Jump to content
Covecube Inc.
  • 0

Cloud Encryption Required?


Question

From what I can tell from the docs on CloudDrive, data on cloud services is always unreadable by others, unless they have the CloudDrive software. From the online doc: "For any cloud drives where you choose not to encrypt the drive, StableBit CloudDrive will obfuscate the drive's data using AES 128-bit CBC." If there is no way around this, then it is a problem for me. I would like to mount cloud drives which can be read by other people using other cloud drive software, on the web, or other cloud explorer software. In my case it would not be practical to buy licenses for everyone who might need access to the data. Is it possible to configure CloudDrive so that the data on the cloud provider is standard, readable data?

Link to post
Share on other sites

8 answers to this question

Recommended Posts

  • 0

This is correct. 

Also, if you're looking for specific software, I personally recommind alternativeto.net.  No affiliation, but I use it personally. It's fantastic for discovery, especially if you have a decent starting place.  And it can filter by OS, cost (free, fremium, paid, etc).  

Link to post
Share on other sites
  • 0

Need some help - I've been waiting for CloudDrive to allow for non-encrypted storage.  I have a main server with ~20 drives attached all using DrivePool, and I have a media player at my TV that physically connects to a local mesh access point.  The speed between the mesh access points is good, but I still get "buffering" a lot when streaming from the server from the DrivePool.  So when CloudDrive first came out, I was like great! I can install a local NAS device, have the DrivePool server put media on the local NAS device via CloudDrive, and then the server would count it towards duplicate storage, along with a local NAS that the media player could play off of.  Except it can't.  Because the media player can't read anything in the CloudDrive.

My second issue with using the encryption is that there is occasionally a hiccup in the mesh network, or power flicker, whatever that upsets and causes a disconnect between the server and the NAS.  Recovering 13TB on a NAS takes days, and in those days, my DrivePool won't allow writes.

So - while yes, it would defeat the purpose of cloud storage to allow turning off encryption, it would be incredibly handy for NAS and Windows File Shares to use non-encrypted storage.

Can it be done?  I've been watching this thread and for this capability for 5+ years.

Link to post
Share on other sites
  • 0
13 hours ago, XAlpha said:

Can it be done?  I've been watching this thread and for this capability for 5+ years.

To be clear: encryption is (and has always been) optional even on CloudDrive volumes hosted on cloud providers. You do not have to enable encryption for volumes stored on cloud storage or local storage.

But what I suspect that you are actually talking about is that you want the data to be accessible in whatever native, unobfuscated file format your applications are accessing when encryption is disabled, but that simply isn't possible with CloudDrive. It just isn't how this particular software works. As mentioned in the above post from June, there ARE tools you can use to basically access cloud storage with a front-end that mounts it as a local drive, this just isn't that tool.

Even if you could use a multi-terabyte chunk size, your drive would still just be one giant obfuscated chunk because what CloudDrive actually stores is a drive image. It's effectively the same thing as a VHD or VMDK--and that is by design. Even an unencrypted volume is still stored as an unencrypted drive image, not the native files that you're probably looking to access.

If I'm understanding your needs correctly, though, it actually sounds like your needs are much simpler than CloudDrive. It sounds like you actually just need a SMB share and a sync tool like SyncToy to mirror certain content from the server to a NAS? Is that correct?

Link to post
Share on other sites
  • 0

Yes, but I want it to duplicate as part of my DP.  Total drivepool size is 192 TB, and I don't want to manually determine which media files are copied to the NAS.  I want a solution that has the NAS as part of the DP, included in the duplicated files, where I can specify which folders get duplicated on the NAS.  So I need a way of adding a NAS to the DP, and it be readable from third party devices.

Example:

DrivePool has 5 folders, 2 of which are media folders.  Four folders are set up for 2x duplication, and one folder is set up for 3x duplication.  I want my NAS to count towards the duplication count, and its spare capacity leveraged into the DP.  I can set balancing rules to only have the media folders on the NAS from DP, or at least that be the primary location for them, and then I don't have to store the files manually and copy them around when I want to watch them, in addition to managing their duplication.

I believe that was part of the original design intent of CD, or at least an option thereof.  And it takes way, way too long to rebuild/recovery when CD loses network connectivity.  Days is not okay, even if 13 TB.

Link to post
Share on other sites
  • 0
17 hours ago, XAlpha said:

I believe that was part of the original design intent of CD, or at least an option thereof.

