Best Home NAS File Server for Backup: WD My Cloud EX2 Ultra vs Others, Self-Disk Replacement

I would like to purchase a NAS for home.
I have the Internet with Orange Funbox, VDSL, so it's hard to change the router.
I would like to have a backup of the most important data and photos, install and configure a program on my computer that would back up the NAS server in the background from time to time. I would not like us to share everything with everyone.
It would be nice if you could share movies to TV.
I was thinking about WD My Cloud EX2 Ultra, but I wonder if it is possible to replace the disk yourself (the manual says yes, a bit further that no, on the forum that no), moreover, apparently the data is encrypted on the disk, so in case of failure disk or electronics of such a NAS, the data will be difficult to recover - even a sectoral copy will not do much.
What would you recommend?
Or maybe buy a regular 2.5 "external drive, install the backup program and simply connect it once a week?
I am after a HDD failure, a lot of data has gone, I am considering returning the disk to the lab, so I am thinking how to prevent a misfortune in the future - probably the best moment.

I suggest Synology. Small, quiet, low energy consumption and the number of functions very large. A huge number of models to choose from. You can choose depending on your needs and the content of the wallet.
When it comes to sharing, you share what you want and with whomever you want.
If you are only interested in backup, it is actually enough to connect only an external drive, but I cannot imagine working without this server today.

Pawel1812 wrote:

I would like to purchase a NAS for home.

Synology, Qnap.
If it is going to be a backup against falling disks, then definitely a 2-bay version and a RAID-1 configuration, the data is kept in duplicate on two disks. This happens automatically. I personally threw large disks from my computers, put very large ones into a network disk. The transfer to such a disk via the cable (and this is what serious work is done for me), hits the 1Gbit / s, so only working with really large files can be negatively felt. There is no time-consuming backups.

The problem is that if we have everything on one network drive (NAS), in the event of a failure, especially ransomware, we lose everything. Nawer RAID (mirror) may not help. You must have at least two copies of the data.
By the way:
https://www.qnap.com/solution/ransomware/pl-pl/
https://www.synology.com/pl-pl/solution/ransomware
The question is what budget?

jprzedworski wrote:

The problem is that if we have everything on one network drive (NAS), in the event of a failure, especially ransomware, we lose everything.

Complete consent. The question of what we want to protect ourselves against and how much money should be spent on it. Because even two physical copies on different media do not protect against a fire in a building or even a more probable theft. Can protect a large backup safe from theft. Carry a backup to a bank locker every day before a fire or replicate data with another NAS in a different physical location. It is extremely difficult to protect yourself from ransomware - you will learn about the problem how the data on the computer and on the NAS will be encrypted, and on the disk in the pocket connected only for the time of the backap, they can also be encrypted. The hacker pulls the plug (deletes the encryption key on the computer) and the data starts to multiply on any medium, even on the one that is currently not connected to anything.

It all depends on the expectations and possibilities.

That's why Synology and Qnap give recommendations on how to minimize risk, but never 100% sure.

jprzedworski wrote:

The question is what budget?

Thank you for the hints - I have not read about Synology servers.
I survived a ransomware attack a few years ago. Fortunately, it did not do much damage then, because it only encrypted my documents and main folder on the disk, and I do not keep any data there.
This time it was worse, the shoddy ST2000LM007 Rosewood drive fell, which are extremely fail-safe drives, it is also difficult to find a specialist who has experience in their repair, and if it is already for about PLN 3, there is no point in approaching it.
I prefer to invest in backup than from time to time to support hackers or data recovery companies, although of course I respect and admire the work of the latter.
From what I have seen - small NAS servers cost about a thousand zlotys without disks and this is an acceptable price for me, unless someone proposes something better.

I read about the QNAP TS-231P

If we have, say, 0.5 TB of multimedia to protect, they may not be of great value, but hypothetically to protect them, what capacity must the NAS have to make multiple copies? How long will it take to make it?

Qnap has been developing and modernizing its products quite intensively recently. I think it is better than Synology, especially in more professional equipment. Or maybe such:
https://www.qnap.com/pl-pl/product/ts-231p
and in general:
https://www.qnap.com/pl-pl/product/series/home

Thank you for the hint, for the same server I thought for an affordable price. Only how long will it take to make one copy outside the file system if we are talking about 0.5 TB of multimedia protection? And what disk capacity should I purchase for this purpose?
It is known that you will need some disks for this amount of data, I just want to know what size disks to buy at the beginning.

Pawel1812 wrote:

Thank you for the hint, for the same server I thought for an affordable price. Only how long will it take to make one copy outside the file system if we are talking about 0.5 TB of multimedia protection? And what disk capacity should I purchase for this purpose?
It is known that you will need some disks for this amount of data, I just want to know what size disks to buy at the beginning.

