Synology Snapshots Explained: Complete 2026 Guide with Immutable Protection

Synology Snapshots provide instant point-in-time recovery for NAS data, protecting against accidental deletion, ransomware encryption, and file corruption. Unlike traditional backups that copy entire datasets, snapshots use Btrfs copy-on-write technology to track only the changes, making them near-instantaneous and storage-efficient.

The industry standard for business environments is Immutable Snapshots (WORM - Write Once, Read Many), standardized in DSM 7.2. This prevents even administrators—or compromised admin accounts—from deleting snapshots for a defined retention period, providing ransomware-resistant protection that is now mandatory for enterprise deployments.

This guide covers everything from basic snapshot configuration to advanced immutable protection and off-site replication strategies. If you're evaluating NAS options, see our Synology NAS Business Guide for model comparisons.

---

Key Takeaways

---

How Do Synology Snapshots Work?

Synology Snapshots use Btrfs copy-on-write technology to create point-in-time reference markers of your data. Unlike full backups, they take up near-zero storage space initially and only consume space when files are modified or deleted.

Under the hood, Synology Snapshots leverage the Btrfs file system's "Copy-on-Write" (CoW) architecture. When you create a snapshot, the NAS doesn't duplicate the data; it simply records the state of the metadata at that exact moment.

If you edit a 10GB video file, the system only saves the changed bits (deltas) rather than rewriting the entire 10GB. This makes snapshots near-instantaneous and extremely storage-efficient, allowing you to keep thousands of versions without overwhelming your drives.

Example: How CoW Works in Practice

• Initial snapshot: Takes <1 second, uses ~0MB (just metadata)
• Edit 100MB of a 10GB file: Next snapshot stores only the 100MB delta
• Delete the file: Original data preserved in snapshot until retention expires
• 1000 snapshots: Typically use <5% of total volume space

---

What Are Immutable Snapshots (WORM)?

Immutable Snapshots create a Write Once, Read Many (WORM) state that prevents deletion for a defined period, even by administrators. This is the primary defense against ransomware attacks that target backup systems.

Standardized in DSM 7.2, Immutable Snapshots address a critical vulnerability: traditional snapshots can be deleted by anyone with admin privileges. When ransomware gains admin access (through credential theft or privilege escalation), it typically:

1. Deletes all snapshots and backups
2. Encrypts the live data
3. Demands ransom

How Immutability Blocks This Attack

With immutable snapshots configured for a 7-day protection period:

• Day 1: Ransomware infects the system and gains admin access
• Day 1: Attacker attempts to delete snapshots → BLOCKED by WORM protection
• Day 1: Attacker encrypts live data
• Day 1: You discover the attack and roll back to a snapshot from 2 hours ago
• Result: Zero data loss, minimal downtime

Compliance & Enterprise Use

Immutable Snapshots meet regulatory requirements for:

• FINRA (financial services)
• HIPAA (healthcare)
• SEC Rule 17a-4 (securities)
• GDPR (data protection)

This makes Synology NAS systems viable for industries that previously required dedicated WORM appliances.

---

How Do I Enable Synology Snapshots?

Install the "Snapshot Replication" package from the Package Center. Open the app, navigate to "Snapshots," select a Shared Folder, click "Settings," and check "Enable Snapshot Schedule." Ensure your volume is formatted as Btrfs.

Snapshots require the Snapshot Replication package (standard on all Plus-series models and above). If you're looking for a reliable NAS with Btrfs support, the Synology DS925+ is the current 4-bay flagship model, while the DS923+ offers excellent value for small businesses.

Step 1: Verify Prerequisites

1. Check File System: Ensure your volume uses Btrfs

   • Go to Control Panel > Storage Manager
   • Select your volume and verify "File System: Btrfs"
   • Snapshots do not work on EXT4 volumes
   • Critical: Migrating from EXT4 to Btrfs requires a full volume format (complete data wipe). You must backup all data first, format the volume as Btrfs, then restore. There is no in-place conversion.

2. Verify DSM Version: For immutable snapshots, you need DSM 7.2 or later

   • Go to Control Panel > Info Center
   • Check DSM version under "System"

Step 2: Install Snapshot Replication

1. Open Package Center
2. Search for "Snapshot Replication"
3. Click Install
4. Launch the app after installation

Step 3: Configure Snapshot Schedule

1. In Snapshot Replication, go to Snapshots tab
2. Select a Shared Folder from the list
3. Click Settings button
4. Check "Enable Snapshot Schedule"

Recommended Schedule Settings:

Step 4: Enable Immutable Snapshots (CRITICAL)

