My Favourite Feature: The SME Client Ecosystem

My name is Erik, I work as Director of Engineering, Storage Made Easy in the US. I want to share my favorite SME feature with you. Some day’s life gets hectic, and it is not just work I am talking about. As you can use all SME features in a personal account, this post will focus on enterprise deployments.

As an IT department, it is hard to respond to every demand. First the users, there is some combination of “access anywhere”, “BYOD”, “VPN free”, “faster”, “bigger”, etc. Then as a manager your requirements are something like this: Continue reading “My Favourite Feature: The SME Client Ecosystem”

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to Cloud enable on-premises (onsite) Windows CIFS File Shares

One of the predominant use cases that companies have is to enable file sync and mobile access to file share data that lives behind the corporate firewall without the need for a VPN and without reconfiguring permissions whilst using Active Directory or LDAP for authentication.

In many cases this is done for compliance or security reasons or perhaps because there has been a  large investment in internal storage that has yet to be realised.

Cloud File Server Architecture

Accessing files over CIFS/SMB network over VPN using a mobile network is possible but access can be patchy, clients apps limited and it is often extremely slow.

The Storage Made Easy enables this using its built in CIFS connector. This blog post will step through how to cloud enable Windows file shares.

Continue reading “How to Cloud enable on-premises (onsite) Windows CIFS File Shares”

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Top 10 things you should demand from your OpenStack Swift File Sync and Share vendor

OpenStack Swift file sharing

OpenStack Swift is more than an enabler to store large amounts of unstructured data. The massive scalability, geographic dispersion, and REST API Access are a way to achieve some compelling use cases, of which the most popular is undoubtedly file sharing.

In the past Enterprise File Share and Sync has been more traditionally associated with file-based storage platforms but as such storage platforms struggle to scale and don’t naturally lend themselves to be web accessible pairing Enterprise File Share and Sync with object storage solutions such as OpenStack Swift has become much more compelling for enterprises. Not only from an ease of use perspective but also from an ROI perspective.

This post looks at the “must have” features that should be demanded from an OpenStack Swift Enterprise Sync and Share vendor.

Continue reading “Top 10 things you should demand from your OpenStack Swift File Sync and Share vendor”

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Bash Vulnerability – shell shock fix

You may be aware that overnight a vulnerability was discovered that affects all Unix / Linux based operating systems that use the bash shell.

The details of this can be found at: https://access.redhat.com/articles/1200223

A vulnerability is just that. It can makes the system vulnerable to an exploit in certain scenarios but it does not mean that any Linux based system that uses bash has been or may have been exploited.

From details of the exploit we see that the way in which the SME appliance could have been affect is as follows:

Bug affecting Apache httpd server

Specifics of how it can affect:

“CGI scripts are likely affected by this issue: when a CGI script is run by the web server, it uses environment variables to pass data to the script. These environment variables can be controlled by the attacker. If the CGI script calls Bash, the script could execute arbitrary code as the httpd user. mod_php, mod_perl, and mod_python do not use environment variables and we believe they are not affected”

As the SME system uses user mod_cgi only with perl and does not spawn a shell it is not affected by this bug.

Bug Affecting Secure Shell

Secure Shell (SSH) is also affected if users can access the system over SSH and launch a bash shell. This is unlikely as if SSH access is unauthorised it is likely the system is compromised in any case.

We have already patched our own sites and IaaS instances when the bug was discovered and notified customers. If you are running a trial or any other version of the SME Appliance you can update the bash shell to remove the vulnerability using the below instructions:

What you should do to patch your Appliance

Log in as smeconfiguser
#after login su as root (if you do not have the superuser password please contact support@storagemadeeasy.com)
yum update bash

This will update the bash shell and remove the vulnerability.

If you have any questions or need any further help do not hesitate to contact support.

**Update 26th September**

With regards to this entry, posted yesterday, as Redhat has in the early AM released a further new patch with regards to ShellShock you should again update your SME Appliance with this patch.

To do this:

Log in as smeconfiguser
#after login su as root (if you do not have the superuser password please contact support@storagemadeeasy.com)
yum clean all
yum update bash

This will update the bash shell with the new patch.

It is possible that further patches will be released and you should monitor the situation from the below link to check if further patches are released and should be applied.

https://access.redhat.com/articles/1200223

From our side we have checked the SME Appliance and even though we do not believe we are affected by Shellshock, it is good security practice to have the latest patch given what was discovered and we strongly recommend to apply the further patch.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Cloud Computing Use Case: Working with Amazon S3 data from a terminal over SFTP

We quite often assume that when working with Cloud data it will be from the web or from mobile “on the go” devices. To be fair this can often be the majority of cases, but the Enterprise throws up all sorts of different use cases and I thought it would be useful to go over one of the more esoteric ones.

One of the customers that use the Storage Made Easy on-premise Enterprise File Share and Sync Cloud Control product is a medical company. They use the SME product as a hybrid on-premise cloud product that is able to offer storage locally and on Amazon S3. Both sets of storage use the Amazon S3 API. The SME Appliance is able to make local storage accessible over an S3 compatible API and then off-board this storage to Amazon S3 as required. This meant that the companies scripts and applications could easily work locally and with Amazon S3 with very minimal configuration changes.

