Page 1 of 1

Backup *PULL* from QNAP to QNAP

Posted: Fri Nov 20, 2020 11:13 am
by archaic0
I have a QNAP at home with a static IP and firewall under my control that I can forward ports to as needed.
I have a QNAP that I would like to park at a random location where I do not have any control over incoming ports.

Home QNAP is: TS-832XU-RP with 8 SSD drives and 2 NVME cache drives with about 500G of data I want to sync
Remote QNAP is: TS-431X2 with 4 SSD drives

Testing various sync options with both QNAPS on my home 10G LAN, I noticed that any time I used a VPN to connect the remote QNAP to my main one, I topped out around 8MB/s(64Mb/s). Without a VPN, just using an HBS sync job to send to the remote QNAP however, I can get consistently around 400MB/s with the speed test without SSL and 20MB/s with SSL.

I should have a 100Mb/s(12.5MB/s) link between the two QNAPs, so I would like to get as much performance as I can out of this sync, but the obvious VPN route seems to be a huge limiting factor even on the same LAN. I presume this is being limited by the underlying hardware, so I would like to avoid the VPN route if possible.

Experimenting with Hybrid Backup & Sync options, I haven't been able to find a solution that would let me configure a job on the remote QNAP to PULL data from my main QNAP. All of the job types seem to be limited to pushing data from the unit with the job to the other unit.

I found an older thread that claimed to have a solution working, but I was not able to follow how they configured their jobs.

Can someone help me fill in the gaps? I don't have any preference for RTRR, RSYNC, FTP, CIFS, whatever... I just want the fastest performance I can get. Encryption on the link is preferred, and a 20MB/s performance limit would probably be ok as I'll be limited to 100M internet links, but the 8MB/s limit is a bit painful.

Re: Backup *PULL* from QNAP to QNAP

Posted: Fri Nov 20, 2020 11:23 am
by dolbyman
Do yourself a favour and terminate a VPN at the location you have full control over (best on the firewall if it has enough oomp for vpn encryption..the arm processors in your NAS are slow enough without VPN overhead..so spare them the cpu cycles)

Never expose your NAS to the open web by forwarding ports (malware)

HBS3 has a pull function..but it was named funny... 2 way sync or smth

Re: Backup *PULL* from QNAP to QNAP

Posted: Fri Nov 20, 2020 11:44 am
by archaic0
I have a MikroTik router at home so I can terminate the VPN there, but the remote QNAP would still be the VPN client, so would moving just one side of the tunnel really help?

I can appreciate your advice to not expose things to the internet, however, I run several web facing services from my home lab and provide some other services as a small MSP, so exposure in my case is unavoidable until I can create entirely cloud-based solutions. IDS/IPS strategies at the firewall like blacklisting IPs that probe ports I don't use as well as a blanket block on all non-US based IPs just out of the gate, source restricting where I can, and using the built-in security controls that block IPs and lock out accounts on the QNAP is the best I can do there other than of course keeping everything patched. In this case, I can source restrict whatever ports I end up using to the IP the remote QNAP is coming from. While that side would be DHCP, it wouldn't be terribly hard to 'chase' any IP changes that may happen along the way.

With security 'covered', I can experiment with moving one side of the VPN, but if the tunnel is still underperforming, I'd still be looking for a way to pull data from my main QNAP by way of a job running on the remote QNAP.

Re: Backup *PULL* from QNAP to QNAP

Posted: Fri Nov 20, 2020 12:19 pm
by dolbyman
you could place a vpn appliance on the other side, e.g. a router with AES/SSL acceleration etc

exposing QNAPs is a dangerous game that many have paid with their data (cryptotrojan) or other infections (botnets,coin miners,etc) .. it should never be part of any professional operation..
There were at least 3 waves of infections this year so far, and there will be more (covid forces more people to work from home and small businesses exposing their qnaps will be lucrative targets for criminals)

if you run full external offline backups and monitor your traffic, you can mitigate I guess

Re: Backup *PULL* from QNAP to QNAP

Posted: Fri Nov 20, 2020 12:35 pm
by archaic0
Like I said, source restricting would be the primary mitigation there. Followed by a robust backup strategy, of which this project is aiming to add a 3rd offsite copy of critical data.

Are you saying that you are not aware of any way to configure an HBS job that PULLs versus PUSHES? The topic from 2018 was using a CIFS/SMB share and the poster says they were pulling using an HBS job, but there are a couple details missing that leave me not able to follow how he had that working. Doing a CIFS/SMB share over the internet wouldn't be a plan I would like though, but he seemed to be saying that other methods could be used.

Maybe HBS has changed, but no version of the current options seem to allow me to choose a source that is a remote storage space with a target that is the local NAS. They mention the sync arrow switching at some point, but I haven't found an option that flips the arrow myself.

The old thread for reference:
viewtopic.php?t=139331

Re: Backup *PULL* from QNAP to QNAP

Posted: Fri Nov 20, 2020 1:07 pm
by dolbyman
as I said further up...pull was an option...have to check tomorrow what it was called..something with sync (counterintuitive)

Re: Backup *PULL* from QNAP to QNAP

Posted: Sat Nov 21, 2020 2:42 am
by dolbyman
Ok I just checked

HBS3
Sync
Active Sync Job

Here you can choose the device to pull your backup from

Re: Backup *PULL* from QNAP to QNAP

Posted: Sun Nov 22, 2020 4:23 am
by archaic0
Ahh, I'll give that a shot, thank you!

I mentally blocked out the Active Sync option, thinking that option meant a live, two-way, sync.