Upload
phunghanh
View
227
Download
1
Embed Size (px)
Citation preview
29.09.2011 | Maxim Schnjakin
A Security and High-Availability Layer for Cloud Storage
Sino-German Workshop on Cloud-based High Performance Computing
Sep. 26 - Oct.1, Shanghai
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
Outline
■ Motivation
□ Focus and challenges
■ Our approach
□ Cloud storage layer
□ Identification of services
□ Data distribution
□ Recent results
■ Conclusion and future work
2
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
A Working Definition of Cloud Computing
■ Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction
– The NIST definition of cloud computing
3
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
4
Motivation and Challenges
■ Focus
□ Storage as a Service
□ Infrastructure as a Service
■ Challenges
□ Selection of the suitable service provider
□ Security
□ Reliability & Availability
□ Lock-in
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
■ Requirements
□ Reliability & Security
□ Support by the identification of the „best“ suitable provider
□ Identification of the selection parameters
□ Currentness of the information
■ Replication of data as a solution?
□ Missing API standardisation makes the integration process difficult
□ Not cost-efficient
5
Requirements
Anwender
Web Portal
Nutzerinterface
Ressourcen Management
Nirvanix SND
Rackspace
GoGrid
Amazon S3
...
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
Architecture
■ Cloud Storage Layer
6
web service
User
user interface
Resource Management
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
Implementation
■ User Interface
□ Data management
□ Specification of the requirements
– Costs– Geographic location– QoS-Parameters
□ Upload- and download preferences (budget-oriented content deployment)
7
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
■ Resource-Management Module:
□ Matching occurs by means of specified QoS-Parameters– latency, geographic location, availability, costs ...– language is flexible (further parameters are possible)
□ Integration of „user experience“– monitoring of each user-provider interaction
8
Implementation
Ressourcen Management
Registry & Matching Service
Reputation Service Service Repository
Resource Management Service
Matching ServiceAmazon S3
Nirnanix SND...
AnwenderUser
Resource Management
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
■ Data Distribution Module
□ Spreads the data among the selected cloud providers
□ Back to the roots: – Implementation of
software RAID
9
Implementation
Data Distribution Service
Amazon S3 Connector
Nirvanix SND Connector
Rackspace Connector
Data Fragmentation Service
FF3,1 F3,2 F3,3
F2,1 F2,2 F2,3
F1,1 F1,2 F1,3
Data Distribution
Amazon S3
Nirvanix SND
Rackspace
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
Redundant Array of Inexpensive Disks
■ Developed at the Berkley University 1987
■ Increase of reliability
■ Increase of performance
■ Cost-cutting through the usage of cheap hardware devices
■ Various RAID-Algorithms
□ RDP Coding
□ Liberation Code
□ Reed-Solomon Coding
□ Cauchy Reed-Solomon Coding
□ EVENODD Coding ...
10
Disk 1 Disk 2
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
11
Redundant Array of Inexpensive Disks
File F
Device A Device B Device C
RAID-Algorithm
Device D
Amazon S3Nirvanix RackspaceGoGrid
⊕ ⊕
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
Evaluation of RAID-Algorithms
■ Selection criteria
□ Encoding-Performance
□ Decoding-Performance
□ Feasibility of the implementation
□ Costs of the implementation
■ Decisive parameters
□ k = the number of data packages („hardware devices“)
□ m = the number of coding packages (parity data)□ w = word size (the size of the coding words)
12
Anwender
Webbrowser
Java-Applet
GoGridAmazon S3
Database
Librarieserasure.jnilib
unsere Plattform
Internet
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
Implementation
■ Implementation of the Liberation algorithm in C
■ Embedment of C-libraries with Java-JNI
■ Meta data is stored in the local data bank
■ Data processing (coding) on the side of the user
■ The platform
□ Deployment of „new“ storage services
□ Provision of „reputation information“
13
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
Performance measurement
14
Time
MB
/ se
c
■ Encoding performance
10
5
15
20
25
30
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
Conclusion
■ Bandwidth of cloud service provider might become a bottleneck
■ Increase of data transfer rates
■ Increase of the availability and reliability by providing a better economical efficiency
□ we are able to tolerate the outage of various service providers (by data overhead of 10%)
■ Increase of data security
□ Physical segregation of data sets
□ None of the vendors is in absolute possession of data– providers are not able to „misuse“ entrusted data
□ Decrease of the lock-in risk
16
Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011
Future Work
■ Reliable reputation algorithms
■ Dynamic adoption of the coding parameters
■ Implementation of encryption functionality
■ Integration of further storage providers
■ The solution of the single source of failure problem
17
Dipl.-Inf. Maxim Schnjakin | 10. Mai 2011 | IT-Sicherheitskongress
Questions? Remarks?
Maxim Schnjakin: [email protected]
Hasso-Plattner-Institute, University of Potsdam, Germany
18
Thank you for your attention