Risk Compliant Archive Solutions for FSI · storage on the HPE ProLiant Server is not particularly...

Risk Compliant Archive Solutions for FSI HPE Apollo-based Systems with Scality Software Storage and iTernity Software Archive

Technical white paper


Contents Executive summary ................................................................................................................................................................................................................................................................................................................................ 3

Introduction ................................................................................................................................................................................................................................................................................................................................................... 3

Technology overview ........................................................................................................................................................................................................................................................................................................................... 5

HPE Apollo 4000 Systems ....................................................................................................................................................................................................................................................................................................... 5

Scality RING ............................................................................................................................................................................................................................................................................................................................................ 6

iTernity iCAS .......................................................................................................................................................................................................................................................................................................................................... 7

Solution design ........................................................................................................................................................................................................................................................................................................................................... 8

Deployment for Regulatory Compliance ...................................................................................................................................................................................................................................................................... 8

Pre-deployment considerations ........................................................................................................................................................................................................................................................................................... 9

Reference designs ............................................................................................................................................................................................................................................................................................................................ 9

Licensing and Support ................................................................................................................................................................................................................................................................................................................. 11

Configuration guidance .................................................................................................................................................................................................................................................................................................................... 12

Customization guidelines ......................................................................................................................................................................................................................................................................................................... 12

Sizing and Capacity considerations ................................................................................................................................................................................................................................................................................ 12

Multi-geographic considerations ...................................................................................................................................................................................................................................................................................... 14

Sample Bill of Materials and Ordering information ................................................................................................................................................................................................................................................. 14

Bill of Materials for RA Servers ............................................................................................................................................................................................................................................................................................ 14

Rack infrastructure ......................................................................................................................................................................................................................................................................................................................... 16

Scality Software and Services available from Hewlett Packard Enterprise ................................................................................................................................................................................. 16

HPE Technology Services ....................................................................................................................................................................................................................................................................................................... 17

Summary ........................................................................................................................................................................................................................................................................................................................................................ 17

Resources ...................................................................................................................................................................................................................................................................................................................................................... 18

Implementing a proof-of-concept .................................................................................................................................................................................................................................................................................... 18

Additional information ................................................................................................................................................................................................................................................................................................................ 18


Executive summary Government agencies and litigation activity require banks, investment firms, and insurance providers to address an increasing number of risk management and regulatory challenges. Customer information, internal emails, transaction records, and other business information must be preserved for years, be easily accessible, and tracked. These data requirements necessitate storage systems that offer immutable storing, logging, audit trails, and the ability to retrieve specific information promptly. Meanwhile, the volume of data has been rapidly growing, and incorporates multiple media formats. This requires compliant scalable storage solutions that can span decades of retention periods.

This white paper describes an optimized Reference Architecture (RA) for Risk Compliant Archives, utilizing today’s best-in-class technologies with guidance on component specifications and deployment. The RA is developed by Hewlett Packard Enterprise system architects, working closely with Financial Services Industry (FSI) IT professionals and technology partners. The solution is based on Scality RING software-defined storage, utilizing HPE Apollo 4000 systems and iTernity iCAS software-defined archive technology. The defined solution provides a powerful long-term, robust, and cost-effective platform for implementing compliant data archives.

Introduction The FSI faces a myriad of market, technology, and regulatory challenges. The evolution of consumer services drives the need for on-demand data access with maximum security. New players are offering innovative mobile banking services, placing additional pressure on profit margins. High-frequency trading drives a technology, “arms race” for fastest performance in connectivity, data access, and computation. Increasing regulatory oversight requires compliant and robust solutions for cyber security and data archiving.


Data archive management is a key challenge for IT and compliance officers in the FSI sector. Government agencies such as the SEC and FTC mandate data retention requirements for banks, investment firms, and insurance providers in the U.S., while similar agencies establish and monitor compliance in developed nations worldwide. The regulations cover a broad span of information, including email, financial transactions, policies, and public offerings. Retention periods typically range from 7 to 10 years, but can extend into decades. The integrity of the original data must be preserved, while allowing access to view records. Legal holds and other actions may define special retention policies for targeted subsets of archived data. Archives need to be quickly accessible for both business operations and legal proceedings solutions. Audit trails of record access and actions must be captured.

Data growth and complexity has overwhelmed the traditional archival storage typically used by financial institutions. Compliance based on write once, read many (WORM) disk-based optical solutions can only be achieved with unsustainable cost, complexity, and risk. This has prompted the adoption of new storage technologies and architectures to build risk compliant data archives.

Object storage and virtualization technologies have rapidly evolved to address the demands of Big Data, cloud/web-based applications and extreme scale. Object storage can deliver the scale and performance needed for these applications, enable data consolidation, and when deployed on affordable industry-standard platforms, lower capital, and operating costs. Software-based storage on these servers can deliver performance that scales linearly. Scalable, object storage allows consolidation of organizational, location, and application silos into a single scale-out storage environment that maximizes data value.

Software-based storage offers reliability with no maintenance windows needed and greater fault-tolerance as it grows. Traditional storage requires immediate administrative attention when a single drive fails—this is unacceptable in modern environments with thousands of higher capacity disks.

