Pure Storage – Configuring ObjectEngine Bucket Security

This is a quick post as a reminder for me next time I need to do something with basic S3 bucket security. A little while I ago I was testing Pure Storage’s ObjectEngine (OE) device with a number of data protection products. I’ve done a few articles previously on what it looked like from the Cohesity and Commvault perspective, but thought it would be worthwhile to document what I did on the OE side of things.

The first step is to create the bucket in the OE dashboard.

You’ll need to call it something, and there are rules around the naming convention and length of the name.

In this example, I’m creating a bucket for Commvault to use, so I’ve called this one “commvault-test”.

Once the bucket has been created, you should add a security policy to the bucket.

Click on “Add” and you’ll be prompted to get started with the Bucket Policy Editor.

I’m pretty hopeless with this stuff, but fortunately there’s a policy generator on the AWS site you can use.

Once you’ve generated your policy, click on Save and you’ll be good to go. Keep in mind that any user you reference in the policy will need to exist in OE for the policy to work.

Here’s the policy I applied to this particular bucket. The user is commvault, and the bucket name is commvault-test.

{
  "Id": "Policy1563859773493",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1563859751962",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::commvault-test",
      "Principal": {
        "AWS": [
          "arn:aws:iam::0:user/commvault"
        ]
      }
    },
    {
      "Sid": "Stmt1563859771357",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::commvault-test/*",
      "Principal": {
        "AWS": [
          "arn:aws:iam::0:user/commvault"
        ]
      }
    }
  ]
}

You can read more about the policy elements here.

Formulus Black Announces Forsa 3.0

Formulus Black recently announced version 3.0 of its Forsa product. I had the opportunity to speak with Mark Iwanowski and Jing Xie about the announcement and wanted to share some thoughts here.

 

So What’s A Forsa Again?

It’s a software solution for running applications in memory without needing to re-tool your applications or hardware. You can present persistent storage (think Intel Optane) or non-persistent memory (think DRAM) as a block device to the host and run your applications on that. Here’s a look at the architecture.

[image courtesy of Formulus Black]

Is This Just a Linux Thing?

No, not entirely. There’s Ubuntu and CentOS support out of the box, and Red Hat support is imminent. If you don’t use those operating systems though, don’t stress. You can also run this using a KVM-based hypervisor. So anything supported by that can be supported by Forsa.

But What If My Memory Fails?

Formulus Black has a technology called “BLINK” which provides the ability to copy your data down to SSDs, or you can failover the data to another host.

Won’t I Need A Bunch Of RAM?

Formulus Black uses Bit Markers – a memory efficient technology (like deduplication) – to make efficient use of the available memory. They call it “amplification” as opposed to deduplication, as it amplifies the available space.

Is This Going To Cost Me?

A little, but not as much as you’d think (because nothing’s ever free). The software is licensed on a per-socket basis, so if you decide to add memory capacity you’re not up for additional licensing costs.

 

Thoughts and Further Reading

I don’t do as much work with folks requiring in-memory storage solutions as much as I’d like to do, but I do appreciate the requirement for these kinds of solutions. The big appeal here is the lack of requirement to re-tool your applications to work in-memory. All you need is something that runs on Linux or KVM and you’re pretty much good to go. Sure, I’m over-simplifying things a little, but it looks like there’s a good story here in terms of the lack of integration required to get some serious performance improvements.

Formulus Black came out of stealth around 4 and a bit months ago and have already introduced a raft of improvements over version 2.0 of their offering. It’s great to see the speed with which they’ve been able to execute on new features in their offering. I’m curious to see what’s next, as there’s obviously been a great focus on performance and simplicity.

The cool kids are all talking about the benefits of NVMe-based, centralised storage solutions. And they’re right to do this, as most applications will do just fine with these kinds of storage platforms. But there are still going to be minuscule bottlenecks associated with these devices. If you absolutely need things to run screamingly fast, you’ll likely want to run them in-memory. And if that’s the case, Formulus Black’s Forsa solution might be just what you’re looking for. Plus, it’s a pretty cool name for a company, or possibly an aspiring wizard.

Random Short Take #20

Here are some links to some random news items and other content that I recently found interesting. You might find them interesting too. Episode 20 – feels like it’s becoming a thing.

