RW
Uploaded byRobert Wojciechowski
2,936 views

Keeping your files safe in the post-Snowden era with SXFS

This document describes SXFS, an encrypted distributed filesystem that allows for easy and secure file sharing. Some key points: - SXFS uses client-side encryption with AES 256 and file deduplication to securely store and transfer files. - It provides fault tolerance and scalability by backing the encrypted filesystem with the distributed SX object storage. Additional nodes can be added to increase speed and storage capacity. - Setup involves installing SXFS on clients and servers, creating a user and volume, and mounting the encrypted filesystem on clients for easy access to shared files.

Embed presentation

Download to read offline
Keeping your files safe in the post-Snowden era with SXFS
Never trust anyone… • Client side encryption • Secure transfer • Fault tolerance But keep it all easy!
All-in-one solution Encrypted filesystem backed by SX object storage Licence: GPLv2 $ git clone http://git.skylable.com/sx
SXFS Under the hood
• FUSE API implementation • Files are mapped to remote objects • Task queuing • Transfer resumes User interaction
• Files are divided into same sized blocks • Parallel block transfers • Consistent hashing Data transfer Only encrypted data is sent!
• AES 256 CBC + HMAC • Deduplication on a file level • Filename and file size encryption Client-side encryption FULLY DENIABLE!
Architecture
Time to scale out!
SXFS Getting started
Officially part of : • Fedora • Debian / Ubuntu • Gentoo Coming soon: • CentOS SIG • MacOSX Mac Ports Supported platforms
Fedora: yum install skylable-sx Debian / Ubuntu: apt-get install sx Gentoo: emerge net-misc/sx Installation
rpm-based: yum install libcurl-devel zlib-devel nss- devel openssl-devel fuse-devel deb-based: apt-get install libssl-dev libcurl4-openssl- dev libz-dev libfuse-dev $ wget http://cdn.skylable.com/source/sx-2.0.tar.gz $ tar xvzf sx-2.0.tar.gz $ cd sx-2.0 $ ./configure && make && sudo make install From source
SXFS Server setup
sx@node1 # sxsetup Enter the cluster name (use the same across all nodes: sx.foo.com Path to SX storage[default=/var/lib/sxserver]: <ENTER> Maximum size: 1T Enter the IP address of this node: 192.168.10.1 Is this the first node of a new cluster? (Y/n) <ENTER> Is this correct? (Y/n) <ENTER> sx@node1 # sxsetup
$ sxacl useradd john@foo.com sx://admin@sx.foo.com Enter password for user 'john@sx.foo.com’ Enter password: Re-enter password: User successfully created! $ sxvol create -o john@foo.com -s 100G -r 1 -f aes256 sx://admin@sx.foo.com/vol-john Volume 'vol-john' (replica: 1, size: 100G, max- revisions: 1) created. Create a user and a volume
SXFS Client setup
$ sxinit sx://sx.foo.com $ mount –t fuse.sxfs –o use_queues sx://sx.foo.com/your-vol /mountpoint fstab example: sx://sx.foo.com/your-vol /mountpoint fuse.sxfs _netdev,fsname=sxfs,use_queues,allow_other 0 0 Linux and MacOSX
If you liked SXFS you might also like…
Like OwnCloud but with client-side encryption. Available for: www.sxdrive.io
Robert Wojciechowski & Jakub Chyłkowski follow @skylable www.sxfs.io/faq
No single point of failure Choose your replica level Fully distributed
Need more speed? Add more nodes. Need more space?Add more nodes. Join more nodes
sx@node2 # sxsetup Enter the cluster name: sx.foo.com Path to SX storage [default=/var/lib/sxserver]: <ENTER> Maximum size: 1T Enter the IP address of this node [default=192.168.10.2]: <ENTER> Is this the first node of a new cluster? (Y/n) n Please provide the IP address of a working node in 'sx.foo.com'. IP address: 192.168.10.1 Admin key or path to key-file [default=]: 0DPiKuNIrrVmD8IUCuw1hQxNqZcVPDD82Gkq7PMFYpk3qA8ddxxxxxxx Is this correct? (Y/n) <ENTER> Server certificate: SHA1 fingerprint: 198b0ce5161757ea9bc83fc77627eb8c0958d591 Do you trust this SSL certificate? [y/N] y sx@node2 # How to join more nodes

