Overview
Nasuni Edge Appliances create and map to volumes that reside in your third-party cloud storage. Nasuni Edge Appliances then cache the active files from those volumes, so that users enjoy high performance file access over the local network.
One of the differentiating features of the Nasuni file data platform is its ability for multiple Nasuni Edge Appliances to map to the same cloud storage volume, so that the same files can be shared across multiple sites. To enable multi-site file sharing, you must enable the Remote Access feature for the volume on the first Nasuni Edge Appliance (the “source”). Then, other Nasuni Edge Appliances can map to the same shared volume in cloud storage, and cache the same active files.
Since the data on the source Nasuni Edge Appliance is encrypted, the question arises of how to handle the encryption keys so that the data is securely accessible by other Nasuni Edge Appliances.
This reference describes how this key exchange occurs.
Newly Deployed Nasuni Edge Appliances and Encryption Keys
Nasuni Edge Appliances employ public-key cryptography to encrypt information on volumes in the cloud.
Public-key cryptography uses two encryption keys: the public encryption key can be used to encrypt data, but not to decrypt data; the private encryption key can both encrypt and decrypt data. Only the private key can decrypt data encrypted with the public key. To maintain security, a customer never divulges the private key (hence its name). But the public key can be distributed publicly with no loss of security, because it cannot be used to decrypt data (hence its name).
When a customer deploys a new Nasuni Edge Appliance, the Nasuni Edge Appliance automatically generates its own pair of private and public encryption keys.
For security, the Nasuni Edge Appliance keeps this private key internally. This private key never leaves its Nasuni Edge Appliance. In particular, this private key is never sent to the Nasuni Orchestration Center (NOC) and is not escrowed with Nasuni.
By contrast, the Nasuni Edge Appliance’s public key is registered with the NOC under the Nasuni Edge Appliance’s GUID.
Every Nasuni Edge Appliance performs this process. The process to generate encryption keys and register the public encryption key takes some time to complete. It also takes some time to detect the newly deployed Nasuni Edge Appliance (either by polling, or by using the Refresh Connections button on the Remote Volumes page of the Nasuni Edge Appliance UI).
Sharing Volumes
A customer can choose to share a cloud storage volume mapped by the source Nasuni Edge Appliance, so that other Nasuni Edge Appliances can map to the same shared volume in cloud storage and cache the same active files. Such a shared source volume is called a remote volume.
In order to share a source volume, the customer first enables Remote Access for that volume. Then the customer specifies which permissions the other Nasuni Edge Appliances on the cloud storage account should have in order to access the source volume. The options include:
Read/Write permission for all other Nasuni Edge Appliances on the same account, including new appliances as they are deployed.
Read-Only permission for all other Nasuni Edge Appliances on the same account, including new appliances as they are deployed.
Custom-defined permissions (Read/Write, Read-Only, or None) for each Nasuni Edge Appliance on the same account.
When the customer is specifying permissions for other Nasuni Edge Appliances on the same account, that list of Nasuni Edge Appliances comes from the NOC, and includes all Nasuni Edge Appliances that have registered their public key for that customer account.
When the customer enables Remote Access for the source volume, the source Nasuni Edge Appliance packs up the basic volume access information and sends it to the NOC. This registers the source volume as available for remote access by the specified Nasuni Edge Appliances. The information sent to the NOC includes the volume name, the GUID of credentials, and some UniFS® metadata. Note that this information does NOT include cloud credentials or private keys.
If a permitted Nasuni Edge Appliance on the same account requests to access the source volume, the NOC provides this same information to the requesting Nasuni Edge Appliance. The information provided is not useful without also having access to the cloud credentials and any private keys.
Exchanging Encryption Keys When Sharing Volumes
The first Nasuni Edge Appliance (the “source”) that maps to a cloud storage volume creates a secure message that it sends to other Nasuni Edge Appliances that are remotely accessing the shared volume. This message contains the customer’s volume encryption keys, secured in this way:
The information is encrypted to the public key of each Nasuni Edge Appliance that is enabled to remotely access the shared volume.
The information encrypted with the public keys is sent to the NOC for retrieval.
Note that there is one message from the source Nasuni Edge Appliance to each target Nasuni Edge Appliance, which the target Nasuni Edge Appliance retrieves when the source volume is mounted.
If Nasuni Edge Appliance A and Nasuni Edge Appliance B are enabled for remote access, then both A and B can perform these actions:
Receive the messages containing the encrypted information.
Decrypt the messages, using their private Nasuni Edge Appliance keys.
Obtain the encryption keys of the shared volume.
Gain access to the data of the shared volume.
Note how this process protects the data from Nasuni Edge Appliance C, which is not enabled for remote access to the cloud storage volume. First, Nasuni Edge Appliance C would receive no message. Second, if Nasuni Edge Appliance C accidentally received such a message, Nasuni Edge Appliance C would not be able to decrypt the message, because its public key was not used to encrypt the message. Therefore, Nasuni Edge Appliance C would not be able to access the data or metadata of the cloud storage volume.
When necessary, the source Nasuni Edge Appliance that first mapped to the cloud storage volume updates the entry in the NOC, in order to reflect pertinent changes in the Nasuni Edge Appliance or in the volume.
In this manner, Nasuni Edge Appliances can exchange encryption keys and other secure information. The Nasuni Edge Appliances use the centralized NOC in such a way that the data cannot be decrypted outside of the Nasuni Edge Appliance.
In the event of a disaster recovery (DR), the Nasuni Edge Appliance’s private encryption key is lost, along with the rest of the Nasuni Edge Appliance. A new Nasuni Edge Appliance, replacing the original Nasuni Edge Appliance, generates its own new unique private/public key pair. This new Nasuni Edge Appliance registers the new public key with the NOC, as before. The Nasuni Edge Appliance GUID remains the same. The existing registered public key for the Nasuni Edge Appliance is replaced by the newly generated public key.