Dear reader,
With the launch of the new website, hIQkru launched an easter egg campaign to be able to win a free day of consulting. I want to thank all participants for joining in on the competition. The winner has been informed at the beginning of december, but prefers to remain anonymous. He did however agree that hIQkru is able to post what there problem was and how hIQkru is able to provide them with a solution.
The problem relates to document management. Today documents are saved on a standard file server. This file server is backed-up daily to tape. Following concerns do exist:
- Documents are spread everywhere, on people's laptops, on the server, in several cloud services (eg. dropbox, skydrive, ...) depending on the person and it's preferences.
- No backups are taken from the laptops, so this is a risk.
- Difficult to find out who has the latest version of a document.
- Does not prefer to work with public cloud services (eg. Dropbox, Skydrive, ...) due to the security risk. But it is easy for the end users and to share documents while not being in the office.
- What if a laptop get's stolen or infected by ransomware.
- What if the file server dies?
To come to a solution, a number of technologies have been combined. A few points that lead to the solution:
- The file server does not provide flexibility when people often work outside the office.
- Files need to be on the laptops to be able to update them offline. And they need to be kept in sync to assure working on the latest version at all times.
- Geographical redundancy is key to assure business continuity, as not only the file server can die, but also the single internet line at the office.
- A private cloud solution offers redundancy but keeps the control at the customer.
Distributed file system:
As of the geographical redundancy, it is key to have a distributed file system that continuously keeps both locations in sync. If one datacenter crashes or has connectivity problems, the other takes over without data loss. hIQkru choose for BeeGFS (www.beegfs.io) for it's simplicity and simultaneous access to data across the cluster.
Seafile:
Seafile (www.seafile.com) acts like Dropbox or other public cloud services, but the control is completely in your hands. It can sync multiple libraries to allow classification and granular access to data. The server keeps track of all changes to a file and even when it is deleted, it can be recovered. So even if files get encrypted by ransomware, a recovery is as easy as restoring the previous versions. It has clients for many operating systems as well as for mobile devices and tablets. It is also available in Docker (containerised) format.
Docker:
The Seafile instance runs inside a Docker container (www.docker.com). The advantage of this is the easy upgrade facilities and the cluster capabilities to make a service redundant across different nodes/servers. Docker allows mainly Linux applications to run it's specific code without the need for an extra operating system and hypervisor. The application runs on top of the host operating system, not having to install an extra operating system. Docker can thus be used on top of a virtual server or VPS. There are many VPS providers within the EU to make sure not to violate the GDPR law.
eCryptFS:
Last but not least is the importance of data protection within the cloud. This is done using eCryptFS (www.ecryptfs.org) and sits on top of the distributed file system. This is required to make sure there is no data leaked towards the cloud provider. Although you will have a solid contract, you can never be sure who has access to the virtual disk drives used within your cloud. Encrypting your critical business documents and data is therefor preferred.
To make it visual:
the datacenters can be virtualised using VPS systems or can be installed on physical servers, the solution works in both cases. The traffic between both datacenters is secured using an IPSEC site to site tunnel. Access to the solution can be direct, via IPSEC site-to-site tunnel from the customer's office or via SSL VPN. In the last case, this can be made part of the Docker cluster as well to provide redundancy.
If you want more information about this solution or want to discuss about other solutions hIQkru can offer, feel free to contact hIQkru at: freelance@hiqkru.be.
If you missed the easter egg competition, don't worry as there will be new competitions in the future. Stay tuned and subscribe to the Blog to be automatically updated on hIQkru's news.
Merry Christmas & A Happy New Year!
Steven.