Digital Vault Kick-off 02/12/2015.  Fast & scalable object level storage  Secure content persistence  Secure bi-directional content sharing  Secure.

Slides:

Advertisements

Similar presentations

Mobile Access: BYOD Trends SCOTT DUMORE - DIRECTOR, TECHNOLOGY, CHANNELS & ALLIANCES AUTONOMY, HP SOFTWARE.

Advertisements

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.

Enterprise Content Management Departmental Solutions Enterprisewide Document/Content Management at half the cost of competitive systems ImageSite is:

<<replace with Customer Logo>>

Secure Lync mobile Authentication

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

“Turn you Smart phone into Business phone “

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

Seafile - Scalable Cloud Storage System

Microsoft Visual Source Safe 6.01 Microsoft Visual Source Safe (MVSS) Presented By: Rachel Espinoza.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

An Introduction to DuraCloud Carissa Smith, Partner Specialist Michele Kimpton, Project Director Bill Branan, Lead Software Developer Andrew Woods, Lead.

File Systems (2). Readings r Silbershatz et al: 11.8.

Public Key Infrastructure from the Most Trusted Name in e-Security.

> Blueprint Kickoff >. Introductions Customer Vision & Success Criteria Apigee Accelerator Overview Blueprint Schedule Roles & Responsibilities Communications.

Kate Keahey Argonne National Laboratory University of Chicago Globus Toolkit® 4: from common Grid protocols to virtualization.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Cross Platform Mobile Backend with Mobile Services James

AnyShare File Synchronization and Sharing for Enterprise

CSC 456 Operating Systems Seminar Presentation (11/13/2012) Leon Weingard, Liang Xin The Google File System.

Healthy Kids Zone Team Introduction Chad Honkofsky 2.

Informatics 43 – May 21, A quote from Piazza “This course is trying to teach you how to be a PM (product manager).”

Using the Powerful Microsoft Azure Platform, e-SUAP Properly and Securely Manages All Steps for Customizable Business Activities Permissions MICROSOFT.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Tejasvi Kumar Technology Specialist – VSTS Microsoft Corporation

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Information Systems and Network Engineering Laboratory II DR. KEN COSH WEEK 1.

Copyright © 2015 – Curt Hill Version Control Systems Why use? What systems? What functions?

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Introduction to DFS. Distributed File Systems A file system whose clients, servers and storage devices are dispersed among the machines of a distributed.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Presented by: Sanketh Beerabbi University of Central Florida.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Amit Warke Jerry Philip Lateef Yusuf Supraja Narasimhan Back2Cloud: Remote Backup Service.

Bizfss File Sync and Sharing Solution, Built on Microsoft Azure, Allows Businesses to Sync, Share, Back Up Using Their Own Cloud Storage MICROSOFT AZURE.

Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.

WSV Problem Background 3. Accelerated Protocols and Workloads 4. Deployment and Management 2. BranchCache Solution Modes 5. BranchCache Protocols.

E a s y S h a r e Jung Son Ky Le. Operational Concepts Recent years, huge number of growth in Internet users and broadband usage File-sharing become extremely.

Wireless and Mobile Security

Introduction TO Network Administration

Flight is a SaaS Solution that Accelerates the Secure Transfer of Large Files and Data Sets Into and Out of Microsoft Azure Blob Storage MICROSOFT AZURE.

Experiments in Utility Computing: Hadoop and Condor Sameer Paranjpye Y! Web Search.

AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.

Anetd and the Abone SRI International Livio Ricciulli.

Globus online Delivering a scalable service Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

How to build a tailored and unified ECM platform? The recipe for success, from the field Maxime ORAIN Head of European Alfresco Skills Centre Rémi MOEBS.

Citrix ShareFile. Instant file access from any device Sharing and collaboration—with anyone Easy & Familiar (love Dropbox) USERS DEMAND Security Control.

© 2012 IBM Corporation IBM Worklight Overview Martin Triska – IBM Worklight specialist (420) July 2012.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

Amazon Web Services. Amazon Web Services (AWS) - robust, scalable and affordable infrastructure for cloud computing. This session is about:

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

File Syncing Technology Advancement in Seafile -- Drive Client and Real-time Backup Server Johnathan Xu CTO, Seafile Ltd.

