How to attach encrypted HFS+ drives to a network?

leeuk321

macrumors newbie
Original poster
Jul 21, 2018
27
14
I know that people have asked this sort of question before, but I've always found it geared specifically for their own equipment, rather than in a general sense. How do users out there attach an encrypted drive to a network, be it a hard drive or raid, be it attached via ethernet or via a USB port on a router?

Basically the way I work is that I have a 12" Macbook that I sometimes use on my breakfast bar and couch, and other times on the desk with my portable drive attached. I also have another external drive for time machine backups. What I'd like is to be able to have both external HFS+ drives (or at least one of them) attached to my network somehow. I'm willing to work towards upgrading my drives or network equipment to make this happen, so I'm not looking for a specific solution to specific equipment. I'd like to keep it as home-friendly as possible though, ideally I want to avoid having part of my house look like an IT room.

I want the encryption at drive-level, whether it be by the drive itself being encrypted, or the volume(s) on the drive, or the data itself (i.e. encrypted data on a non-encrypted drive). I don't want the encryption via the router, because I want to protect not only against hacking, but also the unlikely case of physical theft (I clone my time machine drive to an offsite drive to protect against data loss in the case of theft).

I need to upgrade my router anyway (it's about ten years old probably), so that's going to be the first port of call I'd say. I've looked at routers like the Netgear R7800 X4S router, which has 2 x USB 3.0 ports and handles several file systems including HFS and HFS+. But, this might be the wrong way of thinking, I'm not sure. Maybe I need a couple of different network devices in unison, I don't know.

If anyone could shed any light on how people generally go about using encrypted drives for their Mac I'd really appreciate it!

Cheers,
Lee
 

Mikael H

macrumors 6502a
Sep 3, 2014
649
281
I know that people have asked this sort of question before, but I've always found it geared specifically for their own equipment, rather than in a general sense. How do users out there attach an encrypted drive to a network, be it a hard drive or raid, be it attached via ethernet or via a USB port on a router?

Basically the way I work is that I have a 12" Macbook that I sometimes use on my breakfast bar and couch, and other times on the desk with my portable drive attached. I also have another external drive for time machine backups. What I'd like is to be able to have both external HFS+ drives (or at least one of them) attached to my network somehow. I'm willing to work towards upgrading my drives or network equipment to make this happen, so I'm not looking for a specific solution to specific equipment. I'd like to keep it as home-friendly as possible though, ideally I want to avoid having part of my house look like an IT room.

I want the encryption at drive-level, whether it be by the drive itself being encrypted, or the volume(s) on the drive, or the data itself (i.e. encrypted data on a non-encrypted drive). I don't want the encryption via the router, because I want to protect not only against hacking, but also the unlikely case of physical theft (I clone my time machine drive to an offsite drive to protect against data loss in the case of theft).

I need to upgrade my router anyway (it's about ten years old probably), so that's going to be the first port of call I'd say. I've looked at routers like the Netgear R7800 X4S router, which has 2 x USB 3.0 ports and handles several file systems including HFS and HFS+. But, this might be the wrong way of thinking, I'm not sure. Maybe I need a couple of different network devices in unison, I don't know.

If anyone could shed any light on how people generally go about using encrypted drives for their Mac I'd really appreciate it!

Cheers,
Lee
Generally speaking, the encryption on the drive itself doesn't matter over the network, because by connecting it to a computer and unlocking it for use, the operating system on the computer has access to the storage. In other words, such a drive is - from a usability standpoint - effectively not encrypted until you unmount it and disconnect it. Or - if the device you've connected the drive to can't deal with the encryption - the drive is encrypted and unusable until you connect it to something that can deal with it.

Let's take a step back and figure out what you really want to achieve:
- Do you want to reach specifically HFS+ formatted drives over the network, or do you want to reach data that currently resides on HFS+ formatted drives over the network? There's a difference between the two, both in how to best accomplish it, and in how flexible the solutions for accomplishing these things are.

- Do you want to be able to reach these drives (or their contents) within your home network, or be able to access them via the Internet?

- Do you have performance requirements for reaching these files?
 

