Backup

Synology C2 Suite Review

Synology asked me to have a fresh look at parts their C2 suite – I’d previously dived into their C2 Backup for Business solution almost a year ago, and I’m keen to find out how they’ve progressed.

The solutions I was given to try were:

C2 Identity
C2 Password
C2 Backup

Encryption or Passkey Prerequisite

The C2 suite needs an Encryption Key which encrypts all C2 services, or the newly released Passkey option.

For the Encryption Key, there is also a Recovery Code as a backup if the Encryption key is lost – but without either, you can’t access any C2 service and your access is lost. The only option is to reset your C2 Encryption key which is destructive – all data in the service is lost because there’s now no way to decrypt the data Synology is hosting for you on the C2 services. I know this because I almost had to reset it (which would be fine, I was only using my own test data), but managed to remember what I’d entered as the key originally. It’s also worth noting that you can generate a 1 page PDF of your recovery code details – this would be worth printing out and putting in a safe in case of emergency.

Passkeys can be used instead of an Encryption Key, where biometrics/PINs are used, rather than a password. This is the more modern way things are going, so it’s worth setting this up.

C2 Identity

This is where Synology sees the C2 Identity cloud service sitting. Here’s where I can see it providing the best value:

“Sync users and groups from Windows AD or migrate seamlessly from Synology LDAP Server without the need to reset users’ accounts or passwords.” If you have an on-premises Synology device providing LDAP services, then seamlessly migrating it to C2 Identity would be a smooth approach to turning into a SaaS solution. Moreso, a company that has identity solutions all over the place could benefit from having this modular approach. If you were heavily invested and aligned with a single cloud provider, it may be best to use their pure native solutions end to end – but a mix of cloud auth providers, or a company who’s Microft Entra ID based who’s bought out another company that’s Google Cloud Identity based, could use this to bring in a standard and centralised authentication service.

Note that this service does not sync users/identities with cloud services such as Microsoft 365, but you can use that as a source for a one time import:

For my purposes (and because I don’t have a userbase!), I created a user manually – myself.

Managed Devices

C2 Identity isn’t just about usernames and passwords either, you can manage devices using an agent (both Windows and macOS supported)

The connect key has been regenerated since this screenshot :)

The install of the agent for me was very quick and easy, and just runs inthe background. Once registered, the device will show in the C2 Identity portal with some basic information:

Command

What’s better though, is the Command options you can apply to your managed devices. These are commands you can trigger – either any command you want to do yourself, or pick one of the inbuilt ones which will continue to grow. Easily triggering an Auto-update of Windows across your entire fleet, or easily selecting a device to remote desktop to (and ping at the same time – I remember doing this as my first manual step any time I used to RDP to a desktop at work!).

These commands can either be run on demand (manually) or on time schedules/events (event options are at startup or at login):

Although reasonably simple, I can see this being very useful for a small business or a business with light requirements. Giving your 1-3 IT staff a tool like this makes both identity management and computer management easier than using native tooling alone (as well as the cross-platform support of both Windows and macOS).

Application

Another useful option is being able to add external identity providers (a.k.a. Applications). This allows you to use the single identity from C2 Identity across multiple solutions such as Google Workspace, Microsoft 365, Dropbox, and anything that support SAML (which these days is most things!).

The Edge Server option lets you “Set up an edge server that retrieves directory information from your C2 Identity. This server will authenticate C2 Identity users’ access to on-prem resources.”. This can run off either a local Synology NAS, or anything running Docker.

Other options include the Log of actions in C2 Identity, as well as Settings which has many customisations for an administrator of the service – as well as being able to brand your instance of C2 with your company’s logo, or look at setting up Passwordless Sign-in (beta at time of writing).

C2 Password

C2 Password is a password management system, and is actually free for personal use! If you want to give it a try, here’s the link. Also, here’s Synology’s C2 Password Security White Paper for those interested in some of the security specifics of this solution.

