As Amazon S3 has become more widely used the thorny issue of sharing files has become more of an issue. Sharing files on S3 can be complex and can involve public buckets, IAM Policies and temp URL’s. This complexity has often lead to companies setting buckets to public to enable access which in turn has led to its own issues in terms of breaches or unauthorised access.Continue reading “How To Easily Create Private Password Protected Amazon S3 Links And Folders”by
The Amazon S3 API has become the de-facto standard for object storage API access. As such, many software products adopt the S3 API first. The Storage Made Easy File Fabric provides an S3 compatible API endpoint for any storage backend. This means that non-S3 storage providers such as Dropbox, Azure, Google Drive, OneDrive, Sharepoint and others can now be accessed via the S3 API.
The Amazon Web Services (AWS) Command Line Interface (CLI) is a command line tool for accessing AWS compatible services. AWS CLI is one of the most feature rich S3 tools publicly available (Free!!!) .
This article will outline the setup AWS CLI with the SME File Fabric and non-S3 compatible storage providers.
The Storage Made Easy File Fabric™ works with over fifty file and object storage systems, both on-premises and on-cloud. Many of these storage systems offer more than one flavour of storage, and by exposing these variations through the File Fabric™ we have been able to help customers realise additional value from their storage providers, in addition to providing a centralised point of compliance and control of corporate data.
If you have existing users setup using Amazon S3 profiles via IAM, in which they have been set specific permissions to access a bucket, for use with SME EFSS you will need to generate a keypair for each user. Continue reading “Working with Amazon S3 IAM User Profiles and SME Enterprise File Share and Sync”by
We have added a new feature to the Storage Made Easy platform, real time document collaboration. This is available for team account or Enterprise File Share and Sync on-premise users. It enables real time document editing between team members when online editing using the web document editor. It enables multiple users to open a document at the same time, and enables with everyone to contribute and/or review the document in real time.
This editing facility is available for any document in any cloud that is mapped to work with SME, be it public or private storage (for EFSS on-site users).
The below video shows the feature in action.
WebDav is an acronym for Web Distributed Authoring and Versioning and can also be referred to as just plain old DAV.
WebDav is an extension of the HTTP protocol that was originally designed by Jim Whitehead from the University of California at Santa Cruz in 1996 when he was working at the World Wide Web consortium and it later became an Internet Engineering Task Force (IETF) standard.
WebDav was built as an interoperable standard to support remote collaborative authoring of Web sites and individual documents, as well as remote access to document based systems.
Today it It is the most popular network file-system protocol for use across the Internet, and although it has been integrated as a interoperable layer into many existing product implementations it is also notably missing as an interoperable API standard from many, such as DropBox, Google Drive, Amazon S3 and more.
The Storage Made Easy WebDav Gateway
SME provide a way to access any mapped cloud by secure WebDav irrespective of whether the underlying Cloud Supports the WebDav protocol natively. As WebDav is so well supported in many desktop and mobile Apps this means that Cloud Data can easily be integrated and accessible without having to move it to access the features of a particular Application that is WebDav enabled.
Connecting to WebDav Servers and Windows Shares
SME can also be configured to connect to servers that support the WebDav protocol. This use of WebDav from a SME perspective is using WebDav as a back end cloud to store data rather than exposing existing clouds to be accessible using the WebDav protocol.
Many existing NAS or SAN devices such as those as the NetGear ReadyNAS and the Synology devices range already provide WebDav as an access protocol to access data. Also existing web servers such as Apache can also be configured to use WebDav using the Mod Dav extension.
Many users of SME want to expose windows file shares and make them directly available through the SME service to all devices. The most appropriate and secure way to do this is not to expose such shares directly but to configure Microsoft Internet Information Server to expose these shares over WebDav.
Advantages of WebDav for Windows File Sharing
This has the following advantages:
Seamless integration with the IIS Manager
A secondary protocol provides a security DMZ with regards to direct access to windows shares
IIS WebDAV can be enabled at the site level, allowing IT administrators to restrict WebDAV access to specific sites on a server.
IIS WebDAV supports per-URL authoring rules, allowing administrators to specify custom WebDAV security settings on a per-URL basis. This fine-grained control gives administrators the ability to maintain one set of security settings for normal HTTP requests and a separate set of security settings for WebDAV.
IIS WebDAV supports both shared and exclusive locks to prevent lost updates due to overwrites
WebDAV supports secure connection as well. By enabling HTTPS over all WebDAV connections, security is fortified. SSL certificates can also be installed to increases security measures
Why WebDav as a Cloud Connector ?
WebDAV is an optimized protocol for document access over http. It is proven as being latency independent and is efficient over wide area networks especially in contrast to file protocols such as NFS and CIFS.
Using secure WebDAV ensures the data is encrypted during transmission and due to the optimizations that data is stored efficiently and quickly .
Why Not The Common Internet File System (CIFS)
CIFS is the standard way that windows users share files across corporate intranets and the Internet with a secure VPN connection.
To expose such shares directly to the internet or to other none windows PC’s it is needed to use a bridging technology. Samba is often used as such as technology. With Samba, the ports 139/tcp and 445/tcp are exposed over a public IP Address. Once this is done such shares are accessible.
The drawbacks of this are:
– The CIFS protocol used by Windows file sharing does not provide data encryption
The protocol itself is quite chatty.
No level of security indirection
CIFS is is an optimized protocol for access to data over a network that has been extended by VPN and has been used in this context by many companies for a long time. The disadvantage of this is that all devices have to support , be setup, and work with the VPN. preventing access by some devices and Apps and making Adhoc ‘on the fly’ access difficult.
Securing WebDav Servers
It is beyond the scope of this blog post to go into great detail on the steps required to secure WebDav servers but Microsoft has a very good guide on how to secure the IIS WebDav Service. This can be accessed at:
In addition to this you should note the following best practices:
Folder Permissions: Use non-anonymous authentication. Modify the NTFS permissions on the folder to only allow the access necessary to the users who require such access
Prevent File Execution: If you are only using WebDAV as a file store and not using it to display web pages, then execute permissions should be removed from that site or folder.
Apache WebDav servers can be configured to use LDAP authentication and also two factor authentication and any deployments should consider implementing these.by
To create a bucket or access a bucket in the new region navigate to your Amazon S3 settings from the Web Cloud DashBoard after login to your account.