Large-scale enterprise storage solutions have to satisfy a broad set of requirements, including: affordable cost per terabyte, scalable small and large file performance, high degree of data integrity, protection and security, manageability, and an ability to support multiple media formats, applications and locations. Achieving risk compliance places additional requirements on the archival system and deployment. Compliance demands capabilities for retention management, WORM data immutability, ease of accessibility, auditing and policy control and security. With data that may need to be archived for decades, it is critical to implement a solution that can adapt to changing platform technologies and support on-going evolution of media types.

To meet these requirements, HPE system architects selected Scality RING software and HPE Apollo systems. These technologies are designed and optimized for enterprise-scale data archives. Compliance software from iTernity provides the functionality to meet the most stringent regulatory requirements and complement the underlying object-based storage. The resulting solution delivers leadership performance, scalability, cost-effectiveness, and adaptability while satisfying compliance requirements of data retention and integrity.

Scality RING is a Software-Defined Storage (SDS) solution ideally suited to deliver the scale, access, and performance targeted for the architecture. Scality provides software that runs on standard x86 servers. The software has all the intelligence, hardware choice and deployment flexibility to meet customer needs, and can leverage hardware innovation as soon as it’s available. It supports file, object, and OpenStack protocols, as well as native integration to iTernity iCAS, and can be coupled with storage-attached HPE Apollo servers, delivering storage density and support for a mix of storage devices (e.g., SSD, SAS, SATA). This combination supports data volume growth over time, and non-disruptive upgrades of hardware and software.

iTernity Compliant Archive Solution (iCAS) adds the capability to secure and protect business data with reliable features for legally compliant, certified archiving. iTernity is one of the leading enterprise software companies exclusively focused on managing and protecting enterprise data and compliance relevant information. Hewlett Packard Enterprise and iTernity have worked together for many years, designing and delivering advanced archiving and data protection solutions

Cohasset Associates, one of the nation’s foremost consulting firms specializing in records and information management, has completed a technical assessment of the combined solution, and determined the solution to satisfy the requirements of SEC Rule 17-A4.

The goal of this Reference Architecture is to provide insight into the capabilities of this specific solution, rather than an exhaustive set of potential designs. This paper illustrates how to implement Scality RING storage with iTernity iCAS on HPE hardware and shows why the solution is a compelling solution for Risk Compliant Archives. Components and configuration guidelines are based on experience, testing, and internal benchmarking conducted by Hewlett Packard Enterprise and its technology partners.


Technology overview The following sections describe the key technologies and components chosen for the reference configuration.

HPE Apollo 4000 Systems The HPE Apollo 4000 series is a third-generation density-optimized platform, purpose-built to service Big Data analytics and object storage systems. The power and flexibility of the Apollo 4000 enables a robust object storage solution that scales out linearly as a single protected system across multiple sites and thousands of servers.

The building blocks of the Apollo 4000 platform are 4U or 2U servers that leverage the modular and efficient Apollo chassis infrastructure to provide storage density and operating efficiency.

Table 1. HPE Apollo systems deployed in Reference Architecture

HPE APOLLO 4510 GEN9 SERVER HPE APOLLO 4200 GEN9 LFF SERVER

4U, one-server system 2U, one-server system

Up to 68 hot-plug SAS or SATA HDDs/SSDs with up to 544 terabytes storage capacity per server and up to 5.44 petabytes of storage per 42U rack

Up to 224 terabytes of direct-attached storage per server and 4.48 petabyte storage

capacity per rack. Supports up to 28 hot-swappable LFF SAS or SATA hard disk drives

(HDDs)/SSDs

The Apollo 4510 offers maximum density and the highest levels of operating efficiency at scale. The HPE Apollo 4200 LFF System is ideal for smaller object storage implementations (such as email) or for “plug-and-play” integration into traditional enterprise rack-server data centers. For archives with high portion of large files (e.g., media or SAP® transactional records), the Apollo 4500 may be preferred as it offers a higher ratio of storage to memory. The HPE Apollo 4200 offers less data loss in the event of a node failure—rebuild time is decreased at the server level. The Apollo 4200 allows expansion in cost-effective 2U increments.

Both models provide configuration flexibility to optimize for capacity, throughput, and responsiveness:

• Two-processor Intel® Xeon® E5-2600 v3 series processors with choices from 4–16 cores, 1.6 GHz–3.5 GHz CPU speed, and power ratings between 55–135 watts

• 16 memory DIMM slots with up to 512 GB DDR4 memory at up to 2,133 MHz

• Solid-state disks and high-performance storage controllers to speed data transfer

• Multiple PCIe slots (up to 5 with the Apollo 4200 and up to 4 with the Apollo 4500) with flexible performance and I/O options to match the variety of analytics workload performance and throughput criteria


The systems are designed to maintain availability and data recovery, and support serviceability.

HPE Smart Array technology innovations include Rapid Rebuild to reduce downtime exposure, improved data retention with Flash Backed Write Cache (FBWC) and increased data protection with advanced data mirroring. The HPE Smart Array card is capable of Secure Encryption providing enterprise-class encryption. Secure Encryption is FIPS 140-2 certified and has been verified to have a low impact on IOPS for spinning media, in addition to being transparent to the operating system. Hot-plug critical components (disk drives, nodes, fans and power) support serviceability at every level.

