BlueStore, Encryption and NVMe-only Storage
Good news from our storage department: Instead of "SSD-only" it is now "NVMe-only" – and thus even more performance at the same cost. In addition, "BlueStore", the new storage backend of our Ceph cluster, ensures the integrity of all your data thanks to its integrated checksums. And last but not least, we have extended our security concept by another layer of protection through hard disk encryption.
- How NVMe helps us get even more performance out of SSDs
- Why we decided to migrate our Ceph cluster to BlueStore
- What benefit disk encryption by the cloud provider offers
How NVMe helps us get even more performance out of SSDs
Solid-state drives (SSDs) are significantly faster than conventional hard disks because they are based exclusively on memory chips instead of moving magnetic disks and read/write heads. This also shifts the bottleneck: current SSDs can store and deliver data faster than the widespread S-ATA connection allows for. Thanks to the NVMe standard, SSDs can be connected directly to the fast PCIe interface of a PC or server instead, thereby leveraging their full potential.
At cloudscale.ch, we have gradually replaced our SSDs by models featuring an NVMe interface, so that today all your SSD volumes are stored on NVMe SSDs entirely, delivering the best possible performance. This was made possible by sourcing new storage systems based on AMD Epyc CPUs that offer the necessary number of PCIe lanes. By the way: even with our bulk and object storage, the Ceph DB and object cache reside on NVMe SSDs for optimal performance.
Why we decided to migrate our Ceph cluster to BlueStore
BlueStore, the recommended storage backend since the Luminous release, was developed specifically for Ceph clusters and a first version was released about three years ago. Instead of storing the data on an XFS file system in the background, Ceph uses BlueStore to completely manage the block device by itself and thus has complete control over the journal, caches, etc. As part of the upgrade of our storage systems to Ubuntu 18.04 LTS, we migrated our Ceph cluster from XFS to BlueStore – not least because of the significant performance gain that BlueStore provides compared to XFS.
An additional advantage of BlueStore are the integrated checksums: these are automatically stored for all data and metadata and validated each time data is read from the storage media. BlueStore thus offers an additional mechanism for maintaining the integrity of your data ‐ one of the three central components of information security in addition to availability and confidentiality.
What benefit disk encryption by the cloud provider offers
Together with the migration to BlueStore, we also implemented the encryption of all data disks in our storage systems. This means that as of now all your volumes and objects are automatically encrypted "at rest". In addition to the already established process that disks are secure-erased by our employees when taken out of service, this encryption provides a further protective layer and thus complements our existing measures to increase information security.
The main purpose of this encryption is to protect your data from third parties, e.g. in case we have to dispose of a defective SSD. It is in the nature of things that we still need to be in possession of the necessary keys in order to operate your servers and volumes as usual. Disk encryption by the cloud provider thus complements your own efforts to protect your data, such as encrypted transmission over the Internet or encryption of your volumes using LUKS.
The security of your data has always been one of our top priorities (see also Certified as per ISO 27001, 27017 and 27018). Furthermore, we always want to offer you the best possible performance. All the more reason for us to be pleased that our storage system has made a further leap forward in both areas.
Pump up the volume(s)!
Your cloudscale.ch team