I have many anecdotes around the topic of Enterprise Storage, but the conversations in the past 2 weeks made it important for me to share this.
Enterprise Storage is …
Amusing, painful, angry
I get riled up whenever people do not want to be educated about Enterprise Storage. Here are a few that happened in the last 2 weeks.
[ Story #1 ]
A guy was building his own storage for cryptocurrency. He was informed by his supplier that the RAID card was enterprise, and he could get the best performance using “Enterprise” RAID-0.
Well, “Enterprise” RAID-0 volume crashed, and he lost all data. Painfully, he said he lost a hefty sum financially
[ Story #2 ]
A media company complained about the reliability of previous storage vendor. The GM was shopping around and was told that there are “Enterprise” SATA drives and the reliability is as good, if not better than SAS drives.
The company wanted a fully reliable Enterprise Storage system with 99.999% availability, and yet the SATA interface was not meant to build a more highly reliable enterprise storage. The GM insisted to use “Enterprise” SATA drives for his “enterprise” storage system instead of SAS.
[ Story #3 ]
An IT admin of a manufacturing company claimed that they had an “Enterprise Storage” system for a few years, and could not figure out why his hard disk drives would die every 12-15 months.
He figured out that the drives supplied by his vendor were consumer SATA drives, even though he was told it was an “Enterprise Storage” system when he bought the system.
The cryptocurrency craze has elevated another strong candidate in recent months. Filecoin, is leading the voice of a decentralized Internet, the next generation Web 3.0. In this blog, I am not going to write much about the Filecoin frenzy but the underlying distributed file system that powers this phenomenon – The Interplanetary File System.
[ Note: This is still a very new area for me, and the rest of the content of this blog is still nascent and developing ]
Interplanetary File System
Tremulous Client-Server web architecture
The entire Internet architecture is almost client and server. Your clients like browsers, apps, connect to Web services served from a collection of servers. As Web 3.0 approaches (some say it is already here), the client-server model is no longer perceived as the Internet architecture of choice. Billions, and billions of users, applications, devices relying solely on a centralized service would lead to many impactful consequences, and the reasons for decentralization, away from the client-server architecture models of the Internet are cogent.
I have started to enhance the work that I did last weekend with Nextcloud on FreeNAS™. I promised to share the innards of my work but first I have to set the right expectations for the readers. This blog is just a documentation of the early work I have been doing to get Nextcloud on FreeNAS™ off the ground quickly. Also there are far better blogs than mine on the Nextcloud topic.
This is tested on FreeNAS™ 11.2U5 on Virtualbox. This is an EOLed version. The Nextcloud version on this FreeNAS is version 17, not the latest version. I am testing this version for a friend.
These are quick and dirty instructions set to install and configure Nextcloud. It is not for production and it is not secure. Future blogs will discuss about HTTPS, SSL certificate and Reverse Proxy.
I ride on the shoulders of giants. Many have done great work to create instruction video with Nextcloud on FreeNAS™. I thank you to these folks for their great and selfless Youtube videos contributions.
iXsystems™TrueNAS® has moved up a notch when it comes to encrypting data structures in the storage . In additional to supporting self encrypting disks (SEDs) and zpool encryption, version 12.0 added dataset and zvol encryption as well.
The world has become a dangerous place. The security hacks, the data leaks, the ransomware scourge have dominated the IT news in 2021, and we are only 3 months into the year. These cybersecurity threats are about to get worse and we have to be vigilant to deescalate the impacts of these threats. As such, TrueNAS® Enterprise has progressed forward to protect the data structures in its storage arrays, in addition to many other security features depicted below:
TrueNAS Multilayer Security
Key Management Interoperability Protocol (KMIP)
One of the prominent cybersecurity features in TrueNAS® Enterprise is KMIP support in version 12.0.
What is KMIP? KMIP is a client-server framework for encryption key management. It is a standard released in 2010 and governed by OASIS Open. OASIS stands for Organization for the Advancement of Structured Information Standards.
There was a TV cartoon show I loved when I was a kid called “Wait till your Father gets home“. I was probably 5 or 6 then, but I can still remember the mother was practically nagging all the time of having the father to come back to deal with the problems and issues caused by the kids, and sometimes the dog.
This patriarchal mentality of having the male manning (yeah, it is not a gender neutral word) the household is also, unfortunately, mimicked in our societies, in general, being obedient and subservient to the government of the day. This is especially true in East Asian societies, .
While dissent of this mindset is sprouting in the younger generation of these societies, you can see the dichotomy of the older generation and the younger one in the recent protests in Thailand and the on-going one in Myanmar. The older generation is likely fearful of the consequences and there are strong inclinations to accept and subject their freedom to be ruled by the rulers of the day. It is almost like part of their psyche and DNA.
Garmin paid, reportedly millions. Do you sleep well at night knowing that the scourge of ransomware is rampant and ever threatening your business. Is your storage safe enough or have you invested in a storage which was the economical (also to be known as cheap) to your pocket?
Garmin was hacked by ransomware
I have highlighted this before. NAS (Network Attached Storage) has become the goldmine for ransomware. And in the mire of this COVID-19 pandemic, the lackadaisical attitude of securing the NAS storage remains. Too often than not, end users and customers, especially in the small medium enterprises segment, continue to search for the most economical NAS storage to use in their business.
Is price the only factor?
Why do customers and end users like to look at the price? Is an economical capital outlay of a cheap NAS storage with 3-year hardware and shallow technical support that significant to appease the pocket gods? Some end users might decided to rent cloud file storage, Hotel California style until they counted the 3-year “rental” price.
Early in the year, I wrote about NAS systems being a high impact target for ransomware. I called NAS a goldmine for ransomware. This is still very true because NAS systems are the workhorses of many organizations. They serve files and folders and from it, the sharing and collaboration of Work.
Another common function for NAS systems is being a target for backups. In small medium organizations, backup software often direct their backups to a network drive in the network. Even for larger enterprise customers too, NAS is the common destination for backups.
Typical NAS backup for small medium organizations.
Backup to Data Domain with NAS (NFS, CIFS) Protocols
Ransomware is obviously targeting the backup as another high impact target, with the potential to disrupt the rescue and the restoration of the work files and folders.
I was talking to an end user who was slowly getting exposed to the cloud amid this Covid-19 pandemic. The whole work from home thingy was not new to him, but the scale of the practice suddenly escalated when more than 80 of his staff have to work from wherever they were stuck at during the past 6 weeks. Initially all of his staff had to alternate their folders and files access because their Sonicwall® Global Client license and SSL VPN Clients were inadequate. Even after their upgrade of the licenses, the performance of getting the folders and files through the Z: drive was poor and the network was chocked up. I told them that regardless, the SMB protocol of the NAS shared folders was chatty and generated a lot of network traffic on the VPN, along with the inadequacies of running this over the wide area Internet network. Staff productivity obviously nosedived.
The end user is not an IT savvy user. They were unfamiliar with Cloud Storage other than the free personal ones like Google Drive, or Dropbox. They have more than 200TB and I have introduced to them Wasabi® Cloud. They were very familiar with their Z:, their NAS Drive. I introduced to them the Cloud Drive.
NAS: Hey, how’s it going?
Cloud: Not bad. My boss and your boss are talking about bringing me and Wasabi® Cloud to join your gang. Hope you are OK with that.
It is from one of my FreeNAS customers daily security run logs, emailed to our firstname.lastname@example.org alias. It is attempting a brute force attack trying to crack the authentication barrier via the exposed SSH port.
Just days after the installation was completed months ago, a bot has been doing IP port scans on our system, and found the SSH port open. (We used it for remote support). It has been trying every since, and we have been observing the source IP addresses.
The new Ransomware attack vector
This is not surprising to me. Ransomware has become more sophisticated and more damaging than ever because the monetary returns from the ransomware are far more effective and lucrative than other cybersecurity threats so far. And the easiest preys are the weakest link in the People, Process and Technology chain. Phishing breaches through social engineering, emails are the most common attack vectors, but there are vhishing (via voicemail) and smshing (via SMS) out there too. Of course, we do not discount other attack vectors such as mal-advertising sites, or exploits and so on. Anything to deliver the ransomware payload.
News in recent months have been unfavourable, even to the point of poignancy. Maybe I didn’t have all the details to place my opinion, but it has appeared that these recent events have neglected the practice of BC (business continuity) and DR (disaster recovery).