Synology DSM vs TrueNAS – Security, Apps and the Verdict
This is the 3rd and final part of my full comparison of Synology NAS DSM 7 and TrueNAS Core 12. If you missed the earlier chapters/parts, you can find them in the links below:
- Part I of the TrueNAS vs Synology DSM Guide is HERE (04/04/22 – Design, GUI and Customization)
- Part II of the TrueNAS vs Synology DSM Guide is HERE (06/04/22 – Storage Management, Access & Sharing)
- Alternatively, you can read the (LONG) Guide of Synology DSM 7 vs TrueNAS Core is available HERE.
Now, if you read through my details on file/folder management on TrueNAS and Synology DSM, then you might have a good idea how this is going to go down when comparing these two platforms. However, it’s not quite as cut-and-dry as it might seem. Unsurprisingly, the range of first-party tools and applications is greater on the Synology DSM platform and graduating slightly from the SaaS apps mentioned earlier, Synology also offers a range of business and enterprise-class tools for backups, hybrid cloud synchronization and management tools for a wider array of systems in multiple locations in their CMS services. Now, TrueNAS supplies a lot of the wider area, multi-site services in their TrueNAS Command and TrueNAS Enterprise services (subscription/premium based) but regardless of all this, the range of applications in the 1st and 3rd party support are overall still larger on the Synology DSM NAS platform, with a wide array of applications immediately available and signed/trusted by the brand in the app center.
TrueNAS Core (indeed, the bulk of the TrueNAS platforms really) are much more community contributed and that results in far fewer first-party premium applications being available (with many elements that Synology offers as standalone applications being rolled into the general services of TrueNAS). Nevertheless, TrueNAS does arrive with a large range of third party applications available in the add-on center that are pre-configured for faster deployment in the TrueNAS environment. However, many TrueNAS/FreeNAS purest will choose to go full custom and homebrew and TrueNAS has tremendous flexibility in this direction. Allowing you to create custom containers (know as JAILS) that you can install community apps safely and then run very, very bespoke applications and services on your TrueNAS remotely.
Now, as proprietary, closed and (dare I say it) stuffy as Synology is, it is also worth mentioning that there actually is a surprisingly active homebrew scene on the DSM platform that, although Synology does not really support formally, do not detur. This community comprises of two main areas, the GitHub modifying crowd who will create custom tools (typically modified from existing Linux or windows applications/tools) and then modify them into Synology deployable .spk installation files or SSH command groups. The other marginally more accessible group (at least to the average user) is the Synocommunity app repository which is far more comparable to the office app center in appearance and installation. As mentioned, although Synology does not really support this, they also do not really stop users from pursuing this, adding an option in the settings menu that allows access to unsupported apps, uncertified applications and adding third party application repositories.
As mentioned, unlike the wider design of TrueNAS to make itself easier to be accessed by existing 3rd party network applications and services, Synology DSM focused ALOT more on those first-party applications and provides a wide variety of tools that are genuinely stand out – not just good as they are, but they really do rival enterprise and premium business tool. A couple of big examples of that are Synology Surveillance Station and Synology Active Backup. The Surveillance Station application is a web browser (and desktop/mobile client) supported video surveillance platform that allows you to add multiple cameras to your network environment and create a hugely customizable and secure surveillance environment. With the support of thousands of IP cameras that you can pick up for as little as $30 all the way up to enterprise AXIS cameras, the platform supports a vast variety of features. These include; Pan tilt Zoom control, Watermarking, Privacy masks, eMaps, Browser control/views, simultaneous archive+livefeed views, IP speaker control, intelligent recording patterns and more. It is a genuinely enterprise platform for your security, just do remember that the bulk of Synology NAS hardware only arrives with support of 2 cameras by default and adding more cameras costs an extra $30-50 (prices vary based on bulk packs) per camera. Although TrueNAS supports numerous surveillance platforms already (with at least one supported as an app in the add-on center and others able to point their storage recordings at the TrueNAS system) these will likely have their own subscription payments attached.
