FreshRSS

🔒
❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierFlux principal

Containers and VMware vSphere

10 septembre 2021 à 16:42

VMware implemented containers with VMware Integrated Containers (VIC) back in early 2019. Shortly afterward, VMware Tanzu was released, which significantly improved container management. This post gives an overview of the container technology from a VMware admin's point of view.

The post Containers and VMware vSphere first appeared on 4sysops.

How to install ESXi 7.0 U2 directly from an HTTP server via a UEFI HTTP boot

3 septembre 2021 à 11:32

With ESXi 7.0 Update 2, VMware has introduced a new way to boot the ESXi installer by using native UEFI HTTP. What is it? It is a way to boot the ESXi installer over the network but without setting up the whole PXE infrastructure (PXE server, TFTP, and DHCP).

The post How to install ESXi 7.0 U2 directly from an HTTP server via a UEFI HTTP boot first appeared on 4sysops.

Precision Time for Windows and VMware vSphere 7 Update 2

27 août 2021 à 14:44

VMware vSphere 7 Update 2 has introduced a new feature called Precision Time for Windows. It's a completely new protocol that is worth looking at because it offers strict time accuracy and precision for time-sensitive virtualized applications.

The post Precision Time for Windows and VMware vSphere 7 Update 2 first appeared on 4sysops.

Using ESXi ISO image builder with VMware vSphere 7.0 Update 2

20 août 2021 à 15:09

Creating custom ESXi images is useful when you need to add custom drivers to your installation ESXi ISO. Previously, there were third-party tools that are no longer maintained. However, since vSphere 6.x, VMware has offered its own utility, which is built into vSphere, called ESXi Image Builder.

The post Using ESXi ISO image builder with VMware vSphere 7.0 Update 2 first appeared on 4sysops.

Bulletin d’actualité du CERT-FR – 09/08/2021

Bulletin d’actualité du 09/08/2021 Nous voici de nouveau ensemble dans notre rendez-vous de fin de semaine pour revenir sur les différents bulletins de sécurité publiés par le CERT-FR ! Durant la période du 2 août au 8 août 2021, le CERT-FR (Centre gouvernemental de veille, d’alerte et de réponse aux attaques informatiques en France) a …

VMware vSphere 7.0 Update 2 HCI Mesh configuration

13 août 2021 à 20:36

VMware HCI mesh for compute-only nodes was introduced with vSphere 7.0 Update 2 and allows you to connect to VMware vSAN datastores from another cluster. This cluster can be a host-only cluster without internal storage participating in a vSAN capacity.

The post VMware vSphere 7.0 Update 2 HCI Mesh configuration first appeared on 4sysops.

VMware vCenter : comment corriger l’alerte Log Disk Exhaustion ?

Hey ! Bonjour à toutes et tous ! Nous voici ensemble de nouveau pour un nouvel article qui ne va pas parler du modèle MSP ou des alertes du CERT-FR, mais plutôt de l’appliance vCenter de chez VMware ! En cette belle journée ensoleillée (non, je vous rassure, il tombe des cordes en réalité au …

How to set up a vSphere 7 Update 2 Native Key Provider

30 juillet 2021 à 17:26

VMware vSphere 7 Update 2 finally offers a long-awaited Native Key Provider (NKP), which is built in in vSphere. It's not a "full blown" KMS server, as the NKP can only talk to vSphere and you can't point other things at it. It is a vSphere-only feature.

The post How to set up a vSphere 7 Update 2 Native Key Provider first appeared on 4sysops.

How to use vRealize Log Insight to retrieve logs from your Windows and Linux servers

23 juillet 2021 à 18:19

VMware vRealize Log Insight gathers logs from ESXi hosts and VMs in your virtual and physical environments. The product is extensible via content packs available in the VMware marketplace. In this post, we'll show you how you can not only use it as a main collector for your infrastructure, but also how to use the content pack for Microsoft Windows.

The post How to use vRealize Log Insight to retrieve logs from your Windows and Linux servers first appeared on 4sysops.

Analyze basic log output from VMware vSphere 7 products

21 juillet 2021 à 22:55

If you're running just a vSphere, and ESXi, the logging will be concentrated only from those two products. VMware has, however, a large portfolio of products, each of which has its own logging. It is probably best to send logs from all VMware products to a remote logging server that can ingest the logs and present you with a graphical UI that also allows advanced search capabilities for specific issues.

The post Analyze basic log output from VMware vSphere 7 products first appeared on 4sysops.

Une variante du ransomware HelloKitty s’attaque aux serveurs VMware ESXi

20 juillet 2021 à 08:15

Une nouvelle variante du ransomware HelloKitty rejoint la liste des ransomwares qui s'attaquent aux serveurs VMware ESXi, qui sont désormais une cible de plus en plus privilégiée par les pirates.

Souvenez-vous, le mois dernier on apprenait l'existence d'un module de chiffrement spécifique au sein du ransomware REvil, dans le but de s'attaquer aux serveurs VMware ESXi et de chiffrer les datastores. Pour rappel, le datastore est l'emplacement de stockage où sont stockées les machines virtuelles.

Comme la dernière fois, c'est l'équipe de chercheurs MalwareHunterTeam qui a fait cette découverte, et cette fois-ci cela concerne une nouvelle variante du ransomware HelloKitty. Elle se présente sous la forme d'un exécutable ELF-64, à destination de Linux. Même si VMware utilise un noyau Linux personnalisé, il est possible de lancer ce type d'exécutable sur les hyperviseurs.

