Anchor is a software platform that enables online file synchronization, sharing, and backup for businesses. With a focus on security, reliability, and integration, Anchor provides IT professionals with a solution to the universal access, sharing, and file-recovery problems that plague businesses. Simply put, Anchor is the most advanced file-based cloud-synchronization platform for businesses.
The platform is comprised of two services: server and agent. The server service can be hosted within a company’s internal infrastructure or may be provided by Anchor’s hosted cloud infrastructure. The agent can be deployed to a multitude of endpoints, including desktops, laptops, servers, and mobile devices. Policies and management controls are administered by the user.
The Anchor server and agent were built using C++ to maximize the use of machine resources and to provide cross-platform support. The Anchor server brokers the sync events among agents and stores files as encrypted and compressed binaries. File meta-data such as filename, modified date, and revision information are abstracted and stored in SQLite databases for purposes of scalability and rapid-access. Policy and account information are stored in a PostgreSQL database. Accounts are provisioned and policies are governed through a web interface powered by Apache.
Note: The Anchor team is currently working to migrate SQLite databases to PostgreSQL for improved performance.
The system requirements for the server are as follows:
|Hard Disk:||350 mb for installation||
1 TB+ direct-attached hard disk
6 gb/s transfer speed
32 mb cache
7200+ RPM or SSD
|Ram:||2 gb||6 gb|
|CPU:||2 Ghz single core||3 Ghz quad-core|
Windows 2008 Server R2
Windows 2012 Server
Windows 2012 Server R2
Windows Server 2016
The desktop client is compatible with the following operating systems:
|Windows 7||El Capitan v10.11*|
|Windows 8||Sierra v.10.12*|
|Windows 8.1 (including Surface Pro)||High Sierra v.10.13*|
|Windows 2008 Server|
|Windows 2012 Server|
|Windows 2012 Server R2|
|Windows Server 2016|
* Only 64-bit OSX machines are supported.
Minimum system requirements are as follows:
|Hard disk:||35mb for installation|
|CPU:||1 Ghz single-core or better|
Mobile Application Support
Apple iOS 2.4+
Anchor is committed to providing partners with advanced integration options, allowing MSPs and other service providers to manage Anchor while leveraging familiar tools and systems. Administrative integration options include:
End users can also integrate with the applications they know and use on a daily basis. End user integration options include:
In-lab load-testing has identified that Anchor installed on a Windows 2008 R2 Server that meets the recommended system requirements can concurrently handle the following load without incident:
- 5,000 simultaneous connected agents each syncing files up and down
- 1,200 simultaneous Apache web requests
Because of the use of an rsync-derived algorithm and a file-queuing mechanism on the desktop client, there is no logical limit to the number or size of files that can be backed-up by the Anchor desktop client. File size and count limitations are determined by the file-systems in use, not the Anchor desktop client.
Anchor employs an rsync-derived algorithm that only sends and stores a file’s deltas (changes), compressed and encrypted, from revision to revision. This algorithm detects byte-level changes and, unlike block-level algorithms, will not re-upload an entire file even if all data within a file shifts as the result of a block being inserted at its beginning.
Security is a core component of the Anchor platform. If a device is compromised, administrators have the ability to remotely wipe Anchor data from affected machines. No passwords or confidential information are stored in plain-text in the database. Additionally, our hosted solution operates in an SSAE16 and SAS-70 Type II compliant datacenter.
Data is protected using 256-bit AES (Advance Encryption Standard), both in transit and at rest.
When syncing data to the server, the desktop client encrypts data using 256-bit AES. This data is then sent over TLS to the server, which receives the encrypted binary data and stores it in its encrypted format at rest.
When the desktop client requests data from the server, the data is received over TLS; the desktop client then decrypts the data upon receipt before turning it into the original file. When a file is requested through the web, mobile apps, or through the API, the server will decrypt the data and then present the full file to these clients.
The Apache configuration includes TLS ciphers that successfully mitigate the risks of the POODLE vulnerability, as well as potential BEAST server-side attacks. Additionally, to protect against brute force and dictionary attacks, browsers are prevented from logging in for 30 minutes after 5 failed login attempts.
The following password-complexity requirements are enforced across the Anchor system:
- The password is at least six characters long.
- The password does not contain three or more characters from the user's account name.
- The password contains characters from at least three of the following five categories:
- English uppercase characters (A - Z)
- English lowercase characters (a - z)
- Base 10 digits (0 - 9)
- Non-alphanumeric (For example: !, $, #, or %)
- Unicode characters
For hosted solutions, partners must provide their own SSL certificate.
High-Availability and Reliability for Private Cloud Partners
For partners planning on hosting their own Anchor platform, there are several configurations which support high-availability. By default, the Anchor Server Installer installs a single application server, web server, and database server on one machine. Alternatively, partners may want to configure a high availability (HA) environment where the Apache server and PostgreSQL database server are installed on separate machines and Anchor is replicated on multiple machines. Ultimately, this eliminates a single-point of failure at the Anchor level and allows for distribution of load across multiple Anchor servers.
Note: The high availability configuration is for the Anchor server only; it is not for the Apache or PostgreSQL server. While HA configuration allows partners to place Apache or PostgreSQL on the server of their choice within the high availability cluster, it does not replicate the Apache or PostgreSQL servers. The system will only recognize one instance of the Apache server and one instance of the PostgreSQL server. Instead, both Apache and PostgreSQL can be set up on a host either with VM or HyperV.
Raw binary data
We recommend that the volumes allocated for the storage of raw-binary data be configured in a RAID-array or other highly-reliable, healable storage format.
SQLite databases take up a relatively miniscule percentage of storage compared to the raw binary data. Anchor recommends that SQLite databases be backed up regularly using standard file or disk backup applications.