Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hetzner announces SX61 storage server refresh and hosted nextcloud
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hetzner announces SX61 storage server refresh and hosted nextcloud

williewillie Member
edited November 2018 in Providers

Storage junkies might like to see today's SX62 announcement:

That's an update of the SX61 so now it has 4x10TB HDD's (somewhat expected given the introduction of the SX132 and SX292 a couple months ago) and interestingly, it now has an E3-1270v3 processor with 32GB of ECC ram, instead of the previous i7-3770 with no ECC. Price is the same as the SX61's old price (69 euro/m in DE or 64 in FI, plus 69e setup fee).

They also announced hosted Nextcloud (NX) storage plans, at the same prices as the StorageBox (BX) line:

I don't really know how interesting that is, whether it allows making public volumes, etc. If it's on the same cluster as StorageBox then I hope it doesn't slow StorageBox too much. I'm not likely to use it myself.

The SX62 is a welcome evolutionary development and I appreciate the ECC memory. It occurs to me it would be great to have a bigger model with 6 drives, between the SX62 and the 10-drive SX132. The idea is to allow a more efficient RAID6 setup, that survives 2 drives failing without using 50% of the drive space. Going from 4 drives to 6 would increase usable storage from 20TB to 40TB, doubling space with hopefully <= 50% cost increment.

Maybe the BX line can get another price drop soon! It last had one a couple of years ago, I think.

Good going, Hetzner!

«1

Comments

  • Very nice.

  • God help the poor schmuck who decides to host private data with Hetzner with them letting the cops in and out of their DCs at the drop of a hat.

    Thanked by 1mehargags
  • @varunchopra said:
    God help the poor schmuck who decides to host private data with Hetzner with them letting the cops in and out of their DCs at the drop of a hat.

    You cannot really put Hetzner to blame there.. they have laws to abide by and do not really have a say if someone is breaking them and goes under investigation.

    Thanked by 1mrTom
  • @varunchopra said:
    God help the poor schmuck who decides to host private data with Hetzner with them letting the cops in and out of their DCs at the drop of a hat.

    lol. you would do the same if you own a datacenter. In fact you would give them a backdoor i bet.

  • Crazy pricing. I would love to get the Nextcloud package, but the server-side per-user encryption is only private with some tweaks, unless they are referring to using a server-wide key, which can barely be called encryption.

  • vimalwarevimalware Member
    edited November 2018

    Pretty cool. can storage be shared between samba/sshfs mounts and nextcloud?

  • AnthonySmithAnthonySmith Member, Patron Provider

    varunchopra said: host private data

    well that's the first mistake.....

  • Once a network connection comes into play privacy is pretty much gone.

  • @varunchopra said:
    God help the poor schmuck who decides to host private data with Hetzner with them letting the cops in and out of their DCs at the drop of a hat.

    Almost any reputable DC would do the same if the FEDs show up at their doors. In some cases, if you don't comply and they have the legal document allowing, they will enter by any means. I believe this even happened in the case of that super secure 'Cyberbunker' DC ( http://www.cyberbunker.com/web/swat.php ).

    No where is safe if they have the legal paperwork needed to enter (well besides some third world country where you can pay off the police).

    my 2 cents.

    Cheers

  • I have a cloud vps dedicated to nextcloud as well as a storage box for increased storage. It works fine, no issues. With the new nextcloud service, I wonder if it'd be easier or simpler to just get the nextcloud server.

    What are the cons of using the direct nextcloud server

  • @willie said: They also announced hosted Nextcloud (NX) storage plans, at the same prices as the StorageBox (BX) line:

    Interesting that Hetzner is offering Nextcloud now. Symbolically at least, this is a significant endorsement of Nextcloud.

    Does anyone know where their Nextcloud login page is? I'm wondering how https://scan.nextcloud.com/ rates their Nextcloud server.

  • angstromangstrom Moderator
    edited November 2018

    @sysamy said:
    I have a cloud vps dedicated to nextcloud as well as a storage box for increased storage. It works fine, no issues. With the new nextcloud service, I wonder if it'd be easier or simpler to just get the nextcloud server.

    What are the cons of using the direct nextcloud server

    Well, if you purchase a Nextcloud service from a provider, then it's the provider's job to keep Nextcloud updated and secure. If you run your own Nextcloud service on a VPS, then it's your job to keep Nextcloud updated and secure.

    Thanked by 2sysamy Hetzner_OL
  • @gol3m said:
    Crazy pricing. I would love to get the Nextcloud package, but the server-side per-user encryption is only private with some tweaks, unless they are referring to using a server-wide key, which can barely be called encryption.

    Given it seems to be a private subdomain per install, I'd assume they're deploying a VM or container for each one but I might be wrong.

  • gol3mgol3m Member
    edited November 2018

    @dragon2611 said:
    Given it seems to be a private subdomain per install, I'd assume they're deploying a VM or container for each one but I might be wrong.

    A personal/private subdomain can be just another virtual host + separate directory, but I was talking in terms of encryption. Default in Nextcloud is per-server encryption, not per-user for performance reasons, which is meant for untrustworthy external storage, but can be decrypted with one command.

    However, even assuming that "server-sided encryption" on the Hetzner product page refers to "per-user encryption", it does not encrypt everything. For instance, Nextcloud does not encrypt gallery "thumbnails", meaning it creates unencrypted 4 megapixel "thumbnails" from all your image files. Merely disabling the gallery app is not a solution, however, because Nextcloud still creates thumbnails, e.g. when using the app.

    A lot of other things may not be encrypted correctly, such as smtp/imap passwords, and deleting the user, or removing an app might not even erase them (!).

    Hence, if you use this, you probably should not rely on the server-side encryption to keep your files "private". Of course server-side encryption is never secure in the sense of "an attacker who controls your server waits for you to log into your Nextcloud and grabs the password", but in this case it is probably not even secure in the sense of "someone steals the hard drive", or not secure at all (assuming a server-wide key is used).

  • williewillie Member
    edited November 2018

    If you're really worried about hard drives being seized etc., all you can really do is encrypt at the client side and never let the server see plaintext. That can work ok for storage servers and storagebox (BX), but I think Nextcloud by definition has to be able to send out plaintext, which means it needs the decryption keys, at least when you're logged in. So they can be intercepted by the server operator. Also the hard drives for NX and BX are obviously shared between customers.

    If you really have super sensitive data that has to withstandard physical intrusion (e.g. the signing keys for a CA) normally you would wrap it in tamper reactive crypto hardware. You could put something like that in a colo server. But getting data in and out of it will be much slower than the disk interfaces of servers. So you wouldn't use it for TB's of bulk data. At that level you also wouldn't use software encryption on the server itself, because the server DRAM is also considered insecure (even using stuff like SGX).

  • Thanked by 2eol ehab
  • @dragon2611 Hetzner support told me that the Nextcloud encryption is only a per-server key, meaning that they can decrypt all files with one command, which makes it almost useless.

    willie said: but I think Nextcloud by definition has to be able to send out plaintext, which means it needs the decryption keys, at least when you're logged in. So they can be intercepted by the server operator.

    Yes. Nextcloud per-user (!) encryption is only useful if someone takes out the hard drive, not if you are under surveillance. It still allows you to view and share files without additional software, making it more useful than end-to-end encryption.

    Nextcloud per-server encryption (which Hetzner uses) is only useful for untrustworthy external storages, which do not have access to the encryption key on your server.

    Nextcloud end-to-end encryption is still in alpha and requires you to use the Nextcloud client to decrypt your files. Like the per-user encryption, it presumably only encrypts your files, not stored credentials/carddav/caldav/.. .

  • Got some responses from Hetzner support, and I leave them here to anyone interested:

    About NextCloud hosting environment and if power increases depending on the plan:

    "The Nextcloud performance is currently based on a shared system with all plans. There are no specific limits for a single Nextcloud."

    About using own own domain and SSL:

    "A own domain and SSL certificate is currently not possible but we will note it as feature request."

    Thanked by 1gol3m
  • @AnthonySmith said:

    varunchopra said: host private data

    well that's the first mistake.....

    I'd consider pretty much anything on Nextcloud as private. ¯_(ツ)_/¯

    @smile said:

    @varunchopra said:
    God help the poor schmuck who decides to host private data with Hetzner with them letting the cops in and out of their DCs at the drop of a hat.

    lol. you would do the same if you own a datacenter. In fact you would give them a backdoor i bet.

    I'm unsure what your bet is based on because you're wrong on both counts.

    @TheLinuxBug said:

    @varunchopra said:
    God help the poor schmuck who decides to host private data with Hetzner with them letting the cops in and out of their DCs at the drop of a hat.

    Almost any reputable DC would do the same if the FEDs show up at their doors. In some cases, if you don't comply and they have the legal document allowing, they will enter by any means. I believe this even happened in the case of that super secure 'Cyberbunker' DC ( http://www.cyberbunker.com/web/swat.php ).

    No where is safe if they have the legal paperwork needed to enter (well besides some third world country where you can pay off the police).

    my 2 cents.

    Cheers

    Feds? Good joke.

    Any reputable provider worth his salt would know better. Paging @Francisco because it seems that he's the only one with balls on this forum. Kudos to you mate.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    varunchopra said: Any reputable provider worth his salt would know better. Paging @Francisco because it seems that he's the only one with balls on this forum. Kudos to you mate.

    While i'm proud of my balls, court orders are court orders.

    If there's a court order from the country the servers are located in demanding I provide them a copy of a VPS/etc, then they're getting it if I like it or not.

    I do argue cases where they are providing bad information, etc, but nothing stops them from carting my rack of servers out the door.

    I'll protect my customers until I legally can't.

    Francisco

  • smilesmile Member
    edited November 2018

    @varunchopra said:
    I'm unsure what your bet is based on because you're wrong on both counts.

    I'm 100% sure of it because we after all have Trump as President. Unless you have shown the capacity to do what you preach in a tangible way; "secret" court orders aside; prove me different. Open a datacenter and see how far you go. I'm 99% sure you will fail before 2 years.

  • @smile said:

    @varunchopra said:
    I'm unsure what your bet is based on because you're wrong on both counts.

    I'm 100% sure of it because we after all have Trump as President. Unless you have shown the capacity to do what you preach in a tangible way; "secret" court orders aside; prove me different. Open a datacenter and see how far you go. I'm 99% sure you will fail before 2 years.

    Listen to yourself. You sound a like a retard going on about me opening a DC.

    This is about Hetzner and them going willy nilly snatching disks without any restraint.

  • Every DC will hand out disks, so what?

    Thanked by 2Wolveix gol3m
  • I can hardly wait for Varunchopra's Bundy Ranch data center to open, complete with armed standoffs whenever the feds come to get the disks.

  • RESTRAINT : Do you have it?

  • @Francisco said:
    If there's a court order from the country the servers are located in demanding I provide them a copy of a VPS/etc, then they're getting it if I like it or not.

    What about the country where your company is located at? I have always wondered whether both cases matter or just one of them.

    Thanked by 1gol3m
  • @varunchopra said:

    @smile said:

    @varunchopra said:
    I'm unsure what your bet is based on because you're wrong on both counts.

    I'm 100% sure of it because we after all have Trump as President. Unless you have shown the capacity to do what you preach in a tangible way; "secret" court orders aside; prove me different. Open a datacenter and see how far you go. I'm 99% sure you will fail before 2 years.

    Listen to yourself. You sound a like a retard going on about me opening a DC.

    This is about Hetzner and them going willy nilly snatching disks without any restraint.

    You sound like an ignorant retard devoid of any recognition of the laws that surround a data center. The person you pointed to already tried to point you out to the existance of laws but you are too dimwitted to acknowledge them.

  • Hetzner_OLHetzner_OL Member, Top Host

    Hi LETters, Sorry that I have been AWOL for awhile. It looks like most questions in this thread have already been answered. Thanks to those of you who shared responses from our support team! Please let me know if I have missed any questions.

    @vimalware - "Pretty cool. can storage be shared between samba/sshfs mounts and nextcloud?" -> No, this is unfortunately not possible. We only provide access over Nextcloud's own web interface and the WebDAV protocol that Nextcloud itself provides.

    --Katie, Marketing

    Thanked by 3vimalware gol3m eol
  • @Hetzner_OL Is any office suite available with the hosted Nextcloud instance?

  • Hetzner_OLHetzner_OL Member, Top Host

    @AC_Fan said:
    @Hetzner_OL Is any office suite available with the hosted Nextcloud instance?

    You can use any apps that are in the Nextcloud app store.

    -- Ramona

Sign In or Register to comment.