Manuals+

Synology QuickConnect

Based on DSM 5.2

Chapter 1: Introduction

What is QuickConnect?

As its name entails, QuickConnect is designed to make connecting Synology NAS servers easy and quick. Setting up a server and correctly availing its service usually requires a certain level of knowledge in IT administration. QuickConnect seeks to remove that necessity and, through technology that causes the least network overhead, make connecting Synology NAS servers effortless for anyone.

This means QuickConnect removes several barriers that are often encountered by users trying to set up a NAS server. Namely, QuickConnect users are exempted from the necessity of owning a static external IP address, setting up port-forwarding rules in the NAT before the NAS, and switching between WAN/LAN addresses when the client device is relocated.

QuickConnect is initially designed to ensure specific Synology NAS services are always reachable in any network environment, even one that's not port-forwardable. Now it offers a comprehensive solution to guarantee that not only are the services always accessible, but they are also accessed with minimal fuss and network overhead. In so doing, QuickConnect delivers the following features:

  1. A permanent and easily memorized server ID - a QuickConnect ID - that works both in LAN and over the Internet
  2. Server location detection (LAN/WAN detection)
  3. QuickConnect hole punching
  4. Automatic port-forwarding through UPnP
  5. QuickConnect relay service
  6. QuickConnect Web Portal

With these features, QuickConnect users enjoy various exclusive benefits, including:

Chapter 2: How QuickConnect Works

Overview

QuickConnect in general offers three distinct services: mobile and PC client utility access, QuickConnect Web Portal, and DSM file sharing. All these services require QuickConnect Connectivity Test to guarantee efficient connection. In this chapter, we will explain how QuickConnect Connectivity Test works and what these three services offer respectively.

QuickConnect Connectivity Test

QuickConnect Connectivity Test is a series of attempts that define how the client connects to its destination NAS using QuickConnect ID. It begins by performing LAN detection and WAN detection to verify server reachability with the registered network addresses on the QuickConnect Server, and proceeds to test hole punching compatibility of the environment in which the Synology NAS is located, and finally provides a relay service for any NAS not reachable using the said methods.

LAN/WAN Detection

When a client attempts to reach a Synology NAS using the server's QuickConnect ID, a request is sent to Synology QuickConnect Server for the registered information of the NAS. This allows the client to obtain network information about the server to identify possible ways to connect it. The information includes the public IP, LAN IP, and NAT type among others, all of which are necessary for the link and do not compromise the security of the NAS. With the given information, the client can identify whether a direct connection with the IP or domain address can be established in LAN or WAN.

QuickConnect Hole Punching

If no direct connection can be established, the client will attempt to establish a virtual tunnel between the client and the NAS via QuickConnect to allow a temporary direct link for data transmission. This technology allows the server and the client to experience Internet synchronization performance very similar to connecting via WAN IP/DDNS without physically having such an environment.

Hole punching works by initiating a virtual tunnel from the client to the NAS with the aid of the QuickConnect Server.

  1. The NAS sends out a request to the QuickConnect Server, and keeps the hole - a random external port punched by the request on the NAT in front of the NAS - open to receive a hole punching request.
  2. Similarly, the client sends out a request to the QuickConnect Server to create another hole on the NAT in front of the client.
  3. The QuickConnect Server will deliver the hole information of the NAS to the client and vice versa.
  4. The NAS will try to establish a connection to the client through the punched hole on the client side.
  5. Once the client receives the hole punching request from the NAS, a hole punching response is sent back to the NAS via the punched hole on the NAS side.
  6. If the hole punching response arrives at the NAS, a virtual tunnel is successfully created.
Figure 1: QuickConnect hole punching mechanism

Once the virtual tunnel is successfully established, the remote client can use this connection to communicate with the NAS directly and no network relay is needed.

QuickConnect Relay Service

In cases where the virtual tunnel cannot be created, a relay service is available for data transmission. When traffic is relayed, it goes through Synology Relay Server before arriving at its destination. Requiring more time compared to direct connections or QuickConnect hole punching, the QuickConnect relay service serves as the final option for data to be communicated between the NAS and the client.