Pour interagir avec le serveur VMware ESXi, le ransomware s'appuie sur la ligne de commandes esxcli. Cela lui permet d'éteindre la machine virtuelle afin d'éviter que les fichiers soient verrouillés, et il procède ensuite au chiffrement de ces mêmes fichiers. Comme le montre l'exemple ci-dessous, le ransomware cherche à éteindre proprement la VM dans un premier temps, et si cela ne fonctionne pas il essaie deux autres méthodes plus brutales.

First try kill VM:%ld ID:%d %s
esxcli vm process kill -t=soft -w=%d
Check kill VM:%ld ID:%d
esxcli vm process kill -t=hard -w=%d
Unable to find
Killed VM:%ld ID:%d
still running VM:%ld ID:%d try force
esxcli vm process kill -t=force -w=%d
Check VM:%ld ID: %d manual !!!
.README_TO_RESTORE
Find ESXi:%s
esxcli vm process list
World ID:
Process ID:
Running VM:%ld ID:%d %s
Total VM run on host: %ld

Les hackers apprécient particulièrement les hyperviseurs, en l'occurrence sous VMware ESXi. Pour deux raisons : ils sont très répandus et prendre le contrôle d'un ESXi permet de cibler X serveurs virtuels, ce qui est particulièrement impactant.

Dirk Schrader de chez New Net Technologies, explique qu'attaquer un équipement (VMware ESXi) qui héberge une trentaine de services critiques d'une organisation est particulièrement intéressant pour les pirates, afin d'obtenir un résultat. Quand il dit "résultat", il veut dire par là que l'entreprise va payer la rançon et donc que c'est rentable pour les hackers.

Pour se protéger contre ce type d'attaques, il convient de maintenir à jour son serveur VMware ESXi autant que possible pour bénéficier des derniers correctifs de sécurité.

Source

The post Une variante du ransomware HelloKitty s’attaque aux serveurs VMware ESXi first appeared on IT-Connect.

Analyze drmdump files with VMware DRS Dump Insight

9 juillet 2021 à 16:12

DRS Dump Insight is a portal where you can upload drmdump files for further analysis. VMware DRS Dump Insight 2.0 is an updated release that reflects changes within the VMware DRS mechanism, which I discussed in a previous article about VMware vSphere 7 DRS scoring and configuration.

The post Analyze drmdump files with VMware DRS Dump Insight first appeared on 4sysops.

Bulletin d’actualité du CERT-FR – 28/06/2021

Bulletin d’actualité du 28/06/2021 Nous voici de nouveau ensemble dans notre rendez-vous de fin de semaine pour revenir sur les différents bulletins de sécurité publiés par le CERT-FR ! Durant la période du 21 juin au 27 juin 2021, le CERT-FR (Centre gouvernemental de veille, d’alerte et de réponse aux attaques informatiques en France) a …

BIOS optimization settings for VMware ESXi 7.x

2 juillet 2021 à 17:41

This guide provides information about BIOS optimization for VMware ESXi 7.x. When you buy new hardware, after verifying that ESXi 7.x is a supported hypervisor, you'll need to configure BIOS. The configuration process is, in part, about performance tweaks.

The post BIOS optimization settings for VMware ESXi 7.x first appeared on 4sysops.

Créer des templates de VM avec VMware vCenter Server Appliance

1 juillet 2021 à 12:57

I. Présentation

Aujourd'hui, nous allons voir comment créer des modèles de VM sous VMware afin de créer des VMs de "référence" pour vos déploiements. Celles-ci vous permettent de pouvoir créer des machines virtuelles à la volée, sans passer par l'étape fastidieuse de création de VM classique.

Un modèle de machine virtuelle est une image d'une VM personnalisable afin de répondre à certaines exigences métier. Un template peut être utilisé plusieurs fois à des fins de déploiement en masse d'instances de VMs. Après avoir déployé une VM à partir d'un modèle, elle n'est plus liée à son modèle, et est donc indépendante.

Note : certaines informations non essentielles de ce tutoriel ont été masquées.

II. Modèle VS clone VS OVA/OVF

A. La différence entre un clone de VM et un modèle de VM

Un clone de VM "standard" est une copie exacte d'une VM à un instant T qui n'est pas personnalisable (au niveau de l'OS, et certaines ressources physiques). Si vous devez cloner périodiquement une machine virtuelle en cours d'exécution, les clones résultant de celle-ci seraient différents les uns des autres. Un modèle de machine virtuelle vous aide à éviter ces problèmes, car il ne peut pas être modifié* et ne peut jamais être en cours d'exécution. On évite alors les erreurs de manipulations...

VMware fournit des outils qui simplifient la personnalisation du système d'exploitation invité pour les clones de VM. Un point que nous aborderons dans le troisième chapitre de ce tutoriel.

*Vous ne pouvez pas la mettre sous tension et modifier une machine modèle dès lors qu'elle a été créée, afin que personne ne puisse accidentellement démarrer/modifier la machine virtuelle utilisée comme modèle. Si vous souhaitez modifier un modèle, vous devez convertir un modèle en machine virtuelle, modifier la machine virtuelle, puis convertir la machine virtuelle modifiée en un nouveau modèle. Cette approche offre une plus grande sécurité (et une méthode plus « infaillible ») que les clonages classiques de VM.

B. La différence entre un modèle de VM et un modèle OVA/OVF

Les modèles OVA et OVF sont utilisés pour distribuer des logiciels préconfigurés en tant qu'appliances virtuelles. Ils peuvent contenir plusieurs machines virtuelles, ce qui est utile dans les cas où une application se compose de plusieurs instances de VM qui doivent fonctionner indépendamment.

Pour rappel :

  • .OVF est un format de fichier qui contient des métadonnées, des disques virtuels et des éléments de fichier décrivant les machines virtuelles, ainsi que des informations supplémentaires importantes pour le déploiement et le fonctionnement de l'application.
  • .OVA est un package qui englobe les fichiers cités précédemment dans une archive de fichiers unique (plus pratique selon moi).

