StorSimple Řešení hybridního úložiště

Matouš RokosInfrastructure ConsultantMainstram Technologies

4 trillion objects

Windows Azure Storage

Windows Azure Storage

Highly durable and scalable.Multiple copies of your data.

Like a GIANT hard drive—only better

Geo-replication

West DC

East DC

> 400 miles

Windows Azure StorageDefend against regional

disasters

Security

• Only you have your key.• Data cannot be recovered without your key.• Microsoft does not have your key.

…encrypted on the network…

… and remains encrypted while stored.

Data is encrypted on-premises…

Storage Account

Online protection: StorSimple

Applicationsin physical orvirtual servers

Benefits1. Data tiered to Azure depending on usage patterns.2. Fast on-ramp to the cloud.3. Seamlessly integrates cloud based archive, backup,

DR with primary storage.4. Reduce enterprise storage TCO by 60-80%.5. Ideal for File server workloads, SharePoint Archives, VM

Archives

What is itAppliance that connects Windows servers to Azure storage in minutes with no application modification.

F: StorSimple iSCSI Cloud Volume

DATA PROTECTION

StorSimple CiS Overview

11

Storage Challenges Are Broad

Primary Storage

Disk-Based Backup Storage

Tape Infrastructure and Management

Archival Storage

Replicated Storage for

DR

Offsite Facility for

Georesilience

Storage Today = Complex & Expensive

Data Management Complexity

Backup Issues

Untested Disaster Recovery

Data Growth

and Footprint

Equipment Sprawl

13

Cloud-integrated Storage (CiS) Can Help

Azure + StorSimple = 60–80% Lower TCO

Thin, ReducedSnapshots

Cloud Snapshots Recover in Cloud or Any DC

Automated Cloud-as-a-Tier

Use Cloud asSecondary DC

Cloud-Integrated SAN Storage

Primary Storage

Disk-Based Backup Storage

Tape Infrastructure and Management

Archival Storage

Replicated Storage for

DR

Offsite Facility for

Georesilience

Storage Today = Complex & Expensive

StorSimple Solution Characteristics

16

Sca

labili

ty /

Perf

orm

ance

Capacity

552010-50TB* usable local300TB max capacity

752020-100TB* usable local500TB max capacity

* Denotes usable local storage capacity with compression and de-duplication, varies by use case.

* Additional details about appliance specifications can be found at: http://storsimple.xyratex.com/storsimple/specifications

50202-10TB* usable local100TB max capacity

70204-20TB* usable local200TB max capacity

Enterprise-class Hardware Platform

1. Full MPIOs

2. Dual controllers with auto-failover

3. Dual power

4. Dual cooling

5. RAID drives

6. Hot-spare drives

7. Non-disruptive software upgrades

8. Certified by Microsoft & VMware

Highly available - no single point of failure

17

* 5020, 7020, 5520 and 7520 appliances are built and distributed by Xyratex

Primary Storage & Platform

19

StorSimple Cloud-integrated Architecture

• Seamless iSCSI integration• Highly efficient storage

• Thin provisioning• Primary storage de-duplication

• High performance + cloud elasticity• Integrated tiering: SSD, SAS & cloud

• Full security for the cloud• Local keys + encryption of all cloud data• Protecting both data-in-motion and data at

rest

• Fast, automated data protection + recovery• Automated snapshots to cloud• Fast online restores and elimination of tape• Integrated disaster recovery – lowest cost &

complexity

On an Enterprise-Class Platform• Certified: VMware-ready and Microsoft Windows Server-certified• HA: full redundancy + hot swaps + non-disruptive upgrades

SAN Storage• iSCSI SAN with auto-tiering

(SSD/SAS)• Automated snapshots• Primary dedupe/compress

Seamless Cloud Integration for:• Tiered primary + archives• Cloud snapshots: mountable for

DR

With Cloud Data Management

De-dupe and compression

• Maximizes storage of ‘hot or warm data’ on-premise for higher IOPS and/or lower response times for application access.