  • Scale Computing seems to be having a fair bit of success with their VDI solutions. Here’s a press release about what they did with Harlingen WaterWorks System.
  • I don’t read Corey Quinn’s articles enough, but I am glad I read this one. Regardless of what you think about the enforceability of non-compete agreements (and regardless of where you’re employed), these things have no place in the modern workforce.
  • If you’re getting along to VMworld US this year, I imagine there’s plenty in your schedule already. If you have the time – I recommend getting around to seeing what Cody and Pure Storage are up to. I find Cody to be a great presenter, and Pure have been doing some neat stuff lately.
  • Speaking of VMworld, this article from Tom about packing the little things for conferences in preparation for any eventuality was useful. And if you’re heading to VMworld, be sure to swing past the VMUG booth. There’s a bunch of VMUG stuff happening at VMworld – you can read more about that here.
  • I promise this is pretty much the last bit of news I’ll share regarding VMworld. Anthony from Veeam put up a post about their competition to win a pass to VMworld. If you’re on the fence about going, check it out now (as the competition closes on the 19th August).
  • It wouldn’t be a random short take without some mention of data protection. This article about tiering protection data from George Crump was bang on the money.
  • Backblaze published their quarterly roundup of hard drive stats – you can read more here.
  • This article from Paul on freelancing and side gigs was comprehensive and enlightening. If you’re thinking of taking on some extra work in the hopes of making it your full-time job, or just wanting to earn a little more pin money, it’s worthwhile reading this post.

Brisbane VMUG – September 2019

hero_vmug_express_2011

The September 2019 edition of the Brisbane VMUG meeting will be held on Tuesday 10th September at Fishburners (Level 2, 155 Queen Street, Brisbane City) from 4 – 6pm. It’s sponsored by StorageCraft and promises to be a great afternoon.

Here’s the agenda:

  • VMUG Intro
  • VMware Presentation
  • StorageCraft Presentation
  • Q&A
  • Light refreshments

StorageCraft have gone to great lengths to make sure this will be a fun and informative session and I’m really looking forward to hearing about what they’ve been up to. You can find out more information and register for the event here. I hope to see you there. Also, if you’re interested in sponsoring one of these events, please get in touch with me and I can help make it happen.

Burlywood Tech Announces TrueFlash Insight

Burlywood Tech came out of stealth a few years ago, and I wrote about their TrueFlash announcement here. I had another opportunity to speak to Mike Tomky recently about Burlywood’s TrueFlash Insight announcement and thought I’d share some thoughts here.

 

The Announcement

Burlywood’s “TrueFlash” product delivers what they describe as a “software-defined SSD” drive. Since they’ve been active in the market they’ve gained traction in what they call the Tier 2 service provider segments (not the necessarily the “Big 7” hyperscalers).

They’ve announced TrueFlash Insight because, in a number of cases, customers don’t know what their workloads really look like. The idea behind TrueFlash Insight is that it can be run in a production environment for a period of time to collect metadata and drive telemetry. Engineers can also be sent on site if required to do the analysis. The data collected with TrueFlash Insight helps Burlywood with the process of designing and tuning the TrueFlash product for the desired workload.

How It Works

  • Insight is available only on Burlywood TrueFlash drives
  • Enabled upon execution of a SOW for Insight analysis services
  • Run your application as normal in a system with one or more Insight-enabled TrueFlash drives
  • Follow the instructions to download the telemetry files
  • Send telemetry data to Burlywood for analysis
  • Burlywood parses the telemetry, analyses data patterns, shares performance information, and identifies potential bottlenecks and trouble spots
  • This information can then be used to tune the TrueFlash SSDs for optimal performance

 

Thoughts and Further Reading

When I wrote about Burlywood previously I was fascinated by the scale that would be required for a company to consider deploying SSDs with workload-specific code sitting on them. And then I stopped and thought about my comrades in the enterprise space struggling to get the kind of visibility into their gear that’s required to make these kinds of decisions. But when your business relies so heavily on good performance, there’s a chance you have some idea of how to get information on the performance of your systems. The fact that Burlywood are making this offering available to customers indicates that even those customers that are on board with the idea of “Software-defined SSDs (SDSSDs?)” don’t always have the capabilities required to make an accurate assessment of their workloads.

