 Hello everybody, I'm Doug Soltes. I work for a company called Storage Made Easy. Today I'm going to be talking to you about data governance on OpenStack. So let's start off with headaches that you probably experience with data governance. And we've all been there, right? So first of all, you probably are being mandated to govern your data, which is a good thing. And some of the most common ones are going to be HIPAA for health care records, PCI DSS for credit card information, things like ISO 2107 for federal mandated. But there are plenty of other ones, right? There's serbanoxy, there's FIPS, you name it. There's probably some sort of regulation for it. And so that's probably the number one reason why right now you're governing your data. But there's another reason. It's just a good practice, right? You don't want to lose any data. You don't want to be the guy that gets called in. You want to protect your corporate assets. So when you're looking at any of these standards, they have a lot of things in common. The things that they have in common, the first one is encryption. You need to encrypt your data in flight and at rest. Now, why is that a problem? It's a problem because a number of your legacy applications, they don't encrypt your data in flight. They're using SIFs, they're using NFS, they're using an older version. Maybe your filers are not encrypting at rest. Even if you bring newer storage to the table, whether that's OpenStack Swift or it's SIF, you may not be encrypting your data at rest. The next thing that all of the standards out there for governance and compliance mandate is some form of auditing. So you need to be able to see who touched data, when they touched it, why they touched it, how it got deleted. This was critical in things like the Sony hack to find out where it came from. But you want to be more proactive than that. You want to start having alerts and monitoring of your audit logs as well. You need a secure way of sharing the data. You can't just email a medical record, you can't email the financials. If they're too big over 25 megs, you might have a problem and you need to put it on something like Dropbox, that's no good. So you need a way to securely share data, password protected. You also need a way of setting policies so that should that shared link get out of control, it can't be downloaded by somebody in Nigeria. And then lastly, you need the auditing. I'm sorry, not the auditing, you need the archiving. And so the archiving piece is the legal discovery, the illegal holds, how do I version my files? How do I have a trash can so that should I get infected by malware, I'm able to roll back versions of user's data? So I'm here to show you how you can make governance easy again. So again, I said I'm from a company called Storage Made Easy and what do we do? We let you bring your own storage no matter who it is. So you're at OpenStack, if that's OpenStack Swift or one of the Swift vendors like SwiftStack, it could be Seth either via Rados or S3 or it could be a commercial product, be that EMC, Scality, NetApp, you name it. You bring your storage and we're going to add on top of it governance, ease of use, encryption, policies and auditing that you need to protect your data when sharing it out for OpenStack. And we're gonna let you do this on any device. So I'm going to be demoing today a web browser but there are clients for Android and Mac, I'm sorry, Android and iOS, as well as desktop clients for Mac, Windows and Linux. So without further ado, let's do a quick demo of governance on OpenStack and we'll hope that my wifi and everything works just the way it should. So what you're seeing here is the Storage Made Easy interface and let me make it a little bit bigger for that screen. And the first thing that you notice is that I have multiple folders. I have a SIFS folder here because let's face it, the most common way that users interact with their data today is SIFS, Home Folders. I also have a SIFS folder. I have my own personal SIFS mapping from my admin and I have OpenStack Swift and this is actually linked to a SwiftStack instance that our partner of ours. So the first thing I want to show you is how do I protect my data through encryption? So in my data right now, my important files, I have this file right here. Now I made it plain text and I made it nice and easy. Nope, nothing like a demo toe. I made it nice and easy so that we'll be able to see this via Swift in a text editor. So the first thing I want to do is I want to take this file and I want to bring it into my Swift Storage. Now again, this could be SIFS, Scality, anything. So I just dragged and brought it into a container. Now for those of you that are familiar with Swift API, I'm using the Swift client, and let's make that bigger again. To show you that I have that file is called VIPLB and I also have two versions of the file. Versioning will get into in just a minute. And so what I'm going to do is I'm going to download that file and then I'm going to cat it just to show you that it's not encrypted. So now as the admin, you want to add encryption and you can do this many different ways. You can allow the users to manage their own encryption. You can do encryption per policy. So as they add back end storages, but what we're going to show you today is the most easy one. I'm just going to apply it to everything. So at the admin console, I'm going to go into organizations, options. I'm going to click on encryption and I'm going to add my secret encryption password. And I'm going to pick whether I want to apply this to shares via the organization or everything. I'm going to, for simplicity, apply this to absolutely everything. And the reason I'm going to apply it to everything is my users may be putting data into Dropbox. They might be putting it into Google Drive, 365 Office. All of these are fine, but I don't want them sharing it out through those mechanisms. I want to ensure that if any of my data leaves my enterprise, it's encrypted and protected and can only be shared through something that is being audited. So now let's go back to that Swift file and I have it right here. I have two versions of it and what I'm going to do is I'm going to edit it. Let's make it a little bigger and I'm going to add just the top of it. Hello, Boston. And I'm going to hit save. So now when I'm saving right now, it's saving to my Swift backend. Again, you need to be able to use any API, any interface when your users are consuming OpenStack storage. And the great thing about a Swift API is that it's probably already protected in-flight via HTTPS and TLS. Now that I've saved that file, let's go back, let's remove the previous download that I have, let's re-list my files and as you see, I now have another version. So let's re-download that vip.txt and let's cat it. Obviously this time you can see my file is encrypted whereas the last time it was just pure clear text. So what I've shown you is how to add any type of storage and regardless of if the storage backend protects the data or not, adding encryption for your data governance. The next thing we want to do is we want to share that file out with somebody. So I would like to share this. Now again, this could be my presentation, it could be PowerPoint, it can be in Swift, it can be in Seth, it could be on a NetApp filer. I'm going to click share and when I share it, I want to ensure that this is secure. So there's a couple of things I'm going to do. The first one is I'm going to expire this link after one day. I'm going to limit the number of downloads to two and I'm going to put a password on it. So now I've generated a new link and this new link instead of emailing out this file, I can now send this link out. How many times have you requested something from maybe your healthcare provider and they've sent you a secure email where now you have to log into a secure site and on and on and on versus just getting a link where you can access that data and think about it from your end user point of view. Now their email is not filling up with all these attachments. Their email is nice and clean. So I take that link and I email it out and to simulate that I'm just going to copy it and I'm going to open up say Firefox and I'm going to paste my link and I'm greeted by the request for a password so I'm going to put in the password, password. I'm going to open that file for text editor and ta-da, there's my file. Now if I open a new private window and download that a second time, I'm able to pull it again. But remember we set this, we have a policy that said I only want this downloaded two times. So now if I open up Opera and get a third window and I go to access that link and I put in my password, you can see that the number of downloads has been exceeded. So now we've shown how you can add governance via encryption and also a way to secure your shares and how your data is being accessed externally to your company. Next we want to look at how do I roll back? How do I add versioning? What people call legal hold or archiving? There's a number of ways to do this but the simplest we've already kind of demoed to you. So I have this file called VIPLB and remember I edited it so if I hit refresh, I'm going to see that I now have three copies of this, three versions of my data. So users are able to go back. Well now what if I have a malicious user? So I'm doing this webinar right now. I'm going to access my marketing share and again this is a live demo, this is not running on my laptop, this is actually running against servers in San Francisco and my Seth storage and my Swift storage are in other locations. So I have some presentations I've given recently so if I open this one up I've got my slideshow and so I'm going to be malicious. Now of course I could add a new version of it, I could work on it but I'm going to delete it and when I delete it you notice down here that it tells me that because I have legal hold on these TeamShare files that I am not able to recover it but who is, the admin is able to recover the data. This is the protection you need when we're talking about a number of the compliance as HIPAA, PCI DSS for the ability to hold your data. So if I go back to the admin console and I go back to the admins file manager, I can see that in the admins trash can is that PowerPoint and so what I'm going to do is I'm going to restore it because maybe that was deleted by accident. So now we've added in the ability to do legal holds, versioning, trash, whatever you wanna call it. The last main subject that is common to most of the data governance and compliance regulations out there is going to be auditing. How do I find out who touched my file, when they touched it, why they accessed it? Now as the admin, I have audit logs and these audit logs are exportable via CVS, Excel, a number of different formats. I'm able to search in them. So I've been working on this demo this morning and since it's an open stack demo, I'm able to search for the word open stack and let's zoom this a little bit and I can see that for example, I tried to access a file but it had expired. Remember, we tried to download that file three times. So I can see the first time it was downloaded in the IP address of who downloaded it, the second time and the third time and if I needed to, I could put what's called a watch or a monitor on this so that if there's somebody trying to download my files, either from an IP of a country that is not allowed to access these files or if it's from somebody maliciously trying to pull it several times, I could be alerted to it. Now storage made easy gives you many more functions than this but again, you bring your own storage, you hook it in and you're able to get all the governance and compliance that you need. Our booth is C7, it's in the corner back there if you want a full demo, come on by. I can show you more about SAML and LDAP integration. I can show you how we can collaborate, how you can protect using AD like, I'm sorry, NTFS like permissions on the actual shares and files that you do and of course, come back Wednesday, one of my colleagues will be demonstrating how we connect to Ceph storage because Ceph is really interesting. We can connect to it via Rados, we can connect to it via S3 or OpenStack Swift, really allowing you to leverage the full Ceph experience. So with that, I thank you for your time and any questions? Thank you.