The service provider model of operations, whether in enterprise IT or a public cloud service provider comes down to the ability to create differentiated service offerings on top of managed infrastructure with automation, orchestration, and of course security. VAST as an all-flash, massively-scalable, and ultra-efficient data platform is ideal for just such a task. With the 4.6 / 4.7 release, we are delivering enhancements to help our customers support a greater number of tenants with more granular controls and flexibility. In this blog I will highlight two of these improvements: Multi-tenancy and policy-based Quality of Service (QoS) provide the control to elevate your “as a service” offering to hyperscale.
First, let’s dive into multi-tenancy. The end goal is to provide each of your tenants (customers internal or external) with the same experience they would have with physically isolated systems while leveraging the operational efficiencies of shared infrastructure.
Prior to VAST 4.6, we offered Server Pools to isolate applications or clients and it remains an excellent choice for customers segmenting demanding workloads in HPC, Media & Entertainment, and more. To scale up multi-tenancy we expose “Tenants” in 4.6, and I use the term “expose” rather than introduce because tenants are the elemental security construct for the VAST data platform and have been part of the architecture from inception. Building on the tenant element we can scale to support public service provider quantities of securely isolated workloads.
Tenants define their own authentication sources (AD, LDAP, NIS). In addition to default encryption at rest they can also provide their own Enterprise Key Management to support their own encryption key management requirements. Additionally, client IP ranges can be specified to constrain access to a range or specific IP.
Creating tenants enable securely isolated multitenancy
Next create “Views” to enable data access – Views are then assigned to individual tenants. The result is a securely isolated data path for each tenant. For example, each tenant could have root directories with identical names. In the screenshot below we have a View for the path /eng assigned to tenant A Corp. We can create multiple Views and assign them to unique tenants, all with securely isolated data paths.
View policy defines access to data for secure access by a specified Tenant
Notice also that in Views we have assigned a QoS policy – which brings us to our next topic.
Whether you are a Public Cloud or Enterprise IT organization, resource management is crucial in a multi-tenant environment. Regardless of the capacity and scale capabilities of your infrastructure, capacity and performance are finite at any point in time. Combining the Quota capability VAST already had for fine grain capacity management along with the granularity QOS provides for performance gives all the control needed to:
Eliminate “noisy neighbor” issues
Deliver a consistent experience for customers
Provide quantifiable constructs for billing and chargeback
Enable predictable capacity management for infrastructure operations
With the implementation of multi-tenancy support in version 4.6, VAST recognized the necessity for Policy Based QOS which provides granular independent share-level controls for:
Bandwidth – Read and Write
IOPS – Read and Write
VAST QOS policies factor in IO size and can be dynamically changed at any time via API, CLI, or GUI without client disruption.
To provide greater flexibility VAST implemented support for customizable policies containing modes allowing for the separation of capacity and performance or coupling performance with the capacity to enable performance to scale with used or provisioned capacity linearly. Combined with granular controls over IOPS and bandwidth VAST policy-based QOS provides the flexibility to support just about any consumption model you can think of.
QOS Policy modes:
Static – Performance is statically enabled regardless of capacity
Used capacity – Performance scales with used logical capacity. Static limits can also be applied to provide a cap on performance.
Provisioned capacity – Performance scales to the defined soft quota limit. Static limits can also be applied to provide a cap on performance.
Policy-based QoS provides IOPS and Bandwidth limits that can be tied with capacity
Together with the VAST Data Platform, QOS policies allow for the creation of service levels without the complexity of storage tiers and the overhead of managing storage silos. Policy-based QoS can be dynamically changed at any time via UI or API to adjust to changing customer requirements while efficiently leveraging all of the available power of the underlying the VAST Data Platform.
Bringing it all together
The addition of secure multi-tenant features introduced in VAST 4.6 / 4.7 provides the security, tenant isolation, and resource control to allow Public Clouds, Service Providers, and Enterprise the ability to deliver and monetize a secure and consistent experience to their customers on a modern architecture that removes complexity to simplify operations, and this is just the start. Combined with the flexibility provided by the Gemini licensing model, VAST customers can scale their VAST licensing to align with the capacity they are providing to their own customers and end users. Today VAST is partnering with innovative customers who are building their public and private cloud offerings on the VAST Data Platform, who in turn fuel our road map expanding VAST multi-tenant features and scale in future versions of the VAST data platform.