Les modèles de VM ne sont pas compressés. Ils sont accessibles uniquement à partir d'emplacements disponibles pour vCenter (datastore, etc.) et ne sont pas destinés à être partagés avec d'autres organisations.

III. Environnement de mise en place

Plantons le décor, voici ce que nous allons utiliser :

  • Un VCSA (VMware vCenter Server Appliance), avec un ou plusieurs hôtes ESXi connectés
  • Une machine virtuelle (Windows) fonctionnelle disposant des VMware tools installées. Dans mon cas, je vais utiliser une machine Windows 10 21H1 pour réaliser le didacticiel.

Option : personnaliser votre machine virtuelle en installant un ensemble de logiciels pour vos besoins,  les besoins d'une entité particulière, etc. Je vous recommande d'utiliser le logiciel Ninite afin de faire une seule installation groupée des logiciels les plus connus et les plus utiles, que vous pourriez avoir besoin. Par exemple : WinRar, Firefox, Chrome, Visual Studio Code, etc.

Aperçu de la VM qui doit devenir un modèle

IV. Création du modèle

Depuis une machine virtuelle, fraichement installée, cliquez sur : action, clone, clonez vers un modèle.

Choisissez un nom pour cette future VM de référence. Il doit être différent du nom de la machine originale (ici : Win-10-Pro-21H1-Desktop). Le nom pour cette machine de référence sera dans mon cas Windows-10-Pro-21H1-Desktop-Master.

VMware - Assistant "Cloner la machine virtuelle vers un modèle"

Il vous est demandé par la suite de choisir la ressource de calcul pour héberger votre futur VM template. Choisissez par défaut votre cluster d'hôtes ESXi, ou un hôte ESXi en particulier.

Puis, sélectionnez le datastore où vous souhaitez stocker le modèle de machine virtuelle.

Ensuite, un récapitulatif des actions effectuées s'affiche à l'écran. Dès que vous cliquez sur "Finish", le template va se créer. Patientez pendant la création.

V. Création d'une spécification de personnalisation d'invité VM

La personnalisation du système d'exploitation invité est une fonctionnalité de vSphere qui permet aux utilisateurs de modifier les paramètres du système d'exploitation invité Linux ou Windows d'une Template de VM. Pour rappel l'approche traditionnelle était de :

  • Démarrer manuellement une machine virtuelle,
  • Se connecter au système d'exploitation invité
  • Modifier la configuration dans différentes parties du système d'exploitation via une interface graphique ou l'invite de commande,
  • etc.

Cette méthode est lourde et fastidieuse. Avec la personnalisation du système d'exploitation invité de VMware, vous pouvez créer un fichier de personnalisation et utiliser celui-ci pour personnaliser chaque instance de VM générée à partir du modèle. Vous pouvez facilement modifier les paramètres du réseau, le nom d'hôte, le nom d'utilisateur, le mot de passe, le fuseau horaire, les paramètres de licence, le SID (identifiant de sécurité) et le domaine/workgroup.

Remarque : les paramètres de personnalisation pour Linux et Windows sont différents. La procédure aussi. Les problèmes de compatibilité sont malheureusement nombreux en fonction des distributions. Cette fonctionnalité sera plus utile et exploitable pour un environnement virtuel Windows. Je ne vais donc pas la développer ici. Pour plus d'informations, reportez-vous à la documentation officielle de VMware.

Pour créer votre "procédure d'instanciation de template", rendez-vous dans > Menu > Stratégies et profils 

Puis, créez une nouvelle "spécification de personnalisation d'une VM" (sacré charabia ^^). Renseignez les informations suivantes :

  • La famille de l'OS concernée (Windows dans mon cas)
  • Si vous souhaitez utiliser l'utilitaire SYSPREP. Personnellement, je n’y vois aucun intérêt sachant que VMware propose de générer automatiquement un nouveau SID et cela nous évite une tâche fastidieuse.

Définissez par la suite le nom du propriétaire. Par défaut, ici je vais mettre User. Le nom du compte que j'ai crée lors de l'installation de Windows 10.

Puis, nous pouvons personnaliser le hostname (nom NETBIOS) de l'hôte Windows qui sera généré. Dans mon cas, je vais préfixer le nom d'hôte de chaque machine avec "PC-itco-" suivi d'un numéro d'identification random fourni par VMware, mais vous pouvez choisir de préfixer le nom de la machine, lors du déploiement de la VM, ou via une extension X via VCSA.

VMWare vous laisse le choix d'activer ou non Windows 10 depuis son formulaire en précisant une clé d'activation. 🙂

Vous devez ensuite définir le mot de passe du compte administrateur du template.

Puis, sélectionnez ensuite le bon fuseau horaire en fonction de votre géolocalisation.

Si vous souhaitez injecter un script PowerShell/batch, cette section est faite pour vous :). Dans mon cas, je ne vais pas l'utiliser.

Choisissez ensuite vos paramètres réseau. Dans mon cas, je vais utiliser l'option par défaut DHCP (IP+DNS), mais la deuxième option vous permet d'entrer manuellement les paramètres IP/DNS lors du déploiement d'une nouvelle VM.

La 9e étape nous octroie la possibilité de joindre directement la nouvelle machine déployée à un domaine Active Directory. Dans le cadre du tutoriel, nous allons nous en passer. ^^

Enfin, un récapitulatif vous est présenté. Il suffit de cliquer sur "Finish".

Le profil sera stocké, dans le menu : Menu > Stratégies et profils. À tout moment vous pouvez l'éditer, sans en créer un nouveau.