But this solution isn’t just for existing Burlywood customers. The good news is it’s also available for customers considering using Burlywood’s product in their DC. It’s a reasonably simple process to get up and running, and my impression is that it will save a bit of angst down the track. Tomky made the comment that, with this kind of solution, you don’t need to “worry about masking problems at the drive level – [you can] work on your core value”. There’s a lot to be said for companies, even the ones with very complex technical requirements, not having to worry about the technical part of the business as much as the business part of the business. If Burlywood can make that process easier for current and future customers, I’m all for it.

StorONE Announces S1-as-a-Service

StorONE recently announced its StorONE-as-a-Service (S1aaS) offering. I had the opportunity to speak to Gal Naor about it and thought I’d share some thoughts here.

 

The Announcement

StorONE’s S1-as-a-Service (S1aaS), is a use-based solution integrating StorONE’s S1 storage services with Dell Technologies and Mellanox hardware. The idea is they’ll ship you an appliance (available in a few different configurations) and you plug it in and away you go. There’s not a huge amount to say about it as it’s fairly straightforward. If you need more that the 18TB entry-level configuration, StorONE can get you up and running with 60TB thanks to overnight shipping.

Speedonomics

The as-a-Service bit is what most people are interested in, and S1aaS starts at $999 US per month for the 18TB all-flash array that delivers up to 150000 IOPS. There are a couple of other configurations available as well, including 36TB at $1797 per month, and 54TB at $2497 per month. If, for some reason, you decide you don’t want the device any more, or you no longer have that particular requirement, you can cancel your service with 30 days’ notice.

 

Thoughts and Further Reading

The idea of consuming storage from vendors on-premises via flexible finance plans isn’t a new one. But S1aaS isn’t a leasing plan. There’s no 60-month commitment and payback plan. If you want to use this for three months for a particular project and then cancel your service, you can. Just as you could with cable. From that perspective, it’s a reasonably interesting proposition. A number of the major storage vendors would struggle to put that much capacity and speed in such a small footprint on-premises for $999 per month. This is the major benefit of a software-based storage product that, by all accounts, can get a lot out of commodity server hardware.

I wrote about StorONE when they came out of stealth mode a few years ago, and noted the impressive numbers they were posting. Are numbers the most important thing when it comes to selecting storage products? No, not always. There’s plenty to be said for “good enough” solutions that are more affordable. But it strikes me that solutions that go really fast and don’t cost a small fortune to run are going to be awfully compelling. One of the biggest impediments to deploying on-premises storage solutions “as-a-Service” is that there’s usually a minimum spend required to make it worthwhile for the vendor or service provider. Most attempts previously have taken more than 2RU of rack space as a minimum footprint, and have required the customer to sign up for minimum terms of 36 – 60 months. That all changes (for the better) when you can run your storage on a server with NVMe-based drives and an efficient, software-based platform.

Sure, there are plenty of enterprises that are going to need more than 18TB of capacity. But are they going to need more than 54TB of capacity that goes at that speed? And can they build that themselves for the monthly cost that StorONE is asking for? Maybe. But maybe it’s just as easy for them to look at what their workloads are doing and decide whether they want everything to on that one solution. And there’s nothing to stop them deploying multiple configurations either.

I was impressed with StorONE when they first launched. They seem to have a knack for getting good performance from commodity gear, and they’re willing to offer that solution to customers at a reasonable price. I’m looking forward to seeing how the market reacts to these kinds of competitive offerings. You can read more about S1aaS here.

Random Short Take #19

Here are some links to some random news items and other content that I recently found interesting. You might find them interesting too. Episode 19 – let’s get tropical! It’s all happening.

  • I seem to link to Alastair’s blog a lot. That’s mainly because he’s writing about things that interest me, like this article on data governance and data protection. Plus he’s a good bloke.
  • Speaking of data protection, Chris M. Evans has been writing some interesting articles lately on things like backup as a service. Having worked in the service provider space for a piece of my career, I wholeheartedly agree that it can be a “leap of faith” on the part of the customer to adopt these kinds of services.
  • This post by Raffaello Poltronieri on VMware’s vRealize Operations session at Tech Field Day 19 makes for good reading.
  • This podcast episode from W. Curtis Preston was well worth the listen. I’m constantly fascinated by the challenges presented to infrastructure in media and entertainment environments, particularly when it comes to data protection.
  • I always enjoy reading Preston’s perspective on data protection challenges, and this article is no exception.
  • This article from Tom Hollingsworth was honest and probably cut too close to the bone with a lot of readers. There are a lot of bad habits that we develop in our jobs, whether we’re coding, running infrastructure, or flipping burgers. The key is to identify those behaviours and work to address them where possible.
  • Over at SimplyGeek.co.uk, Gavin has been posting a number of Ansible-related articles, including this one on automating vSphere VM and ova deployments. A number fo folks in the industry talk a tough game when it comes to automation, and it’s nice to see Gavin putting it on wax and setting a great example.
  • The Mark Of Cain have announced a national tour to commemorate the 30th anniversary of their Battlesick album. Unfortunately I may not be in the country when they’re playing in my part of the woods, but if you’re in Australia you can find out more information here.