C2 Password has many supported platform extensions – iOS, Android, Google Chrome, Microsoft Edge, Mozilla Firefox and Safari. This should cover most normal business purposes, and is a nice cheap way of providing a managed password solution for both individuals, and a shared vault which can be handy for saving centralised/shared passwords (yes this is never great but you can’t control the password solutions of all your vendors)

The solution offers standard password generation options, as well as a ‘Login Security Overview’ which shows compromised passwords, weak passwords, reused passwords and Inactive 2FA (accounts without 2FA configured). This is visible to each user over their own vault, so is a nice easy way of putting concerns ‘in their face’ and to encourage better account management hygiene practises.

C2 Backup

C2 Backup for Business is a backup solution for both on-premises and cloud workloads. There is also an C2 Backup for Enterprise tier which has unlimited users, teams, and devices with 25TB available storage, and more available to add on. C2 Backup for Business however starts with:

5TB of available storage
250 maximum users
50 maximum teams
Unlimited devices

On-premises devices

This can either be personal computers or physical servers. Again, a backup client is required to be installed onto the device. The default policy is to back up the entire device (including anything plugged in externally such as a USB drive), which may be good for a very small business. However, there’s also the option to target just the system volume, or whichever volume you specify. This can be scheduled on a time basis such as daily, or event driven.

To manage your available space, you can use version control options too – maybe you just want the last 14 days of versions, or only the last 5 backups. You can also do tiered versioning (last day, week, month year) which may be a better option for on-premises servers.

If you have concerns about available bandwidth to a site, you can also define maximum upload speeds.

There is extensive documentation and guides on everything in the Synology C2 solutions, including how to restore a backup. If you want to do a bare metal restore, you can create recovery media on USB, or just recover certain files and folders to another computer which is just navigating through the version of the backup you want, picking the files/folders, and downloading. Easy!

Using the default policy on a home computer may capture a bit too much information!

Cloud Data

You can also backup Microsoft 365 data with the same subscription above – data stored on OneDrive for Business, SharePoint Online, Exchange Online, and Microsoft Teams. Once connecting to your Microsoft 365 tenant, the setup wizard will ask what you want to back up: which users, which sites (i.e. SharePoint Online), and which Teams. Although as part of setup you pick which items you want to back up, you also have the option of ‘auto-protection’ which will add anything newly created to the backup schedule, so you don’t have to go back each time and add them manually.

Your policy will also let you choose what data is backed up – Email, OneDrive, and Chat data. Again we have retention rules for versioning too.

For a small business, one of the nice aspects of this is a cloud to cloud backup (from Microsoft 365 > Synology C2). The bandwidth used between these two will have no effect on end users, especially important for sites with low bandwidth available.

To restore any of this data, there is a special ‘Recovery Portal‘ you can navigate to and restore the data locally.

Finally, in the Management section for C2 Backup you can look at a few options around notifications for events such as a backup failing, or when used storage is getting low. You can also see the state of each user and their used space for backups.

Summary

The Synology C2 Identity and Backup solutions are a good and relatively cheap priced (compare the prices for Backup and Identity) that are perfect for business that want to keep things simple. This can either be a business that has a mix of on-premises and cloud, or even purely Microsoft 365 cloud that needs a cheap backup somewhere just in case. I found the tools both portals and end user quite simple and easy to understand, laid out quite well. I will call out that being a simple solution, means it may not have the features or complexity requirements that some business may have – but the price of this solution reflects that. This can be a cheap way of ticking certain compliance options around data storage/backups and identity management too. The C2 web interface was incredibly snappy to use with every page and menu loading quickly – not something that can be said about many other solutions.

These solutions also have 30 day trials (Backup, Identity) that you can play around with, to see if they’ll suit your requirements.

Synology C2 Backup for Business Review

Last year, I reviewed Synology’s Active Backup for Office 365 which is a cheap way of keeping another copy of Microsoft cloud data, as long as you have enough disks and space to fit it on.

This time, I’m looking at their Synology C2 | C2 Backup solution for businesses – which has a 90 day free trial (credit card details not required). This is a cloud based backup service – so no hardware required. Their support for Microsoft 365 data is quite new, and right now will cover user Exchange Online mailboxes, with OneDrive support coming in Q2 2022. Synology asked me to look at this and answered a few questions around timeframes; they’ve previously given me hardware to review, but this is not paid for content.

