Twitter Updates

    follow me on Twitter

    Wednesday, May 6, 2009

    Cloud File Storage Solution




    As a follow-up to my last post, I have been looking at what solution would provide the most secure, extensible, and easy-to-use solution to storing documents online for small businesses. Here is what I have come up with to this point.

    Most solutions that I have seen or read about involve either implementing WebDAV, custom web service-based API's, or a combination of the two. They both have their advantages and disadvantages:

    WebDAV
    Advantages are that no custom development is required on the protocol side, it's a widely-used standard, so it would be interoperable with many systems and clients, and it is easily secured.

    It is an interesting solution because, as it's named Web-based Distributed Authoring and Versioning, it was intended for content-management systems but appears to have been extended to general file-storage. Therefore, it may not have the complete feature-set that is required by users when storing and sharing their files.

    Custom APIs
    Custom APIs definitely have the advantage that you can program them to do anything you want without breaking a standard like WebDAV. However, the upfront and maintenance costs may be prohibitive and anything you develop would not be interoperable with other systems.

    The Solution
    So, looking at these two options, I would opt for WebDAV. For a proper solution, it would have the following requirements:
    1. Be Secure
    • SSL-based transport
    • Strong Authentication
    • Encrypted on disk
    2. Integrate with daily usage
    • Be mountable as a drive in Windows
    • Synchronize automatically (assuming local file cache)
    • Automatically mount without user interaction
    3. Be Searchable
    • Search is where it's at. Perhaps a local searchable index would be a solution to this requirement.
    The authentication is a large requirement and from what I can tell, most providers are simply using password-based authentication. I think that to be truly secure, the authentication must be certificate-based. That would help make it more seamless, too because the user would not have to necessarily enter a password. The simple presence of the certificate would provide strong evidence that the user (or the user's machine) has access to the files. Obviously, certificate plus password would provide the strongest level of authentication being that it is two-factor.

    So, what I am thinking is this:
    • WebDAV-based solution with Apache, mod_ssl (for secure transport and authentication), mod_dav (for WebDAV support)
    • Client-based certificate for machine-based authentication
    • Ability to mount the system as a drive
    • Local Index for search
    • Optionally, a web-based console for remote file access
    Other "wish list" items may include:
    • Ability to share documents, or a subset of documents with partners. They could access the system web-based using short-term certificates.
    • Local file cache to optimize speed.
    • A device that plugs into a local network that handles all of the above functionality and presents a file share. This is where the rubber hits the road!
    I would be interested to hear what others think on this topic. Be it requirements, possible solutions, or experience with these solutions.

    No comments:

    Post a Comment