Category: Presentation Report

Presentation Report – Western Digital RED Series NAS hard disks

On Tuesday 29 July, I had attended a Western Digital reseller presentation where WD were premiering their latest additions to the Red Series hard-disk range for NAS units. These are the WD Red Pro series that are pitched at heavy-duty applications centred around the many-bay units that can be mounted in a 19″ standard equipment rack as well as variants of the WD Red range that have 5 Terabyte and 6 Terabyte capacities.

The increasing relevance of the network-attached storage unit

D-Link DNS-320L 2-bay NAS

D-Link DNS-320L 2-bay NAS

A device that is appearing in more home and small-business networks is the network-attached-storage unit. This is a dedicated unit that shares data held on at least one hard disk across a network.

But increasingly these devices are being able to do more than this due to the vendors marketing their NAS units as a “platform” with a plethora of apps developed or ported by the vendor for these devices. This is augmented by an increasing number of manufacturers who are integrating the kind of processors used in regular-computing or enterprise-grade server applications in these devices, some of which you could describe as being like a compact desktop PC.

They are increasingly relevant in the small-business scene where they can serve as a backup location or central storage for that business’ computers. An increasing number of these units can implement “virtualization” where they can work as one or more different computer systems. As well, platform-based NAS units offer applications like video-surveillance recording, digital signage, and enterprise-grade “advanced-storage” setups like iSCSI or SAN. For that matter, some of the high-end desktop NAS units can be purposed as branch-level “on-ramps” for a full-blown enterprise-wide computing setup.

ASUSTor AS-204TE 4-bay NAS with WD Red 6Tb hard disk

ASUSTor AS-204TE 4-bay NAS – “Data central” for a small business

A few creative-skills professionals appeared at this presentation to demonstrate how the NAS fits in to their trade. In most of these cases, these users store only the data they need to work with at a given moment on their iMac’s main hard disk and keep the rest of the data on a NAS. As well, the units even serve as central content libraries for raw material or finished projects. This appeals very strongly to multi-person projects like film and video work where version-control is important.

But, in the home, they are appealing as systems to hold your audio, video or image content and make it available to network-capable AV devices. As well, most NAS vendors are pitching these systems as a “personal cloud” that is an alternative to services like Dropbox or OneDrive. As I have mentioned before, vendors are offering DVR abilities so that customers can connect the NAS to a USB digital-TV tuner module or broadcast-LAN unit to make it become the equivalent of a TiVo.

Making the NAS appeal to “Average Joe”

QNAP TS-251 2-bay NAS

QNAP TS-251 2-bay NAS

One of WD’s representatives found that there is a problem with selling a NAS in a “big-box” store like Harvey Norman or JB Hi-Fi. Here it is about identifying the value that these devices have for the average “Joe in the suburbs” who is content with using a USB external hard disk as a backup or offload tool for their home computer. Typically the home network is implemented by these users just to facilitate Internet access and, perhaps, share a printer.

What needs to happen to make the NAS appeal to “Joe in the suburbs” is that a NAS makes more sense as an always-available content library or data store, especially if you have or intend to buy another computer, a mobile device like an iPad or network-capable AV equipment including most recent games consoles or smart TVs. A good question to address is the number of digital pictures you take or hours of digital video footage you make and the number of CDs you rip or digital music files you buy from iTunes and similar services and how you can make them available around the home.

As well, one or more legitimate “download-to-own” video-content services that can allow you to store your movies that you downloaded to a NAS can legitimize the value prospect of these devices to “Average Joe”.

WD internal hard-disk lineup and the RED Series

What has happened over the last few years is that WD have re-factored their regular-duty computer hard disk lineup in to distinct ranges denoted by colour as shown below:

Colour Purpose
Blue Everyday-use hard disks that satisfy most computing tasks – the typical “system drive” for a computer which would be represented by C: in DOS/Windows
Green Capacity – this is where the user places importance on how much data the hard disk is to carryThese may represent external hard disk applications or the extra hard disks fitted inside desktop computers for user data
Black Performance – The V8 of the range.This is where quick response is required such as workstation applications or “gaming rigs”
Red NAS – optimized for single-bay or multi-bay network-attached-storage devices which are always on and having to handle data at a moment’s notice
Purple Surveillance – optimized for digital video recorders that are part of closed-circuit TV setups. Focused more on writing continuous streams of data but with occasional read needs

 

This kind of product lineup avoids the practice where most user-installable desktop hard disks are sold to users as a “jack of all trades” basis without awareness of disks that are optimized for particular data-storage needs. For example, a person who is running that “ultimate gaming rig” to impress others at the LAN party would be after something that is about performance whereas a NAS or server user is after something that is about consistent reliable operation for something that is always available.

