Transcription
White PaperSimpliVity OmniStack with the HyTrust PlatformPage 1 of 12www.SimpliVity.com
White PaperTable of ContentsExecutive Summary. 3Purpose. 3Audience. 3Solution Overview. 3Simplivity Introduction. 3Why Simplivity For Virtualization?. 5Hytrust Overview. 6Hytrust Datacontrol (Htdc). 6Solution Overview. 7Customer Benefits. 7Solution Architecture. 8Topology. 8Testing Infrastructure. 9Technical Details. 9Testing Methodology. 10Vdbench Test. 10Significance. 10Simplivity Operations And Feature Test. 10Significance. 10Hytrust Operations. 11Significance. 11Test Results. 11Vdbench. 11Simplivity Operations. 12Hytrust Operations. 12Best Practices. 12Conclusion. 12Page 2 of 12www.SimpliVity.com
White PaperExecutive SummaryThis paper documents securing application data through encryption on SimpliVity OmniStack using the HyTrust Platform.PurposeThe purpose of this document is to familiarize the reader with SimpliVity OmniStack technology and to introduce HyTrustThis document provides technical details of testing executed by SimpliVity to validate the interoperability of OmniStacksystems and the HyTrust Platform in terms of functionality and performance. Recommendations and guidelines to optimizeperformance are also provided.AudienceThe intended audience for this document is IT professionals who are looking to protect data through encryption onSimpliVity’s OmniStack systems.Solution OverviewSimpliVity IntroductionSimpliVity’s hyperconverged infrastructure solution transforms the data center by virtualizing data and incorporating allIT infrastructure and services below the hypervisor into commodity x86 building blocks. With 3X total cost of ownership(TCO) reduction, SimpliVity OmniStack software-defined hyperconverged infrastructure delivers the best of both worlds:the enterprise-class performance, protection and resiliency that today’s organizations require, with the cloud economicsbusinesses demand.Designed to work with any hypervisor or industry-standard x86 server platform, the SimpliVity solution provides a single,shared resource pool across the entire IT stack, eliminating point products and inefficient siloed IT architectures. The solution is distinguished from other converged infrastructure solutions by three unique attributes: accelerated data efficiency,built-in data protection functionality and global unified management capabilities. Accelerated Data Efficiency: OmniStack performs inline data deduplication, compression and optimization on all dataat inception across all phases of the data lifecycle, all handled with fine data granularity of just 4KB-8KB. On average,SimpliVity customers achieve 40:1 data efficiency while simultaneously increasing application performance. Built-In Data Protection: OmniStack includes native data protection functionality, enabling business continuity anddisaster recovery for critical applications and data, while eliminating the need for special-purpose backup and recovery hardware or software. OmniStack’s inherent data efficiencies minimize I/O and WAN traffic, reducing backup andrestore times from hours to minutes. Global Unified Management: OmniStack’s VM-centric approach to management eliminates manually intensive, errorprone administrative tasks. System administrators are no longer required to manage LUNs and volumes; instead, theycan manage all resources and workloads centrally, using familiar interfaces such as VMware vCenter and VMwarevRealize Automation.SimpliVity packages OmniStack on popular x86 platforms—either on 2U servers marketed as OmniCube, or with partnersystems from Cisco or Lenovo, marketed as OmniStack Integrated with Cisco UCS and OmniStack Solution with LenovoSystem x, respectively.Page 3 of 12www.SimpliVity.com
White PaperAn individual OmniStack node includes: A compact hardware platform - a 2U industry-standard virtualized x86 platform containing compute, memory, performance-optimized SSDs and capacity-optimized HDDs protected in hardware RAID configurations, and 10GbE networkinterfaces A hypervisor such as VMware vSphere/ESXi OmniStack virtual controller software running on the hypervisor An OmniStack Accelerator Card – a special-purpose PCIe card with an FPGA, flash, and DRAM, protected with supercapacitors; the accelerator card offloads CPU-intensive functions such as data compression, deduplication and optimization from the x86 processors.(4) Servers VMwareStorage Switch(2) HA Shared StorageBackup & Dedupe OneBuilding BlockTCO Savings Global Unified Management Operational EfficiencyWAN Optimization 3xCloud GatewaySSD ArrayStorage CachingEnterpriseCapabilitiesData Protection AppsCloudSimplicity &EconomicsFigure 1 – Legacy ComparisonPage 4 of 12www.SimpliVity.com
White PaperWhy SimpliVity for Virtualization?OmniStack was specifically designed to meet the stringent price-performance, scalability, agility and resiliency demandsof today’s data-intensive, highly virtualized IT environments. Key benefits and advantages include: Simplicity and superior Economics: OmniStack eliminates infrastructure cost and complexity by consolidating a varietyof IT functions (compute, storage, network switching, replication, backup, etc.) onto commodity virtualized x86 hardware, with global unified management. The solution contains CAPEX by eliminating IT silos, converging technologystacks, and optimizing storage capacity; and it reduces OPEX by containing power, cooling, rack space and systemadministration expenses. Linear scalability: The SimpliVity solution features a scale-out architecture that minimizes upfront investments and provides a high degree of flexibility and extensibility. OmniStack nodes are installed in an incremental fashion to accommodate growth, enable new applications or extend system availability. Two or more OmniStack nodes can be federated tocreate a massively scalable pool of shared resources that is administered as a cohesive system, with a single administrative interface. VM-centric design: OmniStack was designed from the ground up with virtualization in mind. The solution abstracts datafrom the underlying hardware; virtual machine files are mapped directly to blocks on storage. All data storage, management, and protection functions are inherently optimized for virtualization. And all administrative tasks including managing data protection policies, analyzing performance and troubleshooting problems are all performed at the VM level.From an administrative perspective, a datastore is simply a logical construct, decoupled from the underlying physicalinfrastructure. Concepts like LUNs, volumes, shares, and disk groups simply don’t apply with SimpliVity. Accelerated IT service agility: OmniStack’s inherent data efficiencies and VM-centric management capabilities dramatically simplify operations and boost IT service agility. With OmniStack, system administrators can spin up IT services andclone VMs in just seconds with two or three mouse clicks. High resiliency: The SimpliVity solution is designed to be highly resilient, with no single point of failure. The solutionsupports both RAID (redundant array of independent disks) for disk-level resiliency and RAIN (redundant array of independent nodes) for node-level resiliency. In a high availability RAIN implementation, the complete set of data associated with a VM is simultaneously written to two distinct nodes, protecting data in the event of disk or node failures.Public CloudFigure 2 – An OmniStack FederationPage 5 of 12www.SimpliVity.com
White PaperHyTrust OverviewHyTrust provides a security and compliance platform for virtualized data centers. Its platform provides the essential foundation for cloud control, visibility, data security, management and compliance. The HyTrust Platform eliminates or mitigatesthe risk of catastrophic failure from insider threats, external data breaches, or even hardware failure — especially in light ofthe concentration of risk that occurs within virtualization and cloud environments. Organizations can now confidently takefull advantage of the cloud, and even broaden deployment to mission-critical applications.A key element of the HyTrust Platform, called HyTrust DataControl ensures organizations avoid becoming the next cyberdata breach headline by securing virtual infrastructure throughout the virtual system and data lifecycle. The solutionensures deep security and automates both security and compliance; ensures scalability to be as elastic as the virtual environment it is protecting; and finally, HyTrust DataControl simple operation reduces administrative burden and errors.HyTrust DataControl (HTDC)HyTrust KeyControl Nodes and clusters – supporting an active-active cluster, the HyTrust KeyControl (a component of theHyTrust DataControl solution) cluster stores keys, policies and configuration data related to the cluster, or any number ofvirtual machines where the HyTrust DataControl policy agent is installed. Administration of the system is through a webbrowser-based GUI or through a set of REST-based APIs. Communication between the browser and the HyTrust KeyControl cluster takes place over HTTPS. Since this is a full active-active cluster, the browser can point to any HyTrust KeyControlnode in the cluster. Any changes made are immediately reflected on all cluster nodes.VMPAKeyControlVMVMPAPAPrivate Cloud / Data CenterPublic CloudFigure 3.Page 6 of 12www.SimpliVity.com
White PaperSolution OverviewThe combined solution helps IT administrators protect data on SimpliVity OmniStack systems by using HyTrust Data Control security and encryption capabilities. Feature and performance tests were verified out to ensure that SimpliVity OmniStack systems and HyTrust DataControl operate optimally with each other retaining the benefits of individual products andproviding a robust technology solution.Customer BenefitsSimpliVity is simplifying IT by providing a virtual computing infrastructure solution that seamlessly combines all data centerinfrastructure and services below the hypervisor on x86 building blocks to deliver one shared resource pool for compute,primary storage, and backup storage that expands by adding nodes within or across data centers. This solution providesenterprise performance, supporting business critical applications while ensuring security across the data life cycle.Data security is of extreme concern today. Data is always moving (backups, private to public clouds) and needs to be protected. HyTrust DataControl provides data and VM encryption and centralized management that simplifies data protection. This solution addresses a wide range of use cases, including the following: Simplified, secure operations: SimpliVity provides the ability to efficiently and quickly move VMs across datacenterswithin the SimpliVity federation. With HyTrust DataControl you can rekey a VM with a new key for the new datacenterand instruct the system to shred the old key for the old datacenter. All data associated with the old key, including clonesand backups are rendered useless. This is applicable for VMs even if they are moving between different service providers. Rekeying is the process of using a new encryption key. HyTrust DataControl can do a rekey without shutting downVMs for Windows systems. This zero downtime approach allows for more frequent rekeying, which increases security andcompliance with various regulations and security best practices. This capability is unique and one key reason Simplivity haschosen HyTrust. Industry-specific compliance: Some industries have specific standards for protecting data. For example, credit cardusers want their information to be secure and not compromised. Hence the Payment Card Industry (PCI) mandatesencryption of data. Other regulations like HIPAA and HITECH require protection of healthcare information. The HyTrustPlatform provides an array of compliance monitoring and enforcement tools to simplify this process across a range ofregulated industries, including Federal government customers.Page 7 of 12www.SimpliVity.com
White Paper Protected backups: SimpliVity eliminates the need for discrete backup hardware/software to deliver operational anddisaster recovery. Backup policies dictate backup frequency, destination and retention—all managed at the VM leveland from vCenter. Using HyTrust DataControl encryption with SimpliVity backups secures the backed up data as well.Without access to encryption keys, data protected using HyTrust DataControl and it’s NIST-approved strong-encryptioncannot be decrypted. Secure ROBO: SimpliVity eliminates the complexity of ROBO with hyperconvergence and through its fast and efficientbackup technology. Remote offices, by nature are not very secure as they should be due to lack of resources and experienced IT staff. With the centralized key management capabilities of HyTrust DataControl, your IT staff can be confidentthat data at remote sites is protected and no one in the remote offices can control access to encryption keys. Service provider applications: Service providers can benefit from encryption by assuring customers that their datais protected. This provides them with competitive advantage and differentiation as well as satisfies data residencyand privacy requirements. More advanced capability in the HyTrust Platform includes HyTrust BoundaryControl whichensures data does not leave a specific logical or physical regional boundary (e.g. European Union).Solution ArchitectureThis section provides a high-level architecture diagram of the SimpliVity OmniStack System and HyTrust onSimpliVity OmniStack.TopologyThe following diagram shows the topology of the test environment that was used in the lab.Encrypted D/DC/DNSSQLServervCenterServerProductionVM-1 CloneVM-26 RestoredInfrastructure1GbeTest & DevPage 8 of 1210Gbewww.SimpliVity.com
White PaperTesting InfrastructureHardware ModelOmniStack CN-2200OmniStack VersionOmniStack 3.0.8HypervisorvSphere 6.0Vdbench5.04.03Guest Operating SystemWindows Server 2012 R2HyTrust DataControl Version3.0.7566Technical DetailsThe test environment included three distinct “pods,” as shown in the diagram above.Infrastructure: All resources needed to support operations within the testbed, including DataControl components, werehosted here. These components are: DC/Active Directory/DNS: Windows components used to manage servers running Windows operating systems, assignIP’s etc. KeyControl1: Primary KeyControl node of the DataControl Software KeyControl2: HA KeyControl node of the DataControl Software SQL Server: Database for the vCenter Server vCenter Server: Management server for Virtual MachinesProduction: This pod hosted all the virtual machines that were tested in this solution. The test consisted of running a sustained load on the virtual machines and validation of SimpliVity operations as well as HyTrust DataControl features.Test & Dev.: This pod was used to validate that VMs remained encrypted when HA functionality of SimpliVity OmniStacksystems is used.Page 9 of 12www.SimpliVity.com
White PaperTesting MethodologyThis section describes the tests that were run to validate the solution and their significance.Vdbench TestVdbench is a command line utility tool that is used to measure application and storage performance. A sustained load wasrun on 50 virtual machines and the baseline performance was measured. After, 20% of the VMs were encrypted and thesame sustained load was run and performance was measured.The following profiles were used for Vdbench testing. VM Profile--2vCPU--2GB
SimpliVity packages OmniStack on popular x86 platforms—either on 2U servers marketed as OmniCube, or with partner . OmniStack eliminates infrastructure cost and complexity by consolidating a variety of IT functions (compute, storage, network switching, replication, backup, etc.) onto commodity virtualized x86 hard - . SimpliVity is .