VMware – VMworld 2019 – See you in San Francisco

This is a quick post to let my loyal readers know that I’ll be heading to VMware’s annual conference (VMworld) this year in San Francisco. This will be my fourth VMworld. I’m looking forward to catching up with some old friends and meeting some new ones. If you haven’t registered yet but feel like that’s something you might want to do – the registration page is here. To get a feel for what’s on offer, you can check out information about the VMworld 2019 sessions here. The Content Catalog [sic] is available now too, so if you’ve registered you can start filling up your schedule. You can also read the FAQ here.

Big thanks to Tej at VMware for organising the blogger pass. I’ll also be publicly thanking some other folks when I have some more logistics locked in. Keep an eye out for me at the conference and surrounding events and don’t be afraid to come and say hi (if you need a visual – I look like Wolverine would if he let himself go).

Tech Field Day 19 – Wrap-Up And Link-O-Rama

Disclaimer: I recently attended Tech Field Day 19.  My flights, accommodation and other expenses were paid for by Tech Field Day. There is no requirement for me to blog about any of the content presented and I am not compensated in any way for my time at the event.  Some materials presented were discussed under NDA and don’t form part of my blog posts, but could influence future discussions.

This is a quick post to say thanks once again to Stephen, Ken, and Ben, and the presenters at Tech Field Day 19. I had a super fun and educational time. For easy reference, here’s a list of the posts I did covering the events (they may not match the order of the presentations).

Tech Field Day – I’ll Be At Tech Field Day 19

Tech Field Day 19 – Day 0

Tech Field Day 19 – (Fairly) Full Disclosure

Ixia Helps You See All The Stuff You Need To See

NetApp Want You To See The Whole Picture

VMware vRealize – Operations Without Operators

Druva – In The Cloud, Of The Cloud, Protecting The Cloud

Automation Anywhere – The Bots Are Here To Help

 

Also, here’s a number of links to posts by my fellow delegates (in no particular order). They’re all very smart people, and you should check out their stuff, particularly if you haven’t before. I’ll attempt to keep this updated as more posts are published. But if it gets stale, the Tech Field Day 19 landing page will have updated links.

 

Adam Fisher (@BonzoVT)

I’ll be at Tech Field Day 19 next week!

Automate all the things with Automation Anywhere

Cloudy with a chance of APIs – Reflections from Tech Field Day 19

Data Protection as a Service with Druva

 

Ather Beg (@AtherBeg)

Tech Field Day (#TFD19): A Heads-Up

Automation Anywhere: Robotic Process Automation (RPA) for Everyone

 

Matt Callaway (@_vCallaway)

Tech Field Day 19 Next Week!

Tech Field Day 19 – Day 0

 

Alastair Cooke (@DemitasseNZ)

Tech Field Day 19, Next Week

Computer, Prepare My Report

All-In Public Cloud for Backup

 

Jim Palmer (@WirelessJimP)

Imposter Syndrome Alive And Well At Tech Field Day 19

I Met Stephen Foskett

My Post #TFD19 Roundup

Automation, Anywhere You Want It

Data, data everywhere, nary a byte to eat

 

Liselotte Foverskov (@LFoverskov)

Tech Field Day 19 – I’m on my way!

Automation Anywhere: what did the bot eat for lunch?

Druva – Uber for Data Protection

 

Marina Ferreira (@_MarinaLF)

Introduction to Automation Anywhere

 

Pietro Piutti (@Stingray92)

Digitalizing workplaces with Automation Anywhere RPA

Cloud Automation Services: is VMware going all-in with multi-cloud?