C2 Backup is one part of the C2 offerings, but you can pick and choose which components you want without requiring the others:

C2 Password
C2 Backup
C2 Transfer
C2 Identity
C2 Storage

At the time of writing, Synology have 3 regions you can choose from for C2 Backup: Europe – Frankfurt, North America – Seattle, and APAC – Taiwan. I’ll run through setting this up while giving a bit more information around what it is.

After creating an account, the first step is to pick your subscription – Monthly or Annual. The rates (which I won’t quote here in case they change, go have a look on their website) is per month and per terabyte, with the minimum at 5TB and the maximum 200TB.

I will note that there is an individual option that works a bit differently, but won’t run through that in this article. The data limits are smaller at 500GB, 2TB or 5TB and I’m sure there are other differences in the service vs the business option.

Next is setting up your domain, which will be a subdomain of c2.tw. You can’t change this later!

As I’m just doing a trial, I’ll skip the payment information, but it warns:

Continue without setting up a payment method? If you do not set up a payment method before the end of your free trial period, your subscription will not be automatically renewed.

Next is setting up the C2 Encryption key. This is like your password, but to all the data the service will hold. Synology point out they don’t store this – so you need to secure it yourself. If you lose it, you can’t decrypt your data and nor can Synology. They do provide a recovery code once this is done, which again you’ll need to keep – think of it as a backup password. This will be prompted to download a txt file containing the recovery code onto your computer.

Next is choosing the source of the data you want to back up. This screen will just jump you to the page for either – you’re not making a single choice between the two – it can do both.

Briefly looking at the On-premises device option, there’s 2 types of backup it can do: Personal Computer or Physical Server. There’s also Backup Policy where you can set the backup rules such as frequency, schedule and scope.

Backing up a computer or server will require an agent to be installed and signed into. Once done, a Backup Policy needs to be configured so the C2 platform knows what to backup and when. The policies are pretty simple, and the default policy will just back up everything daily, and keep all versions forever.

On the Cloud side of backup sources, we have support for Microsoft 365. You’ll need to sign in with an account that can grant access to certain areas of Microsoft 365.

It will need a little bit of time to connect before you can start configuring (about 30 seconds wait for me).

The next screen lets you pick which users to back up – which will most likely be all of them.

You don’t have to worry about adding future users in manually, there’s an option for Auto-Protection which will detect new users daily and just add them in. Note the 250 user maximum on this.

Once done, you’ll see the list of users you chose with the status ‘Not backed up yet’. You can trigger a backup now through the ellipsis button rather than waiting for the daily cycle.

The first backup will probably take quite a while – but after that first one is complete, future backups are incremental so will run a lot quicker.

The recovery portal is viewed in a per user state, you can choose which version you want to browse through (by date), and search if you’re looking for something in particular.

When restoring emails, you can either choose the emails you want to restore, or just restore everything. For specific emails, you can choose where to restore (either where they came from, or in a different restore folder) and if you want to overwrite existing items or not (only when restoring to original folder).

Restoring a single email for me only took a few seconds. Searching for emails was also very quick, with results coming up within a few seconds again.

Leaving the service going for a week, it has backed up successfully each time, and I can wind back to the daily versions for mailbox content with ease:

It also provides self-service restoration portal where end users can browse backups and recover files by themselves.

I’ve reviewed and tested a few other backup solutions; this is one of the easiest to do out there, but I’m also hanging out for some of the features still on the roadmap. If you only care about emails via Exchange Online, then the platform is ready to go.

It will be interesting to see how far Synology takes their C2 Backup service; being quite new I’m impressed that they’ve got the most important items (emails) backing up reliably, with a simple to restore process. If you’re looking for a ‘forever’ copy of everything in a mailbox on a daily basis, this is worth checking out.

How to Backup Office 365 Mailboxes with Altaro

Backing up mailboxes in Exchange Online as a part of the Office 365 or Microsoft 365 suite is always a debated topic – some will argue that Microsoft have enough redundancy and backups in their own environments so you don’t need a third party solution and you’ll always be able to get your data back. However, this hasn’t been proven yet (thankfully) in a real world event where mailbox data has been lost by Microsoft. It also doesn’t cover scenarios where there’s outages, account problems or other connectivity problems that can delay your access to your cloud based data. Is it a risk each company will need to decide if it’s worth an investment into reducing.

