Remote Access With Synology
Most homes, and many small businesses, have an ISP that may change their IP address on them from time to time. Having a static (never changing) IP generally costs more and can sometimes be significant.
DNS is the way easy to remember names (such as www.synology.com) are mapped to the IP address that’s appropriate for the name. You may not need DNS when you’re on your local network, but you’ll want it to connect when you’re out and about, such as at a coffee shop with your laptop or running errands with your cellphone.
Dynamic DNS is a way of keeping the name and IP address mapping updated whenever your ISP changes the IP address assigned to you.
This is a broad oversimplification because it isn’t the focus of this article. What’s important is how Synology let’s you connect back to your NAS when you’re on the road.
Synology provides two ways to remotely find and connect to your Synology NAS. One is traditional dynamic DNS and the other is QuickConnect. QuickConnect is proprietary to Synology and is simple to set up since it doesn’t require any special setup such as port forwarding. It’s not Dynamic DNS but it works the same way within the Synology ecosystem.
Synology does a good job of explaining QuickConnect here. In short, it detects whether or not your Synology NAS is on the local network. If it’s not, it reaches out to the Synology QuickConnect service and gets the address for the connection. An intermediary relay server is used which means port forwarding doesn’t need to be set up. There is a potential performance benefit to using port forwarding, so if it is set up then QuickConnect can benefit from port forwarding. If DSM understands your router it will automatically set up port forwarding.
QuickConnect can be used to connect through a web browser, otherwise the Synology App has to support QuickConnect. Synology has been adding QuickConnect support over time and all mobile apps now support it.
If all you need is remote access through the Synology mobile apps then QuickConnect is the way to do it.
Synology DSM also support Dynamic DNS (DDNS). It can be managed through Control Panel in the External Access section. Synology provides their own DDNS service using domains such as myDS.me and DSmyNAS.com. You just need to give your NAS a unique name. You aren’t locked in to Synology’s service as they support over 20 other providers. If you have your own domain name and your DNS provider supports DDNS you may also be able to configure it even if it’s not in the list of officially supported services.
If you’re new to DNS then using Synology’s service would be the way to go. It’s simple to setup since it all comes from one place.
If you use QuickConnect or Synology’s DDNS service you will need to create an account with Synology. If they see your chosen name is dormant they will email a notification that it appears offline. If it’s offline for an extended period of time Synology may delete it and allow someone else to claim it.
Simplicity is the enemy of security. While QuickConnect and DDNS simplify remote access it does mean your NAS is available from anywhere on the internet. So be sure it is secure. Keep DSM and all packages up to date. Use complex passwords and two-factor authentication, especially for admin IDs or any ID with access to confidential data. Also enable Auto Block so anyone trying to brute force a password is blocked. Managing the firewall, which will take more work, should be done if at all possible so that only what’s needed externally is available externally. Use HTTPS for all connections, even from mobile apps.
There’s always the possibility that there is a security vulnerability in QuickConnect but I don’t see QuickConnect as a significantly bigger risk than using a DNS service unrelated to Synology. The one concern would be that this is a central repository of known computers with a known operating system which could make it a target. If you’re worried about security then you should assume this information is known since obscurity alone won’t provide security.
Synology provides a nice set of services for accessing your data remotely. QuickConnect is a nice added service that’s provided with your Synology NAS.
DS Finder isn’t intended to be used remotely so it doesn’t support QuickConnect ↩