1. In the same Settings window, go to Advanced tab

2. Check "Enable Immutable Snapshots"

3. Set Protection Period:

   • 7 days: Minimum recommended
   • 14 days: Standard for most businesses
   • 30 days: High-security environments

4. Click OK to save

Step 5: Make Snapshots Visible to Users (Optional)

This feature allows non-technical users to recover their own files without IT assistance:

1. In Settings > Advanced tab

2. Check "Make snapshot visible"

3. Choose visibility option:

   • #snapshot (recommended): Creates a visible folder in network shares
   • .snapshot (hidden): Requires users to manually type the path

4. Enable "Allow users to access snapshot" for self-service recovery

Storage Capacity Planning

Rule of thumb: Allocate 10-20% of your volume capacity for snapshots

• Low-change data (archives): ~5-10% overhead
• Medium-change data (documents): ~10-15% overhead
• High-change data (databases, VMs): ~15-25% overhead

Monitor snapshot consumption in Snapshot Replication > Snapshots > [Select folder] > Action > Calculate Snapshot Size

For optimal snapshot performance, consider using enterprise-grade NAS drives like the Seagate IronWolf Pro 18TB or WD Red Pro 22TB, which are designed for 24/7 operation and handle Btrfs workloads efficiently.

---

How Can I Recover Files from a Snapshot?

Users can recover files via the #snapshot folder in Windows File Explorer or macOS Finder if "Make Snapshot Visible" is enabled. Administrators can perform full folder rollbacks using the Snapshot Replication app on the NAS.

You have three recovery options depending on the severity of the data loss:

Method 1: Self-Service Recovery (End Users)

If you enabled "Make snapshot visible" in the Advanced settings, users will see a #snapshot folder inside their network share.

Alternative: Mount as Virtual Drive (Advanced)

Administrators can mount any snapshot as a read-only virtual shared folder in File Station:

1. Open Snapshot Replication > Snapshots
2. Select a snapshot and click Mount
3. The snapshot appears as a separate shared folder (e.g., "Documents_snapshot_2026-01-20")
4. Browse the entire snapshot without restoring anything
5. Unmount when finished

This is useful for verifying data integrity before performing a full rollback.

Windows Users:

1. Open File Explorer and navigate to your network share
   • Example: \\NAS-SERVER\Documents
2. You'll see a #snapshot folder at the top of the directory
3. Open #snapshot to see timestamped folders:

   #snapshot/
   ├── @GMT-2026.01.20-09.00.00/
   ├── @GMT-2026.01.20-10.00.00/
   ├── @GMT-2026.01.20-11.00.00/
   └── @GMT-2026.01.20-12.00.00/
   

4. Browse to the timestamp before the file was deleted/corrupted
5. Copy (not move) the file back to the live directory

Alternative: Windows Previous Versions

1. Right-click any folder in the network share
2. Select Properties > Previous Versions tab
3. Choose a restore point from the list
4. Click Restore or Open to browse

macOS Users:

1. Open Finder and connect to your NAS share
   • Go > Connect to Server (smb://NAS-SERVER)
2. Navigate to the shared folder
3. The #snapshot folder appears as a regular directory
4. Browse timestamped folders and copy files back

Method 2: Single File Restore (Administrator)

For users without direct snapshot access:

1. Open Snapshot Replication app
2. Go to Snapshots tab
3. Select the shared folder
4. Click Recovery button
5. Choose "Browse and restore individual files"
6. Select the snapshot timestamp
7. Navigate to the file location
8. Check the files to restore
9. Choose restore location:
   • Original location (overwrites current file)
   • New location (creates a copy)
10. Click Restore

Method 3: Full Folder Rollback (Disaster Recovery)

In the event of ransomware encryption or catastrophic corruption:

Safety Tip: Clone Before Reverting

Before performing a destructive rollback, you can clone a snapshot to a new folder to test the data:

1. In Snapshot Replication, select the snapshot
2. Click Clone instead of Revert
3. Choose a new destination folder (e.g., "Documents_Recovery_Test")
4. Verify the cloned data is intact
5. Only then proceed with the live folder revert

This prevents accidentally reverting to a corrupted snapshot.

Full Rollback Procedure:

1. Open Snapshot Replication app
2. Go to Snapshots tab
3. Select the affected shared folder
4. Click Recovery button
5. Choose "Revert the shared folder"
6. Select the snapshot timestamp (e.g., 1 hour before attack)
7. WARNING: This will overwrite ALL current data in the folder
8. Click Revert

Recovery Speed:

• Instant metadata switch (~5-30 seconds regardless of data size)
• A 5TB folder reverts as fast as a 5GB folder
• No data copying occurs—Btrfs simply switches the active snapshot pointer

---

Are Synology Snapshots the Same as Backups?

