© 2012 IBM Corporation

OpenStack Storage

New and Upcoming from IBM Research

Ronen Kat, IBM Research – Haifa

ronenkat@il.ibm.com

© 2012 IBM Corporation2IBM Research - Haifa

IBM and OpenStack

OpenStack Summit(San Diego 2012)

by Jeff Borek

Link

http://www.openstack.org/summit/san-diego-2012/open stack-summit-sessions/presentation/enabling-choice-for-the-opens tack-community

© 2012 IBM Corporation3IBM Research - Haifa

IBM and OpenStack

� IBM has a strong history of working with open standards and opensource�E.g., Linux, Apache, Eclipse

� Community approach to developing software can help meet clients’needs faster�Drive agreement on needed cloud standards and help remove threat of

proprietary lock in

� IBM’s value�Maintaining and supported by IBM

�IBM embraces OpenStack, contributes code and resources and consumes code

�Providing support for IBM platforms�Leveraging IBM software and management for OpenStack

© 2012 IBM Corporation4IBM Research - Haifa

Contributions to OpenStack Success Deliver Value

IBM Storwize V7000 IBM XIV

� Membership Services from HSLT

IBM Power Systems

� Drivers for IBM SVC & XIV� PowerVM driver� Dynamic hypervisor

support

� Implementations of 2 important open cloud standards

� Globalization & localization enablement� Localization for Simplified Chines� Crowd-sourced translation capability

� API, quotas, Nova integration

� Legal support for drafting bylaws

� Improvements to stability and quality

� Community sprint days� Permission building in the

China market� Three IBMers named “core

contributors”� 124 IBMers collaborating

across divisional lines

� Legal support for drafting bylaws

� Improvements to stability and quality

� Community sprint days� Permission building in the

China market� Three IBMers named “core

contributors”� 124 IBMers collaborating

across divisional lines

© 2012 IBM Corporation5IBM Research - Haifa

Different cloud workloads need different classes of storage

High-performance, co-located storage for XaaS• Blocks/file to support compute

General purpose data center NAS extension • Files

Fixed content depot• Objects

© 2012 IBM Corporation6IBM Research - Haifa

IBM Block Storage Enablement for OpenStack

OpenStack volume management drivers• SAN Volume Controller and Storwize family• IBM XIV

Storwize V7000

Storwize V7000 Unified

Storwize V3700

Flex System V7000

SAN Volume Controller

IBM XIV

New in FOLSOM

New in FOLSOM

IBM Research is exploring additional drivers enhancements…

© 2012 IBM Corporation7IBM Research - Haifa

Adding Functionality Beyond “just drivers”

� Not all storage was made equal�Allocate data by business needs and requirements

�Enable QoS and prioritization for storage

�Enable IaaS provider to “hand out” different storage types

� Mechanism�Cinder Volume types – new in Folsom�Cinder Scheduler – support for “filters” and back-end capabilities

�Supporting volume differentiation in drivers

© 2012 IBM Corporation8IBM Research - Haifa

Adding Functionality Beyond “just drivers”

� Fibre Channel support (FC and FCoE)�Enable use of OpenStack in enterprises

� IBM Research is investigating potential featuressuch as

�Federation of storage systems

�Storage system support for fast VM provisioning�High availability and QoS options for volumes

�Backup and DR

�Data reduction for Openstack storage�Etc…

© 2012 IBM Corporation9IBM Research - Haifa

VISION CloudVirtualized Storage Services Foundation for the Future Internet

Architect and build the next generation, standard-based, scalable, low-cost and secure cloud storage system

Key Innovations:• Raise Abstraction Level of Storage • Computational Storage• Content-Centric Storage• Advanced Capabilities• Data Mobility and Federation

Four use cases to demonstrate data-intensive services• Telco, Media, Healthcare and Enterprise

A 3-year project, European project led by IBM • Started Oct 2010

Now considering features to port to OpenStack Swift…

www.visioncloud.eu

© 2012 IBM Corporation10IBM Research - Haifa

� RESTful HTTP(s) Interface: Create, Retrieve, Update and Delete objects and containers (along with other abstractions)

►Capabilities: Allow implementation to define which subset it is supports►CDMI-aware and non-CDMI-aware clients

� Defined by SNIA (Storage Networking Industry Associ ation) and v1.01 in process of ISO standardization

CDMI CloudClient issues:HTTP(s) GET, PUT, POST, DELETE

Requests/Responses can include:Mime-type, data, metadata

Implementation responds:HTTP(s) Status

April 2009 Cloud TWG launched

April 2010CDMI V1.0 published

September 2011 CDMI v1.0.1 errata published

April 2011 Submitted for ISO standard

March 2011 CDMI reference implemen-tation

Current: Work on CDMI 1.1

Cloud Data Management Interface (CDMI):An emerging standard interface for storage cloud

© 2012 IBM Corporation11IBM Research - Haifa

Rich Meta Data Support for Objects

Description• Metadata integral part of objects

• Can describe content and how handled• Provide queries over metadata

Benefits• Increases the value of object stores as an infrastructure for building value-add

applications over the stored data, e.g. for healthcare, telco and media.

© 2012 IBM Corporation12IBM Research - Haifa

Rich Meta Data Support for ObjectsIndex and queries for user metadata

A catalog maintains for each object in a container a list of the attributes and attribute-value pairs

• A content-centric query requires a look-up in the catalog

Example (schematic) – list all red objectsGET /MyContainer/ HTTP/1.1. . . x-Match-md: x-Attribute=‘color’ x-

Value=‘red’

Response (schematic)HTTP/1.1 200 OKContent-Type: application/json

{"children" : [

“Obj 2",“Obj 3" ]

} Obj 2redcolor

Obj 3squareshape

Obj 1bluecolor

Obj 1triangleshape

Obj 2squareshape

Obj 3redcolor

ObjectValueAttribute

Obj 1

Obj 2

Obj 3

MyContainer

© 2012 IBM Corporation13IBM Research - Haifa

Computational Support via Storlet Engine

Description• “Stored procedures” for a storage cloud

• Provide ability to run computations (storlets) safely and securely, close to the data

Benefits• Reduce bandwidth, prevent exposure of sensitive data

• Enables extending Swift without changing its code• Create customized solutions

© 2012 IBM Corporation14IBM Research - Haifa

PUT Pudong Feb 2012mimetype = jpegcategory = vacation picturelocation = Shanghai

Storlets are the “stored procedure” of object clouds

Storlets provide a safe and secure way to execute computations in a storage cloud

• Typically run in a sandboxStorlets are uploaded as objects

• Distinguished from other objects by metadataStorlets are triggered by events on objects (e.g., put/get) and associated metadata attributes

• Synchronous or asynchronousBenefits

• Locality – avoid network overhead• Security – avoid transferring data outside of cloud• Timeliness• Automated execution• Stronger provenance

Use cases• Transformations on data, e.g., transcoding,

computing thumbnails• Extraction/derivation of metadata• Simple computations

Thumbnail CreatorObject-type = storletPut object trigger:

mimetype = jpegcategory = vacation picture

Code:. . . .

Pudong Feb 2012 thumbnailmimetype = jpegcategory = vacation pictureLocation = Shanghai

© 2012 IBM Corporation15IBM Research - Haifa

Transcode intoadditional formats.

Metadata indicates formats

Use metadata to select optimum format

for device/browser

Telco use case

Media use case

UploadMPEG-4

Meta data and Storlets in actionManaging and Serving Content

Low-res copy

© 2012 IBM Corporation16IBM Research - Haifa

Supporting Secure Multi-Tenancy

Description• Provide secure logical isolation between tenants to enable hosting of many

tenants over the same shared infrastructure

• User of one tenant cannot access storage of another tenant

• Security breach in one tenant cannot be leveraged to breach another tenant

Benefits• Feature required in order to provide secure public object cloud

© 2012 IBM Corporation17IBM Research - Haifa

We want to allow secure lightweight isolation between tenants while allowing complete sharing of physical resources

ApproachRun time model and security

• Principle of least privilege: Every sub component should operate using the least set of privileges required for the job completion.

Multi-tenancy and isolation• Build a system with separate tenant privileges. If the system

is compromised the damage should be confined to a single tenant.

• There should be a complete isolation of all tenant related information to prevent any cross-tenant leakage.

• All data-at-rest should be encrypted with a per tenant keyScalability and performance

• Security that can scale• Limit the performance affecting overheads.

Container

Object

User

Tenant

Model

© 2012 IBM Corporation18IBM Research - Haifa

Secure WAN De-duplication

Description• Phase 1: Support full object deduplication in the storage and over the network.

• Phase 2: Add Proof of Ownership (PoW) mechanisms to enable secure WAN deduplication

Benefits• Capacity and bandwidth efficiency for applications like Mail and content depots

• Security for client use is unique

© 2012 IBM Corporation19IBM Research - Haifa

Client-side deduplication in a cloud has a potential for significant savings, capacity and bandwidth but entails security challenges

Allows savings both bandwidth and capacity

Basic protocol:� Client computes a deterministic short hash of the

data� Client sends hash value to the cloud server� Cloud asks for the actual data only if the hash

(and data) are unfamiliar

One problem to address is spoofing uploads� Attacker obtains hash of victim’s file� Attempts to upload a file, but swaps the hash value

with that of the victim’s file.� File is now registered to attacker� Download file…

� Only need to get hold of a very small(not necessarily secret) piece of informationExample: 160 bits to get hold of a 1.5GB objectfrom a popular backup server

We have developed a solution called Proofs of Ownership (PoW)� A challenge response phase during uploads

Client Swift

Content already exists

Data Content

SHA1

2fd4e1c6

Create: object2Content-id: 2fd4e1c6

Success response

Client Swift

Content is new

Data Content

SHA1

2fd4e1c6

Create: object1Content-id: 2fd4e1c6

Object w/ content ID 2fd4e1c6 doesn’t exist

Special error response

Data Content

Create ‘object1’

Success response

Object w/ content ID 2fd4e1c6 exists

Create: object1Content-id: 2fd4e1c6

© 2012 IBM Corporation20IBM Research - Haifa

Extending to a Global Storage Pool

Description• Tie together multiple Swift clusters into a single namespace• Enable a geographically distributed Swift installation• Support active/active replication• Support geographic placement constraints

Benefits• Reduce TCO• Increase availability• Enable large cloud-based implementations

© 2012 IBM Corporation21IBM Research - Haifa

Extending Swift to a Global Storage Pool enables large cloud-based implementations

Global Distribution• Replicate objects in different

data centers• Simplify failure recovery/DR

• Use for availability, recovery and performance

© 2012 IBM Corporation22IBM Research - Haifa

FI-WARE – Foundation for Future Internet

FI-WARE

Mission: provide core platform for FI applications in multiple industries* (‘Usage Area’ projects*)

**

*

*

* *

FI-WARE Budget: €40M (FI-PPP in total: €300M over 5 years)

*

*

© 2012 IBM Corporation23IBM Research - Haifa

More OpenStack focus at IBM Research - Haifa

NetworkVirtualization

Object Storage

Block Storage

ComputeHA, powerVM, VM placement

© 2012 IBM Corporation24IBM Research - Haifa

Questions…

Thank you…