Monday, December 28, 2015

EMC ScaleIO Overview

EMC ScaleIO is a flexible software-only solution that leverages host-based internal storage media to make a scalable virtual storage pool.

In that respect, there are three primary components that make up EMC ScaleIO:

  • ScaleIO Data Client (SDC)
  • ScaleIO Data Server (SDS)
  • Metadata Manager (MDM)

The ScaleIO Data Client (SDC) is a block device driver that exposes ScaleIO storage volumes to applications. The SDC runs locally on any application server that requires access to the block storage volumes. The blocks that the SDC exposes can be blocks from any device in the ScaleIO storage pool. This enables the local application to issue an I/O request and the SDC fulfills it regardless of where the particular blocks reside.

The ScaleIO Data Server (SDS) possesses local storage that contributes to the ScaleIO storage pools. An instance of the SDS runs on every server that contributes some or all of its local storage space. The role of the SDS is to perform I/O operations as requested by an SDC on the local or another server within the cluster.

The Metadata Manager (MDM) holds the cluster-wide mapping information and is responsible for decisions regarding migration, rebuilds, and all system-related functions. It manages the ScaleIO system. The MDM is installed on at least three servers and functions as a quorum; a primary MDM server, a secondary MDM server, and a tie-breaker. The ScaleIO monitoring dashboard communicates with the MDM to retrieve system information for display in the ScaleIO GUI. The MDM is not on the ScaleIO data path, reads and writes never traverse the MDM.

Thursday, December 24, 2015

Security Controls Document

The VMware Security Hardening Guides contain recommended processes for deploying and operating VMware products in a secure manner given a specified risk profile. You may not need, or may not be able to follow each step of the security hardening guides because of the balance of operational efficiency, cost, risk tolerance, and security requirements. The security hardening practices are recommended by VMware, but equally important is having a security controls document that incorporates VMware best practice recommendations and your specific security policies. It can be an invaluable tool during an audit.

Security has a wide scope that touches every aspect of the datacenter; an important part of security is recognizing the tolerance of risk. To do that, you need to understand the value of the assets you are trying to protect and the cost of protecting that asset.  What is the likelihood of the asset being damaged or compromised? And what does it cost the company if that asset is compromised? A risk analysis provides a cost/benefit understanding of the cost to safeguard an item compared with the expected cost of loss. The security policy should be proportionate to the value of the asset, which may range from innocuous data processing up through a mission critical business process dealing with highly sensitive information. Each of these examples represents a different risk profile, which translates to different security requirements and thus different recommendations in the hardening guide. Securing systems is not an inexpensive endeavor. Even in terms of operations expenses, locking down systems can make internal operation teams far less inefficient on updating systems because of strict security controls. In many cases, a security policy will not be implemented unless the cost of the loss exceeds the security policy itself.
News: Top vBlog 2016 Trending: DRS Advanced Settings