Pure Storage is proud to announce the availability of secure multi-tenancy (SMT) on our FlashArray™ storage endpoints. This is an important foundational step to Secure Application Workspaces (SAW)—our future genesis of SMT that will add configuring Portworx® container storage to the same management plane and give storage administrators a long-needed consolidation of tools to simplify their day-to-day operations.
Pure Storage has a long history of customer-centric design principles, which means we often reevaluate industry-standard/accepted technical concepts in our design process and then improve them for a better customer experience. SMT and its genesis to SAW is no exception. We aren’t just renaming “secure multi-tenancy” to be different. SAW will convey an improved perspective by integrating container storage management with Portworx, which will accelerate app modernization.
Secure Multi-tenancy—Pure Storage’s Approach
At its simplest, SMT means an organization of users sharing data storage space on a storage host where their potential competitors also sit (i.e., major cola brand vs. major cola brand). While that is a viable definition, Pure Storage up-levels SMT to include applications/workloads as tenants, with each one needing its own performance and availability SLAs. Pure Storage’s up-leveled approach to SMT takes the value from cost efficiency via resource sharing to modernizing your applications to make your entire business more efficient.
Multi-tenancy Has Always Been a Thing
Multi-tenancy isn’t new. It has existed as a concept since 1922 but has changed names over the years as the concept evolved. If you’re familiar with any of these phrases, you’ve worked in a multi-tenant environment:
- Time-sharing (IBM)
- CP/M Multiuser DOS (Digital Research/Novell)
- NT Virtual DOS Machine (Microsoft)
- Virtual domains (Sun Microsystems)
- X86 OS virtualization (VMware/Red Hat/Microsoft)
- Cloud computing (AWS/Azure/GCP)
In fact, any platform system service that allows multiple operating systems, applications, or users to simultaneously access its kernel is considered multi-tenant.
Multi-tenant Enterprise Storage: Fundamental to Cloud Operating Models and Beyond
SMT for storage has also existed for quite some time, and legacy vendors have implemented it in various forms in their products based on a common set of reasons:
- Cost optimization by sharing a single hardware resource among multiple tenants
- Tenant isolation for better security and autonomy
- Faster time to service for end consumers
- Improved storage resource management to include chargeback
Pure Storage’s approach to its SMT implementation carries the same intentions, and we’re excited to begin working with managed service provider (MSP) customers and prospects in a new usage dimension they can leverage for better profitability. Our platforms have always had incredible TCO advantages for them regarding reduced power and cooling with maximum storage density—we can now offer the ability to maximize their usage density more for additional cost savings. More tenants on the same physical device are often the highest architectural priority for them.
While our introduction of SMT is great news for MSP customers and prospects for multi-tenant hosting and management, we also believe any self-hosted IT operation can benefit from leveraging it in its data center. That is, enterprises and organizations can gain true business value by sharing storage infrastructure among internal clients, departments, or teams.
For instance, implementing a storage multi-tenant environment in core enterprise storage can make a corporate merger or acquisition migrations smoother because file structures and namespaces can be preserved in subsequent migrations and consolidation. Another example is isolating tenants by department and regulating their storage CPU and resource consumption with quality of service (QoS) rules to avoid the “noisy neighbor” risk. And while it may not be a mainstream practice, implementing SMT also offers the possibility of a tenant managing its own storage space, giving the data center operators back cycles to fight other fires that are inevitably raging in other spots.
More Robust Tenant Observability—Better Business Value with Pure Storage SMT
Storage resource consumption observability for chargeback has been a utopian prospect for many years. It’s often positioned as a way to hold departments accountable for their usage, even if they aren’t paying an official “bill” for it. While this scenario is viable, its implementation in data centers is rare because of the additional accounting cycles needed by the CFO’s office to manage “payments” from serviced departments with money that is not real.
