How to migrate existing volumes to encrypted volumes (DSM 7.2)

It is logical that the new volume encryption can’t encrypt existing volumes. Adding storage units to storage pools will allow to create new volumes and then “move” critical folders to them.

Now, what will be the best way, if any, to end up with Volume 1 encrypted if needed be?

So you really have two different options if you want to encrypt volume 1, of an already existing NAS.

  1. Would be to run hyper backup to an external HDD, then blow away the pool, then restore from the backup. (probably the easiest thing to do)
  2. Would be to play a game of moving shares around until they are all in an encrypted volume by using control panel → move folder. I would not recommend this.

Thanks Will for your quick and precise answer. Long time sbscriber of your channel and happy to see you progressing.

Something that I still do not understand is where DSM and the packages resides specially in a SHR environment. Blowing the pool will imply blowing the NAS per se with all installed packakes. We both know that Hyper Backup does not backup everything …

Most of the NAS’ we managed are single volume in SHR and even having bays for additional discs, not all have enough to mimic the same level of RAID protection. I will never set an encrypted volume on a single disc, non-SHR pool. We have many customers very worry about the safety of the data if the NAS is stolen or mismanaged.

I am looking forward to the release as I have many questions about using encrypted volumes like disc migration to another NAS? can the encryption keys be placed somewhere but NAS’s? Actual Volume 1 is not encrypted and Volume 2 is added as encrypted and lets say we “duplicte” Volume 1 on Volume 2. Can we get rid of Volume 1 and make 2 to be 1 or leave Volume 1 at tis bare minimum with no data at all?

Anyways … thanks, again for replying and allowing me to share my craziness!

1 Like

Do you ACTUALLY have to blow away the whole POOL in order to create new volumes that are encrypted, or can it be done by creating new Volumes within the original storage pool (and deleting the original volumes after things are moved) – that is, if you have un-allocated space in your pool from which to create new encrypted volumes?

BTW I’m trying to use Hyperbackup to back up 2.2TB of data to a USB mounted volume, and it’s horrifically slow. I have a DS1522+. I mean, more than 24 hours and only half done. I am feeling insecure about the ability to restore from backup.

Thanks.

You should be able to just delete the volume, not the pool to do it

That is a long time, especially for a local backup. Can you check the disk utilization in Resource monitor?

I would says its always a good idea to have a bad feeling about restoring from a backup. Whenever I am doing a switch over like this I normally make sure to have a second copy of the critical files just in case on a different drive. That being said I have had a good track record with restoring a hyperbackup

For whatever it’s worth I currently have 3 x 4TB disks in an SHR array on a 4-bay (DS920+) and I am in the process of trying to get a second small encrypted volume as follows:

  1. Adding an additional 4TB disk in the 4th bay
  2. Adding the new disk to the storage pool but NOT checking to automatically expand the volume into the new space
  3. Manually expanding the volume into the newly larger storage pool but SAVING 0.5TB
  4. Creating a new encrypted volume 2 in the leftover 0.5TB

I am not sure if this will work - I am currently at step 2. But incase it’s of use to anyone else, I’ll report back on the outcome.

1 Like

Just to report back that this went super smoothly.

Adding the disk to the storage pool took all day, but afterwards, expanding the capacity of the volume was near instant.

I kept 500gb back during the expansion of my original volume, and now I have an encrypted volume 2. I’ve moved a few select shared folders over to the new encrypted volume (by editing their share settings), and that went very smoothly too.

Happy days.

3 Likes

Great to know! Always scary during these processes!

1 Like

In my case, I had 3 volumes (volume1, volume2, and volume3) on 3 different storage pools on SHR consisting of 4 drives each. Volumes 2 and 3 were encrypted, but volume 1 wasn’t.
I’m on latest DSM (DSM 7.2.1-69057 Update 5) and in order to encrypt volume1 I moved all shares to volume3 temporarily, then on Storage Manager I deleted volume1, but when I tried to recreate it I didn’t get the option to encrypt the volume.
So I deleted the Storage Pool (which was Storage Pool 1) and recreated it, but when I did it forced a Drive Check which is taking now about 24 hours.
I suppose after the Drive Check I will be able to create the new volume1 and it will give me the option to encrypt it.

DonDowner, I do hope so for you but it should not be necessary. What model NAS do you have? And is your Encryption Key Vault still in good order?

Hi Paul, luckily everything went fine. After the Drive Check, which ended up taking 22 hours, I was able to create the new volume (Synology named it volume1) and it gave me the option to encrypt the new volume upon creation.

RS1221+ with RX418

Yep

All good. Thanks.