StorSimple Řešení hybridního úložiště Matouš Rokos Infrastructure Consultant Mainstram...
-
Upload
jett-folsom -
Category
Documents
-
view
223 -
download
1
Transcript of StorSimple Řešení hybridního úložiště Matouš Rokos Infrastructure Consultant Mainstram...
StorSimple Řešení hybridního úložiště
Matouš RokosInfrastructure ConsultantMainstram Technologies
4 trillion objects
Windows Azure Storage
Windows Azure Storage
Highly durable and scalable.Multiple copies of your data.
Like a GIANT hard drive—only better
Geo-replication
West DC
East DC
> 400 miles
Windows Azure StorageDefend against regional
disasters
Security
• Only you have your key.• Data cannot be recovered without your key.• Microsoft does not have your key.
…encrypted on the network…
… and remains encrypted while stored.
Data is encrypted on-premises…
Storage Account
Online protection: StorSimple
Applicationsin physical orvirtual servers
Benefits1. Data tiered to Azure depending on usage patterns.2. Fast on-ramp to the cloud.3. Seamlessly integrates cloud based archive, backup,
DR with primary storage.4. Reduce enterprise storage TCO by 60-80%.5. Ideal for File server workloads, SharePoint Archives, VM
Archives
What is itAppliance that connects Windows servers to Azure storage in minutes with no application modification.
F: StorSimple iSCSI Cloud Volume
DATA PROTECTION
StorSimple CiS Overview
11
Storage Challenges Are Broad
Primary Storage
Disk-Based Backup Storage
Tape Infrastructure and Management
Archival Storage
Replicated Storage for
DR
Offsite Facility for
Georesilience
Storage Today = Complex & Expensive
Data Management Complexity
Backup Issues
Untested Disaster Recovery
Data Growth
and Footprint
Equipment Sprawl
13
Cloud-integrated Storage (CiS) Can Help
Azure + StorSimple = 60–80% Lower TCO
Thin, ReducedSnapshots
Cloud Snapshots Recover in Cloud or Any DC
Automated Cloud-as-a-Tier
Use Cloud asSecondary DC
Cloud-Integrated SAN Storage
Primary Storage
Disk-Based Backup Storage
Tape Infrastructure and Management
Archival Storage
Replicated Storage for
DR
Offsite Facility for
Georesilience
Storage Today = Complex & Expensive
StorSimple Solution Characteristics
16
Sca
labili
ty /
Perf
orm
ance
Capacity
552010-50TB* usable local300TB max capacity
752020-100TB* usable local500TB max capacity
* Denotes usable local storage capacity with compression and de-duplication, varies by use case.
* Additional details about appliance specifications can be found at: http://storsimple.xyratex.com/storsimple/specifications
50202-10TB* usable local100TB max capacity
70204-20TB* usable local200TB max capacity
Enterprise-class Hardware Platform
1. Full MPIOs
2. Dual controllers with auto-failover
3. Dual power
4. Dual cooling
5. RAID drives
6. Hot-spare drives
7. Non-disruptive software upgrades
8. Certified by Microsoft & VMware
Highly available - no single point of failure
17
* 5020, 7020, 5520 and 7520 appliances are built and distributed by Xyratex
Primary Storage & Platform
19
StorSimple Cloud-integrated Architecture
• Seamless iSCSI integration• Highly efficient storage
• Thin provisioning• Primary storage de-duplication
• High performance + cloud elasticity• Integrated tiering: SSD, SAS & cloud
• Full security for the cloud• Local keys + encryption of all cloud data• Protecting both data-in-motion and data at
rest
• Fast, automated data protection + recovery• Automated snapshots to cloud• Fast online restores and elimination of tape• Integrated disaster recovery – lowest cost &
complexity
On an Enterprise-Class Platform• Certified: VMware-ready and Microsoft Windows Server-certified• HA: full redundancy + hot swaps + non-disruptive upgrades
SAN Storage• iSCSI SAN with auto-tiering
(SSD/SAS)• Automated snapshots• Primary dedupe/compress
Seamless Cloud Integration for:• Tiered primary + archives• Cloud snapshots: mountable for
DR
With Cloud Data Management
De-dupe and compression
• Maximizes storage of ‘hot or warm data’ on-premise for higher IOPS and/or lower response times for application access.
• Minimizes size of data transfer and storage in Azure
• Works at the block-level and replaces duplicate data blocks with a meta data map (pointers to the original block)
• Data is de-duped in the SSD tier and compressed in the SAS tier before being tiered to Azure
• On-premise data capacity can be increased by 2x – 5x based on the type of data stored
• Backup de-dupe: Cloud snapshots are differential and thereby eliminate copies of redundant blocks across backups
Total data capacity required = 10TB
D C
AA
E
C B
BB
F
D C
AD
E
D C
AC
F
Datablocks
5x de-dupe ratio
• De-duped• Compresse
d
Metadata map
Data blocks
+Capacity used = 2TB A
B CD
E F
Cloud-integrated Tiering
StorSimple Tiered ArchitectureSSD Performance, Deduplication and Auto-Tiering to Cloud
SSDDeduplicated
SASDeduplicatedCompressed
CloudDeduplicatedCompressedEncrypted
SSDLinear TierA B C A B D E
C D E
D E
E
23
Backup/Restore & Disaster Recovery
25
Cloud Snapshots: Simplicity in Data Protection & Recovery
PrimaryVolume
Snapshots
Backup, Restore & DR with StorSimple: Automated, Optimized, Reliable
Cloud Snapshots
1. Backup copy of data volume created in cloud2. Changes to local volume automatically transferred3. Cloud snapshots mountable for restore
Benefits• Backup now as easy as snapshots• Very fast restores from off-site
backups• Integrated, easy to test disaster
recovery• Truly eliminates tape
Primary Volume
Virtual Tape/Replication
Physical Tape
SnapshotOffsite Tape
Storage
Backup, Restore & DR Today: Inefficient, Complex, Laborious, and Risky
26
…Enables Seamless Scalability and Rapid Recovery
CloudSnapshots
Enterprise Data Center 1
Enterprise Data Center 2
Connect Many Servers to Cloud Storage and Scale
Data Sets with StorSimple Solution
Rapidly Recover to Any Data Center, Location-
Independent, via Mounting the Cloud
Production Data Production Data
Disaster Recovery Behind the Scenes
1. Configuration import process populates DR appliance with all information from original appliance
2. Registry restore downloads available backup information from the cloud
3. Clone operation fetches volume metadata from the cloud and creates the volume on the DR appliance
4. As and when data is requested, blocks are downloaded from the cloud
Benefits• Quick restore • Download only the required data
27
1
2 3 4
4
META DATA
DATA
28
Cloud Snapshots: Up to 100x Faster RTO
Application Recovery Times from Offsite Backups in a Disaster
Reco
very
Tim
e
Primary Data
1 TB 5 TB 20 TB 50 TB 100 TB
15 Min.
1 Hour
1 Day
7 Days
30 Days
90 Days
Regular Cloud BackupWith 100 Mbps WAN Link
Tape
StorSimple Cloud SnapshotsWith 50 Mbps WAN Link
Security
Industry-leading Security for Cloud Storage
Multiple layers of obfuscation through the system
• Original data is broken to storage blocks
• Blocks are fingerprinted + deduplicated with data from other volumes
• Obfuscated blocks are stored in compressed form
Encrypt everything before sending to Azure
• AES-256 CBC encryption is applied before transmission using customer key
• Additional SSL encryption of all data + meta-data operations with Azure
Encryption keys stay only with customer
• Microsoft/StorSimple doesn’t have access to customer encryption keys
• Keys can be imported from customer’s secure key mgmt system or generated from pass phrases
Encrypted / compressed / obfuscated blocks stored in Azure
• Data is secure even if account gets compromised
• Obfuscated• Deduplicated• Compressed
Data in cloud• Deduplicated• Compressed• Encrypted with customer key
Application Servers
• Blocks encrypted with customer key• SSL communication:
• Authentication• Metadata• Data transfer
Local DataBroken into storage blocks, then:
30
Risk mitigation and best practices
Compartmentalize information• Azure subscription can have multiple storage accounts
• Recommended to use different storage accounts to compartmentalize info – e.g. per dept, project, role, etc.
Periodical key rotation• Each account has two 256-bit access keys allows easy key rotation without service
disruption
• Only requests with valid access keys are allowed to access stored blocks
• Data fragments accessed are still obfuscated and encrypted
• Frequent key rotation (e.g. every 90 days) is recommended
• Ad-hoc/emergency key rotation if a key is compromised
StorSimple allows use of up to 64 storage accounts per system
Cloud Storage Access Security
Scenario 1: Access key got compromised
Scenario 2: Storage admin employee leaves company
31
Risk mitigation and best practices
Data at-rest is obfuscated• Data is broken to individual small blocks and fingerprinted to comprise a global de-duplication
dictionary – no volume, file system or file context
• ~16 Million obfuscated blocks per 1TB of Azure storage, spread across multiple hard drives
Data at-rest is encrypted• StorSimple systems encrypt data stored in cloud with a customer-provided encryption key.
Federal standard AES-256 encryption used.
• Up to 64 different encryption keys can be used in one appliance for data-at-rest isolation to complement access compartmentalization practice.
• Encryption key is derived from Customer Passphrase or Key generated by Key Management System. Only entered input is accessible in appliance UI.
• Microsoft or 3rd parties cannot read data when physical drives are lost, replaced, or repaired in Azure DC
Cloud Storage Data-at-Rest Security
Scenario 3: Cloud Provider decommissions server hardware or loses physical hard drives in maintenance process.
32
Support
Support for the StorSimple solution is provided by the ODM (Xyratex)
Support Offerings
34
Complete detail about the StorSimple warranty and support services can be found at:
https://storsimple.xyratex.com/warranty
Support Offerings
• Platinum Support‒ The ODM (Xyratex) will provide customers with Platinum
support and onsite spares kit (includes all field serviceable components)
‒ Field engineers are in place to go onsite and help with replacements (4 hour SLA)
‒ For international countries, ODM (Xyratex) has a contract to help with replacement (4 hour SLA)
• Gold Support‒ Gold support customers get replacement parts shipped from UK‒ Parts replacement will be done NBD (Next Business Day)‒ Customs or other port-of-entry processing may delay shipments
35
Appendix
Appliance configuration and Use
Initial Appliance Configuration
Use serial console for initial setup
• Connect serial console to the Active controller
• Run setup command and enter the network info for MGMT interface
• Run show command to display current configuration of MGMT interface
• Access StorSimple Web UI using MGMT IP address
40
• WAN bandwidth usually a scarce and expensive resource for most customers
• At the same time there’s often a surplus capacity after regular work hours and over weekends
• StorSimple Quality of Service (QoS) feature can help control how much bandwidth available during what periods
• StorSimple QoS supports multiple schedules
Managing WAN Bandwidth
Example:7AM – 7PM on Mon, Tue, Wed, Thur Fri 40 Mbps
7AM – 7PM on Sat, Sun 60 Mbps
All other times Full WAN bandwidth consumable
Alerts and Notifications
Alerts and Notifications helps in determining any deviation from the normal working of StorSimple appliance
1. Alert Emails are sent to administrators and optionally to StorSimple Support for proactive support
2. SNMP traps are sent to monitor any change in the network interface settings
42
Email Alerts
Email Alerts can be enabled or disabled for specific alerts
• Hardware Status – Change notification for hardware changes
• Licensed capacity consumption – Capacity consumption thresholds
• Cloud Access – Cloud connectivity issues
• Upgrade state change Alerts related to upgrade state changes
• Appliance restart - Controller restart or cluster failover alerts
43
Reports
Reports provide charts for monitoring current and historical metrics. Some key metrics are;
Capacity Metrics• De-duplication Ratio• Host Capacity ConsumptionStorage• IO Latency• IOPS• Read Write Bytes per SecondSystem• CPU• Network Utilization
44
Reports
• Current stats can be automatically refreshed on the displayed chart
• Historical stats are averaged over a period of time for time resolution
• Enabling monitoring on Volume or Cloud allows collection of metrics for individual objects
45
Disaster Recovery Process
1. Import configuration on the new appliance using configuration file
2. Restore registry settings to bring all backup information from the cloud
46
Disaster Recovery Process
3. Select latest backup and clone the required volumes
4. Create new ACR for hosts in DR data center and modify volumes to reflect this information
5. Mount the volumes on new host servers after establishing iSCSI connections to the StorSimple appliance
47