VI. Déploiement d'une machine virtuelle à partir de notre modèle

Afin de tester notre template, créez une machine virtuelle, cochez l'option "Déployer depuis un modèle", puis cliquez sur "Next".

Je vais donc choisir de déployer une VM Windows 10, à l'aide du template que je viens de réaliser.

Je lui assigne le nom suivant : Win10-21H1-Test. Remarque : le nom de la machine virtuelle, ce n'est pas son hostname au sein de l'OS.

Par la suite, je choisis d'utiliser mon cluster d'ESXi, pour gérer la partie gestion des ressources de calcul.

Je sélectionne un emplacement pour le stockage de cette future VM.

Arrive une étape importante, où nous pouvons choisir de cocher les options suivantes :

  • Personnaliser l'OS de la future VM (via le fichier de personnalisation créé plus tôt)
  • Personnaliser le matériel de cette VM (CPU, RAM, stockage (agrandir le disque dur, choisir le type de provisionnement : thin/thick), etc.)
  • La mettre sous tension dès lors que celle-ci sera déployée.

Évidemment, je vais sélectionner mon profil personnalisé.

Ensuite, si vous le souhaitez, vous pouvez ajuster les ressources physiques. Ce qui est l'occasion d'agrandir la taille du disque dur virtuel, par exemple.

Enfin, VCSA nous présente un récapitulatif des informations que nous lui avons fournies. Après quoi il déploiera la machine virtuelle.

Le déploiement de celle-ci prend environ une bonne minute. Et voilà, notre machine Win10-21H1-Test, est déployée et opérationnelle !

Nous pouvons constater que le nom d'hôte de la machine déployée a bien été modifié automatiquement lors du déploiement de celle-ci, ce qui confirme que la customisation de l'OS a bien été réalisée par VCSA.

VII. Conclusion

J'espère que l'article vous aura plu ! Avant de vous laisser, voici deux rappels pour conclure :

- Un modèle de machine virtuelle est une image spécifique d'une VM qui peut être utilisée pour créer des instances de VM lors de déploiements en masse. Les templates ne peuvent pas être modifiés et activés comme les machines virtuelles ordinaires, ce qui améliore la sécurité.

- La spécification de personnalisation de l'OS du template vous aide à personnaliser les paramètres du système d'exploitation tels que la configuration réseau, le nom de l'ordinateur, le fuseau horaire, injecter un script Batch/Powershell, etc. Cela rend vos déploiements de VM plus rapide et plus pratique. Vous bénéficiez d'avantages importants tel que l'automatisation, la réduction du nombre d'erreurs, et la standardisation de vos machines.

The post Créer des templates de VM avec VMware vCenter Server Appliance first appeared on IT-Connect.

Le ransomware REvil cible les machines virtuelles VMware ESXi

29 juin 2021 à 09:40

Le ransomware REvil bénéficie désormais d'un module de chiffrement Linux qui cible et chiffre les machines virtuelles VMware ESXi. Après les NAS, ce ransomware d'attaque aux machines virtuelles.

En mai dernier, le chercheur Yelisey Boguslavskiy de chez Intel, avait découvert un message sur un forum où il était précisé qu'un module de chiffrement basé sur Linux était disponible pour le ransomware REvil et qu'il permettait de s'attaquer à des NAS.

Désormais, ce variant de REvil pour Linux va plus loin puisqu'il s'attaque aux hyperviseurs VMware ESXi et plus particulièrement aux machines virtuelles. L'équipe de chercheurs MalwareHunterTeam a fait cette découverte.

Vitali Kremez de chez Intel a analysé cette version Linux de REvil, qui se présente sous la forme d'un exécutable au format ELF64 (Executable and Linkable Format). Au moment de l'exécuter sur un serveur, l'attaquant peut spécifier différents paramètres, notamment le chemin vers les données à chiffrer : la banque de données de l'hyperviseur où sont stockées les VMs.

Usage example: elf.exe --path /vmfs/ --threads 5
without --path encrypts current dir
--silent (-s) use for not stoping VMs mode
!!!BY DEFAULT THIS SOFTWARE USES 50 THREADS!!!

Vitali Kremez explique également que REvil s'appuie sur le CLI de VMware ESXi (esxcli) pour lister les machines virtuelles présentes sur l'hyperviseur. Les machines virtuelles seront stoppées pour que le ransomware passe à l'action et qu'il chiffre les disques durs virtuels au format VMDK. Si la machine virtuelle n'est pas arrêtée correctement, en plus d'être chiffrée, elle pourrait être corrompue.

En s'attaquant directement aux hôtes VMware ESXi, le ransomware REvil peut chiffrer un nombre important de serveurs avec une seule commande, ce qui est particulièrement dangereux.

Fabian Wosar, le CTO de Emsisoft a précisé que d'autres ransomwares avec un module de chiffrement compatible Linux, dont : Babuk, RansomExx/Defray, Mespinoza, GoGoogle, DarkSide, ou encore Hellokitty. Ces variants pour Linux sont créés principalement dans le but de s'attaquer aux hôtes VMware ESXi.

Si vous souhaitez obtenir les hashs des fichiers associés à la version Linux de REvil, rendez-vous sur cette page : REvil - Linux - Hash

Source

The post Le ransomware REvil cible les machines virtuelles VMware ESXi first appeared on IT-Connect.

VMware Virtual Machine Compute Optimizer free tool

26 juin 2021 à 07:22

The Virtual Machine Compute Optimizer (VMCO) is a free tool from the VMware Flings site at flings.vmware.com that enables you to capture information about the hosts and VMs running in your vSphere environment. It generates a report on your VMs and shows you whether your VMs are optimized. It takes the configuration of the host's memory and CPU into consideration.