REST API for Mobile Devices

InGenius Connector Enterprise Microsoft Dynamics CRM

An Introduction to Office 365: OneDrive For Business

Amazon Storage- S3 and Glacier

An Introduction to Office 365: OneDrive For Business

Simple Storage Service

Fastdroid Produced by : Firas Abdalhaq Mohammad Amour Supervised by : Dr. Raed Alqadi.

Week 01 Comp 7780 – Class Overview.

Chapter 3: Windows7 Part 4.

Newness and Coolness in Configuration MANAGER

Introduction to Soonr by ….

Running on the Powerful Microsoft Azure Platform,

Public Key Infrastructure from the Most Trusted Name in e-Security

Technical Capabilities

Presentation transcript:

Digital Vault Kick-off 02/12/2015

 Fast & scalable object level storage  Secure content persistence  Secure bi-directional content sharing  Secure content provenance  Shared content libraries  Private-hosted file synchronization  Built upon open source components  Basic security model with optional extensions (consumer-driven security enforcement)  Vault-in-vault concept © Trust1Team 2015 Intro Digital Vault Engine our understanding

 Policies for user storage quota available  API Engine available  On-premise solution  User OAuth2 consent available in existing authorization infrastructure  User authentication available in existing authentication infrastructure © Trust1Team 2015 Concept assumptions

© Trust1Team 2015 Concept at the center of the solution: secured content

 Content encryption standards X509 private keys for desktop clients PDKDF2 session keys using RSA encryption AES-256/CBC encryption for data transfer ISO AES256 encryption for PDF encryption ISO/IEC 9899:1999 Digital sign shared documents using ETSI AdES and ASiC  Adaptable feature-rich security model Optional password protection on shared link Optional expiration time on shared link Optional signing for content integrity Optional X509 public key signing for content transfer © Trust1Team 2015 Concept security Standards

© Trust1Team 2015 Concept security at all levels

 Vault Security Secured local storage Secured cloud storage Secured content transfer Trusted list of sync devices Secured token distribution Content provenance and Content integrity  Vault Archiving Content retention using Apache CMIS Content retention to private cloud distributed storage © Trust1Team 2015 Concept security at all levels

 Micro-service design  Stateless services design  API-first design  Behavior driven development  User-centric  Semantic Versioning © Trust1Team 2015 Concept design principles resilient elastic stateless responsive

 In scope – Demo DV application OAuth2 enabled Angular JS To test all endpoints with user actions: – upload, share, download,…  Synchronization client cfr. Seafile clients available OSX, Windows, Linux, terminal based Mobile Android Mobile iOS © Trust1Team 2015 Concept wireframes

 Mobile applications (Android & iOS) © Trust1Team 2015 Concept wireframes

© Trust1Team 2015 Concept architecture component model assumption: existing search engine

Client side (front-end) – 3 rd party web applications for a variety of devices – Demo DV application made within the scope of the project – Desktop synchronization clients – Mobile synchronization clients Server side (back-end) – Digital Vault Engine – Integration with API Engine – Integration with Search Engine Server side (storage) – Storage and storage replication (quota storage policy) – Archiving to private distributed cloud storage – Archiving to ECM via Apache Chemistry layer © Trust1Team 2015 Concept architecture component model

 Basic version of the DV Demo application  Connects directly to the micro-service API  Implements following user stories: 1) upload file from DV Demo app into existing DV folder 2) share file from DV Demo app => mail to user with link 3) user downloads file using the link from the received mail © Trust1Team 2015 Concept proof of Concept

© Trust1Team 2015 Technology file system design

 Files are organized into Libraries – designed for synchronization Network/storage deduplication No upload/download limit Fast upload (back-end daemons)  Data model and sync similar to GIT (Repo, Branch, Commit, FS, Block)  Selective sync library to devices  Sync with existing folder  Sync client-side end-to-end data encryption  Full platform support: Win, OSX, Linux, mobile  Share to a person or a group  Share specific content or a folder  Read-write and read-only share © Trust1Team 2015 Technology file system design