The Apollo systems have been selected to serve as “storage nodes” in the RING/iTernity cluster. To support management and connectivity roles, the HPE ProLiant DL360 Gen9 Server was chosen to minimize rack space requirements for nodes where storage density was not the issue, but still provide good network bandwidth and compute power. A 4 LFF drive configuration is used in the sample reference configuration, but the storage on the HPE ProLiant Server is not particularly important to supervisor or connector functionality, outside of providing a reliable mirrored OS boot drive.

Scality RING The Scality RING is a Software-Defined Storage (SDS) petabyte-scale data storage solution that is designed to interoperate in the modern Software Defined Data Center (SDDC). The RING software is designed to create unbounded scale-out storage systems to consolidate and protect data from multiple applications and workloads, including file, object and OpenStack®-based applications. The RING software provides a set of intelligent services for data access, data protection, and systems management. The top layer of data access services offers native file, object, and OpenStack storage interfaces for applications. For the Risk Compliant Reference Architecture, the RING provides native integration to iTernity software, which in turn connects to over 90 iCAS-certified applications like call center voice recording, records management, email archiving, and other business and content applications.

Large distributed systems depend on fast and efficient routing of requests among the member nodes. At the heart of the RING storage layer is a scalable, distributed key-value object store based on CHORD, a second-generation peer-to-peer routing protocol. The protocol is highly responsive to changes in system topology, such that these changes do not require broadcasting to all nodes, but only to a few relevant nodes. This enables the protocol to work efficiently in very large clusters. Scality has augmented and patented the basic CHORD protocol to enable high levels of data durability, high-performance, self-healing, and simplified management.

For data protection, the RING provides customizable availability and failure domains. Customers can configure the data protection policy at the object level, with replication of up to five copies, or erasure coding to provide as much as 14 9’s of durability with low overhead for larger objects. Data protection options include geo-redundancy, providing tolerance of multiple disk, server, rack, and even site failures.

The RING’s advanced routing capabilities, configurable data management, and software-defined architecture provide full system availability and uptime during planned and unplanned events including hardware failures, hardware refreshes, capacity upgrades, and software upgrades. Managing and monitoring the RING is enabled through a graphical “point-and-click” web portal termed the RING Supervisor, through a scriptable CLI, and monitoring/alerting from SNMP based consoles. The RING is designed to be self-managing and autonomous, to free your administrators to work on other value-added tasks.

The RING software is deployed as a distributed system on a minimum cluster of six storage servers. This system can be seamlessly expanded to thousands of physical storage servers as the need for storage capacity grows. To match performance to the deployed capacity, the RING can independently scale out the access nodes (connector servers) to meet a customer’s growing application input/output (IO) and throughput requirements. The underlying physical storage servers can be of any density, ranging from a HPE DL380 Gen9 with a small number of hard disk drives (HDD) to the Apollo 4510 containing a combination of up to 68 HDDs and Solid State Disks (SSDs). A view of the architecture is presented in figure 1.


Figure 1. Risk Compliant Archive Architecture

iTernity iCAS The iTernity iCAS solution provides WORM functionality, protection against silent data corruption and long-term data integrity. With the patented and certified Content Storage Container (CSC) technology, the archive data is bundled with the corresponding metadata in special archive containers. The metadata captures relevant index data, creation date, and retention date. These can be saved to any data medium and still remain verifiable. iCAS enables continual data monitoring and with its self-healing functionality, it can ensure the long-term readability and integrity of the data and also repair damaged objects. The system thus offers unique protection mechanisms to ensure that the data is valid and legible as well as being available for long term. These are secured against manipulation and unauthorized deletion.

iCAS supports synchronous replication of archive data onto two storage targets or data centers, supporting multi-site deployment. The flexibility and openness of iCAS on the combined HPE Apollo and Scality platform also provides the advantage of using existing or newly acquired storage capacity more efficiently.

Federally mandated retention periods can be managed flexibly with iCAS for each container. Deletion is not possible before the retention period has expired. iCAS enables permanent data monitoring. With its self-healing functionality, damaged files can be repaired and long-term data integrity ensured. Conformity with respective regulations—such as the Sarbanes-Oxley Act (SOX), the United States Securities and Exchange Commission (SEC) 17a-4(f), Basel II, etc., can be achieved. Included AES-256 algorithms based encryption provides additional data security especially needed in financial services.

Retention times required by law are managed flexibly by iCAS. Files that have reached the retention date and are not on legal hold can be securely deleted. All access to the iTernity server is recorded, so that the complete history for every CSC container can be recalled.

1 88% of FSI customers report existence of records and information management program (RIM), while only 17% have a mature RIM strategy, Information Governance Benchmarking Survey by Cohasset Associates.


Solution design The recommended configuration for the joint solution is based on requirements for Risk Compliant Archives and storage scale.

Deployment for Regulatory Compliance Compliance with regulatory and other legal requirements is the paramount concern for the Risk Compliant Archive. The risks and penalties associated with failure to implement compliance policies are severe. The solution needs to deliver data integrity and redundancy with features such as failover, fault tolerance, and self-healing mechanisms.

