Blockbridge is excited to announce the first generally available implementation of iSCSI over TLSv1.2. iSCSI-TLSv1.2 delivers a 290% increase in maximum throughput, 18% reduction in minimum latency, and drastically simplified management when compared to IPsec. There’s no longer an excuse for an insecure storage network! iSCSI The iSCSI protocol defines a method for transporting SCSI packets over one or more TCP/IP connections (see RFC3720). 15 years ago, when the protocol was designed, secure transport options were limited. IPsec emerged as the recommended standard. Fast forward a decade and a half, we have new cipher suites, crypto primitives built into commodity hardware and storage devices that operate well in excess of 1GB/s. The time has come to consider modern alternatives to IPsec for securing high-performance storage. IPsec Primer IPsec is an IP/Layer 3 protocol that cryptographically protects packets of any kind (i.e. TCP, UDP, ICMP, etc). In [...]
About BlockbridgeThis author has not yet filled in any details.
So far Blockbridge has created 25 blog entries.
Application containers are gaining traction in the IT community. However, at the last Container Summit in NYC, Dave Bartoletti of Forrester Research cited that 53% of companies claim that security is the top deployment concern for containers. Although the umbrella of “security” is quite broad, one of the more fundamental challenges in deploying containerized applications is to provide controlled access to data. To date, there are no security mechanisms in place to protect volume data. We considered releasing a generic authentication and authorization framework for Docker volumes, but it quickly became clear that the infrastructure itself must provide enforcement of security policies. Anything implemented at the host level would only be capable of providing discretionary access controls, leaving a measurable security gap between the container host and the infrastructure. Authenticated Volumes To help improve container data security, we are excited to bring Authenticated Volumes to the container world. Authenticated [...]
Multi-host Volumes Blockbridge volumes work in both single and multi-host Docker environments. In this post we’ll describe how it all works and the key semantics that you need to be aware of for Docker 1.9. Docker itself is not multi-host aware. While orchestration tools like Docker Swarm facilitate multi-host scheduling and management, each Docker daemon is responsible for local container management only. If you have a containerized application that maintains persistent state, and you need to move it between hosts, then you have a basic use-case for multi-host volumes. A multi-host volume is a persistent data volume that can be accessed by any Docker host and its containers. This definition includes both shared access volumes as well as those requiring exclusive access. The key technical challenges in implementing multi-host volumes involve managing coordinated access to single-writer data sources and awareness of distributed container references that are managed by Docker. [...]
In version 3.0 of the Blockbridge Volume Driver, we introduced Storage Profiles. This post goes into detail on what Storage Profiles are and how to use them. What are Storage Profiles? Storage Profiles provide a way to templatize resource constraints, provisioning parameters and volume options. You can specify storage requirements in a profile and then reference the profile to provision similar storage from any docker host running the Blockbridge volume driver. For example, you may create a profile to ensure that storage and compute are collocated in the same L2 networking domain. Or, create tiers of storage ranging from old-school EMC spinners to high performance software-defined storage running on commodity NVMe. Storage Profiles can be referenced by and managed from any Docker host without the need for additional clustering software or setup. There are currently 2 ways to interact with them. You can use the driver’s command-line utility [...]
The 3rd major release of the Blockbridge Docker Volume Driver! Blockbridge consistently releases volume driver updates in support of new Docker functionality. Version 3.0 of the volume driver continues this trend with enhanced support for Docker 1.9, adding additional Blockbridge specific features and laying the groundwork for fancy features coming in Docker 1.10. Here’s a summary of what's new: Storage Profiles - global user-defined templates for attribute-based provisioning Volume Insight - runtime insight into volume properties Quality of Service - guaranteed IOPS for persistent volumes Storage Profiles You’ve always been able to provision Blockbridge programmable storage with a rich set of attributes and per-volume options. Developers rely on this capability to programmatically provision storage to match application requirements. In 3.0, we’re introducing Storage Profiles as a way to templatize query parameters and volume options. Define your application requirements in a profile, and then use the profile to [...]
We are pleased to announce general availability of the Blockbridge Command Line Tools. This set of tools communicates directly with the Blockbridge REST API. They're written in Ruby to operate seamlessly on a variety of platforms -- even Windows! We’ve gone to great lengths to build a toolkit that's optimized for orchestration and that delivers a service oriented approach to storage. With these tools, everyone's a storage Jedi. Blockbridge Command Line Tool # bb Usage: bb [OPTIONS] SUBCOMMAND [ARG] ... Parameters: SUBCOMMAND subcommand [ARG] ... subcommand arguments Subcommands: account manage accounts auth authentication (login, logout, status) authorization manage persistent authorizations batch perform batch object operations ca manage the embedded certificate authority catalog manage and query the catalog datastore manage datastores dev manage storage devices disk manage virtual disks disk-set manage a set of disks host collection of host integration tools net manage network interfaces node manage nodes profile manage initiator [...]
This post provides a step-by-step guide for installing the Blockbridge simulator. The simulator makes it easy to try Elastic Programmable Storage (EPS) in a non-production environment. You can use the simulator to try our OpenStack, Docker, DropSafe and bare-metal workflows as well as develop applications that consume our native API. For your convenience, the simulator installs as a Docker container and is available from the Docker hub. While we suggest using Docker Engine 1.8+, feel free to use any host OS you want: CoreOS, RHEL, CentOS, Boot2Docker, etc. Install Docker (CentOS7 shown here) [root@docker centos]# yum install docker Installed: docker.x86_64 0:1.8.2-10.el7.centos Dependency Installed: device-mapper-event.x86_64 7:1.02.107-5.el7 device-mapper-event-libs.x86_64 7:1.02.107-5.el7 device-mapper-persistent-data.x86_64 0:0.5.5-1.el7 docker-selinux.x86_64 0:1.8.2-10.el7.centos libaio.x86_64 0:0.3.109-13.el7 lvm2.x86_64 7:2.02.130-5.el7 lvm2-libs.x86_64 7:2.02.130-5.el7 Complete! [root@docker centos]# systemctl start docker [root@docker centos]# The easiest way to get started is to deploy a converged simulator, with either private container networking or public networking (to access [...]
We are super duper excited to announce the 2.5.0 release of Blockbridge Elastic Programmable Storage! This release contains major improvements and new features throughout the entire stack. We’ve also updated our ecosystem drivers and tools. Lastly, we’ve completed the foundation for some game changing features that are coming soon in 3.0. Here’s what’s new: Storage & Fabric CEPH Support Dynamic compression for performance Improved QoS engine Improved WAN replication performance Metadata command set extensions Write-once block policy Write-only initiator policy XTS virtual block plugin 4K native device support API & Tools Automated certificate trust management Complete API documentation and examples Extended tenant resource controls Improved Windows support Single command clone orchestration Single command IPsec orchestration Single command secure-token key delegation Single command write-only, read-only, and ip security policies Docker Anonymous volume support AutoClone volume support (see it in action) Updated simulator (find it here) Updated volume driver (find it here) [...]
AutoClone persistent volumes are perhaps the easiest way to distribute content, configuration and datasets to containers in a multi-host container environment. Why? Provisioning is fast, resource utilization is nil, and it’s dead simple to manage versioning. To showcase the flexibility of AutoClone, we put together a demo using the latest and greatest that Docker has to offer: Engine 1.9, Swarm 1.0, and Compose 1.5. The demo walks through deployment of a scalable multi-host load-balanced web infrastructure. We make use of Docker for orchestration and AutoClone for efficient data distribution using native docker management. The demo implements a “publish & subscribe” workflow for content distribution using a standard filesystem (ie. ext4). There is a single repository where modifications are made and published. The publishing action is creation of a point in time snapshot. The Blockbridge Docker Volume driver, with AutoClone support, enables the web server containers to dynamically locate and [...]
Efficient automated data distribution for containers Containers are a great way to isolate application run-time dependencies and state from the host platform. They drastically simplify application deployment and provide efficient resource utilization when compared to virtual machines. As a result, containers are quickly becoming standard building blocks for scale-out applications and microservices-based architecture. However, this “new stack” approach re-introduces many traditional computer science problems. One of the more vexing classes of problems involves coordinated state between containers. Here are a few frequently asked questions: how can I atomically update configuration for distributed containers? how can I distribute large data sets to distributed containers? how can I revert container state to a previous point in time? Some coordinated state problems can be solved with a distributed key-value store like etcd (e.g., service discovery). However, managing a clustered system introduces a new level of complexity. Also, many distributed solutions have trouble dealing [...]