DataCore SSY 10 PSP7 Update 2 brings a lot of fixes - and automatic cloud data collection

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

Normally I don't write a blog article about the maintenance release of a software. There are lots of other blogs on the internet that use such content for new articles.

This time, Update 2 not only fixes a quite high number of bugs (I count 16 fixes from which 7 are marked as critical) but it also brings some new functionality to the software. One of the "enhancements" is a new data collector service. The release notes state:

"Enhancement: Collect and transmit machine data to DataCore cloud-based analytics platform. Refer to the Help topic “Data Collection” to disable (opt -out) of this service."

That's interesting. A new data collection service that sends out data about my system to the cloud. The release notes don't include any information about the kind of data the service sends out to the internet. That's okay, there is a link to the help topic where one can obviously get more information. As I already installed PSP7 Update 2 on my demo systems I have access to this new topics (if not, the internet web help is always up to date). As I'm a bit concerned about sending data from and about my SAN to the public cloud I want to know, which data exactly is sent and for what purpose.

Next step was to open the help topics and searched in the index for the keyword "Data Collection". I was quite disappointed when I got to the help topic. No explanation about the data being sent and I also have no information about where the data is sent (except the very cloudy description "Analytics Platform"). There is only another reference to the EULA where there should be "information regarding the data collected and transmitted". The good thing here to note is that there is an explanation of how to disable the feature and what port has to be open for this feature to work.

Well in my opinion, there should have been a BIG note during the update process about a new service being installed on my servers and the service is used to send "some" data to the cloud. There wasn't a note at all. And the most annoying thing is that this service is enabled by default! You have to disable it manually if you don't want to send data to the cloud. If DataCore silently installs new services on my systems that are not neccessary for running the application then the standard state of these services should be DISABLED and not enabled. Okay, one can argue that port 443 has to open from the DataCore server to the internet and normally it isn't due to the fact, that DCS should be set to a private network without direct internet access. That's right but there are enough customers outside that have no idea on security or have a bad IT company implementing DataCore solutions and they now send data without explicit accepting it to the cloud.
The only thing I saw during the update process was a password window that asked me about the DCSAdmin password. I have seen this window earlier in my live when I made an upgrade from v8 to v9 or v10 but normally not during installation of a PSP or even update. The funny thing here is, I typed the wrong password and the installer showed a warning about the "Telemtry" service not being able to start. Since I had no idea what this "Telemetry" service is, I simply corrected the password and finished the installation. Fortunately I made this mistake because without I would have never searched for this new service.

Going back to the help topic text, there is a link to the EULA in the installation folder. I haven't seen any EULA that contained detailed technical information yet and I think the EULA is one of the rather bad locations where to put those information in but okay, I think DataCore's lawyers had an eye on that. I opened my Windows Explorer, changed to the installation directory (there is now a new subfolder called "Telemetry" but this folder doesn't include any EULA related document) and opened the EULA.txt in the SANsymphony-folder. I read a bit and scrolled up and donw but there is nothing more than the standard EULA texts without any technical information. Searching for the words "Telemetry" or "Analytics" or "collect" doesn't show any hits. Nothing in the whole document is related to the new service.  

DataCore, I really understand the idea behind your data collection and probably this will end in a better product but I can't agree with the way this data collection service is introduced. The information is totaly incomplete or even wrong, the service runs automatically and if I, for whatever reason, have port 443 open, I will send unknown data to the cloud.

Please give all users all information about the data you sent (and don't get a second M$) from their systems and let them decide if they want it or not. And please change default service start to disabled and let the user decide if he will contribute his data or not!. For me it's clear, disabling this service is the first thing to do after update! (I really don't want to think about our security advisors if they get information about that.....)   

 

joomla templatesfree joomla templatestemplate joomla
2018  v-strange.de   globbers joomla template