Risk Compliant Archive Solutions for FSI

Risk Compliant Archive Solutions
for FSI
HPE Apollo-based Systems with Scality Software
Storage and iTernity Software Archive
Technical white paper
Technical white paper
Contents
Executive summary................................................................................................................................................................................................................................................................................................................................ 3
Introduction ................................................................................................................................................................................................................................................................................................................................................... 3
Technology overview ........................................................................................................................................................................................................................................................................................................................... 5
HPE Apollo 4000 Systems ....................................................................................................................................................................................................................................................................................................... 5
Scality RING ............................................................................................................................................................................................................................................................................................................................................6
iTernity iCAS .......................................................................................................................................................................................................................................................................................................................................... 7
Solution design...........................................................................................................................................................................................................................................................................................................................................8
Deployment for Regulatory Compliance ......................................................................................................................................................................................................................................................................8
Pre-deployment considerations ...........................................................................................................................................................................................................................................................................................9
Reference designs ............................................................................................................................................................................................................................................................................................................................9
Licensing and Support.................................................................................................................................................................................................................................................................................................................11
Configuration guidance ....................................................................................................................................................................................................................................................................................................................12
Customization guidelines .........................................................................................................................................................................................................................................................................................................12
Sizing and Capacity considerations ................................................................................................................................................................................................................................................................................12
Multi-geographic considerations ......................................................................................................................................................................................................................................................................................14
Sample Bill of Materials and Ordering information .................................................................................................................................................................................................................................................14
Bill of Materials for RA Servers ............................................................................................................................................................................................................................................................................................14
Rack infrastructure .........................................................................................................................................................................................................................................................................................................................16
Scality Software and Services available from Hewlett Packard Enterprise.................................................................................................................................................................................16
HPE Technology Services .......................................................................................................................................................................................................................................................................................................17
Summary ........................................................................................................................................................................................................................................................................................................................................................17
Resources ......................................................................................................................................................................................................................................................................................................................................................18
Implementing a proof-of-concept ....................................................................................................................................................................................................................................................................................18
Additional information ................................................................................................................................................................................................................................................................................................................18
Technical white paper
Page 3
Executive summary
Government agencies and litigation activity require banks, investment firms, and insurance providers to address an increasing number of risk
management and regulatory challenges. Customer information, internal emails, transaction records, and other business information must be
preserved for years, be easily accessible, and tracked. These data requirements necessitate storage systems that offer immutable storing, logging,
audit trails, and the ability to retrieve specific information promptly. Meanwhile, the volume of data has been rapidly growing, and incorporates
multiple media formats. This requires compliant scalable storage solutions that can span decades of retention periods.
This white paper describes an optimized Reference Architecture (RA) for Risk Compliant Archives, utilizing today’s best-in-class technologies
with guidance on component specifications and deployment. The RA is developed by Hewlett Packard Enterprise system architects, working
closely with Financial Services Industry (FSI) IT professionals and technology partners. The solution is based on Scality RING software-defined
storage, utilizing HPE Apollo 4000 systems and iTernity iCAS software-defined archive technology. The defined solution provides a powerful
long-term, robust, and cost-effective platform for implementing compliant data archives.
Introduction
The FSI faces a myriad of market, technology, and regulatory challenges. The evolution of consumer services drives the need for on-demand
data access with maximum security. New players are offering innovative mobile banking services, placing additional pressure on profit margins.
High-frequency trading drives a technology, “arms race” for fastest performance in connectivity, data access, and computation. Increasing
regulatory oversight requires compliant and robust solutions for cyber security and data archiving.
Technical white paper
Page 4
Data archive management is a key challenge for IT and compliance officers in the FSI sector. Government agencies such as the SEC and
FTC mandate data retention requirements for banks, investment firms, and insurance providers in the U.S., while similar agencies establish and
monitor compliance in developed nations worldwide. The regulations cover a broad span of information, including email, financial transactions,
policies, and public offerings. Retention periods typically range from 7 to 10 years, but can extend into decades. The integrity of the original data
must be preserved, while allowing access to view records. Legal holds and other actions may define special retention policies for targeted subsets
of archived data. Archives need to be quickly accessible for both business operations and legal proceedings solutions. Audit trails of record
access and actions must be captured.