If the hole punching fails to create a connection, the client will make one last connection attempt by creating a virtual network tunnel using QuickConnect relay service. The service works as follows:

  1. To initiate the relay service, the client will send a request to the QuickConnect Server.
  2. The QuickConnect Server will inform the NAS to create a virtual tunnel between the NAS and the Relay Server.
  3. A port will be assigned on the Relay Server, and all network traffic to this port will be redirected via the established virtual tunnel to the NAS.
  4. Once the Relay Server is ready, the QuickConnect Server will reply the relay information back to the client.
  5. The client is now able to communicate with the NAS via the relay.
Figure 2: QuickConnect relay service

Communicating over the Relay Server can cause a significant delay in data delivery, and is thus the last method a client will take in attempt to reach the server.

QuickConnect Services

QuickConnect tailor-makes its service for different Synology applications: mobile and PC client utility access, QuickConnect Web Portal, and DSM file sharing. These applications leverage different advantages of QuickConnect to deliver the same convenience and efficiency.

Mobile and PC Utility Access

QuickConnect allows Synology client software such as Synology Cloud Station (PC utility) and mobile applications such as DS file to access a Synology NAS using QuickConnect ID instead of IP address/DDNS. In so doing, QuickConnect directs the client PC or mobile device to reach the NAS by way of LAN, WAN, hole punching or, if none of the above is available, through Synology's relay service.

Figure 3: Workflow for mobile and PC utility access over QuickConnect

QuickConnect Web Portal

QuickConnect Web Portal allows the web interface of a Synology NAS - including the DSM management interface, Photo Station and various application portals - to be accessed from a browser anywhere with a consistent, bookmarkable address.

A typical address of the DSM management interface powered by QuickConnect Web Portal looks like:

quickconnect.to/[QuickConnect ID]

e.g. quickconnect.to/tenni

A Photo Station address would look like:

quickconnect.to/[QuickConnect ID]/photo

e.g. quickconnect.to/tenni/photo

An application alias is required for DSM Application Portal to be accessed with the QuickConnect address. A typical address for File Station's application portal looks like:

quickconnect.to/[QuickConnect ID]/[alias]

e.g. quickconnect.to/tenni/file

These addresses are universal. When the QuickConnect Server receives a request for these addresses, it initiates Connectivity Test to verify NAS location and accessibility. In cases where QuickConnect fails to locate a LAN or WAN address to redirect the browser to, Synology offers QuickConnect Portal Server that functions as a proxy between a Synology NAS and the connecting web browser.

The Connectivity Test helps redirect the browser to take the best possible way to access the desired web page. For example, the Portal Server will redirect the client browser to the LAN address (e.g. http://192.168.17.99:5000/) or WAN address (e.g. http://tenni.synology.me:5000) if these addresses are connectible.

When the connecting client attempts to connect these web interfaces through HTTPS (e.g. https://quickconnect.to/tenni), it will be prompted to trust the NAS server's certificate (often self-signed with a personal NAS). The browser can only be redirected to a LAN address when the client chooses to trust the certificate. If not, the relay portal will be activated instead and all transmitted data will be relayed.

The following image illustrates the process used by the QuickConnect Web Portal:

Figure 4: QuickConnect Web Portal

1. The client (connecting web browser) performs the Connectivity Test

2. The browser is redirected to the Portal Server if the results of LAN/WAN Connectivity Test are "No"

3. The Portal Server invokes a virtual network tunnel from the Relay Server to the NAS

4. The Portal Server serves as a proxy to handle all the traffic between the NAS and the client browser via the virtual network tunnel.

5. The client browser is now able to access the intended NAS web pages via the Portal Server

Figure 5: Workflow for QuickConnect Web Portal

To summarize, the benefits of QuickConnect Web Portal are:

  1. QuickConnect Connectivity Test to guarantee efficient connection
  2. Web portal uses standard ports that are firewall friendly for web browsing
  3. Bookmarkable permanent URLs

File Sharing Service over QuickConnect

File sharing is a native DSM service that allows a file to be shared with a web address. A shared link takes the form of any of the following three:

When QuickConnect is enabled, a file sharing link always takes the form in the gofile.me domain. By way of the Connectivity Test, this link allows the connecting browser to take the best possible path to access the shared files. That is to say, the client browser will be redirected to the shared link's LAN/WAN address if available, before attempting through the relay tunnel.

Figure 6: Workflow for file sharing over QuickConnect

Chapter 3: Security

Software Security

While providing all the benefits and convenience, Synology QuickConnect takes all necessary measures to prevent data leakage and interception. This section explains QuickConnect's security protocol.

Synology NAS Information

To enable the QuickConnect service, the Synology NAS must be registered under the QuickConnect Server. This means the Synology NAS reports its status such as network environments and supported services to the QuickConnect Server.

