Introduction
Many people question what the Zadara Storage Cloud can do for managed service providers. The Zadara Storage Cloud is very robust at meeting the storage requirements for both single and multiple users. With its software defined storage (SDS) capabilities, it can be scaled up and down based on current usage needs. In this instructional brief, we examine how to manage multiple clients in AWS using Zadara Storage Cloud, scaling up and scaling out the storage as your customer base grows.
Overview of AWS
As a managed service provider, there are limitations to the number Virtual Private Clouds (VPC) and other resources you will use in managing your client resources. For service efficiency, managing resources with your own account may make sense with charge backs to your customer. Even if you manage your client’s AWS account, organization of resources into categories or departments will make provisioning easier in the long run.
The main AWS concepts you will need to know:
- VPC – Virtual Private Cloud. Contains all common, private resources.
- IGW – Internet Gateway. A public route to the VPC
- VGW – Virtual Private Gateway. Private route between the VPC and other Clouds
- EC2 – Elastic Compute – A virtual machine running Linux or Windows
- Subnet – logical partitioning of resources assigned within the VPC
- Management Network. A subnet of resources, EC2 instances used to manage client resources. Typically will have IGW routing for remote management.
- Client Network. Subnet of EC2 instances with or without IGW.
Overview of Zadara
The VPSA provides enterprise block and file storage which is accessible over a private VLAN. In AWS, the VLAN is provisioned using dual Direct Connects from AWS to two routers in an adjacent Data Center. The proximity of the routers provide sub-millisecond latency which allows quick access to the storage from client servers. When we “on board” our customers, we go through the process of offering Direct Connects to their AWS account and establish a VGW connection to their private Zadara Storage Cloud.
Some key Zadara concepts:
- Zadara Storage Cloud – Private networking with one or more VPSAs.
- VPSA – Virtual Private Storage Array.
- RAID – Redundant copies of your data which protects loss if a drive fails. RAID-1, RAID-5 and RAID-6 are common protection levels Zadara provides. RAID-0 is simple striping across multiple drives.
- Striping – Joining/interleaving data between two or more sets of RAID devices for increased performance. Usually noted as RAID-10, RAID-50, RAID-60
- Pool – Aggregation of RAID sets which volumes and shares are provisioned from.
- Volume – An iSCSI block device which client servers will format their own file system
- Share – A network file system directly accessible and shareable between Windows or Linux clients.
- Server Record. Used as a global access authorization of one or more servers to shares or volumes.
- Custom Networking – Something we configure when your VPC subnet overlaps with the subnet of the VPSA.
Organizing AWS Resources
The figure below provides an example VPC which you would connect to the VPSA. If you already have an established VPC and the subnet overlaps with Zadara’s default IP range, a custom network will be created for you. Connecting additional VPCs require unique IP ranges for the layer three routing to work.
VPC Considerations
A good practice when creating VPCs in AWS is to assign subnets sequentially by increasing the second octet of the IP address. For example, 10.0.0.0/16, 10.1.0.0/16 … 10.4.0.0/16. Likewise, if you manage a second AWS account, use 10.10.0.0/16 … 10.14.0.0/16 so that connecting to the same VPSA or VPSAs in the same VLAN is possible.
Client Subnets
Creating subnets for each client allows you to isolate them from one another when resources are created within a subnet. This briefing does not cover ACLs, but addition security requirements may be enforced limiting cross-subnet access.
The VPC subnet can be sub-divided for each client. A simple practice is to assign unique subnets to each client starting at the base VPC subnet range then sequentially increasing the third octet of the IP address. For example, 10.0.0.0/24, 10.0.1.0/24 … 10.0.240.0/24. In this case the “/24” masks off the last octet of the IP address allowing 256 local IP addresses that can be assigned. There is a limitation of 240 subnets, but you can contact Amazon if you need more.
Often the 10.0.0.0/24 is used for your management of the client resources and 1 – 240 would be use for individual clients.
Organizing Zadara Resources
Shares or volumes are simply created for each client based on their storage requirements. Likewise, server records are created for each client using their defined subnet range and attached to their volumes. The VPSA will prevent access by other subnets unless they are attached to the same share or volume. For each client, you can also:
- Enable encryption
- Enable or disable snapshots
- Provide incremental backup to S3 or Zadara ZIOS Object Store for each volume/share
- Provide remote mirroring to another AWS region for Disaster Recovery
- Define different levels of storage tiers such as SSD or SATA
If a client needs Active Directory integration, a new VPSA must be created and managed separately from other clients.
Scaling Up
As your customer base grows, you will have to scale up the VPSA to meet performance and storage requirements. If the current engine size supports the number of drives, drives are simply added and pools are increased per the demand. Even if you have adequate storage, you may need to increase the size of the engine to match the number of clients or servers. Current limitations are:
Migrating volumes and shares to faster storage pools allows a quick scale up solution for your customer. The migration is done within the same VPSA so the same virtual volume segment table is used. This process is done in background and transparent to the client’s servers and applications. They simply will get scaled up performance once the migration completes.
Scaling Out Zadara
Once you reach the maximum controller limitations, you can scale out by creating additional VPSAs from your provisioning portal. Additional VPSAs are allocated in the same VLAN with a unique IP. With a /22 CIDR, you can scale out to 512 VPSAs.
If you need to move volumes or shares from one VPSA to another, mirroring is used for this process. VPSA’s can reside within the same Zadara Storage Cloud or in a different AWS AZ. There is a slight downtime since mount points are removed and re-established with the new credentials of the different VPSA. Typically this is performed within a 10 minute maintenance window.
Scaling Out AWS
AWS accounts can be scaled out by 5 VPCs. These additional 4 VPCs can be connected to your private Zadara Cloud account. Each cloud account includes a pair of redundant Direct Connects; however, there is a nominal monthly charge for each additional pair.
Where to Get More Information
We offer a free 7 day trial which will allow you test and see if this solution works for your business. Please create a free Zadara Cloud account here and we will work with you to see if this model applies for your business.
Want to learn more without signing up for a free trial?
Join me every Tuesday for Tech Tip Tuesdays. We’ll be talking more about this topic on Tuesday, April 26th. Click here to sign up!