The other big, big enterprise application that the Synology DSM platform includes is Active Backup Suite, a single portal, multi-client backup management tool. Now, this isn’t to be confused with Synology Hyper Backup (with does manage backups, but in a far lower level and client way), which is designed to backup much more high profile storage and devices. These can range from local PCs and clients tools, to virtual machine hypervisors such as VMware and Hyper V and SaaS cloud services in Office365 and Google Workspace. This is provided licence free and is comparable (favourably too) against other enterprise-grade hybrid backup tools for businesses that cost thousands of pounds a year. It is quite a resource-hungry tool and I would not really recommend it for a more affordable Synology NAS, but it’s a real deal-breaker. Once again, there IS support of third party applications that provide these services on the TrueNAS app center, but they almost certainly have their own price plans attached.
Now, this has all been rather one-sided up to this point and it makes it sound as if TrueNAS does not have any applications. It really, really does, but they typically fall into those two categories of ‘3rd party supported’ or ‘integrated into TrueNAS natively’. TrueNAS takes the arguable mature decision to ashew the idea of 1st party applications in favour of these being existing services from within their software. Everything from iSCSI support to the individual file-sharing protocols being default on/off settings on day 1, TrueNAS has a lot of native software services built-in from the start and they can be enabled easily. The lack of 1st party applications available for first-party hardware clients (mobile clients and desktop clients) is noticeable, but as long as you are thinking about the TrueNAS system as an additional storage system to your setup and not its own independent system, then you will likely never even notice.
One big factor for more business geared users who are considering TrueNAS is how each NAS system approaches the subject of virtual machine deployment. The NAS hardware certainly serves as a base to host multiple VMs, but the need for a dedicated and competent hypervisor to host and mouth them all will make all the difference. In the case of TrueNAS, virtual machine creation and deployment is noticeably easier to do than on the face of it and straight away from the initial GUI, you can create a flexible virtual machine hardware system, customizable from the ground up.
Now, Synology also supports the ability to create a virtual machine, but they do so by installing the Synology Virtual machine manager software. The Synology VMM platform is a professional grade virtual machine platform that is included with your Synology NAS hardware purchase in DSM7 and allows you to create virtual machines quickly and easily. This hypervisor platform genuinely can rival the likes of VMware in its ease of use and even includes the means to convert/adapt existing Virtual machine images from other 3rd platforms into its own more compatible structure within a few clicks. Overall, the virtual machine support on DSM is a little broader than TrueNAS, but TrueNAS core is significantly more customizable in its hardware variables, as well as allowing more options during the creation of a new virtual machine environment on day 1.
When it comes to optional upgrades and add-ons to the NAS system, you cannot really fault the options that Synology’s DSM platform offers. Yes, Synology DSM is a paid platform vs the free-to-download open-source structure of TrueNAS, but even then, you can see where a lot of that money has been reinvested into DSM. Synology is remarkably keen to replace the core 3rd party applications that most users feature in their network environment, creating a closed Ecosystem, etc that provides all those applications under a first-party banner. The TrueNAS platform on the other hand provides virtual machine deployment options in its primary system software and is even the tiniest pinch more customizable in how you can build your Virtual Machine environment. This is also improved on a hardware level when you bear in mind that TrueNAS is hugely free in its hardware build and it allows end-users to build a powerful computer base for TrueNAS to then divide into different VMs as needed. Synology has some relatively powerful server-grade hardware at their enterprise level, as well as active-active servers with dual CPU setups that build with Intel Xeon Silver processors, but the hardware is still a fixed specification and aside from improving memory modules and adding caching, the scalability to the hardware on the NAS for multiple VM deployments will always be greater on TrueNAS in the long run. Ultimately, Synology still largely wins the battle of 1st party applications, add-ons and 3rd party hardware with their recent hardware, but the margin between the TrueNAS configuration and flexibility vs the Synology fixed but straightforward deployment is certainly worthy of note.
