StorSimple
Řešení hybridního úložiště
Matouš Rokos
Infrastructure Consultant
Mainstram Technologies
Windows Azure Storage
Like a GIANT hard drive—only better
Highly durable and scalable.
Multiple copies of your data.
Windows Azure Storage
Defend against regional disasters
Security
Storage Account
1.
2.
3.
4.
5.
StorSimple CiS Overview
Storage Challenges Are Broad
Equipment
Sprawl
Primary
Storage
Data Growth
and Footprint
Archival
Storage
Data
Management
Complexity
Disk-Based
Backup Storage
Backup Issues
Tape Infrastructure
and Management
Replicated
Storage for DR
Untested
Disaster
Recovery
Offsite Facility for
Georesilience
Storage Today = Complex & Expensive
11
Cloud-integrated Storage (CiS) Can Help
Azure + StorSimple = 60–80% Lower TCO
Cloud-Integrated
SAN Storage
Primary
Storage
Automated
Cloud-as-a-Tier
Archival
Storage
Thin, Reduced
Snapshots
Disk-Based
Backup Storage
Cloud Snapshots
Tape Infrastructure
and Management
Recover in Cloud
or Any DC
Replicated
Storage for DR
Use Cloud as
Secondary DC
Offsite Facility for
Georesilience
Storage Today = Complex & Expensive
13
Scalability / Performance
StorSimple Solution Characteristics
7520
20-100TB* usable local
500TB max capacity
5520
10-50TB* usable local
300TB max capacity
7020
4-20TB* usable local
200TB max capacity
5020
2-10TB* usable local
100TB max capacity
Capacity
* Denotes usable local storage capacity with compression and de-duplication, varies by use case.
* Additional details about appliance specifications can be found at: http://storsimple.xyratex.com/storsimple/specifications
16
Enterprise-class Hardware Platform
Highly available - no single point of failure
1. Full MPIOs
2. Dual controllers with auto-failover
3. Dual power
4. Dual cooling
5. RAID drives
6. Hot-spare drives
7. Non-disruptive software upgrades
8. Certified by Microsoft & VMware
* 5020, 7020, 5520 and 7520 appliances are built and distributed by Xyratex
17
Primary Storage & Platform
StorSimple Cloud-integrated Architecture
SAN Storage
With Cloud Data Management
• iSCSI SAN with auto-tiering (SSD/SAS)
• Automated snapshots
• Primary dedupe/compress
Seamless Cloud Integration for:
• Tiered primary + archives
• Cloud snapshots: mountable for DR
On an Enterprise-Class Platform
• Certified: VMware-ready and Microsoft Windows Server-certified
• HA: full redundancy + hot swaps + non-disruptive upgrades
• Seamless iSCSI integration
• Highly efficient storage
•
•
Thin provisioning
Primary storage de-duplication
• High performance + cloud elasticity
•
Integrated tiering: SSD, SAS & cloud
• Full security for the cloud
•
•
Local keys + encryption of all cloud data
Protecting both data-in-motion and data at rest
• Fast, automated data protection + recovery
• Automated snapshots to cloud
• Fast online restores and elimination of tape
• Integrated disaster recovery – lowest cost &
complexity
19
De-dupe and compression
Total data capacity required = 10TB
•
•
•
•
Maximizes storage of ‘hot or warm data’ onpremise for higher IOPS and/or lower response
times for application access.
Minimizes size of data transfer and storage in Azure
E
Data
blocks
F
E
F
A
A
B
B
D
A
C
A
D
C
C
B
D
C
D
C
Works at the block-level and replaces duplicate
data blocks with a meta data map (pointers to the
original block)
5x
de-dupe ratio
Metadata map
Data blocks
Data is de-duped in the SSD tier and compressed in
the SAS tier before being tiered to Azure
•
On-premise data capacity can be increased by 2x –
5x based on the type of data stored
•
Backup de-dupe: Cloud snapshots are differential
and thereby eliminate copies of redundant blocks
across backups
A
Capacity used = 2TB
C
B
D
E
•
•
F
De-duped
Compressed
+
Cloud-integrated Tiering
StorSimple Tiered Architecture
SSD Performance, Deduplication and Auto-Tiering to
Cloud
SSD
A
B
C
A
B
D
E
Linear Tier
SSD
E
Deduplicated
SAS
C
D
D
E
Deduplicated
Compressed
E
Cloud
Deduplicated
Compressed
Encrypted
23
Backup/Restore & Disaster Recovery
Cloud Snapshots: Simplicity in Data Protection & Recovery
Backup, Restore & DR Today: Inefficient, Complex, Laborious, and Risky
Primary
Volume
Snapshot
Virtual Tape/
Replication
Physical
Tape
Offsite Tape
Storage
Backup, Restore & DR with StorSimple: Automated, Optimized, Reliable
Snapshots
Primary
Volume
Cloud Snapshots
1. Backup copy of data volume created in cloud
2. Changes to local volume automatically transferred
3. Cloud snapshots mountable for restore
Benefits
• Backup now as easy as snapshots
• Very fast restores from off-site backups
• Integrated, easy to test disaster recovery
• Truly eliminates tape
25
…Enables Seamless Scalability and Rapid Recovery
Cloud
Snapshots
Production Data
Production Data
Enterprise Data Center 1
Enterprise Data Center 2
Connect Many Servers to Cloud
Storage and Scale Data Sets
with StorSimple Solution
Rapidly Recover to Any Data
Center, Location-Independent,
via Mounting the Cloud
26
Disaster Recovery Behind the Scenes
1. Configuration import process populates DR
appliance with all information from original
appliance
2. Registry restore downloads available backup
information from the cloud
3. Clone operation fetches volume metadata
from the cloud and creates the volume on
the DR appliance
4. As and when data is requested, blocks are
downloaded from the cloud
META DATA
DATA
2
3
4
1
Benefits
• Quick restore
• Download only the required data
4
27
Cloud Snapshots: Up to 100x Faster RTO
90 Days
Recovery Time
Application
Recovery Times
from Offsite
Backups in a
Disaster
Regular Cloud
Backup
30 Days
With 100 Mbps WAN Link
7 Days
Tape
1 Day
StorSimple Cloud
Snapshots
1 Hour
With 50 Mbps WAN Link
15 Min.
1 TB
5 TB
20 TB
50 TB
100 TB
Primary Data
28
Security
Industry-leading Security for Cloud Storage
Multiple layers of obfuscation through the system
• Original data is broken to storage blocks
Application Servers
• Blocks are fingerprinted + deduplicated with data from other volumes
• Obfuscated blocks are stored in compressed form
Encrypt everything before sending to Azure
• AES-256 CBC encryption is applied before transmission using customer key
• Additional SSL encryption of all data + meta-data operations with Azure
Encryption keys stay only with customer
• Microsoft/StorSimple doesn’t have access to customer encryption keys
• Keys can be imported from customer’s secure key mgmt system or
generated from pass phrases
Encrypted / compressed / obfuscated blocks stored in Azure
• Data is secure even if account gets compromised
Local Data
Broken into storage blocks, then:
• Obfuscated
• Deduplicated
• Compressed
• Blocks encrypted with customer key
• SSL communication:
• Authentication
• Metadata
• Data transfer
Data in cloud
• Deduplicated
• Compressed
• Encrypted with customer key
30
Cloud Storage Access Security
Scenario 1: Access key got compromised
Scenario 2: Storage admin employee leaves company
Risk mitigation and best practices
Compartmentalize information
•
Azure subscription can have multiple storage accounts
•
Recommended to use different storage accounts to compartmentalize info – e.g. per dept, project, role, etc.
Periodical key rotation
•
Each account has two 256-bit access keys  allows easy key rotation without service disruption
•
Only requests with valid access keys are allowed to access stored blocks
•
Data fragments accessed are still obfuscated and encrypted
•
Frequent key rotation (e.g. every 90 days) is recommended
•
Ad-hoc/emergency key rotation if a key is compromised
StorSimple allows use of up to 64 storage accounts per system
31
Cloud Storage Data-at-Rest Security
Scenario 3: Cloud Provider decommissions server hardware or loses physical hard drives in maintenance process.