A bit of a silly question. To back up 0.5TB of data, you need a 0.5TB disk or larger. You don't want to back up the same media every day, which most likely hasn't changed since the last time. It's a waste of space and it's a waste of disks.
In most cases, you can make an incremental backup, i.e. save only the files that have changed from the previous time on a given day.
The second option is folder synchronization. Synology for sure, I assume that qnap also offers what they call home cloud software there. You designate a folder on your computer and the software synchronizes the files of the remote folder between the computer and the disk. So there is an almost instantaneous copy. The first synchronization takes a while, but then when you add or change a file, only it will be sent to the disk almost immediately. Moreover, the NAS does not need to be turned on, turning it on after a week will catch it and synchronize any changes. And, if someone else changes the file on the disk from another computer, you will also see the changed version here.

m.jastrzebski wrote:

qnap also offers what they call home cloud software there

Of course.
https://www.backupacademy.pl/qnap-usprawnia-backup-danych-dzieki-netbak-replicator-4/
https://www.qnap.com/pl-pl/utilities/essentials

Thanks for the hints.
The question as to the space needed is not stupid, as QNAP periodically performs so-called snapshots - state snapshots of protected folders outside the file system to avoid encryption.

On the one hand, multimedia of course does not change, but on the other hand, if they were encrypted, keeping them outside the NAS file system seems to be wise.

Disconnecting the NAS outside of the backup time seems to be a good solution, but why the NAS then, then a simple USB drive connected to the computer every week is enough. Losing my files for a week would not have led me to leave thousands with data recovery or pay a hacker a ransom.

I have to make a decision from this topic, because once again I do not intend to pay, I prefer to spend this money on a good backup mechanism working in the background, I will add that I am one of those who postpone "for later", so it is better to make a copy it was doing itself. The cost of the equipment is of secondary importance here.

Qnap generally reserves up to 20% of its resources for snapshots, it should be enough for 256 snapshots, and you can always delete the oldest ones. It is not a lot. Simply put, a snapshot consists of "freezing" (read-only) the current data and creating a smaller "file" in which the changes from that point on (new data or metadata) will be saved. So it's not duplicating everything, just saving changes. More details here:
https://www.backupacademy.pl/poradnik-jak-dzialaja-migawki-snapshot-na-qnap-nas/

Pawel1812 wrote:

Thanks for the hints.
The question as to the space needed is not stupid, as QNAP periodically performs so-called snapshots - state snapshots of protected folders outside the file system to avoid encryption.

100% of the hackers are already working on a safe workaround for snapshots. Or they already have them.

I'm not a hacker, but I can imagine it could take weeks to encrypt your files, just in a minute, so as not to attract attention. If the operating system itself is modified, you can still use, read, or modify files that are in fact encrypted. You open the file, it is decrypted on the fly. You save, it is encrypted on the fly.

Only when hackers decide that they are revealing themselves, when they have sufficiently exploited the security hole they discovered, have encrypted enough devices, can they simultaneously erase the encryption key on these devices, and tadaaa, all data is no longer usable everywhere. In this case, even a snapshot outside the filesystem could be encrypted because it could have been taken from the data that was just encrypted.

As far as I remember an action with synology, that's what happened. One day, a bunch of people found out that their data had been encrypted. The encryption process itself, which took quite a long time, they did not notice. The encryption takes a while, you can't encrypt a TB of data in 5 minutes.

So in my case: the data network drive is NOT exposed to any port. And it's not popular synology or qnap, just linux with Samba.

m.jastrzebski wrote:

the network data drive is NOT exposed to any port

YES!!!! And certainly the one with backups.

So how to do it in practice? Have a backup disk unmounted from the system? Will backup be able to be done then?

Will such ransomware also encrypt files on google drive?
Microsoft One Drive allows you to restore deleted files for a month. Is it encrypted as well?

Which server to buy? Price is of secondary importance, I want to buy something that I will be happy with and won't go through a data loss disaster.
What's the difference between TS231 and TS231P2-4G. Is it worth the extra money?
Is it worth adding to the TS-251? What can video transcoding be useful for?

In order to protect against encryption, I recommend that you use a separate NAS account with a strong password for backup. Only this account can have write access to the backup directory. All other users have read-only access or not at all (including the admin account). You make the backup with a backup program (any) and in it you enter data to the account that can be saved by the backup. With this configuration, encryption programs do not have write access, because they use a local account (or administrator if they raise their permissions) and cannot encrypt anything.

Thanks for the suggestion, this is some idea, but is it possible if you want to make a backup with the program, automatically?
I was browsing my OneDrive recently and it turns out that this cloud allows you to restore the file not only as it is today, but much earlier, OneDrive takes file dumps which actually protects against encryption.

Currently, it is enough to purchase a legal Office with an annual license for PLN 160, to which Microsoft adds 1 TB of such protected space on OneDrive for free.
Even if the worm gained access to files on OneDrive and deleted them, it would be a month to recover them after logging into a Microsoft account.
The disadvantage is the low upload of my connection, but the data can be uploaded at night.

It is also difficult to watch movies from OneDrive via the VDSL DL 40Mbit / 6Mbit link.

