4. 80%YoY Growth in
Unstructured Data
41% Growth in IaaS
Systems through 2016
Sources:
Gartner, IT Marketing Clock for Storage, Sep 2011
Gartner, Forecast Overview: Public Cloud Services, Worldwide, 2011-2016, Feb 2013
5. MagFS –The File System for the Cloud
Consistent, Elastic, Secure, Mobile-Enabled
Layered on Object Stores
“Software-Defined”
6. No (Initial) Legacy
Support (NFS/CIFS)
Native Clients: Push
Intelligence to Edges
Strong Consistency w/
Full-Spectrum Caching
7. File System Design Goals
Low Cost,
High Scale
Intelligent
Clients
Span Devices
and Networks
Support Rapid
Iteration
16. Data Manager
File System Layer
SimplifiedWrite: Deduplication + Encryption
Write Request
Plaintext
Variable-Length
Chunking
Encrypted Text (E)
AES-256 (K)
Object Name (N)
SHA-256
Local Cache Remote Transfer
Encryption Key (K)
SHA-256
17. Data Manager
File System Layer
SimplifiedWrite: Deduplication + Encryption
Write Request
Plaintext
Variable-Length
Chunking
Encrypted Text (E)
AES-256 (K)
Object Name (N)
SHA-256
<File, Offset, N, K>
Optional(<URI>)
Local Cache Remote Transfer
<N, E>
<URI, E>
No Encryption Keys
in the Cloud
No Encryption Keys
in Local Cache
Encryption Key (K)
SHA-256
<E>
18. Data Manager
File System Layer
Simplified Read: Deduplication + Encryption
Read Request
<File, Offset, Range>
Local Cache Remote Transfer
<N, URI>
Encryption Key (K)
<N, K, URI>
Encrypted Text (E)
<E>
<URI>
<E>
<URI>
<E>
Plaintext
AES-256 (K)
19. The Client in Real Life Does a Lot More!
• File and Directory Leases (data and metadata caching)
• Asynchronous Operations (including writes)
• Operation Compounding
• Runtime Optimizations (e.g., read ahead)
• Optimizing for High Bandwidth Delay Product (BDP)
• …
30. Object Store API Compatibility
Q: Has anyone come across a near 100%
Amazon S3 API compatible object storage
system?
A: It is hard to find a near-100% compatible
product…
-Vendor w/ S3 Compatible Product
37. Server-Driven Request Signing
SignString = PUT + "n"
+ 07BzhNET7exJ6qYjitX/AA== + "n"
+ image/jpeg + "n"
+ Tue, 11 Jun 2013 00:27:41 + "n"
+ Resource + "n"
+ ...
38. Server-Driven Request Signing
SignString = PUT + "n"
+ 07BzhNET7exJ6qYjitX/AA== + "n"
+ image/jpeg + "n"
+ Tue, 11 Jun 2013 00:27:41 + "n"
+ /container/example.jpeg + "n"
+ ...
39. Server-Driven Request Signing
SignString = PUT + "n"
+ 07BzhNET7exJ6qYjitX/AA== + "n"
+ image/jpeg + "n"
+ Tue, 11 Jun 2013 00:27:41 + "n"
+ /container/example.jpeg + "n"
+ ...
HMAC-SHA1( , SignString)
40. Server-Driven Request Signing
SignString = PUT + "n"
+ 07BzhNET7exJ6qYjitX/AA== + "n"
+ image/jpeg + "n"
+ Tue, 11 Jun 2013 00:27:41 + "n"
+ /container/example.jpeg + "n"
+ ...
Signature = Base64(HMAC-SHA1( , SignString))
41. Object Storage
(public, on-premises,or hybrid)
Data
Metadata
Metadata Servers
Clients
Safe Direct Client Access via Request Signing
1. Read/Write Request
3. HTTP Request +
Signature +
Encrypted Data
2. HTTP Request + Signature
42. Dealing with Lost Client Writes
• Clients can lose connectivity or, in the worst case, be malicious
• Naïvely trusting client writes can “corrupt” w/ global dedup
• MagFS server scrubs all writes:
• Client acknowledges write
• Server verifies object existence (object store performed MD5 at PUT)
• Server can also read and verify object data (stronger SHA-256 check)
• The object will be available for deduplication only after scrubbing
43. Handling Object Store Eventual Consistency
• Treat objects as immutable (even if modifications are allowed)
• Use content-based names (generated using cryptographic hashes)
• Tombstone names after Garbage Collection
• Suffix generation number to content-based names in case of resurrection
45. Recap: On-Premises Security Model
• User authentication and permissions derived from native Active
Directory setup
• Encryption keys are never exposed to the cloud
• Data and metadata is always encrypted:At-Rest and In-Flight
46. Slides (with speaker notes) at http://tolia.org
Try MagFS at http://maginatics.com