in this thread seems IMHO to raise a Forums problem, because Retrospect "Inc." is now a subsidiary of StorCentric—whose Drobo and Nexsan and Vexata NASes are competitors of Synology. My personal experience is that the head of Retrospect Tech Support looks very unfavorably—to the extent of deleting posts—upon any Forums discussion that casts "aspersions" on either Retrospect "Inc."'s employees or the competitiveness of its products. That's why I never fully name any competitor's backup software unless it has also been named in a "Competitive Analysis" article in the "White Papers" section of the Retrospect Knowledge Base. Will he now look unfavorably on any thread that discusses a NAS product that is a competitor of StorCentric products? 😕 My suggestion is that you therefore convert your OP in this thread into a feature request Support Case. Here's how to do that. For the "description of your issue" you could copy the first full sentence of your OP, followed by the full URL link to your .PDF and the 2nd through 4th paragraphs of the "Introduction - Why?" section in it, and end with a request that the equivalent capability be added to StorCentric's LAN software. You can then add another post in this Forums thread giving your assigned Support Case number, even though we other non-Retrospect-"Inc." peasants will not be able to view it. That way we can artfully frame any further posts in this thread as if they are intended to apply to the StorCentric feature request, even though they may regrettably 🤣 also apply to the Synology version of your project. And the StorCentric feature request wouldn't IMHO be asking for the Moon. StorCentric's Data Mobility Suite, announced in October 2020, supports MinIO—which the 5th paragraph of the "Introduction - Why?" section in your .PDF says is what you chose to use to create an internal cloud device. Edited August 30, 2021 by DavidHertzberg Replace "nuisances" with "peasants" in 4th sentence of next-to-last paragraph. Quote Link to comment Share on other sites More sharing options...
mbennett Posted August 19, 2021 Author Report Share Posted August 19, 2021 10 hours ago, DavidHertzberg said: mbennett, Magnificent job, which I'm not worthy to judge. 😁 (I back up my little home installation to 1 of 3 alternative portable USB3 HDDs, transporting the latest-week's HDD to my bank safe deposit box once a week. I don't have a NAS. My 2020 Mac "backup server" is never booted except when It's in use for backup, and it can only be accessed via my LAN, so I don't worry much about ransomware.) Your ransomware-proofing solution is IMHO much better than the new feature on pages 5–7 of the Retrospect Windows 18 User's Guide, because it isn't tied to the speed of communication to and from a cloud provider. Moreover it IMHO goes a long way towards solving the data-theft problem described by Malcolm McLeary starting with this post in his July 2020 thread. However its discussion in this thread seems IMHO to raise a Forums problem, because Retrospect "Inc." is now a subsidiary of StorCentric—whose Drobo and Nexsan and Vexata NASes are competitors of Synology. My personal experience is that the head of Retrospect Tech Support looks very unfavorably—to the extent of deleting posts—upon any Forums discussion that casts "aspersions" on either Retrospect "Inc."'s employees or the competitiveness of its products. That's why I never fully name any competitor's backup software unless it has also been named in a "Competitive Analysis" article in the "White Papers" section of the Retrospect Knowledge Base. Will he now look unfavorably on any thread that discusses a NAS product that is a competitor of StorCentric products? 😕 My suggestion is that you therefore convert your OP in this thread into a feature request Support Case. Here's how to do that. For the "description of your issue" you could copy the first full sentence of your OP, followed by the full URL link to your .PDF and the 2nd through 4th paragraphs of the "Introduction - Why?" section in it, and end with a request that the equivalent capability be added to StorCentric's LAN software. You can then add another post in this Forums thread giving your assigned Support Case number, even though we other non-Retrospect-"Inc." nuisances will not be able to view it. That way we can artfully frame any further posts in this thread as if they are intended to apply to the StorCentric feature request, even though they may regrettably 🤣 also apply to the Synology version of your project. And the StorCentric feature request wouldn't IMHO be asking for the Moon. StorCentric's Data Mobility Suite, announced in October 2020, supports MinIO—which the 5th paragraph of the "Introduction - Why?" section in your .PDF says is what you chose to use to create an internal cloud device. David, Since Retrospect specifically documents support for competing NAS products in the knowledgebase, including Synology and QNAP, I think I'm pretty safe. Those two companies own a huge share of the consumer NAS market, so I'm pretty sure that a lot of users and dealers are already using them. If the forum admins take this down I'll just post it on my own website and let people search for it and find it. We're all on the same side in this war, offering alternative ways of securing data and backups. This is just one more tool, one more approach. If it's found and used successfully it only enhances Retrospect's capabilities, which is good for StorCentric. The NAS business seems to be extremely competitive. Drobo has a lot of good hardware diagnostics features. If Drobo wants to send me a free NAS to play with I promise I'll write up a similar treatment. (This is me holding my breath.) Nexsan is much more geared for enterprise or large business environments from my casual observation. I watched a terrific on-line demo a couple of months ago and immediately passed a link along to some people who I thought might be good prospects. I don't know anything about Vexata. The way I look at it Retrospect should be a big tent supporting multiple hardware devices, which it does now. Hope it stays that way. Mark Quote Link to comment Share on other sites More sharing options...
