Skip to content

Mahaffey NAS

PrintTracker VM is running on the Synology NAS

  • IP address is 192.168.1.115 (at least at the time of installation)
  • Username is itadmin
  • Password is one of my main defaults
  • Need to check/verify by remoting into Dez’s computer and navigating to http://192.168.1.115:1301 in the browser

Business Use

  1. ~~MahaffeyNAS~~
  2. ~~Jeff as admin user w/ secure password~~
  3. ~~For updates:~~
  4. ~~Leave at default “Automatically install important DSM and package updates only (Recommended)”~~
  5. ~~Sign into a~~ ~~Synology.com~~ ~~account - who at Mahaffey would like to receive alerts? Ty?~~
  6. ~~Skip/do not enter QuickConnect for now~~
  7. ~~Enable Active Insight and DSM configuration backup~~
  8. ~~Decline automatic installation of default apps~~
  9. ~~Dismiss extended warranty~~
  10. ~~No Thanks to 2FA for now~~
  11. ~~Set static IP for NAS - used 192.168.1.11~~
  12. ~~Create storage pool~~
  13. ~~SHR (1 drive can fail) or SHR2 (2 drives can fail) allow for disparate drive sizes without sacrificing space until all drives are upgraded~~
  14. ~~RAID 5 allows for 1 drive to fail, RAID 6 allows for 2 drives to fail~~
  15. ~~Select Btrfs and not ext4~~
  16. ~~Encrypt or no? Do not because who knows if the key will be accessible in 10 years~~
  17. ~~Set up Data Scrubbing schedule via Storage Manager > Storage Pool > Schedule Data Scrubbing~~
  18. ~~Enable data scrubbing schedule~~
  19. ~~Repeat every 3 months~~
  20. ~~Set time grid to scrub outside of normal working hours~~
  21. ~~Set it to run later since there is no/minimal data on the storage pool~~
  22. ~~Volume 1 > Settings > Never for frequency of record file access time~~
  23. ~~Schedule a quick SMART test 1x a month~~
  24. ~~Schedule an extended SMART test 1x every 6 months~~
  25. ~~In Control Panel > Notifications > select to enable for Synology Account~~
  26. ~~Set up email for Outlook using some Mahaffey account - which one?~~
  27. ~~In Control Panel > Security~~
  28. ~~Enable 2-Factor Auth for administrator users, maybe all users depending on what they want~~
  29. ~~If don’t set up Email server in previous step, make sure Adaptive MFA is enabled~~
  30. ~~Under the Protection tab, make sure Auto Block is enabled~~
    • ~~Defaults are fine for login attempts within minutes~~
    • ~~Set unblock after to 2 days~~
  31. ~~In Hardware & Power, enable “Restart automatically when power supply issue is fixed”~~
  32. ~~Also enable WOL for LAN1 and LAN2 so either work depending on which one is plugged into~~
  33. ~~Go to Control Panel > Task Scheduler~~
  34. ~~Create a task to empty the recycle bin~~
  35. ~~Run every night~~
  36. ~~All files, Retention policy of 7 days~~
  37. ~~Go to Control Panel > User & Group~~
  38. ~~Be sure admin and guest accounts are disabled~~
  39. ~~Create appropriate group(s)~~
    • ~~Management and Employees?~~
  40. ~~Create a Shared Folder - “Shared”~~
  41. ~~Enable recycle bin for everyone (uncheck restrict to administrators only)~~
  42. ~~Do not encrypt~~
  43. ~~Enable checksum for advanced data integrity~~
  44. ~~Grant permissions based on groups and add employees to groups later~~
  45. ~~Create Management shared folder~~
  46. ~~Same settings as above, but Employees will not have access and Management will~~
  47. ~~Create user account for every person in the office and add them to the appropriate group(s)~~
  48. ~~Make their password the same password as the login for their workstation so they aren’t prompted as often for credentials?~~
  49. ~~Jennifer and Ty will be in management group - anyone else?~~
  50. ~~In Package Center, search for Snapshot Replication app and install~~
  51. ~~Open Snapshot Replication and go to Snapshots~~
  52. ~~Add all shared folders (make sure to add any new root shares to this if any are created down the line)~~
  53. ~~For the schedule settings:~~
  54. ~~Enable snapshot schedule~~
  55. ~~Daily~~
  56. ~~8 AM to 8 PM (8:00 to 20:00)~~
  57. ~~Every 1 hours~~
  58. ~~Enable immutable snapshots for 14 days~~
  59. ~~Retention settings:~~
  60. ~~Uncheck/deselect “Keep the original retention policy of the selected targets”~~
  61. ~~Enable retention policy~~
  62. ~~Advanced retention policy > Set Rules~~
    • ~~Keep all snapshots for 14 days~~
    • ~~Deselect "Keep the latest snapshot of the hour for”~~
    • ~~Keep the latest snapshot of the day for 60 days~~
    • ~~Keep the latest snapshot of the week for 52 weeks~~
  63. ~~Advanced tab:~~
  64. ~~Make snapshot visible~~
  65. Go to File Services > SMB settings
  66. ~~Change log settings to enable every event except read to track access and actions~~

  67. ~~Under the Advanced tab, enable File Fast Clone~~

    :::info To set up a shared folder that is not visible to everyone, select the checkbox to “Hide this shared folder in “My Network Places” :::

Other things to do

  1. Type up instructions for mapping share on MacOS and Windows
  2. MacOS:
    • Go
    • Connect to server
    • Enter smb://192.168.1.11 or whatever IP address it is
    • Click the + to add as favorite
    • Can also add/view from the Network view in Finder
  3. Windows:
    • Map as drive letter Z or S
    • Map Network Drive
    • Select drive letter
    • Folder in \\MahaffeyNAS\SharedFolder format
    • Re-connect at sign-in
  4. Do they want Google Drive-like functionality?
  5. Super handy, but issues with file formats when opening on web
  6. Do they want to back their computers up (Documents folder) to the NAS automatically or do they primarily work directly off of the NAS?

Back up the NAS to anything else?

Hyper backup

Remote Access

Is this something they need/want? Can leave remote access disabled to have better security.

Check to see what ports, if any, have been opened on the router.

  1. QuickConnect
  2. Proxy through Synology’s servers
  3. Does expose NAS to internet
  4. Have strong passwords, disable Admin account (done by default), have 2FA enabled
  5. Synology Drive
  6. Good for accessing files from mobile apps and syncing computer/files
  7. Limitations from editing .docx, xlsx, pptx, etc. files in Synology Drive web - they need to be converted to Synology Drive files which allows you to edit but then they are locked in that format unless you export as .docx, etc. again.
  8. Tailscale
  9. Great, maybe even best option for remote access, but costs for business use
  10. Does not require any port forwarding, could potentially be used as VPN solution for others
  11. WebDAV
  12. not going to use this
  13. OpenVPN Server
  14. May need to do this for remote admin situations, but will require opening port 1194 on Mahaffey router

Recommend Bitwarden

Need access to GoDaddy DNS to set up custom domain if interested

Can figure out phone stuff, but need “master” credentials that Tim probably uses to make most changes

Set up Active Backup for Business if they want it for PC backup

Do they want/would they use Synology Drive functionality?

Business Setup

1.