In this tutorial, we will learn how to create an Azure cloud storage account so that we can back up Synology NAS data from Hyper Backup. Thus, the data stored locally on the NAS will benefit from an outsourced backup, which will make it possible to protect itself in the event of a major incident: fire, electrical overload, corruption of the storage space, etc…
Hyper Backup is an official Synology application for backing up data, application settings, and system settings to an external source. : another Synology NAS, USB disk or cloud storage provider. The application includes planning and retention management features (number of versions to keep). If you only want to sync content from your NAS to the cloud, look to Synology’s Cloud Sync app instead.
Of course, Azure cloud storage is paid and the price will depend on the volume of data, the type of redundancy, the region chosen but also the type of access level (cold, hot). You can use the official calculator to get an idea of the price (link below). Here is an example, but check for yourself as prices may change.
II. Prepare the Azure environment
Log in to the Azure portal (portal.azure.com), and create a new storage account by going to the section named this way and clicking the “Create“.
Choose a subscription, and create a new resource group, for example “NAS_Synology“.
Name this new storage account, for example “syno” (this name must be unique) and choose the region, so the ideal is to take in France if it is available. Since this is a storage account for backups, we can use “Standard“for performance and”Locally redundant storage (LRS)” for redundancy, in order tooptimize costs.
I won’t go through all the options, but draw your attention to some that I think are important.
In the rest of the configuration, choose “Cold” as an access level, again with the aim of optimizing costs. The more redundant and efficient the storage must be, the higher the price will be: this is not relevant for an outsourced backup.
For now, keep network access mode”Enable public access from all networks” and we will see later to refine this access.
Continue until the storage account is created. When it is created, navigate to this new resource.
Now we will configure the firewall of this storage account to allow access only from the public IP address used by the NAS. This is a way to limit access to this storage account. Click on “Networking” on the left (1), choose “Activated from selected virtual networks and IP addresses” (2), then under the firewall section, provide the public IP address of the NAS or check the option “Add your client’s IP address” (3) if it is on the same network as the PC you are using to configure. Click “To register” to validate (4).
Finally, we need to create a new container within this storage account. On the left, click “Containers” (1) then on the button “Container” (2) to create a new container.
A window appears on the right: give a name to this container and keep the access level on private. Validate.
Before proceeding to the NAS configuration, click “Access keys” on the left and copy the key “key1” because it will be used to authenticate on the Azure storage account.
Let’s move on to setting up the NAS.
III. Create Hyper Backup backup task
Log in to the DSM interface and open the Hyper Backup app. If needed, you can install it from the Package Center if you haven’t already. Click the “+” then on “Data backup task“.
As for the destination, select “Microsoft Azure” without surprise.
This is where you configure the connection to Azure. The service provider will of course be Microsoft Azure. Provide the storage account name and Access Key, which is the access key corresponding to the value of Key1 on the Azure interface. The wizard will establish the connection to Azure… If it works, your container will be displayed in “Container name“: choose the container created previously. For the name of the directory, you can adjust it to provide precision on the content of the backup.
Then you must select directories to back up in the Microsoft Azure cloud.
In the next step, it’s about backing up apps. I recommend you to select Hyper Backup, but also other critical applications you might use like Synology Drive Server or Synology Photos. This allows to save application settings, but also its data (depends on applications), for example the “photo” folder of Synology Photos.
Let’s continue with the name of the task, but also the planning: it’s up to you to adjust according to your needs. To secure your data and protect your backups, I recommend enabling the “Enable client-side encryption” and define a protection password. You must store it in a secure link, because without it impossible to restore a backup !
On its website, Synology states:Hyper Backup encrypts backed up data with a version key and military-grade AES 256-bit encryption technology. A version key is randomly generated for each version each time a backup job is started. Therefore, each backup version has a unique version key. Subsequently, the created version key is encrypted by ECC Curve25519 encryption technology and stored in the destination after the backup task is completed. ECC Curve25519 technology is an asymmetric encryption algorithm: a public key is used to encrypt the data and only a private key can decrypt the data.“
Last step, the rotation parameters. By checking the option “Enable backup rotation“, you can choose a number of versions to keep. Obviously, the more versions you keep, the more space it will consume in the Azure storage account, and the more it will cost.
Finalize the creation of the task, and you have the possibility of starting it in stride. Then all you have to do is wait while the NAS works… The backup content is “visible” in the Microsoft Azure interface, inside the container.
Depending on the amount of data to be backed up, the first backup will take a long time. The Hyper Backup dashboard allows you to track the status of the backup job.
If you click on the button “Version list“, we can see the different backups and browse them with the aim of restore one or more files. If you have enabled client-side encryption, it will be necessary to enter the secret key before being able to view the backups. This is a plus in terms of security.
From now on, you will benefit from an outsourced backup of your Synology NAS data! Remember to monitor the costs on the Microsoft Azure side to avoid unpleasant surprises at the end of the month. I recommend that you take it easy on retention and adjust over time to control your budget.
#Synology #NAS #Azure #Cloud