IBM FlashSystem

IBM FlashSystem

Find answers and share expertise on IBM FlashSystem


#IBM FlashSystem
#Storage
#Datasecurity
#FlashSystem
#TechXchangeKeynote
 View Only

Eliminating Technology Trade-Offs

By Tony Pearson posted Tue February 23, 2010 05:03 PM

  

Originally posted by: TonyPearson


The technology industry is full of trade-offs. Take for example solar cells that convert sunlight to electricity. Every hour, more energy hits the Earth in the form of sunlight than the entire planet consumes in an entire year. The general trade-off is between energy conversion efficiency versus abundance of materials:

  • Get 9-11 percent efficiency using rare materials like indium (In), gallium (Ga) or cadmium (Cd).
  • Get only 6.7 percent efficiency using abundant materials like copper (Cu), tin (Sn), zinc (Zn), sulfur (S), and selenium (Se)

IBM has eliminated this trade-off with a record-setting breakthrough last week, demonstrating 9.6 percent efficiency [thin film solar cells using earth-abundant materials].

A second trade-off is exemplified by EMC's recent GeoProtect announcement. This appears similar to the geographic dispersal method introduced by a company called [CleverSafe]. The trade-off is between the amount of space to store one or more copies of data and the protection of data in the event of disaster. Here's an excerpt from fellow blogger Chuck Hollis (EMC) titled ["Cloud Storage Evolves"]:

"Imagine a average-sized Atmos network of 9 nodes, all in different time zones around the world. And imagine that we were using, say, a 6+3 protection scheme.

The implication is clear: any 3 nodes could be completely lost: failed, destroyed, seized by the government, etc. -- and the information could be completely recovered from the surviving nodes."

For organizations worried about their information falling into the wrong hands (whether criminal or government sponsored!), any subset of the nodes would yield nothing of value -- not only would the information be presumably encrypted, but only a few slices of a far bigger picture would be lost.

Seized by the government? falling into the wrong hands? Is EMC positioning ATMOS as "Storage for Terrorists"? I can certainly appreciate the value of being able to protect 6PB of data with only 9PB of storage capacity, instead of keeping two copies of 6PB each, the trade-off means that you will be accessing the majority of your data across your intranet, which could impact performance. But, if you are in an illicit or illegal business that could have a third of your facilities "seized by the government", then perhaps you shouldn't house your data centers there in the first place. Having two copies of 6PB each, in two "friendly nations", might make more sense.

(In reality, companies often keep way more than just two copies of data. It is not unheard of for companies to keep three to five copies scattered across two or three locations. Facebook keeps SIX copies of photographs you upload to their website.)

ChuckH argues that the governments that seize the three nodes won't have a complete copy of the data. However, merely having pieces of data is enough for governments to capture terrorists. Even if the striping is done at the smallest 512-byte block level, those 512 bytes of data might contain names, phone numbers, email addresses, credit cards or social security numbers. Hackers and computer forensics professionals take advantage of this.

You might ask yourself, "Why not just encrypt the data instead?" That brings me to the third trade-off, protection versus application performance. Over the past 30 years, companies had a choice, they could encrypt and decrypt the data as needed, using server CPU cycles, but this would slow down application processing. Every time you wanted to read or update a database record, more cycles would be consumed. This forced companies to be very selective on what data they encrypted, which columns or fields within a database, which email attachments, and other documents or spreadsheets.

An initial attempt to address this was to introduce an outboard appliance between the server and the storage device. For example, the server would write to the appliance with data in the clear, the appliance would encrypt the data, and pass it along to the tape drive. When retrieving data, the appliance would read the encrypted data from tape, decrypt it, and pass the data in the clear back to the server. However, this had the unintended consequences of using 2x to 3x more tape cartridges. Why? Because the encrypted data does not compress well, so tape drives with built-in compression capabilities would not be able to shrink down the data onto fewer tapes.

(I covered the importance of compressing data before encryption in my previous blog post [Sock Sock Shoe Shoe].)

Like the trade-off between energy efficiency and abundant materials, IBM eliminated the trade-off by offering compression and encryption on the tape drive itself. This is standard 256-bit AES encryption implemented on a chip, able to process the data as it arrives at near line speed. So now, instead of having to choose between protecting your data or running your applications with acceptable performance, you can now do both, encrypt all of your data without having to be selective. This approach has been extended over to disk drives, so that disk systems like the IBM System Storage DS8000 and DS5000 can support full-disk-encryption [FDE] drives.

Certainly, something to think about!

technorati tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,

10 comments
15 views

Permalink

https://community.ibm.com/community/user/blogs/tony-pearson1/2010/02/23/eliminating-technology-trade-offs

Comments

Archive User
Wed March 03, 2010 02:30 PM

Originally posted by: TonyPearson


BarryB, Fine, I will add the original Chuck Hollis quote about "falling into the right hands" at your request to the excerpt in this blog, for those who don't bother to read the whole post from Chuck on his blog. Some of the readers of these blog posts may not have a full command or understanding of English-language idioms and might have missed the subtle reference that this phrase means "unauthorized access". -- Tony

Archive User
Wed March 03, 2010 08:43 AM

Originally posted by: thestorageanarchist


Nothing like changing your story mid-stream, Tony...that wasn't the quote you used in your original post. Masterful abuse of the english language. Irresponsible and offensive FUD nonetheless, but indeed - simply masterful.