No. Snapshots are stored on the same volume as the original data and depend on the drive's health. Backups (via Hyper Backup) are independent copies stored on separate hardware or clouds. You need both for a 3-2-1 strategy.

Do not confuse snapshots with backups. If your RAID volume crashes or the physical NAS is destroyed by fire, your local snapshots are lost along with the data.

Snapshots vs. Backups Comparison

Verdict

Real-World Scenario Examples

Scenario 1: Accidental File Deletion

• Problem: User deletes critical spreadsheet at 2:00 PM
• Solution: Snapshot recovery from 1:00 PM snapshot
• Recovery Time: 30 seconds
• Why not backup? Backup runs at midnight, would lose 14 hours of work

Scenario 2: Ransomware Attack

• Problem: Ransomware encrypts data at 3:00 AM
• Solution: Immutable snapshot from 2:00 AM (attacker cannot delete due to WORM protection)
• Recovery Time: 2 minutes for full folder revert
• Why not backup? Backup might not have run yet, or restore takes hours

Scenario 3: NAS Hardware Failure

• Problem: RAID controller fails, all volumes inaccessible
• Solution: Restore from Hyper Backup to replacement NAS
• Recovery Time: 4-8 hours (depending on data size)
• Why not snapshot? Snapshots are on the failed volume—completely inaccessible

Power Protection Recommendation: Protect your NAS from power-related failures with a quality UPS like the APC Smart-UPS 2200VA or CyberPower CP1500 to ensure graceful shutdowns during outages.

---

Snapshot Replication: Off-Site Protection

Snapshot Replication copies snapshots to a second Synology NAS (on-site or remote) for near-instant disaster recovery. Unlike Hyper Backup, which requires full restoration, replicated snapshots can be activated immediately if the primary NAS fails.

This is the enterprise-grade solution for businesses that cannot tolerate extended downtime.

How Snapshot Replication Works

1. Initial Replication: Full copy of data to destination NAS (one-time, can take hours to weeks depending on data size and bandwidth)
2. Ongoing Replication: Only snapshot deltas are transferred (fast, efficient)
3. Failover: If primary NAS fails, activate the replicated share on the secondary NAS
4. Failback: When primary is restored, reverse-replicate changes back

Setup Requirements

• Two Synology NAS devices (both with Btrfs support) - Consider a DS925+ for the primary site and a DS923+ for the backup location
• Network connection between sites (VPN for remote replication) - See our NordLayer Business VPN Review for secure site-to-site connectivity
• Snapshot Replication package on both devices
• Sufficient storage on destination NAS

Configuration Steps

1. On primary NAS, open Snapshot Replication
2. Go to Replication tab
3. Click Replicate button
4. Choose "Replicate shared folder snapshots to another Synology NAS"
5. Enter destination NAS details:
   • IP address or hostname
   • Admin credentials
   • Destination shared folder
6. Set replication schedule:
   • Real-time: Immediate replication (requires good bandwidth)
   • Scheduled: Every 15 min, hourly, or daily
7. Enable "Encrypt replication transfer" for security
8. Click Apply

Replication vs. Hyper Backup

The 3-2-1 Backup Strategy with Snapshots

---

Final Thoughts

Synology Snapshots have evolved from a convenient "undo" feature to an enterprise-grade ransomware defense system. The introduction of Immutable Snapshots (WORM) in DSM 7.2 makes Synology NAS devices viable for industries with strict compliance requirements, while the combination of local snapshots, replication, and cloud backups provides comprehensive protection against all data loss scenarios.

Key Implementation Checklist:

• ✅ Verify Btrfs file system on all volumes
• ✅ Update to DSM 7.2 or later
• ✅ Enable snapshot schedules with GFS retention
• ✅ Enable Immutable Snapshots with 7-14 day protection
• ✅ Make snapshots visible for self-service recovery
• ✅ Configure replication to second NAS (if available)
• ✅ Set up Hyper Backup to cloud or external drive
• ✅ Test recovery procedures quarterly

For businesses managing critical data, the combination of immutable snapshots and off-site replication provides recovery capabilities that previously required dedicated enterprise storage systems costing tens of thousands of dollars.

Ready to implement a professional snapshot strategy? Our team can help you configure Synology snapshots, set up replication, and design a complete 3-2-1 backup architecture tailored to your business needs.

---

Related Resources

• Synology NAS Review: Business Guide – Complete Synology NAS buying guide
• UGREEN vs Synology NAS Comparison – Alternative NAS options
• iDrive Business Review – Cloud backup solution for the 3-2-1 strategy
• NordLayer Business VPN Review – Secure VPN for remote NAS replication
• Small Business Network Security Audit Guide – Protect your entire infrastructure