SlideShare a Scribd company logo

file-storage-100.pdf

A
Abhi850745

oci file storage

Education
1 of 22
Download to read offline
Rohit Rahi Oracle Cloud Infrastructure October, 2019 File Storage Service L100
Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
File Storage Service Intro
OCI Storage Services Local NVMe Block Volume File Storage Object Storage Archive Storage Type NVMe SSD based temporary storage NVMe SSD based block storage NFSv3 compatible file system Highly durable Object storage Long-term archival and backup Durability Non-persistent; survives reboots Durable (multiple copies in an AD) Durable (multiple copies in an AD) Highly durable (multiple copies across ADs) Highly durable (multiple copies across ADs) Capacity Terabytes+ Petabytes+ Exabytes+ Petabytes+ Petabytes+ Unit Size 51.2 TB for BM, 6.4-25.6 TB for VM 50 GB to 32 TB/vol 32 vols/instance Up to 8 Exabyte 10 TB/object 10 TB/object Use cases Big Data, OLTP, high performance workloads Apps that require SAN like features (Oracle DB, VMW, Exchange) Apps that require shared file system (EBS, HPC) Unstructured data incl. logs, images, videos Long term archival and backups (Oracle DB backups)
File Storage Service – use cases General Purpose File Systems Big Data & Analytics HPC Scale Out Apps Oracle Applications Lift and Shift Test / Dev Databases MicroServices Containers EBS
File Storage service Features • AD-local service, available in all OCI regions and Availability Domains • Supports NFS v.3 • Network Lock Management (NLM) for file locking • Full POSIX semantics • Data Protection: Snapshots capabilities; 10,000 snapshots per file system • Security: 128-bit, data-at-rest encryption for all file systems & metadata • Console management, APIs, CLI, data-path commands, and Terraform • Create 100 file systems and 2 mount targets per AD per account
Mount Target Mount Target • NFS endpoint that lives in your subnet of choice; AD-specific • Mount target has an IP address and DNS name that you can use in your mount command. E.g. 10.0.0.6 • Requires three private IP addresses in the subnet (don’t use /30 or smaller subnets for the FSS) • Two of the IP addresses are used during mount target creation; 3rd IP used for HA OCI REGION AVAILABILITY DOMAIN-2 AVAILABILITY DOMAIN-1 10.0.0.0/24 10.0.1.0/24 NFS client NFS client VCN, 10.0.0.0/16
Mount Target OCI REGION AVAILABILITY DOMAIN-2 AVAILABILITY DOMAIN-1 10.0.0.0/24 10.0.1.0/24 NFS client NFS client VCN, 10.0.0.0/16 Mount Target • Placing NFS clients and mount target in the same subnet can result in IP conflicts, as users are not shown which private IPs are used for mount target • Place FSS mount target in its own subnet, where it can consume IPs as it needs 10.0.2.0/24
File System OCI REGION AVAILABILITY DOMAIN-2 AVAILABILITY DOMAIN-1 10.0.0.0/24 10.0.1.0/24 NFS client NFS client VCN, 10.0.0.0/16 10.0.2.0/24 File System • Primary resources for storing files in FSS • To access your file systems, you create a new (or use an existing) mount target • 100 File Systems per Mount Target • AD-specific • Accessible from OCI VM/BM instances • Accessible from on-premises through FastConnect/VPN
FSS Paths • Export Path: unique path specified when the file system is associated with a mount target during creation • No two File systems associated with the same mount target can have overlapping export paths (e.g. FS paths like /example and /example/path are not allowed) Mount target (NFS endpoint): 10.0.0.6 Export Path1: /example1/path Export Path1 2: /example2/path • Export path, along with the mount target IP address, is used to mount the file system to an instance • sudo mount 10.0.0.6:/example1/path /mnt/mountpointA • sudo mount 10.0.0.6:/example2/path /mnt/mountpointB • /mnt/mountpointA and /mnt/mountpointB are path to the directory on the NFS client instance on which the external file systems are mounted
Mounting an OCI File System • Launch OCI instance from console • Use NFSv3 protocol to mount the FSS volume • Install nfs-utils (Oracle Linux and CentOS) or nfs-common (Ubuntu) in your Linux system • Create a directory • On the FSS console, click on Mount Targets • Use the Private IP address information to mount the volume using nfs command: opc@node01:~$ sudo mkdir -p /<user’s target directory> opc@node01:~$ sudo mount <IPaddress>:<path-name> /<user’s target directory> opc@node01:~$ sudo yum install nfs-utils opc@node01:~$ sudo mkdir -p /mnt/nfs opc@node01:~$ sudo mount 10.0.0.3:/fss-shared /mnt/nfs NOTE: We recommend not to pass mount options to achieve best performance with File Storage Service. This approach leaves it to the client and server to negotiate the window size for Read & Write operations.
