In this scenario created by design to test isolation from WD servers where internet has been cut off to the MCH, the My Cloud Home front LED is blinking away, yet Tailscale has no problem copying both at home (local) and away (remote and mobile) with full MFA authentication and Wireguard encryption. See set up in this thread.
This shows that the MCH could be isolated from the internet and Western Digital servers and still functioned with full security and high performance which exceeded those provided by WDC - all by using Tailscale.instead.
No Western Digital servers or apps needed.
If WD servers go down or WD network breached - user data is not affected and there is no down time.
Not only is Tailscale more secure, it is up to 1700% faster than Western Digital.
There is no catch. WD doesn’t really know how to do cloud networks and by extension…
My Cloud Home owners and users put up with it because they don’t know any better.
Simple network diagram with NAS isolation shown below, the switch is optional if there is only one computer because the ethernet cable can plug directly from the MCH into the ethernet port of the PC/Mac. Only software needed is the built in ICS (Internet Connection Sharing) of Windows or macOS. The second network adapter does not have to be a WiFi, it can be another ethernet with a cable run to the router.
Tailscale has completed a SOC 2 Type II security certification. In contrast, WDC has not published anything on SOC for their devices. Western Digital is a cloud service provider, it should apply for a SOC 2 certification.
.
fast
Tailscale enabled copying from an ICS (internet connection sharing) service with disabled internet, copying across subnets without firewall configuration but with MFA authentication and point to point Wireguard encryption.
These are the speeds of the My Cloud Home unencumbered by the Western Digital servers:
Crystal Diskmark MCH direct Gbe cable to computer (Local enabled) without WD Discovery, with ICS DHCP server.
Crystal Diskmark route across subnet without WDD. Normally if there is no VPN such as Tailscale, routing across subnet is not possible without firewall reconfiguration.
Under identical condition, Western Digitial Discovery software performed miserably when compared to the better alternative above. The result below showed MCH4S FW 9.4.0 using WD Discovery to copy across subnets is very slow even with the very small 0.1GiB file size test.
So how is Tailscale able to do this?
Security by design
Tailscale connections are end-to-end encrypted with WireGuard®
Tailscale is built on top of WireGuard.
WireGuard is a modern VPN designed for usability, performance, and security. WireGuard uses state-of-the-art cryptography and provides end-to-end encryption for connection between devices. WireGuard’s protocol has been reviewed by cryptographers and the code audited, with only minor issues discovered and fixed.
We designed Tailscale to make it even easier to use WireGuard to secure your network connections.
Tailscale sees your metadata, not your data
Tailscale does not (and cannot) inspect your traffic. Privacy is a fundamental human right, and we designed Tailscale accordingly. We don’t want your data.
