Product Description
Secure object storage optimization
Kemp load balancers optimize object storage environments by enforcing QoS policies, enabling distributed single namespace deployment, enhancing S3 traffic flow efficiency and providing frontend proxy optimization. When leveraged as a Zero Trust Access Gateway (ZTAG), Kemp load balancers provide additional security features for object storage deployments.
Object storage helps customers streamline modern application deployment with improved economics, efficiency and more accessible data analytics. When proxying object storage deployments, Kemp load balancers are in the optimal position to apply a zero trust security model for compliant, policy-based access control with the following key capabilities:
- Default least privileged security model
- Fine grain access control
- Security zone-based policy logic
- Bucket and object level policy application
- Storage operation awareness
Managing QoS
How to control Dell EMC ECS client traffic using QoS
Using QoS to guarantee performance of critical applications
ECS Connection manager implements QoS (Quality of Service) controls to rate limit connections and requests to Dell EMC ECS platforms providing full control over the levels of service provided to applications and users.
QoS on ECS storage provides
- Granular control of resource allocation in multi-tenant and multi-application environments
- Protection against rogue applications generating excessive requests
- Reduced impact of unpredicted events such as boot storms
- Fair and balanced allocation of service across multiple workloads
Implementing QoS for Dell EMC ECS
QoS controls may be applied based on connection rate or request rate with the option of providing graceful throttling of requests with a HTTP 429 response (Too many requests) or with a 503 response (Service unavailable). for maximum flexibility controls can be applied based on the client (source) or on the ECS resource (target) being accessed.
QoS Controls for ECS Connection Manager
Rate limiting controls of connections and requests may be applied as outlined below to enable QoS on Dell EMC ECS storage platforms. Controls may be defined via the ECS Connection Manager web interface or via API.
S3 Storage Optimization for ECS
One of the many features of Dell EMC ECS is its ability to deliver storage efficiency using XOR. to enable this feature, XOR requires 3 or more Virtual Data Centers (VDC) or sites (8 maximum) replicating data chunks between them. Within each VDC, multiple chunks are combined into a single chunk therefore reducing the storage footprint while providing the necessary site redundancy. The load balancing component of an ECS solution leveraging XOR is essential to the successful delivery.
When data is written to a site (VDC), that VDC becomes the owner of that object. When that object is read, it should be read from the VDC that owns it. If it is read from another VDC, that VDC must request the latest version from the owning VDC which will produce unnecessary overhead and latency on the ECS storage solution. Kemp ECS Connection Manager delivers S3 Optimized Scheduling method to ensure the accurate routing of object write and read requests. This method utilizes a URL Hash algorithm to distribute writes evenly across multiple sites and sends all reads to the site owning the object. This purpose-built scheduling method delivers greater performance and optimization of the S3 traffic.
S3 Addressing Auto-Detection
ECS currently Supports two addressing methods, Path Style and Virtual Hosted Addressing. In most ECS environments consisting of multiple sites that require the “XOR” storage efficiency and/or geographic distribution, the need to Support both methods becomes essential. ECS Connection Manager delivers S3 Addressing Auto-Detection to simplify the configuration while providing the optimized distribution of objects throughout the ECS solution using both addressing methods seamlessly.
Advanced ECS and Isilon Traffic Management
Using DNS for load balancing storage infrastructure has some limitations around visibility of the client device making the DNS request. As a DNS request gets forwarded through upstream DNS Servers, the original client IP address is not passed along which means that geographic load balancing is based on the IP address of the last DNS forwarder. This may work in very broad global terms as the last DNS forwarder may be a national ISP allowing geolocation to a specific country. However, this can have implications where DNS load balancing is used within a country or within a private network as all traffic may be seen as coming from a single source or limited number of sources.
EDNS (Extension Mechanisms for DNS) addresses this shortcoming by providing a mechanism to pass the original client subnet along the DNS forwarder chain allowing the DNS resolver to identify the original source of the address. Progress Kemp ECS connection manager Supports EDNS which deliver better decision making and control when using DNS for load balancing. This ability to identify the client subnet opens up a number of use cases which go beyond the common use case of connecting a user to a ‘nearby’ service based on their location.
Use Case – Rack based steering for ECS and Isilon
In some industry sectors multiple racks of combined compute and storage are used for tasks such as rendering animations or running financial simulations. While the storage may be replicated across racks, it may be inefficient to have compute resources accessing storage outside the rack. One solution for this is to have a unique namespace for each rack and have the compute nodes explicitly access the name space for their own rack.
Optimizing ECS Enterprise object storage
Optimize your ECS services with features that simplify, secure and accelerate storage services in multi-network and multi-site environments.
Feature | Dell ECS Optimization |
---|---|
Purpose built ECS scheduling methods | Traffic distribution based on URL Hash to Support ECS storage efficiency (XOR) |
Network Isolation | Enable multi-network access to ECS while maintaining network isolation |
QoS Management | Apply QoS controls to ensure optimal performance of critical applications |
TLS 1.3 Support for ECS | Apply the most up to date and secure version of TLS to all ECS traffic |
Certified IPv6 to IPv4 Gateway | Easily Support applications leveraging IPv6 access to ECS storage |
SSL Acceleration and Offload | Reduce security processing overhead on ECS infrastructure and centralize certificate and policy management |
Multi VDC failover | Enable seamless failover of services in multi VDC (Virtual Data Center) environments |
Traffic Steering | Direct traffic based on request content and URL |
ECS health checking | Detect and mitigate outages and service degradation |
Hybrid ‘Path Style’ and Virtual Host addressing for ECS | Provide broad application Support with concurrent use of path and host addressing for ECS |
Zero Trust Access Gateway Architecture | Simplified, granular policy-based access control to storage buckets |