存储多租户特性分析/Storage Multi Tenancy Analysis
1 定义
多租户是指在一套物理系统中创建多个虚拟存储系统,给每个虚拟存储系统分配、限定、隔离资源,这些资源包括卷容量、IOPS、吞吐、延时、服务级别。对于每个租户而言,其看到的是一个完全独立的存储系统。
2 产品分析
2.1 HW OceanStor V5 SmartMulti-Tenant
2.1.1 背景
云服务XaaS服务需求,要求IT服务商将同一台物理存储设备提供给多个企业与个人使用。引入如下问题:
- 使用同一物理存储资源的企业/用户存在逻辑资源干扰和互访的风险,影响数据安全;
- 用户管理将给IT服务商带来额外的运维成本;
- 数据迁移等业务场景存在业务无影响的需求。
多租户技术可有效解决上述问题,共享资源,简化配置管理,提升数据安全性。
2.1.2 定义
华为多租户特性SmartMulti-Tenant,实现了在一个物理存储系统中创建多个虚拟存储系统,让租户在多协议统一存储架构中既能共享相同的存储硬件资源,又不影响相互的数据安全性和隐私。
License收费使用。
2.1.3 原理
2.1.3.1 相关概念
- vStore(Virtual Store):虚拟存储系统
- 系统视图:超级管理员通过该视图进行存储系统全局资源的分配和管理;
- 租户视图:超级管理员和租户用户通过该视图进行租户存储资源的分配和管理;
- 预置默认角色:系统预置给系统管理员和租户用户的默认角色;
- 自定义角色:系统管理用户依据场景自定义系统或租户下的用户角色。
2.1.3.2 资源分配
存储系统可分为多个虚拟存储分区,这些分区称为vStore;一个物理存储系统可划分出多个 vStore,vStore间共享存储池。系统管理员和租户进入每个vStore中为其分配块存储资源。每个租户下创建的LUN资源可映射给上层服务器使用。
2.1.3.3 用户管理
用户的管理通过权限和角色共同定义,权限和角色所属组分为系统组和租户组,其中租户组的角色仅用于租户。不同角色的用户可拥有不同的访问控制权限。
- 权限:预定义权限、自定义权限;权限有只读、读写;
2.1.3.4 角色管理
默认角色和自定义角色。
2.1.4 影响与限制
多租户是在存储池级别上进行的逻辑隔离和权限控制。每个租户都占用存储系统的开销,增加的开销源于应用多租户特性时存储系统CPU利用率的提高。此开销仅在CPU是实际瓶颈时影响应用。当瓶颈在硬盘时此开销影响很小。因多数IO时间用于硬盘,CPU使用率的提高不会对I/O带来进一步的延时。
2.1.5 应用场景
2.1.6 规划管理用户
2.1.7 配置多租户
2.1.8 管理多租户
2.1.9 管理租户基础存储业务
2.1.10 管理基于应用的存储资源
2.2 EMC Unity
2.2.1 What is multitenancy
landlord
3 参考资料摘抄
3.1 What Is Multi-Tenant Stoarge
Enterprise IT departments are using server virtualization to increase their responsiveness to business functions and help them be more flexible and nimble in reacting to rapidly shifting market and competitive dynamics. Cloud providers are using server virtualization to share compute resources across potentially thousands of subscribers. Ideally, in both cases, 100% of the server infrastructure would be virtualized with maximum virtual machine (VM) density per host allowing for the most efficiency. Such a densely packed, highly virtualized environment needs to provide secure resource sharing, granular delegation of management functions and specific service level agreements for each virtualized application at each level of the virtualized infrastructure.
The server and network level of the virtualized infrastructure can deliver this functionality in large part already. However the traditional storage infrastructure layer is lacking when it comes to these requirements. Most storage systems have limited, if any, functionality to provide secure, shared access in the virtual environment, to delegate storage management to business functions or to guarantee specific application service levels. A new paradigm for storage is needed, one that is better aligned with the virtual environment at the server and networking levels so that application requirements can be met on an end-to-end basis. That paradigm is the basis for multi-tenant storage.
Multi-tenant storage systems, like those offered by CloudByte, are systems that can create virtual storage controllers in the same way a hypervisor divides host compute resources through VMs. The storage manager of a multi-tenant storage system can keep VM or tenant data isolated, delegate management responsibilities and guarantee service levels (IOPS, throughput and latency) like a server virtualization administrator accomplishes this with the host and VMs that they manage.
Architecture of a Multi-Tenant Storage System
The multi-tenant storage system or controller acts in similar fashion to a large host in a virtual server environment. Storage is attached to the large physical controller and then divided into virtual controllers called “tenants”. Each of these tenants is mapped to one, or a group, of VMs. The tenants can also map to stand alone physical servers that are not part of the virtualized infrastructure. These tenants can then be assigned characteristics based on the needs of that VM, group of VMs or physical host(s).
In the same way that a virtual machine is protected from other virtual machines on the same hypervisor, the tenants are also protected from each other. A ‘misbehaving’ storage tenant wouldn’t impact another and cause data loss. The multi-tenant storage system also enables granular business line management or subscriber management of their specific storage resources.
A virtual controller could be created that would be set for a controlled amount of storage performance and capacity to be used from the primary storage controller. That tenant could then be assigned to the business line or subscriber enabling them to be responsible for their own storage resources.
Finally, the multi-tenant storage controller could create tenants that are dedicated to particular VMs, each guaranteed certain levels of performance. The storage administrator could design the system such that these tenants could be used elsewhere when not required by mission critical VMs, but be made instantly available to them when the need arises, thereby allowing maximum utilization. Alternatively, the tenants could be allocated to ensure continuous availability to mission critical VMs and guaranteeing performance and preventing users of less-critical VMs from getting accustomed to performance they were never intended to have.
Finally, one of the biggest challenges in providing consistent performance is the load placed on the controller when back-end data protection and backup jobs occur. Multi-tenant storage systems can manage these functions as well, making sure that their activity does not impact front-end performance.
Implementing A New Storage Dynamic into an Old Architecture
The problem for most data centers is that significant investments have been made in legacy storage systems that don’t provide this multi-tenant functionality. Therefore data center managers seeking multi-tenant storage solutions would be forced to wait until the next storage refresh or operate both systems in parallel, gradually migrating data and bringing up new VMs on the multi-tenant system. However it would increase costs, complexity and make it harder to realize the value of multi-tenancy.
An alternative would be to enable the multi-tenant controller to manage legacy storage systems. This approach would allow legacy storage to be consumed by the new multi-tenant primary storage controller and immediately gain the benefits of a multi-tenant architecture, without a costly storage refresh. This is the approach that CloudByte has taken. They provide a software storage controller that will run on X86 server-class hardware. Then, any storage assigned to that server is available to provide multi-tenant services, plus other, more traditional data services like snapshots. After the legacy storage is consumed all future storage purchases can be standard, less expensive arrays.
Use Cases For Multi-Tenant Storage
There are two primary use cases for multi-tenant storage, the first being the enterprise data center and the second cloud service providers. Enterprise environments are typically constructed with dedicated storage resources “siloed” by line of business and by performance requirements. While many enterprise IT teams have tried to consolidate their storage systems, they have struggled due to myriad unique security, management and SLA requirements. Multi-tenant storage as described above not only eliminates these concerns, but allows for the consolidation of all the various storage assets, virtualizing them behind a single primary storage controller or a series of such controllers.
The second use case is the Cloud Service Provider. Similar to the enterprise environment, these businesses have hundreds or thousands of subscribers that need varying amounts of storage resources, but also want assurances of security between subscribers, granular management and performance guarantees. A storage system with an underlying multi-tenant architecture simplifies their provisioning and management tasks to meet their subscriber requirements.
Summary
Server virtualization has brought great efficiency gains to the data center, but hasn’t decreased the number of servers that need to have storage assigned to them. The virtual machines in these environments may not physically be there but they need physical capacity. Those virtual servers do take up less data center floor space but the requirements to keep them secure, managed and performing correctly remain. Multi-tenant storage is not a revolution in storage but the obvious next step in its evolution. It better compliments the requirements of the increasingly virtualized data center to provide the key security, management and performance needs of the application.
4 参考资料
- What is Multi-Tenant Storage
- http://www.storage-switzerland.com/Articles/Entries/2012/5/16_What_Is_Multi-Tenant_Storage.html
- HW配置多租户
- http://support.huawei.com/enterprise/docinforeader!loadDocument1.action?contentId=DOC1000045702&partNo=10052
- 多租户应用系统性能评估
- https://www.ibm.com/developerworks/cn/cloud/library/1506_dongwt_multitenants/index.html
- 数据层的多租户浅谈
- https://www.ibm.com/developerworks/cn/java/j-lo-dataMultitenant/
- What is Multi Tenancy
- http://www.asigra.com/blog/what-multi-tenancy-how-secure-it
- Multi-Tenant Storage with Amazon DynamoDB
- https://aws.amazon.com/blogs/apn/multi-tenant-storage-with-amazon-dynamodb/
- XIV GEN3 Storage for Cloud, now with support for multiple tenants
- https://www.ibm.com/developerworks/community/blogs/storage_redbooks/entry/xiv_gen3_reinforces_its_storage_for_cloud_advantages_with_support_for_multiple_tenants?lang=en