Dropbox Business Security Whitepaper 4
• Block Servers
By design, Dropbox provides a unique
security mechanism that goes beyond
traditional encryption to protect user
data. Block Servers process files from the
Dropbox applications by splitting each into
blocks, encrypting each file block using a
strong cipher, and synchronizing only blocks
that have been modified between revisions.
When a Dropbox application detects a
new file or changes to an existing file,
the application notifies the Block Servers
of the change, and new or modified file
blocks are processed and transferred to the
Storage Servers. For detailed information
on the encryption used by these services
both in transit and at rest, please see the
Encryption section below.
• Storage Servers
The actual contents of users’ files are
stored in encrypted blocks with the
Storage Servers. Prior to transmission, the
Dropbox client splits files into file blocks
in preparation for the storage. The Storage
Servers act as a Content-Addressable
Storage (CAS) system, with each individual
encrypted file block retrieved based on its
hash value.
• Metadata Servers
Certain basic information about user data,
called metadata, is kept in its own discrete
storage service and acts as an index for the
data in users’ accounts. Dropbox metadata
is stored in a MySQL-backed database
service, and is sharded and replicated as
needed to meet performance and high
availability requirements. Metadata includes
basic account and user information, like
email address, name, and device names.
Metadata also includes basic information
about files, including file names and types,
that helps support features like version
history, recovery, and sync.
• Notification Service
This separate service is dedicated to
monitoring whether or not any changes
have been made to Dropbox accounts.
No files or metadata are stored here or
transferred. Each client establishes a long
poll connection to the notification service
and waits. When a change to any file in
Dropbox takes place, the notification service
signals a change to the relevant client(s) by
closing the long poll connection. Closing
the connection signals that the client must
connect to the Metadata Servers securely
to synchronize any changes.