File Storage Service Demo
File Storage Service Security
Security Security layer Uses these.. To control actions like these.. IAM Service OCI users, policies Creating instances (NFS clients) and FSS VCNs. Creating, listing, and associating file systems and mount targets Security Lists CIDR blocks Connecting the NFS client instance to the mount target Export Options Export options, CIDR blocks Applying access control per-file system based on source IP CIDR blocks that bridges the Security Lists layer and the NFS v.3 Unix Security layer NFS v3. Unix Security Unix users Mounting file systems1, reading the writing files, file access security 1 When mounting file systems, don't use mount options such as nolock, rsize, or wsize. These options cause issues with performance and file locking Four distinct and separate layers of security with its own authorization entities and methods to consider when using FSS
Security Lists OCI REGION AVAILABILITY DOMAIN-2 AVAILABILITY DOMAIN-1 10.0.0.0/24 10.0.1.0/24 NFS client NFS client VCN, 10.0.0.0/16 10.0.2.0/24 Security List can be used as a virtual firewall to prevent NFS clients from mounting an FSS mount target (even in the same subnet). FSS needs - • Stateful ingress TCP ports 111, 2048 – 2050 • Stateful ingress UDP ports 111 and 2048 • Opening these ports enables traffic from Solaris, Linux, and Windows NFS clients Type Source CIDR Protocol Source Port Dest Port Ingress 10.0.0.0/241 TCP All 2048-2050 Ingress 10.0.0.0/24 TCP All 111 Ingress 10.0.0.0/24 UDP All 2048 Ingress 10.0.0.0/24 UDP All 111 1 For all subnets within VCN (e.g. 10.0.1.0/24) to access File System, change destination CIDR to 10.0.0.0/16; all rules stateful
Export Option • Security List is all or nothing approach – the client either can or cannot access the mount target, and therefore all file systems associated with it • In a multi-tenant environment, using NFS export option, you can limit clients' ability to connect to the file system and view or write data • Export controls how NFS clients access file systems; info stored in an export includes the file system OCID, export path, and client access options • When you create file system and associated mount target, the NFS export options for that file system are set to allow full access for all NFS clients : • Source: 0.0.0.0/0 (All) • Require Privileged Source Port: False • Access: Read_Write • Identity Squash: None
Export Option Client X VCN, 10.0.0.0/16 10.0.0.0/24 Mount Target subnet File System A File System B Client Y 10.0.1.0/24 • Client X, assigned to 10.0.0.0/24, requires Read/Write access to file system A, but not file system B • Client Y, assigned to 10.0.1.0/24, requires Read access to file system B, but no access to file system A • Both file systems A and B are associated to a single mount target oci fs export update --export-id <FS_B_export_ID> --export- options '[{"source":"10.0.1.0/24 ","require-privileged-source- port":"true","access":"READ_ONLY ","identity- squash":"NONE","anonymous- uid":"65534","anonymous- gid":"65534"}]' oci fs export update --export-id <FS_A_export_ID> --export- options '[{"source":"10.0.0.0/24 ","require-privileged-source- port":"true","access":"READ_WRIT E","identity- squash":"NONE","anonymous- uid":"65534","anonymous- gid":"65534"}]' 10.0.2.0/24
File Storage Service Snapshots
File Storage Service Snapshot • Snapshots provide a read-only, space efficient, point-in-time backup of a file system • Snapshots are created under the root folder of file system, in a hidden directory named .snapshot • You can take up to 10,000 snapshots per file system • You can restore a file within the snapshot, or an entire snapshot using the cp or rsync command – cp -r .snapshot/snapshot_name/* destination_directory_name • If nothing has changed within the target file system and you take a snapshot, it does not consume any additional storage
Summary • OCI File Storage Service provides a fully managed, elastic, durable, distributed, enterprise- grade network file system • FSS supports NFS v3, snapshots and default data-at-rest encryption • FSS is highly scalable (Exabytes) and performant • FSS supports four distinct and separate layers of security with its own authorization entities and methods
21 © 2019 Oracle Oracle Cloud always free tier: oracle.com/cloud/free/ OCI training and certification: https://www.oracle.com/cloud/iaas/training/ https://www.oracle.com/cloud/iaas/training/certification.html education.oracle.com/oracle-certification-path/pFamily_647 OCI hands-on labs: ocitraining.qloudable.com/provider/oracle Oracle learning library videos on YouTube: youtube.com/user/OracleLearning
Thank you