The post VMware Virtual Machine Compute Optimizer free tool first appeared on 4sysops.

Configure VMware vSphere 7 High Availability advanced options

18 juin 2021 à 15:15

VMware vSphere 7 High Availability (HA) advanced options are useful when you need to provide specific networking due to local network requirements or you need to change some uncommon behavior.

The post Configure VMware vSphere 7 High Availability advanced options first appeared on 4sysops.

Synology DSM vs QNAP QTS NAS 2021 Part III – Backup Tools, Surveillance, Virtual Machines and Conclusion

11 juin 2021 à 16:00

Synology DSM vs QNAP QTS NAS Software & Hardware Comparison

Welcome back to the final part of my Synology vs QNAP NAS comparison, where I go through the main differences between the two biggest brands in the world of NAS in 2021/2022. So far we have covered the brand’s rhetoric, the hardware, the graphical user interface (GUI), how they approach storage, mobile applications, multimedia sharing/streaming and desktop clients! In this final part, I will be moving into much more business-led subjects to compare the Synology DSM NAS systems and the QNAP QTS NAS devices and then conclude with which areas either brand excelled, failed or are identical. Both brands have a fantastic range of backup tools for home users to enjoy (with Synology Hyper Backup and QNAP Hybrid Backup Sync being the too most popular of course), but we are seeing a real emergence of cloud integration on either platform, as software as a service (SaaS) grows in viability – with either brand shouting loudly how they are the perfect bare-metal system to run parallel (bare metal = hardware server that is sync’d with your cloud services, among other things). So today I want to discuss their support of SaaS services, Virtual Machine self-hosting and migration from the likes of VMware and Hyper-V and a better look at Surveillance on each platform, AI-supported services and more. It is ALOT to pack into our final part before we conclude, so let’s get started.

LINK to PART I – The GUI, Control, Customization and Brand Focus

LINK to PART II – Storage Control, Mobile Apps and Multimedia

 

Synology DSM vs QNAP QTS NAS Software – Backup Tools

This is an interesting area to compare the Synology DSM and QNAP QTS NAS Software and services, as although at a balance it looks like the two brands provide the same functionality, there are a few tiny differences that (if you are not aware) may annoy yours later. As touched on early, the Synology NAS platform arrives with Hyper Backup and Active Backup Suite, whereas QNAP arrives with Hybrid Backup Sync and Hyper Data Protector. BOTH Synology and QNAP across their respective two apps each provide support of:

  • Multi-site backups that can be scheduled, have filters applied, utilize deduplication and support NAS-to-Cloud/NAS/USB/Folder operations
  • Can Backup VMs from VMware and Hyper V and (in the right format) restore the VM image on the brand-specific VM app on either brand NAS
  • Support Version retention on regular bare metal backups and VM backups
  • Guide you through a 3-2-1 Backup System using 1st party resources and applications only
  • Supports numerous backup protocols/methods that include RSync, RTRR, Differential backups and TCP BBR

So, that just about covers 95% of traditional and most frequently asked backup methods. However, this is where the brand’s differing ideas of what users want/need step in. The Synology Backup applications are definitely the better looking of the two, with the Hyper Backup tool being the more chewable/easy one of the two, supporting quite a few cloud platforms (which obviously giving their own C2 service a decent bit of space – can’t blame them), and active Backup Suite ramps things up a bit for business, allowing a larger degree of business targets/sources to implemented. One particularly attractive feature of Synology Active Backup Suite is the Google Workspace and Office 365 addons that are license-free (ie provisionally free) that allow you to connect and sync your cloud software services with the NAS to act as a SaaS local syncing system (besides subscription costs and security, internet downtime is the biggest Achilles heel of Office 365/Google Workspace). This is available on QNAP too (with BoXafe) but requires additional license fees for cloud connections. To counter this, although both Synology and QNAP support inline deduplication, the QNAP ZFS based QuTS Hero platform provides it to a much better degree right now, with additional QuDeDupe software and inline compression too (with saving in data being visible analytically) and even handles encrypted backups better with localized client software that you can install on your business devices.

There are lots more that could be covered here (Synology Drive and its client apps, QSync Pro and its improved mobile client-to-NAS services, etc) but these are when we move into the subject of synchronization, file streaming and are less about backups and more about remote level access and synchronicity in your storage. Although the QNAP Software is still very good for numerous backup methods, ZFS and its file transmission benefits still shine and the support of more kinds of 1st/3rd party external storage and cloud are available – the Synology Backup tools and services are a tad better divided between home and business needs with which services are included in Hyper Backup and Active Backup Suite respectively.

Why Choose Synology NAS? – Active Backup Suite, Hyper Backup, Licence Free Office 365/Google Workspace Sync and Synology C2

Why Choose QNAP NAS? – Hybrid Backup Sync, Many More Cloud Services Supported and Hyper Data Protector has Better Retention Policies

 

Synology DSM vs QNAP QTS NAS Software – Surveillance

Many users who are on the verge of buying a new NAS drive for home or business will often justify the purchase (to themselves or their finance manager) by factoring in that alongside the backup software safety, the multimedia streaming potential and potential saving versus long term cloud storage by ALSO considering using it as a Surveillance system. Both Synology and QNAP provide a genuine business class surveillance software package with their respective systems that allow you to utilize numerous IP Cameras, IP Speakers, network door locks and bring it all together with a single standalone security deck/feed that can be accessed locally over the network or remotely over the internet. Although both brands have done an incredible job with their respective software, over recent years we have seen a real divergence on how each brand has proceeded in their respective software. One very, VERY clear difference is that QNAP Surveillance gets spread across browser and local client app (windows, mac, phone, etc) less evenly, with adding cameras, extensively changing camera alert functions and customizing the setup being almost exclusively done in the web browser GUI but the local client allowing full camera access, PTZ control and actioning being almost exclusively on the client apps. Whereas Synology and Surveillance Station allow ALL of this to be done on the browser client and MOST of it to be possible on the desktop client app too. The Mobile client for QVR Pro and Surveillance station is a little more limited, but in terms of full software access,  think the Synology platform keeps it a little more even. Here is a breakdown of the main benefits/PROs of each surveillance NAS software:

PROS of Synology Surveillance

PROS of QNAP Surveillance

Considerably Better Browser Access & Controls

Beter 3rd Party Software integration with the Surveillance station API

Better Camera Feed Accessibility in the Browser & Clients

Fast Search Runs remarkably Smoothly

LiveCam converts a Mobile to Live NVR IP Camera Feed

Share Live Feeds to YouTube for Fast/Easy Sharing

 More Camera Licences (8x in QVR Pro)

Technically 3 Surveillance Platforms to Choose that vary in complexity

Better Client App Control and Analytics

Local KVM (Keyboard/Video/Mouse) Support

AI Surveillance services can be added on Integrated CPU NAS, Google TPU card or a GPU Card

USB Web Camera Support

CONS of Synology Surveillance

Only 2 Camera Licenses included

AI Surveillance Services are ONLY available on the DVA3221 NAS

Practically no KVM setup on Diskstaiton NAS systems

CONS of QNAP Surveillance

QVR Elite for QuTS Hero Only has 2x Licenses

Camera Feeds Cannot Natively be used and controlled by QVR Pro in the Browser

Bulk of AI Supported Services are Annual Subscription Fee-Based

Straight away, despite a rocky start, QNAP and QVR Pro grab a lot of the PROs back with their QTS QVR Pro version arriving with 8 Camera licenses (at the time of writing) which is massive compared with the 2x that Synology provides (bear in mind, a camera licence will cost between £30-50 depending on how big a multipack you buy). Likewise, the support of keyboard, video and mouse (thanks to QNAP NAS having HDMI on a large % of their systems) provides the means to interface with the system for surveillance if your network fails and the recordings are needed. Finally, a big, BIG appeal is that the AI-supported surveillance services that are growing in popularity in modern business class NVRs are available on QNAP NAS that has a decent enough embedded graphics CPU (i.e. an i3 and above), the google TPU M.2 Coral upgrade or a graphics card installed – whereas Synology has locked AI surveillance into ONLY two of their NAS systems that have a GPU card installed by default (and cost ALOT). These AI-supported services are pretty niche of course (facial recognition, people counting, zone management and object recognition) but still. many will find this hugely appealing. Here is my video breakdown comparing the two popular surveillance services for QNAP and Synology:

It is worth highlighting however that the AI-supported services on the QNAP QVR Platform are not technically ‘completely free’ and before you think that the Synology DVA3221 near £2K box is an overspend, it is worth highlighting that in order to use all the same AI-powered services on the QNAP NAS platform, you will need a NAS that either has a decent embedded CPU (starting at just over £1K for the QNAP TVS-472XT to start with) and/or a GPU card installed. Then you have to factor in the licences. Not just the camera licences (although both the DVA3221 and any QTS NAS have 8 camera licences for adding camera) but the license to use the AI services on the QVR Surveillance software. Somewhat annoyingly, QNAP has put each of the AI services (tracking faces, people recognition, AI recording analysis, Smart AI Door unlocking, etc) behind individual licenses that (for the most part) are all ‘annual’, so you will need to renew them (see below for current pricing and terms). This is quite a bitter pill to swallow in the long term and although the saving versus the Synology DVA system seems good at first, if you want to run a 4 Bay AI-Powered Surveillance system on the QNAP NAS system with 4-8 cameras, it ends up costing just as much (maybe even more once you factor in the annual fees) and only partially mitigated by the flexibility of the system you want to use.

Overall, it is pretty clear that QNAP gives the end-user ALOT in terms of surveillance for their money (although that licensing model structure gets a thumbs down from me), as well as allowing access to many modern AI CCTV services that Synology either choose to not pursue or only allow on a select few systems. Maybe you are reading this in the future and Synology have opened up this logic to allow ‘Synology supported GPU Cards’ to be installed, which would certainly give this comparison a different outcome, but there is no denying that the QVR Pro surveillance platform allows more flexibility in its setup. Alongside this, the QVR to software right now has a lot more camera licences included (though this drops to x2 on QVR Elite on the QuTS Hero platform – which though admittedly has higher performance on the local client integrated, is a bit of a shame) and many will end up seeing the potential savings being enough to overlook that Synology Surveillance station is the better Surveillance tool in terms of the GUI, supported service add ons and in how user-friendly it can be.

Why Choose Synology NAS? – Better Surveillance Software Overall, Especially in the Web Brower GUI

Why Choose QNAP NAS? – More Camera Licenses, QVR Pro has KVM Support, Wider AI Surveillance Support and Upgrade Options

 

Synology DSM vs QNAP QTS NAS Software – Virtual Machines

It wasn’t such a long time ago that the use of virtual machines (VMs) was exclusively in the business sector. The ability and utility to create a virtual and remotely accessible version of a computer (giving you need a terminal in order to utilize them in most cases) was simply not of use to the average home or even small business user. However fast forward to 2021/2022 and you find that they have accelerated in popularity, thanks to businesses requiring centralized data storage for both the convenience of duplicating computers AND to simplifying the backup/restore process. Then you have the simple appeal for prosumer or small business users to be able to create an emulated version of their own computer in order to access it anywhere in the work, run test with software/updates that they are hesitant to run on their core system OR simply to allow them to create an accessible VM of an operating system that can be run parallel to that of the core hardware (i.e. a Linux/Unbuntu VM that runs in a window, on a Windows/Mac matching). Most high-end business users in recent years have used one of two popular 3rd party client TOOLS for this, VMware vSphere and Hyper V (with other smaller tools like VirtualBox popping up). Where a NAS can be integrated into this is actually pretty cool, such as:

