Synology ActiveProtect cuts egress fees with Wasabi
The February 10, 2026, partnership between Synology and Wasabi eliminates egress fees to secure enterprise data against rising ransomware threats. This collaboration fundamentally shifts enterprise data protection by merging on-premises hardware with predictable cloud economics. Rather than forcing IT teams to juggle disjointed consoles, the integration embeds Wasabi Hot Cloud Storage directly into Synology ActiveProtect appliances.
Readers will learn how ActiveProtect Manager unifies local and cloud backups into a single interface, removing the friction of complex third-party integrations. We examine how this native S3-compatible destination supports the 3-2-1-1-0 strategy, ensuring organizations maintain verified, off-site copies without architectural bloat. The discussion highlights specific operational gains, such as eliminating API request charges that typically plague long-term retention planning.
Finally, the article details how configuring long-term retention policies becomes straightforward when pricing models avoid hidden costs. By using immutable storage capabilities within this unified workflow, businesses can meet strict compliance demands while guaranteeing recovery readiness. This approach addresses the dual pressures of expanding data footprints and aggressive cyber threats without requiring new management tools.
Immutable Cloud Storage Defines Modern Enterprise Data Protection
Immutable Cloud Storage and the 3-2-1-1-0 Backup Framework
Immutable cloud storage blocks deletion or modification for a fixed retention period, creating a tamper-proof recovery target. According to Partnership Announcement data shows, Synology and Wasabi Technologies announced a new partnership on February 10, 2026. This integration embeds Wasabi Hot Cloud Storage directly into ActiveProtect appliances, enabling operators to enforce the 3-2-1-1-0 framework without external orchestration layers. The framework requires three copies of data, two media types, one off-site location, one immutable copy, and zero errors during verification. According to Backup Frameworks and Key Features, this model emphasizes multiple copies of data, off-site storage, immutability, and regular verification.
ActiveProtect Manager serves as the single control plane, managing replication policies across on-premises disks and cloud buckets simultaneously. Operators gain centralized visibility while eliminating manual scripting for cloud tiering. The architectural tension lies in balancing immediate recovery speed against the latency inherent in fetching large datasets from object storage. Local caches mitigate this delay, yet full-scale restores depend entirely on available bandwidth and egress throttling limits. Organizations must size their local buffer carefully to avoid prolonged downtime during catastrophic failure scenarios.
| Component | Function | Risk Mitigated |
|---|---|---|
| Multiple Copies | Redundancy | Hardware failure |
| Off-Site | Geographic separation | Site disaster |
| Immutability | Write-once protection | Ransomware encryption |
| Verification | Integrity checks | Silent corruption |
Reliance on cloud immutability assumes continuous network availability; a severed link prevents both backup completion and policy updates. Network teams must prioritize redundant internet circuits to maintain the integrity of the off-site immutable copy.
Native off-site replication to Wasabi maintains recoverable backups during ransomware scenarios per Backup Frameworks and Key Features data. This mechanism copies local snapshots directly from ActiveProtect appliances to cloud object storage without third-party scripts. Centralized management across on-premises systems and SaaS platforms reduces the operational surface area for attackers. A single console controls retention policies for thousands of endpoints simultaneously. The drawback involves network bandwidth consumption during initial seed operations. Large datasets can saturate WAN links if replication windows are too narrow. Operators must throttle throughput or use physical seeding appliances to avoid production impact. Financial predictability remains a key differentiator for this architecture. Wasabi avoids egress fees that typically inflate recovery costs in other cloud models. This pricing structure allows frequent integrity checks without budget overruns.
| Feature | Benefit | Constraint |
|---|---|---|
| Native Replication | Eliminates custom scripting errors | Requires stable WAN connectivity |
| Immutable Storage | Prevents encryption by malware | Fixed retention periods apply |
| Centralized Mgmt | Unified view of all assets | Single point of configuration |
Mission and Vision recommends validating restore paths quarterly rather than annually. Infrequent testing often reveals broken credentials or expired keys during actual incidents. Relying solely on automated success logs creates false confidence in disaster recovery readiness. Manual verification of a full volume restore exposes latent configuration drift.
Native Integration Between Synology and Wasabi Streamlines Backup Architecture
ActiveProtect Manager as a Unified S3-Compatible Gateway
ActiveProtect Manager functions as the central orchestrator, treating Wasabi Hot Cloud Storage as a native S3 destination to eliminate separate management consoles. Data shows this partnership introduces native support for Wasabi Hot Cloud Storage into Synology's ActiveProtect line of enterprise backup appliances. At the center of this integration is ActiveProtect Manager, Synology's centralized backup platform. The mechanism maps local backup jobs directly to cloud object buckets using standard S3 APIs, removing the need for intermediate gateways or custom scripts. This architecture consolidates visibility, allowing operators to monitor on-premises disks and cloud replicas within one interface. Large seed transfers can saturate WAN links if throttling policies remain unset. Operators must configure bandwidth limits manually to prevent production degradation during the first full backup cycle. Unlike generic S3 connectors that require manual credential entry and endpoint configuration, this native path reduces misconfiguration risks inherent in complex string parameters. Mission and Vision recommends validating network throughput before enabling real-time replication flags.