Data growth and complexity has overwhelmed the traditional archival storage typically used by financial institutions. Compliance based on write
once, read many (WORM) disk-based optical solutions can only be achieved with unsustainable cost, complexity, and risk. This has prompted the
adoption of new storage technologies and architectures to build risk compliant data archives.
Object storage and virtualization technologies have rapidly evolved to address the demands of Big Data, cloud/web-based applications and
extreme scale. Object storage can deliver the scale and performance needed for these applications, enable data consolidation, and when
deployed on affordable industry-standard platforms, lower capital, and operating costs. Software-based storage on these servers can deliver
performance that scales linearly. Scalable, object storage allows consolidation of organizational, location, and application silos into a single
scale-out storage environment that maximizes data value.
Software-based storage offers reliability with no maintenance windows needed and greater fault-tolerance as it grows. Traditional storage
requires immediate administrative attention when a single drive fails—this is unacceptable in modern environments with thousands of
higher capacity disks.
Large-scale enterprise storage solutions have to satisfy a broad set of requirements, including: affordable cost per terabyte, scalable small and
large file performance, high degree of data integrity, protection and security, manageability, and an ability to support multiple media formats,
applications and locations. Achieving risk compliance places additional requirements on the archival system and deployment. Compliance
demands capabilities for retention management, WORM data immutability, ease of accessibility, auditing and policy control and security.
With data that may need to be archived for decades, it is critical to implement a solution that can adapt to changing platform technologies and
support on-going evolution of media types.
To meet these requirements, HPE system architects selected Scality RING software and HPE Apollo systems. These technologies are designed
and optimized for enterprise-scale data archives. Compliance software from iTernity provides the functionality to meet the most stringent
regulatory requirements and complement the underlying object-based storage. The resulting solution delivers leadership performance,
scalability, cost-effectiveness, and adaptability while satisfying compliance requirements of data retention and integrity.
Scality RING is a Software-Defined Storage (SDS) solution ideally suited to deliver the scale, access, and performance targeted for the
architecture. Scality provides software that runs on standard x86 servers. The software has all the intelligence, hardware choice and deployment
flexibility to meet customer needs, and can leverage hardware innovation as soon as it’s available. It supports file, object, and OpenStack
protocols, as well as native integration to iTernity iCAS, and can be coupled with storage-attached HPE Apollo servers, delivering storage density
and support for a mix of storage devices (e.g., SSD, SAS, SATA). This combination supports data volume growth over time, and non-disruptive
upgrades of hardware and software.
iTernity Compliant Archive Solution (iCAS) adds the capability to secure and protect business data with reliable features for legally compliant,
certified archiving. iTernity is one of the leading enterprise software companies exclusively focused on managing and protecting enterprise data
and compliance relevant information. Hewlett Packard Enterprise and iTernity have worked together for many years, designing and delivering
advanced archiving and data protection solutions
Cohasset Associates, one of the nation’s foremost consulting firms specializing in records and information management, has completed a
technical assessment of the combined solution, and determined the solution to satisfy the requirements of SEC Rule 17-A4.
The goal of this Reference Architecture is to provide insight into the capabilities of this specific solution, rather than an exhaustive set of
potential designs. This paper illustrates how to implement Scality RING storage with iTernity iCAS on HPE hardware and shows why the solution
is a compelling solution for Risk Compliant Archives. Components and configuration guidelines are based on experience, testing, and internal
benchmarking conducted by Hewlett Packard Enterprise and its technology partners.
Technical white paper
Page 5
Technology overview
The following sections describe the key technologies and components chosen for the reference configuration.
HPE Apollo 4000 Systems
The HPE Apollo 4000 series is a third-generation density-optimized platform, purpose-built to service Big Data analytics and object storage
systems. The power and flexibility of the Apollo 4000 enables a robust object storage solution that scales out linearly as a single protected
system across multiple sites and thousands of servers.
