Oracle Storage Cloud Service (OSCS)

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Oracle Storage Cloud Service (OSCS)HOL

Rehan Iftikhar, Rob PalumboSridhar Ranganathan, Anshuman MishraOOW 2014

Oracle Confidential – Internal/Restricted/Highly Restricted


Safe Harbor StatementThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Oracle Confidential – Internal/Restricted/Highly Restricted 3


Program Agenda

OSCS Conceptual Overview

OSCS Demo

Best Practices

OSCS Lab Exercises

Oracle Database Backup Service (ODBS)

1

2

3

4

5



OSCS Demo

Best Practices

OSCS Lab Exercises


1

2

3

4

5



Goals of Storage Cloud

1. Make existing use-cases for enterprise file storage more cost-effective, efficient, and reliable– Backup– Archive

2. Enable new use-cases for enterprise file storage– Global Collaboration– Global Availability– Global Distribution– Intelligent Tiering


Storage in a Nutshell

• Fundamental need for all workloads• Inherently complex to manage over time and at large scale

– Disk failure– Power consumption– Floor space in data center– Network saturation– Upgrades & migration

• Ultimately: An enterprise storage strategy is about mitigating risk


Modern storage problemsUnstructured data is growing exponentially

• Scalability• Cost & Accounting• Vendor Lock-in


Traditional enterprise storageDirect Attached Storage

• Great for local workloads and latency sensitive environments

• Challenges at scale• Disk sprawl• Isolated capacity• Devices scale

independently

Image source: http://www.apexmicrosystems.com/?page_id=518


Traditional enterprise storageLocal network based storage

Network Attached Storage (NAS) Storage Area Network (SAN)

Image source: http://www.apexmicrosystems.com/?page_id=518


Traditional enterprise storage

• Great at decoupling file and block storage from compute nodes• Challenges at scale

– Complex to manage– Expensive & specialized hardware– Upfront large capital investment– Vendor Lock-in– Not easy to scale out

Local network based storage


Public Cloud Storage

• All storage over the Internet

• No onsite hardware to manage

• Designed for unlimited scalability

Image Source: http://docs.openstack.org/havana/install-guide/install/apt/content/example-object-storage-installation-architecture.html



OSCS Demo

Best Practices

OSCS Lab Exercises


1

2

3

4

5



End-user Architecture



REST API



Java Library




OSCS Demo

Best Practices

OSCS Lab Exercises


1

2

3

4

5



Data Integrity

20

896b7f2a00a

896b7f2a00a

HTTP Request

HTTP Response

• Triple replication

• Self healing architecture

• MD5 checksum support

• HTTP status codes


Data Integrity Best Practices


• Include an MD5 checksum of your object’s data in ETag header

• This will help detect any data corruption during transmission

• Compare calculated checksum with the value returned by OSCS

• This will verify that the Object was uploaded correctly

• Check your HTTP Status Code

• This is to determine if data was stored successfully

• Use network aware backup solution

• To automatically restart operations interrupted due to network failures

MD5 Checksum

Status Code: 201


Data Consistency


Machine 2

Machine 3

Machine 1Proxy

PUT Object

• Default behavior is eventually consistent

• Upon creating Objects are replicated to 3 machines within the data center

• Since replication is not instant (synchronous) for a small window of time, Object may be in different state, across multiple machines

• Similarly, upon update – in some cases, changes may not be immediately readable by all clients

• Over time, all changes to all objects will eventually be replicated to all machines

Try our Strong

Consistency Flag


Data Consistency Best Practices


Scalability

Eventual Consistency

Strong Consistency

• Strong Consistency (Traditional Filesystem)

• Used by On Line Transaction Processing (OLTP) systems

• Limits scalability and reduces availability on hardware faults

• Eventual Consistency (Object Storage System)

• Suitable for backup/log files and unstructured data

• Ideal when scalability is critical for highly distributed infrastructures

• Each approach has its own use cases and trade offs

• Please identify which architecture is most appropriate for your data

• OSCS offers best of both worlds

• Our object storage service offers strong consistency via an optional flag


Network Best Practices


• Building in re-try logic

• It is possible for operations to fail because of network outage

• Applications should re-try failed operations when network gets restored

• Storage Service in not a CDN

• Customers can use their own 3rd party Content Deliver Networks

• Performance over Wide Area Networks

• Assess how quickly you want data to restore from the backup

• quick or near-instant recovery, consider a local storage solution

• If network connectivity is limited or unreliable, backing up to, and restoring from, the cloud may not be an efficient approach


Atomicity


All Nothing

• Atomicity is by definition - All or Nothing

• If one part of the transaction fails, the entire transaction fails

• Atomic operations keep things simple

• However, the longer transaction takes – more likely that transaction may fail

• What if you were allowed to

• Divide your transaction into segments

• Make each transaction segment individually addressable

• Retry a failed segment instead of retrying the entire transaction

• Retrieve consolidated result back from the system


Dynamic Large Object

Oracle Confidential – Internal/Restricted/Highly Restricted26

1

prefix_segment_d

prefix_segment_c

prefix_segment_b

prefix_segment_a

25 GB

prefix_segment_e

Container Name + Common Prefix

4

File is segmented in < 5GB segments• All segments share a common prefix • Lexicographically sort in correct order• All segments are stored in same container• Manifest = Container name + Common prefix

A request is made to get the manifest object

prefix_segment_c

prefix_segment_d

prefix_segment_e

prefix_segment_b

Container Nam

e + Comm

on Prefix

OSCS sequentially concatenate all

segment objects together to

produce an object equivalent of the original file that was greater than

5GB

Client gets the original file that was segmented into chunks

prefix_segment_a


DLO Best Practices


• Use a common prefix in the object names

• So that they sort in a order in which they should be concatenated

• You must upload all segments to the same container

• This will verify that the Object was uploaded correctly

• If possible, keep manifest in a separate container

• This is useful in keep container listings clean

• Its best to upload all the segments before uploading manifest

• With this method, the full object is not available for downloading until the upload is complete

prefix_segment_c

prefix_segment_d

prefix_segment_e

prefix_segment_b

Container Nam

e + Comm

on Prefixprefix_segment_a


Data Security


Encryption solves the problem• Encrypted data is non-readable to unauthorized parties

• Enables secure shipment of data to your Oracle Storage Cloud

• Supports time-based expiration of encrypted data

• Provides protection from information loss by keeping data encrypted both at rest and during the transit

Authentication

Role Based Access

Access Control Lists

HTTPS


It’s All About the Keys

• Encryption keys determine the functional output of a given encryption algorithm

• Keys convert the data into cyphertext and are used to convert the data back to a readable form (cleartext)

• Keys must be ‘strong’• Randomly and securely generated• Securely managed• The longer the key length, the more secure the encryption method

• Lose the keys and you lose the data!


Key Management Best Practices Keys must be always available

• Key Replication, Backup/recovery Keys must be secure

• Proper access control Key management system must scale economically

• Easy-to-use administration interface Key management system must be easy to manage & use

• Easy-to-use administration interface Key management system must be openly architected

• Wide range of environments and client-end points, Standard protocols Key management system must offer auditing/reporting tools

• Key lifecycle, policy compliance, alerts



OSCS Demo

Best Practices


Lab Exercises

1

2

3

4


4

5


Oracle Database Backup-as-a-ServiceOffsite Backups with Simple and Low Cost Cloud Backup

Data Center

Backup on-premise or Cloud Databases to Oracle Database Backup Service hosted in Oracle Public Cloud

Cost effective, scalable cloud storage for database backups

End-to-end enterprise-grade data encryption, compression and protection

• Clients: Data is always encrypted with keys kept locally at client, optionally compressed, and securely transmitted

• Cloud: Encrypted data is protected with 3-way mirroring on every write

Backup on-premise or Cloud Databases to Oracle Database Backup Service hosted in Oracle Public Cloud

Cost effective, scalable cloud storage for database backups

End-to-end enterprise-grade data encryption, compression and protection

• Clients: Data is always encrypted with keys kept locally at client, optionally compressed, and securely transmitted

• Cloud: Encrypted data is protected with 3-way mirroring on every write

DBaaS (Oracle Public Cloud)

Oracle Public Cloud


• Download and install the RMAN SBT module from OTN

• Backups streamed to Oracle Cloud using SBT (Tape) library

• Seamless integration with the Recovery Manager (RMAN)

• Use regular RMAN commands with no new commands to learn

• RMAN encryption for backups enforced - keys kept locally to client

• Securely transmitted to the cloud over HTTPS

Oracle Database Cloud Backup Module

Oracle Database Cloud Backup

Module

Database, FRA

RMAN

WAN (HTTPS)

Oracle Database Backup Service

Encryption & Optional Compression


Support MatrixClient Databases



OSCS Demo

Best Practices


Lab Exercises

1

2

3


5

4


Lab Exercises

Data Integrity

File Segmentation

Client-side Encryption

RMAN backup & recovery


• Download Lab Guide @ http://bit.ly/oow14hol• Extract to /home/oracle


• Oracle Storage Cloud Service– [email protected]– [email protected]

• Oracle Database Backup Service– [email protected]

Questions/Comments


Oracle Storage Cloud Service (OSCS)

Documents

Transcript of Oracle Storage Cloud Service (OSCS)