Securing Storage Made Easy with Let’s Encrypt

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG). Lets-Encrypt-SME

Read more at About Let’s Encrypt

Storage Made Easy recommends all traffic to be secured with encryption, as a matter of fact, by default we enforce the user of HTTPS communication. That said the software ships with self-signed certificates, to get you started, and when you first connect you will be greeted by an Invalid Certificate message in most browsers as self-signed is fine for pre-production, setup and testing but real certificates need to be added for production. In this post I will show you how to setup a free of charge, trusted certificate with our product.

Continue reading →

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

My Favourite Feature: The SME Client Ecosystem

My name is Erik, I work as Director of Engineering, Storage Made Easy in the US. I want to share my favorite SME feature with you. Some day’s life gets hectic, and it is not just work I am talking about. As you can use all SME features in a personal account, this post will focus on enterprise deployments.

As an IT department, it is hard to respond to every demand. First the users, there is some combination of “access anywhere”, “BYOD”, “VPN free”, “faster”, “bigger”, etc. Then as a manager your requirements are something like this: Continue reading →

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to Cloud enable on-premises (onsite) Windows CIFS File Shares

One of the predominant use cases that companies have is to enable file sync and mobile access to file share data that lives behind the corporate firewall without the need for a VPN and without reconfiguring permissions whilst using Active Directory or LDAP for authentication.

In many cases this is done for compliance or security reasons or perhaps because there has been a  large investment in internal storage that has yet to be realised.

Cloud File Server Architecture

Accessing files over CIFS/SMB network over VPN using a mobile network is possible but access can be patchy, clients apps limited and it is often extremely slow.

The Storage Made Easy enables this using its built in CIFS connector. This blog post will step through how to cloud enable Windows file shares.

Continue reading →

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Top 10 things you should demand from your OpenStack Swift File Sync and Share vendor

OpenStack Swift file sharing

OpenStack Swift is more than an enabler to store large amounts of unstructured data. The massive scalability, geographic dispersion, and REST API Access are a way to achieve some compelling use cases, of which the most popular is undoubtedly file sharing.

In the past Enterprise File Share and Sync has been more traditionally associated with file-based storage platforms but as such storage platforms struggle to scale and don’t naturally lend themselves to be web accessible pairing Enterprise File Share and Sync with object storage solutions such as OpenStack Swift has become much more compelling for enterprises. Not only from an ease of use perspective but also from an ROI perspective.

This post looks at the “must have” features that should be demanded from an OpenStack Swift Enterprise Sync and Share vendor.

Continue reading →

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Bash Vulnerability – shell shock fix

You may be aware that overnight a vulnerability was discovered that affects all Unix / Linux based operating systems that use the bash shell.

The details of this can be found at: https://access.redhat.com/articles/1200223

A vulnerability is just that. It can makes the system vulnerable to an exploit in certain scenarios but it does not mean that any Linux based system that uses bash has been or may have been exploited.

From details of the exploit we see that the way in which the SME appliance could have been affect is as follows:

Bug affecting Apache httpd server

Specifics of how it can affect:

“CGI scripts are likely affected by this issue: when a CGI script is run by the web server, it uses environment variables to pass data to the script. These environment variables can be controlled by the attacker. If the CGI script calls Bash, the script could execute arbitrary code as the httpd user. mod_php, mod_perl, and mod_python do not use environment variables and we believe they are not affected”

As the SME system uses user mod_cgi only with perl and does not spawn a shell it is not affected by this bug.

Bug Affecting Secure Shell

Secure Shell (SSH) is also affected if users can access the system over SSH and launch a bash shell. This is unlikely as if SSH access is unauthorised it is likely the system is compromised in any case.

We have already patched our own sites and IaaS instances when the bug was discovered and notified customers. If you are running a trial or any other version of the SME Appliance you can update the bash shell to remove the vulnerability using the below instructions:

What you should do to patch your Appliance

Log in as smeconfiguser
#after login su as root (if you do not have the superuser password please contact support@storagemadeeasy.com)
yum update bash

This will update the bash shell and remove the vulnerability.

If you have any questions or need any further help do not hesitate to contact support.

**Update 26th September**

With regards to this entry, posted yesterday, as Redhat has in the early AM released a further new patch with regards to ShellShock you should again update your SME Appliance with this patch.

To do this:

Log in as smeconfiguser
#after login su as root (if you do not have the superuser password please contact support@storagemadeeasy.com)
yum clean all
yum update bash

This will update the bash shell with the new patch.

It is possible that further patches will be released and you should monitor the situation from the below link to check if further patches are released and should be applied.

https://access.redhat.com/articles/1200223

From our side we have checked the SME Appliance and even though we do not believe we are affected by Shellshock, it is good security practice to have the latest patch given what was discovered and we strongly recommend to apply the further patch.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Cloud Computing Use Case: Working with Amazon S3 data from a terminal over SFTP

We quite often assume that when working with Cloud data it will be from the web or from mobile “on the go” devices. To be fair this can often be the majority of cases, but the Enterprise throws up all sorts of different use cases and I thought it would be useful to go over one of the more esoteric ones.

One of the customers that use the Storage Made Easy on-premise Enterprise File Share and Sync Cloud Control product is a medical company. They use the SME product as a hybrid on-premise cloud product that is able to offer storage locally and on Amazon S3. Both sets of storage use the Amazon S3 API. The SME Appliance is able to make local storage accessible over an S3 compatible API and then off-board this storage to Amazon S3 as required. This meant that the companies scripts and applications could easily work locally and with Amazon S3 with very minimal configuration changes.

Hybrid Cloud S3 API

Their field staff quite often find themselves in a situation where, when working remotely, their only means of access is using a terminal ie. there is no direct web access and mobile devices are blocked and cannot be turned on.  In the past this meant that the consultant used to carry around CD’s / DVD’s in which information that may be required is burned off.

The consultants did however have direct  access to terminals which were internet enabled.   As the SME EFSS product also include a protocol gateway this mean it was possible to get direct terminal access to remote files using SFTP.

Cloud Storage SFTP

 

As the SME EFSS Gateway product integrated with the companies Active Directory services then terminal access was still using Single Sign On and the Active Directory credentials for each user access

User access can be obtained directly from the command line as per the example below..

Mac sftp google drive

Once authenticated the user can do a simple “ls” to get a file listing.

Mac SFTP

Once connected the view of the folder/files is available and can be worked with via the command line.

Mac SFTP S3

All access to the files are also logged and audited, including the username, the IP address and the types of interactions occurring, all part of a the HIPPA compliant process the customer implements. These reports can be exported and made available in excel to any compliance officer.

Summary:

Secure access to files and data can take many forms and in the Enterprise the edge cases also need to be catered for as well as the more common access use cases.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather