March 18th, 2013 by Josh Linden
EMC Syncplicity Review
Syncplicity is EMC’s cloud-based file management and collaboration platform which was acquired in 2012 to integrate multi-client synchronization and security features with the EMC’s public and private cloud storage portfolio. With no end in sight in the movement towards mobile staffing and technology, it's vital for enterprise storage vendors to offer solutions that support file synchronization while maintaining IT administrative control over business data. Syncplicity can be used as a subscription-based model service with EMC’s infrastructure, or customers can deploy Syncplicity with EMC’s Isilon or Atmos storage platforms.
During the last few years, cloud-based file synchronization services have become an indispensable part of work for professionals in many fields. Early leaders in consumer web-based file storage technology, particularly Dropbox, have also raised user expectations for mobile, multiplatform access to shared cloud storage. For end users, services like Dropbox have improved productivity by providing sync and collaborative features that operate behind the scenes. This way, users can continue using familiar software and personal file organization systems but also have the advantage of being able to access and share data with anyone who has internet access.
In January, EMC announced beta availability of an integrated Syncplicity-Isilon NAS solution that can scale from a 3 node, 18TB configuration to a 144 node cluster configuration with over 20 petabytes. Isilon allows enterprise clients to offer their staff robust file synchronization features without sacrificing on-site control of corporate data. In addition to the Client component of the Syncplicity platform, the integrated Syncplicity-Isilon solution features Orchestration, Storage, and Compute components.
Syncplicity’s orchestration layer incorporates authentication, authorization, account administration, metadata management, sharing and collaboration, the web application, and all API functionality excepting file transfer -- file data does not flow through the orchestration component. The storage component persists file data within an opaque Isilon-hosted container. The compute component is deployed as an application on one or more virtual machines and exposes the file transfer API, encryption, compression, file transfer resumption, and image thumbnail generation.
Compute application instances are stateless and independent of one another, allowing additional instances to be allocated and deallocated depending on load or other operational requirements. To achieve similar functionality to the Syncplicity subscription service, EMC suggests deploying the Isilon storage system in the DMZ to allow access with inbound access over port 443 (HTTPS). Alternately, clients can utilize a private network in order to ensure that the service is only accessible from within the corporate network or over a VPN connection.
Our review is of the stand alone deployment but it's instructive to highlight the potential Isilon integration for enterprises that require an extra layer of data ownership and security.
Syncplicity SaaS Security and Retention
For clients that purchase Syncplicity as a service, EMC’s Virtual Private Cloud infrastructure stores files with quadruplicate replication in three geographically separate data centers that are SOC 1 audited under SSAE‐16 guidelines (formerly SAS70 Type II) and PCI DSS certified. Syncplicity storage is also certified for ISO27001 and follows DoD 5220.22‐M (“National Industrial Security Program Operating Manual”) or NIST 800‐88 (“Guidelines for Media Sanitation”) for data destruction on retired devices.
All web access and client interactions with Syncplicity are secured with AES‐256 SSL encryption. Files stored within Syncplicity are also stored on EMC’s servers and on the local device with AES-256 encryption, using a key that is uniquely generated for each revision of the file. When a file is permanently deleted, the encrypted data is removed from storage and the encryption keys associated with every revision are destroyed. Syncplicity maintains its authentication and encryption servers in a separate data center from file storage so that encrypted data and its associated encryption key are only brought together when needed for access. According to EMC, no employees other than the company’s VP of Engineering and CTO have access to both the authentication and key management data centers and the encrypted file storage data centers.
Syncplicity supports federated user authentication via SAML 2.0, supporting: Microsoft Active Directory Federation Services (ADFS) 2.0, Ping Identity PingFederate, and Oracle Identity Manager 11g. Authentication uses Active Directory, SAML, Google Apps, or any OpenID federated identify provider. Single Sign-On (SSO) tools allow organizations to leverage existing authentication systems to authorize employee access to Syncplicity with the same user credentials as other network resources. Federated authentication also means that Syncplicity servers need not have access to corporate passwords, as credentials remain in the control of the corporate system.
Syncplicity’s Security and Compliance Console provides centralized control over which devices may be used to access, sync, and share company data. The console manages data-retention policies, which can automatically and permanently delete files and folders remotely from user devices. The Security and Compliance Console can also remotely wipe user accounts or devices in cases of lost equipment or staff termination. Version control automatically resolves file version conflicts and streamlines restoring previous versions of files.
Syncplicity's Client Access Restrictions Policy tool determines which domains and IP addresses are authorized to access the organization’s storage, regardless of client type. Administrators can also restrict users from accessing Syncplicity from computers that are not running the client in order to prevent access from shared or public computers.
