SlideShare a Scribd company logo

Keeping your files safe in the post-Snowden era with SXFS

R
Robert Wojciechowski

Keeping your files safe in the post-Snowden era with SXFS. Presented at Fosdem 2016.

Technology
1 of 25
Download to read offline
Keeping your files safe in the post-Snowden era with SXFS
Never trust anyone… • Client side encryption • Secure transfer • Fault tolerance But keep it all easy!
All-in-one solution Encrypted filesystem backed by SX object storage Licence: GPLv2 $ git clone http://git.skylable.com/sx
SXFS Under the hood
• FUSE API implementation • Files are mapped to remote objects • Task queuing • Transfer resumes User interaction
• Files are divided into same sized blocks • Parallel block transfers • Consistent hashing Data transfer Only encrypted data is sent!
• AES 256 CBC + HMAC • Deduplication on a file level • Filename and file size encryption Client-side encryption FULLY DENIABLE!
Architecture
Time to scale out!
SXFS Getting started
Officially part of : • Fedora • Debian / Ubuntu • Gentoo Coming soon: • CentOS SIG • MacOSX Mac Ports Supported platforms
Fedora: yum install skylable-sx Debian / Ubuntu: apt-get install sx Gentoo: emerge net-misc/sx Installation
rpm-based: yum install libcurl-devel zlib-devel nss- devel openssl-devel fuse-devel deb-based: apt-get install libssl-dev libcurl4-openssl- dev libz-dev libfuse-dev $ wget http://cdn.skylable.com/source/sx-2.0.tar.gz $ tar xvzf sx-2.0.tar.gz $ cd sx-2.0 $ ./configure && make && sudo make install From source
SXFS Server setup
sx@node1 # sxsetup Enter the cluster name (use the same across all nodes: sx.foo.com Path to SX storage[default=/var/lib/sxserver]: <ENTER> Maximum size: 1T Enter the IP address of this node: 192.168.10.1 Is this the first node of a new cluster? (Y/n) <ENTER> Is this correct? (Y/n) <ENTER> sx@node1 # sxsetup
$ sxacl useradd john@foo.com sx://admin@sx.foo.com Enter password for user 'john@sx.foo.com’ Enter password: Re-enter password: User successfully created! $ sxvol create -o john@foo.com -s 100G -r 1 -f aes256 sx://admin@sx.foo.com/vol-john Volume 'vol-john' (replica: 1, size: 100G, max- revisions: 1) created. Create a user and a volume
SXFS Client setup
$ sxinit sx://sx.foo.com $ mount –t fuse.sxfs –o use_queues sx://sx.foo.com/your-vol /mountpoint fstab example: sx://sx.foo.com/your-vol /mountpoint fuse.sxfs _netdev,fsname=sxfs,use_queues,allow_other 0 0 Linux and MacOSX
If you liked SXFS you might also like…
Like OwnCloud but with client-side encryption. Available for: www.sxdrive.io
Robert Wojciechowski & Jakub Chyłkowski follow @skylable www.sxfs.io/faq
No single point of failure Choose your replica level Fully distributed
Need more speed? Add more nodes. Need more space?Add more nodes. Join more nodes
sx@node2 # sxsetup Enter the cluster name: sx.foo.com Path to SX storage [default=/var/lib/sxserver]: <ENTER> Maximum size: 1T Enter the IP address of this node [default=192.168.10.2]: <ENTER> Is this the first node of a new cluster? (Y/n) n Please provide the IP address of a working node in 'sx.foo.com'. IP address: 192.168.10.1 Admin key or path to key-file [default=]: 0DPiKuNIrrVmD8IUCuw1hQxNqZcVPDD82Gkq7PMFYpk3qA8ddxxxxxxx Is this correct? (Y/n) <ENTER> Server certificate: SHA1 fingerprint: 198b0ce5161757ea9bc83fc77627eb8c0958d591 Do you trust this SSL certificate? [y/N] y sx@node2 # How to join more nodes

Recommended

How choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development timeHow choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development timeRobert Wojciechowski
 
GlusterFS As an Object Storage
GlusterFS As an Object StorageGlusterFS As an Object Storage
GlusterFS As an Object StorageKeisuke Takahashi
 
Performance comparison of Distributed File Systems on 1Gbit networks
Performance comparison of Distributed File Systems on 1Gbit networksPerformance comparison of Distributed File Systems on 1Gbit networks
Performance comparison of Distributed File Systems on 1Gbit networksMarian Marinov
 
Comparison of foss distributed storage
Comparison of foss distributed storageComparison of foss distributed storage
Comparison of foss distributed storageMarian Marinov
 
Redis persistence in practice
Redis persistence in practiceRedis persistence in practice
Redis persistence in practiceEugene Fidelin
 
LizardFS-WhitePaper-Eng-v3.9.2-web
LizardFS-WhitePaper-Eng-v3.9.2-webLizardFS-WhitePaper-Eng-v3.9.2-web
LizardFS-WhitePaper-Eng-v3.9.2-webSzymon Haly
 
OpenZFS data-driven performance
OpenZFS data-driven performanceOpenZFS data-driven performance
OpenZFS data-driven performanceahl0003
 
Comparison of-foss-distributed-storage
Comparison of-foss-distributed-storageComparison of-foss-distributed-storage
Comparison of-foss-distributed-storageMarian Marinov
 

Recommended

How choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development timeHow choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development timeRobert Wojciechowski
 
GlusterFS As an Object Storage
GlusterFS As an Object StorageGlusterFS As an Object Storage
GlusterFS As an Object StorageKeisuke Takahashi
 
Performance comparison of Distributed File Systems on 1Gbit networks
Performance comparison of Distributed File Systems on 1Gbit networksPerformance comparison of Distributed File Systems on 1Gbit networks
Performance comparison of Distributed File Systems on 1Gbit networksMarian Marinov
 
Comparison of foss distributed storage
Comparison of foss distributed storageComparison of foss distributed storage
Comparison of foss distributed storageMarian Marinov
 
Redis persistence in practice
Redis persistence in practiceRedis persistence in practice
Redis persistence in practiceEugene Fidelin
 
LizardFS-WhitePaper-Eng-v3.9.2-web
LizardFS-WhitePaper-Eng-v3.9.2-webLizardFS-WhitePaper-Eng-v3.9.2-web
LizardFS-WhitePaper-Eng-v3.9.2-webSzymon Haly
 
OpenZFS data-driven performance
OpenZFS data-driven performanceOpenZFS data-driven performance
OpenZFS data-driven performanceahl0003
 
Comparison of-foss-distributed-storage
Comparison of-foss-distributed-storageComparison of-foss-distributed-storage
Comparison of-foss-distributed-storageMarian Marinov
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixThe Linux Foundation
 
OpenZFS send and receive
OpenZFS send and receiveOpenZFS send and receive
OpenZFS send and receiveMatthew Ahrens
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveNeutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveMirantis
 
Setting up mongo replica set
Setting up mongo replica setSetting up mongo replica set
Setting up mongo replica setSudheer Kondla
 
On MongoDB backup
On MongoDB backupOn MongoDB backup
On MongoDB backupWilliam Yeh
 
MongoDB Shard Cluster
MongoDB Shard ClusterMongoDB Shard Cluster
MongoDB Shard ClusterAnuchit Chalothorn
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalMichelle Antebi
 
Hands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyHands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyGluster.org
 
Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespacesMike Wilson
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
Vagrant
VagrantVagrant
VagrantDenys Haryachyy
 
MongoDB Backup & Disaster Recovery
MongoDB Backup & Disaster RecoveryMongoDB Backup & Disaster Recovery
MongoDB Backup & Disaster RecoveryElankumaran Srinivasan
 
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...Matthew Ahrens
 
Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeSmall, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeDocker, Inc.
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Michelle Antebi
 
Mongodb backup
Mongodb backupMongodb backup
Mongodb backupDharshan Rangegowda
 
Control your service resources with systemd
Control your service resources with systemd Control your service resources with systemd
Control your service resources with systemd Marian Marinov
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
Building a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitchBuilding a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitchGoran Cetusic
 
Assange & Snowden
Assange & SnowdenAssange & Snowden
Assange & SnowdenPearlyn Low
 
Alumni from snowden
Alumni from snowdenAlumni from snowden
Alumni from snowdenNEOA
 

More Related Content

What's hot

XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixThe Linux Foundation
 
OpenZFS send and receive
OpenZFS send and receiveOpenZFS send and receive
OpenZFS send and receiveMatthew Ahrens
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveNeutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveMirantis
 
Setting up mongo replica set
Setting up mongo replica setSetting up mongo replica set
Setting up mongo replica setSudheer Kondla
 
On MongoDB backup
On MongoDB backupOn MongoDB backup
On MongoDB backupWilliam Yeh
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalMichelle Antebi
 
Hands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyHands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyGluster.org
 
Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespacesMike Wilson
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...Matthew Ahrens
 
Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeSmall, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeDocker, Inc.
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Michelle Antebi
 
Control your service resources with systemd
Control your service resources with systemd Control your service resources with systemd
Control your service resources with systemd Marian Marinov
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
Building a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitchBuilding a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitchGoran Cetusic
 

What's hot (20)

XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
 
OpenZFS send and receive
OpenZFS send and receiveOpenZFS send and receive
OpenZFS send and receive
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveNeutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep Dive
 
Setting up mongo replica set
Setting up mongo replica setSetting up mongo replica set
Setting up mongo replica set
 
On MongoDB backup
On MongoDB backupOn MongoDB backup
On MongoDB backup
 
MongoDB Shard Cluster
MongoDB Shard ClusterMongoDB Shard Cluster
MongoDB Shard Cluster
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pc
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
 
Hands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyHands On Gluster with Jeff Darcy
Hands On Gluster with Jeff Darcy
 
Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespaces
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Vagrant
VagrantVagrant
Vagrant
 
MongoDB Backup & Disaster Recovery
MongoDB Backup & Disaster RecoveryMongoDB Backup & Disaster Recovery
MongoDB Backup & Disaster Recovery
 
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...
Improving the ZFS Userland-Kernel API with Channel Programs - BSDCAN 2017 - M...
 
Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeSmall, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the Microscope
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
 
Mongodb backup
Mongodb backupMongodb backup
Mongodb backup
 
Control your service resources with systemd
Control your service resources with systemd Control your service resources with systemd
Control your service resources with systemd
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Building a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitchBuilding a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitch
 

Viewers also liked

Assange & Snowden
Assange & SnowdenAssange & Snowden
Assange & SnowdenPearlyn Low
 
Alumni from snowden
Alumni from snowdenAlumni from snowden
Alumni from snowdenNEOA
 
Seen at InfoSec Europe 2015: Spot your Snowden!
Seen at InfoSec Europe 2015: Spot your Snowden!Seen at InfoSec Europe 2015: Spot your Snowden!
Seen at InfoSec Europe 2015: Spot your Snowden!John Wallix
 
The Post Snowden World One Year Later: What Has Changed?
The Post Snowden World One Year Later: What Has Changed?The Post Snowden World One Year Later: What Has Changed?
The Post Snowden World One Year Later: What Has Changed?Christian Dawson
 
Bus snowden presentation
Bus snowden presentationBus snowden presentation
Bus snowden presentationCJW78755
 
Take Back Control in a Post-Snowden World
Take Back Control in a Post-Snowden WorldTake Back Control in a Post-Snowden World
Take Back Control in a Post-Snowden WorldHyun Seo
 
Using a memory stick - in the 6 Hats style
Using a memory stick - in the 6 Hats styleUsing a memory stick - in the 6 Hats style
Using a memory stick - in the 6 Hats styleDamian T. Gordon
 
Databases: Backup and Recovery
Databases: Backup and RecoveryDatabases: Backup and Recovery
Databases: Backup and RecoveryDamian T. Gordon
 
Snowden creates new headache Arise Roby
Snowden creates new headache Arise RobySnowden creates new headache Arise Roby
Snowden creates new headache Arise RobyArise Roby
 
Snowden-final-report-for-publication
Snowden-final-report-for-publicationSnowden-final-report-for-publication
Snowden-final-report-for-publicationZarte Siempre
 
Cyber after Snowden (OA Cyber Summit)
Cyber after Snowden (OA Cyber Summit)Cyber after Snowden (OA Cyber Summit)
Cyber after Snowden (OA Cyber Summit)Open Analytics
 
Edward joseph snowden
Edward joseph snowdenEdward joseph snowden
Edward joseph snowdenCelina Anctil
 
Snowden's NBC (Anons vs. GCHQ)
Snowden's NBC (Anons vs. GCHQ)Snowden's NBC (Anons vs. GCHQ)
Snowden's NBC (Anons vs. GCHQ)Dedalo-SB
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowdenblogzilla
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Andrew Schwabe
 

Viewers also liked (20)

Assange & Snowden
Assange & SnowdenAssange & Snowden
Assange & Snowden
 
Alumni from snowden
Alumni from snowdenAlumni from snowden
Alumni from snowden
 
Seen at InfoSec Europe 2015: Spot your Snowden!
Seen at InfoSec Europe 2015: Spot your Snowden!Seen at InfoSec Europe 2015: Spot your Snowden!
Seen at InfoSec Europe 2015: Spot your Snowden!
 
The Post Snowden World One Year Later: What Has Changed?
The Post Snowden World One Year Later: What Has Changed?The Post Snowden World One Year Later: What Has Changed?
The Post Snowden World One Year Later: What Has Changed?
 
Bus snowden presentation
Bus snowden presentationBus snowden presentation
Bus snowden presentation
 
Take Back Control in a Post-Snowden World
Take Back Control in a Post-Snowden WorldTake Back Control in a Post-Snowden World
Take Back Control in a Post-Snowden World
 
Introduction to HTML
Introduction to HTMLIntroduction to HTML
Introduction to HTML
 
Using a memory stick - in the 6 Hats style
Using a memory stick - in the 6 Hats styleUsing a memory stick - in the 6 Hats style
Using a memory stick - in the 6 Hats style
 
Databases: Backup and Recovery
Databases: Backup and RecoveryDatabases: Backup and Recovery
Databases: Backup and Recovery
 
Snowden creates new headache Arise Roby
Snowden creates new headache Arise RobySnowden creates new headache Arise Roby
Snowden creates new headache Arise Roby
 
Software Testing 5/5
Software Testing 5/5Software Testing 5/5
Software Testing 5/5
 
Snowden-final-report-for-publication
Snowden-final-report-for-publicationSnowden-final-report-for-publication
Snowden-final-report-for-publication
 
Cyber after Snowden (OA Cyber Summit)
Cyber after Snowden (OA Cyber Summit)Cyber after Snowden (OA Cyber Summit)
Cyber after Snowden (OA Cyber Summit)
 
Software Testing 3/5
Software Testing 3/5Software Testing 3/5
Software Testing 3/5
 
Edward joseph snowden
Edward joseph snowdenEdward joseph snowden
Edward joseph snowden
 
Snowden's NBC (Anons vs. GCHQ)
Snowden's NBC (Anons vs. GCHQ)Snowden's NBC (Anons vs. GCHQ)
Snowden's NBC (Anons vs. GCHQ)
 
How to Program
How to ProgramHow to Program
How to Program
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
From Orwell to Snowden
From Orwell to SnowdenFrom Orwell to Snowden
From Orwell to Snowden
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
 

Similar to Keeping your files safe in the post-Snowden era with SXFS

LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORVanika Kapoor
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linuxQIANG XU
 
Nodejs a-practical-introduction-oredev
Nodejs a-practical-introduction-oredevNodejs a-practical-introduction-oredev
Nodejs a-practical-introduction-oredevFelix Geisendörfer
 
Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Joe Arnold
 
Mathematics Graduate Student Seminar
Mathematics Graduate Student Seminar Mathematics Graduate Student Seminar
Mathematics Graduate Student Seminar Jon Ernstberger
 
NCSU MGSA Unix Presentation
NCSU MGSA Unix PresentationNCSU MGSA Unix Presentation
NCSU MGSA Unix PresentationJon Ernstberger
 
Containerized Data Persistence on Mesos
Containerized Data Persistence on MesosContainerized Data Persistence on Mesos
Containerized Data Persistence on MesosJoe Stein
 
Node.js - A practical introduction (v2)
Node.js - A practical introduction (v2)Node.js - A practical introduction (v2)
Node.js - A practical introduction (v2)Felix Geisendörfer
 
WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!Sysdig
 
GlusterFS Update and OpenStack Integration
GlusterFS Update and OpenStack IntegrationGlusterFS Update and OpenStack Integration
GlusterFS Update and OpenStack IntegrationEtsuji Nakai
 
Docker introduction
Docker introductionDocker introduction
Docker introductionLayne Peng
 
Multitenancy: Kafka clusters for everyone at LINE
Multitenancy: Kafka clusters for everyone at LINEMultitenancy: Kafka clusters for everyone at LINE
Multitenancy: Kafka clusters for everyone at LINEkawamuray
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Partner S.A.
 
Big Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosBig Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosHeiko Loewe
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefMatt Ray
 

Similar to Keeping your files safe in the post-Snowden era with SXFS (20)

LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
 
Top ESXi command line v2.0
Top ESXi command line v2.0Top ESXi command line v2.0
Top ESXi command line v2.0
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
 
Nodejs a-practical-introduction-oredev
Nodejs a-practical-introduction-oredevNodejs a-practical-introduction-oredev
Nodejs a-practical-introduction-oredev
 
Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012
 
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
 
Mathematics Graduate Student Seminar
Mathematics Graduate Student Seminar Mathematics Graduate Student Seminar
Mathematics Graduate Student Seminar
 
NCSU MGSA Unix Presentation
NCSU MGSA Unix PresentationNCSU MGSA Unix Presentation
NCSU MGSA Unix Presentation
 
Containerized Data Persistence on Mesos
Containerized Data Persistence on MesosContainerized Data Persistence on Mesos
Containerized Data Persistence on Mesos
 
Node.js - A practical introduction (v2)
Node.js - A practical introduction (v2)Node.js - A practical introduction (v2)
Node.js - A practical introduction (v2)
 
WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!
 