© Trust1Team 2015 Technology deduplication

© Trust1Team 2015 Technology high-level architecture

 Seafile C, C++ OpenSSL  Java EE JAXRS, CDI Maven Bouncy Castle Crypto API  Sync desktop clients Qt4/5 C++  Sync mobile clients Android iOS © Trust1Team 2015 Technology stack

 Content Integrity and Content Provenance  Archiving to cloud storage  Archiving to ECM platforms  Basic security on all levels  Customizable security © Trust1Team 2015 Technology stack innovative features in the solution Different from cloud storage solutions for personal use Open API security : every application can enforce strong security

 Digipolis and T1T agree on list of detailed product requirements  T1T creates product backlog based on product requirements  Sprints of 2 weeks  Sprint demo  Transparency via JIRA project  Regular sync meetings with Digipolis stakeholder © Trust1Team 2015 Approach sprint planning with monthly releases

sprint 1-2 password, AES folder storage Account Mgmt synch Token Distribution Content Sharing sprint 3-4 security features key store management zip creation & encryption pdf encryption sprint 5-6 content provenance archiving to ECM integration with search engine © Trust1Team 2015 Approach milestones part 1 POC Version 0.0.5

sprint 7-8 archiving to personal cloud storage trusted devices list bug fixing sprint 9 bug fixing move to Acceptance sprint 10 move to production © Trust1Team 2015 Approach milestones part 2 Version Version 1.0.0

 Deliverables Source code Builds Technical documentation User documentation  Project closing Hand-over to technical team User training  Duration of the project is approx 4 months © Trust1Team 2015 Approach deliverables and project closing

Thank you for your kind attention Do you have any questions?

 A typical synchronization work flow consists of the following steps: Seafile client daemon detects changes in the worktree (via inotify etc). The daemon commits the changes to the local branch. Download new changes from the master branch on the server (if any). Merge the downloaded branch into local branch (also checkout changes to worktree). Fast-forward upload local branch to server's master branch.  Custom merge algorithm Auto-sync Git is unreliable Merge after file write-protection releases lock © Trust1Team 2015 Annex 1 Synch algorithm

© Trust1Team 2015 Annex 2 Git approach – why?  Synchronization may be interrupted at any point by shutting down the program or computer, after reboot we lose all notifications from the OS. We need a reliable and efficient way to determine which files in the worktree has been changed (even after reboots).  Git's index file are used to do this. It caches the timestamps of every file in the worktree when the last commit is generated. So we can easily and reliably detect changed files in the worktree since the latest commit by comparing timestamps.  Another notable case is what happens if two clients try to upload to the server simultaneously. The commit procedure on the server ensures atomicity. So only one client will update the master branch successfully, while the other will fail.  The failing client will restart the sync work flow later. It will first merge the changes from the succeeded client then upload again.

© Trust1Team 2015 Annex 3 Low-bandwidth Network File System  Description of LBFS:  +Digital+Vault+Engine+- +Presentation?preview=/ / /lbfs.pdf +Digital+Vault+Engine+- +Presentation?preview=/ / /lbfs.pdf

 Sprint planning and milestones in Jira:  &projectKey=DIGIDV&view=planning &projectKey=DIGIDV&view=planning © Trust1Team 2015 Annex 4 Backlog

 stars  Estimated at least 200K users worldwide, mostly in Europe  Open Source Software (AGPLv2)  Available Open Source sync clients for desktop and mobile  GIT approach but enhanced for auto-sync and handling large files  Custom merge algorithm  Basic privacy protection  Efficient network transfer (LBFS-based)  Only does what it should do best - approach © Trust1Team 2015 Annex 5 Why Seafile?

 Automatic synchronization  Clients do not store file history, thus they avoid the overhead of storing data twice. Git is not efficient for larger files such as images.  Files are further divided into blocks for more efficient network transfer and storage usage.  File transfer can be paused and resumed.  Support for different storage backends on the server side.  Support for downloading from multiple block servers to accelerate file transfer.  More user-friendly file conflict handling. (Seafile adds the user's name as a suffix to conflicting files.)  Graceful handling of files the user modifies while auto-sync is running. Git is not designed to work in these cases. © Trust1Team 2015 Annex 6 What are the differences for Seafile vs Git?