• Minimizes size of data transfer and storage in Azure

• Works at the block-level and replaces duplicate data blocks with a meta data map (pointers to the original block)

• Data is de-duped in the SSD tier and compressed in the SAS tier before being tiered to Azure

• On-premise data capacity can be increased by 2x – 5x based on the type of data stored

• Backup de-dupe: Cloud snapshots are differential and thereby eliminate copies of redundant blocks across backups

Total data capacity required = 10TB

D C

AA

E

C B

BB

F

D C

AD

E

D C

AC

F

Datablocks

5x de-dupe ratio

• De-duped• Compresse

d

Metadata map

Data blocks

+Capacity used = 2TB A

B CD

E F

Cloud-integrated Tiering

StorSimple Tiered ArchitectureSSD Performance, Deduplication and Auto-Tiering to Cloud

SSDDeduplicated

SASDeduplicatedCompressed

CloudDeduplicatedCompressedEncrypted

SSDLinear TierA B C A B D E

C D E

D E

E

23

Backup/Restore & Disaster Recovery

25

Cloud Snapshots: Simplicity in Data Protection & Recovery

PrimaryVolume

Snapshots

Backup, Restore & DR with StorSimple: Automated, Optimized, Reliable

Cloud Snapshots

1. Backup copy of data volume created in cloud2. Changes to local volume automatically transferred3. Cloud snapshots mountable for restore

Benefits• Backup now as easy as snapshots• Very fast restores from off-site

backups• Integrated, easy to test disaster

recovery• Truly eliminates tape

Primary Volume

Virtual Tape/Replication

Physical Tape

SnapshotOffsite Tape

Storage

Backup, Restore & DR Today: Inefficient, Complex, Laborious, and Risky

26

…Enables Seamless Scalability and Rapid Recovery

CloudSnapshots

Enterprise Data Center 1

Enterprise Data Center 2

Connect Many Servers to Cloud Storage and Scale

Data Sets with StorSimple Solution

Rapidly Recover to Any Data Center, Location-

Independent, via Mounting the Cloud

Production Data Production Data

Disaster Recovery Behind the Scenes

1. Configuration import process populates DR appliance with all information from original appliance

2. Registry restore downloads available backup information from the cloud

3. Clone operation fetches volume metadata from the cloud and creates the volume on the DR appliance

4. As and when data is requested, blocks are downloaded from the cloud

Benefits• Quick restore • Download only the required data

27

1

2 3 4

4

META DATA

DATA

28

Cloud Snapshots: Up to 100x Faster RTO

Application Recovery Times from Offsite Backups in a Disaster

Reco

very

Tim

e

Primary Data

1 TB 5 TB 20 TB 50 TB 100 TB

15 Min.

1 Hour

1 Day

7 Days

30 Days

90 Days

Regular Cloud BackupWith 100 Mbps WAN Link

Tape

StorSimple Cloud SnapshotsWith 50 Mbps WAN Link

Security

Industry-leading Security for Cloud Storage

Multiple layers of obfuscation through the system

• Original data is broken to storage blocks

• Blocks are fingerprinted + deduplicated with data from other volumes

• Obfuscated blocks are stored in compressed form

Encrypt everything before sending to Azure

• AES-256 CBC encryption is applied before transmission using customer key

• Additional SSL encryption of all data + meta-data operations with Azure

Encryption keys stay only with customer

• Microsoft/StorSimple doesn’t have access to customer encryption keys

• Keys can be imported from customer’s secure key mgmt system or generated from pass phrases

Encrypted / compressed / obfuscated blocks stored in Azure

• Data is secure even if account gets compromised

• Obfuscated• Deduplicated• Compressed

Data in cloud• Deduplicated• Compressed• Encrypted with customer key

Application Servers

• Blocks encrypted with customer key• SSL communication:

• Authentication• Metadata• Data transfer

Local DataBroken into storage blocks, then:

30

Risk mitigation and best practices

Compartmentalize information• Azure subscription can have multiple storage accounts

• Recommended to use different storage accounts to compartmentalize info – e.g. per dept, project, role, etc.

Periodical key rotation• Each account has two 256-bit access keys allows easy key rotation without service

disruption

• Only requests with valid access keys are allowed to access stored blocks

• Data fragments accessed are still obfuscated and encrypted

• Frequent key rotation (e.g. every 90 days) is recommended

• Ad-hoc/emergency key rotation if a key is compromised

StorSimple allows use of up to 64 storage accounts per system

Cloud Storage Access Security

Scenario 1: Access key got compromised

Scenario 2: Storage admin employee leaves company

31

Risk mitigation and best practices

Data at-rest is obfuscated• Data is broken to individual small blocks and fingerprinted to comprise a global de-duplication

dictionary – no volume, file system or file context

• ~16 Million obfuscated blocks per 1TB of Azure storage, spread across multiple hard drives

Data at-rest is encrypted• StorSimple systems encrypt data stored in cloud with a customer-provided encryption key.

Federal standard AES-256 encryption used.

• Up to 64 different encryption keys can be used in one appliance for data-at-rest isolation to complement access compartmentalization practice.

• Encryption key is derived from Customer Passphrase or Key generated by Key Management System. Only entered input is accessible in appliance UI.

• Microsoft or 3rd parties cannot read data when physical drives are lost, replaced, or repaired in Azure DC

Cloud Storage Data-at-Rest Security

Scenario 3: Cloud Provider decommissions server hardware or loses physical hard drives in maintenance process.

32

Support

Support for the StorSimple solution is provided by the ODM (Xyratex)

Support Offerings

34

Complete detail about the StorSimple warranty and support services can be found at:

https://storsimple.xyratex.com/warranty

Support Offerings

• Platinum Support‒ The ODM (Xyratex) will provide customers with Platinum

support and onsite spares kit (includes all field serviceable components)

‒ Field engineers are in place to go onsite and help with replacements (4 hour SLA)

‒ For international countries, ODM (Xyratex) has a contract to help with replacement (4 hour SLA)

• Gold Support‒ Gold support customers get replacement parts shipped from UK‒ Parts replacement will be done NBD (Next Business Day)‒ Customs or other port-of-entry processing may delay shipments

35

Appendix

Appliance configuration and Use

Initial Appliance Configuration

Use serial console for initial setup

• Connect serial console to the Active controller

• Run setup command and enter the network info for MGMT interface

• Run show command to display current configuration of MGMT interface

• Access StorSimple Web UI using MGMT IP address

40

• WAN bandwidth usually a scarce and expensive resource for most customers

• At the same time there’s often a surplus capacity after regular work hours and over weekends

• StorSimple Quality of Service (QoS) feature can help control how much bandwidth available during what periods

• StorSimple QoS supports multiple schedules

Managing WAN Bandwidth

Example:7AM – 7PM on Mon, Tue, Wed, Thur Fri 40 Mbps

7AM – 7PM on Sat, Sun 60 Mbps

All other times Full WAN bandwidth consumable

Alerts and Notifications

Alerts and Notifications helps in determining any deviation from the normal working of StorSimple appliance

1. Alert Emails are sent to administrators and optionally to StorSimple Support for proactive support

2. SNMP traps are sent to monitor any change in the network interface settings

42

Email Alerts

Email Alerts can be enabled or disabled for specific alerts

• Hardware Status – Change notification for hardware changes

• Licensed capacity consumption – Capacity consumption thresholds

• Cloud Access – Cloud connectivity issues

• Upgrade state change Alerts related to upgrade state changes

• Appliance restart - Controller restart or cluster failover alerts

43

Reports

Reports provide charts for monitoring current and historical metrics. Some key metrics are;

Capacity Metrics• De-duplication Ratio• Host Capacity ConsumptionStorage• IO Latency• IOPS• Read Write Bytes per SecondSystem• CPU• Network Utilization

44

Reports

• Current stats can be automatically refreshed on the displayed chart

• Historical stats are averaged over a period of time for time resolution

• Enabling monitoring on Volume or Cloud allows collection of metrics for individual objects

45

Disaster Recovery Process

1. Import configuration on the new appliance using configuration file

2. Restore registry settings to bring all backup information from the cloud

46

Disaster Recovery Process

3. Select latest backup and clone the required volumes

4. Create new ACR for hosts in DR data center and modify volumes to reflect this information

5. Mount the volumes on new host servers after establishing iSCSI connections to the StorSimple appliance

47