Altaro asked me to have a look at their product – Altaro Office 365 Backup – to provide a quick run-through on setting it up and seeing what it does. Their solution is fully cloud based, so you don’t need any extra hardware to get going. You can set up a 30 day free trial here. Once signed up, here’s what to do:

After logging in from the link you’ll be emailed, you’ll be presented with this screen:

The wizard here will take you through the setup required, starting with a Company Name and your domain configured in Office 365 (which you can get from https://admin.microsoft.com/Adminportal/Home#/Domains) – I had to use my primary:

Next, you’ll need to grant access for Altaro to be able to access data in your tenant, which makes sense since you want them to back it up:

Following the links you’ll get the standard window advising you what permissions you’re granting and to whom:

If it worked, a successful message will show and you can go back to the setup wizard:

After doing this three times, you can go to the next step where you can choose which users to back up – which as it says, will be this data: “Office 365 User Backups consist of Emails, Calendars & Contacts within Mailboxes and Files stored within OneDrive accounts.”, then “SharePoint Backups consist of Files stored within SharePoint Document Libraries.”

If it all goes well, you’ll then get to the final screen showing a successful setup:

That’s it – backup has been set up. Of course your data won’t be in there instantly, the first backup happens over 24 hours, and then up to 4 times a day ongoing. You can choose if new users are automatically added to backup plans or not, which should turn this into a set and forget backup system.

Set and forget only works if you’re alerted around issues, which is possible in the Alert Settings – you can choose what sort of alerts you receive, such as if a backup job failed:

Restoring is also an easy process – for example if you want to restore an entire mailbox, the Mailbox Restore wizard will take you through the steps and ask where you want to restore – onto that user’s mailbox, another user’s mailbox, an Outlook PST file, or a ZIP file containing each mail item as an individual file:

You can also use the Granular Restore option, to search and restore particular items rather than entire mailboxes and accounts. The granular restore has the same options as the full restore for destinations, so there’s a lot of flexibility based on what you’re after:

If you can’t find what you’re looking for, the ‘Advanced Search’ option lets you define what you’re looking for:

Pricing for Office 365 Backup by Altaro is available at https://www.altaro.com/office-365-backup/#faqs and is a per user, per type (either mailbox or mailbox + OneDrive + SharePoint) model. This also includes 24/7 support and unlimited storage for backups.

After setting this up and trying out all the options, I’m confident in saying this is as good as you could hope for, from a turn-key solution. Setup is literally a few minutes, there’s no software to install anywhere and no infrastructure requirements. The data Altaro backs up is held forever (yes, infinite retention!) assuming you still have a valid subscription. The data is stored in Microsoft Azure, but only in West Europe at the time of writing – so if you have data sovereignty requirements, you’ll need to assess this.

Download your free 30-day trial of Altaro Office 365 Backup

Synology DiskStation Microsoft 365 Backup Review

Synology sent me a new DiskStation to review after I’d acquired an older one myself to look at it’s ability to back up Microsoft 365 data (the updated name for Office 365). Being a Microsoft MVP in Office Apps and Services category, so I was very interested to see how it worked.

After reading up on and seeing that it was a completely free piece of software available as part of owning a DiskStation, I was hoping this would be a good solution at an incredibly low price – buy your DiskStation and disks, some time to set it up, and you’re done. To me, that’s already a very appealing offering, along with Synology having a good reputation for maintaining and supporting their hardware several years on – which was proved by the 7 year old DS1813+ I set up a few months ago.

I’ve left the new Intel-based DiskStation 1618+ – Quad Core CPU and 4GB RAM (expandable) running for about a month now, backing up my Microsoft 365 tenant’s data. I ticked ALL the options to see how it went. This tenant is just for me, so the data set is smaller than most tenants – but I do run a few live things through it like email and OneDrive. There’s also a little SharePoint Online data from Micrsoft 365 Groups and Teams I’ve played around with.

Here’s what the dashboard looks like now:

Some useful information there around what’s being backed up and how big it is. You might notice there’s a few errors on the summary. I drilled into those and each was because ‘The Microsoft Server is busy’, and a few minutes later it would try again successfully.