Howard2k

macrumors 68030
Mar 10, 2016
2,730
1,979
The "drive attached to router" approach is a weak one. It seems like the router manufacturers figured they could "bolt on" the feature with minimal effort and use it to sell more routers. I've never seen a good implementation of this. I am sure there are some that work well, I have obviously not tried every one out there, but I've tried enough to determine it's just not a great solution (at least the way I was using it). I suspect you'll find that encryption won't be supported by the router. Not at the volume level anyway.

Certainly give it a shot if your router has the ability. Just don't set your expectations too high.

Best bet is to buy a NAS. I've used a ZyXEL NAS in the past and use a Synology NAS today. It's a far more capable and scalable approach. More expensive too, far more expensive, but spend some time messing around with a HDD attached to a router and you'll probably see the value there soon enough.

The WD NAS devices are cheap but they're not hugely "smart" (limited feature set) and I don't believe they have user-replaceable HDDs. Some are single drive configurations too, so you're not protected against a HDD failure.

The Synology range (along with QNAP) tend to get good reviews. And as I mentioned, I've used ZyXEL before too. I keep my iTunes library on my NAS. My Lightroom library is split between local storage and NAS. And I also do a Time Machine backup to my NAS. Remotely I can VPN into my home network and get to my NAS from anywhere. The Synology range also has a series of apps for iOS which I can use to access my files from iOS. They're not super incredible, but they're pretty decent. I'm using a Synology DS218j. It also functions as a web proxy, and I use it as a DLNA server so can stream movies from the NAS to my PS4 (and other DLNA aware devices).

Another consideration, especially if you're upgrading your router, is to ensure that you can maximize your bandwidth. I was using a Netgear R6300v2 which was rock solid, until it suddenly wasn't. It worked fantastically and while it worked it was one of the most reliable pieces of home networking equipment I've used. It recently failed and I replaced it with the Dlink DIR-878. The 12" MacBook has 802.11ac (wave 1) in a 3x3 configuration so can support up to 1.3Gb/s. For routers, you need AC1750 or higher. The DLink DIR-878 is marked as AC1900 but it's actually AC2600. It's the DIR-882 without the USB ports (ironically) but they market it as AC1900 for product positioning. It doesn't support 160Mhz right now though. That may come in a future update. But it does support MU-MIMO. Your MacBook doesn't support either 160MHz or MU-MIMO but your next one might. The Netgear supports both MU-MIMO and 160Mhz out of the box. 160MHz is limited use if your neighbours are running 5GHz; it's a great feature to have but won't be useful in all scenarios. R7800 US$200, DIR-878 US$120. Maybe that's an $80 saving towards a NAS. :D I'm sure the Netgear is a great router all the same, and as I mentioned, my previous router was a Netgear too.

Finally, don't forget that even with a decent fault tolerant NAS, you need to backup the NAS too, so you'll need a decent capacity external drive (or two) so you can regularly copy the files off your NAS just in case.

@Mikael H asks some good questions.
 

leeuk321

macrumors newbie
Original poster
Jul 21, 2018
27
14
Thanks for both of your in-depth replies, I really appreciate it. Firstly, @Mikael H thanks for your input, greatly appreciated, and in answer to your questions:

- Do you want to reach specifically HFS+ formatted drives over the network, or do you want to reach data that currently resides on HFS+ formatted drives over the network? There's a difference between the two, both in how to best accomplish it, and in how flexible the solutions for accomplishing these things are.
If the solution entails using another type of disk format, and I could still connect to the drive via the router, then that'd be fine. I guess what I meant was that at the moment I have two portable USB drives that I physically connect to my Macbook via USB cable, that are HFS+ formatted and encrypted. So, I figured that I would need to keep these drives formatted this way if I was to connect them to the router via USB. If it's the case of only being able to have one or the other, as in either having the drives encrypted but having to directly connect to them from my Macbook via USB, or having them connected to the router via USB but not having them encrypted, then I'd choose to just keep them encrypted and directly connecting to them. I'd be happy to have my drives as another format if it somehow provided a solution.

