NAS / wireless unified storage

Hello everyone.
Let me start with all funny requirements and questions to see what I should do.

What I have:
I have less that 1TB family photos
I have some documents etc.
I have some other files, games, music etc.

What I do with them:
I have a 5TB external that i back them up there but use them on that drive as well
I have another external just for photos and docs that is not connected all the time
I don’t use internal Laptop to store anything
I do have G photo, I Cloud , amazon but i cant trust them to stay safe as G did reduced the capacity , and I don’t want that to happen again
I’m not a heavy backup user

What I’m thinking:
have a mean of storage that i can access regardless of OS and location (NO USB)
Be safe and reliable for Photos and documents specially.
easily store my old music and games as well (not sure if games can run but at least copy them to internal nvme when needed

I’m looking at NAS solution, but a few questions keep popping in my head,

1- Is NAS secure enough for sensitive documents?
2- Can a few folders / parts be globally available, and rest just stay in local network for safety?
2a- can a part of it be dedicated to someone that no one can access for backups?
3-I definitely would have another local backup as well
4- in terms of brand / model for my needs how much Memory CPU affects the experience
5- If using RAID and the system (Not HDDs) break, is there an easy way to recover?
5- I’m seeing multiple brands (Synology and WD although they are heavily being advertised and that a red flag for me)
Synology 2GB DDr4 is $300 + $200 for HDD
WD my book is $450 for duo 16TB solution
single drives are much cheaper (i’m aware of not being able to use RAID)

So to summarize, for my casual use
How much does that worth to invest?
What Brand?
Safety and security?
Recoverability?

thank you

First, it needs to be made explicit, RAID is NOT a backup. RAID breaks in wonderful ways, and there are not any guarantees that you will get your data back. A 3-2-1 backup (3 copies, 2 different formats/medias, 1 of which is offsite) is still your best bet for the most important (cannot afford to lose it) data.

Okay, with that out of the way, a NAS is great. I don’t advocate putting your NAS directly onto the Internet if you have any valuable data within it. (Unless you can afford two of them, then you could have one that is potentially sacrificial.) I do realize that the major “home user” brands do advertise these features, and some of them make good efforts to keep the NAS firmware up to date and secure, but I still feel like there are better ways to protect your important data.

My experience is mostly with Synology products. In particular I have a higher end product, with 12 drive bays. For me, the biggest expense was the drives, and not the enclosure. I have already had about 3 drives fail in less than 6 years, so I have tested the RAID recovery features, and they have worked for me, but I am using RAID-6 and can theoretically support up to 2 drives failing at once.

For what you’re proposing, if I were using a Synology, I would create different shares for different purposes. The shares can have different permissions, tied to users on the NAS. (I use Windows, and the NAS supports SMB so I get some seamless login behaviour.) I mostly access my NAS by name like \\NASname\ShareName\path\file but you could of course also map the content to mapped drives in Windows.

If you chose to not use the Synology ‘online/own cloud’ features and thus chose to keep your NAS securely offline, then you could get a Raspberry Pi (or equivalent) and run OwnCloud and give the Pi restricted read only NAS access to just the necessary folders for content you wish to publish online. You would then put the Pi into the DMZ on your router, and it would face the brunt of the online attacks, and would provide an extra layer of security in front of your NAS. (Obviously, you would want to lock down the Pi as much as possible, no running SSH, or FTP, or whatever a hacker might try and use to break into your network.)

Thanks for the detailed info,
so to make it simpler, before i go for setting up personal server and network, is that correct to say:

1- you don’t suggest putting sensitive documents and photos globally available? (that limits the use of system for me)
2- Synology keeps encryption and security up to date without requiring a subscription?
3- Mac, Windows, Mobile app, browser access to folders is available for Synology?
4- use at least 2 bay enclosure with 1 backup

Well you know how the LastPass hack was furthered by the developer having an unpatched version of Plex on his network? Every “hole” you punch into your firewall is just another potential exposure of your data/network/life. 99% of the time things will probably be completely safe… but what the heck do you do if a hacker and their crypto-malware sneaks through your defences while you’re sleeping. For me, that would wreck my life, so I can’t chance it. Your sense of safety online may be different than mine.

If you think about it, there is value is using someone else’s computer/network to host your data. There are plenty of low cost solutions, like DropBox or OneDrive or others, and they’ve probably got dedicated staff trying to keep their customer’s data secure. So you might consider a solution where you sync out of someone else’s cloud and onto your NAS. (Or the reverse, sync portions of your NAS into their cloud.)

Synology does have cloud features, and some of them require subscription fees. (They have a multi-NAS sync feature, for example, which is not free.) For basic security and version updates, so far, in the 10+ years I have been using a Synology device, this has been free. Of course I can’t guarantee it will always remain that way, but it does seem likely. The Synology UI/firmware is called DSM, and you can learn more about recent updates, and updating it in general, here: https://kb.synology.com/en-sg/DSM/help/DSM/AdminCenter/system_dsmupdate?version=7

I believe they have mobile apps for iOS and Android, but I cannot confirm as I explicitly do NOT use these features.

As I mentioned before, the cost of the enclosure will probably not end up being your biggest expense, the drives will. The nice thing is you can start with as few as two drives, and grow over time, so if you have the extra cash, you might buy more capacity than you need right now, and leave unused bays for later expansion.

With one drive, you have no hope of a recovery if something goes bad.
With two drives, you can run mirrored, and survive a one drive failure, at the cost of 50% redundancy (buying a drive which gets you no extra storage space.)
With three drives you can start to consider RAID options. RAID-5 has one drive failure and RAID-6 has two. If you had 3 6TB drives, say, in RAID-5 you would have 12TB of storage and in RAID-6 you would have 6TB of storage.

Great info,
in that case, I would wait a little for buying the future proof option,
and now , I would keep the old fashion backup my data ,
I may add an additional hard drive

BTW non related to this topic, is there a need or a safe way to encript sensitive documnets files and put them in a cloud drive, I am using all but trust some more to do so (I cloud, Drop box, One drive , G drive, etc.)