Software risk compliance configuration options iCAS adds risk compliant capabilities to the Scality-based software storage system. iCAS fulfills various compliance regulations (e.g., storage related requirements of SEC rule 17a-4). In this integrated solution, iCAS leverages the software-managed high availability of Scality to ensure risk tolerance and recovery for the archived CSC (container) data. In addition, redundancy for the iCAS server layer can be implemented, whether the server resides on a dedicated physical server or deployed as a virtual machine.

Scality RING is designed to manage a wide range of component failures involving disk drives, servers, and network connections within a single data center or across multiple data centers. To optimize data durability in a distributed system, the RING employs local replication to store multiple copies of an object within the RING. The RING will spread these replicas across multiple storage servers, and across multiple disk drivers in order to separate them in case of failures. The RING supports six Class of Service (CoS) levels for replication, enabling the system to maintain up to 5 replicas.

Scality’s advanced resiliency configuration (ARC) provides an alternative data protection mechanism to replication that is optimized for large objects and files. This configuration mode reduces the number of copies required to enable full reconstruction; it also avoids unnecessary information duplication.

Scality RING provides self-healing operations to resolve component failures automatically including the ability to rebuild missing data chunks due to disk drive or server failures and the ability to rebalance data when nodes leave or join the RING. In the event that a disk drive or even a full server failure, background rebuild operations are spawned to restore the missing object data from its surviving replicas or ARC segments.


Hardware risk compliance configuration options The Scality software provides very high degree of high availability and data recovery. The underlying hardware ensures rapid recovery from failure and serviceability to ensure sustained performance and usable capacity for the archive. Hot-plug critical components (disk drives, nodes, fans, and power) support serviceability at every level.

Systems can be controlled from the simple GUI via HPE Insight Cluster Management Utility (CMU) or CLI via IPMI through HPE iLO to simplify server monitoring, manage fault tolerance, and warn you in advance of possible drive failures.

In addition to the benefits of using the HPE platform as listed earlier, all Apollo 4000 configurations include an HPE Smart Array card capable of Secure Encryption providing enterprise-class encryption. Secure Encryption is FIPS 140-2 certified and has been verified to have a low impact on IOPS for spinning media, in addition to being transparent to the operating system. This means data for any drive on the server can be encrypted, providing the user used Gen9 Secure encryption controller, giving much more flexibility than encryption on drive solutions while at the same time reducing the cost. Keys can be managed either locally on the server or via an enterprise key management system.

Pre-deployment considerations Solution design will be driven by customer requirements. Initial raw data capacity can be estimated based on amount of archive data, the mix of file size expected, Class of Service with regard to replication. System design should enable expandability for archive data growth. Standard 1GbE/10GbE networks should accommodate throughput within the Archive and connectivity to users, but additional connections can be added. Site-specific power constraints should be verified.

Multi-Geographic deployment To enable site-level disaster recovery solutions, the RING can be deployed across multiple sites. Two deployment options are offered by Scality, the first which makes use of a single logical RING deployed across multiple sites (“stretched RING”), and the second deployment option is for independent RINGs, each within its own data center, with asynchronous mirroring employed to maintain synchronization between the RINGs. The base Reference Architecture assumes a single site implementation. For multi-site implementation, see the discussion below on “Customization Guidelines”.

Reference designs Server node descriptions and roles A complete solution includes the following three server roles:

• Storage servers—Dedicated to write, read, store, and data preservation operations. These servers interface with and manage the system’sinteraction with physical storage devices. The recommended deployment for systems that have both HDD and SSD media on the storagenodes is to deploy the archive data on HDD, and the associated metadata on SSD.

• Connector servers—Individually installable RING processes serving as translators that receive data requests from application servers andcoordinate access to the RING. These processes run on a separate physical server or as a virtual machine. This reference architecture focuseson iCAS connectors, as iCAS is the gatekeeper to the archive. The iCAS server provides all the functionality provided in the software, ingestingdata from applications, establishing containers for the archive data, and then handing off the data to the Scality RING. The iCAS server alsosupports iCAS administrator function, with a GUI for management.

• Supervisor server—Runs on a separate server that provides central administration and statistics gathering for the storage platform. Failure ofthe supervisor does not impact the cluster’s ability to service requests.

Large-scale archive implementation As noted earlier, for large-scale archives, the base recommendation is to use HPE Apollo 4510 systems as the storage servers. Each 4U server can support over 500 TB of data storage; a rack of 10 systems can hold over 5 Petabytes of data. For the Risk Archive, the design goal is to configure a solution capable of supporting up to approximately 4 PB of usable data. With a conservative 60 percent "net/raw storage" factor, twelve Apollo 4510s provide the necessary capacity. Customers may begin with smaller capacity, such as 1 PB, populating the servers with fewer drives, and expand over time. The most efficient replication and encryption is achieved with 12 servers and disk arrays in increments of 12. The sample BOMs for the Apollo 4510 provided in this paper provide 192 TB (24 disks x 8 TB) data storage per server, to deliver a total of 1.4 PB net archive capacity (2.3 PB x 0.6) across twelve storage servers. In addition, SSDs are provided to support up to 800 GB of metadata per server.

