Global Storage Forum

 View Only

Can your storage alert you to cyber attacks in under a minute? IBM FlashCore Modules Gen4 (FCM4) can…

By Barry Whyte posted Thu March 14, 2024 09:31 AM


IBM recently announced its fourth generation of our FlashCore Module (FCM) technology. Those of you that have been around IBM storage will know that the FCM in their current format were first introduced in 2018 and were the first truly computation storage device that managed to be packed into the industry standard 2.5″ Small Form Factor (SFF) packaging.

With NVMe interfaces, and the all important computational capability, FCMs have always provides offload capabilities that aren’t possible with other vendors standard SSDs. For example, inline no-impact compression to drive effective cost savings in every module – meaning every drive you add to your system adds another offload engine to the system.
There are many many posts and videos out there discussing the unique features and capabilities that FCM’s provide – a great recent discussion between Micron and IBM for example – and a few shorts (myself included!) but today marks yet another leap forward for IBM FCMs.

Charge-trap, 176-layers and PCIe Gen4

To continue driving better economics into Flash storage, FCM4 now makes use of Micron’s latest 176-layer NAND. In order to move to this (from previous gen 96-layer) means we are now making use of “charge-trap” NAND technology. This in itself means we can get faster programming cycles from the NAND, speeding up the all important write performance, as well as using the highest density NAND chips available – all driving better economics that can be passed on directly to our customers.
The previous Gen3 devices provided PCIe Gen4 connectivity over the dual ported NVMe interfaces, but only on the larger 19.2TB and 38.4TB drives – however with FCM4 we now have PCIe Gen4 across the whole range – so including the 4.8TB and 9.6TB modules.
Of course, IBM is the only major vendor that is simplifying your storage designs, with QLC based Flash providing Tier0 performance and capacity from a single drive type. Most other vendors are still using TLC based devices for Tier0 use cases, and QLC only for Tier1/2 use cases. This is because they don’t have the same smarts, research, and as discussed in the video above, the partnership and relationship with Micron.
With the IP we have created that runs inside the computational storage that is FCM, we can increase the endurance of QLC by x17 to x50 that of a normal QLC SSD! Impressive!

But what about the Ransomware Detection?

IBM FlashSystem’s have always focused on bringing new features and capabilities that solve today’s business problems – adding immutable logically air-gapped snapshots to provide rapid recovery in the event of a data loss or data corruption event. Building clean-rooms to test and validate data and copies of data when integrated with IBM Storage Defender, but today with FCM4 we have gone one step further.
I was discussing this a few months back with Andy Walls (IBM Fellow and FCM inventor) and he explained that during an IBM brand wide ‘cyber’ summit, the various experts were brainstorming everything that could be done to help protect our customers data against cyber attacks. He was about to discuss some ideas and was slightly put out when someone said that block storage couldn’t possibly do anything, its all just zero’s and one’s to you guys…
Andy decided to prove them wrong…
FCM4 is now able to detect data corruption events in under one minute. There is a lot of clever mathematics (maths for short, not math – as opposed to Lego where the plural is Lego!) behind this, and obviously some IP that can’t be openly shared… but in the lab (in a very isolated and controlled network area!) the algorithms and analytics have been tested with some known ransomware attacks and so we have the proof to backup these statements.
In order for this function to operate, some changes were needed in the Storage Virtualize DRAID code, and so new systems, with DRAID arrays created after 8.6.2 software, and with FCM 4.1 firmware will send signals to the Virtualize code. These signals are then sent up via an aggregator, into a Machine Learning inference model that reports suspcisious data changes in short order.
With this design, we can adjust and improve the inference model at any time – without the need for full software upgrades using the recently added lightweight security patching capability – so online patching to bring in the latest knowledge. The data is also sent to IBM Storage Insights, were a data lake of signals is collected to then re-train and improve the detection as new threats and attack vectors appear.
Exciting times, and as the title said – can your storage provide computational FCM capabilities, if its not IBM FlashSystem then the answer is no!