By Rob Mason on February 24, 2010
Last week we touched on some of the reasons we provide each Nasuni customer with unique cloud credentials. This is an important point, though, so we decided to spell out a few more details here.
The basic idea is simple: Our cloud partners provide access to a given account based on credentials. There are a few different ways we could have facilitated this process, but we determined that providing each of our customers with unique credentials delivers the best combination of security, convenience, and performance.
More on that below. First, though, let’s go through some of the other authentication options, and their drawbacks.
This would be secure, but inconvenient. Nasuni is your gateway to cloud storage. We are trying to make the whole process easier, including the administrative details. With Nasuni, you get one bill, pricing that’s leveled down to dollars per gigabyte, with no bandwidth or transmission charges, and one vendor to call when you have a problem.
Several cloud providers suggested that we perform the authentication ourselves. But this would have meant that every time your data moved to or from the cloud, it would have passed through Nasuni servers. This would have added latency to every request, hindering performance and reliability.
If all Nasuni customers shared a single set of credentials, a malicious customer could—hypothetically—hack his copy of the Filer, uncover those shared credentials, and gain access to other Nasuni accounts. This malicious agent would not be able to read or make sense of any of those files, due to the encryption, but there is a chance he could delete them. With unique credentials, this attack is not possible. Each Nasuni customer is completely independent.
In this case, the Filer would be hosted in the cloud, not at your site, so the credentials wouldn’t be locally available. This would be secure, but slow. Nasuni would not be able to deliver local-like NAS performance.
However, with unique credentials, no other Nasuni customer can access your data. We are removed from the data path, and your copy of the Filer talks to the cloud directly, so you do not have to worry about problems with our servers. This translates to greater reliability.
Since each customer is unique, there’s no deduplication of files across our user base—we guarantee that our customers and their data are independent entities. Finally, if you decide the Nasuni Filer isn’t for you, we allow you to take those unique credentials with you.
Providing each customer with unique credentials proved to be our best option. Given our emphasis on security and performance, it was the only option.
Rob Mason has more than 20 years of operational, management and software development experience, all of it in storage. A meticulous builder and obsessive tester, with an eye for talented engineers, Rob produces rock-solid software, and, through his own example of hard work and ingenuity, inspires his teams to outdo themselves. His determination for thoroughness extends to financial and operational matters, and at Nasuni, he is a powerhouse behind the scenes, managing the company’s operations, in addition to its engineering team. As the VP of Engineering at Archivas from 2004 to acquisition, Rob oversaw all development and quality assurance. After the Hitachi acquisition, he continued in his role, as VP of HCAP Engineering, managing the integration of his team with Hitachi’s and supporting the rollout of HCAP. Before joining Archivas, he was a senior manager at storage giant EMC, where he was responsible for the API, support applications and partner development for EMC’s content-addressed storage product, Centera. In a previous stint at EMC, he was Manager and Principal Design Engineer for the elite Symmetrix Group, where he improved the speed and reliability of EMC’s flagship enterprise storage disk array. Between Centera and Symmetrix, Rob was the co-founder and VP of engineering at I/O Integrity, a storage-based startup developing a high-performance caching appliance. He has a bachelor of science from Rensselaer Polytechnic Institute and a master’s in business administration with honors from Rutgers University. Rob holds upwards of 30 patents.