Recommended

VMware vSphere 6.0 - Troubleshooting Training - Day 4
VMware vSphere 6.0 - Troubleshooting Training - Day 4VMware vSphere 6.0 - Troubleshooting Training - Day 4
VMware vSphere 6.0 - Troubleshooting Training - Day 4Sanjeev Kumar
 
VMware Advance Troubleshooting Workshop - Day 4
VMware Advance Troubleshooting Workshop - Day 4VMware Advance Troubleshooting Workshop - Day 4
VMware Advance Troubleshooting Workshop - Day 4Vepsun Technologies
 
A Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container PlatformsA Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container PlatformsSalman Baset
 
Adrian Stoian - Manage Private and Public Cloud Services with System Center 2...
Adrian Stoian - Manage Private and Public Cloud Services with System Center 2...Adrian Stoian - Manage Private and Public Cloud Services with System Center 2...
Adrian Stoian - Manage Private and Public Cloud Services with System Center 2...ITSpark Community
 
Linux Servers.pptx
Linux Servers.pptxLinux Servers.pptx
Linux Servers.pptxChSheraz3
 
DevOPS training - Day 1/2
DevOPS training - Day 1/2DevOPS training - Day 1/2
DevOPS training - Day 1/2Vincent Mercier
 
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)Yong Tang
 
Addmi 03-addm prerequisites
Addmi 03-addm prerequisitesAddmi 03-addm prerequisites
Addmi 03-addm prerequisitesodanyboy
 

Recommended

VMware vSphere 6.0 - Troubleshooting Training - Day 4
VMware vSphere 6.0 - Troubleshooting Training - Day 4VMware vSphere 6.0 - Troubleshooting Training - Day 4
VMware vSphere 6.0 - Troubleshooting Training - Day 4Sanjeev Kumar
 
VMware Advance Troubleshooting Workshop - Day 4
VMware Advance Troubleshooting Workshop - Day 4VMware Advance Troubleshooting Workshop - Day 4
VMware Advance Troubleshooting Workshop - Day 4Vepsun Technologies
 
A Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container PlatformsA Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container PlatformsSalman Baset
 
Adrian Stoian - Manage Private and Public Cloud Services with System Center 2...
Adrian Stoian - Manage Private and Public Cloud Services with System Center 2...Adrian Stoian - Manage Private and Public Cloud Services with System Center 2...
Adrian Stoian - Manage Private and Public Cloud Services with System Center 2...ITSpark Community
 
Linux Servers.pptx
Linux Servers.pptxLinux Servers.pptx
Linux Servers.pptxChSheraz3
 
DevOPS training - Day 1/2
DevOPS training - Day 1/2DevOPS training - Day 1/2
DevOPS training - Day 1/2Vincent Mercier
 
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)Yong Tang
 
Addmi 03-addm prerequisites
Addmi 03-addm prerequisitesAddmi 03-addm prerequisites
Addmi 03-addm prerequisitesodanyboy
 
vSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User WorkflowvSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User WorkflowSimone Morellato
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionWestermo Network Technologies
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
 
Linux Servers
Linux ServersLinux Servers
Linux ServersShafaan Khaliq Bhatti
 
VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1Louis Göhl
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0maaz khan
 
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"LogeekNightUkraine
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker建澄 吳
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on DockerChien Cheng Wu
 
Practical Introduction To Linux
Practical Introduction To LinuxPractical Introduction To Linux
Practical Introduction To LinuxZeeshan Rizvi
 
Fsoss12
Fsoss12Fsoss12
Fsoss12Dru Lavigne
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
Securing Hadoop with OSSEC
Securing Hadoop with OSSECSecuring Hadoop with OSSEC
Securing Hadoop with OSSECVic Hargrave
 
An introduction into Oracle VM V3.x
An introduction into Oracle VM V3.xAn introduction into Oracle VM V3.x
An introduction into Oracle VM V3.xMarco Gralike
 
