Deploying the Storage Made Easy Private Cloud Appliance on Amazon EC2

Amazon EC2 image

This post outlines how to deploy the Storage Made Easy private Enterprise File Share and Sync Solution on Amazon EC2.

Setup

To begin with you will require:

– SME Appliance OVF
– Amazon EC2 API Tools: http://aws.amazon.com/developertools/351

Download the Amazon EC2 API Tools and set them up following the instructions at:

http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/Welcome.html

Download and un-compress the SME OVF appliance from the link SME provides. Continue reading →

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

IBM Bans DropBox. Here is why you don’t need to follow suit

You may have missed it but IBM recently banned their 400,000 user based from using DropBox and other services like it. Jeanette Horan, IBM’s chief information officer, said that the restrictions has been in place since a review of IBM’s BYOD policy.  A great article underlining the reasons IBM made this policy change can be found in this Information Week article from Kevin Casey.

“The risk of allowing BYOC is inherent in any organization that owns confidential or critical information, which I would assume is every corporation in existence”

however how do you enforce it ?

“There’s also that minor matter of enforcement. IBM has the wherewithal to practice what it preaches, but when IT and financial resources are already spread thin, trying to keep people from sending corporate files to their personal Gmail accounts might be an exercise in futility.”

Enforcement of policy is of course a good question and one that we are happy to expand on. What IBM are really describing is the issue of what is being termed as “Cloud Sprawl” ie. the plethora of online services that can be responsible for not only information leak, but also prevent cohesive company information visibility. We have blogged about this previously.

The SME Cloud Appliance  and service is the enabler for governance and control of different Cloud Storage providers, such as DropBox, and of SaaS Services, such as BaseCamp for example. There are specific controls built into the Appliance to enable IT to govern how access is granter to information and also specific controls to not only restrict access but audit access:


This can audit access of all cloud storage types including personal clouds (if it is decided to allow them in the organisation). The auditing is granular and logs each event type and IP address of any file or resource interaction:
class

User login can groups can be controlled by Active Directory integration and Access permissions can be set against groups/roles across all information resources:

As we have shown, the Cloud File Server Appliance is a mechanism for IT within SMB’s and other companies to keep control of diverse information clouds and SaaS Cloud services whilst still promoting things such as BYOD and can be used as a SaaS hosted service or can be obtained as a Virtual Machine and hosted in-house.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Turning any Storage Cloud into an Amazon S3 compatible Private, Public or hybrid Cloud

In the past we have written about Amazon S3 and how, aas the 100 pound gorilla, of the Cloud Storage world, it’s S3 API has become almost a de facto interface for developers. This is one of the reasons that we originally added an S3 API protocol adaptor to our service.

Many start up’s, small businesses and even enterprises choose initially to use S3 for storage.  This can be fine initially, however, when the volume increases the monthly bill can become an OPEX issue and small companies (and Enterprise) are looking for ways to slash their costs in any way they can. Aside from this other companies have stringent issues about where data is stored (for clarification, Amazon S3 is PCI DSS 2.0 compliant,   SAS 70 Type II certified, and VPV ISO 27001 certified) or wish to store it within their own data centre or site.

As SMEStorage supports over 35 Clouds and SaaS services, you could very easily turn Google Docs, Box, Windows Azure or DropBox into an S3 Platform, or you could just add your own NetGear or PogoPlug appliance, or other private storage implementation.

The SME hosted service, and Cloud Appliance,  provides the ability access to any Saas or cloud storage mapped to your account via multiple protocols. These include  FTP, WebDav and also S3. These work even if the backend provider does not support the protocol natively. The SME protocol adaptors will do the protocol translation to the native storage provider protocol. One of the benefits of this that the users don’t need any special software to be able to access the Clouds. They can use any FTP, or WebDav client, or in the case of S3 any S3 client or code in which the host endpoint can be changed.

To demonstrate compatibility with the S3 API and tools we will now look at how to use AWS s3curl with a smestorage account.

To use s3 curl you will need to modify s3curl.pl and change the end point to

s3.smetorage.com’ (US Server) or ‘s3eu.storagemadeeasy.com‘ (EU Server) e.g my @endpoints = ( ‘s3.storagemadeeasy.com‘);

Your id is your smestorage account user name and you can obtain your secret key by logging into SMEStorage.com going to “My  Dashboard” (from the sidebar) and copying the API key from  the“Tech Info”  section where the “API secret Key” resides.

Now you are all set to use s3curl. For example to list all the buckets you can use

./s3curl.pl –id smestorageusername –key API secret key http://s3.storagemadeeasy.com

For s3curl command line options please see the README file that is part of the s3curl package. Also note that the secure way to use s3curl is to use the .s3curl file in your home directory to pass the id and and key.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

2012 signals the death of the file server? No, it signals the year of data unification

Given the recent press release by Egnyte signalling what that 2012 is the death of the File Server (shock, horror…) I felt we could not let it pass without a few comments.

Firstly the press release itself is a great example of marketing ! Take a topic that is outlines your proposition and make it incendiary or a little controversial to get attention. Touche.

The reality is that for many small businesses and companies the File Server is not going any where soon. There are many reasons for this, from ease of use, entrenched IT, site policies, existing app integration – a whole plethora of reasons why many organisations will either choose or have to keep the box in the corner of the office. And while we are discussing this, lets not forget the very term “File Server” is not limited to one server that servers files, despite what vendors who purport to have a ready made replacement would like you to believe. It also encompasses other Apps that can keep / store files, such as SharePoint for example, or perhaps some project management tool etc.

What’s required is something that can take systems that already exist, augment them, and present them in a way in which company information, including systems that s’erve files’, can be easily searches and managed, ideally from one cohesive interface.

Now lets go back to the press release and some of the interesting stats that exists in there:

“Forrester found that 41 percent of U.S. information workers were using various unapproved online file storage and data services for work purposes.”

That’s interesting and I expect this will not go away and is not easy to restrict, especially with all the ways that Clouds can integrate into App and smartphones these days. If this is the case, and I purport that it is, then why not encourage users to add any personal clouds into a single system that can provide some governance and management around  the problem ?

Lastly, the issue is not limited to file servers as I said earlier but the integration of other SaaS type services into one system that can add some management and governance. For example a company may have a file server in the corner of the office, but they may also use Google Apps as a company and their users may well each get a fairly substantial Google Docs account as part of this. How does this fit into the scheme of things ?  Ideally you want each users Cloud to also be integrated into some sort of ecosystem that can enable audtitng and management.

Here at SMEStorage we believe that a Cloud File Server should do more than just replace a File Server. We believe it needs to unify data services and help companies tame the data sprawl.

Information Manageability, information governance, and promoting information ‘visibility’ within a company is something we  view as a second generation ‘Cloud’ challenge that will need to be addressed by all companies., and which we address with what we refer to as our ‘Data Access Appliance’ and our own definition of a ‘Cloud File Server’.

The first way we deal with this is to enable either public or private Cloud data stores to be connected using our Cloud Appliance. This is a software appliance that can ‘broker’ the connections to different information Clouds ,which can either be used using SaaS with access tools or from in-situ appliance that a company can choose to sit inside their own DMZ.

Once public and private data stores are connected to the Data Access Appliance they can be configured as to which users have access to the different data stores, which subsets of different data elements can be shared amongst users, and what access permissions users have.

No data is moved. It remains in the same place. The Data Access Appliance indexes and ‘mines’ the data and creates a meta-data repository.  This makes cross data searches seamless and easy, and it also makes grouping or tagging data from different data stores simple. Imagine searching across all Email. Skype, SalesForce, BaseCamp, Google Docs and SharePoint for specific project details seamlessly and you can well imagine the power that this brings.

Once configured, end users simply see a single view of all data that they are given permission to see. This is accessible and manageable from  a single ‘Cloud’ file tree from either the web, desktop[1] or mobile[2]. Accessing and moving data from different data stores is as easy as ‘drag’ and ‘drop’.

The Appliance also provides services that supplements the various data and information clouds that have been added as a means to enable greater company productivity. For example every data store that is added to the Appliance can be accessed using the WebDav or FTP protocols independent of whether the data store natively supports these protocols or not. This means for example that companies can enable users to use iWork on iPad with DropBox or Google Docs, or backup their website to Amazon S3 using automated backups with Plesk and FTP. Neither of these would be possible otherwise.

The Appliance can also be used to ensure high availability and backup of local and remote Cloud Data. For example you can configure the Appliance to keep a backup of all files stored on Google Docs to Amazon S3 or all files stored on Office365 to RackSpace, or even files from a local file system to EMC Atmos. This takes away one of the key issues of using Cloud Services for data ie. the ability to access data if the Cloud Service is down, or in worst case if it loses the data.

Governance and auditing are other key aspects of working with public/private Cloud Stores. The Appliance features event auditing for all user access and all file events. This can be controlled at a very granular level. This is a key requirement for industries such as healthcare and legal which need to provide audit tracking of documents stored offsite. It is also best practice for all company data.

The Appliance also features GEO-Location tracking of files. This tracks precisely the location from where files are uploaded and also where they are uploaded and stored. This is useful governance for legislation such as Safe Harbour and the Patriot Act.  The GEO Location governance can also be used to restrict file viewing based on locality. This can be useful for example to comply with country specific legislation , such as restricting user access to personal data from a specific country.

Secure AES-256 military grade encryption is also added as a governed service above all Cloud Stores that are mapped to the Appliance. This uses a public / private key ethos and adds security to file stores that do not offer it and enhances security for data stores that do. If any encrypted files from any of the mapped Cloud Stores are accessed via the web or any of the desktop or mobile clients, then a user is prompted for a password before the file can be viewed or downloaded.  This security can also be integrated with existing security systems such as Ping Identity, OAuth etc.

Just-in-time visibility of data can be a key requirement for many companies. The Appliance can be setup to provide real-time notifications based on file events, including file comments, across data stores. For example, it may be you are part of a project and you have set a watch on a folder, or you have requested to be updated when a specific version of a file is updated.  The built in notifications can be setup not only to deliver an email, but also an SMS directly to your phone when such events occur. For the cost conscious it is even possible to setup Twitter as an SMS backbone so such direct messages over SMS can be sent free.

There are many other features and benefits of what we see is required from a Cloud File Server, and we have touched upon only a few to outline how a second generation Cloud Service can help tame the information sprawl that is only getting worse, not better. The key is data unification and helping companies, manage and get access to the information stores that exist in their business, be they private or public and be they existing applications or new SaaS applications.

 


[1] Native Mac, Linux Windows clients supported

[2] Native iPhone, iPad, Android, Windows Phone 7, and BlackBerry clients supported

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather