Jump to content
Google Drive is Discontinued (FAQ added)
  • 0

Encryption, security & scripting

Cam Birch

Asked by Cam Birch,

 Share

Question

Cam Birch Newbie

Cam Birch

Posted
Posted

I'm looking at using this product for a couple of different purposes both personally and professionally.  I think I can answer most of my personal needs questions via a trial but the professional needs aren't so easily satisfied.

 

I'm looking at installing this on a Windows Server 2012 R2 server hosted in the cloud.  This server runs production workloads.  I would like to use this to enable a simpler means of scripting the offsite storage of backups from the server.  There are 2 types of scheduled backups:

- Generated Zip files

- Full server images

 

Since the server is cloud hosted it has a few interesting properties:

- VERY fast IOPS (its on pure flash drives)

- VERY small hard drive

 

For instance there is NOT enough space available on the drive to perform a full image backup.

 

So question 1.  Do you see this scenario as feasible?

 

And then question 2.  Since this is a company asset and the internet is generally horrible, it is a high target for hacking and specifically ransomware type attacks.  Ideally I would like to lock away access to the cloud drive to just the script that is performing the backups thus keeping the cloud drive completely hidden and protected from being encrypted by a hacker.  Would this be possible via a .NET accessible API, or a command line?

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0
Gbyrd Advanced Member

Gbyrd

Posted
Posted

I'm looking at using this product for a couple of different purposes both personally and professionally.  I think I can answer most of my personal needs questions via a trial but the professional needs aren't so easily satisfied.

 

I'm looking at installing this on a Windows Server 2012 R2 server hosted in the cloud.  This server runs production workloads.  I would like to use this to enable a simpler means of scripting the offsite storage of backups from the server.  There are 2 types of scheduled backups:

- Generated Zip files

- Full server images

 

Since the server is cloud hosted it has a few interesting properties:

- VERY fast IOPS (its on pure flash drives)

- VERY small hard drive

 

For instance there is NOT enough space available on the drive to perform a full image backup.

 

So question 1.  Do you see this scenario as feasible?

 

And then question 2.  Since this is a company asset and the internet is generally horrible, it is a high target for hacking and specifically ransomware type attacks.  Ideally I would like to lock away access to the cloud drive to just the script that is performing the backups thus keeping the cloud drive completely hidden and protected from being encrypted by a hacker.  Would this be possible via a .NET accessible API, or a command line?

 

I can give some input on number 2. The drive acts as a regular mounted drive on a system. So if you can encrypt the drive itself via any means you should be able to have it function as you want. However the data cache exists on a drive as a hidden folder. And if that were to be encrypted by say a cryptolocker the files would not be able to be read from the cache.  So if anything you have pending to upload to the cloud or have it stored locally that could be encrypted and inaccessible. So a more recent backup may be unavailable, which is not great for your use case.

 

This is from my experience of working with the product. Drashna could probably enlighten you a bit more about this.

Link to comment
Share on other sites
  • 0
Christopher (Drashna) Advanced Member

Christopher (Drashna)

Posted
Posted

@GByrd, you're pretty much spot on.

 

That said, the cache should be safe.  I'm not sure that cryptolocker can invalidate the Windows file locking methods (if it can, oh shit!), because the cache files are open and locked pretty much the entire time the drive is mounted.   Nothing else should be able to modify them without taking the service offline.

 

 

 

 

But specifically, the cache is stored on a local disk.  And the cache is mandatory, there isn't a way to fully disable it.

 

That means in the case of a full system image backup... this can cause problems.  If the underlying drive that is being used fro the cache gets full, then we severely throttle the write speeds to the drive.  In most cases, this is a good way of handling this.... but for backups, this may cause errors.


2.  Since this is a company asset and the internet is generally horrible, it is a high target for hacking and specifically ransomware type attacks.  Ideally I would like to lock away access to the cloud drive to just the script that is performing the backups thus keeping the cloud drive completely hidden and protected from being encrypted by a hacker.  Would this be possible via a .NET accessible API, or a command line?

 

There isn't a way to do this via scripting right now. 

 

However, we do use IPC, specifically for the UI to communicate to the service (which does all of the heavy lifting). 

 

It may be possible to write some code to handle this for you, in the meanwhile.   

 

But we do plan on adding scripting support for CloudDrive and DrivePool, but that won't happen until later. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...