Understanding SAW: Portworx + FlashArray Secure Multi-Tenancy

Pure Storage extends the benefits of secure multi-tenancy to container-based application development with the introduction of Secure Application Workspaces.

FlashArray Secure Multi Tenancy

5 minutes

Summary

Secure Application Workspaces (SAW) is now available for container-based applications, extending the benefits of secure multi-tenancy.

image_pdfimage_print

Pure Storage is pleased to introduce Secure Application Workspaces (SAW) for container-based applications. SAW streamlines storage management for admins who support Kubernetes application development teams. It extends the secure multi-tenancy (SMT) features, which we recently launched, by hosting Portworx® Kubernetes clusters as individual tenants on FlashArray™. With SAW, Portworx development teams can access all the security, performance, and capacity benefits of FlashArray, while storage managers can use quality of service (QoS) to be certain that the applications will only use the resources they’ve been allocated.  

Setting the Table: A Primer on Portworx Data Services

Many container-based app developers use an infrastructure-as-code (IaaC) approach that allows them to utilize IT resources, CPU, memory, and storage without regard to other users on the resource: They can create clusters, nodes, and pods with the assumption that the resources are available. And, while IaaC can be seen as a progressive shift for developers to make app creation and upgrades easier and faster, this can be a challenge for IT managers who oversee constrained infrastructure resources. They’re often responsible for comprehensive operational and security policies that have controls for all of their data center technologies.

Portworx provides its partner Kubernetes platform provider IaaC environments with robust, cloud-native data services for developers to include self-service storage, backup services, and disaster recovery services. SAW provides an option for administrators to manage storage resources delivered to IaaC developers within specified boundaries without overwhelming the system by taking more storage resources than allocated. 

Let’s see how that works at a more detailed level. 

Embracing Storage Needs for Next-generation Applications with SAW

Portworx’s ability to provide robust cloud-native data services is industry-leading but also can be perceived as another silo to manage in the data center, specifically at a storage capacity level. With SAW, data center operators looking to consolidate their operations can opt to deliver Portworx’s storage needs with a FlashArray target, providing the following benefits:

  • Data security and tenant isolation
  • Improved control and governance
  • Cost efficiency and allocation from superior data reduction in FlashArray
SAW
Figure 1: Portworx and FlashArray together.

These three concepts are foundational to why we created SAW. Data storage delivered to Kubernetes-based ecosystems can often be viewed by developers as an endless pool of unregulated space. SAW provides the capability to bring some structure to that approach.

Enabling Harmony between Portworx and FlashArray with SAW

The most crucial concept to understand for SAW is straightforward: If your FlashArray system has implemented secure multi-tenancy, it can host Portworx data on it as a tenant at the Kubernetes-cluster level to immediately recognize the three benefits mentioned above. Once the cluster’s configuration has redirected its storage repository to the FlashArray system, interaction between the two will happen via RESTful APIs. 

FlashArray Secure Multi Tenancy
Figure 2: Portworx as a tenant in a FlashArray realm.

Since the cluster is its own tenant realm on the FlashArray system, its Kubernetes administrators can be delegated the tenant admin access they need to manage their own provisioned storage.

FlashArray Hosting Portworx Data—Immediate Benefits

There are robust advantages when Portworx leverages FlashArray for its shared storage. These benefits are well-known because of what FlashArray provides for other workloads:

saw
Figure 3: Benefits offered by FlashArray. 

These benefits are why FlashArray has dominated the all-flash market, including being named A Leader in the Gartner® Magic Quadrant™ 10 years in a row. SAW delivers all these storage-level benefits to container-based applications without requiring further effort from the application development team. They’re all included with SAW. 

Storage infrastructure and platform teams have different, but related, SLAs. SAW provides a blended value to both of them by enabling an end-to-end way to regulate resource allocation and consumption from the CPU and all the way through to the storage.

We’re Just Getting Started—SAW’s Future Is Bright

Integrating Portworx and FlashArray with SAW for basic tenant management and control is just a first step. We have capabilities on our roadmap that will provide service-level guarantees, per-tenant data encryption, and integration with Pure Fusion™ to eventually manage Portworx storage at a fleet level, thus enabling data mobility benefits it can provide for traditional workloads.

FlashArray Secure Multi Tenancy
Figure 4: The future is bright for SAW.

A Real-world Use Case for SAW

A global service provider realized they could streamline their storage management and utilization needs by hosting Portworx data on their FlashArray high-availability (HA) pair. This implementation was before we had released SMT as a Purity feature, so the data was simply tied to a volume that had been provisioned on the array without resource controls.

Rapid scaling to meet performance demand metrics is one of the biggest benefits of leveraging containers in modern application development—their count can quickly rise and fall based on end-user needs more easily than monolithic applications. Unfortunately, our customer’s application needed to rapidly scale up for a critical release event, which inadvertently hijacked almost all of the array’s resources, causing the other workloads sharing the array to see a serious reduction in their performance. In other words, the application was able to take storage resources that other applications on the array expected to get. SAW fixes this challenge because quality of service (QOS) settings for the Kubernetes cluster throttled its resource consumption, thus ensuring the other tenant workloads wouldn’t suffer.

Reach Out and Get to Know More about SAW

You can see how SAW works with container applications in this demo video. It gives a great walk-through on how the integration happens in Portworx. Feel free to also reach out to your Principal Technologist or Field Solutions Architect from the Portworx and FlashArray teams to learn more.

Simply put, cloud-native and monolithic applications are better together with Portworx and FlashArray! SAW is currently in beta and GA at the end of August.