I want to quickly distinguish our Hybrid Cloud offering from our Private Cloud offering since I thinks this may keep coming up in this thread.
In the Hybrid Cloud offering (this is our 'classic' or previous offering that's been available for quite some time) we don't store any data on our servers. However, because some communication does happen with our servers (e.g. for registration), we heard from businesses and enterprises that they would like a completely on-prem solution to guarantee no data goes to our servers.
This completely on-prem solution is the AeroFS Private Cloud. It's a virtual machine that is packaged as either an OpenStack image or an OVF/OVA file (supporting VMWare/Virtualbox), and in this VM absolutely no communication happens with our servers, period.
I'm curious how you can make money on selling software as an appliance, and guarantee that a customer won't just replicate the system to have more servers?
As the other reply said, to a certain extent you have to trust your customers. Big companies don't want to be exposed to liability - I know of a large organization that accidentally skimped on their license accounting for a database product (not Oracle) and got handed a $40m bill. They negotiated it down from there, but still, people lose their jobs over things like that.
Along those lines, the contracts that customers sign should always include a clause that says you have the right to audit them if you believe they are not in compliance. Typically, you don't want to do that unless you absolutely have to, but it can be a useful tool when renegotiating enterprise "all-you-can-eat" support contracts.
Still, there's technical stuff you can do. Log the IP address, hostname, hostid, mac address, and so on into your logs on startup. Then, when a customer submits a support case and uploads log files, store that info somewhere. Or create a "support package" that includes anonymous usage data and ask customers to upload.
But the absolute last thing you want to do is deal with licenses and keys and hard limitations. All you'll do is piss off your customers when they hit their hard limit under a deadline at Friday at 4pm.
It's becoming increasingly common with this kind of hybrid product that has both hosted and on-premises offerings. You either trust your customers or you don't. And if you want their business, you need to trust them. Sure, some will take advantage of this - but most will do the right thing.
In addition, the customers that have requirements for this kind of offering are the last who are likely to skimp on payments. If a customer wants on-premise solutions, they do not want it calling home. Period, for any reason, not ever. These tend to be more regulated environments, where product licensing is taken seriously.
[edit: object and predicate should match. or something like that.]
You could have a look at Owncloud (http://owncloud.org).
I played around with it a couple of days ago and seems to be quite powerful. It acts very much like Dropbox and can be installed on any web server that supports PHP.
That doesn't help with the clients. If someone doesn't trust AeroFS not to leak data, why would they be able to trust the AeroFS client not to leak data? The server is only one half of the problem.
Actually, with our Private Cloud offering you pretty well can guarantee privacy by simply firewalling the virtual appliance from the rest of the world, if you would like to :)
Feel free to sign up and packet inspect the traffic!
Does AeroFS do both encryption for in-flight and at-rest data?
One of the things I didn't like about AeroFS when I last looked at it was the dependency of having Java avail on systems. I try to remove Java as much as possible and it certainly would be nice if the AeroFS client were avail in a different bundle.
The irritating part is that even though AeroFS requires Java, it has platform-dependent libraries as well, so you can't just run it on, say, an ARM machine (which is what I'm waiting for).
It's a nice way to alleviate the barrier to monetization that open-source-as-security poses. In short, instead of having lamdba user trusting 'the community' for security audits, now each user has to implement security measures.
This leaves users holding the bag. Well, it should work for you but remains subpar.
In my experience "the community" cannot be trusted for security audits, as far as most FLOSS goes. In fact if a program can be "made secure" by yourself just by firewalling it properly, I'd be more inclined to trust that measure over any FLOSS community audit.
Having said that, the idea of running software I mistrust so much that I haveto firewall it on my network is unacceptable.
If you store binaries on the system and the system can recognize them, it could change the served versions to insert malware.
This attack isn't purely theoretical. I believe Ian Goldberg and David Wagner's group at UC Berkeley demonstrated it in the 1990s against a LAN-based NFS server that was serving shared software to workstations. Instead of making the NFS server itself malicious, they raced against it to provide modified binaries that the workstations would then execute. However, if the NFS server had been malicious, it could have carried out the same attack, without directly leaking user data to the Internet.
If you could compromise workstations this way, you could then try to find another channel through which to have the workstations themselves exfiltrate data. One example might be a variant on the Telex system:
What interest me at the moment, as someone who builds a web application without any user management or storage (i.e. purely to integrate which other storage solutions), is how to integrate with solutions like this behind the firewall.
I get asked this question probably 10-15 times a month and the rate is growing. The problem is that without there being a common solution that application vendors can share, they all seem to end up implementing something custom and that looks a complete mess.
Anyone know of any inside-firewall storage solution that implements something like this, or is the best available solution LDAP + WebDav and do the rest yourself?
I've been using AeroFS for over a year now and its fantastic.