Lksn2017 itnsa modul2
Lksn2017 itnsa modul2Lksn2017 itnsa modul2
Lksn2017 itnsa modul2Verry Hendroprasetyo
 
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORVanika Kapoor
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
 
iSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System InterfaceiSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System InterfaceManoj Singh
 
Veer's Container Security
Veer's Container SecurityVeer's Container Security
Veer's Container SecurityJim Barlow
 
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLESQuick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLESJan Kalcic
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024Borja Sotomayor
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxneillewis46
 

More Related Content

Similar to file-storage-100.pdf

vSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User WorkflowvSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User WorkflowSimone Morellato
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionWestermo Network Technologies
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
 
VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1Louis Göhl
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0maaz khan
 
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"LogeekNightUkraine
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker建澄 吳
 
Practical Introduction To Linux
Practical Introduction To LinuxPractical Introduction To Linux
Practical Introduction To LinuxZeeshan Rizvi
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
Securing Hadoop with OSSEC
Securing Hadoop with OSSECSecuring Hadoop with OSSEC
Securing Hadoop with OSSECVic Hargrave
 
An introduction into Oracle VM V3.x
An introduction into Oracle VM V3.xAn introduction into Oracle VM V3.x
An introduction into Oracle VM V3.xMarco Gralike
 
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORVanika Kapoor
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
 
iSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System InterfaceiSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System InterfaceManoj Singh
 
Veer's Container Security
Veer's Container SecurityVeer's Container Security
Veer's Container SecurityJim Barlow
 
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLESQuick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLESJan Kalcic
 

Similar to file-storage-100.pdf (20)

vSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User WorkflowvSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User Workflow
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protection
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
 
Linux Servers
Linux ServersLinux Servers
Linux Servers
 
VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0
 
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
 
Practical Introduction To Linux
Practical Introduction To LinuxPractical Introduction To Linux
Practical Introduction To Linux
 
Fsoss12
Fsoss12Fsoss12
Fsoss12
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
 
Securing Hadoop with OSSEC
Securing Hadoop with OSSECSecuring Hadoop with OSSEC
Securing Hadoop with OSSEC
 
An introduction into Oracle VM V3.x
An introduction into Oracle VM V3.xAn introduction into Oracle VM V3.x
An introduction into Oracle VM V3.x
 
Lksn2017 itnsa modul2
Lksn2017 itnsa modul2Lksn2017 itnsa modul2
Lksn2017 itnsa modul2
 
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
 
iSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System InterfaceiSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System Interface
 
Veer's Container Security
Veer's Container SecurityVeer's Container Security
Veer's Container Security
 
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLESQuick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLES
 

Recently uploaded

UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024Borja Sotomayor
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxneillewis46
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...Nguyen Thanh Tu Collection
 
An overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismAn overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismDabee Kamal
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project researchCaitlinCummins3
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFVivekanand Anglo Vedic Academy
 
Trauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesTrauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesPooky Knightsmith
 
ANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxPoojaSen20
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppCeline George
 
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptxAnalyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptxLimon Prince
 
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSean M. Fox
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...Nguyen Thanh Tu Collection
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文中 央社
 
How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17Celine George
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsSandeep D Chaudhary
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSAnaAcapella
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfPondicherry University
 

Recently uploaded (20)

UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
An overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismAn overview of the various scriptures in Hinduism
An overview of the various scriptures in Hinduism
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDF
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
Trauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesTrauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical Principles
 
ANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptx
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio App
 
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptxAnalyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
 
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
 
How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17
 
Mattingly "AI and Prompt Design: LLMs with NER"
Mattingly "AI and Prompt Design: LLMs with NER"Mattingly "AI and Prompt Design: LLMs with NER"
Mattingly "AI and Prompt Design: LLMs with NER"
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 