This is likely because I used a backup option to get incremental changes, rather than at a set time. Maybe I’m hitting it too much and getting blocked occasionally.


I know I’ve gotten ahead of myself here, so let’s go back to how to set this up. Assuming you have yourself a Synology DiskStation of some sort that supports ‘Active Backup for Office 365‘ – and which models are those? Here’s the list:

  • 20 series:FS6400, FS3600, FS3400, RS820RP+, RS820+, DS920+, DS720+, DS620slim, DS420+, SA3600, SA3400, SA3200D
  • 19 series:RS1619xs+, RS1219+, DS2419+, DS1819+, DS1019+, DVA3219
  • 18 series:FS1018, RS3618xs, RS2818RP+, RS2418RP+, RS2418+, RS818RP+, RS818+, DS3018xs, DS1618+, DS918+, DS718+, DS418play, DS218+
  • 17 series:FS3017, FS2017, RS18017xs+, RS4017xs+, RS3617xs+, RS3617RPxs, RS3617xs, DS3617xs, DS1817+, DS1517+
  • 16 series:RS18016xs+, RS2416RP+, RS2416+, DS916+, DS716+, DS716+II, DS416play, DS216+, DS216+II
  • 15 series:RS815RP+, RS815+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, DS415+
  • 14 series:RS3614xs+, RS3614RPxs, RS3614xs, RS2414RP+, RS2414+, RS814RP+, RS814+
  • 13 series:RS10613xs+, RS3413xs+, DS2413+, DS1813+, DS1513+, DS713+
  • 12 series:RS3412RPxs, RS3412xs, RS2212RP+, RS2212+, RS812RP+, RS812+, DS3612xs, DS1812+, DS1512+, DS712+, DS412+
  • 11 series:RS3411RPxs, RS3411xs, RS2211RP+, RS2211+, DS3611xs, DS2411+, DS1511+, DS411+, DS411+II

From the DiskStation desktop, open Package Center and follow these steps:

This was a very easy setup to do – I took screenshots of every step involved, but it barely needs an explanation for anyone who’s an admin of a Microsoft 365 Tenant.

The program will then go off and start backing up what you told it. The ‘Activities’ section of Active Backup for Office 365 will show any backups running, and you can also use the inbuilt ‘Resource Monitor’ to see upload/download speeds, disk utilization etc.

It’s also worth noting that the backup you created has an ‘account discovery’ option where it’ll find any new accounts created and automatically add them to the backup, which is great for not having to change backup settings each time you have a new user start.


Running a backup is great, but how do you restore the data? There’s a second app you’ll need, ‘Active Backup for Office 365 Portal’. Launching this will take you to a web interface where admins can browse all data, and users can browse just their own (user access can be disabled if you prefer).

On this web interface, you can then find the file(s) you want to restore, and restore them. You also get a nice timeline down the bottom so you can move backwards and forwards to see a snapshot of a certain time.

Although Mail, Calendar, Contact, and Site (SharePoint) support searching across all backups for names and contents, at the time of writing this isn’t possible for OneDrive backups. It’s worth being aware of this – if someone requests a file restore you’ll need to know exactly when from. I don’t see this as too much of an issue though, as OneDrive has great version control natively, and an automatic recycle bin – so you’d probably rely on the native solution for finding a file, but still it’s worth knowing this existing limitation.

That was the only slight negative I could find while testing. Everything else just worked, was quick to browse and restore, and incremental backups appeared to be on the DiskStation within several seconds after creating a new file in OneDrive.

Again, this is an incredibly cheap Office 365 backup solution. Some may question if you need to back up Office 365 at all. You could set up infinite retention against all content, so why take a backup? To me it’s a definite grey area, and partly depends how much you value the data. Microsoft may never lose your data, but will it be available 100% of the time? What if that important document is in your OneDrive and hadn’t synced down, and there was an outage? We’ve seen a few outages lately, including ones that have broken authentication – your data is still there, but you can’t get to it. In that scenario, having a local copy of something time sensitive could be worth it. Considering the relative low cost of buying a Synolgoy DiskStation – your disks are probably going to cost more than the unit itself, I consider it a pretty easy sell.