1Cleversafe, Inc. All rights reserved.

Cleversafe Overview Presentation

DATA SOURCES

OROR 2Accessers are

deployed to

access the

underlying

storage

ACCESSER® LAYER

DATA SOURCES DATA SOURCES

dsNet® Manager

Is deployed to

configure and

manage the

infrastructure

1

OR OR

MANAGER®

SLICESTOR® LAYER

OR OR

3Slicestors are

deployed to store

data

SoftwareDefined

Private cloud built on Cleversafe dsNet®

11

10

9

12

3

4

2

1

11

10

9

12

3

4

2

1

11

10

9

12

7

8

6

5

SLICESTOR® LAYER

DATA SOURCES DATA SOURCES DATA SOURCES

ACCESSER® LAYER

OR OR

MANAGER®

3

Data is

encrypted, and

sliced using

Information

Dispersal

Algorithms (IDA).

1

2Slices are

dispersed to

separate disks,

storage nodes

and/or

geographic

locations.

7

8

6

5

7

8

6

5

3

4

2

1

Erasure Coding

2005

3 421 11 121097 865

IDA WIDTH = 12 = Total number of slices created

3 421

3 421

3 421

SoftwareDefined

Information dispersal in Cleversafe dsNet®

SLICESTOR® LAYER

DATA SOURCES

OROR

7

8

6

5

3

4

2

1

11

10

9

12

7

8

6

5

11

10

9

12

3

4

2

1

3

4

2

1

7

8

6

5

11

10

9

12

DATA SOURCES DATA SOURCES

ACCESSER® LAYER

OR OR

MANAGER®

3 421 11 121097 865

Total slices = WIDTH = 12

Data is

encrypted, and

sliced using

Information

Dispersal

Algorithms.

1

2Slices are

dispersed to

separate disks,

storage nodes

an/or

geographic

locations.

3dsNet can be

configured to

handle multiple

failure scenarios

Erasure Coding

2005

Always OnTHRESHOLD = 7 = Data can be retrieved using ANY 7 slices

Private cloud built on Cleversafe dsNet®

3 421 11 121097 865

IDA WIDTH = 12 = Total number of slices created

SLICESTOR® LAYER

DATA SOURCES

OROR

7

8

6

5

3

4

2

1

11

10

9

12

7

8

6

5

11

10

9

12

3

4

2

1

3

4

2

1

7

8

6

5

11

10

9

12

DATA SOURCES DATA SOURCES

ACCESSER® LAYER

OR OR

MANAGER®

Erasure Coding

2005

Data is

encrypted, and

sliced using

Information

Dispersal

Algorithms.

1

Slices are

dispersed to

separate disks,

storage nodes

and geographic

locations.

2

3In case of failures,

real time bit

perfect data is

retrieved from

threshold number

of slices.

3 421 11 121097 865

THRESHOLD = 7 = Data can be retrieved using ANY 7

slices

1

4

211

75

9

Always On

Data retrieval from Cleversafe dsNet®

SLICESTOR®

7

8

6

5

3

4

2

1

11

12

10

9

ACCESSER LAYER®

Data Access

S3 Compatible API Openstack Swift

Compatible. APISimple Object API

Data Sources Data Sources

NAS GatewaysCIFS/NFS

Backup and ArchiveLegal and Document

RepositoryStorage as a Service

The Accesser

exposes 3 REST

APIs for ingest and

retrieval

Gateways can be

added to satisfy a

variety of use cases

7Cleversafe, Inc. All rights reserved.

dsNet® Technical Capabilities

8Cleversafe, Inc. All rights reserved.

Cleversafe Strengths

Availability – No downtime during software upgrades, hardware refreshes, and in the face of disk, node, and site failures.

Security - Government grade security, no single disk, node or site contains enough information to constitute a data breach. Inherent key management.

Scalability – Scale performance and/or capacity at any time with no downtime to operations

Efficiency – Less raw storage means less power, cooling and floors pace resulting in lowest TCO

Manageability– No RAID sets or replication schemes to manage. Manage upwards of 25PBs with a single Full Time Employee.

DATA + KEY

Package

Software based. No external Key Management required. SecureSlice™ combines All Or Nothing (AONT)

encryption with IDA to form a computational secret sharing scheme.

DATA

11

12

10

9

ENCRYPT3

4

2

1

7

8

6

5

SLICESTOR® LAYER

7

8

6

5

3

4

2

1

11

12

10

9

The hash of the encrypted

segment is calculated and XOR

with random key. The result is

appended to create AONT

package

3

Data is packaged using RC4-

128 encryption with MD5-128

hash for data integrity Also

supported: AES-256 encryption

with SHA-256 hash.

4

The Accesser creates the

slices by splitting the AONT

package. The slices are written

to the Slicestors.

5

Accesser encrypts data using

randomly generated key2

AONT: Data CANNOT be

recovered from a single slice,

or any number of slices less

than the IDA threshold

6

Data and Key are sliced and dispersed

Large data files ingested into

dsNet are first sliced into

segments. Max. segment size is

4MB

1

SEGMENTS

ACCESSER LAYER®

dsNET®

Security

SecureSlice™ encoding – data at rest encryption

Vault

1Vault

2

DATA

DATA + KEY

Package

11

12

10

9

3

4

2

1

7

8

6

5

DATA

SLICESTOR® LAYER

11

12

10

9

3

4

2

1

7

8

6

5

DATA + KEY

Package

7

8

6

5

3

4

2

1

11

12

10

9

7

8

6

5

3

4

2

1

11

12

10

9

Up to 1000 Vaults can be

created within a dsNet.

Encryption + Vaults can meet the

most stringent of security

requirements

1

ACCESSER LAYER®

dsNET®

Multi Tenancy

Multiple Vaults can be created in the same dsNet to provide access and data separation.

Secure multi tenancy in the dsNet® – data at rest encryption + vaults

11Cleversafe, Inc. All rights reserved.

PerfectBits™ Data Integrity

At Rest Integrity Checking• Slice Integrity Check – Slicestors are checking themselves for corrupt slices

• Missing Slice Check – Slicestors are checking with each other to ensure all slices have

been written

• If Slices are found to be corrupt or missing they are added to the rebuild queue and rebuilt

Cleversafe uses a distributed rebuilder model Rebuild events are distributed across Slicestors

Rebuilding becomes more powerful as Slicestors are added to the system

Predictability – Rebuilder is “always on” (at a moderated rate) making I/O performance

much more predictable

Benefits: No single point of failure or

choke point for performance and

highly scalable reliability

12Cleversafe, Inc. All rights reserved.

PerfectBits™ Data Integrity

Check slice integrity Check data integrity Bit-perfect data

Inline Integrity Check

3 421 11 121097 865

Read

Request

If, during a read, a Slice is found to be corrupt, missing or otherwise

unusable, that Slice is added to a rebuild queue and the Accesser

picks a Slice from a different Slicestor to satisfy the read.

13Cleversafe, Inc. All rights reserved.

dsNet® management

Single Pane of Glass

Comprehensive management via a single web UI

APIs and Interfaces

Manager REST APIs, SNMP, and syslog

Full Featured

Health and Performance Monitoring

No Downtime

Upgrades and Appliance Moves

Security

RBAC

LDAP/AD Integration

Certificate Authority

PKI

14Cleversafe, Inc. All rights reserved.

dsNet® management, web-based access

Monitor

• Event monitoring via SNMPv3, email alerts or event console

Configure

• Create Storage containers

• Select different IDAs to meet SLA requirements

Security

• RBAC Support

Maintenance

• ‘Rolling Upgrade’ with no downtime

• Individual component maintenance

Administration

• AD Integration

• LDAP

• Access Key

• IP Restrictions

Web-Based Access

15Cleversafe, Inc. All rights reserved.

Storage Beyond Scale™

Thank You!