Not to my knowledge, no. CloudDrive is just a tool to store a psuedo-native file system on another sort of storage protocol. CloudDrive takes non-native file storage like FTP, SMB, or a cloud storage host, and provides a native (NTFS or ReFS) file system for Windows. It's a middle man for the a storage API/protocol so that windows can access that storage as if it were a local drive. But the side effect is that the data must be accessed via the CloudDrive application. It is not intended to be a front-end for the non-native API. Tools like rClone or Netdrive are. Unless some future version of the application makes pretty dramatic changes to the entire functionality, its data will never be accessible in the way that it sounds like you want it to be--encrypted or not.

Any file system that can be added to DrivePool directly can have its duplication managed by DrivePool itself, and file systems that cannot (like, for example, SMB shares or dynamic volumes) can simply be mirrored using a simple sync tool (of which there are many). Microsoft's own SyncToy is one, though I believe it takes some finagling to make it work on Windows 10. You likely can't add the NAS to the DrivePool (assuming it is an SMB share--I believe iSCSI CAN be added, but I'm not familiar with the process) but you can use many other options to just mirror/sync directories from the pool to the NAS.

Note that while you you CAN use CloudDrive to create a volume on the NAS and add THAT to the DrivePool, and configure the duplication that way, the data on the NAS that CloudDrive creates will not be accessible to any system that isn't the one hosting the DrivePool and CloudDrive clients that are connected to the drive--nor is there really any way to modify CloudDrive to accomplish this goal without completely changing the way it works now.

So, some options, then:

  • You could try adding the NAS to DrivePool via iSCSI as mentioned above. I've never done this, but I believe there is some discussion elsewhere on the forum that you should be able to find to help you do this. The iSCSI volume can then be added to your DrivePool and your duplication adjusted accordingly.
  • You could create a directory/volume WITHIN the pool, at the cost of pool space, which you can duplicate the data to, and then set up another tool like SyncToy to mirror THAT directory to your NAS.
  • You could just use a tool like SyncToy to duplicate all of your media folders to the NAS.
  • Or, to save space, you might be able to script up something simple that copies media to the NAS as required.

Ultimately, though, note that none of these solutions use CloudDrive, and that there isn't any way to make CloudDrive do what you want it to do. And that isn't a factor of encryption. It's just a byproduct of the fundamental mechanism by which CloudDrive operates. Its data just isn't accessible outside of the application any more than a VHD is accessible to a host system outside of the VM--and for the same reasons. CloudDrive's data contains structural information about the drive, as well as relevant file system information, in addition to the actual files that it stores. CloudDrive certainly CAN be used to extend your pool, or to provide an off-site duplication resource to supplement your pool, but it is only capable of enhancing the pool in this manner for the system that hosts the pool itself. That system would then have to share the data with other systems via other, more traditional means.

17 hours ago, XAlpha said:

And it takes way, way too long to rebuild/recovery when CD loses network connectivity.  Days is not okay, even if 13 TB.

As far as this goes, I'm not sure what it means. It SHOULDN'T take days to recover from a simple network or power failure. I have around 300TB stored in a single cloud-based CloudDrive drive and it takes maybe 15-20 minutes to recover from a power failure or other hardware reboot. A temporary network failure simply dismounts the drive and remounts the drive once connectivity has been restored. No additional recovery time is necessary for that. The only time that either the stable or most recent beta version of CloudDrive should have to actually rebuild the database for a large drive (which does take awhile, though not days even for my drive) is when the local storage information/cache is actually corrupt and CloudDrive needs to audit the entire drive structure in order to determine what actually exists and what doesn't.

It MIGHT be the case that the code for the NAS provider is less efficient. I've never used the NAS provider with CloudDrive, so I can't say. But you'd have to just reach out to Covecube via the contact form and ask.

Link to post
Share on other sites
  • 0

It's a Drobo NAS, and it's set up via CD as a Windows file share; I don't think Drobo NAS support iSCSI, and without a dedicated network connection, it would trash the WiFi mesh network that it runs on.  I'm using Server 2016, so I have some options, but I need something that can be added to DP.

At one point Christopher alluded that native access to the CD data was one of the most often requested features, and that was years ago.  I'm still waiting...  and hoping...

As far as the recovery, no idea why it takes so long.  File transfers to/from the NAS run around 115 MB/sec, so I'm saturating the network connections.  It shouldn't take that long, but it does consistently.  Router firmware updates are the worst.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...