Synology

For information of Sinology, Chinese Studies, see here.

Synology Inc
群暉科技

Type	Network-attached storage
Operating system	Linux
CPU	PowerPC, ARM, Marvell, Intel Atom
Connectivity	100BASE-T, 1000BASE-T

Synology Inc (Chinese: 群暉科技), founded in April 2000, is a Taiwanese company that produces network attached storage appliances for the SOHO and SMB/SME.

Synology products are distributed worldwide and localized in several languages.

Product Series (Hardware)

Three main product lines target the home, home/small-offices and fairly large businesses. The operating system is based on Linux kernel 2.6 GPL Linux.^[1][2][3] Hardware components, including CPU type and model, vary across the product range.^[4] As with most NAS, emphasis is put on energy, size and reliability. Windows, Mac OS X and Ubuntu clients are supported via common network protocols (SMB/CIFS, FTP, AFP, NFS, WebDAV), using UTF-8 character encoding for compatibility. Native client applications are less notable than the comprehensive AJAX-based web interface and out-of-the-box Telnet and SSH support.

DiskStation

The DiskStation is a single, dual, quad or five bay enclosure, slightly larger than the hard drives it contains. DiskStations supports several terabytes of combined storage depending on the model. Higher-end models add features such as Hot-Swap Hard Drives and dual Ethernet connections for fail-over and aggregation.

RackStation

The RackStation is quad-bay 1U or 2U Rack Mount storage server, designed to be installed in a Rack Mount Environment. This higher-priced line offers most features.

USB Station 2

The USB Station 2 is a mini NAS server equipped with the Synology DSM. It does not have hard drive slot but can be connected with an external USB storage device. By accessing the DSM on the USB Station 2, it can then stream and download digital files via DLNA/UPnP support within the LAN and on the Internet. It can also act like a device to share printers.

Expansion Units

Expansion units can be attached to selected DiskStation/RackStation to scale up storage capacity. Depending on the model type, the connection between the main unit and the expansion unit is bonded with either eSATA cable or InfiniBand. eSATA cable offers 3GB/sec connection and InfiniBand provides 12GB/sec throughput.

The Rack Station

General Similarities

Except for the USB Station line, most Synology devices have the same features one would expect on a traditional LAMP server: firewall with port forwarding, DDNS, SSL encryption, user/group privilege management, rsync (as client and server), web server, PHP/MySQL, ADS integration, various RAID modes, SNMP, iSCSI targets, mail & print server, power saving and HDD hibernation, UPS-integration, etc.

More esoteric features include file sharing clients for BitTorrent/eMule/NZB, IP camera surveillance, smart-phone integration, Wifi dongles. Differences between models mainly lie in the amount of performance or storage capacities which are required by the user. All products have an Ethernet and USB port, while some models feature an eSATA port for connecting external hard drives. Synology NAS units do not ship with hard drives by default; instead customers are presented a list of recommended models/brands they'd purchase separately.

Most models allow chain-linking to increase storage space and performance.

Processors

All newer NAS devices produced by Synology are based on either Intel Atom or Marvell Kirkwood CPUs, with the exception of a few high-end models containing an Intel x86 desktop CPU. Older models often contains a Freescale or XScale CPU. The ARM-based CPUs can be limited in processing power; see encryption below.

Encryption Performance

The Marvell CPUs used in many Synology NAS devices have vector instructions for hardware AES processing. The performance of these instructions can be benchmarked with OpenSSL, in the Marvell CPUs it is around 21MB/s. Because the software is not efficient enough to keep the AES processing part of the CPU occuppied at all times, the performance available to the end-user will be around half of that, 10MB/s.

Most of the other components in a Synology NAS will perform around the 100MB/s mark. Newer models contain a Gigabit Ethernet NIC, and modern harddrives delivers around 75-150 MB/s, depending on where the head is positioned on the platter. Thus, by enabling encryption on low end Synology devices, even with hardware AES support, performance will be degraded by 90%.

The datasheets for the Marvell-based products typically list both performance around or above 100MB/s and AES hardware encryption, however these two features are mutually exclusive given the hardware limitations in these devices.

The AES performance of the Intel Atom-based NAS devices produced by Synology can also be measured with OpenSSL. For many of the devices, it is about the same as for the Marvell CPUs.

The Marvell CPUs are capable of processing AES-256-CBC at the same speed as it can AES-128-CBC, but the DSM software used in Synology devices limits encrypted shares to only AES-128-CBC.

Encryption Implementation

Synology NAS devices uses per-share encryption with eCryptFs, as opposed to per-volume encryption with LUKS. This allows the devices to mix-and-match encrypted and non-encrypted shares on the same volume.

One disadvantage of share-based encryption is that some information leaks from the encrypted filesystem onto the volume filesystem. In particular, file sizes and the number of files in each directy is readily visible, even when the encrypted share is not mounted. If an attacker can guess what some of the files on an encrypted share is based on eg. their size, this makes recovery of the encryption key via a known-plaintext attack readily feasible.

Another problem with encryption as it is used in Synology devices is that many of these devices create a swap partition when installing DSM. Using encrypted volumes/shares and swap or hibernation together is a big no-no, since the encryption key will at some point leak onto swap and be readily recoverable from there.

A third problem with encryption on these devices is that they per default store a backup copy of the encryption key in unencrypted form in the folder /usr/syno/etc/.encrypt, as can be seen by logging in on a device with SSH after creating or mounting an encrypted volume.

Community Interaction and Contribution

Synology NAS devices support third party applications.^[5] Third-party applications are either written in interpreted languages like PHP, and are portable across models, or are compiled into binary format. Installers using the SPK format ^[6] can be installed from the web UI itself.

For a programmer to bootstrap^[7] a unit is neither illegal, risky nor complicated. SSH is available as are development tools and APIs, with a mild legal disclaimer but no threats. The USB Station 2 unit does not facilitate bootstrapping due to its read-only file system, however unofficial firmware has appeared in order to make ipkg available.^[8]

References

1. Linux-based NAS gains UI update
2. Linux gains new architecture support
3. Synology Inc. - NEW NAS Experience - Request GPL Source
4. http://forum.synology.com/wiki/index.php/What_kind_of_CPU_does_my_NAS_have
5. http://www.synology.com/apps/3rd_party.php
6. http://forum.synology.com/wiki/index.php?title=Synology_package_files
7. http://forum.synology.com/wiki/index.php/Overview_on_modifying_the_Synology_Server,_bootstrap,_ipkg_etc
8. http://synology.itolosa.com/

External links

• Synology Inc.
• Synology Wiki
• Synology Official Forum
• Synology Latest Magazine Reviews

Product reviews

• Synology DS409slim at IT Reviews, received Recommended Award
• Synology Disk Station 101g+
• Synology Disk Station DS207
• 1-Bay SATA NAS Server from Synology: Disk Station DS107+ Review
• Synology DS207 Review:Feature-packed NAS for business and pleasure
• Synology DSM 3.1 Software used on all Diskstations
• Synology Disk Station DS107 Series: Impressive, Versatile NAS
• Synology DiskStation DS-106e
• Synology Disk Station DS-509+ (German, first impression)