file-storage-100.pdf

  • 1. Rohit Rahi Oracle Cloud Infrastructure October, 2019 File Storage Service L100
  • 2. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • 4. OCI Storage Services Local NVMe Block Volume File Storage Object Storage Archive Storage Type NVMe SSD based temporary storage NVMe SSD based block storage NFSv3 compatible file system Highly durable Object storage Long-term archival and backup Durability Non-persistent; survives reboots Durable (multiple copies in an AD) Durable (multiple copies in an AD) Highly durable (multiple copies across ADs) Highly durable (multiple copies across ADs) Capacity Terabytes+ Petabytes+ Exabytes+ Petabytes+ Petabytes+ Unit Size 51.2 TB for BM, 6.4-25.6 TB for VM 50 GB to 32 TB/vol 32 vols/instance Up to 8 Exabyte 10 TB/object 10 TB/object Use cases Big Data, OLTP, high performance workloads Apps that require SAN like features (Oracle DB, VMW, Exchange) Apps that require shared file system (EBS, HPC) Unstructured data incl. logs, images, videos Long term archival and backups (Oracle DB backups)
  • 5. File Storage Service – use cases General Purpose File Systems Big Data & Analytics HPC Scale Out Apps Oracle Applications Lift and Shift Test / Dev Databases MicroServices Containers EBS
  • 6. File Storage service Features • AD-local service, available in all OCI regions and Availability Domains • Supports NFS v.3 • Network Lock Management (NLM) for file locking • Full POSIX semantics • Data Protection: Snapshots capabilities; 10,000 snapshots per file system • Security: 128-bit, data-at-rest encryption for all file systems & metadata • Console management, APIs, CLI, data-path commands, and Terraform • Create 100 file systems and 2 mount targets per AD per account
  • 7. Mount Target Mount Target • NFS endpoint that lives in your subnet of choice; AD-specific • Mount target has an IP address and DNS name that you can use in your mount command. E.g. 10.0.0.6 • Requires three private IP addresses in the subnet (don’t use /30 or smaller subnets for the FSS) • Two of the IP addresses are used during mount target creation; 3rd IP used for HA OCI REGION AVAILABILITY DOMAIN-2 AVAILABILITY DOMAIN-1 10.0.0.0/24 10.0.1.0/24 NFS client NFS client VCN, 10.0.0.0/16
  • 8. Mount Target OCI REGION AVAILABILITY DOMAIN-2 AVAILABILITY DOMAIN-1 10.0.0.0/24 10.0.1.0/24 NFS client NFS client VCN, 10.0.0.0/16 Mount Target • Placing NFS clients and mount target in the same subnet can result in IP conflicts, as users are not shown which private IPs are used for mount target • Place FSS mount target in its own subnet, where it can consume IPs as it needs 10.0.2.0/24
  • 9. File System OCI REGION AVAILABILITY DOMAIN-2 AVAILABILITY DOMAIN-1 10.0.0.0/24 10.0.1.0/24 NFS client NFS client VCN, 10.0.0.0/16 10.0.2.0/24 File System • Primary resources for storing files in FSS • To access your file systems, you create a new (or use an existing) mount target • 100 File Systems per Mount Target • AD-specific • Accessible from OCI VM/BM instances • Accessible from on-premises through FastConnect/VPN
  • 10. FSS Paths • Export Path: unique path specified when the file system is associated with a mount target during creation • No two File systems associated with the same mount target can have overlapping export paths (e.g. FS paths like /example and /example/path are not allowed) Mount target (NFS endpoint): 10.0.0.6 Export Path1: /example1/path Export Path1 2: /example2/path • Export path, along with the mount target IP address, is used to mount the file system to an instance • sudo mount 10.0.0.6:/example1/path /mnt/mountpointA • sudo mount 10.0.0.6:/example2/path /mnt/mountpointB • /mnt/mountpointA and /mnt/mountpointB are path to the directory on the NFS client instance on which the external file systems are mounted
  • 11. Mounting an OCI File System • Launch OCI instance from console • Use NFSv3 protocol to mount the FSS volume • Install nfs-utils (Oracle Linux and CentOS) or nfs-common (Ubuntu) in your Linux system • Create a directory • On the FSS console, click on Mount Targets • Use the Private IP address information to mount the volume using nfs command: opc@node01:~$ sudo mkdir -p /<user’s target directory> opc@node01:~$ sudo mount <IPaddress>:<path-name> /<user’s target directory> opc@node01:~$ sudo yum install nfs-utils opc@node01:~$ sudo mkdir -p /mnt/nfs opc@node01:~$ sudo mount 10.0.0.3:/fss-shared /mnt/nfs NOTE: We recommend not to pass mount options to achieve best performance with File Storage Service. This approach leaves it to the client and server to negotiate the window size for Read & Write operations.
