Nasuni file sync accelerates ransomware recovery

Nasuni has invented Global File Acceleration (GFA) — a way to sync shared files up to 5x faster — and enabled faster ransomware recovery as a by-product, with a demo restoring a million files in under 40 seconds.

The company provides shared access from edge appliances to files stored in the public cloud and file changes created by one user in an edge appliance are synced to other users. Nasuni’s UniFS filesystem stores files, their data and metadata in public cloud object storage. Continuous Versioning Technology sends changed file data fragments (snapshots) to immutable object storage in the cloud. Lost, deleted or corrupted files can be recovered to any point in time up to the last fragment stored using CVT metadata and data. GFA speeds this process.

Nasuni’s Chief Product Officer, Russ Kennedy, offered a statement: “No other storage or backup vendor can provide Rapid Ransomware Recovery for file servers the way Nasuni can. And now Nasuni’s high-performance Global File Acceleration service sets us even further apart. Enterprises can solve their file protection, primary file storage and multi-site file sharing challenges all in one solution.”

We are told by Nasuni that GFA dynamically performs near-real-time, intelligent analysis of file usage to orchestrate and prioritise data propagation of new files across Nasuni Edge Appliances in all locations. As a result, global users sharing files gain the very fastest access to new data that they need most.

Stephen Held.

How GFA does this is not revealed. Think of GFA as a way of souping up data movement speed when changed file data, created using CVT, is synced out to edge appliances. Stephen Held, VP and CIO at Nasuni customer LEO A DALY, said: “It was already simple to manage and collaborate on our global file shares across 27 locations, and file synchronisation has always been much faster than traditional methods. But with this latest release, the performance is dramatically faster.”

Rapid ransomware recovery

The same basic process is used in a ransomware recovery. Say a user at an edge appliance creates a new file. That has to be sucked up to the cloud store by Nasuni and then blasted out to other users at the various edge appliances. This involves sending out the updated file:folder metadata and the data in the file when it is accessed.

Nasuni’s UniFS software detects a file has been created and takes care of this. It similarly responds to file deletions. We could imagine a ransomware attack as being the equivalent of a mass file deletion — the files are unobtainable. So UniFS restores them to a point in time up to a minute before the attack. It’s a kind of mass sync exercise in a way and GFS speeds it up.

Up until now UniFS has been able to restore millions of files in minutes. LEO A DALY was hit by ransomware and Held said: “Nasuni was a true lifesaver when we got hit by a ransomware attack. Once we contained the attack, we were able to restore files quickly. Our operations hardly missed a beat.”

With GFA it is faster still, think seconds, and a demo shows 1,001,233 files being restored in 38.8 seconds.

That actually meant the file metadata was restored, as a look at the Size and Size on disk numbers in the image above shows. The demo then showed restored files being accessed once the recovered file:folder metadata was back in place. It was all smooth and simple.

Nasuni says a survey of its customers who had been hit by ransomware attacks showed none of them paid a ransom. More than one third of them stopped the attack, identified infected files and restored valid versions of them in under an hour. The others presumably took longer. GFA will help more of them break the 60-minute mark when handling a ransomware attack in the future.