News & Event​

(November 24) Lamassu: Storage-Efficient Host-Side Encryption

Subject

Lamassu: Storage-Efficient Host-Side Encryption

Date

14:00~15:00, Tuesday, November 24, 2015

Speaker

Won So (NetApp Inc.)

Place

N1, Room #102

Overview:

Many storage customers are adopting encryption solutions to protect critical data. Most existing encryption solutions sit in, or near, the application that is the source of critical data, upstream of the primary storage system. Placing encryption near the source ensures that data remains encrypted throughout the storage stack, making it easier to use untrusted storage, such as public clouds.

Unfortunately, such a strategy also prevents downstream storage systems from applying content-based features, such as deduplication, to the data. In this paper, we present Lamassu, an encryption solution that uses block-oriented, host-based, convergent encryption to secure data, while preserving storage-based data deduplication. Unlike past convergent encryption systems, which typically store encryption metadata in a dedicated store, our system transparently inserts its metadata into each file’s data stream. This allows us to add Lamassu to an application stack without modifying either the client application or the storage controller.

 

In this paper, we lay out the architecture and security model used in our system, and present a new model for maintaining metadata consistency and data integrity in a convergent encryption environment. We also evaluate its storage efficiency and I/O performance by using a variety of microbenchmarks, showing that Lamassu provides excellent storage efficiency, while achieving I/O throughput on par with similar conventional encryption systems.

Profile:

Won So is a member of technical staff in the Advanced Technology Group (ATG) at NetApp. He completed his Ph.D. in Computer Engineering at North Carolina State University with concentration in processor architectures and software optimization techniques for embedded systems. Prior to joining NetApp, Won worked at Cisco Systems, where he developed the data plane software for ASR9000 routers and conducted research on router and caching system designs for Named Data Networking. His research interests include massively parallel processor architectures, next-generation memory and storage technologies, software optimization for high-performance networked systems, and data center system and network architectures.