More Related Content

PDF
Comparison of-foss-distributed-storage
byMarian Marinov
 
PDF
Performance comparison of Distributed File Systems on 1Gbit networks
byMarian Marinov
 
PDF
Comparison of foss distributed storage
byMarian Marinov
 
PDF
GlusterFS As an Object Storage
byKeisuke Takahashi
 
PPTX
OpenZFS data-driven performance
byahl0003
 
PDF
LizardFS-WhitePaper-Eng-v3.9.2-web
bySzymon Haly
 
PDF
Redis persistence in practice
byEugene Fidelin
 
PDF
How choosing the Raft consensus algorithm saved us 3 months of development time
byRobert Wojciechowski
 
Comparison of-foss-distributed-storage
byMarian Marinov
 
Performance comparison of Distributed File Systems on 1Gbit networks
byMarian Marinov
 
Comparison of foss distributed storage
byMarian Marinov
 
GlusterFS As an Object Storage
byKeisuke Takahashi
 
OpenZFS data-driven performance
byahl0003
 
LizardFS-WhitePaper-Eng-v3.9.2-web
bySzymon Haly
 
Redis persistence in practice
byEugene Fidelin
 
How choosing the Raft consensus algorithm saved us 3 months of development time
byRobert Wojciechowski
 

What's hot

PPTX
Linux network namespaces
byMike Wilson
 
PDF
OpenZFS send and receive
byMatthew Ahrens
 
PPTX
The Basic Introduction of Open vSwitch
byTe-Yen Liu
 
PDF
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
byThe Linux Foundation
 
PDF
Setting up mongo replica set
bySudheer Kondla
 
PDF
Small, Simple, and Secure: Alpine Linux under the Microscope
byDocker, Inc.
 
PDF
Neutron Network Namespaces and IPtables--A Technical Deep Dive
byMirantis
 
PDF
MongoDB Shard Cluster
byAnuchit Chalothorn
 
PDF
Building a network emulator with Docker and Open vSwitch
byGoran Cetusic
 
PPTX
MongoDB Backup & Disaster Recovery
byElankumaran Srinivasan
 
PDF
Docker and friends at Linux Days 2014 in Prague
bytomasbart
 
PPTX
Install ovs on local pc
byApplistarVN
 
PDF
Hands On Gluster with Jeff Darcy
byGluster.org
 
PDF
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
byMichelle Antebi
 
PDF
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...
byMatthew Ahrens
 
PDF
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
byMichelle Antebi
 
PPTX
Vagrant
byDenys Haryachyy
 
PPT
On MongoDB backup
byWilliam Yeh
 
PDF
Control your service resources with systemd
byMarian Marinov
 
PPTX
Mongodb backup
byDharshan Rangegowda
 
Linux network namespaces
byMike Wilson
 
OpenZFS send and receive
byMatthew Ahrens
 
The Basic Introduction of Open vSwitch
byTe-Yen Liu
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
byThe Linux Foundation
 
Setting up mongo replica set
bySudheer Kondla
 
Small, Simple, and Secure: Alpine Linux under the Microscope
byDocker, Inc.
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
byMirantis
 
MongoDB Shard Cluster
byAnuchit Chalothorn
 
Building a network emulator with Docker and Open vSwitch
byGoran Cetusic
 
MongoDB Backup & Disaster Recovery
byElankumaran Srinivasan
 
Docker and friends at Linux Days 2014 in Prague
bytomasbart
 
Install ovs on local pc
byApplistarVN
 
Hands On Gluster with Jeff Darcy
byGluster.org
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
byMichelle Antebi
 
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...
byMatthew Ahrens
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
byMichelle Antebi
 
