Enterprise Private Cloud for Businesses: Synology DSM 5.1 with Bi-directional file and NTFS-Style ACLs syncing


This article, intended for IT Professionals, IT Consultants, or IT Administrators, will discuss a new functionality of Synology Cloud Station, announced with the release of Synology DSM 5.1. This article will illustrate the capability of deploying a distributed private cloud with bi-directional file-level syncing, while maintaining centralized management of ADS NTFS-Style ACLs throughout the entire distributed private cloud, as well an application scenario for this technology.



Recently in November 2014, Synology finished its extensive public beta evaluation of DSM 5.1 and released the General Availability version. This release brought many improvements such as automatic security updates, service interface binding to isolate specific services to each NIC, VMware VAAI for NFS for improved VMware vSphere performance, and improved private cloud capabilities. This article discusses the newly added support for bi-directional syncing of a file’s Windows “NTFS-Style” ACLs via Synology’s Cloud Station.


Bi-directional Syncing of files with Windows NTFS-Style ACLs

(Click to Enlarge)
Bi-directional syncing of files, discussed in “Build Hybrid Cloud Storage, with the Synology DiskStation Manager,” is a concept of how a business can maintain fast and private local access to files while also making data available to Remote Offices/Branch Offices (ROBOs). This synchronization is maintained over the Internet by deploying a Synology DiskStation at each site with Synology’s Cloud Station software. In DSM 5.1, Synology Cloud Station was further refined, with the support of Windows ADS NTFS-Style ACLs. Supporting this level of granular permissions now allows ADS Administrators to easily enforce ADS ACLs on a granular level, even on DiskStations that are located in offices across the country.

To allow ADS Authentication and use of ADS ACLs on the remote DiskStations, a VPN is created to allow the remote DiskStations to communicate with the ADS Server at the main office. After the ADS Authentication is established, Cloud Station can take over to handle the bi-directional syncing, and maintain the ADS ACLs with the individual files. For the Cloud Station Clients, the Sync Profiles were set to sync all privileges.


Application Scenario

(Click to Enlarge)
Utilizing bi-directional sync of ACLs can be applied to any business that has multiple ROBOs and have one or more identical departments at different locations. One example might be an Accounting Division. This Division may have multiple departments, including Accounts Payable, Accounts Receivable, Disbursements, Payroll, Procurement, and Property Accounting. These departments may be present across multiple offices as each branch office continues to grow and all of these accountants need to have access to the “Accounting Division Folder”, but not all need to have access to each of the individual “Department Folders/Files.” By supporting ACLs within Cloud Station, the Accounting Division Head can set ADS ACL Permissions at the “Main Office” and these changes will be synchronized at the “Sales Offices”, resulting in only specific accountants at the “Sales Office” having access to specific data.



As businesses continue to prefer private cloud storage solutions, the need of enterprise level file management access control is needed. In today’s world, a single company can have multiple ROBOs to serve the needs of that specific region of the world. With a distributed business, the need to maintain private, high performance local access to synchronized files is needed, along with a need centralized management of file access in the distributed private cloud.

By supporting ADS ACL Bi-directional syncing, Synology is adding another asset, another enterprise level tool for the distributed businesses, where a single person can efficiently manage the access of files in today’s distributed private cloud.


Further Reading

  1. Synology Blog – “Build Hybrid Cloud Storage, with the Synology DiskStation Manager”