Enterprise Storage Strategies

October 2009 - Posts

• Everyone Should Be Skeptical About Cloud Service Providers

  As we plummet down into Gartner's "trough of disillusionment", the cloud skeptics are making their voices heard. Although my professional focus is at the forefront of the cloud storage wave, I can not disagree with the content of articles with sensational headlines like "Cloud Storage: It's Strictly For Airheads" and "Why Cloud Storage Use Could Be Limited in Enterprises". The authors are doing exactly what everyone should be doing: Questioning the viability and suitability of cloud storage in the enterprise. The truth is, although I'm not the "cloud police", not all managed storage services are created equal. In fact, lots of them are, to put it bluntly, not worth much. Many cloud backup and archiving services use bare un-protected disk drives to store data, have no redundancy built into the system, and try to scrape up every cent by using home-brewed hardware. This is especially true in the consumer space, where bargain-basement (or even free) pricing has driven a race to the bottom in terms of quality. No business should use junky consumer solutions. Even service providers that presume to sell in the enterprise market often miss the mark. Forgetting the inappropriate per-month credit card billing method and laughably poor support services, many providers adamantly refuse to comply with basic corporate governance principles. Why would a business use a service that won't tell them where their data is, won't allow their auditors to examine both the processes and data centers in use, and won't stand up service level agreements (SLAs)? If your service is not enterprise-grade, you have no business selling to the enterprise! No wonder corporate folks are scared of the cloud. Subpar offerings from flaky vendors hurt the whole industry. So let's take a look at what the business cloud storage skeptics are saying, and how the enterprise managed storage service providers can respond: Data integrity is a must. Let's say you sold buckets for a living, but one out of 12 had holes in it. How long would you be in business? Amazingly, many cloud storage solutions lack both redundancy and integrity checks and use big bare disks to hold data. These buckets have holes, and data loss is a certainty. Fixing this issue is straightforward: All cloud storage should include parity protection, redundancy, and integrity checks. Business storage systems commonly use RAID to protect against disk media failures, but massive-scale cloud solutions must do even better. Cloud storage must also save multiple copies of data, preferrably automatically distributing it geographically according to SLAs. And I wouldn't be able to sleep at night without proactive integrity checking and data scrubbing. Geographic dispersion of data has implications beyond data protection, though, so cloud providers must also include policy engines to drive governance and compliance. Since compliance with privacy and similar laws is based on physical location, businesses must know where their data is at all times. You can't have data growing legs and traveling, sometimes across national borders. In contrast to the old storage service providers (SSPs) of a decade ago, cloud storage systems are inherently policy-friendly. Objects, metadata, and policy-driven data management are becoming more common, enabling even better data governance than traditional enterprise storage systems. I bet your SAN or NAS system can not enforce your SLAs for geographic dispersion, keeping this data type in New Jersey and replication that other one to California but allowing only a third to cross to Europe. Cloud storage services must be managed and operated better than enterprise systems, not worse. I cringed when I heard tales of the T-Mobile/Microsoft/Danger servers and SAN storage "sitting in a corner" with no knowledgeable staff, no operations focus, and a looming migration. Of course it failed! From an operations standpoint, I love that a humongous and homogenous storage infrastructure can be managed by just a few focused, educated, and talented individuals. That's what cloud storage is all about! Neglected systems have no business in production, especially at a service provider. Managed services must allow auditors to verify their claims. I am a car nut, so I definitely wouldn't trust a garage who whisked my car off to an undisclosed location so unseen mechanics could work on it. I wouldn't eat at a restaurant that didn't allow the health department to inspect it. So why would I put blind faith in a managed service provider who held my critical data? Cloud vendors must perform their own security and operations audits and allow their customers to do the same. You can't pass the buck on governance: If you require SAS70 or PCI or a third-party audit, then your service providers must step up and allow it, too. I'm mad, and I'm throwing down the gauntlet. I want every service provider to start now, protecting data, upholding policy, demonstrating operational excellence, and allowing audits. Anyone who doesn't is a disgrace to the industry, and their customers ought to seriously reconsider where they place their data. Mark me down as a cloud skeptic! By the way, I work for a managed storage service/cloud storage provider, Nirvanix. But I'm a long-time enterprise storage consultant and would not work here if the company couldn't live up to these must-have requirements. Posted Oct 22 2009, 06:21 PM by sfoskett with 7 comment(s) Filed under: RAID, PCI, data integrity, auditors, SAS70, audits, SLA, governance, policy