The building blocks of the Apollo 4000 platform are 4U or 2U servers that leverage the modular and efficient Apollo chassis infrastructure to
provide storage density and operating efficiency.
Table 1. HPE Apollo systems deployed in Reference Architecture
HPE APOLLO 4510 GEN9 SERVER
HPE APOLLO 4200 GEN9 LFF SERVER
4U, one-server system
2U, one-server system
Up to 68 hot-plug SAS or SATA HDDs/SSDs with up to 544 terabytes storage capacity
per server and up to 5.44 petabytes of storage per 42U rack
Up to 224 terabytes of direct-attached storage per server and 4.48 petabyte storage
capacity per rack. Supports up to 28 hot-swappable LFF SAS or SATA hard disk drives
(HDDs)/SSDs
The Apollo 4510 offers maximum density and the highest levels of operating efficiency at scale. The HPE Apollo 4200 LFF System is ideal for
smaller object storage implementations (such as email) or for “plug-and-play” integration into traditional enterprise rack-server data centers.
For archives with high portion of large files (e.g., media or SAP® transactional records), the Apollo 4500 may be preferred as it offers a higher
ratio of storage to memory. The HPE Apollo 4200 offers less data loss in the event of a node failure—rebuild time is decreased at the server
level. The Apollo 4200 allows expansion in cost-effective 2U increments.
Both models provide configuration flexibility to optimize for capacity, throughput, and responsiveness:
• Two-processor Intel® Xeon® E5-2600 v3 series processors with choices from 4–16 cores, 1.6 GHz–3.5 GHz CPU speed, and power ratings
between 55–135 watts
• 16 memory DIMM slots with up to 512 GB DDR4 memory at up to 2,133 MHz
• Solid-state disks and high-performance storage controllers to speed data transfer
• Multiple PCIe slots (up to 5 with the Apollo 4200 and up to 4 with the Apollo 4500) with flexible performance and I/O options to match the
variety of analytics workload performance and throughput criteria
Technical white paper
Page 6
The systems are designed to maintain availability and data recovery, and support serviceability.
HPE Smart Array technology innovations include Rapid Rebuild to reduce downtime exposure, improved data retention with Flash Backed Write
Cache (FBWC) and increased data protection with advanced data mirroring. The HPE Smart Array card is capable of Secure Encryption providing
enterprise-class encryption. Secure Encryption is FIPS 140-2 certified and has been verified to have a low impact on IOPS for spinning media, in
addition to being transparent to the operating system. Hot-plug critical components (disk drives, nodes, fans and power) support serviceability
at every level.
The Apollo systems have been selected to serve as “storage nodes” in the RING/iTernity cluster. To support management and connectivity roles,
the HPE ProLiant DL360 Gen9 Server was chosen to minimize rack space requirements for nodes where storage density was not the issue, but
still provide good network bandwidth and compute power. A 4 LFF drive configuration is used in the sample reference configuration, but the
storage on the HPE ProLiant Server is not particularly important to supervisor or connector functionality, outside of providing a reliable mirrored
OS boot drive.
Scality RING
The Scality RING is a Software-Defined Storage (SDS) petabyte-scale data storage solution that is designed to interoperate in the modern
Software Defined Data Center (SDDC). The RING software is designed to create unbounded scale-out storage systems to consolidate and
protect data from multiple applications and workloads, including file, object and OpenStack®-based applications. The RING software provides a
set of intelligent services for data access, data protection, and systems management. The top layer of data access services offers native file,
object, and OpenStack storage interfaces for applications. For the Risk Compliant Reference Architecture, the RING provides native integration to
iTernity software, which in turn connects to over 90 iCAS-certified applications like call center voice recording, records management, email
archiving, and other business and content applications.
Large distributed systems depend on fast and efficient routing of requests among the member nodes. At the heart of the RING storage layer
is a scalable, distributed key-value object store based on CHORD, a second-generation peer-to-peer routing protocol. The protocol is highly
responsive to changes in system topology, such that these changes do not require broadcasting to all nodes, but only to a few relevant nodes.
This enables the protocol to work efficiently in very large clusters. Scality has augmented and patented the basic CHORD protocol to enable
high levels of data durability, high-performance, self-healing, and simplified management.
For data protection, the RING provides customizable availability and failure domains. Customers can configure the data protection policy at the
object level, with replication of up to five copies, or erasure coding to provide as much as 14 9’s of durability with low overhead for larger objects.
Data protection options include geo-redundancy, providing tolerance of multiple disk, server, rack, and even site failures.
The RING’s advanced routing capabilities, configurable data management, and software-defined architecture provide full system availability and
uptime during planned and unplanned events including hardware failures, hardware refreshes, capacity upgrades, and software upgrades.
Managing and monitoring the RING is enabled through a graphical “point-and-click” web portal termed the RING Supervisor, through a scriptable
CLI, and monitoring/alerting from SNMP based consoles. The RING is designed to be self-managing and autonomous, to free your administrators
to work on other value-added tasks.
The RING software is deployed as a distributed system on a minimum cluster of six storage servers. This system can be seamlessly expanded
to thousands of physical storage servers as the need for storage capacity grows. To match performance to the deployed capacity, the RING can
independently scale out the access nodes (connector servers) to meet a customer’s growing application input/output (IO) and throughput
requirements. The underlying physical storage servers can be of any density, ranging from a HPE DL380 Gen9 with a small number of hard disk
drives (HDD) to the Apollo 4510 containing a combination of up to 68 HDDs and Solid State Disks (SSDs). A view of the architecture is presented
in figure 1.
Technical white paper
Page 7
Figure 1. Risk Compliant Archive Architecture
iTernity iCAS
The iTernity iCAS solution provides WORM functionality, protection against silent data corruption and long-term data integrity. With the
patented and certified Content Storage Container (CSC) technology, the archive data is bundled with the corresponding metadata in special
archive containers. The metadata captures relevant index data, creation date, and retention date. These can be saved to any data medium and
still remain verifiable. iCAS enables continual data monitoring and with its self-healing functionality, it can ensure the long-term readability and
integrity of the data and also repair damaged objects. The system thus offers unique protection mechanisms to ensure that the data is valid and
legible as well as being available for long term. These are secured against manipulation and unauthorized deletion.
iCAS supports synchronous replication of archive data onto two storage targets or data centers, supporting multi-site deployment. The flexibility
and openness of iCAS on the combined HPE Apollo and Scality platform also provides the advantage of using existing or newly acquired storage
capacity more efficiently.
Federally mandated retention periods can be managed flexibly with iCAS for each container. Deletion is not possible before the retention period
has expired. iCAS enables permanent data monitoring. With its self-healing functionality, damaged files can be repaired and long-term data
integrity ensured. Conformity with respective regulations—such as the Sarbanes-Oxley Act (SOX), the United States Securities and Exchange
Commission (SEC) 17a-4(f), Basel II, etc., can be achieved. Included AES-256 algorithms based encryption provides additional data security
especially needed in financial services.
Retention times required by law are managed flexibly by iCAS. Files that have reached the retention date and are not on legal hold can be
securely deleted. All access to the iTernity server is recorded, so that the complete history for every CSC container can be recalled.
1
88% of FSI customers report existence of records and information management program (RIM), while only 17% have a mature RIM strategy, Information Governance
Benchmarking Survey by Cohasset Associates.
Technical white paper
Page 8
Solution design
The recommended configuration for the joint solution is based on requirements for Risk Compliant Archives and storage scale.
Deployment for Regulatory Compliance
Compliance with regulatory and other legal requirements is the paramount concern for the Risk Compliant Archive. The risks and penalties
associated with failure to implement compliance policies are severe. The solution needs to deliver data integrity and redundancy with features
such as failover, fault tolerance, and self-healing mechanisms.
