Active Backup, Snapshot

Currently reading
Active Backup, Snapshot

11
0
NAS
720+
Router
  1. RT6600ax
Operating system
  1. Windows
Mobile operating system
  1. Android
I'm just getting started using Active Backup for Business (ABB) and I'm confused if I'm protected against Ransomeware. Here's my setup (gonna be brief for simplicity)

I have a server (windows 2016), synology A and synology B.
I have synology A setup with ABB getting daily backups from the server. This is working well, no problems.

I want to Ransomeware protect these backups using synology B. I installed Snapshot Replication on both and on synology A, I setup a replication task. Under Schedule, I set it to run Daily at 3AM and checked Immutable snapshots (for testing I set the Proectection Period to 1 day). I didn't do anything under Snapshots.

I run this task and a Read Only folder is created on synology B.

Q: Is this folder on synology B immutable? I did try and delete one of the subfolders and got a message "...this user account has not been assigned proper privileges to perform this action."

When I go back to synology A and click on Snapshots, the ABB folder has "Replicated" next to it. When I look at the Snapshot List, I see 1 entry, but the immutable snapshots column is blank.

Any advice or insight would be great.
Thanks,
Kevin
 
By default, SR will work with a remote read-only replica until the replication is terminated. Snaps also by default are read-only so no matter how many of them you have those will be read-only, so ransomware-safe. The issue is live data when backed up, or in this case replicated has been compromised. That state will be part of the replica version, but again, this will not "spill" over to older versions.

In short, the process in your case is sound.
 
Thanks for the reply.

I'm still trying to wrap my head around Retention vs Protection Period.

Let's say I want to set the Retention period to match my ABB retention:
60 days, 26 weeks, 12 months, 3 years

The max Immutable snapshot period is only 14 days. On the 15th day the snapshot is now no longer ransomware protected?

Do I just set the Retention period to 14?
 
Thanks for the reply.

I'm still trying to wrap my head around Retention vs Protection Period.

Let's say I want to set the Retention period to match my ABB retention:
60 days, 26 weeks, 12 months, 3 years

The max Immutable snapshot period is only 14 days. On the 15th day the snapshot is now no longer ransomware protected?

Do I just set the Retention period to 14?
I guess you are using the advanced rule option to make this happen.

The max Immutable snapshot period is only 14 days.
Where is that limitation?

In general, you have to enter the "number of latest version to keep" as well. That setting prevents the retention policy from deleting all versions when the system stops backing up your device, and the XX latest versions will be the daily versions backed up in the past XX days.
 
Yes, using advanced rule option on the retention.

Here's the a screenshot the the 14 day (now I see it's not a14 day Max). But still not sure how to keep all snapshots as Immutable.

sshot-8.png
 
You do realize that you will not be able to delete any of those right? Immutable means no deletion via any means. You will kill your storage in the long run. That is the reason there is a recommendation to keep it for example xx days.

Also, as said, snaps are not backups. You snap things you use daily, meaning if you notice ransomware at any point it will not be more than a few days (or less). By that time you will still have a working, non-compromised snap to restore from.

If you want to have a long-term backup, then a proper backup would be a better solution with its own grandfather-father-son policy imho.
 
Ahh.. this is making a little more sense to me. I went back and re-read your first reply:

Snaps also by default are read-only so no matter how many of them you have those will be read-only, so ransomware-safe.
So I don't see any benefit of using the Immutable option (I'm the only one that actually logs onto the Synology) and I'll just keep the last 14 days of snaps.

My understanding of ransomware could be wrong. I thought ransomware would infect a system, stay dormant for xx days then start encrypting stuff. If the dormant phase was longer then my oldest snap, storing would fix me, but would only be a matter of time before the ransomware started again.
 
I thought ransomware would infect a system, stay dormant for xx days then start encrypting stuff. If the dormant phase was longer then my oldest snap, storing would fix me, but would only be a matter of time before the ransomware started again
This is true for certain ransomware. Again, snaps are not backup.

ALSO... If the volume is corrupted, on-NAS snaps are worthless.
 
My understanding of ransomware could be wrong.
It is not wrong, and you are correct. That is also the reason why snaps are not backups, not a real backup that is. Snaps are quick recovery and are best used for recovery of "hot" data. Backup (offsite as well) is what will get you out of that particular situation.
 
First, thanks for your continued insight. So ABB is giving me the option to restore from a ransomware attack. I was looking for a way to protect the ABB backups from ransomware as well as protecting the data by having it on another nas. Would hyperbackup be a better solution?
 
First, thanks for your continued insight. So ABB is giving me the option to restore from a ransomware attack. I was looking for a way to protect the ABB backups from ransomware as well as protecting the data by having it on another nas. Would hyperbackup be a better solution?
Snap can be an option to quickly restore your abb archive. On top of this you could use HB for abb backup as well. Snaps every hour for example and Hb backup as daily/weekly/monthly. Just as an example.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Old thread notice: There have been no replies in this thread for quite some time. The last reply was on .
The content in this thread may no longer be relevant. It might be better to open a new thread instead.

Similar threads

  • Question
Lazy programming on Synology's part... Here's the free Veeam Agent settings... And Macrium Reflect is...
Replies
3
Views
733
Sure, just be clear that snaps are not really classified as backups. So alongside those snaps you should...
Replies
3
Views
2,099
Is this just for ABB or DSM notifications in general?
Replies
1
Views
2,550
  • Question
Setup NAS = DS920+ / DSM 7.0 backing up: Main PC win10 3 drives used daily many hours 2nd PC win10 2...
Replies
0
Views
1,339
That is a great question but my guess restore might work as well but my money is on that it won’t...
Replies
3
Views
1,012
awesome, my lenovo laptop needed the extra drivers so i put it in there. thanks for sharing your...
Replies
4
Views
2,205

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top