Eliminating Egress Fees and API Charges in Long-Term Retention Plans
Wasabi's pricing model removes egress fees and API request charges often cited as barriers to effective cloud backup planning. Organizations pair this structure with Synology backup appliances to plan long-term retention strategies with fewer cost surprises. The approach supports modern frameworks like 3-2-1-1-0 by emphasizing multiple data copies, off-site storage, and immutability. Flexible tiering helps balance on-premises capacity with cloud scalability. Financial planning becomes predictable without hidden charges for data access or movement. Security capabilities and global availability support diverse enterprise workloads.
Configuring Long-Term Retention Policies Ensures Ransomware Recovery
as reported by Defining Immutable S3 Destinations in ActiveProtect Manager
Integration Capabilities and Management, handling local and cloud backups from a single interface eliminates reliance on separate consoles or complex integrations. Operators configure Wasabi Hot Cloud Storage as a native target within ActiveProtect Manager to enforce immutability without external scripts. This process maps standard S3 buckets directly to retention policies, ensuring immutable storage compliance for the 3-2-1-1-0 framework.
- Navigate to the storage provider section in ActiveProtect Manager.
- Select Wasabi from the built-in S3-compatible destination list.
- Apply retention locks to prevent deletion during the set period.
The limitation is that network throughput dictates initial seed duration, potentially delaying full redundancy. Per Integration Capabilities and Management, with Wasabi now available as a built-in S3-compatible destination, organizations can quickly establish off-site backup copies. The consequence involves a dependency on WAN stability; if the link saturates, local disk queues fill, risking job failure. Operators must balance replication frequency against available bandwidth to maintain consistent recovery points.
Implementing Flexible Tiering for Long-based on Term Retention Schedules
Backup Frameworks and Key Features, flexible tiering balances on-premises capacity with cloud scalability. Administrators configure ActiveProtect Manager to map local jobs directly to Wasabi Hot Cloud Storage buckets using standard S3 APIs. This mechanism shifts aged data from expensive disk arrays to object storage without manual intervention scripts. The trade-off involves initial network saturation during the first full replication cycle. Large datasets can stall production traffic if bandwidth throttling policies remain undefined in the transfer profile.
- Access the storage provider menu within ActiveProtect Manager.
- Select Wasabi as the built-in S3-compatible destination.
- Define retention periods that trigger automatic tiering rules.
- Apply immutable locks to satisfy 3-2-1-1-0 compliance requirements.
- Schedule replication windows to avoid peak business hours.
- Monitor throughput metrics to adjust throttle limits dynamically.
According to Backup Frameworks and Key Features, a predictable cost structure enables financial planning without hidden charges for data. Unlike variable pricing models, this approach removes egress fees that typically penalize recovery testing. The consequence is that operators often overlook the latency impact of retrieving terabytes from cold tiers during an active incident. Recovery time objectives may slip if warm cache layers are not sized to buffer cloud retrieval speeds. Mission and Vision recommends sizing local disk caches to hold at least one full day of critical restore data.
About
Marcus Chen, Cloud Solutions Architect and Developer Advocate at Rabata. Io, brings critical expertise to the discussion on Synology ActiveProtect Appliances and cloud integration. Having previously served as a Solutions Engineer at Wasabi Technologies, Marcus possesses direct, firsthand knowledge of the very partnership between Synology and Wasabi detailed in this article. His daily work involves architecting scalable S3-compatible storage solutions for enterprise clients, making him uniquely qualified to analyze how native cloud support impacts backup reliability and ransomware recovery. At Rabata. Io, a provider focused on high-performance, cost-transparent object storage, Marcus applies these insights to help organizations navigate complex data compliance and volume challenges. This specific background allows him to objectively evaluate the technical merits of integrating hot cloud storage into enterprise backup appliances. His perspective bridges the gap between vendor announcements and practical implementation, offering readers a clear understanding of how these collaborations simplify data protection strategies in an era of aggressive cyber threats.
Conclusion
Scaling Synology ActiveProtect beyond pilot phases reveals a critical friction point: network saturation during initial cloud seeding often stalls production traffic, rendering theoretical RPOs useless. While the flat-rate economics of object storage eliminate egress anxiety, the operational reality demands rigorous bandwidth throttling that many administrators neglect until queues back up. The hidden cost here is not financial but temporal; retrieving terabytes from cold tiers during a crisis without a properly sized local warm cache will inevitably breach your recovery time objectives. You cannot rely on WAN stability alone when every minute of downtime compounds business loss.
Organizations must mandate a hybrid architecture where local disk caches are sized to hold at least one full day of critical restore data before migrating legacy archives to the cloud. This transition should occur within the next quarterly maintenance window to ensure durability before the next fiscal audit cycle. Do not attempt a "lift and shift" of your entire dataset simultaneously; instead, prioritize active datasets for local retention while tiering only static compliance logs to the cloud immediately. Start this week by auditing your current WAN throughput against your largest planned replication job to calculate the exact throttle limits required to prevent production impact. Only by defining these hard constraints now can you ensure your backup strategy remains an asset rather than a bottleneck during an actual incident.