• Cloud Storage Flavors: Platform/Infrastructure and Service/Product

  Take a look at the various data storage offerings called "cloud" and your head will start to ache. How can so many things all bear the "cloud storage" name and yet be so totally different? The answer is obvious to long-time industry observers: Each provider has tailored their offering to make it distinct in the market, and each supports different use cases. Infrastructure versus Platform Although I am not one to tilt at windmills, especially when it comes to arguing the "rightness" of cloud-based marketing, I sometimes do hit upon a set of terminology that makes sense to me. Wading through the mess of "as-a-service" or "XaaS" names posted by my friend Greg Schulz the other day, it occurred to me that drawing a line between a platform and its underlying infrastructure is quite useful indeed. As Jeff Darcy points out, one can use this distinction to help make sense of the cloud storage landscape: Cloud infrastructure resembles physical infrastructure in many technical ways. Consider Amazon's EBS or the 3PAR, NetApp, and new Symantec storage systems: They are highly scalable and can be used to support multi-tenancy in a service-based model but are also commonly used for very conventional purposes. Indeed, cloud cynics and skeptics would be forgiven for thinking of them as yesterday's fish wrapped in today's newspaper, since the technologies involved have changed very little from the pre-cloud era. Cloud platforms resemble Internet applications and are thus much harder for infrastructure-focused folk to grasp. Offerings like Amazon S3 are a playground for programmers with REST-ish HTTP API access, but appliations expecting conventional blocks or files are left out in the cold. Cloud storage platforms are as different from SAN, NAS, and CAS as Google App Engine or Microsoft Azure is from VMware ESX or Citrix Xen. When we encounter new beasts, we humans try to group them with more familiar things. Thus, a Pteropus becomes a flying fox, anime becomes a cartoon, and baseball is called rounders for adults. But these groupings often deceive us, hiding both the qualities and novelty of the item in question. Cloud compute and storage platforms are composed of conventional hardware, to be sure, but their uniqueness and value lies in how these building blocks are used. Cloud storage platforms present a wholly new approach to data storage, with programmable access, integrated metadata, and the possibility of policy-based action. Last year, I called for a real revolution in storage, and today I recognize many of these elements being put into practice with cloud platforms. This is the reason I redirected my career and have devoted my time to evangelizing cloud systems in the enterprise IT community. Infrastructure has little strategic value any longer, so IT must move up the stack. Service versus Product Go-to-market approaches also vary among cloud storage products. Simply put, some are offered as services and others as products. Since the value proposition for cloud storage is so strongly rooted in the service provider concept (including multi-tenancy, scalability, high utilization, commodity hardware, and distribution of data), observers are often confused when they encounter a cloud product rather than a service. Even the nomenclature can get confusing, with many referring to all cloud offerings as "services" regardless of the sales approach used. Many products are sold as "enabling cloud services" or "a foundation for SaaS", and the development of internal or hybrid cloud service providers is a hot topic in IT circles. Although many go-to-market approaches exist, it is fair to say that service-orientation is a hallmark of cloud products. Enter the Cloud Storage Matrix Applying these simple labels to the cloud storage market reveals a simple matrix of offerings. Some are clearly conventional SAN or NAS infrastructure products that can be leveraged as a foundation for cloud services. Others are true cloud platforms sold as a product for service providers. Then there is the storage capacity offered on a service basis by hosting providers, including the elastic block storage (EBS) included with Amazon's EC2 cloud compute infrastructure service. Finally, we have the true cloud storage platform services: Amazon S3, Nirvanix SDN, and Rackspace Cloud Files. EMC's Atmos is an unusual beast indeed. It easily falls into all four quadrants, being sold as both a product and service and used as both a platform and infrastructure. Only EMC can tell if this "all things to all people" approach is working, but it will take some serious resources to make it a success. It certainly confounds the issue for those of us who are trying to bring clarity to the world of cloud storage! Building Bridges One thorny issue for cloud storage has been the unconventional HTTP-based access method required by true cloud platforms. This has been something of a chicken-and-egg quandry for businesses developing cloud storage offerings: Conventional block and file protocols enable accessibility and promote usage but also limit the impact of the platform. As Steve Duplessie points out, cloud storage offerings must include real strategic value rather than being sold simply as cheap rental space. One way to build a bridge between today's world of SAN and NAS and the future of programmable storage platforms is to include both access methods. This is the reason that Nirvanix rolled out its bridge to the SDN, CloudNAS, last year. Conventional applications can read and write to the Nirvanix cloud storage service as if they were accessing a local file system. CloudNAS handles the translation between POSIX filesystem calls on a UNIX or Windows server and RESTful HTTP calls to the cloud. It also includes caching and encryption to address the two most common concerns about cloud storage, performance and security. Although conventional access methods and product offerings offer an onramp to the cloud, the real revolution will not come until applications are able to seamlessly access stored objects. This is why cross-platform programming libraries like the Zend Simple Cloud API and CloudLoop for Java are so interesting: They bridge a new breed of applications to the cloud storage platforms already offered. Cloud storage is moving up and to the right, adopting both the platform and service orientations that are the hallmarks of the Internet age. Posted Oct 05 2009, 06:45 PM by sfoskett with 1 comment(s) Filed under: NetApp, VMware, Nirvanix, S3, Atmos, 3PAR, NAS, Steve Duplessie, Jeff Darcy, Symantec, EBS, Greg Schulz