We mostly talk about technical details of a certain server or setting.
Today we (small university) have had a final discussion about how to combine role based user management, secure filer services (SMB) and external internet access via secure ftp or preferable https with "a real simple" setup and management and relatively low costs.
Background is the demand (EU) for datasecurity with protection against ransomware, readonly versioning, encryption of filer and backup and role based access control. Additionally there are demands for data privacy according to DSGVO, the european General Data Protection Regulation (GDPR) as we need to process personal data. This excludes per se (cloud) services outside EU. Even educational cloud offerings like BW Sync and Share (Nextcloud, BW/Germany) excludes personal data processing in their terms, propably due the required control contracts and because Cloudservices like Nextcloud offers an access by email-Link, a NoGo for personal data.
The rolebased usermanagement part is easy: Windows Active Directory. The storage part as well. ZFS offers all what is needed and now even the encryption part. ZFS on Solarish additionally offers the "it just works", perfect Windows AD integration with Windows ntfs alike permissions and sid (permissions remain intact after a pool move/restore), Windows groups (allows groups in groups) and Snaps as pervious versions, all working without without hassles out of the box.
The biggest problem was Internet access. The usual Cloud options were a horror to setup with AD and external filer access or simply not acceptable due access options without authorisation and authentication (Access by mail-link is a NoGo).
We now finally decided to use the Titan sft server. This is a Windows application with perfect Windows AD integration for secure ftp and https. You login with an AD account and can access folders on a ZFS filer fully transparent regaring Windows AD permissions. The offered folders are group or user dependent. Folders are only shown when you have access, simply a perfect combo.
Costs:
Windows AD server (depends on number of users)
Solaris/ OmniOS ZFS filer (depends on capacity and optional support contract)
Titan SFTP with https around 2000 Euro + 500 Euro support/year (+ a Windows license)
The best:
Ultra-Low complexity on setup + management, really a dream combo.
(When you can setup AD, Titan and ZFS filer is much easier to setup than AD)
http://napp-it.org/doc/downloads/dreamteam.pdf
Today we (small university) have had a final discussion about how to combine role based user management, secure filer services (SMB) and external internet access via secure ftp or preferable https with "a real simple" setup and management and relatively low costs.
Background is the demand (EU) for datasecurity with protection against ransomware, readonly versioning, encryption of filer and backup and role based access control. Additionally there are demands for data privacy according to DSGVO, the european General Data Protection Regulation (GDPR) as we need to process personal data. This excludes per se (cloud) services outside EU. Even educational cloud offerings like BW Sync and Share (Nextcloud, BW/Germany) excludes personal data processing in their terms, propably due the required control contracts and because Cloudservices like Nextcloud offers an access by email-Link, a NoGo for personal data.
The rolebased usermanagement part is easy: Windows Active Directory. The storage part as well. ZFS offers all what is needed and now even the encryption part. ZFS on Solarish additionally offers the "it just works", perfect Windows AD integration with Windows ntfs alike permissions and sid (permissions remain intact after a pool move/restore), Windows groups (allows groups in groups) and Snaps as pervious versions, all working without without hassles out of the box.
The biggest problem was Internet access. The usual Cloud options were a horror to setup with AD and external filer access or simply not acceptable due access options without authorisation and authentication (Access by mail-link is a NoGo).
We now finally decided to use the Titan sft server. This is a Windows application with perfect Windows AD integration for secure ftp and https. You login with an AD account and can access folders on a ZFS filer fully transparent regaring Windows AD permissions. The offered folders are group or user dependent. Folders are only shown when you have access, simply a perfect combo.
Costs:
Windows AD server (depends on number of users)
Solaris/ OmniOS ZFS filer (depends on capacity and optional support contract)
Titan SFTP with https around 2000 Euro + 500 Euro support/year (+ a Windows license)
The best:
Ultra-Low complexity on setup + management, really a dream combo.
(When you can setup AD, Titan and ZFS filer is much easier to setup than AD)
http://napp-it.org/doc/downloads/dreamteam.pdf
Last edited:
