Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
1Cleversafe, Inc. All rights reserved.
Cleversafe Overview Presentation
DATA SOURCES
OROR 2Accessers are
deployed to
access the
underlying
storage
ACCESSER® LAYER
DATA SOURCES DATA SOURCES
dsNet® Manager
Is deployed to
configure and
manage the
infrastructure
1
OR OR
MANAGER®
SLICESTOR® LAYER
OR OR
3Slicestors are
deployed to store
data
SoftwareDefined
Private cloud built on Cleversafe dsNet®
11
10
9
12
3
4
2
1
11
10
9
12
3
4
2
1
11
10
9
12
7
8
6
5
SLICESTOR® LAYER
DATA SOURCES DATA SOURCES DATA SOURCES
ACCESSER® LAYER
OR OR
MANAGER®
3
Data is
encrypted, and
sliced using
Information
Dispersal
Algorithms (IDA).
1
2Slices are
dispersed to
separate disks,
storage nodes
and/or
geographic
locations.
7
8
6
5
7
8
6
5
3
4
2
1
Erasure Coding
2005
3 421 11 121097 865
IDA WIDTH = 12 = Total number of slices created
3 421
3 421
3 421
SoftwareDefined
Information dispersal in Cleversafe dsNet®
SLICESTOR® LAYER
DATA SOURCES
OROR
7
8
6
5
3
4
2
1
11
10
9
12
7
8
6
5
11
10
9
12
3
4
2
1
3
4
2
1
7
8
6
5
11
10
9
12
DATA SOURCES DATA SOURCES
ACCESSER® LAYER
OR OR
MANAGER®
3 421 11 121097 865
Total slices = WIDTH = 12
Data is
encrypted, and
sliced using
Information
Dispersal
Algorithms.
1
2Slices are
dispersed to
separate disks,
storage nodes
an/or
geographic
locations.
3dsNet can be
configured to
handle multiple
failure scenarios
Erasure Coding
2005
Always OnTHRESHOLD = 7 = Data can be retrieved using ANY 7 slices
Private cloud built on Cleversafe dsNet®
3 421 11 121097 865
IDA WIDTH = 12 = Total number of slices created
SLICESTOR® LAYER
DATA SOURCES
OROR
7
8
6
5
3
4
2
1
11
10
9
12
7
8
6
5
11
10
9
12
3
4
2
1
3
4
2
1
7
8
6
5
11
10
9
12
DATA SOURCES DATA SOURCES
ACCESSER® LAYER
OR OR
MANAGER®
Erasure Coding
2005
Data is
encrypted, and
sliced using
Information
Dispersal
Algorithms.
1
Slices are
dispersed to
separate disks,
storage nodes
and geographic
locations.
2
3In case of failures,
real time bit
perfect data is
retrieved from
threshold number
of slices.
3 421 11 121097 865
THRESHOLD = 7 = Data can be retrieved using ANY 7
slices
1
4
211
75
9
Always On
Data retrieval from Cleversafe dsNet®
SLICESTOR®
7
8
6
5
3
4
2
1
11
12
10
9
ACCESSER LAYER®
Data Access
S3 Compatible API Openstack Swift
Compatible. APISimple Object API
Data Sources Data Sources
NAS GatewaysCIFS/NFS
Backup and ArchiveLegal and Document
RepositoryStorage as a Service
The Accesser
exposes 3 REST
APIs for ingest and
retrieval
Gateways can be
added to satisfy a
variety of use cases
7Cleversafe, Inc. All rights reserved.
dsNet® Technical Capabilities
8Cleversafe, Inc. All rights reserved.
Cleversafe Strengths
Availability – No downtime during software upgrades, hardware refreshes, and in the face of disk, node, and site failures.
Security - Government grade security, no single disk, node or site contains enough information to constitute a data breach. Inherent key management.
Scalability – Scale performance and/or capacity at any time with no downtime to operations
Efficiency – Less raw storage means less power, cooling and floors pace resulting in lowest TCO
Manageability– No RAID sets or replication schemes to manage. Manage upwards of 25PBs with a single Full Time Employee.
DATA + KEY
Package
Software based. No external Key Management required. SecureSlice™ combines All Or Nothing (AONT)
encryption with IDA to form a computational secret sharing scheme.
DATA
11
12
10
9
ENCRYPT3
4
2
1
7
8
6
5
SLICESTOR® LAYER
7
8
6
5
3
4
2
1
11
12
10
9
The hash of the encrypted
segment is calculated and XOR
with random key. The result is
appended to create AONT
package
3
Data is packaged using RC4-
128 encryption with MD5-128
hash for data integrity Also
supported: AES-256 encryption
with SHA-256 hash.
4
The Accesser creates the
slices by splitting the AONT
package. The slices are written
to the Slicestors.
5
Accesser encrypts data using
randomly generated key2
AONT: Data CANNOT be
recovered from a single slice,
or any number of slices less
than the IDA threshold
6
Data and Key are sliced and dispersed
Large data files ingested into
dsNet are first sliced into
segments. Max. segment size is
4MB
1
SEGMENTS
ACCESSER LAYER®
dsNET®
Security
SecureSlice™ encoding – data at rest encryption
Vault
1Vault
2
DATA
DATA + KEY
Package
11
12
10
9
3
4
2
1
7
8
6
5
DATA
SLICESTOR® LAYER
11
12
10
9
3
4
2
1
7
8
6
5
DATA + KEY
Package
7
8
6
5
3
4
2
1
11
12
10
9
7
8
6
5
3
4
2
1
11
12
10
9
Up to 1000 Vaults can be
created within a dsNet.
Encryption + Vaults can meet the
most stringent of security
requirements
1
ACCESSER LAYER®
dsNET®
Multi Tenancy
Multiple Vaults can be created in the same dsNet to provide access and data separation.
Secure multi tenancy in the dsNet® – data at rest encryption + vaults
11Cleversafe, Inc. All rights reserved.
PerfectBits™ Data Integrity
At Rest Integrity Checking• Slice Integrity Check – Slicestors are checking themselves for corrupt slices
• Missing Slice Check – Slicestors are checking with each other to ensure all slices have
been written
• If Slices are found to be corrupt or missing they are added to the rebuild queue and rebuilt
Cleversafe uses a distributed rebuilder model Rebuild events are distributed across Slicestors
Rebuilding becomes more powerful as Slicestors are added to the system
Predictability – Rebuilder is “always on” (at a moderated rate) making I/O performance
much more predictable
Benefits: No single point of failure or
choke point for performance and
highly scalable reliability
12Cleversafe, Inc. All rights reserved.
PerfectBits™ Data Integrity
Check slice integrity Check data integrity Bit-perfect data
Inline Integrity Check
3 421 11 121097 865
Read
Request
If, during a read, a Slice is found to be corrupt, missing or otherwise
unusable, that Slice is added to a rebuild queue and the Accesser
picks a Slice from a different Slicestor to satisfy the read.
13Cleversafe, Inc. All rights reserved.
dsNet® management
Single Pane of Glass
Comprehensive management via a single web UI
APIs and Interfaces
Manager REST APIs, SNMP, and syslog
Full Featured
Health and Performance Monitoring
No Downtime
Upgrades and Appliance Moves
Security
RBAC
LDAP/AD Integration
Certificate Authority
PKI
14Cleversafe, Inc. All rights reserved.
dsNet® management, web-based access
Monitor
• Event monitoring via SNMPv3, email alerts or event console
Configure
• Create Storage containers
• Select different IDAs to meet SLA requirements
Security
• RBAC Support
Maintenance
• ‘Rolling Upgrade’ with no downtime
• Individual component maintenance
Administration
• AD Integration
• LDAP
• Access Key
• IP Restrictions
Web-Based Access
15Cleversafe, Inc. All rights reserved.
Storage Beyond Scale™
Thank You!