With the continued growth of cloud-based storage, having a device in your house that you have to manage is definitely not for everyone. However there are definite advantages: From a performance perspective, you'll never have speeds as good as you do from streaming within your own home, something that's becoming more and more important as digital files continue to grow; and from a security perspective, it's sometimes important to keep your data within your own walls, rather than expose them to an unknown company.
For those who want to have complete control over their data, a NAS device is a critical piece of the infrastructure. I've had the pleasure of reviewing many devices over the year, and you should take a look at previous articles if you're undecided on the pros and cons of various manufacturers.
Today, I'm going to take a look at the Synology DS1517+ to see how it stacks up against other devices from both a performance and usability perspective.
The Synology DS1517+ is powered by the Intel Atom C2538, a 64-bit quad-core processor running at 2.4 GHz and has a built-in encryption subsystem, (AES-NI) to reduce the performance hit on encrypted volumes. There are two memory slots, providing the system with between 2GB and 16GB of DDR3 RAM, depending on configuration. Our review unit has 8GB of RAM.
From a storage perspective, the DS1517+ has five drive bays, and each bay can support up to a 12TB drive, giving a total raw storage capacity of up to 60TB. In reality, most people will use one or two of the drives as protection for potential hardware failures. In addition, most Synology devices (including the DS1517+) support the concept of an "expansion" unit to add more drive bays in an external enclosure. I hope to do a deep dive into one of these devices in the near future. All drives are hot-swappable.
|CPU||Intel Atom C2538 64-bit, 2.4 GHz, with AES-NI encryption|
|Memory||2GB - 16GB DDR3 RAM, depending on configuration|
|Disk Capacity||60TB (12TB x 5) native; 180TB with expansion units|
|Network||4xGbE (with link aggregation/failover)|
|USB Ports||4xUSB3 (back), 1xUSB3 (front)|
|Size (H/W/D)||(6.5in x 9.8in x 9.5in) / (166 mm x 250 mm x 243 mm)|
|Weight||9.8 lbs / 4.46kg|
The back of the device has four GbE ports that can be configured to work together in a failover or link aggregation mode if you have managed switched. There are also three USB3 ports, a Kensington lock, and two eSATA ports to chain two disk expansion devices, if you have a need for a lot of extra storage.
The complete specs of the device can be found on Synology's website.
The whole point of a NAS device is in its simplicity, and the DS1517+ delivers. Simply plug in the power cable, connect an Ethernet cable, turn the box on, and you're done.
Connecting drives to the DS1517+ is as easy as the other Synology NAS devices I've reviewed in the past. Place the 3.5" disk in the sled, click the two side pieces into place, and the disk pack is ready to insert into the NAS device. It's a great design, although I'm a little concerned that if the plastic clips on the side break you'll be out of luck and will have to contact Synology for a replacement.
The sleds also support 2.5" drives, such as SSD, but in order to mount those into the sleds you'll need to screw it into the bottom of the sled with the included screws.
If you want to lock the drives into place to stop someone from simply ejecting it from the enclosure, you can use the enclosed keys to do so, just keep in mind that the locks do not appear very difficult to bypass. I suspect it's not there for hard core security as much as to prevent a passerby from pressing the eject button on the tray.
Initial Setup and Configuration
Since the DS1517+ still uses Synology's DiskStation Manager (DSM) operating system, the process for the initial setup is exactly the same as before. So as not to repeat myself, jump over to the review of the DS716+ to see how the initial setup process looks.
I was a little disappointed to see that Synology has yet to address the password complexity issue. In addition to short passwords still being classified as "strong," even using the name "synology" (all lower-case) as a password tells the user it's strong. If they're going to give strength-of-password information, it should at least be accurate.
In order to test performance and bypass the PC as much as possible, I used OSFMount to create a 4GB RAM disk, and then used Robocopy to test throughput between my desktop and the DS1517+. The volume on the Synology DS1517+ was using the Btrfs filesystem, and tests using both RAID-5 and RAID-6 came roughly equal results.
The first test consisted of copying a large 3GB file to and from the Synology DS1517+. Most systems can copy these types of files much faster than the smaller files due to the lack of having to seek on the disk for the individual file handle, and the DS1517+ was no exception. Indeed, performance for this device was higher than any other device I've reviewed in the past, albeit not by much, and nothing that you would notice in the real world.
Where things start to get interesting is the copying of smaller, random files. As with the other devices I've reviewed, I took 360 MP3 files of varying lengths that took up roughly 3 gigabytes of storage, and began copying them all to and from the Synology DS1517+. Performance here was a bit slower than some other devices I've reviewed in the past, and I wasn't able to come up with an explanation for this. I was using five drives, so I would've expected read performance to be a little higher.
Where the performance of the DS1517+ really shines is when using a fully encrypted RAID-6 filesystem. Since the device has AES-NI hardware encryption, it's able to work at roughly the same speeds as an unencrypted volume. When conducting tests with the large files, reading from an encrypted volume resulted in the same 112MB/s speed, while writing to the encrypted volume gave speeds of 103MB/s, a reduction of only 7MB/s. When looking at the small file test, performance was again the same when reading from the device and dropped from 64MB/s to 56MB/s in the small file test. If you want the extra peace of mind from whole volume encryption, the performance impact seems negligible compared to the benefit.
