Dropbox upgrade adds nice bits for sysadmins

POPs dropped into DCs for better performance and local peering

Sysadmins need a "nice" user experience, and Daniel Iversen, head of solution architects for Dropbox Asia Pacific, told The Register that was in mind when the company pushed out a bunch of new admin capabilities.

In other words: this is “not about a feature race”, he said, rather a more deliberate – and staged – upgrade strategy. Under the AdminX heading, the security and admin controls cover network features, subdomain verification, more granular device approval, and better audit logging.

At the network level, the admin can block personal dropbox accounts, only allowing sanctioned accounts for better protection against data leakage. That gets enforced by gateways from vendors like Barracuda, Netskope, Symantec and Skyhigh.

Those aren't the only solutions: Iversen claimed covering off as many proxy servers as possible needed “more than 20,000 pieces of software” to be integrated into the system.

Subdomain verification lets the sysadmin restrict Dropbox to specific groups and assimilate staff accounts into the corporate domain.

Device approval works to plug a gap faced by companies who have rolled out a mobile device management system: it doesn't reach to the desktop.

Limiting the number of synced devices by user means the sysadmin can create a rule like “this individual can access the corporate dropbox from one desktop and two mobile phones”, Iversen said – with, naturally enough, a user exception list to cover special cases.

Audit logging enhancements to be progressively rolled out include filtering of user activities (more than 350 pre-built) by member, file name, file date, and file type.

The idea is to put a forensics UI right there in the admin console, so if there's an incident, they can ask “what happened within this date range? Who permanently deleted files?” and so on.

This, Iversen added, integrates back into data loss prevention (DLP) solutions.

The company has also added these admin controls to its Dropbox Paper collaboration app.

Leaving AWS

Iversen outlined an expansion of the infrastructure investment that started with the Magic Pocket project.

The company's decision to pull its storage in-house instead of hosting it on Amazon's cloud poses an obvious performance challenge, one that Dropbox hopes to meet by deploying proxy servers around the world (11 so far in Washington, California, Texas, New York, Virginia, the UK, the Netherlands, Germany, Singapore, Hong Kong and Japan, and a metadata proxy server in Sydney).

“It yields a tremendous improvement in speed,” Iversen said, without the overhead of trying to replicate data in worldwide bit barns.

The local POPs also open up the door to peering at the local level, wherever an ISP or enterprise has a footprint in the same data centre as Dropbox, either to improve speed or, for large network owners, cut traffic costs. ®


Biting the hand that feeds IT © 1998–2017