Synology DSM 7 vs TrueNAS Core – Security
As you might expect from software that has been developed at a time when data security concerns have never been higher, both Synology DSM and TrueNAS Core are among the most secure platforms that you can store your personal or commercial data on. As bold a claim as that sounds, these two NAS platforms have been the least affected by ransomware, malware and exploited vulnerabilities over the years, with the only notable event being back in 2014 with Synolocker. Indeed, both brands have their very own Security Advisory pages that publish any found vulnerabilities and gives status updates on how they are being dealt with, with TrueNAS HERE and Synology HERE. All that said, both platforms are architecturally very different in how communication between services, tools and applications can communicate inside the system, as well as how security management is presented to the end-user. Moreso than arranging your storage, the Security settings and recommended setup for an individual user is going to be of huge concern on day one. Of the two brands, unsurprisingly, Synology has presented this in a much more user-friendly fashion, with the inclusion of a security advisory panel that can be run any time or on a schedule. This tool checks a wide variety of settings that can range from password strength, to active users, to ports, app controls, redundancy, backups and more. It is a really useful tool to those that do not fully understand the intricacies of keeping their system secure on a tech level and is something that really surprises me is absent on TrueNAS.
The TrueNAS platform on the other hand chooses the usual angle of providing a huge amount of control via a single screen (which to be fair features a lot of tips/? bubbles for guidance at times) that allows the users to choose how and what they want to allow to communicate. One useful thing to note is that by default, ALL of these communication settings and system tools that can affect your security are OFF by default. This isn’t particularly unusual (as many of these would be off on most NAS platforms), but on other NAS software such as Synology DSM or QNAP QTS, these settings and services are spread across multiple areas of the GUI control panel ad file services. Having them ALL listing in a single window so you can change settings much quicker makes a lot of sense and in terms of shutting ALL the doors in the event of a network security concern, this can save valuable time.
And whilst we are on the subject of being aware of security concerns (as well as when your system is exhibiting unusual behaviour) TrueNAS definitely provides a much better range of customizations on security alerts and notification than Synology DSM. That isn’t to say that Synology DSM doesn’t have notifications, it has lots of settings and they are be scaled as ‘light’, ‘medium’ ‘high’ and ‘custom’ for your convenience. But TrueNAS has an enormous ranging list of notification options that affect some remarkably detailed areas of system/network behaviour. They will take quite a long time to scroll and adjust if you want a truly bespoke notifications and alerts setup, but it simply has more variables than the default Synology DSM 7 NAS package. Now I say ‘default package’ because once again, Synology does have the subscription-based service Active Insight that is considerably better, can be broken down into excruciating precise detail and allows you to create custom reports that are delivered in a much more ‘human’ email format to the managers concerned. It is just a shame that this service is an additional subscription service and not one that is included with the system.
Then you have the often applauded TrueNAS Jails system that, although similar to Linux containers in the description, are much more secure and sophisticated. TrueNAS jails are contained instances of FreeBSD and they can be used to create standalone services and environments, with fully customizable levels of access to the rest of the system, your storage and users. By default, JAILS are almost completed separate from the rest of the system and in order to allow select users or services to interact with the JAIL (in either direction) is something the user needs to implement themselves which means that the chances of accidentally making an unsecured JAIL are reduced. Now, Synology DSM allows container creation for those homebrew/custom services to be added, as well as handling some 3rd party tools in its app center such as Plex Media Server (which hinges quite a lot of remote access port opening and access to your file/folder structure more than most) very securely. However, the services and tools that you install in the Synology NAS are tougher to configure on a detailed level (unless you use Putty and have some SSH knowledge, and even then it’s not guaranteed) and this makes the JAILS system of TrueNAS come out of it better.
