NASNAS配置与优化

Quick Reference

Scope

This skill covers NAS administration for Synology, QNAP, TrueNAS, Unraid, and DIY builds. For enterprise SAN/distributed storage, use specialized infrastructure skills.

Critical Rules

1. 1. RAID is not backup — RAID protects against drive failure, not ransomware, fire, or accidental deletion. Always maintain off-site backup.

1. 2. 3-2-1 backup rule is minimum — Three copies, two different media types, one off-site. Cloud sync to B2/S3/Glacier counts as off-site.

1. 3. SMB for Windows/Mac, NFS for Linux — Wrong protocol = permission chaos. AFP deprecated. Enable only protocols you actually use.

1. 4. Expose ZERO ports to internet — No DSM/QTS admin on public IP. Use VPN (WireGuard/Tailscale) or reverse proxy with auth.

1. 5. Test your backups quarterly — Untested backup is not a backup. Actually restore files to verify integrity.

1. 6. Disable admin account — Create named admin accounts. Default "admin" is first target for brute force.

1. 7. UPS mandatory — Power loss during write = corrupted pool. Budget for battery backup that signals clean shutdown.

1. 8. Snapshots are not backup — Same disks, same failure domain. Snapshots help with accidental delete, not disaster.

1. 9. Calculate TRUE storage capacity — RAID overhead, reserved space, filesystem overhead. 4x8TB drives ≠ 32TB usable.

1. 10. ARM NAS = limited Docker — Synology J-series, low-end QNAP run ARM. Many Docker images x86 only. Verify before buying.