Archive User
Tue March 02, 2010 12:37 PM

Originally posted by: TonyPearson


BarryB, Here is the phrase from Chuck's blog: "For organizations worried about their information falling into the wrong hands (whether criminal or government sponsored!)..." Does "falling into the wrong hands" imply unauthorized access? Yes, that is exactly the metaphor that is being used to imply here. And "Government sponsored" implies that wrong hands being those from the public sector. Perhaps you should ask Chuck H to remove all references to "seized by the government" and "information falling into the wrong hands" out of his blog post, or at least avoid repeating it over and over in future posts. Just a suggestion, --- Tony

Archive User
Mon March 01, 2010 10:12 PM

Originally posted by: thestorageanarchist


You enjoy playing with words, don't you Tony? You are getting really good at it - congratulations. Yet somehow you totally misinterpreted Chuck's comments. Please reread that quote from Chuck's blog again, CAREFULLY. Notice that Chuck said NOTHING about anyone trying to keep information from being ACCESSED by a foreign government (or terrorists, for that matter). Rather, he said IF YOU LOST one of the data sites (for ANY reason), YOU WOULDN"T LOSE YOUR DATA. Nothing about anyone gaining improper access to the data, and EVERYTHING about making sure your data would be still intact if you lost a part of it. You took that statement and twisted it around to position it as marketing to terrorists...and tried to turn Chuck's discussion about erasure encoding (a technology that I am sure IBM also uses in several products) into a farce about terrorists and data encryption. Perhaps you just misunderstood, and jumped into the conversation without realizing you'd mixed things up. Or perhaps you've done it intentionally, demonstrating your command over the English language to underscore IBM's position as the inventors and masters of FUD. Doesn't really matter - either way, I say it is offensive and in poor taste. Stepping away from that subject, though, with your command of the language, surely you know that my reference to "business partner" was not meant to equate to "IBM Business Partner" - I only pointed out that EMC is indeed a partner in business with IBM. And whether EMC is a "business partner" or a "Business Partner," I suspect that IBM policies against casting disparaging or defamatory remarks against those that IBM does business with is applicable. No bullying, no intimidation - I am just trying to point out that you may have crossed the line. Again. As for my little tombstone for the DS6800 - well, as you say, there's nothing really newsworthy about commenting on IBM's public announcement that a product is being retired (with a portfolio as large as IBM's, it literally happens just about every Tuesday, doesn't in?). Bottom line: you have now repeatedly accused a company that your employer does business with of marketing its products to terrorists. I have asked politely that you withdraw that abhorrent and blatantly false misrepresentation of what was actually said, and you have repeatedly refused. And that's the way it is...

Archive User
Mon March 01, 2010 11:48 AM

Originally posted by: TonyPearson


BarryB, To clarify for all readers, I am not accusing EMC of any wrong-doing regards to their marketing of Atmos. Instead, I asked a simple yes/no question, based entirely on the odd choice of words in Chuck's blog post. Of the 50 different ways that one can suffer a site-wide loss of data, from tornadoes to earthquakes, power outages, even a backhoe tearing up your network dark fiber, Chuck chose instead to use "seized by the government" and tries to imply that companies with information they don't want their government to have access to could use Atmos GeoProtect specifically to help in this area. Is asking a yes/no question of a competitor's marketing positioning strategy more damaging than falsely declaring a competitive product is dead? IBM continues to sell the IBM System Storage DS6800 disk system, yet you have indicated in a recent post of yours with "Feb 2010" on its little gravestone. Both IBM and EMC withdraw older products from marketing every year, this is not news, and certainly does not reflect a strategic shift. I agree there are various cross-licensing deals between IBM and EMC patents, that EMC (the storage company) works with IBM server divisions to make sure products work together, IBM is the leading reseller of EMC's majority owned VMware set of virtualization products, and that there are a variety of agreements to ensure cooperative support of mutual customers. However, IBM Business Partner is a coveted status with specific meaning to resell IBM products, and that EMC does not have. -- Tony

Archive User
Sat February 27, 2010 07:20 PM

Originally posted by: thestorageanarchist


I don't know why your legal isn't aware of the business relationships between EMC and IBM. Perhaps if they dig deeper you will find the numerous EMC-IBM contract agreements in the areas of (yes) mainframe compatibility, z/p/iSeries interoperability, patent cross-licensing and a variety of cooperative support agreements. Anyway, however you choose to translate "business partner", I hardly beleive that the intent of IBM's Business Code of Conduct is to condone accusations that a competitors' products are intended for use by terrorists, even if you're just "poking fun". I know that I would not allow myself to say that about IBM products. But if you think that is an appropriate way to characterize a competitor's products, I guess that says a lot about you (and your employer). Enuff said - - Barry

