We value your privacy

We use cookies to personalize your use of our site. This includes third-party cookies for that we use for advertising and site analytics. See our Privacy Statement and Cookie Policy for more information on how we collect and use data.

Cookie Options
OK
Knowledge Center

Create a Volume

Because a volume is constructed on a storage pool, you need to create a storage pool before a volume can be created. If you have never created a storage pool before, you can go to Storage Manager > Storage and click the Create Now button to start creating a storage pool and volume simultaneously. The first-time creation wizard will guide you through the process.

Create a Volume

You can use the available capacity of a storage pool to create a single volume or multiple volumes. A single volume allows you to store your data in one place; multiple volumes helps to divide the storage space among different users and applications.

To create a volume:

  1. Launch Storage Manager.
  2. Go to the Storage page and click Create > Create Volume.
  3. Choose a storage pool where the volume will be created. Allocate the storage pool capacity as needed, and then click Next:
    • If you want to allocate all of the capacity to the volume, click the Max button.
    • If you want to allocate some of the capacity to the volume, enter a size in the Modify allocated size field. You can use the remaining capacity to create more volumes later.
  4. Select a file system and click Next.
    • Btrfs: We recommend selecting this file system because it supports advanced features, including shared folder snapshots and replication, shared folder quota, and advanced data integrity protection. On certain Synology NAS models and under specific conditions, this file system also allows you to create a Btrfs volume of up to 1 PB in size.
    • ext4: This is a file system used by Linux operating systems. It has fewer hardware requirements and is more readily available in older or entry-level Synology NAS models.
  5. Choose whether to encrypt the volume:
    • If you do not want to encrypt the volume, simply click Next.
    • If you want to encrypt the volume, refer to the Create an Encrypted Volume section for more information.
  6. Confirm the settings and click Apply.

Note:

  • Multiple-volume support: Starting from DSM 7.0, all newly created storage pools come with multiple-volume support, thereby providing higher flexibility. You can choose to create one or multiple volumes in a single storage pool and allocate different capacities for each volume.
  • Volume capacity:
    • The maximum volume capacity varies depending on Synology NAS models.
    • The minimum volume capacity must be at least 10 GB.
    • Volume capacity of less than 1 GB cannot be used. For example, only 100 GB is usable if the total capacity of a volume is 100.5 GB.
    • After volume creation, you can only increase the size of the volume; you cannot decrease the volume size.
  • Volume capacity for metadata:
    • A Btrfs volume reserves up to 4% of space for metadata.
    • An ext4 volume consumes approximately 2% of space for metadata.
  • File systems:
  • Volume creation on a Synology NAS with a single drive bay: A volume will be created automatically once you create a storage pool using the drive installed in the Synology NAS.

Create an Encrypted Volume

Encrypting a volume helps to safeguard your data from unauthorized access in case your device is lost or stolen. All data stored on the encrypted volume, including LUNs and package data, will be protected by an encryption key. Each encrypted volume has its own encryption key, which is accessible only to the system and stored in the Encryption Key Vault.

Note:

  • Find out if your Synology NAS supports volume encryption.
  • Linux Unified Key Setup (LUKS) is used to perform volume encryption. LUKS implements Advanced Encryption Standard (AES) in xts-plain64 mode, which is the current recommended mode.
  • For information on creating and managing encrypted volumes in a high-availability cluster, refer to this article.
  • For information on migrating encrypted volumes, refer to this article.

Set up the Encryption Key Vault

You must enable the vault to use volume encryption.

To enable the Encryption Key Vault:

  1. Go to Storage Manager > Storage.
  2. Click the Global Settings button.
  3. Go to the Encryption Key Vault section and select a location to set up the vault:
    • Local: The Encryption Key Vault is stored locally and requires a password to protect the vault. You need to enter this vault password every time you create or migrate an encrypted volume.
    • KMIP server: The Encryption Key Vault is saved on another Synology NAS through the Key Management Interoperability Protocol (KMIP). To do so, go to Control Panel > Security > KMIP to first configure your KMIP server. Once you have it set up, return to this step.
  4. Click Save.

Note:

  • Avoid setting up the vault on a KMIP server if the DNS Server package is installed on an encrypted volume. This ensures the availability of the DNS Server in case the encrypted volume becomes locked.

