Sunday, 16 August 2009

Storage Security

In this post I'm going to discuss a small area of storage security, specifically the privacy side of the security coin, more specifically array data erase. Right, so in my view security is a very dangerous area for people to wade into, especially storage people.

However when we do dare to wade into this area my feeling is that the storage people often either :-
  1. Totally ignore the topic and hope (the religious Ostrich strategy)
  2. Simply don't understand the topic, and have no idea how to assimilate the vast myriad of actual or hype 'requirements' that impact storage from a security aspect, or frankly don't know who to trust in this area (other than @beaker obviously)
  3. People often select and place security technologies in the wrong areas in the mis-belief that this will help them
Security is always an expensive topic in terms of investment, process and discipline - and generally I'd argue that often a bad security design, or technology, is actually worse (& more expensive) than no security.

However one interesting security technology that I do think has a use in the storage array area is the TCG SSC Opal standards work, which should offer another option in the 'data erase' sector.

With it already often taking "well over a week" to securely erase a current 100TB array, just how long do you think it will take to secure erase a 2PB disk array using current methods, and at what cost? For those companies disposing of, or refreshing, 10s->100s of arrays every year, this is a major & expensive pain.

My understanding of one element of TCG SSC Opal is that each individual disk interface uses standards-based encryption techniques and methodologies (AES-128 or AES-256) to encrypt all data stored on that disk. Further this supports multiple storage ranges with each having its own authentication and encryption key. The range start, range length, read/write locks as well as the user read/write access control for each range are configurable by the administrator. Thus to 'erase' the data only the keys need to be revoked and destroyed within the drive.

Problems addressed
  • Failed / failing disks - Allowing data on failing disks to be 'erased' rapidly as part of the disk swap process.
  • Technology refresh & Array disposal - clearly before an array and it's disks can be exited from a company the data on disks must be rendered inaccessible, incurring considerable cost and time. Sometimes this results in physical destruction of the array and disks, preventing any possible credit / resale value.
  • Array relocation - increasingly it's a requirement to secure erase an array prior to moving it to an alternate location within the same company. Again incurring additional cost and time delays for the relocation.
  • Lack of standards - sure there's the U.S. Department of Defence 5220-22.M specification document, but this isn't an international standard, and is open to interpretation.
Benefits
  • Standards - this will provide an industry standard based method, against which vendors & technologies can be measured and operational practices audited against. Should also help reduce the FUD from technology sales in this area.
  • Scalability - unlike other 'in band' encryption technologies this solution scales linearly and independently with each disk in system, no bottlenecks or SPOFs introduced.
  • Time to erase - now this is a major pain as array capacities grow, particularly in migrations where the data on the array must be securely erased prior to array decommissioning. Hence extending the duration that power/cooling is needed etc. Anything that improves this timeline on-site is a significant benefit.
  • Reliability - strange one I know, but a fair % of enterprises do not allow their failing disks to be returned to the manufacturer under support or warranty, preferring instead to physically destroy such disks and pay for new ones. Thus denying the manufacture the RCA analysis process and not contributing to the continual improvement process. If the data on the disk is useless (according to an agreed standard, and at no cost/time impact to customer) then these disks may now go back into the RMA processes to the benefit of all.
  • Security - by providing an easy to utilise technology the technology should see increased utilisation and hence an overall improvement in the security of data in this area.
  • Cost reduction - clearly anything that saves time reduces some elements of cost. But this should also make a fair dent in additional technology sales and professional services costs. Similarly, should also reduce the need to physically destroy (disks & arrays) during refresh projects, and thus expand a resale market / opportunity.
The questions I want to know answers to though are :-
  • Why haven't I been hearing about this from array manufacturers in their 'long range' roadmaps?
  • When will we see the first array manufacturer supporting this? (the disk manufacturers are already doing so and shipping products)
  • What will be the cost uplift for this technology in disk & array?
  • When will the first customers mandate this in their storage RFx requirements?
Clearly this is only going to help for 'data at rest', on newer disk drive models & arrays, and not for portable media etc - but it's a step in the right direction.

Yes there is a need for more 'intelligence' in the disk drive firmware to ensure that latency & throughput levels are maintained. Yes there is work on the array needed for mngt control interfaces and KMS relationships etc. But I want to know more and get answers to my questions above :)

Some links for further reading on TCG SSC Opal :-
http://www.trustedcomputinggroup.org
http://www.trustedcomputinggroup.org/developers/storage
http://www.trustedcomputinggroup.org/developers/storage/specifications
http://www.trustedcomputinggroup.org/developers/storage/faq
http://www.trustedcomputinggroup.org/files/static_page_files/B1105605-1D09-3519-AD6FD7F6056B2309/Opal_SSC_FAQ_final_Jan_27_4_.pdf
Reblog this post [with Zemanta]

Now I'm no hippy but...

Whilst wandering through TED videos the other day on my 'Mother TED' application on my Android HTC Magic I found this video from 2005 that I'd not seen before, with Bono making his requests for the 3 wishes that TED granted him :-



http://www.ted.com/talks/lang/eng/bono_s_call_to_action_for_africa.html


Yes it's 27mins long- but spare the time, it's worth it and at least we're able to watch it...

The thing that startled, depressed and really bothered me is that how relevant all of the points Bono makes are, and that they are all still (sadly) valid :(

I understand from here that there was some good reasoning made in '05/'06 as to the technical challenges, and why the 3rd wish hasn't yet been granted. However 4 years is a very long time in technlogy, so I'm intrigued as to what is possible today and tomorrow.

So hopefully ignoring all the 'feel good' bull associated with corporate social responsibility, I've decided to build in a couple of my own questions into the meetings, presentations and pitches that get made to me by large vendors re technology that they want me to approve or purchase. Namely the following :-

1) I want the first content slide presented to me to be a statement from your company re it's position, status, plan & contribution to the three wishes stated in Bono's video

2) I want the second content slide presented to me to detail your companies contribution to charities, help and aid, specific projects as % of revenue and profit.

I used to work in a company where all our purchase request costs were reported internally in terms of the qty of products we needed to sell in order to generate the funds to pay for the request - I wonder how many IT people are able to do this today? I wonder how many would be brave enough to think of them in terms of lives in less fortunate countries?

As I'm prohibited from declaring the IT 'street' prices I'm aware of and then comparing then to aid impacts - I'll just leave it with the questions "is that storage price really good value?" and "why is data on an array invested in more than a life in Africa?"

Saturday, 8 August 2009

Hello Dave - don't get misty eyed

Just a brief post to say hello and welcome to the cloud area to somebody that I have a great amount of time & respect for, so :-
"hello Dave Graham it's great to hear you're taking a key role in the cloud infrastructure arena, please keep to your great ways so far and don't get misty eyed or foggy over matters :)"

To hear from the man himself see here :-
http://flickerdown.com/2009/08/transition-to-the-cloud/

Infrastructure Conferences

Boring I know, but here's the list of infrastructure & storage events that (all being well) I should be attending in the coming months :-

  • CloudCamp London - next one London Sept 24, 2009 6pm to 10 pm
  • IP Expo - London Earls Court Oct 7-8 2009 (thanks StorageZilla)
  • StorageExpo - London Olympia, 14/15 Oct 2009 (one day only)
  • SNW Europe - Frankfurt, Oct 26/27/28 2009
  • EMC Intl Customer Council (invite only) - Prague Nov 2009
  • CloudExpo London
  • Cisco Networkers - Barcelona Jan 25-28 2010
  • Cebit 2010 - Hannover March 2-6 2010 (one day only)
  • VMWorld Europe 2010 - in Oct 2010 in Cannes (if it occurs)

Like most people I find the peer disucssion the most useful, but add to that the ability to speak directly and candidly with the relevant empowered decision makers, and the events are a lot more than the 'jolly' some people think of them. Trust me you know my views on business travel by now, and I wouldn't be attending if I didn't think it valuable...

If you're attending any of the above then let me know, hell I might even ask you to buy me a beer! :) If you know of any other good events re data-centre infrastructure or cloud topics then let me know and I might attend and buy you a beer! :)

Friday, 7 August 2009

Video Time

No it's not a StorageRap or WheelCam style video, but rather a simple round up of some infrastructure related videos on the web that I've found interesting.


Firstly, Simon Wardley (Canonical – Ubuntu), talking a lot of common sense (something missing from the 'traditional major IT vendors) on cloud computing http://bit.ly/QNbvK - brilliant, entertaining & very accurate...

Some interesting videos showing the scale & nature of a number data-centre infrastructure designs and the differences in their approaches :-

Google's Container DCs

http://www.youtube.com/watch?v=bs3Et540-_s

Microsoft OS Cloud Windows Azure Data Center

http://www.youtube.com/watch?v=K3b5Ca6lzqE&feature=related

Oracle's Austin Data Center

http://www.youtube.com/watch?v=eDmCkHK0L7A&feature=related

http://www.youtube.com/watch?v=fjnkfLkYNis&feature=related

HP's POD & Next Gen DCs

http://www.youtube.com/watch?v=WGXL91b2Drk&feature=related


As usual there definitely isn't a 'one size fits all' answer to the DC of the future, but I can certainly see the use of both 'factory', 'container' and 'traditional' DCs within any large enterprise going forward - will be very interesting to see how the tools, technologies, people & culture adapt to work with each & all of these plus of course the cloud IaaS provided 'virtual DCs' of the future...

Emulex E3S

Ok so the Emulex E3S technology is rather interesting...

Dave Graham started it all off here with these 2 blog posts :-
http://flickerdown.com/2009/06/moving-from-block-to-cloud-emulex-e3s/

http://flickerdown.com/2009/06/emulex-e3s-fitment/

Chris Evans also riased points on here :-
http://thestoragearchitect.com/2009/06/19/cloud-computing-emulex-enterprise-elastic-storage-e3s/

Emulex have now posted a site for information re this at :-
http://www.emulex.com/solutions/cloud-storage.html

I raised some questions that I'm still not sure I've found the answers to :-

  1. How does the 'adapter' handle and treat mutable / changing blocks? (eg does it write new block object and retire the old or something more optimised (eg a mini delta block))
  2. What are the scale targets for the adapter (or groupings of adapters) re qty objects, capacity abstracted, latency, throughput & cache etc?
  3. What underlying cloud APIs are used? are these 'pluggable / changable'? and can multiple be used at once?
  4. What specific encryption & KMS system is used?
  5. How does the adapter work with authentication, authorisation & accounting / billing attributes that may need to be handled re cloud storage?
  6. What policy mngt framework is used to control the behaviours of the adapters? and how does this relate / compete / cooperate with other policy frameworks (eg Atmos's or Symm FAST etc)?
  7. Does the adapter maintain the checksum history of the cloud objects written in order to validate that their retrieval matches? if so where is this data stored and how is it protected / made resilient?
  8. What's the target price point?
  9. What's the availability date?
  10. Who will be the first array manufacturer to include this (or similar) as a BE card? and how will that affect technology capability licensing within that array?
Points added Aug 9th :-
  1. Could this be made to work with other block formats / devices (eg tape emulation)?
  2. Is this partnering with any other object storage formats (eg XAM, Caringo Castor, EMC Centera etc)?

The Power of Bod

So this week my good friend StorageBod shone the lighthouse beam (http://storagebod.typepad.com/storagebods_blog/2009/08/new-bloggers.html) on this said quiet little internet hovel of mine, and suddenly I get a bunch of comments on the blog from people I know and respect - not only do I feel a little less grumpy today, and a bit more pressure to live up to the expectations, but I've also got further respect for the media position Martin holds :)

Oh course he did this whilst I was working 18hr days in Istanbul, Turkey reviewing various storage proposals from the usual culprits, and also spending far too much time with lawyers that make me look like a smiling munchkin. All of which meaning I haven't had time to draft & publish any proper content yet...

So with that in mind I guess it's time for me to update this blog and put a little bit of storage related content into it...