This large-scale example implementation is illustrated in figure 2.


Figure 2. Example of large-scale implementation for Risk Archive

Applications and users communicate directly to iTernity, which acts as a gatekeeper to the Archive. The iCAS server is accessible via different interfaces: In addition to the easy-to-integrate Web Service API Interface, iCAS provides a file system interface iTernity File System Gateway (iFSG). iFSG enables WORM functionality without the need of integrating into the ISVs’ program code.

The iCAS server directly communicates via a load balancer to the connector servers. A 10GbE network is recommended. The Scality Archive is maintained on the storage servers, with a cluster 10GbE backbone providing connectivity between the connectors and the storage servers. Peak arrival rate, read/write ratios and the median file size are factors that influence the number of connector servers. Two connector servers should be sufficient for most deployments, and maintains service in event of server failure. Based on customer-specific throughput requirements, the number of connectors can be adjusted.

The DL360 Gen9 is a low-cost, 1U server platform that is a perfect fit for the compute and memory requirements of the Scality manager and connector servers.

Administrative functions and system management are hosted on the supervisor server, connected to each of the Archive systems.

Medium-scale archive implementation The same design is utilized at medium-scale, with the HPE Apollo 4200 Gen9 servers utilized as storage nodes. For this case, twelve servers will support a maximum of 2.7 PB of raw storage (24+4 x 8 TB HDD drives per server). The BOMs for the Apollo 4200 are designed to allow gradual expansion to that maximum. Each storage server has been configured with 96 TB of data storage capacity (12 x 8 TB drives). In an optimal design of 12 storage servers, this would provide 0.7 PB of net archive capacity, with a conservative 60 percent net to raw storage assumption. 800 GB of SSD capacity is included for metadata. The networking infrastructure is the same, and two connector servers are deployed as in the large-scale archive.


Licensing and Support At the operating system level, community-supported CentOS 6.5 is used in this document. Other versions of Linux® are also supported including Red Hat® Enterprise Linux, Ubuntu, and Debian. HPE support is available for Red Hat as well as some community distributions.

Sites may want to consider HPE system tools, such as HPE Advanced Integrated Lights-Out (iLO), and HPE Insight Cluster Management Utility (CMU) for server deployment and monitoring.

This RA is based on Scality version 5.1.4 and iTernity iCAS 3.7 SP5. Scality software is licensed per usable capacity of the planned amount of protected data. Replication and protection via erasure coding does not increase the licensing required; only the true usable capacity is counted. Scality software and support are available directly from Hewlett Packard Enterprise, with services directly delivered by Scality.

The iCAS license model is based on a node license per each node iCAS is running on, combined with a volume license for the data volume that must be archived. The demand can be adjusted to the actual needs. The hardware independence of iCAS enables sustained use of the archive license. Hardware replacement requires no renewed licensing. Data replication does not require additional licensing. For safety reasons, company internal audit rules often require duplication of one or more sites. Replication of data doesn’t double license cost—only the net volume is licensed.


Configuration guidance The implementations described in the earlier section are examples of specific Risk Archive solutions, and should be reviewed and tuned to fit customer environment and requirements.

Customization guidelines • The minimum cluster size is six physical storage servers. If the storage environment is smaller than 200 TB of unique data with no immediate

plans for growth, a more traditional approach should be considered.

• Scality erasure coding (Scality ARC) should be designed in such a way that failure of a single node does not compromise the original availability strategy. For example, the ARC (8, 4) choice outlined above is not the best choice for a minimal environment consisting of six storage servers. In that scenario, there would be a total of 12 data chunks and only six storage servers. Failure of a single storage server would therefore cause the loss of two data chunks, invalidating the plan to support the complete loss of four physical servers. This drives the recommendation to deploy 12 servers.

Sizing and Capacity considerations When working with Hewlett Packard Enterprise to design the most efficient hardware configuration, the following information will be used:

• Fill ratio—The percentage of the available disk capacity that will be available for object storage. Overhead should be reserved to support the planned amount of server failures; 80 percent is the typical starting point.

• Class of Service (n)—How many times will replicated objects be copied across the cluster?

• ARC schema and ratio—How many data chunks and parity chunks should be created from each erasure-coded object? What percentage of the total number of objects will use erasure coding? What percentage of the total capacity of the object will use erasure coding?

• Average object size—What is the mean average size in KB of the objects to be stored in the archive?

• Cache—A disk write cache is optional, but it improves performance considerably by reordering requests on disks; this cache could simply be a SATA controller with a cache. To reduce costs, you can forego the cache, but doing so can significantly impact performance, depending on the workload.


Compute and memory This solution is not CPU intensive and additional scrutiny beyond choosing current-generation HPE Apollo server models is generally not required. Advanced configurations should be further qualified.

The required amount of memory (RAM) is actually related to the number of objects and their average size. Configurations with a greater number of smaller files will require more RAM per storage server. The configurations developed for the BOMs developed for this document assumed a high portion of small files in the archive (85 percent). Based on that, each storage server includes 128 GB of memory.

Choosing disks Depending on the use case, performance requirements might take priority over capacity and efficiency. Aggregate throughput of the drives across all of the storage servers should be considered during any sizing process.

Object storage requirements tend to be primarily driven by capacity, so you should consider required capacity first. Replica count and erasure coding create the largest impact between raw and real capacities. The erasure coding schema described in this document translates to a 50 percent overhead for data protection. Environments relying more heavily on object replication might see levels nearing 200 percent overhead for storing three copies of each unique object.

Choose the type and mix of drives to meet requirements—balanced based on price and performance sensitivity—and whether SSDs will be used for metadata. Extrapolate from performance results vs. the business use case to help with this selection. HPE drive qualification helps maintain homogeneity, as drives of the same class and capacity are tuned to have similar performance characteristics, regardless of vendor.

Some other things to remember about disk performance:

• Replica count and erasure coding require multiple media writes for each object PUT.

• With a single 10GbE port, the bandwidth bottleneck is at the port, rather than at the controller/drive; the controller is optimally capable of about 3 GB/sec, while the effective peak node bandwidth on a 10GbE link is in the 900 MB–1 GB/sec range, out of a theoretical 1.25 GB maximum load.

• The RING architecture is designed to address parallel workloads. Connector nodes should be scaled appropriately so you do not overload the backend disk configuration.

• Solid State Disks (SSDs) can be used for metadata storage, object storage, and indexing of keys on the local SATA disks.

Allocating disks to storage servers Choose the server that fits the needs of your specific use case. For the storage servers, this document presents choices using the HPE Apollo 4510 Server and Apollo 4200 Server. For the BOMs, storage for the archive was specified in multiples of 12, to optimize RING storage efficiency (net to raw storage). To allow for expansion to maximum data capacity and preserve investment, 8 TB disks are used. Smaller disks can be used if it is anticipated that the deployment will not reach the maximum levels of archive size.

Choosing a network infrastructure Consider the desired bandwidth of the storage calculated above, the overhead of replication traffic, and the network configuration of the data network (number of ports/total bandwidth). Details of traffic segmentation, load balancer configuration, VLAN setup, and/or other networking configuration/best practices are completely use-case specific and outside the scope of this document.

Typical configuration choices for data traffic include one to two 1GbE or 10GbE networks, as shown in the base case implementations. InfiniBand is also supported, but it is less common than 1GbE and 10GbE.

Planning for connector installation In this reference architecture, the HTTP/REST connectors are installed locally to the storage servers. This approach is by design with an object storage use case in mind, and the configuration scales linearly as nodes are added to the environment.

For optimal performance to support high-client count and bandwidth, connectors can be deployed on dedicated servers.


Multi-geographic considerations This paper highlights a single RING stretched across three failure domains. Depending on your business and user requirements, you can choose from the following options:

• One site and one RING (a simple configuration)

• Two sites with one RING configured to tolerate the loss of one site

• Three sites with one RING configured to tolerate the loss of one or two sites, as this is treated as a configuration parameter

In addition, multiple RINGs can be configured for a disaster recovery scenario using file or object data copy mechanisms operating between the RINGs. Hewlett Packard Enterprise and Scality can assist with designing such disaster tolerant implementations.

Sample Bill of Materials and Ordering information Bill of Materials for RA Servers The Bill of Materials (BOMs) below were developed for servers to be used in deploying the Risk Archive Solution described in this paper. For each implementation, deploy one Supervisory Server, two Connector Servers, and twelve storage servers. Select either the Apollo 4510 server or the Apollo 4200 as the storage server, based on anticipated storage size requirements, as discussed earlier. A goal of the configurations was investment protection, balancing optimal performance while allowing for expansion utilizing installed components.

Supervisory Server BOM

QUANTITY PRODUCT DESCRIPTION

1 755259-B21 HPE DL360p Gen9 4-Gen9 CTO Server

1 755384-L21 HPE DL360 Gen9 Intel Xeon E5-2630v3 FIO Processor Kit

2 726719-B21 HPE 16GB (1x16GB) Dual Rank x4 DDR4-2133 CAS-15-15-15 Kit

1 665243-B21 HPE Ethernet 10Gb 2P 560FLR-SFP+ Adptr

1 749976-B21 HPE H240ar 12Gb 2-ports Int FIO Smart Host Bus Adapter

1 766211-B21 HPE DL360 Gen9 P440ar/H240ar SAS Cbl

2 657750-B21 HPE 1TB 6G SATA 7.2K rpm Gen9 (3.5-inch) SC Midline 1yr Warranty Hard Drive

2 720478-B21 HPE 500W Flex Slot Platinum Hot Plug Power Supply Kit

1 789388-B21 HPE 1U Gen9 Easy Install Rail Kit

1 859080-B21 HPE Apollo 4000 Risk Compliant Archive Solution

Connector Server BOM QUANTITY PRODUCT DESCRIPTION

1 755259-B21 HPE DL360p Gen9 4-Gen9 CTO Server

1 755384-L21 HPE DL360 Gen9 Intel Xeon E5-2630v3 FIO Processor Kit

1 755384-B21 HPE DL360 Gen9 Intel Xeon E5-2630v3 Processor Kit

2 726719-B21 HPE 16GB (1x16GB) Dual Rank x4 DDR4-2133 CAS-15-15-15 Kit


1 749976-B21 HPE H240ar 12Gb 2-ports Int FIO Smart Host Bus Adapter

1 766211-B21 HPE DL360 Gen9 P440ar/H240ar SAS Cbl

2 657750-B21 HPE 1TB 6G SATA 7.2K rpm Gen9 (3.5-inch) SC Midline 1yr Warranty Hard Drive

2 720478-B21 HPE 500W Flex Slot Platinum Hot Plug Power Supply Kit

1 789388-B21 HPE 1U Gen9 Easy Install Rail Kit


Apollo 4510 Storage Server BOM


1 799581-B21 HPE Apollo 4510 Gen9 CTO Chassis

1 799377-B21 HPE XL4510 8HDD Cage Kit

1 786593-B21 HPE ProLiant XL450 Gen9 Configure-to-order Server Node for Apollo 4510 Chassis

1 783901-L21 HPE Apollo 450 Gen9 E5-2630v3 FIO Kit

1 783901-B21 HPE Apollo 450 Gen9 E5-2630v3 Kit

8 726719-B21 HPE 16GB 2Rx4 PC4-2133P-R Kit


1 761878-B21 HPE H244br FIO Smart HBA

2 726821-B21 HPE Smart Array P440/4G Controller

1 808967-B21 HPE Apollo 4510 P440 x2/P840 Cable Kit

2 655710-B21 HPE 1TB 6G SATA 7.2k 2.5in SC MDL HDD

1 797291-B21 HPE 800GB 12G SAS ME Gen9 3.5-in LP Enterprise Midline 3yr Wty SSD

24 805334-B21 HPE 8TB 6G SATA 7.2K rpm LFF Low Profile Midline 1yr Warranty

3 720479-B21 HPE 800W Common Slot Platinum Plus Hot Plug Power Supply Kit

1 681254-B21 HPE 4.3U Rail Kit

Apollo 4200 Storage Server BOM


1 808027-B21 HPE Apollo 4200 Gen9 24LFF CTO Svr

1 806563-B21 HPE Apollo 4200 Gen9 LFF Rear HDD Cage Kit

1 803306-L21 HPE Apollo 4200 Gen9 Intel Xeon E5-2630v3 FIO Processor

1 803306-B21 HPE Apollo 4200 Gen9 Intel Xeon E5-2630v3 Processor Kit

8 726719-B21 HPE 16GB 2Rx4 PC4-2133P-R Kit


1 813546-B21 HPE SAS Controller Mode for Rear Storage

2 797273-B21 HPE 2TB 6G SATA 7.2K rpm LFF Low Profile Midline 1yr Warranty HDD

1 797291-B21 HPE 800GB 12G SAS VE LFF 3.5-in LPC Enterprise 3 yr warranty SSD

12 805334-B21 HPE 8TB 6G SATA 7.2K rpm LFF Low Profile Midline 1yr Warranty

1 806565-B21 HPE Apollo 4200 Gen9 IM Card Kit

1 806562-B21 HPE Apollo 4200 Gen9 Redundant Fan Kit

2 720479-B21 HPE 800W FS Plat Ht Plg Pwr Supply Kit

1 822731-B21 HPE 2U Shelf-Mount Adjustable Rail Kit


Rack infrastructure Hewlett Packard Enterprise has several models of racks available, offering sites a choice based on anticipated load and features such as embedded intelligence, cooling, and cable management. For the risk archive solution, HPE Enterprise Series Racks may be the optimal choice. These racks offer innovative intelligence capabilities for asset management, unparalleled structural integrity, cooling, power, and cable management advances, while supporting a wide choice of IT power and management options. Shock-pallet rack models that allow shipment of fully configured racks directly to your data center for immediate deployment. The 1200mm racks offer additional room at the back to simplify cabling and airflow, and provide the depth needed for the HPE Apollo 4510 systems.2 The Advanced Series Racks are also available, and mostly suited for light loads.

In addition to the standard width 600mm racks, an 800mm wide rack is available. These racks provide additional space between the racking area and side panels for cable and airflow management.

PRODUCT DESCRIPTION

BW908A HPE 42U 600mm x 1200mm Enterprise Shock Rack



Scality Software and Services available from Hewlett Packard Enterprise Note that Scality software is licensed per usable capacity of the planned amount of protected data.

PRODUCT DESCRIPTION

SCALITY RING LICENSES INCLUDING CONNECTORS (EXCEPT EMAIL)

P8Y89AAE Scality RING Single Site Perpetual License (per TB) from 200TB E-LTU for HPE ProLiant Svrs

P8Y90AAE Scality RING Single Site Hardware Lifetime License (per TB) from 200TB E-LTU for HPE ProLiant Svrs

P8Y91AAE Scality RING Geo Perpetual License (per TB) from 200TB E-LTU for HPE ProLiant Svrs

P8Y92AAE Scality RING Geo Hardware Lifetime License (per TB) from 200TB E-LTU for HPE ProLiant Svrs

SCALITY RING CONNECTORS & SOLUTIONS

P8Y93AAE Scality RING Connector for Email App (per TB) from 200TB up to 1000TB E-LTU