Software risk compliance configuration options
iCAS adds risk compliant capabilities to the Scality-based software storage system. iCAS fulfills various compliance regulations (e.g., storage
related requirements of SEC rule 17a-4). In this integrated solution, iCAS leverages the software-managed high availability of Scality to ensure
risk tolerance and recovery for the archived CSC (container) data. In addition, redundancy for the iCAS server layer can be implemented,
whether the server resides on a dedicated physical server or deployed as a virtual machine.
Scality RING is designed to manage a wide range of component failures involving disk drives, servers, and network connections within a single
data center or across multiple data centers. To optimize data durability in a distributed system, the RING employs local replication to store
multiple copies of an object within the RING. The RING will spread these replicas across multiple storage servers, and across multiple disk drivers
in order to separate them in case of failures. The RING supports six Class of Service (CoS) levels for replication, enabling the system to maintain
up to 5 replicas.
Scality’s advanced resiliency configuration (ARC) provides an alternative data protection mechanism to replication that is optimized for
large objects and files. This configuration mode reduces the number of copies required to enable full reconstruction; it also avoids unnecessary
information duplication.
Scality RING provides self-healing operations to resolve component failures automatically including the ability to rebuild missing data chunks due
to disk drive or server failures and the ability to rebalance data when nodes leave or join the RING. In the event that a disk drive or even a full
server failure, background rebuild operations are spawned to restore the missing object data from its surviving replicas or ARC segments.
Technical white paper
Page 9
Hardware risk compliance configuration options
The Scality software provides very high degree of high availability and data recovery. The underlying hardware ensures rapid recovery from
failure and serviceability to ensure sustained performance and usable capacity for the archive. Hot-plug critical components (disk drives, nodes,
fans, and power) support serviceability at every level.
Systems can be controlled from the simple GUI via HPE Insight Cluster Management Utility (CMU) or CLI via IPMI through HPE iLO to simplify
server monitoring, manage fault tolerance, and warn you in advance of possible drive failures.
In addition to the benefits of using the HPE platform as listed earlier, all Apollo 4000 configurations include an HPE Smart Array card capable of
Secure Encryption providing enterprise-class encryption. Secure Encryption is FIPS 140-2 certified and has been verified to have a low impact on
IOPS for spinning media, in addition to being transparent to the operating system. This means data for any drive on the server can be encrypted,
providing the user used Gen9 Secure encryption controller, giving much more flexibility than encryption on drive solutions while at the same time
reducing the cost. Keys can be managed either locally on the server or via an enterprise key management system.
Pre-deployment considerations
Solution design will be driven by customer requirements. Initial raw data capacity can be estimated based on amount of archive data, the mix of
file size expected, Class of Service with regard to replication. System design should enable expandability for archive data growth. Standard
1GbE/10GbE networks should accommodate throughput within the Archive and connectivity to users, but additional connections can be added.
Site-specific power constraints should be verified.
Multi-Geographic deployment
To enable site-level disaster recovery solutions, the RING can be deployed across multiple sites. Two deployment options are offered by Scality,
the first which makes use of a single logical RING deployed across multiple sites (“stretched RING”), and the second deployment option is for
independent RINGs, each within its own data center, with asynchronous mirroring employed to maintain synchronization between the RINGs.
The base Reference Architecture assumes a single site implementation. For multi-site implementation, see the discussion below on
“Customization Guidelines”.
Reference designs
Server node descriptions and roles
A complete solution includes the following three server roles:
• Storage servers—Dedicated to write, read, store, and data preservation operations. These servers interface with and manage the system’s
interaction with physical storage devices. The recommended deployment for systems that have both HDD and SSD media on the storage
nodes is to deploy the archive data on HDD, and the associated metadata on SSD.
• Connector servers—Individually installable RING processes serving as translators that receive data requests from application servers and
coordinate access to the RING. These processes run on a separate physical server or as a virtual machine. This reference architecture focuses
on iCAS connectors, as iCAS is the gatekeeper to the archive. The iCAS server provides all the functionality provided in the software, ingesting
data from applications, establishing containers for the archive data, and then handing off the data to the Scality RING. The iCAS server also
supports iCAS administrator function, with a GUI for management.