Then you have the subject of Encryption. For those that are not aware, when it comes to encryption on a network-attached storage server, that can mean one of two areas. There is an encrypted connection that can be facilitated by an SSL certificate (both platforms support a wide range of paid/free SSL certificate options that can be applied to the system easily) OR much more often it can be referring to the data on your NAS living in a container that has encrypted lock and key architecture. This means that during the creation of your storage, you set the system to encrypt all data that is written to the disks and it can be mounted/locked with the use of an encrypted key or a downloaded digital key that was generated during setup. Now, as mentioned, both Synology NAS DSM and TrueNAS core support encryption, as well as supporting self-encrypted drives (SEDs). However, you can encrypt things to a wider degree in TrueNAS (Pools, zVols, zDevs, etc) than you can on the Synology DSM platform. Additionally, TrueNAS supports a wider range of encryption protocols and also supports an interesting ‘passphrase’ system that allows a user to lock/unlock their encrypted storage container quickly without entering a long key or keeping a digital encryption key on a local system.
Then there is the subject of security on the NAS in conjunction with connected and permitted users. We have covered that user and group account creation on Synology DSM and TrueNAS Core are quite comprehensive, but what about 2-Step authentication (also known as 2FA)? Two-step verification is the means to add an additional layer of user login verification by asking the user to provide a periodically generated code from an existing authentication tool (such as Google Authenticator on a mobile phone) that, although uses a 1 step setup algorithm, is randomly generated frequently. Now, Synology DSM and TrueNAS Core both provide this, but each has its own extra little spin on it in terms of how it is deployed. In the case of Synology, you can set up 2-step verification easily and on all associated system accounts, with numerous 3rd arty authenticator tools supported.
However, Synology go one step further and also provide their own authenticator tool for iOS and Android that allows you to keep your security in-house, as well as a few configuration options rolled in too. For companies that supply handsets to their staff, this allows them to keep continued use of Synology NAS storage to remain in a single company ecosystem. This also allows support of backing up the OTP profiles that you have created for logging into the NAS to your Synology Account. This resolves the often overlooked issue of if 1) you change phone devices and did not export your existing associated logins and more importantly 2) if you mobile phone unexpectedly fails/is lost, then you can restore the connected OTP login details very easily to a new handset.
Now Although TrueNAS does not have its own first-party authenticator application for iOS/Android (instead supporting the popular 3rd party applications out there) what TrueNAS DOES offer is an impressive range of setup customization options in its 2FA settings menu, allowing you to change the length of the code, the period of time between each refresh (VERY useful for those with accessibility difficulties and take longer to enter the access codes) and allows you to directly apply this customized code generation to SSH connections too. Although most users will likely stick with the default settings, I can definitely see particularly security-conscious users who need to distribute system access pretty widely liking this degree of flexibility.
Talking of wider access to the system, I do think it is also worth highlighting that TrueNAS is almost completely API designed. So, why is that important and related to security? Well, it is not always just going to be human users and installed applications that you might wish to access your NAS data. Alot of users are using the contents of a NAS to provide information to a remote services connection (such as web servers, external software CRM and CMS tools and security systems) and instead of supplying these services with powerful login credentials to the system (which can be a headache down the line if those account details, used in numerous smaller services, are changed for security reasons to the wider NAS system), they generate an API key to bridge the two and given that TrueNAS is massively API ready, it means that you can be quite flexible and customizable in the areas you connect. The Synology platform supports several API elements, but not to the same degree across the board as TrueNAS.
Overall, both the Synology DSM and TrueNAS Core platforms are very secure and although they take different approaches at times, they both seemingly come around to the same conclusion. On points, I would say that the TrueNAS system has the larger potential to be customized in its security setup, but (as usual) requires you to spend a greater deal of time to set it all up to your tastes/requirements. The Synology NAS DSM 7 platform on the other hand is considerably more user friendly (again, I know, I am a broken record) with options such as the security advisor to scan/change your system in line with its recommendations, as well as first-party tools in Active Insight and Secure Sign-in allowing you a much more brand supported experience. You can set up the security settings on a Synology NAS considerably faster than on a TrueNAS, but if you have a very particular idea of your network storage security setup, the TrueNAS platform provides a wider degree of flexibility there.
