How do you solve a problem like DropBox ? (aka securing corporate dropbox accounts)

How do you solve a problem like dropbox?

DropBox has been in the press quite a lot lately with regards to passwords breaches and also with surreptitious behaviour with regard to  machine security on Mac. Although DropBox has started to reassure users with ‘how secure we are‘ type information Corporate IT departments will again feel they have cause for concern with regards any internal corporate use of DropBox.

So the key question we are trying here is ‘just do do you solve a problem like Dropbox‘ ? Indeed this is a slightly unfair question in that it is using DropBox to make a point and the reality is we could have picked on one of several cloud storage services as Corporate IT has misgivings with anything Cloud when it relates to files.

Continue reading →

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Using Midnight Commander to work with Amazon S3, OpenStack, DropBox, OneDrive and almost any other Cloud

Midnight Commander is probably the most popular command line file manager in the world, and certainly for Linux distros. Its design was initially inspired by the classic two pane interface that was found in Norton Commander which was a DOS file manager (for those who remember !).

One of the unsung features of the Midnight Commander (also available on other platforms including phones (I used to use this on my old Nokia N900) and windows and mac) is that it can connect to server over FTP.

This is interesting from a Storage Made Easy viewpoint as although SME providers a full suite of Linux tools, SME also provider protocol interoperability as part of its Cloud Gateway features. What is this I hear you ask ? Well, simply put, it enables files you have stored on public or private storage to be accessible over any of the protocols Storage Made Easy exposes ie FTP, FTPS, WebDav, S3, SFTP.

SME Protocol Gateway

Midnight Commander supports the FTP protocol which makes it easy to get direct access to any storage that is added to a SME Account using the SME FTP cloud protocol adaptor. To do this:

Choose the Left or Right option
Choose FTP link
Enter connection to SME as follows:

username:password@storagemadeeasy.com

or if you are using the SME EU Server:

username:password@eu.storagemadeeasy.com

Midnight Commander FTP

The net result is a very easy way to bring the cloud into the linux desktop integrated with tools you already know and use. This can be used with the SME Personal CLoud plan, Business Team, and on-site enterprise editions of the product.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

New Folder Sharing feature for team users

We have implemented a new folder sharing feature for Business Cloud / on-site Enterprise File Share and Sync Users. It simply provides the ability to share folders and sub-folders of files with external companies or other users who can receive the link, enter the password and gain access to the files without the need for an SME Account.

The video below shows the feature in action.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Accessing OpenStack, RackSpace, Google Drive, OneDrive, DropBox + more using Storage Made Easy and Transmit for Mac

If you have come across this post whilst researching how to access other storage clouds from Transmit then have a look at our Getting Started Guide to show you how you can register for a free account and get on with mapping your chosen Storage Cloud to the SME Cloud Gateway. When you are ready you can register for a free account here.

As many of you who use it know, CloudDav, from SME adds a WebDav layer over any Cloud, even if the underlying clouds do not support WebDav. SME does no however allow the native Mac WebDav client to connect direct because the performance of the native Mac WebDav client is notoriously abysmal for those with large amounts of files.

You can however choose to use other Mac clients to connect to the Cloud Providers that you have mapped to the SME Gateway. We highlighted Forklift as such a client in a prior post, and you can also choose to use Transmit from Panic.

Once you have CloudDav enabled you can choose to access your clouds, mapped via the SME Gateway, through Transmit. First choose to connect over WebDav as in the screenshot below:

Transmit DropBox

You can then choose to connect directly inside of Transmit or as a Virtual Drive that will appear in Finder.

Transmit  also has a very nice sync feature that will sync between folder structures. In this way you can sync files with Transmit and SME from different Cloud Storage Providers to your desktop.

Initial view before Sync

The Sync screen after choosing Sync

The Sync Simulation

SME CloudDav is available with every account, even free accounts, although on free accounts it is restricted to 150MB of use per month. The CloudDav protocol Adaptor is just one of the protocol adaptors that SME provides, the others being FTP, SFTP and a compatible S3 API. All protocol adaptors are available in the Storage Made Easy Enterprise edition as part of the Cloud Gateway which the SME Enterprise File Share and Sync is built upon.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

WebDav the interoperable protocol for file and document access

WebDav is an acronym for Web Distributed Authoring and Versioning and can also be referred to as just plain old DAV.

WebDav is an extension of the HTTP protocol that was originally designed by Jim Whitehead from the University of California at Santa Cruz in 1996 when he was working at the World Wide Web consortium and it later became an Internet Engineering Task Force (IETF) standard.

WebDav was built as an interoperable standard to support remote collaborative authoring of Web sites and individual documents, as well as remote access to document based systems.

Today it It is the most popular network file-system protocol for use across the Internet, and although it has been integrated as a interoperable layer into many existing product implementations it is also notably missing as an interoperable API standard from many, such as DropBox, Google Drive, Amazon S3 and more.

The Storage Made Easy WebDav Gateway

SME provide a way to access any mapped cloud by secure WebDav irrespective of whether the underlying Cloud Supports the WebDav protocol natively. As WebDav is so well supported in many desktop and mobile Apps this means that Cloud Data can easily be integrated and accessible without having to move it to access the features of a particular Application that is WebDav enabled.

Connecting to WebDav Servers and Windows Shares

SME can also be configured to connect to servers that support the WebDav protocol. This use of WebDav from a SME perspective is using WebDav as a back end cloud to store data rather than exposing existing clouds to be accessible using the WebDav protocol.

Many existing NAS or SAN devices such as those as the NetGear ReadyNAS and the Synology devices range already provide WebDav as an access protocol to access data. Also existing web servers such as Apache can also be configured to use WebDav using the Mod Dav extension.

Many users of SME want to expose windows file shares and make them directly available through the SME service to all devices. The most appropriate and secure way to do this is not to expose such shares directly but to configure Microsoft Internet Information Server to expose these shares over WebDav.

Advantages of WebDav for Windows File Sharing

This has the following advantages:

Seamless integration with the IIS Manager

A secondary protocol provides a security DMZ with regards to direct access to windows shares

IIS WebDAV can be enabled at the site level, allowing IT administrators to restrict WebDAV access to specific sites on a server.

IIS WebDAV supports per-URL authoring rules, allowing administrators to specify custom WebDAV security settings on a per-URL basis. This fine-grained control gives administrators the ability to maintain one set of security settings for normal HTTP requests and a separate set of security settings for WebDAV.

IIS WebDAV supports both shared and exclusive locks to prevent lost updates due to overwrites

WebDAV supports secure connection as well. By enabling HTTPS over all WebDAV connections, security is fortified. SSL certificates can also be installed to increases security measures

Why WebDav as a Cloud Connector ?

WebDAV is an optimized protocol for document access over http. It is proven as being latency independent and is efficient over wide area networks especially in contrast to file protocols such as NFS and CIFS.

Using secure WebDAV ensures the data is encrypted during transmission and due to the optimizations that data is stored efficiently and quickly .

Why Not The Common Internet File System (CIFS)

CIFS is the standard way that windows users share files across corporate intranets and the Internet with a secure VPN connection.

To expose such shares directly to the internet or to other none windows PC’s it is needed to use a bridging technology. Samba is often used as such as technology. With Samba, the ports 139/tcp and 445/tcp are exposed over a public IP Address. Once this is done such shares are accessible.

The drawbacks of this are:

– The CIFS protocol used by Windows file sharing does not provide data encryption

The protocol itself is quite chatty.

No level of security indirection

CIFS is is an optimized protocol for access to data over a network that has been extended by VPN and has been used in this context by many companies for a long time. The disadvantage of this is that all devices have to support , be setup, and work with the VPN. preventing access by some devices and Apps and making Adhoc ‘on the fly’ access difficult.

Securing WebDav Servers

It is beyond the scope of this blog post to go into great detail on the steps required to secure WebDav servers but Microsoft has a very good guide on how to secure the IIS WebDav Service. This can be accessed at:

http://technet.microsoft.com/en-us/library/cc778809%28v=ws.10%29.aspx

In addition to this you should note the following best practices:

Folder Permissions: Use non-anonymous authentication. Modify the NTFS permissions on the folder to only allow the access necessary to the users who require such access

Prevent File Execution: If you are only using WebDAV as a file store and not using it to display web pages, then execute permissions should be removed from that site or folder.

Apache WebDav servers can be configured to use LDAP authentication and also two factor authentication and any deployments should consider implementing these.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Cloud Computing Use Case: Extending Remote Desktop with a Cloud Drive

Many service providers and companies offer Remote Desktop Services to enable companies to access their desktop remotely. Applications are installed for the users where user settings and data are saved to their profile.

We’ve had a few requests from companies and service providers now who wanted users to easily be able to access data on remote clouds (such as Azure, DropBox, Box, FTP, WebDav, Sharepoint Amazon S3 etc) from a remote desktop.

With Storage Made Easy, this is easily done as SME presents a WebDav entry point to all clouds that SME supports whether they support WebDav or not. This means the service provider needs only co-locate the SME software appliance (supplied as an OVF compliant file) in their network and add a simple script to the users startup. The script it:

NET USE * \\webdav.storagemadeeasy.com@SSL\DavWWWRoot
pause

This enables user to get a mapped drive to remote cloud storage as soon as they login to their remote desktop and to browse and access these files like any other data drive and is a simple solution for bringing remote clouds directly into a users remote desktop using a simple metaphor they understand, “a drive”.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather