Protection of your intellectual property (your photographs) starts right in your home/office where you upload your photographs and process them. In this short article, I am going to share some insight into how I handle my library of photos onsite. I won’t be discussing my offsite backup strategy in this article nor going into explicit details on my network architecture or firewall settings. Needless to say, working in IT has given me the knowledge to build my own onsite solution which suits my growing needs and budget.
For my primary storage, I am utilizing a RAID 5 Synology RS814+ with a 4Gbps link to my switch stack (Figure 2). This gives me good data throughput, redundancy and management capabilities. The Synology NAS utilizes an ISCSI LUN and four WD Red Pro drives. These drives are designed for larger NAS environments (shock/vibration protection and a 5-year warranty). In a future iteration, I plan on moving up to an SSD only setup, but these drives offer great performance for most tasks.
My Nikon D810 and RAW photo editing in Adobe Photoshop workflow creates enormous files, and the ability to expand my storage seamlessly while keeping performance and redundancy on a budget is essential, and this is where the rackmount Synology product line excels. I can simply add another unit (or expansion unit) and the size scales without compromising performance or manageability.
... working in IT has given me the knowledge to build my own onsite solution
For power, I have several APC UPS all tied back to a central networked UPS (APC Smart-UPS X with Network Management Card - Figure 4) which intelligently signals my servers and workstation when there is a sustained power outage. This setup gracefully shuts storage, servers and my workstations down so that there is no data loss in extended outages. The importance of providing reliable, clean power to your storage array cannot be overstated. I am running APC’s PowerChute Network Shutdown for VMWare in a vSphere Hypervisor (ESXi) on a Dell Server.
For security, my storage sits behind an enterprise grade firewall (a Sophos UTM - Figure 3) and the Synology unit also has built-in in technology which scans for threats, attacks and viruses. The storage network is on a secure VLAN isolated from any external or unrelated local traffic. I choose not to allow wireless on my storage network or photography workstations. Authentication and access are ultimately controlled by an Active Directory server – I am running my own local domain (Sever 2012 R2 at the time of writing).
Physically my enclosure is protected by APC environmental sensors, automatically shutting equipment down should the temperature start to rise (or cool) to unacceptable levels – again protecting my data. I have 24/7 video security on my rack.
I run a dedicated process to backup my data over an encrypted fibre-optic connection to an off-site location, which is also encrypted. I choose not to store any of my original photographs (RAW or high-res jpegs) unencrypted off-site. I believe in having control of my intellectual property and choose not to trust my originals to cloud services (other than for print or one-off client tasks).
This article and all images are © Ian McGregor.