DavidHertzberg Posted August 20, 2021 Report Share Posted August 20, 2021 On 8/19/2021 at 11:32 AM, mbennett said: David, Since Retrospect specifically documents support for competing NAS products in the knowledgebase, including Synology and QNAP, I think I'm pretty safe. Those two companies own a huge share of the consumer NAS market, so I'm pretty sure that a lot of users and dealers are already using them. If the forum admins take this down I'll just post it on my own website and let people search for it and find it. We're all on the same side in this war, offering alternative ways of securing data and backups. This is just one more tool, one more approach. If it's found and used successfully it only enhances Retrospect's capabilities, which is good for StorCentric. The NAS business seems to be extremely competitive. Drobo has a lot of good hardware diagnostics features. If Drobo wants to send me a free NAS to play with I promise I'll write up a similar treatment. (This is me holding my breath.) .... The way I look at it Retrospect should be a big tent supporting multiple hardware devices, which it does now. Hope it stays that way. Mark mbennett, Your OP asked for notes and critiques. You're not going to get them as easily if the head of Retrospect Tech Support, acting on what he perceives to be Retrospect "Inc." policy, takes this thread down. The following is an explanation of why I think that's a possibility, unless you turn your OP into a Support Case as I suggested above: First, let's apply some "kremlinology" techniques to the evidence for "Retrospect specifically documents support for competing NAS products in the knowledgebase, including Synology and QNAP". The applicable Knowledge Base articles are all under "Cloud Backup", which is of course the crystal-clear place any administrator would know to look 🤣. They are "Cloud Backup - How to Set Up Synology for Cloud Backup" and "Cloud Backup - How to Set Up QNAP for Cloud Backup" A sidelight is that the second article says "Retrospect needs three pieces of information to access Synology:"—even though the article is supposed to be about QNAP, revealing an oversight by the engineer who adapted the first article to create the second article 🤣 . For good measure there are also the KB articles "Cloud Backup - How to Set Up Minio for Cloud Backup" and "Cloud Backup - How to Set Up Zenko for Cloud Backup". All four of these articles are substantially copies of one another; all four refer in their leads to Retrospect 15.1 and were last updated in May 2018, 13 months before Retrospect Inc. was merged into StorCentric. Second, let's extend the "kremlinology" techniques past the June 2019 merger to the KB article "How to Set Up Drobo for Retrospect Backup", which is listed under "Top Articles" and was last updated in May 2020. Its section "Retrospect Setup: Add Drobo as a Destination" links to the YouTube videos "Retrospect for Windows: Setting up a NAS as a Backup Destination" and "Retrospect for Mac: Setting up a NAS as a Backup Destination". Its section "Retrospect Setup: Add Drobo as a Source" links to the YouTube videos "Retrospect for Windows: Setting up a NAS as a Backup Source" and "Retrospect for Mac: Setting up a NAS as a Backup Source". Those same four videos are listed under "Legacy Win—Getting Started" and "Legacy Mac Tutorials—Getting Started". If you watch them, they are obviously pre-merger videos into which the narrator—the head of Retrospect Tech Support—has post-dubbed the phrase "such as a Drobo" into his first sentence. Think about the StorCentric pressure that must have led to the post-dubbing of those videos and their classification as "legacy"; then think how it might apply to this thread. Quote Link to comment Share on other sites More sharing options...
mbennett Posted August 20, 2021 Author Report Share Posted August 20, 2021 15 hours ago, DavidHertzberg said: Your OP asked for notes and critiques. You're not going to get them as easily if the head of Retrospect Tech Support, acting on what he perceives to be Retrospect "Inc." policy, takes this thread down. David, I'm not soliciting hysteria over whether the post should have been made. Rather, I was more interested in a productive discussion about factual or procedural errors or improvements. AFAIK this post does not violate Forum rules, and this and and other similar posts should be encouraged because it expands the functionality of the product. You personally display a deep distrust and dislike of Retrospect and StorCentric, which is a recurring theme in nearly every one of your posts. Why are you here? Just asking, but I read a lot of your posts and they're nearly all non-responsive. It's interesting in a weird way. Mark 1 Quote Link to comment Share on other sites More sharing options...