Well, this kind of backup must be entrusted to the program, so that you do not have the system access rights to the backup directory.
The cloud is always sending your data to other entities. I would not have sent anything there without prior encryption, especially of sensitive data. Many companies offer large and free space for user data, but if you want to buy a disk, it turns out that it is not for free. So you should consider why they do it for free (or for little money). For Office with an annual license, you will have to pay again after one year. Isn't it better to buy a normal license?

PLN 160 for 1TB is probably the best offer on the market, and I have to pay for the cloud every year.
As for sending data - Google Drive does not accept encrypted data. I would love to hear my colleague's opinion about what Microsoft can do with my accounting or my photos or videos - even naked. They will sooner fall into the wrong hands when they stand at home.
Are there any known and described cases of data loss in clouds such as Microsoft or Google or making it available to third parties / entities?

It seems that I have nothing interesting to show or hide, but they want to collect it for something. Currently, one can only guess and theorize why they do it. However, they have a purpose in this.
With a cloud (but I don't remember which one) I remember such an interesting event. Some users suddenly appeared files that they had deleted several years earlier. The company explained that it indexed its resources and found something there and restored the files to the owners. But in my opinion, they did not delete these files, they only marked that the owner could not see them. And when it comes to what, for example, Microsoft can do with our photos, I am already answering. You can hang a billboard with your photo in front of your house, which you sent to, for example, FB and not only that you will have nothing to say, they will do it all in accordance with the regulations you agreed to. I'm not paranoid with an aluminum cap on my head. I also use the cloud (because it is a convenience), but I encrypt sensitive data before sending it.

By the way - Qnap can work with clouds:
https://www.qnap.com/pl-pl/how-to/tutorial/ar...e-po%C5%82%C4%85czenie-z-pami%C4%99ci%C4%85-w -clouds-today% C4% 99ki-application-cloud-drive-sync-on-qnap-nas-server /

I don't want to guess what they might, just what known cases of what they actually did.
If they had ever done something wrong with the data - I think it would have spread very quickly.

For me, not using the cloud (I considered and did not use the above-mentioned reasons) costs at least 1.6 thousand. PLN for data recovery, if not more - depends on the condition of the tacky ST2000LM007 plates. I would have a 1TB cloud and a legal Office paid for at least 10 years but wise after the damage ...

Another thing is that the photos to send to the cloud or even upload to some flash drive could be cataloged, etc. It is easy to rip from the camera anywhere and put it "for later" if you have a 2TB disk. This is one of the reasons why I didn't make a copy.

It is known that I will buy US and I will be smarter, the accounting will be in the cloud and the photos will be additionally on an external disk in the closet. The only question is, what is safer to keep data in a closet - FLASH or HDD memory?
Recovery specialists say that HDD - data recovery is easier and if necessary it is cheaper. On the other hand, the collapse of the modern HDD is a certain failure - in the case of FLASH it is not.
Datacenter still use disk drives as cheaper.

Let me return to the question - which US to buy? TS231P, TS231P2-4G or maybe TS-251?

Pawel1812 wrote:

Let me return to the question - which US to buy? TS231P, TS231P2-4G or maybe TS-251?

Buy one where you can easily add RAM at any time:
https://youtu.be/4uAIIKVQuZo

Pawel1812 wrote:

On the other hand, the collapse of the modern HDD is a certain failure - in the case of FLASH it is not.

Damage to the controller, memory module and also the disk and data in the trash.
Get HDD - cheaper, more data will come in.
only for HDD - buy a drive intended for the server, not any one: WD RED, WD RED PRO, WD Gold, Seagate IronWolf. Seagate IronWolf Pro.

Thank you for the hints about the drives, what are the differences between WD Red and WD Red Pro drives? Is there really a significant difference in their durability?
With NAS and RAID1, is disk durability so important that it is worth investing in?

I wanted to ask what happens if one of the drives fails in a RAID1 configuration, will the server continue to run normally and back up to only one drive?
What will happen when I mount only one disk to the server, or will it be possible to add a second disk without any problems in terms of data security?
I am asking because I have never had such a server.

These disks are designed for use in devices such as NAS (continuous operation) and differ in endurance from ordinary disks. If you have RAID1 (the same on two disks), you can have a regular one, but it will probably crash faster and you will have to replace it. Or you can only use one disk at the beginning, but when creating a volume on the NAS, choose to create RAID1 immediately, as later you won't be able to change it without losing your data and re-creating it from scratch. When you get a second disk, add it and the NAS will synchronize it and lose the data.
In the event of failure of one of the disks, you dismount the damaged disk, insert the other one and wait for the contents to be equalized. You have completed the entire operation.

Thanks for the clarification.
And can a second disk be added to such a server over time?

You can, but you won't use more capacity.

I read the manual in which it says that the server encrypts data on disks. Is it mandatory, or can this function be turned off, because in my opinion it may make it difficult to recover data from the disk using a cross-sector backup in the event of a server and disk failure at the same time. Or maybe I am thinking wrong?

You don't need to turn on encryption.