What are the WD Red Series hard disks and what makes them special

One of the many business-class "pizza box" NAS units that works with the WD Red Pro hard disk

One of the many business-class “pizza box” NAS units that works with the WD Red Pro hard disk

WD were the first company to develop and launch a hard disk that is optimized for the operating conditions that a network-attached storage device will throw at it. Previously, a NAS used regular desktop hard disks as its storage and these disks were seen more as a “jack of all trades, master of none” when it came to network storage requirements.

The key features for this range include:

  • Compatibility with the different operating conditions that different vendors’ NAS units will throw at the system. This includes dealing with different power-supply conditions, the hardware interfaces used in the NAS units or how they present to the software that is used in these devices.
  • Always-on reliability. The typical network-attached storage system is expected to be on all the time, ready to serve data when needed and is often seen as being “Data Central” for the home or business network. Here, these hard disks are expected to be spinning. It includes the provision of NASAware firmware on the hard disks to deal with situations like power loss or power disruption that can affect system reliability.
  • RAID-friendly design. WD have factored in vibration-control measures in order to cope with the typical multi-bay RAID-capable NAS. This is because with many hard disks in close physical proximity to each other, there is increased vibration when the NAS is moving data to multiple disks at the same time such as “mirroring” data across multiple disks. The RED series implement software or hardware measures to counteract the effects of continued vibration that occurs in these setups.
    As well this design also is supported with hard-disk firmware that can assure proper error recovery in the many-disk RAID arrays used in these devices thus avoiding the risk of underperforming RAID setups.
  • Power flexibility and efficiency. The WD RED series of NAS hard drives are optimized for varying power conditions that can be thrown at them, such as when a multi-bay NAS is being started or for different NAS units that have different power-supply characteristics. This also includes being designed for power efficiency in an always-on environment, even though most recent desktop NAS units implement on-demand “spin-up / spin-down” measures to save energy.
WD MyCloud EX4, WD MyCloud EX2, WD Red 6Tb hard disk

WD MyCloud EX Series NAS units able to benefit from the 6Tb WD Red

The newly-released 5Tb and 6Tb capacities appeal to all NAS designs in a lot of ways. For example, you could set up a 6Tb single-disk NAS or use two of the 6Tb hard disks in a dual-disk NAS configured for RAID 1 to have a fail-safe 6Tb data volume that can also handle higher data throughputs. You could even run up to 24Tb in a four-bay NAS or 30Tb in a five-bay NAS, including implementing various RAID data-replication setups for fail-safe or high-throughput operation.

Even the way the hard drives are designed have an efficiency and density advantage over the competition. For example, the 6Tb drives maintain 5 platters with 1.2Tb per platter rather than 6 platters with 1Tb per platter. This means that there isn’t much mechanical effort needed on the spindle motor to spin up the disk. As well, the drive housing can fit in to most NAS drive bays without being unnecessarily stout. They also maintain a 64Mb local hardware cache for improved operation efficiency.

The new WD Red Pro lineup

This lineup of NAS hard disks is optimized for the rack-mount large-business-class NAS system and is built towards higher performance and reliability in these many-bay systems. These would be able to handle a greater workload, which would be representative of a larger high-traffic business. Some people have put forward questions about using one of these hard disks in a small desktop NAS but it wasn’t found to be worth it for the kind of use that this class of NAS would typically be put to. But on the other hand, I would see them as being of use with the smaller units that serve branch-based “on-ramp” applications for enterprise data infrastructures.

Using the WD Red or the WD Purple disks for video-surveillance applications

QNAP TS-EC880U-RP pizza box NAS with WD Red Pro hard disk

QNAP TS-EC880U-RP business-class “pizza box” NAS that works with the WD Red Pro hard disk

Some questions were raised about implementing WD Purple hard disks in a regular NAS that was running one of the video-surveillance apps offered by the vendor as part of their application platform. The WD presenters recommended that the WD Purple disks go in dedicated DVR equipment that is optimized for the task rather than NAS units running these platform apps. Instead, they recommended the use of WD Red disks in these “NAS+software” setups, more likely because the NAS may be tasked to do other network-storage activities like being “Data Central”.

