ASK NC Q&A Before you buy Q&A v
Best Practices/Arch - Home Network, serving Home and Small Business

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode

Best Practices/Arch - Home Network, serving Home and Small Business
Enquiries Offline
Posting Freak
*****
KNOW THE ANSWER? REPLY AND EARN KO-FI click HERE
Need help to fix or configure NAS? Try Kingbiker
Posts: 1,070
Threads: 1,071
Joined: Feb 2020
Reputation: 2
#1
Yesterday, 07:28 PM
My hardware -- Synology RT6600ax, Synology DS1522+ (43.6 TB, Synology Hybrid RAID SHR, 1 storage pool, 2 volumes - ~22.5 TB business/~12 TB home), tp-link TL-SG-108E 8-port Gigabit smart switch.
1G ISP.
Need reliable/secure network that can serve home needs as well as needs of a small home engineering/PR business (home/business preferable segregated, but both accessible for some home users).
Is there a white-paper or other docs/sources that describes "best-practice" architectures for this type use-case?
Thanks
Find
Reply
ed Offline
Administrator
*******
support me
Need help to fix or configure NAS? Try Kingbiker
Posts: 5,388
Threads: 2
Joined: Jun 2022
Reputation: 35
#2
4 hours ago
1. Network segmentation is the core
Your router, the RT6600ax, supports proper network segmentation through VLANs and multiple SSIDs. This lets you keep home traffic and business traffic separate while still allowing controlled access where needed.

Recommended layout
• LAN one Business network
• LAN two Home network
• Optional LAN three IoT network
• Optional LAN four Guest network

You then tag each network with a different VLAN ID and connect your TL SG 108E switch with matching VLANs. This gives isolation for security but also easy controlled cross access.



2. Use the Synology NAS as the shared platform
Your DS1522 plus with SHR and the two existing volumes is already suitable for this.

Best practice:
• Give the Business VLAN access only to the Business volume.
• Give the Home VLAN access only to the Home volume.
• Create dedicated user groups with tailored permissions.
• Enable SMB signing and advanced folder permissions for business data.

You already have enough storage performance for the workloads.



3. Use Synology Router Manager security features
Enable the following:
• Safe Access profiles to control which devices can talk across networks
• Traffic Control so business devices always have priority
• Threat Prevention to inspect traffic
• DNS over HTTPS for both networks



4. Remote access best practice
The gold standard is:
• Use Synology VPN server on the RT6600ax for staff or remote family
• Avoid exposing NAS ports directly
• Use QuickConnect only for low risk access or simple home use



5. Monitoring and reliability
For mixed home and business use, the standard practice is:
• Centralized logs on the NAS using Log Center
• Smart tests scheduled on all drives
• Automated snapshots for both volumes
• Hyper Backup to an external drive and optionally cloud service for critical business data
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)