Getting Started With NAS Guard

Topic

This article describes the NAS Guard feature available on BCDR devices for protecting externally hosted NAS shares.

Environment

Datto SIRIS
Datto ALTO
Datto NAS

Description

The NAS Guard feature allows you to use your Datto appliance to capture backup snapshots of an SMB share from any system on your LAN, and then replicate those snapshots to the cloud. This process connects to the share through the local network and does not require any additional software installed on the host system. The Datto appliance will not make any modifications to the share during the pairing or backup processes. All external shares mount on the Datto appliance as read-only.

To protect an externally-hosted share with NAS Guard, follow the steps described in Creating and Protecting Network Shares With a Datto Appliance.

Considerations

Backing up external NAS shares is available on any BCDR device with the exception of the ALTO1.
The protected share size is capped at 16TB.
The size of the space taken up on the Datto device will be dependent on the total size of the protected share, the retention policies set for the backups, and the rate of change on the production share.
There is no limit to the number of shares on a device. The number of shares added is determined by the total protected storage and the size of the device.
When using Datto's NAS Guard to back up external NAS shares, it's important to be aware of potential timeouts during the backup process. If the device is unable to enumerate the backup within 168 hours (7 days), the backup will fail. This situation is typically beyond our control and is influenced by the client's infrastructure. It primarily affects very large NAS shares containing millions of files. To mitigate this risk, consider organizing data into smaller shares or optimizing the file structure to enhance enumeration efficiency.
To back up a hosted share on the network, the Datto device will need to be able to reach out over TCP port 445 (samba) outbound to the host server. It will do this for initial pairing and on each backup request.

Restore Options

Local file restores of snapshots can be mounted from the Restore tab of the Datto appliance.
Offsite file restores can also be created from the Recovery Launchpad.

Permissions

The user account used to pair the external share with the Datto device will determine the behavior of the backups on the device. The device will backup according to the schedule, all files and folders that the account used has access to. This means:

Files or folders can be excluded from these backups if the user account has explicit DENY permission on those folders you don't want to be backed up.
Permissions within the share will reflect the permissions on the external share.
If the share is on a domain, the Datto device should be joined to the domain as well. This will allow the Datto appliance to connect to the external share using domain credentials.

NOTE It is a best-practice to respect casing for the share name and username. Although some systems will disregard casing, others may not.

Depending on your environment, NAS Guard may or may not be able to preserve Unix permissions. Datto strongly recommends testing a restore to verify the preservation of user permissions.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the ideas forum!
	Provide feedback for the Documentation team.