Administrators can review user shares to monitor what data is being shared across the company, and remote-wipe policies can force automatic and permanent deletion for data that is no longer shared or if an employee or contractor leaves the organization. Data stored by Syncplicity mobile apps can also be remote-wiped by users or administrators if a device is lost or stolen.
Syncplicity uses a default retention policy of 30 days for deleted and changed files, and it also retains at least the five most recent versions of files regardless of age. Custom retention policies can be defined on either all files or at a granular level based on file or folder attributes such as type, name, and size. Files can be retained with no limits on the number of versions or retention period.
Administrators can create groups and pre‐configure them with default folder permissions, adding users individually or in a batch with CSV import. Syncplicity supports desktop management and software deployment solutions for client management across a large user base. It also offers three permission levels for shared folders: None, Reader, and Collaborator. Readers can view files, but cannot change them. Collaborators can view and edit files and subfolders. The Folder Sharing Policy determines whether users have the ability to share folders with individuals who don’t have an account within the company.
In addition to its web interface, EMC provides native Syncplicity clients for Windows, Apple OS X, iPhone, iPad, and Android – but no Linux or server clients at this time. Each client provides basic file browsing functionality to locate and open synchronized files and save files on the device for offline use. Users can also request a web link from the client that will provide access to non-Syncplicity users over the web, if allowed by the user’s permissions. Syncplicity clients also present a "News Feed" for the user that records all events pertaining to their account and synchronized files, including folder and file changes in chronological order.
The web client provides access to synchronized storage, but is somewhat limited when it comes to working directly with files. Renaming, moving, and editing tasks require downloading the file and reuploading through the web interface. We do expect Syncplicity's web client to incorporate more interactive functionality as it matures, such as drag-and-drop file uploading which would make the interface simpler to work with via browser.
While Syncplicity has embraced many features common to consumer file synchronization platforms, the client has additional functionality useful for enterprise data security policies. Syncplicity mobile apps allow users to set an additional 4-digit access PIN which will optionally purge synchronized files if entered incorrectly.
During our review of the Mac client we noticed that Syncplicity exposed and synchronized some hidden system files. There would be no danger in accidentally deleting these files, but if syncing across desktops, there might be an accumulation of extra files some users would find confusing. EMC says that they are aware of the issue and are taking steps to address the problem (which does not exist with the Windows client).
File view on iPad client
During the review, one user installed the Syncplicity desktop on a Macbook Air. Then the user took a few photos with an iPad that had the Syncplicity client installed and uploaded them to a Syncplicity synced folder. When signing back into the MacBook Air, an alert appears on the desktop to indicate that the file has arrived on the local device. This is a workflow that will only become more common for personal and business applications.
Remote File Upload from iPad Photo Stream
Synchronization is bandwidth limited, which is an important consideration for remote disaster recovery scenarios as well as use cases that involve remote users adding large files to shared folders. Syncplicity does offer options to limit client upload and download speeds, and it detects identical files to avoid transferring duplicate data more than once.
In addition to challenges scaling consumer-oriented file synchronization platforms, the platforms themselves often pose difficulty ensuring compliance with information security policies. Until recently, organizations looking to deploy cloud-based file synchronization often have had to choose between bolt-on enterprise solutions with less robust user functionality and client options or file synchronization platforms originally architectually designed for consumer use with user management, encryption, and other enterprise requirements added-on. Syncplicity represents a new generation of file synchronization and management technology that is designed to operate across common enterprise use cases.
While focusing on an end-user experience comparable to consumer cloud storage platforms, Syncplicity’s potential value for EMC lies in its ability to add enterprise-centric functionality to these familiar user workflows. Syncplicity streamlines secure distribution of new and updated material to personnel in the field, for example remote sales teams or front-line consultants. It can also help bring staff back online quickly after loss or damage to computers and mobile devices.
Overall usability across a variety of Macs, Windows PCs, iPads and iPhones was seamless for the five accounts/users who tested the service as part of this review. Data flowed rapidly between synced folders and devices and actually facilitated workflow more than once by providing access to files that otherwise would have taken more time to access. The experience pretty much aligns with the use cases EMC outlines for Syncplicity and definitely created value for the StorageReview organization.
- Backed by EMC's technology and expertise in enterprise storage and security
- Same platform is available as a service from EMC or with in-house storage
- Consumer-style interface makes Syncplicity immediately accessible
- No Linux or server clients
- Minor Mac quirks
Public and private cloud-based file synchronization systems are an important enterprise market, and EMC has the technology to emerge as a leader through the Syncplicity platform.