GlusterFS Update and OpenStack Integration
GlusterFS Update and OpenStack IntegrationGlusterFS Update and OpenStack Integration
GlusterFS Update and OpenStack Integration
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Multitenancy: Kafka clusters for everyone at LINE
Multitenancy: Kafka clusters for everyone at LINEMultitenancy: Kafka clusters for everyone at LINE
Multitenancy: Kafka clusters for everyone at LINE
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
 
Erlang on OSv
Erlang on OSvErlang on OSv
Erlang on OSv
 
LXC
LXCLXC
LXC
 
Big Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosBig Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and Mesos
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 

Recently uploaded

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Keeping your files safe in the post-Snowden era with SXFS

  • 1. Keeping your files safe in the post-Snowden era with SXFS
  • 2. Never trust anyone… • Client side encryption • Secure transfer • Fault tolerance But keep it all easy!
  • 3. All-in-one solution Encrypted filesystem backed by SX object storage Licence: GPLv2 $ git clone http://git.skylable.com/sx
  • 5. • FUSE API implementation • Files are mapped to remote objects • Task queuing • Transfer resumes User interaction
  • 6. • Files are divided into same sized blocks • Parallel block transfers • Consistent hashing Data transfer Only encrypted data is sent!
  • 7. • AES 256 CBC + HMAC • Deduplication on a file level • Filename and file size encryption Client-side encryption FULLY DENIABLE!
  • 11. Officially part of : • Fedora • Debian / Ubuntu • Gentoo Coming soon: • CentOS SIG • MacOSX Mac Ports Supported platforms
  • 12. Fedora: yum install skylable-sx Debian / Ubuntu: apt-get install sx Gentoo: emerge net-misc/sx Installation
  • 13. rpm-based: yum install libcurl-devel zlib-devel nss- devel openssl-devel fuse-devel deb-based: apt-get install libssl-dev libcurl4-openssl- dev libz-dev libfuse-dev $ wget http://cdn.skylable.com/source/sx-2.0.tar.gz $ tar xvzf sx-2.0.tar.gz $ cd sx-2.0 $ ./configure && make && sudo make install From source
  • 15. sx@node1 # sxsetup Enter the cluster name (use the same across all nodes: sx.foo.com Path to SX storage[default=/var/lib/sxserver]: <ENTER> Maximum size: 1T Enter the IP address of this node: 192.168.10.1 Is this the first node of a new cluster? (Y/n) <ENTER> Is this correct? (Y/n) <ENTER> sx@node1 # sxsetup
  • 16. $ sxacl useradd john@foo.com sx://admin@sx.foo.com Enter password for user 'john@sx.foo.com’ Enter password: Re-enter password: User successfully created! $ sxvol create -o john@foo.com -s 100G -r 1 -f aes256 sx://admin@sx.foo.com/vol-john Volume 'vol-john' (replica: 1, size: 100G, max- revisions: 1) created. Create a user and a volume
  • 18. $ sxinit sx://sx.foo.com $ mount –t fuse.sxfs –o use_queues sx://sx.foo.com/your-vol /mountpoint fstab example: sx://sx.foo.com/your-vol /mountpoint fuse.sxfs _netdev,fsname=sxfs,use_queues,allow_other 0 0 Linux and MacOSX
  • 19. If you liked SXFS you might also like…
  • 20. Like OwnCloud but with client-side encryption. Available for: www.sxdrive.io
  • 21.
  • 22. Robert Wojciechowski & Jakub Chyłkowski follow @skylable www.sxfs.io/faq
  • 23. No single point of failure Choose your replica level Fully distributed
  • 24. Need more speed? Add more nodes. Need more space?Add more nodes. Join more nodes
  • 25. sx@node2 # sxsetup Enter the cluster name: sx.foo.com Path to SX storage [default=/var/lib/sxserver]: <ENTER> Maximum size: 1T Enter the IP address of this node [default=192.168.10.2]: <ENTER> Is this the first node of a new cluster? (Y/n) n Please provide the IP address of a working node in 'sx.foo.com'. IP address: 192.168.10.1 Admin key or path to key-file [default=]: 0DPiKuNIrrVmD8IUCuw1hQxNqZcVPDD82Gkq7PMFYpk3qA8ddxxxxxxx Is this correct? (Y/n) <ENTER> Server certificate: SHA1 fingerprint: 198b0ce5161757ea9bc83fc77627eb8c0958d591 Do you trust this SSL certificate? [y/N] y sx@node2 # How to join more nodes