How to Improve the Security of AWS Storage

How to Improve the Security of AWS Storage

When AWS introduced default Virtual Private Cloud (VPC) settings across Amazon EC2 regions, taking full advantage of the VPC benefits became easier and simpler. This change brought a great opportunity, allowing customers to take advantage of the VPC to customize and design their networks and differ their workloads between public and private subnets. Thus, customers now have more control over their resources, networking, routing, and security.

So how do you improve the security of AWS storage?

Instead of requiring proprietary hardware or an outside datacenter, SoftNAS extends native AWS storage (EBS, S3) to create an enterprise-grade, full-featured cloud NAS filer, including SNAP HA with patent-pending Elastic HA technology with automatic failover that keeps data flowing, even when disaster strikes, an instance fails or an entire AWS availability zone isn’t available.

AWS Storage Security

Nothing is more critical to the continuity of your business than your data. Some security-conscious customers or those with susceptible data avoid solutions like Elastic HA, which utilizes public IPs, exposing storage to Internet-accessible addresses.

Other customers concerns include:

  • Cost of inbound bandwidth of the storage
  • Storage is located on a public subnet on a VPC

With these customers in mind, the next version of SoftNAS will include several features that will allow for greater deployment flexibility and security.

SoftNAS offers the mission-critical data protection and high availability required for the non-stop operation of your business. Simple, powerful, and agile, SoftNAS is easy to try, buy and deploy across public, private, and hybrid clouds. SoftNAS for AWS enables customers to quickly and efficiently implement hybrid and pure cloud business solutions that ensure corporate data is always safe and available and applications do not experience downtime.

Network Security Groups Configuration in AWS

Network services can be set in the same manner as Premise instances, within the console after AWS setup. However, the simpler solution is to set your services and ports via the creation of Security Groups during setup. The Launch Instance manual setup wizard allows you to create a secure networking configuration prior to the first boot.

SoftNAS Security in the AWS Cloud

SoftNAS Enterprise builds upon Pure AWS storage infrastructures like EBS, S3, and SSD running within your own AWS account. Your data is always secure and totally under your control within your AWS virtual private cloud (VPC), never leaving the trusted AWS data center. Your data can also be fully encrypted and secured using AWS encryption of EBS and SoftNAS Enterprise encryption of S3 data.

Secure VPC Networking: 

Secure NAS storage access routing within VPCs with complex routing tables and subnets.

HA for Private VPCs: 

Private IPs for better VPC security in HA configurations.

360-degree Encryption™: 

Data encryption all the time–at rest and in flight. Data-at-rest is encrypted through open-source Linux Unified Key Setup (LUKs). LUKs is accepted as the standard for encryption of stored data. Data-in-flight is encrypted for CIFS and NFS file protocols.

Dual Factor Authentication: 

Prevent unauthorized access to SoftNAS management console with two-step authentication for SoftNAS StorageCenter through Google Authenticator.

Login Protection from Bots: 

Human verification through Google reCAPTCHA prevents bots from programmatically gaining access to the SoftNAS Enterprise management console.

Large-scale Windows Filer with Active Directory: 

Supports thousands of concurrent users with billions of files for enterprise-scale file server, VDI user file storage via CIFS/SMB 3 protocol.

Large-scale NFS Server: 

Supports thousands of concurrent users with billions of files for enterprise-scale file server, user file storage via NFS 4 protocol.

Identity & Access Management (IAM): 

Provide least privilege access control and management without use of access keys for HA setup and S3 cloud disks.

SoftNAS Enterprise Cloud NAS for AWS provides the performance, reliability, and fault tolerance required for mission-critical applications. SoftNAS offers the broadest range of storage options in terms of price vs. performance and backend storage selection, on-demand at a petabyte-scale across the AWS and Azure Marketplaces or on-premises.

How to Avoid Storage Downtime when AWS Reboots

A new Xen vulnerability is forcing cloud service provider Amazon Web Services (AWS) to reboot a portion of its EC2 fleet over the week (the second such reboot in 6 months). Such periodic maintenance is necessary—expected even—to maintain the best possible security; however, some IT departments are still scrambling to ensure business continuity and prevent negative business impact.

Pre-emptively architecting cloud infrastructure to include a highly available storage configuration is a well-known best practice, but doing so can be difficult and time consuming for the IT generalist.

With SoftNAS’s built-in cross-zone high-availability, designing for failure can be fast and simple during the zone reboot preparations.

SoftNAS SNAP HA™ delivers a low-cost, low-complexity solution for high-availability storage clustering that is easy to deploy and manage.

A robust set of HA capabilities protects against data center, availability zone, server, network and storage subsystem failures to keep businesses running without downtime.

SNAP HA for (AWS) includes patent-pending Elastic HA™ technology, providing NAS clients in any availability zone uninterrupted HA access to the storage cluster across availability zones.


Blog 1 pic



In the event of an outage, such as the zone reboot, when Zone A is reset, SNAP HA would automatically fail over to Zone B and become the primary node. The rebooted, former primary instance, becomes the secondary instance until either a manual takeover to restore initial state, or another point of failure, when it would failover back to Zone A, which would once again become the primary controller.

Some security conscious customers or those with extremely sensitive data do avoid solutions like Elastic HA, which utilizes public IPs, exposing storage to Internet accessible addresses.

With these customers in mind, the next version of SoftNAS will include a number of features that will allow for greater deployment flexibility and security.

Sign up to be notified of the next version of SoftNAS.


Follow SoftNAS on Twitter: @SoftNAS