Enabling Multi-Tenancy with NetApp MultiStore
Agenda What is Multi-Tenancy? Secure Multi-Tenancy as Cloud Infrastructure Introducing MultiStore MultiStore Use Cases Customer Examples 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 2
Multi-Tenancy What is it? Shared Infrastructure: hardware & software Consolidation of diverse requirements Administrative isolation and control Tenants Customers Business Units Applications Departments Shared Infrastructure 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 3
Secure Multi-Tenancy Definition Supporting multiple tenants (users, customers, etc.) from single shared infrastructure while keeping all data isolated and secure Customers concerned with security and privacy require secure multi-tenancy Government agencies Financial companies Service Providers Etc. Architects & Product Managers will understand the concept of Secure Multi-Tenancy 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 4
Multi-Tenancy and Cloud Infrastructure Customers Secure Multi-Tenancy Serve multiple clients with one physical system Service Automation and Management Ease of data provisioning; charge-back model Applications Servers Network Storage Management Mobility Access data anywhere anytime! Storage Efficiency Less storage to do more Integrated Protection Simple, accurate, instantaneous data backup 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 5
Secure Multi-tenancy for virtualized environments VMware VMware VMware HR BU APP Solution The only validated solution to support end to end multitenancy across application and data is securely isolated from virtual server, network, to virtual storage Customer Benefits Address end user security concerns Meet regulatory and compliance requirements Gain economies of scale, higher utilization, better SLAs of virtualized environment Reduced cost, increased efficiency and business agility 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 6
Introducing MultiStore Secure, Multi-Tenancy for ONTAP Creates multiple system partitions (vfiler units) on a single NetApp storage system Virtual Storage Partitions Each vfiler unit is secure owned by one vfiler unit can not be accessed by any other vfiler unit s though they are hosted on the same physical storage system 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 7
Introducing MultiStore Secure, Multi-Tenancy for ONTAP Benefits Storage controller consolidation for improved asset utilization of workloads Transparent migration of workloads between different tiers of storage or for dynamic load balancing Workload specific delegation of administration Integrated & simplified disaster recovery 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 8
MultiStore One Physical System, Multiple Virtual Storage Partitions Customer A Customer B Customer C Virtual Storage Partition Virtual Storage Partition Virtual Storage Partition Up to 65 secure partitions (vfiler units) on a single storage system IP Storage based (NFS,CIFS & iscsi servers) Over 16,000 MultiStore systems deployed world-wide 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 9
What Makes MultiStore Secure? MultiStore provides multiple layers of security IPspaces Administrative separation Protocol separation Storage separation An IPspace has a dedicated routing table for look up of IP destination address and next-hop information Each physical interface (Ethernet port) or logical interface (VLAN) is bound to a single IPspace A single IPspace may have multiple physical & logical interfaces bound to it Each customer has a unique IPspace Use of VLANs or VIFs is a best practice with IPspaces 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 10
Matasano Security Audit In early 2008, Matasano Security conducted an extensive security audit of the NetApp ONTAP operating system and the licensed software feature, MultiStore. At the conclusion of our testing, we found that the ONTAP operating system exceeded our expectations for security. Matasano Security knows of no vulnerabilities in ONTAP or MultiStore that would compromise data integrity in MultiStore virtual storage resources, or the compromise of NetApp FAS Storage Systems. 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 11
MultiStore Use Cases MultiStore Use Case File Services Consolidation Application Hosting Business Benefit Two or more groups can share one physical resource but maintain control over security and access to data. Smaller footprint, less power. Host application data across a common storage infrastructure with defined service levels. Enables IT as a service (Cloud) Mobility Disaster Recovery Move data between physical storage systems without complex reconfiguration. Easily mirror between sites and enable fast, reliable recovery. 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 12
MultiStore File Services Consolidation Department A Department B Department C CIFS & NFS CIFS & NFS CIFS & NFS Virtual Storage Partitions Dedicated Server/Storage Virtual Storage Partitions Virtual Storage Partitions Physical Storage System Keep the same functionality as individual file servers. 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 13
MultiStore Application Hosting Customer A Customer B Customer C Application A,B,C Application D,E,F Application G, H, J Virtual Storage Partitions Dedicated Server/Storage Virtual Storage Partitions Virtual Storage Partitions Physical Storage System Host multiple customers on single infrastructure. 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 14
NetApp Motion Always-On Mobility ON ON 24/7 Storage Storage Pool Pool Integration of MultiStore, SnapMirror and Provisioning Manager No planned downtime for Storage capacity expansion Scheduled maintenance outages Technology refresh Software Upgrades Improved SLA flexibility Dynamic load balancing Adjustable storage tiers Application transparency Performance Transaction integrity NetApp Motion * Available with ONTAP 7.3.3 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 15
Adding Mobility to Multi-Tenancy Origin Storage System Target Storage System Customer A Customer B Customer C Virtual Storage Partition Virtual Storage Partition Virtual Storage Partition NetApp Motion moves a tenant in a single operation. 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 16
Automated Disaster Recovery DR Site Primary Center FAS/V-Series with MultiStore SnapMirror DR Site FAS/V-Series with MultiStore SnapMirror SnapMirror Affordable DR and business continuance Centralized solution for local and distributed sites Rapid recovery with minimal client impact using DR activate 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 17
Customer Success: Business Challenge: Offer and maintain affordable, private storage that reseller partners can provide to end customers Solution: NetApp MultiStore software enables Avnet and its reseller partners to offer virtual storage controllers that provide end customers with secure, private storage on shared NetApp FAS3020HA systems. Benefits: Offer a managed service that addresses the business needs of resellers end customers Delivers the benefits of a data center without the capital expenditure or need to own and operate one NetApp MultiStore was the best way of providing our partners with a managed service for their customers that offers confidentiality comparable to that of a storage device that was theirs and theirs alone for much less 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 18
MultiStore Benefits Summary Secure Multi-tenancy across: Enables the Cloud enterprises departments applications Reduced cost & management complexity Physical storage consolidation Tiered administrative management Quick and easy data mobility Simple disaster recovery solution 2009 NetApp. All rights reserved. NetApp Confidential-Limited Use 19