SCALITY RING PROFESSIONAL SERVICES

P8Y94AAE Scality RING Engineer Professional Services (per Day) E-LTU

P8Y95AAE Scality RING Installation Package (up to 3 Geographical Sites) E-LTU

P8Y96AAE Scality RING Capacity Expansion Professional Services per TB of Usable Capacity Expansion E-LTU

P8Y97AAE Scality RING Paid POC 5-10 Days Scality Engineer on Site E-LTU

P8Y98AAE Scality RING Advanced 3-day Operation Training with Scality Engineer E-LTU

P8Y99AAE Scality RING Certification Course (base) per Person E-LTU

SCALITY RING DEDICATED CARE SERVICE (DCS)

P8Z00AAE Scality RING Dedicated Care Service—Yearly Fee E-LTU

2 For IT sites requiring standard depth, the Apollo 4200 platform can be deployed with the 1075mm Enterprise Racks.


HPE Technology Services HPE Technology Services helps to deliver confidence, reduce risk, and help to realize agility and stability for the HPE Trade and Match/Risk Compliance offering. We have the support that will meet your IT and business needs. HPE Foundation Care will help support your server if there is ever a problem. For a higher level of support, HPE Proactive Care will help prevent issues from occurring and give you an enhanced call experience is there is an issue. For more information, go to hpe.com/services.

Summary In all industries and markets, regulatory bodies have increased controls and penalties including high fines and legal action. Compliant data archiving is required to counter the tremendous business risk of non-compliance. Scality running on HPE ProLiant and HPE Apollo hardware combines object storage software and industry-standard servers to provide low cost, reliable, flexible, centralized management that businesses need for large scale unstructured data. The addition of iTernity storage archive software provides the functionality needed to leverage the Scality-HPE platform to address the most demanding Risk Compliance challenges.

The reference architecture and designs developed for this joint solution enable customers, working with experts from Hewlett Packard Enterprise and its partners, to develop optimal, customer-specific Risk Archive implementations. The components of the solution are optimized for enterprise use cases, and have been qualified together, enabling confident and smooth deployment.

http://www.hpe.com/services


Sign up for updates

Rate this document

© Copyright 2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

Intel Xeon and Intel Logo are trademarks of Intel Corporation in the U.S. and other countries. Red Hat is a registered trademark of Red Hat, Inc. in the United States and other countries. SAP is the trademark or registered trademark of SAP SE in Germany and in several other countries. The OpenStack Word Mark is either a registered trademark/service mark or trademark/service mark of the OpenStack Foundation, in the United States and other countries and is used with the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community. Pivotal and Cloud Foundry are trademarks and/or registered trademarks of Pivotal Software, Inc. in the United States and/or other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

4AA6-4128ENW, April 2016, Rev. 1

Resources Implementing a proof-of-concept As a matter of best practice for all deployments, Hewlett Packard Enterprise recommends implementing a proof-of-concept using a test environment that matches as closely as possible to the planned production environment. In this way, appropriate performance and scalability characterizations can be obtained. For help with a proof-of-concept, contact an HPE Services representative (hpe.com/us/en/services/consulting.html) or your HPE partner

Additional information • Contact your local HPE representative for questions about HPE hardware for Scality object storage solution and/or iTernity iCAS storage

archives. Online information regarding the Apollo family is also available at hpe.com/us/en/servers/apollo.html.

• Documents for HPE Scality object storage solutions on industry-standard servers are at hpe.com/info/hpc-bigdata-industrysolutions. Information includes technical white papers providing additional information on Scality RING implementations on HPE Apollo platforms

• HPE Secure Encryption at hpe.com/servers/secureencryption

• HPE Integrated Lights Out at hpe.com/info/ilo

Learn more at hpe.com/servers/fsi-solutions

http://www.hpe.com/info/getupdated

http://www.facebook.com/sharer.php?u=http://h20195.www2.hpe.com/V2/GetDocument.aspx?docname=4AA6-4128ENW

http://twitter.com/home/?status=Risk Compliant Archive Solution for FSI+@+http://h20195.www2.hpe.com/V2/GetDocument.aspx?docname=4AA6-4128ENW

http://www.linkedin.com/shareArticle?mini=true&ro=true&url=http://h20195.www2.hpe.com/V2/GetDocument.aspx?docname=4AA6-4128ENW&title=Risk Compliant Archive Solution for FSI+&armin=armin

https://hpresearch.az1.qualtrics.com/SE/?SID=SV_6EuQKOr2Ku1CUzH&Pubnumber=4AA6-4128ENW

























https://www.hpe.com/us/en/services/consulting.html

https://www.hpe.com/us/en/servers/apollo.html

http://www.hpe.com/info/hpc-bigdata-industrysolutions

http://www.hpe.com/servers/secureencryption

http://hpe.com/info/ilo

http://www.hpe.com/servers/fsi-solutions


http://twitter.com/home/?status=Risk%20Compliant%20Archive%20Solution%20for%20FSI+@+http://h20195.www2.hpe.com/V2/GetDocument.aspx?docname=4AA6-4128ENW



Risk Compliant Archive Solutions for FSI · storage on the HPE ProLiant Server is not particularly...

Documents

Transcript of Risk Compliant Archive Solutions for FSI · storage on the HPE ProLiant Server is not particularly...