One of the main reasons you might want to have your own NAS device is to provide extra security to your data. By not having to put your files in a service like Dropbox, you don't have to worry about what a rogue employee will do. DSM, which is what's used on all Synology NAS devices, offers many good security features, although some of what they do goes against what I'd consider best practices, such as the previously mentioned password strength meter. It's important to note that these features are available on all Synology NAS devices, since they all run DSM.
One of the best things anyone can do to improve the security of the system is to enable two-factor authentication (2FA). By going into the control panel, selecting "users," and then clicking on the "advanced" tab, an administrator can force 2FA on either administrators or all users. This is done by using either Google's or Microsoft's Authenticator mobile apps. Although the setup screen indicates Microsoft's Authenticator only works for Windows Phone, during my tests I had no problems using it on an Android device.
Sadly, 2FA is only required when logging into the device's web portal. You can still mount volumes, access apps like Photo Station, and even SSH directly into the box (if enabled), all with only a username/password combination. While still important, it does limit how much extra security you get from enabling the feature.
Within the Control Panel, there's an entire section that deals with the security of the device, from how the portal works, to firewalls, to SSL certificates.
The firewall is an interesting and useful way to protect your Synology device and has some nice features, but for some reason it comes with some artificial limitations. For example, you can block access from certain countries in the world if you want by selecting the "Region" from the source IP. However you can only select 15 countries in a single firewall rule, and there's no explanation as to why. Granted, it's easy to work around: Instead of blocking all but four countries, simply select the four countries and "allow" them. Regardless, the limitation is odd.
If you want to use an SSL certificate for encrypting web traffic to your DS1517+, there are options to assist with that as well. In addition, Synology has native support for EFF's "Let's Encrypt" tool, so you can easily use free, high-quality encryption certs.
There are other built-in features, such as blocking an IP address after a certain number of failed login attempts, denial of service protection (although there's no mention of how it actually works), and block lists to prevent logins from certain addresses.
Synology also has a tool called Security Advisor, that can help ensure that your NAS device is locked down as tightly as you want. You set the baseline, whether it's for home/personal use (less strict), work/business use (very strict), or whether you want a list of custom checks run. It can be scheduled to run on a routine basis to ensure that your NAS device has the proper features enabled and that there is no malware hiding on the device. Clicking on each section brings up the actual findings, along with recommendations on how to fix the problem.
Lastly, as noted in the performance section, creating an encrypted volume results in similar performance to unencrypted volumes, so is something you'll want to consider in your environment.
The DS1715+ supports virtualization via either Synology's own Virtual Machine Manager, or utilizing Docker Containers. While exploring all of the functionality would be beyond the scope of this review, I did run some basic tests to explore the functionality and came away impressed.
In both cases, you have to install a package through the Synology Package center, but it's literally as easy as searching and clicking the install button. Once installed, a Docker icon will be available to launch the tool.
Installing images for Docker is just as easy as installing packages on the device. Clicking on the "Registry" allows you to search for various containers that others have already setup for your use. Each image is given a number of stars to show how popular they are, and officially packaged images are given a checkmark so that you don't have to worry that someone may have installed malware without your knowledge. For my test, I installed the Ubiquiti network controller and a Tenable Nessus security scanner.
You have to have a little bit of knowledge about containers, such as mapping network ports, but the tool makes it easy to do if you know what you're looking for. Once the container is started, you can view statistics such as memory and CPU utilization, or simply dive in and start using the service.
Although there are more advanced configurations and usages, the general premise really is that simple. Synology made it really easy for anyone to easily jump into the world of containers.
There's no question that the Synology DS1517+ is a great NAS solution for those who need more storage than the normal person. If you're the type who has hundreds of videos, thousands of high-quality pictures, and wants to take advantage of some virtualization, the DS1517+ is a great solution. It's a bit expensive, coming in at $699 for the 2GB model and $789 for the 8GB model (sans drives), but the hardware is rock solid, and the operating system is so easy to use that I feel it is definitely worth the price. The performance when utilizing encrypted volumes is top notch, although speed when reading and writing small files to the device is slower than I would've expected. Other than that, I found nothing to complain about in my time using the device.
When purchasing a Synology device, you're buying more than a centralized storage tool, you're buying a server with plenty of disk space to store things. Being able to run virtual machines or Docker containers on the DS1517+ is a great way to run some low-power servers in your home or small business, and with dozens of packages available for one-click install, there's no limit to what you can run on the Synology device.
While not everyone has a need for this type of device, for those who do, I can wholeheartedly recommend it.
UPDATE: I incorrectly noted that Let's Encrypt is owned by EFF. Although EFF is one of its founding sponsors and currently one of its greatest advocates, Let's Encrypt is a separate and independent entity that is run by the Internet Security Research Group (ISRG), a 501(c)(3) nonprofit organization.