Archive User
Sat February 27, 2010 12:41 PM

Originally posted by: TonyPearson


BarryB, Your use of EMC's classic junkyard-bulldog intimidation tactics might work on your weak-willed customers, but won't work here. My post did not pick a fight with Chuck nor discredit him in any way. His 6+3 example does not match the GeoProtect datasheet options of 9/12 and 10/16 erasure encoding is his own mistake. I poke fun at Chuck's choice of words and examples, that he did not understand that 9/12 is different than 6+3, and that GeoProtect is to protect against loss, not against unauthorize access. ChuckH specifically attempts to indicate the GeoProtect itself provides protection against unauthorized access in his post, where really GeoProtect is nothing more than protection against loss only. Erasure coding methods are not new, "For organizations worried about their information falling into the wrong hands (whether criminal or government sponsored!), any subset of the nodes would yield nothing of value..." GeoProtect does not eliminate the need or benefits of encryption. There are laws that indicate that if there is an unauthorized access breach of sensitive data, a company must notify each of the clients or customers involved. GeoProtect without encryption would be quite costly if that were too happen. It appears ChuckH has updated this paragraph to indicate that GeoProtect is just part of a complete breakfast, that presumably you would need to add encryption to also protect against unauthorized access. " -- not only would the information be presumably encrypted, but only a few slices of a far bigger picture would be lost." I am glad to read that you, BarryB, are an IBM shareholder invested in IBM's success. You should probably disclose this every time you mention IBM or its products in your own blog. I cannot own EMC stock, as that would appear conflict-of-interest in my current job position. As for any "Business Partner" relationship you claim between IBM and EMC, my legal team is not aware of any. There was a "Business Alliance" that lasted from 1999-2004 to have EMC license IBM technology so that it could finally get RAID5 working, FICON working, and be more compatible with IBM servers, and then there was the 2003 agreement to have IBM and EMC work together to resolve any support issues when combining storage virtualization from one company with disk storage arrays of the other. Neither of these qualify as "Business Partner" relationships. If you are aware of an IBM-EMC business partnership that has been made public related to the Atmos, or in any other regard that you think is relevant here, please clarify. --- Tony

Archive User
Fri February 26, 2010 07:06 AM

Originally posted by: thestorageanarchist


Chuck's words "seized by the government" clearly implies nothing unethical, nor does it reference any violation of compliance. Since you now seem to agree that Chuck's comments were describing the protection that Atmos now offers against "unexpected" ETHICAL loss, your original post and even the rest of your response are clearly intended to falsely attack and discredit both Chuck and your business partner EMC's products in a public forum. I believe this to be in direct violation of IBM's Code of Conduct. You might want to make (another) call to IBM Legal to see what they think. As an EMC and IBM shareholder, I respectfully request you remove this distasteful and abhorrent - perhaps even defamatory - attack from your blog and IBM's web site(s).

Archive User
Thu February 25, 2010 11:52 AM

Originally posted by: TonyPearson


BarryB, The word "protect" is overloaded with multiple meanings. One meaning is to protect against unexpected loss, so that if you lose a copy of the data, or parts of the data, you can recreate or rebuild from other copies to get it back. A second meaning is to protect against unethical tampering, such as compliance storage from the new IBM Information Archive that provides Non-Erasable, Non-Rewriteable storage enforcement for compliance with regulations. A third meaning is to protect against unauthorized access, such as the use of encryption on IBM's various disk and tape systems. I found ChuckH's use of the phrase "seized by the government" an odd choice. I understand that this can happen, that governments can seize storage equipment and media, and this should be treated like any other loss in the first sense of the meanings above, no different than if the data was lost to flood or fire damage. However, when people read "protect against government seizure" they might misinterpret this as protection against unauthorized access to the data, the third meaning above, which as you have stated correctly would not be the case. I would hate for people to think that GeoProtect single-handedly eliminates the need to encrypt sensitive data. -- Tony

Archive User
Wed February 24, 2010 07:49 PM

Originally posted by: thestorageanarchist


Tony - Your suggestion that protecting information against government seizure implies that Atmos is intended as "Storage for Terrorists" is insulting and outlandish You clearly are not aware that this threat is very real, and one that international corporations (such as your own employer) actually prepare for in their disaster planning. Canadian companies , for example, are no longer allowed to store customer data in the United States (in their DR sites, for example) because the US Patriot Act allows our own federal government to seize any data without a warrant. In Europe, companies within many countries cannot place their DR sites within the boundaries of a foriegn government - even within the borders of partner members of the EU. And encryption is not accepted by ANY of these companies or countries as a means to protect customer information from being seized - many understand empirically that a government like the US or China probably have sufficient computer power to decipher most practical encryption schemes - INCLUDING AES 256... So, once again you embarrass yourself, and perhaps your employer as well.