Forgotten vault password:

Set up and manage an encrypted volume

To create an encrypted volume:

  1. Follow steps 1 to 4 in the To create a volume section.
  2. Select the Encrypt this volume checkbox. Before clicking Next, note the following:
    • The system will generate an encryption key for the encrypted volume and save the key in the Encryption Key Vault.
    • The system will automatically unlock the encrypted volume if the Encryption Key Vault is available on startup. If the vault is unavailable, the volume will become locked.
    • Encrypting a volume may result in a decrease in performance.
    • Encrypting a volume is an irreversible action. Once an encrypted volume is created, you will not be able to revert it to an unencrypted state.
  3. Confirm the settings and click Apply.

A recovery key for the encrypted volume will be downloaded immediately. Make sure you store it in a secure location.

Recovery key:

  • The recovery key is needed to access an encrypted volume if the Encryption Key Vault is not available. There is one recovery key per encrypted volume.
  • You will not be able to access an encrypted volume if both the Encryption Key Vault and its recovery key are lost.

To regenerate an encrypted volume's recovery key:

If you have lost or did not receive an encrypted volume's recovery key, you can regenerate a new key to replace the original.

  1. Go to Storage Manager > Storage.
  2. Locate the encrypted volume whose recovery key you want to regenerate. Click the volume's ellipsis icon.
  3. Select Settings.
  4. Go to the Recovery Key section and click Regenerate.

A new recovery key will be downloaded immediately. Make sure you store it in a secure location.

To unlock an encrypted volume:

If the Encryption Key Vault is unavailable on startup, the system will not be able to unlock the encrypted volumes. These volumes will become locked and their data inaccessible. In this case, you can only manually unlock each volume using its recovery key:

  1. Go to Storage Manager > Storage.
  2. Locate the encrypted volume you want to unlock. Click the volume's ellipsis icon.
  3. Select Unlock.
    • If the Encryption Key Vault is set to local, do the following:
      1. Click Browse to import the corresponding recovery key.
      2. Make sure the Repair the local Encryption Key Vault checkbox is selected.
      3. Enter the vault password.
      4. Click Unlock to confirm.
    • If the Encryption Key Vault is set on a KMIP server, do the following:
      1. Click Browse to import the corresponding recovery key.
      2. Click Unlock to confirm.
  4. Repeat steps 2 and 3 until all the locked volumes have been unlocked.

Manage the Encryption Key Vault

You can reset the Encryption Key Vault to change its location or reset the vault password. When the vault is reset, all of the encryption keys stored within it will also be reset and replaced with new ones.

To reset the Encryption Key Vault:

  1. Go to Storage Manager > Storage.
  2. Click the Global Settings button.
  3. Go to the Encryption Key Vault section and click the Reset button.
  4. Change the location of the vault or set a new vault password.
  5. Click Reset.
  6. Enter the password of your DSM account and click Submit to confirm.

Important:

  • If you reset DSM, the Encryption Key Vault will be erased and disabled, resulting in your encrypted volumes becoming locked. To regain access to these volumes, you will need to re-enable the vault and use the respective recovery key to unlock each encrypted volume.

Remove a Volume

You can remove a volume that you no longer need. All data on the volume will be removed permanently, including shared folders and packages. Make sure you have a backup of your data before removing the volume.

To remove a volume:

  1. Go to Storage Manager > Storage.
  2. Locate the volume you want to remove. Click the volume's ellipsis icon.
  3. Select Remove.
  4. Make sure to read the instructions on the pop-up window.
    • If you cannot continue because a package or shared folder requires further actions to be taken, click OK to close the window and complete these actions first.
    • If you are sure you want to remove the volume, click Remove to continue.
      • Some services may become partially or completely unavailable after volume removal. Check the list of affected services. If you still want to proceed, click Erase All Data.
  5. Enter the password of your DSM account and click Submit to confirm.

During the removal process, the volume status will change to Removing…Unmounting volume. Once the process is complete, the volume will no longer appear on the Storage page.

Note:

  • Do not shut down the system before volume removal is complete.
  • Some services and packages on DSM may become temporarily unavailable during volume removal. For more information, refer to this article.
Create a Volume
Create an Encrypted Volume
Set up the Encryption Key Vault
Set up and manage an encrypted volume
Manage the Encryption Key Vault
Remove a Volume