- Do you want to be able to reach these drives (or their contents) within your home network, or be able to access them via the Internet?
I only want to be able to access them from my home network. If there's an easy option for accessing them from the internet, that might be something that could come in handy for the future, but it's not an essential feature that I'm looking for.

- Do you have performance requirements for reaching these files?
The two drives are basically a time machine drive, and a 'stuff' drive. 'Stuff' being photos, music (including my iTunes library), old documents, etc. I keep my day-to-day files on the Macbook itself, which I sync to iCloud, and if I'm doing a project (e.g. a graphics project, webdesign, whatever) then I'd typically work off it from my main computer and then lay it off to my stuff drive long after I'm finished. So, apart from playing music, I'm never really asking much from my 'stuff' drive. I don't do anything performance-intensive from it, like stream movies or transcode videos.

@Howard2k thanks for your input, much appreciated. I had my suspicions that maybe the drives being attached via USB to a router would have it's limitations. And in any case, I suspect that I might have hit a wall in terms of the issues of drive formatting and encryption, which is a line in the sand that I wouldn't want to go past (i.e. whether networked or not, I have to be able to readily access the drives from my Macbook and they have to both be encrypted).

The Synology NAS that you mentioned sounds good, and I think that maybe NAS might be the direction I have to go in. Does that mean that you can encrypt the drives and access them via the router? I'm assuming that the NAS connects straight to the router via an ethernet port? So, if let's say someone broke in and stole the my Macbook (password protected), router and NAS, and then felt inclined to try their best to have a snoop around, I'm assuming that they'd be locked out from all angles (e.g. connecting the NAS up to the router, taking the drives out of the NAS and mounting them directly, etc)? It's not as if I have anything sensitive on any drives really, it's just the idea of a thief having a big rummage around my drives makes my stomach turn. They probably wouldn't have any interest in it, but still.

In terms of the router, I was looking at the Netgear R7800 because it ticked a lot of boxes for what I was looking for in a router, which was:
- 2 x USB 3.0 ports
- 4 or more LAN ports
- Guest network
- Excellent wifi range
- 802.11ac
- Dual-band or tri-band
- Good reviews
- Reasonable price

To be honest, I ruled a lot of other routers out because they only had one (or none) USB 3.0 port. But, it sounds like that feature won't be needed now, if the option to attach an encrypted drive via the router is off the table. So, maybe another router like the Dlink would suit my needs better?

Is there anything to look out for in terms of pairing up a router and NAS drive, like anything that would make either more 'Mac friendly' or 'Encryption friendly' or anything?

Cheers,
Lee
 

Mikael H

macrumors 6502a
Sep 3, 2014
649
281
@leeuk321,
From my admittedly limited experience with "routers-as-a-NAS", I think you'd be disappointed with the performance if you used your "stuff" drive across the network with a weak MIPS or ARM CPU to drive the solution. A slightly more powerful NAS would be better but still considerably slower than a speedy direct attached drive.

If the router you're looking at is capable of emulating a Time Capsule, that's pretty much the only use I would seriously consider for a router with attached storage. If it can't do encrypted HFS+, you should be able to present any type of supported storage from it and instead choose to encrypt your Time Machine backups from within your computer's preferences.
 

Howard2k

macrumors 68030
Mar 10, 2016
2,730
1,979
The Synology supports encryption. I suspect the vast majority all do, but not totally sure.

https://www.synology.com/en-global/knowledgebase/DSM/tutorial/File_Sharing/How_to_encrypt_and_decrypt_shared_folders_on_my_Synology_NAS


Key things I would look for:

* Time Machine support
* AFP support
* RAID support (disk mirroring)

Other handy features
* Web proxy
* Download agent
* DLNA service
* VPN (although I terminate VPN sessions on my router)



I would do a quick search here for QNAP and Synology, and check the reviews online. I don't think you can really go wrong with those two brands.

Also be wary about HDDs. It's probably worth spending the few extra dollars per HDD to get a NAS drive. They tend to run a little cooler.

Yes, you will use a Gigabit Ethernet connection from your NAS to your router, and from there it will bridge to your wifi clients.
 
  • Like
Reactions: Mikael H