  • A NAS can be used as a backup target (with versioning, snapshots, etc) for the virtual machine, so you have a local restorable copy
  • A NAS can be used to run the core VM files as a remote target, whilst still using the 3rd Party Software
  • A NAS can have the 3rd Party VM data sent over to it and then the NAS can host the Virtual Machine in its very own premium VM Software
  • A NAS Can combine all three of the above to create a backup access point to a VM (in supported formats and correctly imported) that allows remote accessing VM users, in the event of disconnection or forced restoration, to switch over to the NAS based VM and continue working

Now it is worth highlighting that BOTH Synology and QNAP have excellent VM hosting applications, in Virtual Machine Manager and Virtualization Station respectively, which perform all of the above services, however, they do it in slightly different ways (involving other applications in the system that are integrated) but for VMware/HyperV, the restoration is arguably handled smoother with the Synology Virtual Machine tool and Active Backup Suite tool working together to allowing exclusive integration with Synology Virtual Machine Manager (VMM) as the temporary disaster recovery solution allows you to instantly restore services to the Synology storage server even when the production environment is down. QNAP have very similar services to this, but not the same fast, easy and integrated pass-over system. For a better understanding of the GUI of Synology Virtual Machine Manager vs QNAP Virtualization Station, take a look at the video below:

There are several very unique and arguable superior elements to the QNAP VM software that are worth highlighting. First off there is access to a VM marketplace from within the app that allows you to install Virtual Machines directly on the QNAP NAS without having to obtain the VM Image/ISO independently. These include firewall and network management virtual images such as Pfsense, RouterOS and Zabbix, but there is also a 3-click Windows VM installation option too. This allows users who just want to try out a Windows 7/8/10/Server VM before committing fully to a NAS based VM environment for business/home use and includes a 90-day trial (you can use your existing windows registered key/login if you want. Alongside this, there is also the improved VM-to-Hardware integration available on Synology Virtual Machine Manager and QNAP Virtualization station that allows you to connect USB ports to a VM and allow that virtual desktop environment to access physical local USB devices, however, QNAP takes this a noticeable degree further with the support of PCIe-to-VM connectivity that allows you to connect a Graphics card (or other suitable PCIe to that VM architecture) and allow the virtual environment to scale up considerably (perhaps for video editing or gaming, if the CPU is appropriate). Then there is the flexibility of setup on the QNAP, with Virtualization Station supporting a KVM environment and QVM (QNAP Virtual Machine) to allow a NAS with connected Keyboard, HDMI Video monitor and Mouse to have a local VM that can ALSO be accessed remotely too. Finally, QNAP has a dedicated Ubuntu application that allows you to create VMs of version 18, 19 or 20 of Ubuntu (the free Linux alternative to Windows and MacOS) in around 3-4 clicks of the mouse! This is a very rare occasion in this Synology vs QNAP comparison where I can genuinely 100% say that QNAP spent much, much more time working on 1st party support and Synology keeping it a little more openly supported with 3rd parties – though, given the maturity of the likes of VMware, this is understandable. This is also demonstrated on the subject of container image and deployment (if a VM is an entire OS, then a Container is an application or program that is running without an OS to live on to off) where the QNAP platform has its own Container Station application and download center/marketplace and Synology use the industry popular Docker tool.

Synology’s Virtual Machine Manager is a fantastic tool and definitely one that has enterprise users in its sights! With that improved integration with existing enterprise VM software providers in the market, they have made a very clear decision that their free VM software still has a business feel, whereas QNAP has shaped their VM tool to something more accessible for all tiers (though lacking the snap cloud-to-local VM deployment – which is a real shame). Much like AI surveillance on the QNAP platform, a few of the biggest features of Synology Virtual Machine Manager are license/subscription fee-based (which is a shame, but understandable given the target demographic and its scope when FULLY deployed, these include:

Synology VMM

(Free)

Synology VMM Pro

(License Required)

Supported Operating System Windows, Linux, and Virtual DSM
Cluster Management Included Included
QoS Settings Included Included
CPU Overcommit Physical CPU threads x2 Physical CPU threads x4
Max Virtual Switches 4 4096
Max Snapshots per VM 32 255
VM Share Links per Host 1 16
Remote Replication Plan Not Included Included
Remote Storage Migration Not Included Included
Run VM on Remote Host Not Included Included
High Availability Not Included Included
Live Migration Not Included Included

Overall, it is going to be a case of whether you are coming into the subject of virtual machines as a completely fresh start, coming from a moderately experienced background or are looking for a system to integrate into your already well established VMware or Microsoft VM environment. QNAP and Virtualization station provides a huge array of self-hosted VM deployment options, connecting with numerous 3rd party download centers to easily pull a VM image onto their system, restore an existing VM image, convert VMs into QNAP supported images and then allows you to integrate a greater deal of hardware resources towards them (GPU card, KVM, etc). They are certainly supporting those bigger VM platforms out there and allow backups, snapshots, faster restoration and making big moves into that SaaS and reducing downtime practices that businesses want, but this is where the Synology Virtual Machine Manager tools shine. With a grander focus on those Hyper-V/VMware VSphere established systems and presenting themselves as a failure and support system, they make their integration a great deal easier for companies to choose. They still take a big advantage by allowing a VM live backup to be stitched over to Synology Virtual Machine Manager as a viable recovery and restoration option, which is likely going to be the clincher for many.

