About
The NAS is called Dagda after the chief god of Irish mythology
Access
Dagda can only be accessed for the local TCD network at the following URL:
This points to 134.226.90.69:5000
2FA
Two Factor Authentication is used for accessing the NAS over the local network.
Storage Pool
There is 1 storage pool named main ABAIR Pool which uses all the available HDD storage in RAID level 6.
This storage pool can be accessed in the UI in the Storage Manager application.
The total size is 36.4 TB
This consists of:
| Drive ID | Drive Size |
|---|---|
| Drive 1 | 18.2TB |
| Drive 2 | 18.2TB |
| Drive 3 | 18.2TB |
| Drive 4 | 18.2TB |
Data Scrubbing
Data scrubbing is scheduled to take place every 3 months.
Storage Volume
There is one storage volume called Main ABAIR Volume. Having one storage volume reduces the complexity of the setup and is suitable for small organisations like ABAIR.
Cache
There is a 1TB NVMe drive setup as a read cache
File System
The volume uses Btrfs, because it supports advanced features, including shared folder snapshots and replication, shared folder quota, and advanced data integrity protection.
Encryption
The whole volume is encrypted and the key is held by John and Andy. Linux Unified Key Setup (LUKS) is used to perform volume encryption. LUKS implements Advanced Encryption Standard (AES) in xts-plain64 mode,
What is AES?
AES (Advanced Encryption Standard) is a widely used symmetric encryption algorithm. It encrypts data using a secret key the same way for both encoding and decoding. AES is very strong, efficient, and is a standard for securing data worldwide. AES-256 is used on this system and is the most secure.
What is XTS-Plain64 mode?
When data is encrypted, it’s important to not just encrypt it but also organize how blocks of data are processed. That organization is called the mode of operation.
- XTS stands for XEX-based Tweaked CodeBook mode with ciphertext stealing. It’s a mode of operation designed specifically for encrypting data on storage devices like hard drives and SSDs—in other words, for encrypting data at rest.
- XTS mode enhances security when encrypting large amounts of data by preventing certain attacks that could happen if you use simpler modes (like ECB).
- The "Plain64" part refers to how the tweak value (a value that changes with each block to improve security) is calculated using the plaintext sector number encoded as a 64-bit number.
Shares
It is possible to create shared folders (shares) on the NAS and control who has access.
There are currently 2 shares available
- recordings
- MAO
The recordings share is encrypted and the key is held by John and Andy.
Data Checksums
Data checksums are used for advanced data integrity.
On Synology NAS, especially when using the Btrfs file system or enabling certain data integrity features on shared folders, checksums play an important role in protecting data:
- Integrity Checking
Every time a file or data block is written to the disk, Synology generates a checksum for that data. Later, when reading the data back, it recalculates the checksum and compares it with the original checksum.
- Detecting Corruption
If the checksums don’t match, it indicates the data might have been corrupted (due to disk errors, faulty RAM, or other storage issues).
- Automatic Repair (with Btrfs)
If your volume is on Btrfs and you use RAID configurations that support redundancy (like RAID 1 or RAID 5/6), Synology can use checksums to detect corruption and automatically repair the damaged data by retrieving a good copy from another disk.
Groups
There are 5 user groups:
- administrators (system default)
- http (system default)
- users (system default)
- staff-read
- staff-read-write
staff-read
Can read all files
staff-read-write
Can read and write all files
Users
The following user accounts are active:
| User | Groups |
|---|---|
| admin (system default) | staff-read-write |
| guest (system default) | |
| andy | staff-read-write |
| sloanjo | staff-read-write |
| ailbhe | staff-read |
TODO
Do Snapshot Replication and Hyper Backup Add UPS