Managing Synology Devices as MSP / Synology Devices as managed service

Hi folks

We are continuously increasing the number of Synology boxes as file servers and backup solutions to different customers. So obviously the question comes up how to monitor/manage the devices. Am I correct that so far the available tool kit for mass managment of Synology is very limited?

What I am specifically looking for is some solution on how multiple employees of the MSP can manage multiple devices located at multiple customers.

Is my current understanding correct that

  • a specific Synology NAS can only be assigned to ONE (1) synology account?
  • a synology account can only have ONE (1) assigned email addess? (so preferably “service/shared” mail addresses instead of person address)

If the above is true than:

  • you could assign a customers (ACME ltd) device to a active insight account with synology@acme.com, subsequently
  • you create an active insight account for the MSP with synology@msp.com and send an account delegation request to synology@acme.com
  • This allows the MSP to monitor the customers devices but all employees of MSP must share synology@msp.com for active insight?

So no tracking of who did what or granulated access rights can be implemented - correct? Also anytime an employee leaves the team the password needs to be reset. And MFA is just a joke is such an environment.

Anything I missed or missunderstood?

So am I wrong when I state that for MSPs monitoring & management is better done with SNMP & email notification?

Thanks for your feedback

Lately, I’ve been using Cloudflare tunnels to manage access, in combination with docker-compose to provide a convenient deployment package. Cloudflare’s zero trust framework supports users and access groups, private networks, MFA, and all those good things.

Tunnel management can be automated via the REST API, if one were so inclined. It would be one way to handle onboarding and offboarding as well as rapid response lockdowns.

I’m using Uptime Kuma and ntfy.sh for monitoring. If I were looking for a more scalable solution then Grafana + Grafana Loki would likely replace Uptime Kuma to handle the multi-tenant and multi-user aspects.

YMMV

What parameter can you track with this setup?

Cloudflare as means of physical connection to connect to the boxes with granulated user managment - correct?

Uptime Kuma and ntfy.sh as reporting tool? What actual parameter would you feed to these plattforms?

The system status information - Raid, HD Health, Connectivity,… - are easy as they are published through SNMP and are documented in the MIB files

Side Note: Serversentinel PRO is also very nice for drive monitoring Harddisksentinel PRO: monitor Network Attached Storage (NAS) status (hdsentinel.com)

But how do I get status information (besides email notification) on specific synology apps:

  • SSR: replication successfull yes/no + error messages
  • ABB: backup job XYZ successfull yes/no, backup validation successful yes/no + error messages
  • Hyperbackup: job success full yes/no + error messages

Yes, Cloudflare Tunnels as a means of connecting to boxes with user management. Tunnels aren’t necessary for monitoring but are very useful for access management and intervention.

Uptime Kuma is mostly a heartbeat monitor. It doesn’t directly support displaying job status. I suspect something could be cobbled together to track such an activity but there are likely better IT monitoring solutions for that purpose.

Some amount of hackery is required to consume status notifications from Synology apps. A supported approach would be to define a custom webhook (Control Panel->Notification->Webhooks) and set the URL to an aggregator application that filters the noise.

If I were building such an aggregator app, it would likely be deployed as a docker that runs standalone on each customer endpoint, forwarding relevant events to a central management dashboard.

Digging further into the realm of hacks, the app could be extended to parse local log files for events that aren’t reported via Synology’s notification engine. This is truly hackery as location and format of log files is undocumented hence subject to change without notice. That said, Synology is reasonably consistent and unlikely to make radical changes thatt would break their own logging utilities.

ntfy.sh is an open source self-hosted solution to paging. There are commercial solutions like PagerDuty and Opsgenie that likely meet your needs.

I will give this a try.

Thanks a lot