Can my NAS handle 6-Terabyte disks

A situation that one can easily run into with any computing equipment is that the equipment’s operating system or firmware can impose an arbitrary limit on the size of storage media. Here, if you supply storage media that is greater than this maximum allowed in this software, the software could throw up errors or simply fail because it can’t address all of the storage media’s useable capacity. This problem shows up when storage-media manufacturers release higher-capacity media after the software was “set in stone”.

For example, the older versions of MS-DOS and some other desktop operating systems couldn’t handle large capacity hard disks as a single logical volume. So computer users had to partition larger-capacity hard disks in to multiple logical volumes in order to make use of this space. As well, I had used an older digital camera that worked with SmartMemory cards and couldn’t use newer higher capacities of these cards. Here, I had to look around for cards of a particular capacity to keep as “spare film” for the camera.

Most of the NAS platforms can support this capacity out of the box or may require you to wait on an interim update for the new capacities to be supported. WD have provided a compatibility list which allows you to find what of the WD Red range can be supported by your NAS box. This includes issues like maximum capacities that these systems have. It is also worth checking on the vendor’s Web site for newer or impending software updates.

Conclusion

If you are thinking of buying an enclosure-only NAS or “upsizing” your existing NAS, you can head towards the newer 5Tb or 6Tb disks that WD offers for increased capacity. As well, your heavy-duty many-bay business-grade NAS can be treated to the WD Red Pro disks that are appropriate to its usage nature and performance level.

Interview and Presentation–Security Issues associated with cloud-based computing

Introduction

Alastair MacGibbon - Centre For Internet Safety (University of Canberra)

Alastair MacGibbon – Centre For Internet Safety (University of Camberra)

I have been invited to do an interview with Alastair MacGibbon of Centre For Internet Safety (University Of Canberra) and Brahman Thiyagalingham of SAI Global who is involved in auditing computing service providers for data security compliance.

This interview and the presentation delivered by Alastair which I attended subsequently is about the issue of data security in the cloud-driven “computing-as-a-service” world of information technology.

Cloud based computing

We often hear the term “cloud computing” being used to describe newer outsourced computing setups, especially those which use multiple data centers and servers. But, for the context of this interview, we use this term to cover all “computing-as-a-service” models that are in place.

Brahman Thyagalingham - SAI Global

Brahman Thyagalingham – SAI Global

These “cloud-based computing” setups are in use by every consumer and business owner or manager as they go through their online and offline lives. Examples of these include client-based and Web-based email services, the Social Web (Facebook, Twitter, etc), photo-sharing services and online-gaming services. But it also encompasses systems that are part of our everyday lives like payment for goods and services; the use of public transport including air travel; as well as private and public medical services.

This is an increasing trend as an increasing number of companies offer information solutions for our work or play life that are dependent on some form of “computing-as-a-service” backend. It also encompasses building control, security and energy management; as well as telehealth with these services offered through the use of outsourced backend servers.

Factors concerning cloud-based computing and data security

Risks to data

There are many risks that can affect data in cloud-based computing and other “computing-as-a-service” setups.

Data theft

The most obvious and highly-publicised risk is threats to data security. This can come in the form of the computing infrastructure being hacked including malware attacks on client or other computers in the infrastructure to social-engineering attacks on the service’s participants.

A clear example of this were the recent attacks on Sony’s online gaming systems like the PlayStation Network. Here, there was a successful break-in in April which caused Sony to shut down the PlayStation Network and Qriocity for a month. Then, a break-in attempt on many of the PlayStation Network accounts had taken place this week ending 13 October 2011.

The attack on data isn’t just by lonely script kiddies anymore. It is being performed by organised crime; competitors engaging in industrial espionage and nation states engaging in economic or political espionage. The data that is being stolen is identities of end-users; personal and business financial data; and business intellectual property like customer information, the “secret sauce” and details about the brand and image.

Other risks

Other situations can occur that compromise the integrity of the data, For example, a computing service provider could become insolvent or change ownership. This can affect the continuity of the computing service and the availability of the data on the systems. It also can affect who owns the actual data held in these systems.

Another situation can occur if there is a system or network breakdown or drop in performance. This may be caused by a security breach; but can be caused by ageing hardware and software or, as I have seen more recently, an oversubscribed service where there is more demand than the service can handle. I have mentioned this latest scenario in HomeNetworking01.info in relation to Web-based email providers like Gmail becoming oversubscribed and performing too slowly for their users.

Common rhetoric delivered to end-users of computing services

The industry focuses the responsibility of data security for these services on to the end-users of the services.

