Aetherstore in the real world
-
Posted this in the wrong section, mods please move
-
It has worked quite well for me in my lab environment. It makes an excellent storage mechanism for ISO images, installer files, and backups. I had to shut it down for a while, but they have also had a couple of releases since I last used it. The Write speed is slow when copying in large files, such as ISO images and backups. Much of that was likely my test lab as well.
If you haven't had a chance to test it out, it is DEFINITELY worth a look. It has proven quite useful. It handled machine outages just fine. If you have 4 nodes and 1 goes offline (example), the system will switch to read only... When that one comes back online, it calls home, and everything switches back to read/write (this of course, is an oversimplification).
-
Thanks for getting in touch on SW, @Breffni-Potter!
@dafyre is right on, most use AetherStore as a backup target, and the built-in redundancy and self-healing design (data will also automatically be recopied to active nodes when machines turn off) prevent against failure. One way to improve write speeds is increasing the size of the mount node, but we are working on some updates to improve write speed.
To all - feel free to email me ([email protected]) with questions or for trial info! Thanks again @Breffni-Potter & @dafyre!
-
Any other Aetherstore users with feedback/thoughts?
-
@Breffni-Potter said:
Any other Aetherstore users with feedback/thoughts?
Not real world.
-
The production release is extremely recent, so you'll have lots of people who have used it, but very few with time to have implemented in the real world and reported back at this point.
-
Hmm, so using the trial so far.
-
How would we monitor Aetherstore automatically? What if nodes fail/go down? How do you find out? Does it store in windows event logs?
-
How does it protect against cryptolocker and the like? How do you know which nodes are "clean" and which are corrupt?
-
I cannot use Aetherstore dashboard without a license but if I install it onto a different machine, I can immediately manage my existing stores on the network, including choosing a new mount point, am I only allowed to touch stores with the right license key? Or are all stores open to any dashboard manager?
-
-
@Breffni-Potter said:
- How does it protect against cryptolocker and the like? How do you know which nodes are "clean" and which are corrupt?
No, it is a DAS. You need to provide the protection BEFORE you let things access the block storage. This acts just like any SAN would in this scenario.
-
@scottalanmiller said:
@Breffni-Potter said:
- How does it protect against cryptolocker and the like? How do you know which nodes are "clean" and which are corrupt?
No, it is a DAS. You need to provide the protection BEFORE you let things access the block storage. This acts just like any SAN would in this scenario.
But assuming the protection fails (and sometimes they do) - Is the entire pot of data lost in that scenario?
-
@Breffni-Potter said:
@scottalanmiller said:
@Breffni-Potter said:
- How does it protect against cryptolocker and the like? How do you know which nodes are "clean" and which are corrupt?
No, it is a DAS. You need to provide the protection BEFORE you let things access the block storage. This acts just like any SAN would in this scenario.
But assuming the protection fails (and sometimes they do) - Is the entire pot of data lost in that scenario?
Not permanently. The systems all come back online and resync and figure out who has the latest "good" data.
-
@dafyre said:
@Breffni-Potter said:
@scottalanmiller said:
@Breffni-Potter said:
- How does it protect against cryptolocker and the like? How do you know which nodes are "clean" and which are corrupt?
No, it is a DAS. You need to provide the protection BEFORE you let things access the block storage. This acts just like any SAN would in this scenario.
But assuming the protection fails (and sometimes they do) - Is the entire pot of data lost in that scenario?
Not permanently. The systems all come back online and resync and figure out who has the latest "good" data.
So let's assume, Crypto has struck, found the endpoint which had it and shut it down, do the nodes automatically run through that process?
-
@Breffni-Potter said:
@scottalanmiller said:
@Breffni-Potter said:
- How does it protect against cryptolocker and the like? How do you know which nodes are "clean" and which are corrupt?
No, it is a DAS. You need to provide the protection BEFORE you let things access the block storage. This acts just like any SAN would in this scenario.
But assuming the protection fails (and sometimes they do) - Is the entire pot of data lost in that scenario?
Think of it as a RAID array. Technically it is RAIN but they provide the same experience. They are one pool of replicated storage. If you have something get control of the system and encrypt the blocks, they are encrypted. Instant replication everywhere. Same as any SAN, DAS, or RAID array.
Now like RAID, if you had half the drives offline and it happened, maybe you could shut everything down, reverse which drives are online and attempt to recover, but you are into bizarro land there where you would never have been running nearly failed just seconds before you got encrypted, figure it out, reverse the drives, have them no longer be failed.... it's not going to happen.
it's just a RAID array, think of it that way. If your files on your array are hit, you need to fall back to backup.
-
@Breffni-Potter said:
So let's assume, Crypto has struck, found the endpoint which had it and shut it down, do the nodes automatically run through that process?
Shut it down? Do you mean the node that has the DAS connection access?
-
Yes this is what I'm trying to get at. Rule out what the product definitely is and what it definitely is not.
@scottalanmiller said:
Shut it down? Do you mean the node that has the DAS connection access?
Yes, the node which has mount access, which could be a DC or file-server.
-
@Breffni-Potter said:
@dafyre said:
@Breffni-Potter said:
@scottalanmiller said:
@Breffni-Potter said:
- How does it protect against cryptolocker and the like? How do you know which nodes are "clean" and which are corrupt?
No, it is a DAS. You need to provide the protection BEFORE you let things access the block storage. This acts just like any SAN would in this scenario.
But assuming the protection fails (and sometimes they do) - Is the entire pot of data lost in that scenario?
Not permanently. The systems all come back online and resync and figure out who has the latest "good" data.
So let's assume, Crypto has struck, found the endpoint which had it and shut it down, do the nodes automatically run through that process?
They would, yes. Aetherstore can sustain the loss of a node in various situations and not have anything affected. However, if crypto locker hits the data stores in Aetherstore... Have fun restoring from backups, lol.
-
@Breffni-Potter said:
Yes this is what I'm trying to get at. Rule out what the product definitely is and what it definitely is not.
@scottalanmiller said:
Shut it down? Do you mean the node that has the DAS connection access?
Yes, the node which has mount access, which could be a DC or file-server.
It if goes offline, the Cryptolocker would have no path to the storage.
-
@scottalanmiller said:
It if goes offline, the Cryptolocker would have no path to the storage.
...yes?
-
But you wouldn't know to offline that node or else you could have stopped CL anyway, one would assume.
Generally you want to protect any SAN or DAS connection point pretty heavily.
-
@scottalanmiller said:
But you wouldn't know to offline that node or else you could have stopped CL anyway, one would assume.
Generally you want to protect any SAN or DAS connection point pretty heavily.Indeed but important to clarify.
-
Hey guys - how goes it? Just popped by to say hi but it looks like I can help with a Q too: @Breffni-Potter if you have a 10-node Store, for example, and one of the nodes is hit by CL, you will still have access to your data, period. If the -mount node- is hit by CL however, and CL maliciously encrypts all drives it can write to (so including any mapped network drives etc.) then it would maliciously encrypt the Store data too.
In general, you can put a bullet in any machine running AetherStore and not notice. AetherStore will notice and automatically re-replicate the data that was on that machine onto other nodes in the system - no manual intervention required and your data is still accessible while this goes on in the background.