I switched from Dropbox to Aero for all my home computers (of which I have Windows and Linux desktops and Mac laptops) and the unlimited storage (as much as your home computers can hold) is great. Plus the files are only synced within your own computers so security/privacy is much better than uploading all your files to a public service like Dropbox.
The only negative as compared to Dropbox is that their client is not as efficient (it's Java based and takes a bit more resources than Dropbox).
I was looking for a fast file syncing solution that worked on Win/Mac/Lin and didn't really need any GUI or web interface for my files like those 2 services seem to focus on.
Also Tonido has a 2GB limit on their free plan whereas AeroFS lets me sync as much files as I have storage space on my computers (so literally hundreds of GB).
I have not. I basically stopped checking out file syncing solutions as Aero has been working well so far.
I'll have a look at BTsync now though. The feature set seems similar but btsync seems to have better mobile apps (Aero only has an Android app and no iPhone one).
I'm the other way around - have used BTSync for a while, not sure if I should make the move to AeroFS. The use case for BTSync seems to be closer to Dropbox - you give someone a secret, and that shares the folder with them. AeroFS seems to assume trusted environment among all participants, from what I can tell.
Yes I'm not sure that I need or want the shared secret system. I like that BT sync has mobile support but Aero is really good on the platforms I use it the most on -- Win/Mac/Linux.
Also, it seems BT sync still requires a centrally controlled tracker/relay for discovering peers similar to Aero and also isn't open source so not sure I want to bother moving all my systems and setting up the the shared secret keys just for mobile support yet.
Not sure if others agree, but I think these "privacy"- centered alternatives to "cloud" need to be open source to be taken seriously.
Now that is only my opinion - and I am not in sales. But in my view, you cannot pitch a privacy solution honestly without disclosing the architecture of your proposed system, and the only practical way for anyone to verify that architecture and your implementation is going to protect privacy is to look at the source code.
Of course, you can pitch a solution and be less than 100% transparent about how it works. And this may be enough to make sales. But there's no way for the customer to really know if you're being honest unless they, or their trusted agent, can read and compile the source code.
Assuming there are open source alternatives to "cloud" (e.g. peer-to-peer architectures), then maybe there is a market for "privacy consulting" where customers pay consulting fees for the know-how to use open source alternatives to construct data transfer and storage systems that can deliver a level of privacy that the "cloud" architecture cannot. I don't know. I'm just thinking out loud.
Anyway, it's good to hear WSJ saying customers are seeking privacy. The market will no doubt respond.
I'd rather see proper home-hosted solutions - a nice turnkey OwnCloud/IMAP/webmail box. The problem is that devices like this would also have to act as your wifi router to get proper turnkey user-friendly behavior.
So, if you use the Hybrid Cloud version, does all syncing have to go through the AeroFS servers, or can machines on the same LAN sync directly to each other?
Machines can sync directly in most cases (especially on the LAN, and even over the Internet). If, for some reason, communication cannot be established directly between machines, a relay server is used, but the traffic is encrypted end-to-end between the devices, so the relay server cannot decrypt it or MITM it.
Why? You can have both. Encrypt everything before uploading, decrypt on download (and I don't mean SSL, I mean client encrypts, sends encrypted data over SSL, data is stored encrypted, only decrypted by client).
> You can have both. Encrypt everything before uploading, decrypt on download (and I don't mean SSL, I mean client encrypts, sends encrypted data over SSL, data is stored encrypted, only decrypted by client).
Yep, client-side encryption is the only working solution.
The funky bit is that on Linux you can make this fully transparent at the OS level. Expose remote storage via iSCSI, and attach to it so the storage shows up as a block device on your client system. Then put regular on-disk ("partition level") encryption on top of the blockdevice using cryptsetup, and that's it. All storage data sent over the wire is now encrypted, and the crypto mapping layer takes care of hiding the gritty details.
Because the encryption happens beneath the filesystem layer, all the usual tools work as before. For them the only difference is the latency. (Network connection naturally causes an upper bound that is way lower than a local drive.) Works wonderfully for backups, where you want to do incrementals in any case. Just ship rdiff deltas and have a backup tool which takes care of the work.
I actually implemented this as my Master's thesis back in 2006, only to be informed later on that logically identical construct had been shown as early as 2003.
Imagine if rsync was called automatically after every single time a file was changed. And that rsync was done in a mesh, with all of your clients getting synced simultaneously and almost-instantly.
In the Hybrid Cloud offering (this is our 'classic' or previous offering that's been available for quite some time) we don't store any data on our servers. However, because some communication does happen with our servers (e.g. for registration), we heard from businesses and enterprises that they would like a completely on-prem solution to guarantee no data goes to our servers.
This completely on-prem solution is the AeroFS Private Cloud. It's a virtual machine that is packaged as either an OpenStack image or an OVF/OVA file (supporting VMWare/Virtualbox), and in this VM absolutely no communication happens with our servers, period.
(and you can easily verify that)