Vagrant
byDenys Haryachyy
 
On MongoDB backup
byWilliam Yeh
 
Control your service resources with systemd
byMarian Marinov
 
Mongodb backup
byDharshan Rangegowda
 

Viewers also liked

PPT
Databases: Backup and Recovery
byDamian T. Gordon
 
PDF
Snowden-final-report-for-publication
byZarte Siempre
 
PPTX
Software Testing 3/5
byDamian T. Gordon
 
PPTX
The Post Snowden World One Year Later: What Has Changed?
byChristian Dawson
 
PPTX
Edward joseph snowden
byCelina Anctil
 
PPT
Introduction to HTML
byDamian T. Gordon
 
PPT
Software Testing 5/5
byDamian T. Gordon
 
PPTX
Seen at InfoSec Europe 2015: Spot your Snowden!
byJohn Wallix
 
PPTX
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
byAndrew Schwabe
 
PPT
How to Program
byDamian T. Gordon
 
PPT
Using a memory stick - in the 6 Hats style
byDamian T. Gordon
 
PDF
Snowden's NBC (Anons vs. GCHQ)
byDedalo-SB
 
PDF
Cyber after Snowden (OA Cyber Summit)
byOpen Analytics
 
PDF
Take Back Control in a Post-Snowden World
byHyun Seo
 
PPTX
Privacy post-Snowden
byblogzilla
 
PPTX
Assange & Snowden
byPearlyn Low
 
PPSX
Snowden creates new headache Arise Roby
byArise Roby
 
PPTX
Bus snowden presentation
byCJW78755
 
PPTX
From Orwell to Snowden
byFrancesco Giarola
 
PPT
Alumni from snowden
byNEOA
 
Databases: Backup and Recovery
byDamian T. Gordon
 
Snowden-final-report-for-publication
byZarte Siempre
 
Software Testing 3/5
byDamian T. Gordon
 
The Post Snowden World One Year Later: What Has Changed?
byChristian Dawson
 
Edward joseph snowden
byCelina Anctil
 
Introduction to HTML
byDamian T. Gordon
 
Software Testing 5/5
byDamian T. Gordon
 
Seen at InfoSec Europe 2015: Spot your Snowden!
byJohn Wallix
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
byAndrew Schwabe
 
How to Program
byDamian T. Gordon
 
Using a memory stick - in the 6 Hats style
byDamian T. Gordon
 
Snowden's NBC (Anons vs. GCHQ)
byDedalo-SB
 
Cyber after Snowden (OA Cyber Summit)
byOpen Analytics
 
Take Back Control in a Post-Snowden World
byHyun Seo
 
Privacy post-Snowden
byblogzilla
 
Assange & Snowden
byPearlyn Low
 
Snowden creates new headache Arise Roby
byArise Roby
 
Bus snowden presentation
byCJW78755
 
From Orwell to Snowden
byFrancesco Giarola
 
Alumni from snowden
byNEOA
 

Similar to Keeping your files safe in the post-Snowden era with SXFS

PDF
FUSE Filesystems
byelliando dias
 
PPTX
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
bySandeep Patil
 
PDF
IBM Ported Tools for z/OS: OpenSSH User's Guide
byIBM India Smarter Computing
 
PDF
Why Choose Xen For Your Cloud?
byThe Linux Foundation
 
ODP
Software defined storage
byGluster.org
 
PPTX
Werner Strasser (Fragmentix Storage Solutions)
byPraxistage
 
PPTX
XenServer and OpenStack
byJohn Garbutt
 
PDF
opensourceiaas
byTodd Deshane
 
PPTX
vBACD July 2012 - Xen Cloud Platform
byCloudStack - Open Source Cloud Computing Project
 
PPTX
BACD July 2012 : The Xen Cloud Platform
byThe Linux Foundation
 
PDF
Why Choose Xen For Your Cloud?
byTodd Deshane
 
PDF
5231 140-hellwig
bysprdd
 
FUSE Filesystems
byelliando dias
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
bySandeep Patil
 
IBM Ported Tools for z/OS: OpenSSH User's Guide
byIBM India Smarter Computing
 
Why Choose Xen For Your Cloud?
byThe Linux Foundation
 
Software defined storage
byGluster.org
 
Werner Strasser (Fragmentix Storage Solutions)
byPraxistage
 
XenServer and OpenStack
byJohn Garbutt
 
opensourceiaas
byTodd Deshane
 
vBACD July 2012 - Xen Cloud Platform
byCloudStack - Open Source Cloud Computing Project
 
