Menu
Cart

How to Enable Immutable Snapshots on Synology DSM 7

How to Enable Immutable Snapshots on Synology DSM 7

Ransomware attacks are no longer limited to encrypting files. Modern threats actively attempt to delete backups and snapshots before locking your data. That is why immutable snapshots in Synology DSM 7 are a critical security feature.

Immutable snapshots prevent modification or deletion for a defined retention period. Even administrators cannot remove them until that period expires. This makes them one of the most powerful defenses against ransomware and accidental data loss.

This guide explains how to enable immutable snapshots on Synology DSM 7 and configure them correctly.

What Are Immutable Snapshots?

A snapshot captures the state of a shared folder or LUN at a specific point in time. Normally, administrators can delete snapshots manually. Immutable snapshots change that.

When immutability is enabled:

  • Snapshots cannot be deleted before retention expires

  • Snapshot settings cannot be altered

  • Even admin accounts cannot bypass the lock

This ensures recovery points remain intact even during a compromised account scenario.

Requirements Before Enabling Immutable Snapshots

Immutable snapshots are available only on supported models running DSM 7.x and using the Btrfs file system.

Before proceeding, confirm:

  • Your volume uses Btrfs

  • Snapshot Replication package is installed

  • DSM is updated to the latest stable release

You can verify your file system type under Storage Manager → Volume.

Step 1: Install Snapshot Replication

Open Package Center and install Snapshot Replication if it is not already installed.

Launch the Snapshot Replication application from the DSM main menu.

This tool manages all snapshot policies and retention settings.

Step 2: Select a Shared Folder

Inside Snapshot Replication:

  • Go to the Shared Folder tab

  • Select the folder you want to protect

  • Click Settings

Choose folders that contain business-critical data such as Projects, Finance, or HR.

Avoid applying immutability to temporary or non-critical folders to prevent unnecessary storage growth.

Step 3: Configure Snapshot Schedule

Enable snapshot scheduling and define how often snapshots should be created.

Common configurations include:

  • Every 5 minutes for critical documents

  • Every 15 minutes for active collaboration folders

  • Hourly for general shared storage

The more frequent the snapshots, the smaller your potential data loss window.

Step 4: Enable Snapshot Retention and Immutability

Under the Retention section:

Enable snapshot retention policy.

Then activate immutable snapshots by selecting the lock option.

You will define a retention period, for example:

  • 7 days

  • 14 days

  • 30 days

During this period, snapshots cannot be deleted or altered.

Choose retention carefully. Once enabled, immutability cannot be shortened for existing snapshots.

Step 5: Apply and Confirm

After applying settings, verify:

  • Snapshots are being created on schedule

  • The lock icon appears next to immutable snapshots

  • Retention duration displays correctly

You can test recovery by browsing snapshots and restoring a file version, but you cannot delete locked snapshots until expiration.

How Immutable Snapshots Protect Against Ransomware

Ransomware often attempts to:

  • Encrypt live files

  • Delete shadow copies

  • Remove backup versions

Immutable snapshots prevent the third step.

Even if attackers gain administrator credentials, they cannot delete locked snapshots before the retention period ends. This guarantees recovery points remain intact.

Combined with proper backup strategy, immutability significantly strengthens NAS security posture.

Best Practices for Using Immutable Snapshots

For maximum protection:

  • Combine immutable snapshots with offsite backups

  • Enable multi-factor authentication on admin accounts

  • Restrict SSH access

  • Use strong password policies

  • Monitor snapshot storage growth

Snapshots consume storage space as data changes. Monitor Storage Manager regularly to avoid unexpected capacity issues.

Immutable Snapshots vs Backup

Snapshots protect against recent corruption and ransomware. They are fast and local.

Backups protect against:

  • Hardware failure

  • Physical damage

  • Complete NAS compromise

Immutable snapshots are not a replacement for Hyper Backup or offsite replication. They are an additional protective layer.

A layered strategy is always stronger than a single tool.

Common Mistakes to Avoid

Do not:

  • Enable immutability without planning retention duration

  • Apply immutability to entire volumes without storage assessment

  • Assume snapshots replace offsite backups

  • Ignore storage growth from frequent snapshot schedules

Proper planning ensures performance and capacity remain stable.

About Epis Technology

Epis Technology helps organizations deploy immutable snapshot policies within secure Synology DSM 7 environments. We design retention schedules, storage planning models, and layered backup architectures that protect against ransomware and insider threats. By combining snapshot immutability with hybrid cloud backup strategies, Epis Technology ensures business data remains recoverable and compliant.

Related Posts