Our implementation of SMT fixes this challenge by making it possible to actually see (observe) how departments use resources without a lot of difficult accounting magic. This is the business value of observability, especially if it’s robust and granular enough to not just look backward for consumption trend insights for tenants but also to look forward as storage grows and inevitable platform refreshes get closer. Observability makes it possible to get the most out of your infrastructure today to plan effectively for the future, with hard, meaningful data. This level of observability becomes possible if individual workloads are considered as separate tenants—especially if the performance vectors and growth of one application outpace the others. Without Pure Storage’s up-leveled SMT implementation, business value becomes harder to calculate because manual calculations from point-in-time metrics of storage based on volumes or giant file systems take too much time.
Realms: The Root of All Tenants
The heart of Pure Storage SMT lies in the concept of “realms,” a logical construct to group storage objects together and deliver multi-tenancy. Think of a tenant’s realm as a self-contained, virtual storage environment capable of delivering data over any protocol, overseen with highly configurable management policies for availability SLAs or quotas and QoS variables for limiting the “noisy neighbor” risk.
Realm Creation and Management
Because realms are considered a logical construct, only an array user with array_admin privileges can create, manage, and destroy them. Imagine that user as the landlord of an apartment building and the individual units as tenants. The admins manage the building and its tenants from an “outsider” perspective by securing residents in vacancies and maintaining the collective order and ownership for any problems that crop up. The inside part of an apartment is managed by the tenant in how they arrange furniture, decorate, and live.
Realm administration is a similar effort in that the array_admin user can not only create and destroy them but also manage their size quota and QoS as they relate to other realms on the same array. They also have the ability to move workloads in and out of realms, as well as delegate “consumers”—tenant users who can manage data services inside a realm as a tenant.
SAW Sample Use Case: Test/Dev Operations
Implementing an SMT model isn’t just for service providers wanting to securely isolate tenants and prevent data spillage between the two—there are many possibilities for enterprises and organizations. Consider an array that concurrently supports production workloads and the Test/Dev team. Many data center architectures might mitigate CPU overconsumption by controlling resources to virtual machines between those tenants but have no way of accomplishing the same with the enterprise storage side. This becomes an easy fix with Pure Storage SMT, where the Test/Dev environment is set up as a consumer tenant that can be managed with a quota and QoS while doing its testing on replicas from production data and managing its own snapshots. This configuration allows for database managers to self-manage their snapshots and any testing they perform without fear of suffocating the production tenant of the array.
Pure Storage FlashArray and FlashBlade: Dead-easy SMT to Be Included
Pure Storage is proud to announce that FlashArray will be capable of supporting SMT with Purity updates beginning this month. Once updated, the array will be capable of allowing storage administrators the option to logically divide their storage to better align with upstream demands from their end customers and workloads. Here are some highlights of how our multi-tenancy approach shines brighter than alternative solutions:
- Simpler configuration for shared infrastructure. Pure Storage SMT requires 75% fewer parameter definitions compared to the competition, making it simpler to implement and manage.
- Better visibility and isolation capabilities. This capability allows an infrastructure owner to provision more workloads per array, thus increasing array utilization and tenant density.
- Improved security to prevent data leakage. SMT’s implementation filters traffic at the protocol level based on upstream namespaces to ensure data is not leaked among tenants.
- This is the first step to a bigger vision. Secure Application Workspaces is the end goal, with traditional and container SMT storage being managed by a unified console.
And, in true Pure Storage fashion, SMT will be included with no extra costs and will be simple to implement and manage. In fact, any volumes will be able to non-disruptively migrate into a new tenant space.
Some Initial Release Nuances
On its release, FlashArray will support SMT on block-only volumes, while FlashBlade® will support it on file workloads. It will be available on FlashArray files later in the year. SMT will also be only accessible via the command line on initial release. It will be integrated into the array UIs by the end of the year, as well.
Pure//Launch Fall 2024 Webinar
Meet Real-time Enterprise File on the Pure Storage Platform
Learn More about Pure Storage SMT
The Pure Storage release of SMT comes at a great time in the industry. Many organizations are looking to make their data center infrastructure more “cloud-like” in how it operates. SMT and SAW deliver on that vision. Be sure to reach out to your account’s principal technologist or field solutions architect for a deeper dive.
Written By: