Zetta Scalabytes Blog

In this blog, hear from Zetta’s founders and leaders about cloud computing, storage and data management best practices and Zetta Enterprise Cloud Storage technology.

Archive for January, 2010

Chris Schin

January 19, 2010

Hosting Primary, Unstructured Enterprise Data in the Cloud – Part 6: Continuous Availability

Chris Schin, VP Products, is responsible for coordinating all Zetta product-related initiatives including product strategy, direction, and marketing, as well as business model and go-to-market process definition. Prior to joining Zetta, Chris was acting GM and Senior Director for Symantec Protection Network, Symantec's Software as a Service platform.

For those of you just joining here, I’m using this blog series to document what enterprise IT professionals have told us about the baseline requirements that would need to be met by a cloud storage service before they would consider storing their enterprise primary data in the cloud. This list outlines the high-level requirements and hyperlinks to previous posts:

 

 

This post lists a few questions you should ask your cloud storage vendor about their architecture for delivering availability before considering placing a primary copy of your data in their cloud:

 

  • “Does your solution have redundant network links from different top-tier networking providers?” It must; networks go down every day, no matter how expensive they are or what brand is behind them. Redundancy in networks is a baseline requirement for placing primary data in the cloud.

     

  • “Does your solution reside in a data center that has redundant power and cooling?” It must; if the environs of the systems holding your data are not adequately protected, failure of the solutions is inevitable, resulting in availability outages.

     

  • “Does your solution offer triple-layer redundancy at the storage controller tier at no additional cost?” It must; the controller tier holds the brains of the storage solution, and cannot afford downtime or corruption — this is not only key to system availability, but extends to data integrity as well.

     

  • “Does your solution leverage an advanced RAID algorithm to ensure that the data is available?” It must; holding single copies of data in multiple locations is not nearly as available and protected as holding RAID-6-protected copies of data in multiple locations.

 

Before you even consider putting a primary copy of your data into a cloud storage provider’s infrastructure, you should certainly ask these questions and receive detailed, satisfactory answers. If you are using a cloud solution today and don’t know the answers to these questions (or even whom to ask these questions), then you should be concerned about the availability and protection of your data.

 

Zetta’s CTO, Jeff Whitehead, is fond of using a nuclear submarine analogy when discussing system availability, as in “imagine you are on a nuclear submarine right now — would you be satisfied knowing that submarine was highly available, or would you demand that it be continuously available?” An enterprise solution must be built to the stringent demands of an enterprise IT professional, and when it comes to data, an enterprise IT professional demands continuous availability.

Twitter iconReading: Hosting Primary, Unstructured Enterprise Data in the Cloud – Part 6: Continuous AvailabilityTweet This

Tags: , , , , , ,
Posted in Cloud Storage | 7 Comments »

Chris Schin

January 12, 2010

Hosting Primary, Unstructured Enterprise Data in the Cloud – Part 5: Data Security/Privacy

Chris Schin, VP Products, is responsible for coordinating all Zetta product-related initiatives including product strategy, direction, and marketing, as well as business model and go-to-market process definition. Prior to joining Zetta, Chris was acting GM and Senior Director for Symantec Protection Network, Symantec's Software as a Service platform.

Happy New Year! I’m back with part 5 of a nine-part blog series that describes the requirements for hosting primary unstructured enterprise data in the cloud.

 

This entire blog series includes an introduction and the following set of requirements:

 

 

When talking to enterprise IT professionals (our customers), the second-most frequently-referenced concern/consideration (second only to “don’t lose or corrupt my data,” which was covered in my last post) is “don’t let anyone else see or steal my data.”

 

As this first post of the year comes right after Network World has named Zetta as one of the ‘10 Storage Startups to Watch,’ I would like to say that it is certainly rewarding to see editors such as Jon Brodkin recognize that while “many companies are concerned about the safety of trusting their information to a third party, to help ease those concerns, Zetta has built a system that encrypts data at rest, and can withstand multiple hardware and network failures without losing data.” There are certain baseline security/privacy criteria that must be met prior to trusting a cloud storage solution with primary copies of enterprise data.

 

  • Wireline encryption: Using a storage service (as opposed to an inside-the-firewall solution) clearly implies a need to secure the data in transit from the enterprise to the service. Fortunately, this is increasingly facilitated by the protocols themselves. Most file transfer protocols and Web-optimized storage protocols have encrypted versions readily available today, including sFTP, FTPS, and Secure WebDAV, run over HTTPS. Even traditional storage access protocols are building in wireline encryption in recognition of our increasingly Internet-driven existence, such as NFSv4.

     

    While we encourage customers to use these encrypted protocols, there are clearly use cases that require the use of unencrypted protocols. The solutions here are also tried and true — either encrypt prior to sending the data, contract for a dedicated network link, or work with the service provider to put in place a secure tunnel, such as a VPN.

     

  • Logical partitioning within multi-tenancy: By some definitions (certainly mine), a service must be multi-tenant before it can be considered a “cloud” service[i]. In order for enterprise IT professionals to have confidence using a cloud storage service for enterprise data, they must know that their data cannot be accessed while resident in service infrastructure. The first step to this is to ensure logical separation between customers at the “front door” of the service infrastructure — the initial customer access point to the service. Virtualization makes this easy — simply house every customer’s mountpoint as a unique URI within a distinct virtual machine instance. This way, you know that your access point is completely unique to you, and is not a shared resource comingled with other users.

     

  • At-Rest Encryption: By far the most significant feature to ensuring data security is default encryption at rest, supplied by your service provider at no additional cost. Ideally this should be facilitated by a full Public Key Infrastructure (PKI) backed by FIPS 140-2 compliant key repositories, with advanced bit encryption, a robust key rotation scheme, and ideally per-customer or per-volume keys. Strong encryption at rest is really table stakes for any enterprise-class data storage service.

 

To reiterate a common theme across these posts — it is important to remember that these are the baseline requirements that your cloud storage provider should take in consideration from the development phase. These types of customer requirements drove the design of the Zetta storage solution, which was built specifically to house enterprise primary data in the cloud.

 

I’ll be back in a few days to touch on the next requirement, continuous availability architecture.

 

[i] Note that this is not a statement unique to storage services, but to any kind of service.

 

Twitter iconReading: Hosting Primary, Unstructured Enterprise Data in the Cloud – Part 5: Data Security/PrivacyTweet This

Tags: , , , , , , , ,
Posted in Cloud Storage, Zetta Product | 8 Comments »