Anti-Gravity is the 3rd generation of Blockbridge Elastic Storage. We’re introducing several new technologies that deliver on the promise of elastic block storage in public, private and hybrid cloud. In this blog post, we’ll run through the high-level list of features. Stay tuned for in-depth technical posts on some of the new concepts.

Object Exchange

Object Exchange (aka, “OX”) integrates Elastic Block Storage with any S3 compatible object storage provider. Example providers include Amazon Web Services, Google Compute Engine, Microsoft Azure, Swift, and CEPH. OX allows you to snapshot a volume from block storage directly into object storage. Additionally, OX allows you to instantly clone volumes from object storage. Cloned volumes provide immediate access to data, even if your object storage provider is off-premises. OX delivers seamless data mobility for backup, disaster tolerance and hybrid cloud applications.

HEAL – Heuristic Evaluation with Autonomous Layout

HEAL provides automated device-level data protection. It is a set of API-driven micro-services designed to enable flexible backend data protection schemes for a wide variety of storage interconnects: anything from dual-ported SAS to distributed NVMe over Fabrics. HEAL understands failure domains, media types, fabrics, and connectivity. You describe HEAL volume properties using a simplified query syntax. The HEAL system assembles, monitors, recovers, and repairs volumes autonomously. HEAL enables unprecedented control over the essential factors that determine cost, performance and availability.

Device Services

Designed specially for HEAL, our new device micro-service allows you to discover, manage, and reserve physical disks and infrastructure programmatically. We’ve integrated NVMe monitoring, access to SMART information, SES-2 enclosure monitoring, multi-enclosure support, device-slot accounting and support for virtual devices (AWS, VMware, CEPH, etc). In addition, the device micro-service allows you to attach arbitrary metadata to physical devices to use as selection criteria for building HEAL volumes (i.e, power domain, customer, interconnect).

Policy Driven Rebalancing

Storage pools now support transparent rebalancing and policy controls. If you add more storage, the dataplane automatically redistributes capacity and load across members of a pool according to policy. You can use policies to implement tiered strategies, migrate to new storage or redistribute resources. You now have full control over flow rate, distribution, duration and time of day.

iSCSI/TLSv1.2

Transparent compression and encryption using modern ciphers without the baggage of IPsec! iSCSI over TLSv1.2 is firewall friendly, suitable for LAN and WAN, and fast: 3.4x more throughput than IPsec. Support is now fully integrated into our command line tools. No complex configuration is needed, just a single command line option.

Single-Click Replication / Migration

Replication management functions now support automated policy-driven placement. You can securely replicate or migrate storage across the WAN just as easily as you can between racks. Use it for disaster tolerance or use it to relocate data between providers.

Dataplane Performance

We’ve added several new offload capabilities to our dataplane pipeline, primarily to avoid inline random memory access latencies. This release delivers significant efficiency gains over our 2.x software. The dataplane micro-segmentation engine now scales beyond 1.5 million IOPS on a single processor.  Single volume performance, measured at the client, now clocks in beyond 400K for a 4K random workload.

Security

There is a bevy of new security features and updates to the internal software. New policies include write-only, read-only and restrict-ip capabilities on initiator profiles. We’ve updated our IPsec and TLS negotiation policies to prevent the use of less-secure ciphers. The command line tools now implement disk-key delegation and multi-factor authentication. We’ve moved to enable our built-in certificate authority by default, allowing the command line tool to validate the authenticity of the API server certificate.  And, we’ve added support for OTP authentication API tokens.

Containers

Last, and definitely not least, this release contains all the core support for the latest version of our container volume driver including Docker IQ, end-to-end encrypted Docker Volumes, multi-host Docker volumes, authenticated Docker Volumes, Docker storage profiles, and Quality of Service for Docker.