Since the cloud controller presents the same file system view through all controllers, the metadata at each controller must be kept in sync. The file system accomplishes this by taking frequent snapshots of the file system, extracting the metadata changes from the snapshot, and rapidly distributing those changes to all controllers that are members of the file system. Each cloud storage controller receives metadata updates from all other controllers and applies them to its own metadata. In this manner, the file system always appears the same regardless of which controller presents it.
When clients browse through the cloud controller file system, their user experience is identical to browsing a local file system because they are, in fact, browsing a local copy of the file system metadata. Thus, even if the actual file data exists on a controller in a different site or in the cloud, it is always possible to navigate the file system quickly.
Lock management is another crucial component in a global file system. Because multiple clients share access to a common file repository, there must be a mechanism that locks a file against simultaneous edits from multiple users. Once a user opens a file, the file is locked for editing to all others until the original user closes the file. An effective cloud storage controller includes a lock management system in which lock information is exchanged in real time among all controllers so that no two users ever contend for file editing privileges.
As for availability of files in the event of a cloud outage, cloud controllers can be set to automatically synchronize copies of files stored at two or more locations in the cloud, such as different Amazon sites. If one copy of the data becomes unavailable, the other copy is still on hand.
Cloud controllers resolve the security issue by employing military-grade file encryption to all files stored in the cloud. The encryption keys are maintained at the customer's own site to ensure complete security.
In cloud deployments, information will be transferred across the Internet. While in some cases virtual private networks may connect sites, or even the cloud, the cloud storage controller provides the utmost in protection for data in flight as well as at rest.
For example, all Panzura Quicksilver Cloud Storage Controllers ship from the factory with an RSA 2048-bit certificate. Customers may use this certificate if desired, but it is typically replaced by a customer-supplied X.509 certificate (PFX/PKCS#12, PEM, DER formats) of up to 4,096 bits.
When a cloud storage system is established, the system administrator designates the IP addresses of cloud controllers that are allowed to join the file system. Existing controllers in the file system use HMAC-SHA-256 authentication to establish a secure tunnel to the new controller and share the file system's X.509 certificate with it, encrypting the certificate in flight using AES-CBC-256.
When data traverses the network, either between controllers or between a controller and a public or private cloud, the controller generates a random number that is changed every 32MB of data to ensure key rotation. The user data is AES-CBC-256 encrypted using the random number, and the random number itself is then AES-CBC-256 encrypted using the X.509 certificate's public key and embedded in the header affixed to the chunk of data being transported/stored. The data is now safely encrypted, with the encryption used between chunks of data varying every 32MB, thwarting even brute-force decryption attempts.
Only a holder of the valid X.509 private key may decrypt the data. When a File Services Controller accesses encrypted chunks of information, the chunk header is examined, then the private key is used to decrypt the random number contained within the header, and finally the decrypted random number is used to decrypt the actual data.
Cloud storage controllers implement a robust global file system that delivers rapid access to files by separating metadata from payload data. In addition, cloud controller file systems implement global file lock management and can provide access to multiple copies of a file to protect against data center outages. Finally, cloud storage controllers implement military-grade encryption to eliminate fears about storing sensitive corporate information in a public cloud. Cloud storage controllers thereby overcome common barriers to cloud storage adoption.
New Tech Forum provides a means to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all enquiries to firstname.lastname@example.org.