Typically the mantra is to keep software on end computers (including firmware on dedicated devices) up-to-date; develop good password habits by using strong passwords that are regularly changed and not visible to others; and make backup copies of the data.

New trends brought on by the Social Web

But there are factors that are being undone by the use of the Social Web. One is the use of password-reset questions and procedures that are based on factors known to the end user. Here, the factors can be disclosed by crawling data left available on social-networking sites, blogs and similar services.

Similarly, consumer sites like forums, and comment trees are implementing single-sign-on setups that use credential pools hosted by other services popular to consumers; namely Google, Facebook and Windows Live. This also extends to “account-tying” by popular services so that you are logged on to one service if you are logged on to another. These can create a weaker security environment and aren’t valued by companies like banks which hold high-stakes data.

The new direction

As well, it has been previously very easy for a service provider to absolve themselves of the responsibility they have to their users and the data they create. This has been through the use of complex legalese in their service agreements that users have to assent to before they sign up to the service.

Now the weight for data security is now being placed primarily on the service providers who offer these services to the end users rather than the end users themselves. Even if the service provider is providing technology to facilitate another organisation’s operations, they will have to be responsible for that organisation’s data and the data stream created by the organisation’s customers.

Handling a data break-in or similar incident

Common procedures taken by service providers

A typical procedure in handling a compromised user account is that the account is locked down by the service provider. The user is then forced to set a new password for that account. In the case of banking and other cards that are compromised, the compromised account cards would be voided sot that retailers or ATMs seize them and the customer would be issued with a new card and have to determine a new PIN.

The question that was raised in the interview and presentation today is what was placed at risk during the recent Sony break-ins. The typical report was that the customers’ login credentials were compromised, with some doubtful talk about the customers’ credit-card and stored-value-wallet data being at risk.

Inconsistent data-protection laws

One issue that was raised today was inconsistent data-protection laws that were in place across the globe. An example of this is Australia – the “She’ll Be Right” nation. Compared to the USA and the UK, Australians don’t benefit from data-protection laws that require data-compromise disclosure.

What is needed in a robust data-compromise-disclosure law or regulation is for data-security incidents to the disclosed properly and promptly to the law-enforcement authorities and the end-users.

This should cover what data was affected, which end-users were placed at risk by the security breach, when the incident took place and where it took place

International issues

We also raised the issue of what happens if the situation crosses national borders. Here nations would have to set out practices in handling these incidents.

It may be an issue that has to evolved in the similar way that other factors of international law like extradition, international child-custody/access, and money-laundering have evolved.

Use of industry standards

Customers place trust in brands associated with products and services. The example that we were talking about with the Sony data breach was the Sony name has been well-respected for audio-visual electronics since the 1960s. As well, the PlayStation name was a brand of respect associated with a highly-innovative electronic gaming experience. But these names were compromised in the recent security incidents.

There is a demand for standards that prove the ability for a computing service provider to provide a stable proper secure computing service. Analogies that we raised were those standards that were in place to assure the provision of safe goods like those concerning vehicle parts like windscreens or those affecting the fire-safety rating of the upholstered furniture and soft-furnishings in the hotel that we were in during the afternoon.

Examples of these are the nationally-recognised standards bodies like Standards Australia, British Standards Institute and Underwriters Laboratories. As well there have been internationally-recognised standards bodies like the International Standards Organisation; and industry-driven standards groups like DLNA.

The standards we were focusing on today were the ISO 27001 which covers information security and the ISO 20000 which covers IT service management.

Regulation of standards

Here, the government regulators need to “have teeth” when it comes to assuring proper compliance. This includes the ability to issue severe fines against companies who aren’t handling the data breaches responsibly as well as mitigation of these fines for companies who had an incident but had audited compliance to the standards. This would be demonstrated with evidence of compliant workflow through their procedures, especially through the data incident.

As well, Brahmin had underscored the need for regular auditing of “computing as a service” providers so they can prove to customers and end users that they have procedures in place to deal with data incidents.

I would augment this with the use of a customer-recognisable distinct “Trusted Computing Service Provider” logo that can only be used if the company is compliant the the standards in their processes. The logo would be promoted with a customer-facing advertising campaign that promotes the virtues of buying serviced computing from a compliant provider. This would be the “computing-as-a-service” equivalent of the classic “Good Housekeeping Seal” that was used for food and kitchen equipment in the USA,

Conclusion

What I have taken from this event is that the effort for maintaining a secure computing service is now moving away from the customer who uses the service towards the provider who provides the service. As well, there is a requirement to establish and enforce industry-recognised standards concerning the provision of these services.