Synology Diskstations and Macrium Image Guardian


Author
Message
kimco
kimco
New Member
New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)
Group: Forum Members
Posts: 12, Visits: 28
Hi there,

All our corporate PCs are being backed up to an onsite Synology Diskstation. Although the share being written to is hidden, I'm still concerned about ransomware encrypting our PC backups.

My understanding of Macrium Image Guardian (MIG) is that it cannot, right now, protect any of the files on the Synology Diskstation.

Am I correct in that understanding?

Are there plans to somehow extend MIG to protect files on a hidden share on a Synology device?  Perhaps to create a MIG "app" that can be installed on the Diskstation itself?

Any insights or comments would be greatly appreciated.

Thank you,

Ralph Edington

jphughan
jphughan
Most Valuable Professional
Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)
Group: Forum Members
Posts: 3K, Visits: 21K
You're correct.  Currently, MIG can only protect NTFS partitions that are local to the PC on which MIG is running.  Macrium has a short article about MIG and third-party NAS devices here if you're interested.  In terms of ransomware mitigation, keeping the share hidden is a good first step.  Another valuable step would be not having a persistent mapping to it on the PC.  And an even better third step would be using credentials that have read/write access to the share only within Reflect, and using credentials with read-only access when you need to access that share within Windows for other purposes -- since after all you shouldn't need to write to a NAS share containing your backups from outside Reflect very often, or perhaps never.  Ransomware is certainly getting sophisticated, but the chances of ransomware looking within Reflect for credentials to gain read/write access to a hidden share are rather slim.  But the best mitigation of all would be to periodically back up your NAS to another location, such as the cloud or a mostly-offline disk, which in addition to serving as the ultimate ransomware protection is also handy for other scenarios, like NAS failure.

Edited 5 April 2018 7:33 PM by jphughan
kimco
kimco
New Member
New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)
Group: Forum Members
Posts: 12, Visits: 28
Thank you for your reply.

I do in fact have guest access turned on for the Synology Diskstation. Your idea of turning that off, and instead, requiring credentials that are stored in the Reflect client, is a good one, although that will require significant reconfig of all my clients.

Thanks again!

--Ralph
jphughan
jphughan
Most Valuable Professional
Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)Most Valuable Professional (4.3K reputation)
Group: Forum Members
Posts: 3K, Visits: 21K
You're welcome! Smile  If you're still on V6 clients (since you posted in the V6 section of the forum), the easiest way is to create read/write credentials on the NAS, then create an admin account on each Reflect PC with the same username and password, then in Reflect, go to Edit Defaults > Schedule and configure scheduled tasks to run under that account.  Since that account's credentials will match an account on the NAS, the scheduled tasks will have write access.  Manually executed jobs on the other hand will require the logged-on user to have an authenticated session with read/write access already open to the NAS.  If you have (or upgrade to) V7 clients, it's easier.  Instead, you just go to Edit Defaults > Network and add an entry there with the path to your NAS and the read/write account you created, and then both scheduled and manually executed tasks will be able to use those credentials when Reflect tries to connect to that destination.

Lastly, if you don't already use it, if you have to manage a decent number of PCs, you may want to look at Macrium Site Manager (here) to simplify administration.  I don't know if it would help with deploying this particular change since I don't use it myself, but Site Manager itself is free if you already have Reflect licenses on the workstations (though it can't be used to manage Reflect Free installations), and using Site Manager also gives you the option to license additional PCs with MALs instead of full standalone licenses.  Reflect installations activated with a MAL must be managed by Site Manager, unlike the standalone licenses, but MALs are also less expensive, and if you have a lot of PCs, they're easier to manage than keeping track of which PC has which Reflect key in use.  But again, if you'd prefer to maintain flexibility, you can certainly buying/using standalone licenses and simply add Site Manager to your environment to manage them.

Edited 5 April 2018 8:05 PM by jphughan
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search