Synology DSM 7 vs TrueNAS Core – Conclusion and Verdict
It is so easy to just look at the TrueNAS option as the free but complex choice and the Synology DSM option as the easy but expensive one, BUT the truth is a little more complex than that. For a start, the wide variety of customization and flexibility that is inherent to TrueNAS is something that I genuinely think only higher-end business users are going to be able to fully realise. Home users who are building their own NAS from scratch and opt for TrueNAS for the software will definitely enjoy customizing their solution to their needs/network-environment, but the most long term customizations, reports and adaptive protocols of TrueNAS are much better suited to a business that needs to change as business/staff/data grows. Ironically though, those users are going to be far more attracted to a ‘turnkey’ solution (i.e a NAS solution that is pretty much good to go, right out the box) and will pay for the privilege (i.e time is money). This is where Synology steps in quite confidently, as they know they are incredibly business appealing, with a massive range of first-party apps to migrate away from Google/Microsoft services, as well as management and security tools that are largely unparallel elsewhere in the industry. TrueNAS is still a viable option for businesses that desire an instantly deployable solution and business class support with the official TrueNAS hardware provider iXsystems providing pre-populated and customizable solutions, as well as tiered support subscriptions – but this only truly appeals to users who truly understand what FreeBSD and ZFS can provide that EXT4 and BTRFS cannot.
The Synology DSM platform is incredibly impressive and available in systems (as in included with the hardware as a single purchase) for as little as £120 (such as the DS120j) and scales up rapidly in price and power. Users who have little-to-no technical knowledge, do not have time to learn a new kind of technology and/or want to migrate away from cloud and SaaS services to a whole contained ecosystem without subscription costs, should opt for Synology NAS and DSM 7. It has a few subscription/license purchases on a few services, but is still largely a one-off purchase for the most part and the majority of Synology NAS users never buy an extra or a subscription. Alternatively, if you are someone who has the time and enthusiasm, already has the technical skills under their belt, has very specific storage and network requirements and/or are looking at a solution that they plan on upgrading and improving in the years that follow, then TrueNAS Core (and indeed TrueNAS Scale with Linux for that matter) is going to be a much better choice. What it lacks vs Synology DSM in 1st party applications and ease of use, it makes up for in a truly unbeatable range of customization and configuration choices that are unavailable elsewhere. Plus, ZFSis always going to be at the top of many pro-storage user lists – just remember that TrueNAS (unless you opt for an iXsystem) is Free, but the hardware and time you will spend deploying it was where it will cost you.
|
|
- Part I of the TrueNAS vs Synology DSM Guide is HERE (04/04/22 – Design, GUI and Customization)
- Part II of the TrueNAS vs Synology DSM Guide is HERE (06/04/22 – Storage Management, Access & Sharing)
- Alternatively, you can read the (LONG) Guide of Synology DSM 7 vs TrueNAS Core is available HERE.
📧 SUBSCRIBE TO OUR NEWSLETTER 🔔
🔒 Join Inner Circle
Get an alert every time something gets added to this specific article!
This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below
Need Advice on Data Storage from an Expert?
Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you.(Early Access) Minisforum MGA1 7600M XT eGPU Docking Station Review
(Early Access) The Best M.2 SSD NAS To Buy Right Now
(Early Access) My Favourite NAS Releases of 2024
(Inner Circle) Recommended ATX NAS Motherboard Guide - 6 GREAT NAS MOBOs!
(Early Access) Flashstor Gen 2 NAS - SHOULD YOU BUY? (Short Review)
(Early Access) The DREAM Video Editor NAS - Flashstor Gen 2 Review (FS6806X)
Access content via Patreon or KO-FI