a security and high-availability layer for cloud · pdf filea security and high-availability...

29.09.2011 | Maxim Schnjakin

A Security and High-Availability Layer for Cloud Storage

Sino-German Workshop on Cloud-based High Performance Computing

Sep. 26 - Oct.1, Shanghai

Sino-German Workshop on Cloud-based HPC | Maxim Schnjakin | 29/09/2011

Outline

■ Motivation

□ Focus and challenges

■ Our approach

□ Cloud storage layer

□ Identification of services

□ Data distribution

□ Recent results

■ Conclusion and future work

2


A Working Definition of Cloud Computing

■ Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction

– The NIST definition of cloud computing

3


4

Motivation and Challenges

■ Focus

□ Storage as a Service

□ Infrastructure as a Service

■ Challenges

□ Selection of the suitable service provider

□ Security

□ Reliability & Availability

□ Lock-in


■ Requirements

□ Reliability & Security

□ Support by the identification of the „best“ suitable provider

□ Identification of the selection parameters

□ Currentness of the information

■ Replication of data as a solution?

□ Missing API standardisation makes the integration process difficult

□ Not cost-efficient

5

Requirements

Anwender

Web Portal

Nutzerinterface

Ressourcen Management

Nirvanix SND

Rackspace

GoGrid

Amazon S3

...


Architecture

■ Cloud Storage Layer

6

web service

User

user interface

Resource Management


Implementation

■ User Interface

□ Data management

□ Specification of the requirements

– Costs– Geographic location– QoS-Parameters

□ Upload- and download preferences (budget-oriented content deployment)

7


■ Resource-Management Module:

□ Matching occurs by means of specified QoS-Parameters– latency, geographic location, availability, costs ...– language is flexible (further parameters are possible)

□ Integration of „user experience“– monitoring of each user-provider interaction

8

Implementation

Ressourcen Management

Registry & Matching Service

Reputation Service Service Repository

Resource Management Service

Matching ServiceAmazon S3

Nirnanix SND...

AnwenderUser

Resource Management


■ Data Distribution Module

□ Spreads the data among the selected cloud providers

□ Back to the roots: – Implementation of

software RAID

9

Implementation

Data Distribution Service

Amazon S3 Connector

Nirvanix SND Connector

Rackspace Connector

Data Fragmentation Service

FF3,1 F3,2 F3,3

F2,1 F2,2 F2,3

F1,1 F1,2 F1,3

Data Distribution

Amazon S3

Nirvanix SND

Rackspace


Redundant Array of Inexpensive Disks

■ Developed at the Berkley University 1987

■ Increase of reliability

■ Increase of performance

■ Cost-cutting through the usage of cheap hardware devices

■ Various RAID-Algorithms

□ RDP Coding

□ Liberation Code

□ Reed-Solomon Coding

□ Cauchy Reed-Solomon Coding

□ EVENODD Coding ...

10

Disk 1 Disk 2


11

Redundant Array of Inexpensive Disks

File F

Device A Device B Device C

RAID-Algorithm

Device D

Amazon S3Nirvanix RackspaceGoGrid

⊕ ⊕


Evaluation of RAID-Algorithms

■ Selection criteria

□ Encoding-Performance

□ Decoding-Performance

□ Feasibility of the implementation

□ Costs of the implementation

■ Decisive parameters

□ k = the number of data packages („hardware devices“)

□ m = the number of coding packages (parity data)□ w = word size (the size of the coding words)

12

Anwender

Webbrowser

Java-Applet

GoGridAmazon S3

Database

Librarieserasure.jnilib

unsere Plattform

Internet


Implementation

■ Implementation of the Liberation algorithm in C

■ Embedment of C-libraries with Java-JNI

■ Meta data is stored in the local data bank

■ Data processing (coding) on the side of the user

■ The platform

□ Deployment of „new“ storage services

□ Provision of „reputation information“

13


Performance measurement

14

Time

MB

/ se

c

■ Encoding performance

10

5

15

20

25

30


Cloud Speed Performance

15


Conclusion

■ Bandwidth of cloud service provider might become a bottleneck

■ Increase of data transfer rates

■ Increase of the availability and reliability by providing a better economical efficiency

□ we are able to tolerate the outage of various service providers (by data overhead of 10%)

■ Increase of data security

□ Physical segregation of data sets

□ None of the vendors is in absolute possession of data– providers are not able to „misuse“ entrusted data

□ Decrease of the lock-in risk

16


Future Work

■ Reliable reputation algorithms

■ Dynamic adoption of the coding parameters

■ Implementation of encryption functionality

■ Integration of further storage providers

■ The solution of the single source of failure problem

17

Dipl.-Inf. Maxim Schnjakin | 10. Mai 2011 | IT-Sicherheitskongress

Questions? Remarks?

Maxim Schnjakin: [email protected]

Hasso-Plattner-Institute, University of Potsdam, Germany

18

Thank you for your attention

a security and high-availability layer for cloud · pdf filea security and high-availability...

Documents