Risk mitigation and best practices
Data at-rest is obfuscated
•
Data is broken to individual small blocks and fingerprinted to comprise a global de-duplication dictionary –
no volume, file system or file context
•
~16 Million obfuscated blocks per 1TB of Azure storage, spread across multiple hard drives
Data at-rest is encrypted
•
StorSimple systems encrypt data stored in cloud with a customer-provided encryption key. Federal standard
AES-256 encryption used.
•
Up to 64 different encryption keys can be used in one appliance for data-at-rest isolation to complement
access compartmentalization practice.
•
Encryption key is derived from Customer Passphrase or Key generated by Key Management System. Only
entered input is accessible in appliance UI.
•
Microsoft or 3rd parties cannot read data when physical drives are lost, replaced, or repaired in Azure DC
32
Support
Support Offerings
 Support for the StorSimple solution is provided by the ODM (Xyratex)
Complete detail about the StorSimple
warranty and support services can be
found at:
https://storsimple.xyratex.com/warranty
34
Support Offerings
• Platinum Support
‒ The ODM (Xyratex) will provide customers with Platinum support and
onsite spares kit (includes all field serviceable components)
‒ Field engineers are in place to go onsite and help with replacements
(4 hour SLA)
‒ For international countries, ODM (Xyratex) has a contract to help with
replacement (4 hour SLA)
• Gold Support
‒ Gold support customers get replacement parts shipped from UK
‒ Parts replacement will be done NBD (Next Business Day)
‒ Customs or other port-of-entry processing may delay shipments
35
Appendix
Appliance configuration and Use
Initial Appliance Configuration
Use serial console for initial setup
• Connect serial console to the Active
controller
• Run setup command and enter the
network info for MGMT interface
• Run show command to display current
configuration of MGMT interface
• Access StorSimple Web UI using MGMT
IP address
40
Managing WAN Bandwidth
• WAN bandwidth usually a scarce and
expensive resource for most customers
• At the same time there’s often a surplus
capacity after regular work hours and
over weekends
• StorSimple Quality of Service (QoS)
feature can help control how much
bandwidth available during what
periods
• StorSimple QoS supports multiple
schedules
Example:
7AM – 7PM on Mon, Tue, Wed, Thur Fri  40 Mbps
7AM – 7PM on Sat, Sun  60 Mbps
All other times  Full WAN bandwidth consumable
Alerts and Notifications
Alerts and Notifications helps in
determining any deviation from the
normal working of StorSimple appliance
1. Alert Emails are sent to administrators
and optionally to StorSimple Support
for proactive support
2. SNMP traps are sent to monitor any
change in the network interface
settings
42
Email Alerts
Email Alerts can be enabled or disabled for
specific alerts
•
Hardware Status – Change notification for
hardware changes
•
Licensed capacity consumption – Capacity
consumption thresholds
•
Cloud Access – Cloud connectivity issues
•
Upgrade state change Alerts related to
upgrade state changes
•
Appliance restart - Controller restart or cluster
failover alerts
43
Reports
Reports provide charts for
monitoring current and historical
metrics. Some key metrics are;
Capacity Metrics
• De-duplication Ratio
• Host Capacity Consumption
Storage
• IO Latency
• IOPS
• Read Write Bytes per Second
System
• CPU
• Network Utilization
44
Reports
• Current stats can be automatically
refreshed on the displayed chart
• Historical stats are averaged over a
period of time for time resolution
• Enabling monitoring on Volume or
Cloud allows collection of metrics
for individual objects
45
Disaster Recovery Process
1. Import configuration on the new appliance
using configuration file
2. Restore registry settings to bring all backup
information from the cloud
46
Disaster Recovery Process
3. Select latest backup and clone the required
volumes
4. Create new ACR for hosts in DR data center and
modify volumes to reflect this information
5. Mount the volumes on new host servers after
establishing iSCSI connections to the StorSimple
appliance
47