  • 14. Security Security layer Uses these.. To control actions like these.. IAM Service OCI users, policies Creating instances (NFS clients) and FSS VCNs. Creating, listing, and associating file systems and mount targets Security Lists CIDR blocks Connecting the NFS client instance to the mount target Export Options Export options, CIDR blocks Applying access control per-file system based on source IP CIDR blocks that bridges the Security Lists layer and the NFS v.3 Unix Security layer NFS v3. Unix Security Unix users Mounting file systems1, reading the writing files, file access security 1 When mounting file systems, don't use mount options such as nolock, rsize, or wsize. These options cause issues with performance and file locking Four distinct and separate layers of security with its own authorization entities and methods to consider when using FSS
  • 15. Security Lists OCI REGION AVAILABILITY DOMAIN-2 AVAILABILITY DOMAIN-1 10.0.0.0/24 10.0.1.0/24 NFS client NFS client VCN, 10.0.0.0/16 10.0.2.0/24 Security List can be used as a virtual firewall to prevent NFS clients from mounting an FSS mount target (even in the same subnet). FSS needs - • Stateful ingress TCP ports 111, 2048 – 2050 • Stateful ingress UDP ports 111 and 2048 • Opening these ports enables traffic from Solaris, Linux, and Windows NFS clients Type Source CIDR Protocol Source Port Dest Port Ingress 10.0.0.0/241 TCP All 2048-2050 Ingress 10.0.0.0/24 TCP All 111 Ingress 10.0.0.0/24 UDP All 2048 Ingress 10.0.0.0/24 UDP All 111 1 For all subnets within VCN (e.g. 10.0.1.0/24) to access File System, change destination CIDR to 10.0.0.0/16; all rules stateful
  • 16. Export Option • Security List is all or nothing approach – the client either can or cannot access the mount target, and therefore all file systems associated with it • In a multi-tenant environment, using NFS export option, you can limit clients' ability to connect to the file system and view or write data • Export controls how NFS clients access file systems; info stored in an export includes the file system OCID, export path, and client access options • When you create file system and associated mount target, the NFS export options for that file system are set to allow full access for all NFS clients : • Source: 0.0.0.0/0 (All) • Require Privileged Source Port: False • Access: Read_Write • Identity Squash: None
  • 17. Export Option Client X VCN, 10.0.0.0/16 10.0.0.0/24 Mount Target subnet File System A File System B Client Y 10.0.1.0/24 • Client X, assigned to 10.0.0.0/24, requires Read/Write access to file system A, but not file system B • Client Y, assigned to 10.0.1.0/24, requires Read access to file system B, but no access to file system A • Both file systems A and B are associated to a single mount target oci fs export update --export-id <FS_B_export_ID> --export- options '[{"source":"10.0.1.0/24 ","require-privileged-source- port":"true","access":"READ_ONLY ","identity- squash":"NONE","anonymous- uid":"65534","anonymous- gid":"65534"}]' oci fs export update --export-id <FS_A_export_ID> --export- options '[{"source":"10.0.0.0/24 ","require-privileged-source- port":"true","access":"READ_WRIT E","identity- squash":"NONE","anonymous- uid":"65534","anonymous- gid":"65534"}]' 10.0.2.0/24
  • 18. File Storage Service Snapshots
  • 19. File Storage Service Snapshot • Snapshots provide a read-only, space efficient, point-in-time backup of a file system • Snapshots are created under the root folder of file system, in a hidden directory named .snapshot • You can take up to 10,000 snapshots per file system • You can restore a file within the snapshot, or an entire snapshot using the cp or rsync command – cp -r .snapshot/snapshot_name/* destination_directory_name • If nothing has changed within the target file system and you take a snapshot, it does not consume any additional storage
  • 20. Summary • OCI File Storage Service provides a fully managed, elastic, durable, distributed, enterprise- grade network file system • FSS supports NFS v3, snapshots and default data-at-rest encryption • FSS is highly scalable (Exabytes) and performant • FSS supports four distinct and separate layers of security with its own authorization entities and methods
  • 21. 21 © 2019 Oracle Oracle Cloud always free tier: oracle.com/cloud/free/ OCI training and certification: https://www.oracle.com/cloud/iaas/training/ https://www.oracle.com/cloud/iaas/training/certification.html education.oracle.com/oracle-certification-path/pFamily_647 OCI hands-on labs: ocitraining.qloudable.com/provider/oracle Oracle learning library videos on YouTube: youtube.com/user/OracleLearning