StorageRap

Chuck Hollis wrote a blog post earlier this week,titled "Once Upon a Time".   I thought it was an excellent post, telling about the transition EMC made a decade ago starting when Joe Tucci replaced Mike Ruettgers.  FWIW, I think the diversification that Tucci accomplished at EMC has made all the difference there - especially the acquisition of VMware.  You might call it lucky (as I tend to do), but the fact was they were looking to diversify their business took them on a journey that has buoyed their company far beyond the capabilities that their storage products by themselves would have supported.

At the end, he asks the question if history was bound to repeat itself again - which appeared to be a nudge towards some of the other companies in the industry.  I didn't think this was such an affront - Chuck has been known to tweak competitors from time to time, but for the last 6 months or so, he's restrained himself from doing so.  

So I was surprised this morning when I saw some tweets that had me look at the post again.  And sure enough there was a blow up there involving a cadre of Netapp people that over-reacted to Chuck's post.  

One of the consequences of this over reaction was that a benign blog post about EMC history became a referendum on Netapp's Secure Multi-Tenancy (SMT).  It wasn't what Chuck was driving at in his original post, but the comments from Netapp folks steered the discussion that direction.

Chuck's main argument is that SMT isn't very secure if your service provider can gain access to a tenant's data. I'd add to that and say, it's not very secure if your service provider can delete volumes and destroy data too.  Inadvertent destruction of data by administrators is a larger threat than somebody pulling "an inside job".  

But it doesn't just effect service provider scenarios. The issue of multi-tenancy also applies to private data center operations.  There have been suggestions that the word "tenant" refer to the legal owner of the data, but the word "legal" is unnecessary and obscures the common understanding that a tenant is the application owner that uses a shared a resource, whether it is a physical server or storage array.   

A good example of multi-tenancy within the confines of a private data center is a corporate database that is managed by a DBA that doesn't want anything else to impact their performance and stability. When that database is moved to a virtual environment, the DBA expects to have multi-tenant protection that ensures nothing changes except a decrease in operating costs. The same applies to any application owner who would like, but can't afford the luxuries of dedicated resources.

Role-based administration combined with resource virtualization makes multi-tenant environments safe from administrator errors. Limiting the scope of what an admin can see as well as what actions they can take eliminates the possibility of them making a simple mistake with major consequences. Using the DBA example, if the DBA alone controls their own storage resources, there is no opportunity for a co-worker to screw things up for them. 

3PAR's Virtual Domain software (available since 2008) provides a role-based, restricted access system for managing storage resources. This certainly doesn't solve all the security problems for multi-tenant environments, but it's an excellent way to eliminate the most common concerns of application owners.

The technology can be extended to public cloud infrastructures as well if a service provider chooses to make it available.  A customer can be given Virtual Domain private control of their storage resources - without the ability to see any other customers' resources - to manage and provision as they see fit. In the service provider model, 3PAR provides the technology to its service provider partners who provide Virtual Domain-based services to their customers. 3PAR Cloud Agile partners who offer these services today are:

     Attenda
     DataPipe
     Data Intensity
     UCS Solutions

Its out there and available, for private or public use.