Why Choose Synology NAS? – Synology Virtual Machine Manager is VERY intuative, Cloud VM-to-Local VM Migration & Restoration

Why Choose QNAP NAS? – QNAP Virtualization Station supports more OS/Formats, 3 Click VM download & Install, Dedicated VM tools for different VM Images and has Better Hardware Configuration Options Overall

 

Synology DSM vs QNAP QTS NAS Software – Conclusion

It’s been a very, VERY long road but we can finally look just how Synology DSM and QNAP QTS for NAS (as well as all the hardware and services in between) compare. There has been a long-running theme all the way through that where Synology has focused on FIRST-PARTY (i.e. Synology-brand) software and hardware priority, then supporting THIRD-PARTY services/hardware when they haven’t got a viable alternative in-house – to mixed degrees of popularity. Whereas QNAP has been a much more level playing field where they have released their own innovative hardware/software (occasionally a little too quickly) and singing its praises, but also tried to keep customization and flexibility for 3rd parties as open as possible and shouting loud-and-proud about that too – which can be a tad overwhelming for the less tech-savvy. Both brands have done an incredible job evolve their platforms as much as they have in 2021/2022, especially when Microsoft, Google and Amazon are pouring BILLIONS into the SaaS (and PaaS and IaaS – Platform and Infrastructure as a Service) in order to create entirely streamable ecosystems for businesses, with NAS brands like Synology and QNAP not only integrating with them but also thriving alongside them as a local/bare-metal failsafe.

These are all very lofty ideas and ones that most home or small business users will likely have little time for right now (aside from where NAS fits in with their Google/Office 365 office tools like documents, email and spreadsheets at a pinch) and for those users, who the NAS stands on its own two feet is what is going to matter most. Synology is earning its position in the market as the complete 1st party software and hardware package in 2021/2022, with a genuinely groundbreaking range of available services, but still managing to make NAS accessible for all in DSM 6.2/7.0. That said, the trends we are seeing in those sub-enterprise services that are slowly receding in support of popular 3rd party hardware, software and services, making using a Synology NAS alongside your own existing setup in a frictionless way cannot be ignored and leading some to think Synology is shifting their industry position towards something higher.

QNAP NAS on the other hand, although maybe trying to cover too many bases at once, is still trying to cover as much as it can to appear to their audience. Their support of considerably more 3rd party platforms/software/services, even when they have their own software available, is certainly admirable and aside from rather aggressive pricing on their QVR Pro surveillance platform, are still the better choice for those who want a much more adaptable and customizable platform. Its a pretty understandable fact that most people who buy a NAS will be arriving with an existing collection of software in their daily workflow (Office 365 for docs, Gmail for their email, Plex for their media, Chromebook for their commute, Skype/Whatsapp for their communication, TB3 for their editing, etc) and it has to be said that QNAP keeps a more open platform to adapt a NAS into this mix than Synology – occasionally less intuitively and not without a little setup-friction, but certainly to more customizable results.

Unsurprisingly, I am going to tell you that both Synology and QNAP NAS are good NAS brands and have earned their place at the top of the industry (whilst both making their own respective moves to integrate into the next tier – ie SaaS providers, Hyperscale environments and Boundless cloud storage), but there is no denying that no one brand has managed to do EVERYTHING to perfection. So, if in double, below is how I would recommend QNAP and Synology NAS to you, for each user case scenario and I hope this guide and my recommendations help you with your next big data storage purchase.

 

Why Choose Synology NAS?

Better Surveillance Software

More Intuative and User-Friendly Design

EXCELLENT 1st Party Alternative Apps to Existing 3rd Party Tools

(including Synology Chat, Mail, Office, Drive, Calendar and more)

Greater Support/Migration with VMware & Hyper-V

Better Redundant System Options (SHA)

Greater Support on Amazon Home Hardware

Synology Hybrid RAID for flexibility in Media Upgrades

BTRFS on Most systems

Longer Warranty Available on More Systems

First Party SSD and HDDs Available

Typically Quieter Operation

If you are thinking of buying a Synology NAS, please use the links below

Why Choose QNAP NAS?

Better 1st Party/Hosting Virtual Machines

Better Plex Media Server NAS

More Adaptable and Customizable

Wider Support of Surveillance using AI Recognition

EXCELLENT KVM Support

More Camera Licenses

ZFS or EXT4 File System Choice on many systems now

2.5Gbe Network Interfaces at 1Gbe Cost

Allows NVMe SSD Storage Pools and Volumes

Support of QTier for intelligent Data storage for Access

Greater 1st and 3rd Party Hardware Upgrade Compatibility

(including Graphics Cards, WiFi 6 and Thunderbolt)

If you are thinking of buying a QNAP NAS, please use the links below

 

Need More Help Choosing Between Synology or QNAP NAS?

Choosing the right data storage solution for your needs can be very intimidating and it’s never too late to ask for help. With options ranging from NAS to DAS, Thunderbolt to SAS and connecting everything up so you can access all your lovely data at the touch of a button can be a lot simpler than you think. If you want some tips, guidance or help with everything from compatibility to suitability of a solution for you, why not drop me a message below and I will get back to you as soon as possible with what you should go for, its suitability and the best place to get it. This service is designed without profit in mind and in order to help you with your data storage needs, so I will try to answer your questions as soon as possible.


Articles Get Updated Regularly - Get an alert every time something gets added to this page!


This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.   This description contains links to Amazon. These links will take you to some of the products mentioned in today’s video. As an Amazon Associate, I earn from qualifying purchases

 

❌