mbennett Posted August 20, 2021 Author Report Share Posted August 20, 2021 I found one mistake or at least an omission in my original document, where I made a statement that Synology does not team network interfaces. Some of their models do offer link aggregation, and you can find more information on that here. https://kb.synology.com/en-my/DSM/help/DSM/AdminCenter/connection_network_linkaggr?version=6 If you try this and test it, it would be very interesting to read details on exactly how you configured it, especially it if results in overall backup speed improvement. Mark Quote Link to comment Share on other sites More sharing options...
mbennett Posted August 21, 2021 Author Report Share Posted August 21, 2021 David Why don't you stick to the subject of this thread, which it so happens is not a personal grudge you have against Retrospect that dates back to 2017? It's because you have absolutely no pertinent information or knowledge of this subject at all, as you admitted in your first response. Start your own forum thread and beat that dead horse once and for all, leave this topic to those who are interested in the subject. Mark 1 Quote Link to comment Share on other sites More sharing options...
DavidHertzberg Posted August 22, 2021 Report Share Posted August 22, 2021 On 8/21/2021 at 5:12 PM, mbennett said: David Why don't you stick to the subject of this thread, which it so happens is not a personal grudge you have against Retrospect that dates back to 2017? It's because you have absolutely no pertinent information or knowledge of this subject at all, as you admitted in your first response. Start your own forum thread and beat that dead horse once and for all, leave this topic to those who are interested in the subject. Mark But I do have a fair amount of knowledge on what in reality is now going to be allowed for posts on these Forums—based on what's actually been done since June 2019 to the Knowledge Base and Tutorials on the official Retrospect website. That's why I'm concerned that you may find this thread locked by the head of Retrospect Tech Support because its topic seems exclusively about what you've been able to do with a NAS brand that competes with Drobo. Having that happen is not going to help the adoption of the protection against ransomware you're worthily advocating. All I'm suggesting is that you put a different spin on the topic. Make it sound like "this is what I've been able to do with Retrospect and a popular brand of NAS to make it ransomware-proof; what are your notes and critiques relating to how what I've done can be perfected and extended to Drobo?" You're ignoring the fact that the Retrospect Inc. no longer exists; it's become Retrospect "Inc."—a wholly-owned subsidiary of StorCentric. As a result, the employees of Retrospect "Inc." have made "improvements" to the website that seem designed to curry favor with their ultimate bosses—even though the "improvements" are IMHO unhelpful to the product their subsidiary sells. Although he'd no doubt personally regret doing so, it's possible the head of Retrospect Tech Support might decide that allowing this thread to keep going—no matter how beneficial to Retrospect as a product—might endanger his 27-year-old job. Employees fearing the effects of a corporate merger often maneuver to protect their own jobs; I'll tell you in a PM about a personally-experienced case of such a maneuver that predictably hurt the merged company. But first, a little full disclosure; both yours and mine. Per your profile URL, you're what Retrospect Inc. has long called a Partner; you sell Retrospect, along with a wide range of other software, to businesses in Southwest Missouri.. I, OTOH, am a retired applications programmer; I used Retrospect Mac from 1995—including backing up a work-provided Windows 95 home desktop— until 2010 when my "backup server" machine died of old age, and again from 2015—when I inherited another "backup server" machine—through today. Now let's proceed to my "personal grudge" about unnecessary -530 errors not having been fixed. I'm not the only administrator who's had a problem with such errors; there have been a total of 42 Forums threads (reverse-date-sorted) about them. Of the 3 threads in which I was the OP, only this most-recent one deals with the still-un-fixed bug I discovered on 30 January 2017 (the 2 preceding ones turned out to have been caused by a problem that Retrospect Inc. couldn't possibly have fixed). The 4 threads more-recent than that thread have many replies; the most-recent one (like 2 of the others it's about Retrospect Windows)—started on 5 October 2019—has 82 replies, only 28 of which are mine. One of my replies in that thread began: Quote I understand your frustration, but IMHO calling the -530 error a "self-inflicted wound" is a bit unfair to the Retrospect engineers. The Multicast access method used to work beautifully, at least for me using Retrospect Mac from 1995 to early 2017. However if you read the first expert-quoting section in this post earlier in the same Forums thread I linked to in my preceding post, you'll see that Retrospect's version of Multicast seems to have recently stopped working reliably because of "improvements" in networking hardware (my situation) and/or software (your reported situation). IMHO the Retrospect engineers should at most be faulted for not having done a really thorough investigation of my -530 problems as reported in Support Case #61302 (in which my March 29, 2019 00:38 Additional Note is a copy of the same post section I linked to in the third sentence of this paragraph), and then not having faced up to the need to revise Retrospect's method of Multicasting (e.g. to use mDNS as the Ars Technica expert suggested). Of course in 2018-2019 the Retrospect engineers had many enhancements on their agenda, which Product Management undoubtedly considered to be more urgent than an extensive effort to fix -530 bugs that only some administrators were experiencing. .... But if the engineers can't fix the unnecessary -530 errors, why haven't they enhanced this existing Knowledge Base article to describe the circumstances in which the administrator can eliminate—or at least workaround—the -530 error and the circumstances in which he/she can't? Even better, why haven't they spelled out in the User's Guides the circumstances in which the Multicast access method won't work for a "client" connection? Are they afraid to say when a glorious Retrospect feature doesn't work any more? Quote Link to comment Share on other sites More sharing options...
Mayoff Posted August 23, 2021 Report Share Posted August 23, 2021 On 8/18/2021 at 9:46 AM, mbennett said: Good Morning, I have been engaged in a long project to design a way to harden a Synology NAS so it can be used with Retrospect to make it ransomware-proof. I decided early on that I should make notes. Good thing. This is the result of months of work, and I hope it's useful to many users and dealers. Please leave notes and critiques, which I'll try to address as we go along. Good Luck, Mark Hardened Synology NAS.pdf Thank you for the thoughtful and well details article. I am sure other users will find it helpful. side note: I see some access keys and secret keys in the article. I assume those are generic and do not expose anything private. And for the record, we fully support most models of NAS devices and that will never change. We want users to have the most flexible backup storage solutions available. 1 Quote Link to comment Share on other sites More sharing options...
mbennett Posted August 23, 2021 Author Report Share Posted August 23, 2021 3 hours ago, Mayoff said: Thank you for the thoughtful and well details article. I am sure other users will find it helpful. side note: I see some access keys and secret keys in the article. I assume those are generic and do not expose anything private. And for the record, we fully support most models of NAS devices and that will never change. We want users to have the most flexible backup storage solutions available. I'd like to point out that I asked for and received help from Retrospect Support dozens of times during this project, mostly in the early phases. While I didn't always get the answer I wished for I always got an answer, so I knew where the lines were drawn and what could and would work. It helped immensely to move the project along, and I thank them again. They may not have been exactly aware of the full scope of what I was attempting, but certainly new the arena I was working in. Mark Quote Link to comment Share on other sites More sharing options...
Mayoff Posted August 24, 2021 Report Share Posted August 24, 2021 I made sure the Retrospect Product Manager saw your document. 1 Quote Link to comment Share on other sites More sharing options...
DavidHertzberg Posted August 27, 2021 Report Share Posted August 27, 2021 On 8/24/2021 at 9:35 AM, Mayoff said: I made sure the Retrospect Product Manager saw your document. Would the Retrospect Product Manager be J.G.Heithcock or Brian Dunagan? Or somebody higher up in StorCentric? Whoever he/she is, I'm glad this thread is still un-deleted and un-locked. Sorry if my pessimism about that disturbed mbennett. On 8/20/2021 at 1:00 AM, mbennett said: Quote David, .... .... You personally display a deep distrust and dislike of Retrospect and StorCentric, which is a recurring theme in nearly every one of your posts. Why are you here? Just asking, but I read a lot of your posts and they're nearly all non-responsive. It's interesting in a weird way. Mark I just went through my Contents since 1/1/2021, and here's a tally of my "non-responsive" responses—one category for each thread in which I posted: Procedural suggestions derived from Retrospect documentation: 7 Spammer confrontations (I also reported the spam posts—which were deleted by R.T.S.): 2 Retrospect documentation citations that didn't require procedural suggestions: 7 Retrospect version upgrade suggestions: 6 Retrospect feature request suggestions: 2 Hardware suitability guesses: 1 Procedural suggestions going beyond Retrospect documentation: 8 Retrospect bug identifications with suggestions to file a Support Case : 7 macOS bug identifications (in old version, for administrator information): 1 To answer mbennett's question I quoted, I'm here because—for at least the last 4 years—nobody from Retrospect Tech Support has been routinely posting such responses to Forums threads (presumably because of R. T. S. being short of staff). For most of the threads, the responses I've posted have been sufficient. For the remainder—ones where my OS knowledge or Retrospect experience weren't sufficient—my responses have been supplemented primarily by responses from two British administrators and a Swedish administrator. But—unlike me—those people aren't retired, so their time is limited and they're happy to let me handle the easier responses. mbennett used to do some Forums responding, but—excepting this thread—he has to handle Retrospect-related problems when he can charge his customers for assistance time (from 1964–69 I used to do that for defense and NASA contractors running project scheduling and costing apps at the "IBM mainframe" computer service bureaus where I worked). 😎 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.