Hybrid Cloud S3 API

Their field staff quite often find themselves in a situation where, when working remotely, their only means of access is using a terminal ie. there is no direct web access and mobile devices are blocked and cannot be turned on.  In the past this meant that the consultant used to carry around CD’s / DVD’s in which information that may be required is burned off.

The consultants did however have direct  access to terminals which were internet enabled.   As the SME EFSS product also include a protocol gateway this mean it was possible to get direct terminal access to remote files using SFTP.

Cloud Storage SFTP

 

As the SME EFSS Gateway product integrated with the companies Active Directory services then terminal access was still using Single Sign On and the Active Directory credentials for each user access

User access can be obtained directly from the command line as per the example below..

Mac sftp google drive

Once authenticated the user can do a simple “ls” to get a file listing.

Mac SFTP

Once connected the view of the folder/files is available and can be worked with via the command line.

Mac SFTP S3

All access to the files are also logged and audited, including the username, the IP address and the types of interactions occurring, all part of a the HIPPA compliant process the customer implements. These reports can be exported and made available in excel to any compliance officer.

Summary:

Secure access to files and data can take many forms and in the Enterprise the edge cases also need to be catered for as well as the more common access use cases.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Cloud makes control of enterprise content silos key for Enterprises

As the Cloud permeates all aspects of business enterprises in particular are waking up to the cost benefits that Cloud can bring, from outsourced pay-as-you-go applications to cheaper and easier archival, to storage of non sensitive documents and data.

An often repeated truth is that Enterprises have 3 of everything. When I worked in the Middleware space it was not unusual to see one department using IBM WebSphere, another using WebLogic and yet another experimenting with JBoss. The same adage goes for enterprise content management.

In the not to distant past if I brought up Enterprise Content Management then it could be referred that I was only discussing Documentum, Alfresco, SharePoint or some CMIS type product, but in today’s world the term can also apply to documents stored on OneDrive, DropBox, Google Drive, Amazon S3 etc. Throw in CRM’s that store documents such as Salesforce and online project management tools such as BaseCamp and you start to grasp just how many independent content and documents silos that companies have to deal with.

This is bore out by a recent survey by AIIM called “Get more from on-premise ECM”. The highlights of that survey are:

50% of companies already use 3 or more storage solutions (this echoes prior research that SME also undertook.)

40% of companies are investigating cloud

This presents two large challenges to companies:

Accessibility of data – where is it ? which App ? Which data store ?

Governance of data – How do you you universally secure data and set polices across data silos and Apps ?

The Storage Made Easy EFSS Cloud Control Solution was built specifically to address these types of challenges.

Cloud Control

It supports over 45 private and public cloud stores and Apps, with an API for those not covered so it can pretty much connect to anything.

Cloud Connectors

Connecting to private and public content stores and Apps that functions as content stores, such as Salesforce, is a facilitator to make accessibility easier as when users search for a document the search is conducted across the content estate, not just in an App silo.

Also SME has an Enterprise connector to Apache Lucene / SOLR to enable deep search of file content from any desktop and any App. This not only increases the accessibility and availability of data, it also immeasurably increases worker productivity.

Governance of data is a thorn in the side of Enterprise IT when it comes to the storing of Cloud data and the NSA snooping scandal and recent celebrity photo hacking has not done anything to help the sensitivity of it. Cloud Governance and Control is firmly in the spotlight of Enterprise IT and more importantly Enterprise Management.

Often what you see from vendors is a “my cloud is better than your cloud” approach to this problem ie. a vendor adds one specific security feature and tries to use this to get companies to move their data or sensitive data to this solution. Alternatively a company can target one facet of Governance and Control, lets say encryption for example, and build their product and service on this one feature only.

The SME solution takes a more holistic approach to provide governance and control across the whole content estate. It does not try and get you to move your data to it (it’s data agnostic and does not store data) and it does not just work as a silo or offer one feature. It provides an integrated sensible approach to corporate content governance and control:

– It integrates with existing Active Directory or LDAP systems to provide a single-sign-on solution for identity management.

– It provides an encryption service to enable remotely stored data to be encrypted and only accessible with authorization.

– It provides secure file sharing and combines this with pre-set business policies. Files can be password protected and time expired and these can be applied as policies. For example you can choose to set a policy that all files have a 24 hour expiration time and which must require a password for sharing.

– It provides a comprehensive audit log of all file events for all content. For remote file shares it tracks the IP address of the remote users accessing the file.

– It provides GEO Locations restrictions to enable restrict or prevent access. For example if you have an outsource accounting company who require access to a particular folder you could restrict their access to being over a certain IP address and only from a web viewer.

– It has built in Bring Your Own Device controls that allow the setting of per user permissions with regards to web, desktop or mobile device access. It also works with Oracle Mobile Security and OpenPeak Sector in the event the company already has these BYOD controls in house.

– It integrates with what you have providing desktop cloud drives, plug in’s for Microsoft Office and Open Office as well as email plug in’s for file sharing.

Content Management, Cloud Governance and Collaboration is only going to get harder, not easier, as companies embrace new data stores and new applications that store data. To facilitate a productive, accessible, controlled experience the control points simply have to be joined up.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather