Control your Files. Control your Sovereignty.

Data residency, data sovereignty, data localization – the trio of data compliance and governance – have been on my mind a lot lately. I am seeing a disturbing trend. “Splinternet” has taken a hurried and hastened pace. We are now seeing many countries drawing up digital boundaries in the name of data privacy and data protection with sovereign laws and regulations. Besides, these digital demarcation along the lines with data definitions, digital “colonization” is a strong undercurrent as developing countries are accepting larger and more powerful foreign powers into their playpen.

Public cloud services transcend national borders. The breakneck speed in the adoption of public cloud services is causing anxieties and concerns with conservative governments everywhere. On the flip side of the coin, commerce has certainly flourished and bloomed as global wide collaborations bring new opportunities, new markets – all for capitalism and growth.

[ Note: While we are on this debacle, the voices of decentralization are getting louder as well, but that is a topic for another day ]

Where are your data files now?

Continue reading

Windows SMB synchronous writes with OpenZFS

Sometimes I get really pissed off with myself because I have taken a bigoted view, and ended up with eggs on my face. The past week was like that, and the problem was gnawing me on the inside all week, because I was determined to balance my equilibrium by finding the answer.

Early in the week, I was having a conversation with a potential customer. It evolved around the missing 10 seconds or so of the video footage between the users of a popular video editing software. The company had 70% Windows users, and 30% users on the Mac, both sides accessing the NAS device. The issue was the editors on the Windows side will store the raw and edited files to the NAS, but when the Mac users read them, they will often find 10 seconds or so of the stored video files missing.

The likeliest culprit of this problem is the way the SMB protocol write I/O behaves in Windows and in MacOS. Windows SMB, by default, writes I/O asynchronously while SMB on MacOS writes I/O synchronously.

I had a strong conviction I had the answer to this issue but this was not a TrueNAS®, It was another brand of NAS that I did not have knowledge of, and so, I left the conversation feeling quite embarrassed because I had the answer only on the TrueNAS® server side, not on the Windows client side. Bigotry blinded me. Hmmph! 

SMB (Server Message Block) client-server model

Continue reading

Before we say good bye to AFP

The Apple Filing Protocol (AFP) file sharing service in the MacOS Server is gone. The AFP file server capability was dropped in MacOS version 11, aka Big Sur back in December last year. The AFP client is the last remaining piece in MacOS and may see its days numbered as well as the world of file services evolved from the simple local networks and workgroup collaboration of the 80s and 90s, to something more complex and demanding. The AFP’s decline was also probably aided by the premium prices of Apple hardware, and many past users have switched to Windows for frugality and prudence reasons. SMB/CIFS is the network file sharing services for Windows, and AFP is not offered in Windows natively.

MacOS supports 3 of the file sharing protocols natively – AFP, NFS and SMB/CIFSas a client. Therefore, it has the capability to collaborate well in many media and content development environments, and sharing and exchanging files easily, assuming that the access control and permissions and files/folders ownerships are worked out properly. The large scale Apple-only network environment is no longer feasible and many studios that continue to use Macs for media and content development have only a handful of machines and users.

NAS vendors that continue to support AFP file server services are not that many too, or at least those who advertise their support for AFP. iXsystems™ TrueNAS® is one of the few. This blog shows the steps to setup the AFP file services for MacOS clients.

Continue reading

4 Digital Workplace Moves after COVID-19

[ Note: This article was published on LinkedIn on March 24, 2020. Here is the link to the original article ]

We live in unprecedented times. Malaysia has been in Movement Control Order (MCO) Day 7, which is basically a controlled lockdown of movements and activities. In many cases, businesses have grounded to a halt, and the landscape has changed forever. The “office” will not always be a premise anymore, and the “meetings” will not be a physical face-to-face conversation to build relationships and trust.

Trust is vital. A couple of weeks ago, I wrote 關係 (Guan Xi), and having to re-invent Trust in a Digital World.

No alt text provided for this image

The impact on organizations and businesses is deep and powerful and so, as we move forward when the COVID-19 pandemic dies down, organizations’ plans in their Digital Transformation strategy will change as well.

Here are 4 technology areas which I think must take precedence for the Digital Workplace in the Digital Transformation strategy.

Software-Defined Wide Area Network (SD-WAN)

Physically connections have been disrupted. Digital connections are on the rise to supplant “networking” in our physical business world, and the pandemic situation just tipped the scale.

Many small medium businesses (SMBs) rely on home broadband, which may be good enough for some. Medium to large organizations have broadband for business. Larger organizations which have deeper pockets might already have MPLS (multiprotocol label switching) or leased line in place. A large portion might have VPN (virtual private network) set up too.

In time, SD-WAN (software-defined wide area network) services should be considered more profoundly. SD-WAN is a more prudent approach that inculcates digital workplace policies such as quality of service (QOS) for critical data connections, allocating network attributes to different data workloads and network traffic, VPN features and most come with enhanced security addendum as well. .

In addition to performance, security and capacity control, SD-WAN implementation helps shape employees’ digital workplace practices but most importantly, redefine the organization’s processes and conditioning employees’ mindsets in the Digital Transformation journey.

 

Video Meetings & Conferencing

The Video Meetings and Conferencing solutions have become the poster child in the present pandemic situation. Zoom, Webex, Microsoft Teams, Skype (it is going away), GoToMeetings and more are dominating the new norm of work. Work from home (WFH) has a totally new meaning now, especially for employees who have been conditioned to work in an “office”.

I had more than 15 Zoom meetings (the free version) last week when the Malaysian MCO started, and Zoom has become a critical part of my business now, and thus, it is time to consider paid solutions like Zoom or Webex as part of an organization’s Digital Workplace plans. These will create the right digital culture for the new Digital Workplace.

Personally I like Uberconference because of their on-hold song. It is sang by their CEO, Alex Cornell. Check out this SoundCloud recording.

File Sharing

Beneath the hallowed halls of video meetings and conferencing, collaboration happens with data shared in files. We have been with file and folders from our C: drives or NAS Home Directories or File Server’s shared drives that these processes are almost second nature to us.

In the face of this COVID-19 pandemic, files and information sharing has become cumbersome. The shared drive is no longer in our network, because we are not in the organization’s LAN and intranet anymore. We are working at home, away from the gigabit network, protected by the organization’s firewall, and was once slaved … err … I mean supported by our IT admins.

The obvious reaction (since you can’t pass thumb drives anymore at present) is to resort to Dropbox, OneDrive, Google Drive and others, and hoping you won’t max out your free capacity. Or email attachments in emails going back and forth, and hoping the mail server will not reject files larger than 10MB.

The fortunate ones have VPN client on their laptops but the network backhaul traffic to the VPN server at the central VPN server, and overloading it to the max. Pretty soon, network connections are dropped, and the performance of file sharing sucks! Big time!

What if your organization is a bank? Or an Oil & Gas company where data protection and data sovereignty dictate the order of the day? All the very-public enterprise file sync and share (EFSS) like Dropbox or OneDrive or Google Drive totally violate the laws of the land, and your organization may be crippled by the inability to do work. After all, files and folders are like the peanut-butter-jelly or the nasi lemak-teh tarik (coconut rice & pulled tea Malaysian breakfast) combo of work. You can’t live without files and folders.

The thoughts of having a PRIVATE on-premises EFSS solution in your organization’s Digital Transformation strategy should be moved from the KIV (keep in view) tray to a defined project in the Digital Transformation programme.

At Katana Logic, we work with Easishare, and it is worth having a serious plan about building your own private file share and sync solution as part of the Digital Workplace.

Security

In such unprecedented times, where our attention is diverted, cybersecurity threats are at its highest. Financial institutions in Malaysia have already been summoned by Malaysia Bank Negara central bank to build the industry’s expectations and confidence through the RMiT framework. Conversations with some end users and IT suppliers to Malaysian banks and other financial institutions unfortunately, revealed the typical lackadaisical attitude to fortify cyber resiliency practices within these organizations. I would presume the importance of cybersecurity and cyber resiliency practices would take a even further back seat with small medium businesses.

On a pessimistic note, ransomware and DDOS (distributed denial-of-service) have been on the rise, and taking advantage of this pandemic situation. NAS, the network attached storage that serves the organization shared files and folders has become ransomware’s favourite target as I have wrote in my blog.

But it does not have to be expensive affair with cybersecurity. Applying a consistent periodical password change, educating employees about phishing emails, using a simple but free port scanners to look at open TCP/UDP ports can be invaluable for small medium businesses. Subscribing to penetration testing (pentest) services at a regular frequency is immensely helpful as well.

In larger organizations, cyber resiliency is more holistic. Putting in layers for defense in depth, CIA (confidentiality, integrity, availability) triad, AAA (authentication, authorization, audit) pro-active measures are all part of the cybersecurity framework. These holistic practices must effect change in people and the processes of how data and things are shared, used, protected and recovered in the whole scheme of things.

Thus organizations must be vigilant and do their due diligence. We must never bat any eye to fortify cyber security and cyber resiliency in the Digital Workplace.

Parting thoughts

We are at our most vulnerable stage of our lifetime but it is almost the best time to understand what is critical to our business. This pandemic is helping to identify the right priorities for Work.

At any level, regardless, organizations have to use the advantage of this COVID-19 situation to assess how it has impacted business. It must look at what worked and what did not in their digital transformation journey so far, and change the parts that were not effective.

I look at the 4 areas of technology that I felt it could make a difference and I am sure there are many more areas to address. So, use this pessimistic times and turn it into an optimistic one when we are back to normalcy. The Digital Workplace has changed forever, and for the better too.

Continue reading

NAS is the next Ransomware goldmine

I get an email like this almost every day:

It is from one of my FreeNAS customers daily security run logs, emailed to our support@katanalogic.com alias. It is attempting a brute force attack trying to crack the authentication barrier via the exposed SSH port.

Just days after the installation was completed months ago, a bot has been doing IP port scans on our system, and found the SSH port open. (We used it for remote support). It has been trying every since, and we have been observing the source IP addresses.

The new Ransomware attack vector

This is not surprising to me. Ransomware has become more sophisticated and more damaging than ever because the monetary returns from the ransomware are far more effective and lucrative than other cybersecurity threats so far. And the easiest preys are the weakest link in the People, Process and Technology chain. Phishing breaches through social engineering, emails are the most common attack vectors, but there are vhishing (via voicemail) and smshing (via SMS) out there too. Of course, we do not discount other attack vectors such as mal-advertising sites, or exploits and so on. Anything to deliver the ransomware payload.

The new attack vector via NAS (Network Attached Storage) and it is easy to understand why.

Continue reading

Magic happening

[Preamble: I am a delegate of Storage Field Day 15 from Mar 7-9, 2018. My expenses, travel and accommodation are paid for by GestaltIT, the organizer and I am not obligated to blog or promote the technologies presented at this event. The content of this blog is of my own opinions and views]

The magic is happening.

Dropbox, the magical disruptor, is going IPO.

When Dropbox first entered into the market which eventually termed as BYOD (Bring your Own Device), it was a phenomenon. There was nothing else that matched its simplicity and ease-of-use. A file uploaded into the cloud was instantaneously available on the tablets and smart phones. It was on every storage vendor’s presentation slides, using Dropbox as the perennial name dropping tactic to get end users buy-in.

Dropbox was more than that, and it went on to define a whole new market segment known as Enterprise File Synchronization and Sharing (EFSS), together with everybody else such as Box, Easishare (they are here in South East Asia), and just about everybody else. And the executive team at Dropbox knew they were special too, so much so that they rejected a buyout attempt by Apple in 2011.

Today, Dropbox is beyond BYOD and EFSS. They are a full fledged collaboration platform that includes project management, project workflow, file versioning, secure file transfer, smart file synchronization and Dropbox Paper. And they offer comprehensive plans from Basic, Plus and Professional to Business and Enterprise. Their upcoming IPO, I am sure, will give them far greater capital to expand, and realize their full potential as the foremost content-based collaboration platform in the world.

Dropbox began their exodus from AWS a couple of years ago. They wanted to control their destiny and have moved more than 500PB into their own private data center for their customer data. That was half-an-exabyte, people! And two years later, they saved $75million of operating costs after they exited AWS. Today, they have more than 1 Exabyte of customer data! That is just incredible.

And Dropbox’s storage architecture started with a simple foundational design called “Magic Pocket“. Magic Pocket is a “fixed-length, immutable” block storage layer.

The block size is fixed at 4MB chunks (for parallel performance and service resumption reasons), compressed and deduped (for capacity savings reasons), encrypted (for security reasons) and replicated (for high availability reasons).

Continue reading

Novell Filr Technology Overview – Part 2

Part 1 of the Novell Filr Technology Overview was too heavy and I had to break up to share the feature of storage.

How will storage space look like to the different access methods or mobile device? Novell Filr does not deviate from the comfortable interface that is functionally similar to applications such as Dropbox. Under the guise of folders and files, the interface is a familiar one. It is called “MY FILES”.

But under the wraps of “MY FILES”, Novell Filr consolidates both Personal Storage and Net Folders locations under one roof. Here’s a look at “MY FILES” and how it consolidates various underlying file storage structure:

Continue reading

The openness of Novell Filr technology

In the previous blog entry, I spoke about finally getting the opportunity look deeper into Novell Filr technology. As I continue my journey of exploration, I am already consolidating information about the other EFSS (Enterprise File Synchronization and Sharing) solutions out there.

Many corporate IT users are moving away from pedantic corporate IT control toward the seemingly easy to synchronize, easy to share, cloud-based services such as Dropbox and Box.net. This practice exposes a big hole in the corporate network, leaking data and files, and yet most corporate IT users are completely ignorant about such a irresponsible act.

Corporate IT users cannot blame IT for being a big A-hole because they keep tight controls of the network and security. It is their job to safeguard the company’s data and files for security, compliance and privacy reasons.

In the past 9-12 months, IT has certainly relaxed (probably “relented” is a better word) their uptight demeanour because they know they couldn’t stop the onslaught of BYOD (bring your own devices). The C-level and the senior management have practically demanded it and had forced their way to bring in their own smart devices and tablets to increase their productivity (Yeah, right!).

To alleviate data security concerns, MDM (Mobile Device Management) solutions are now hot items on the IT shopping list. Since we are talking about Novell, I also got to know that Novell also has an MDM solution called ZenWorks Mobile Management. Novell Zenworks is already well integrated with the proven Novell track record of user and identity management as well as integration with LDAP authentication systems such as Active Directory and eDirectory.

The collision of the BYOD phenomena and the need to securely share corporate data and files security conceives the Enterprise File Synchronization and Sharing market. Continue reading

Novell Filr about to be revealed

My training engagement landed me in Manila this week. At the back of my mind is Novell Filr, first revealed to me a week ago by my buddy at Novell Malaysia. After almost 18 months since I first wrote about it, Novell Filr is about to be revealed in my blog within this month. And it has come at an opportune time, because the enterprise BYOD/file synchronization market is about to take off.

Gartner defines this market as Enterprise File Synchronization and Sharing (EFSS) and it is already a very crowded market given the popularity of Dropbox, Box.net, Sugarsync and many, many others. It is definitely a market that is coveted by many but mastered by a few. There are just too many pretenders and too few real players.

The proliferation of smart phones and tablets and other mobile devices has opened up a burgeoning need to have data everywhere. The wonderfulness of having data right at the fingertips every time they are wanted give rise to the need of wanting business and corporate data to be available as well. The power of having data instantly at the swipe of our fingers on the touchscreen is akin us feeling like God, giving life to our communication and us making opportunities come alive at the very moment. Continue reading

Dropbox – everyone literally dropping their pants

I am not a DropBox user (yet)

But as far as users habits are concerned, Dropbox is literally on fire, and everyone is basically dropping their pants for them. Why? Because Dropbox solves a need that everyone of us has, and have been hoping someone else had a solution for it.

It all started when the founder, Drew Houston, was on a bus ride from Boston to New York. He wanted to work on the 4-hour bus journey, and he had his laptop. Unfortunately, he forgot his thumb drive where his work was and the Dropbox idea was born. Drew wrote some codes to allow him to access his files anywhere, with any device and as they say, “Necessity is the mother of invention”. And it did.

Together with his fellow MIT student, Arash Fedowsi, Drew Houston work on the idea and got funding after that. With a short history about 4 years, it has accumulated about 40 million users by June of 2011. They based their idea of “freemium”, a business model that works by offering a product or service free of charge (typically digital offerings such as software, content, games, web services or other) while charging a premium for advanced features, functionality, or related products and services. And it’s catching like wildfire.

So, how does Dropbox work? In my usual geeky ways, the diagram below should tell the story.

The Dropbox service works flawlessly with MacOS, Windows and Linux. And it has client apps for Apple iOS and Google Android. The copy of the files can be accessible anywhere by almost any device and this simplicity is what the beauty of Dropbox is all about.

In a deeper drive, Dropbox clients basically communicate with the Dropbox server/service in the “cloud” from literally anywhere. The requests for opening a file, reading or writing to it rides on the RESTful cacheable communication protocol encapsulated in the HTTP services. For more info, you can learn about the Dropbox API here.

More about Dropbox in the YouTube video below:

One of the concerns of the cloud is security and unfortunately, Dropbox got hit when they were exposed by a security flaw in June 2011. Between a period of almost 4 hours, after a Dropbox maintenance upgrade, a lot of users’ folders were viewable by everyone else. That was scary but given the freemium service, that is something the users have to accept (or is it?)

This wildfire idea is beginning to take shape in the enterprises as well, with security being the biggest things to address. How do you maintain simplicity and make the users less threatened but at the same time, impose security fences, data integrity and compliance for corporate responsibility? That’s the challenge IT has to face.

Hence, necessity is the mother of invention again. Given the requirement of enterprise grade file sharing and having IT to address the concerns about security, integrity, controls, compliance and so on and not to mention the growth magnitude of files in the organization, Novell, which I had mentioned in my earlier blog, will be introducing something similar by early next year in 2012. This will be the security-enhanced, IT-controlled, user-pleasing file sharing and file access solution called Novell Filr. There’s a set of presentation slides out there.

We could see the changing of the NAS landscape as well because the user experience is forcing IT to adapt to the changes. Dropbox is one of the pioneers in this new market space and we will see more copy-cats out there. What’s more important now is how the enterprise NAS will do the address this space?