 

Scott Driver (@VTsnowboarder42)

Hot Take from TFD19 – RPA with a Security First mindset

 

Wes Milliron (@WesMilliron)

My Take: Ixia’s Visibility Portfolio – As Seen at Tech Field Day 19

VMware Cloud Automation Services: The Next Evolution in Multi-Cloud Automation

 

Finally, thanks again to Stephen and the team at Gestalt IT for making it all happen. It was an educational and enjoyable week and I really valued the opportunity I was given to attend. Here’s a photo of the Tech Field Day 19 delegates.

[image courtesy of Ben Gage]

Automation Anywhere – The Bots Are Here To Help

Disclaimer: I recently attended Tech Field Day 19.  My flights, accommodation and other expenses were paid for by Tech Field Day. There is no requirement for me to blog about any of the content presented and I am not compensated in any way for my time at the event.  Some materials presented were discussed under NDA and don’t form part of my blog posts, but could influence future discussions.

 

Automation Anywhere recently presented at Tech Field Day 19. You can see videos of their presentation here, and download my rough notes from here.

 

Robotic What?

Robotic Process Automation (RPA) is the new hotness in enterprise software. Automation Anywhere raised over $550 million in funding in the last 12 months. That’s a lot of money. But what is RPA? It’s a way to develop workflows so that business processes can be automated. One of the cool things, though, is that it can develop these automation actions by observing the user perform the actions in the GUI, and then repeating those actions. There’s potential to make this more accessible to people who aren’t necessarily software development types.

Automation Anywhere started back in 2003, and the idea was to automate any application. Automation anywhere want to “democratise automation”, and “anything that can be automated, should be automated”. The real power of this kind of approach is that it, potentially, allows you do things you never did before. Automation Anywhere want us to “imagine a world where every job has a digital assistant working side by side, allowing people doing what they do best”.

[image courtesy of Automation Anywhere]

 

Humans are the Resource

This whole automating all the things mantra has been around for some time, and the idea has always been that we’re “[m]oving humans up the value chain”. Not only that, but RPA isn’t about digital transformation in the sense that a lot of companies see it currently, i.e. as a way to change the way they do things to better leverage digital tools. What’s interesting is that RPA is more focused on automating what you already have. You can then decide whether the process is optimal or whether it should be changed. I like this idea, if only because of the number of times I’ve witnessed small and large companies go through “transformations”, only to realise that what they were doing previously was pretty good, and they’d just made a few mistakes in terms of manual process creeping in.

Automation Anywhere told us that some people start with “I know that my job cannot be automated”, but it turns out that about 80% of their job is business tools based, and a lack of automation is holding them back from thinking strategically. We’ve seen this problem throughout the various industrial revolutions that have occurred, and people have invariably argued against steam-powered devices, and factory lines, and self-healing infrastructure.

 

Thoughts and Further Reading

Automation is a funny thing. It’s often sold to people as a means to give them back time in their day to do “higher order” activities within the company. This has been a message that has been around as long as I’ve been in IT. There’s an idea that every worker is capable of doing things that could provide more value to the company, if only they had more time. Sometimes, though, I think some folks are just good at breaking rocks. They don’t want to do anything else. They may not really be capable of doing anything else. And change is hard, and is going to be hard for them in particular. I’m not anticipating that RPA will take over every single aspect of the workplace, but there’s certainly plenty of scope for it to have a big presence in the modern enterprise. So much time is wasted on process that should really be automated, because it can give you back a lot of time in your day. And it also provides the consistency that human resources lack.

As Automation Anywhere pointed out in their presentation “every piece of software in the world changes how we work, but rarely do you have the opportunity to change what the work is”. And that’s kind of the point, I think. We’re so tied to do things in a business a certain way, and oftentimes we fill the gaps in workflows with people because the technology can’t keep up with what we’re trying to do. But if you can introduce tools into the business that can help you move past those shortfalls in workflow, and identify ways to improve those workflows, that could really be something interesting. I don’t know if RPA will solve all of our problems overnight, because humans are unfortunately still heavily involved in the decision making process inside enterprise, but it seems like there’s scope to do some pretty cool stuff with it.

If you’d like to read some articles that don’t just ramble on, check out Adam’s article here, Jim’s view here, and Liselotte’s article here. Marina posted a nice introduction to Automation Anywhere here, and Scott’s impression of Automation Anywhere’s security approach made for interesting reading. There’s a wealth of information on the Automation Anywhere website, and a community edition you can play with too.