Hybrid Cloud-Lösung mit Microsoft 365 und Synology NAS

Hybrid cloud solution with Microsoft 365 and Synology NAS

By Andreas Walker 13 Nov, 2022

A powerful hybrid cloud solution can be built with affordable Synology NAS devices and Microsoft 365 cloud services. The data stored in the Microsoft Cloud is backed up locally on the NAS. It is also possible to synchronize local SMB/CIFS shares directly to Sharepoint. In addition, the Docker function of the Synology NAS can be used to operate a UniFi controller.

Infrastructure & Devices

The system is set up relatively unspectacularly: Since no VPN is required, a normal provider router is sufficient. (e.g. Swisscom InternetBox or CentroBusiness) To improve security, an inexpensive firewall solution can also be used, of course. It is important that the Synology NAS has an Intel processor so that Docker and M365 cloud backup that can be used.

Hybrid cloud solution for SMBs with Microsoft 365 and Synology NAS.
Hybrid cloud solution for SMBs with Microsoft 365 and Synology NAS.

Components used:

  • Provider router (here Swisscom Centro Business 2.0)
  • UniFi switch USW-Lite-16-PoE-EU
  • Synology DiskStation DS220+ NAS (alternatives)
  • Sharp MFP printer
  • Windows 10 & Windows 11 PCs, notebooks, tablets
  • Various smartphones (Android and iOS)

Cloud services used:

  • Microsoft 365 Business Standard
    • Microsoft Exchange Online
    • Microsoft Sharepoint Online
    • Microsoft OneDrive for Business
  • Exchange Online Plan 1
    • Microsoft Exchange Online
  • Synology Quck Connect
  • UniFi Cloud Access

Setup of the Synology NAS

Basically, it is recommended to set up the NAS directly with the latest DSM 7. The package “Active Backup for Microsoft 365” can then be installed via the package center. To save the backups, a shared folder must be created via the control panel. It is enough if only the administrator has read and write access to the share.

Configuration Active Backup for Microsoft 365

After that, the backup must be configured. The following gallery shows the setup process:

  • Install Active Backup for Microsoft 365 in the Package Center.
    Install Active Backup for Microsoft 365 in the Package Center.
  • Configure the backup task in Active Backup for Microsoft 365.
    Configure the backup task in Active Backup for Microsoft 365.
  • Create the certificate password. The password should be randomly generated and at least 16 characters long.
    Create the certificate password. The password should be randomly generated and at least 16 characters long.
  • Logging in to Microsoft 365 with an administrator login.
    Logging in to Microsoft 365 with an administrator login.
  • Grant access permissions to M365.
    Grant access permissions to M365.
  • Confirm access.
    Confirm access.
  • Download and backup certificate.
    Download and backup certificate.
  • Name and configure backup job.
    Name and configure backup job.
  • It's recommended to exclude administrators and other users and other unlicensed users from the backup.
    It’s recommended to exclude administrators and other users and other unlicensed users from the backup.
  • Automatic detection of new accounts enables automatic addition of new M365 users and objects to the backup.
    Automatic detection of new accounts enables automatic addition of new M365 users and objects to the backup.
  • It is recommended to run the backup once a day at off-peak hours.
    It is recommended to run the backup once a day at off-peak hours.
  • Since the initial backup may take longer to create, it is recommended to start it directly.
    Since the initial backup may take longer to create, it is recommended to start it directly.

Configuration Scan to Sharepoint with Synology Cloud Sync

Synology Cloud Sync is a service that allows synchronization of various cloud services with local SMB shares. This can be used to allow devices that can “only” write to local SMB shares (e.g. MFP devices) to write data directly to a cloud service like Microsoft SharePoint Online.

Synology C2 Object Storage, Alibaba Cloud OSS, Azure Storage, Backblaze B2, Baidu Cloud, Box, Dropbox, Dropbox Teamspace, Google Cloud Storage, Google Drive, Google Shared Storage, hicloud S3, HiDrive, JD Cloud OSS, MegaDisk, Microsoft OneDrive, Microsoft OneDrive for Business, Microsoft SharePoint, OpenStack Swift, Rackspace, S3 Storage, Tencent Cloud COS, WebDAV, Yandex Disk
The list of supported services is long.

It is recommended to create a scan user and a share for the scanner. Only the scan user and the administrator need read and write access to the share. The following gallery shows the connection to Microsoft Sharepoint Online. Other cloud services are of course possible, but differ from the setup.

  • First the connection to the cloud service (here Microsoft Sharepoint Online)
    First the connection to the cloud service (here Microsoft Sharepoint Online)
  • Login with a user who has read and write permissions to the corresponding website. (Here an admin)
    Login with a user who has read and write permissions to the corresponding website. (Here an admin)
  • Grant permissions on organization level.
    Grant permissions on organization level.
  • Allow connection...
    Allow connection…
  • Select Documents folder in the affected website.
    Select Documents folder in the affected website.
  • Select local path & remote path. Here data from share "Scan" with subfolder "Scan" of sharepoint site will be synchronized bidirectionally.
    Select local path & remote path. Here data from share “Scan” with subfolder “Scan” of sharepoint site will be synchronized bidirectionally.
  • A click on "Done" starts the synchronization directly
    A click on “Done” starts the synchronization directly

Install UniFi Controller as Docker Container

The blog TomTut.de gives a very good tutorial on how to install Docker and the UniFi controller on the Synology NAS.

Setting up the clients

Finally, setting up the devices is very simple. As long as the devices have Windows 10 Pro or Windows 11 Pro installed, you can work with Azure AD. In many cases, however, users prefer local accounts. Home Versions of Windows can’t user Azure AD. So there Local Accounts must be used anyway.
Additional to installing the Microsoft 365 apps (Outlook, Excel, Word, PowerPoint, etc.), One Drive for Business must be set up and the Sharepoint sites used must be linked. By synchronizing the document and desktop folders with OneDrive for Business, you can provide a basic data loss protection level. Active Backup for Microsoft 365 will then back up this data to the local Synology NAS.
For those who want full machine backups, Veeam Agent for Microsoft Windows FREE can be used to back up to an SMB share of the Synology NAS. Synology offers with Active Backup for Business an on-board Solution.

Expansion possibilities

Larger NAS versions have enough power to run VMs via the Synology Virtual Machine Manager (VMM). This allows running a small Windows Server 2022 Essentials domain controller over which users can be managed and synchronized with Azure AD via Microsoft AD Connect. This of course also allows managing the local PCs via GPOs etc. The Synology NAS can also be fully integrated into AD and then additionally used as a local file server. Of course, small application servers and Linux appliances can also be operated in this way.

Andreas Walker completed an apprenticeship in gastronomy and worked in this industry for almost 15 years. In addition to his work in the hospitality industry, he built up a small IT company and supported small SMEs in IT projects in his spare time. Over time, he slipped into the IT of his employer and managed the site IT of a business hotel of the internationally active hotel chain IHG. In the summer of 2019, he graduated with an Advanced Federal Diploma of Higher Education in Information Technology. Since spring 2019, Andreas Walker is working for a local IT provider in the canton of Glarus as a system engineer, where he primarily supports SME customers.