The reported information (i.e. the public IP address, LAN address, NAT type and so on) is indispensable for the Connectivity Test. Synology safeguards users' digital privacy. The retrieved information is only used by Synology in order to deliver the QuickConnect service.

Relay Tunnel

With SSL enabled, data transmission over the network virtual tunnel is secured with end-to-end encryption. Therefore, QuickConnect guarantees confidentiality and integrity of data transmission between the Synology NAS and Client Device.

QuickConnect Web Portal

QuickConnect Web Portal is secured by end-to-end encryption when the browser is redirected to the Synology NAS using LAN or WAN connection. Otherwise, the request is directed to the Portal Server.

In such conditions, the Portal Server offers a trusted certificate for the connecting browser to verify the identity of the Portal Server. This helps us combat man-in-the-middle attacks by preventing messages from being intercepted by fake Portal Servers.

The Portal Server would then decrypt and modify the specific HTTP headers so as to inform the destination NAS of the identity of the connecting client. Having done so, the Portal Server then sends the data to the destination Synology NAS via the network virtual tunnel. Once again, data transmission over the network virtual tunnel is secured with end-to-end encryption if SSL is enabled.

Figure 7: Security mechanism of QuickConnect Web Portal

Facility Security

While providing the promised services, the QuickConnect service makes no use of collected data from registered Synology NAS servers except in delivering such promised services. For more details, please visit the Privacy Terms on our official website.

Synology QuickConnect Servers are hosted in data centers in a total of eight sites around the globe to provide high-quality and stable service. All data centers are manned 24/7, guarded with surveillance systems and strict policies governing personnel access. Facilities are also well equipped to ensure power supply and network availability in the event of outage and preventable disasters.

Chapter 4: Summary

Summary

With Synology QuickConnect service, users can now enjoy anywhere access not only to data stored on a Synology NAS, but also to its web management interface from any network environment. Eliminating the complicated setup of port-forwarding and firewall rules for cross-network connection, Synology QuickConnect makes all this possible with a simple, personalized QuickConnect ID and guides the connecting device to the shortest route across networks to the destination NAS. For more information, please contact Synology at www.synology.com.

PDF preview unavailable. Download the PDF instead.

Synology QuickConnec56c599724f371 Synology Inc. Adobe PDF Library 15.0

Related Documents

Preview Synology DS423+: All-in-One Data Management and Sharing NAS
Explore the Synology DS423+, a 4-bay NAS designed for efficient data management, sharing, backup, and surveillance. Learn about its features, hardware overview, and technical specifications for seamless data handling.
Preview Synology NAS User's Guide: Master DSM 6.2 Features
Comprehensive user guide for Synology NAS devices running DiskStation Manager (DSM) 6.2. Learn to set up, manage, share files, back up data, and utilize advanced features for optimal performance and security.
Preview Synology DS124 DiskStation: Compact Data Hub for Centralized Storage and Sharing
Discover the Synology DS124 DiskStation, a compact and powerful data hub for effortless data centralization, organization, sharing, and backup. This datasheet details its features, hardware specifications, and Synology DSM capabilities for secure private cloud management and collaboration.
Preview Synology SA3200D Product Specifications
Detailed hardware and software specifications for the Synology SA3200D storage solution, including CPU, memory, storage, networking, and software features.
Preview Synology DS2419+II Hardware Installation Guide
A comprehensive guide for the Synology DS2419+II Network Attached Storage (NAS) device, detailing hardware installation, component upgrades like RAM and network cards, drive setup, and initial DiskStation Manager (DSM) installation.
Preview Synology DiskStation DS224+: 紧凑型NAS,适用于小型团队的数据管理与协作
Synology DiskStation DS224+ 是一款紧凑型2槽式NAS解决方案,旨在为小型组织和团队提供集中化数据管理。它支持创建私有云,促进团队协作,并提供用于管理、共享和保护文件、照片、设备和数据的工具。
Preview Synology NAS User's Guide: Mastering DSM 6.2
Comprehensive guide to Synology NAS, covering DiskStation Manager (DSM) setup, features, and advanced tasks. Learn to manage storage, share files, enhance security, and more.
Preview Synology DS923+ Product Manual: Setup, Features, and Troubleshooting
Comprehensive product manual for the Synology DS923+ NAS. Learn about package contents, hardware setup, DSM installation, system maintenance, and troubleshooting. Includes detailed specifications and safety instructions.