The Filer does not stand in the path of your data, which moves directly to and from the cloud, but it does call home on occasion. We discussed the alert system in a previous post. Here are two more reasons.
If your copy of the Filer were destroyed, and you then restored it from another location, the technology would quickly pull your data and metadata back from the cloud. But what about your configuration data? When you restore the system, the Filer uses our API to pull back all that key information—users, groups, share names, snapshot intervals, etc. That same data is stored in the cloud as well, so that if Nasuni didn’t exist anymore, you would still be able to retrieve it.
The same API also escrows encryption keys. You can upload your own encryption key, which is what we advise—this is really the best option from a security standpoint. If you do so, Nasuni never sees that key. But if you do not create your own, the Filer generates a key, and the API escrows it at Nasuni.
For security reasons, we make retrieving this key very difficult. If something happens to the machine that is hosting your copy of the Filer and you need to reinstall the appliance, you will eventually be prompted to call our support team. This request to recover an existing Filer will then have to flow through a management approval process. We require solid proof that the request is legitimate. An email address and a password will not suffice.
Once the approval process is over, the key itself can only be de-escrowed here at Nasuni with both a password and an OpenPGP smartcard. This rules out the possibility that a rogue Nasuni employee could leave the company and take customer keys. De-escrow only works with both the smartcard and the password, and the card has to be physically present—it cannot be copied and taken away.
All of this is done, of course, in the service of delivering the best security to our customers.