BACD July 2012 : The Xen Cloud Platform
byThe Linux Foundation
 
Why Choose Xen For Your Cloud?
byTodd Deshane
 
5231 140-hellwig
bysprdd
 

Recently uploaded

PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
API-First Architecture in Financial Systems
bycyy111112
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 

Keeping your files safe in the post-Snowden era with SXFS

  • 1.
    Keeping your filessafe in the post-Snowden era with SXFS
  • 2.
    Never trust anyone… •Client side encryption • Secure transfer • Fault tolerance But keep it all easy!
  • 3.
    All-in-one solution Encrypted filesystembacked by SX object storage Licence: GPLv2 $ git clone http://git.skylable.com/sx
  • 4.
  • 5.
    • FUSE APIimplementation • Files are mapped to remote objects • Task queuing • Transfer resumes User interaction
  • 6.
    • Files aredivided into same sized blocks • Parallel block transfers • Consistent hashing Data transfer Only encrypted data is sent!
  • 7.
    • AES 256CBC + HMAC • Deduplication on a file level • Filename and file size encryption Client-side encryption FULLY DENIABLE!
  • 8.
  • 9.
  • 10.
  • 11.
    Officially part of: • Fedora • Debian / Ubuntu • Gentoo Coming soon: • CentOS SIG • MacOSX Mac Ports Supported platforms
  • 12.
    Fedora: yum installskylable-sx Debian / Ubuntu: apt-get install sx Gentoo: emerge net-misc/sx Installation
  • 13.
    rpm-based: yum installlibcurl-devel zlib-devel nss- devel openssl-devel fuse-devel deb-based: apt-get install libssl-dev libcurl4-openssl- dev libz-dev libfuse-dev $ wget http://cdn.skylable.com/source/sx-2.0.tar.gz $ tar xvzf sx-2.0.tar.gz $ cd sx-2.0 $ ./configure && make && sudo make install From source
  • 14.
  • 15.
    sx@node1 # sxsetup Enterthe cluster name (use the same across all nodes: sx.foo.com Path to SX storage[default=/var/lib/sxserver]: <ENTER> Maximum size: 1T Enter the IP address of this node: 192.168.10.1 Is this the first node of a new cluster? (Y/n) <ENTER> Is this correct? (Y/n) <ENTER> sx@node1 # sxsetup
  • 16.
    $ sxacl useraddjohn@foo.com sx://admin@sx.foo.com Enter password for user 'john@sx.foo.com’ Enter password: Re-enter password: User successfully created! $ sxvol create -o john@foo.com -s 100G -r 1 -f aes256 sx://admin@sx.foo.com/vol-john Volume 'vol-john' (replica: 1, size: 100G, max- revisions: 1) created. Create a user and a volume
  • 17.
  • 18.
    $ sxinit sx://sx.foo.com $mount –t fuse.sxfs –o use_queues sx://sx.foo.com/your-vol /mountpoint fstab example: sx://sx.foo.com/your-vol /mountpoint fuse.sxfs _netdev,fsname=sxfs,use_queues,allow_other 0 0 Linux and MacOSX
  • 19.
    If you likedSXFS you might also like…
  • 20.
    Like OwnCloud butwith client-side encryption. Available for: www.sxdrive.io
  • 22.
    Robert Wojciechowski & JakubChyłkowski follow @skylable www.sxfs.io/faq
  • 23.
    No single pointof failure Choose your replica level Fully distributed
  • 24.
    Need more speed? Addmore nodes. Need more space?Add more nodes. Join more nodes
  • 25.
    sx@node2 # sxsetup Enterthe cluster name: sx.foo.com Path to SX storage [default=/var/lib/sxserver]: <ENTER> Maximum size: 1T Enter the IP address of this node [default=192.168.10.2]: <ENTER> Is this the first node of a new cluster? (Y/n) n Please provide the IP address of a working node in 'sx.foo.com'. IP address: 192.168.10.1 Admin key or path to key-file [default=]: 0DPiKuNIrrVmD8IUCuw1hQxNqZcVPDD82Gkq7PMFYpk3qA8ddxxxxxxx Is this correct? (Y/n) <ENTER> Server certificate: SHA1 fingerprint: 198b0ce5161757ea9bc83fc77627eb8c0958d591 Do you trust this SSL certificate? [y/N] y sx@node2 # How to join more nodes