• Supervisor server—Runs on a separate server that provides central administration and statistics gathering for the storage platform. Failure of
the supervisor does not impact the cluster’s ability to service requests.
Large-scale archive implementation
As noted earlier, for large-scale archives, the base recommendation is to use HPE Apollo 4510 systems as the storage servers. Each 4U server
can support over 500 TB of data storage; a rack of 10 systems can hold over 5 Petabytes of data. For the Risk Archive, the design goal is to
configure a solution capable of supporting up to approximately 4 PB of usable data. With a conservative 60 percent "net/raw storage" factor,
twelve Apollo 4510s provide the necessary capacity. Customers may begin with smaller capacity, such as 1 PB, populating the servers with fewer
drives, and expand over time. The most efficient replication and encryption is achieved with 12 servers and disk arrays in increments of 12. The
sample BOMs for the Apollo 4510 provided in this paper provide 192 TB (24 disks x 8 TB) data storage per server, to deliver a total of 1.4 PB net
archive capacity (2.3 PB x 0.6) across twelve storage servers. In addition, SSDs are provided to support up to 800 GB of metadata per server.
This large-scale example implementation is illustrated in figure 2.
Technical white paper
Page 10
Figure 2. Example of large-scale implementation for Risk Archive
Applications and users communicate directly to iTernity, which acts as a gatekeeper to the Archive. The iCAS server is accessible via different
interfaces: In addition to the easy-to-integrate Web Service API Interface, iCAS provides a file system interface iTernity File System Gateway
(iFSG). iFSG enables WORM functionality without the need of integrating into the ISVs’ program code.
The iCAS server directly communicates via a load balancer to the connector servers. A 10GbE network is recommended. The Scality Archive is
maintained on the storage servers, with a cluster 10GbE backbone providing connectivity between the connectors and the storage servers.
Peak arrival rate, read/write ratios and the median file size are factors that influence the number of connector servers. Two connector servers
should be sufficient for most deployments, and maintains service in event of server failure. Based on customer-specific throughput requirements,
the number of connectors can be adjusted.
The DL360 Gen9 is a low-cost, 1U server platform that is a perfect fit for the compute and memory requirements of the Scality manager and
connector servers.
Administrative functions and system management are hosted on the supervisor server, connected to each of the Archive systems.
Medium-scale archive implementation
The same design is utilized at medium-scale, with the HPE Apollo 4200 Gen9 servers utilized as storage nodes. For this case, twelve servers
will support a maximum of 2.7 PB of raw storage (24+4 x 8 TB HDD drives per server). The BOMs for the Apollo 4200 are designed to allow
gradual expansion to that maximum. Each storage server has been configured with 96 TB of data storage capacity (12 x 8 TB drives). In an
optimal design of 12 storage servers, this would provide 0.7 PB of net archive capacity, with a conservative 60 percent net to raw storage
assumption. 800 GB of SSD capacity is included for metadata. The networking infrastructure is the same, and two connector servers are
deployed as in the large-scale archive.
Technical white paper
Page 11
Licensing and Support
At the operating system level, community-supported CentOS 6.5 is used in this document. Other versions of Linux® are also supported including
Red Hat® Enterprise Linux, Ubuntu, and Debian. HPE support is available for Red Hat as well as some community distributions.
Sites may want to consider HPE system tools, such as HPE Advanced Integrated Lights-Out (iLO), and HPE Insight Cluster Management Utility
(CMU) for server deployment and monitoring.
This RA is based on Scality version 5.1.4 and iTernity iCAS 3.7 SP5. Scality software is licensed per usable capacity of the planned amount of
protected data. Replication and protection via erasure coding does not increase the licensing required; only the true usable capacity is counted.
Scality software and support are available directly from Hewlett Packard Enterprise, with services directly delivered by Scality.
The iCAS license model is based on a node license per each node iCAS is running on, combined with a volume license for the data volume
that must be archived. The demand can be adjusted to the actual needs. The hardware independence of iCAS enables sustained use of the
archive license. Hardware replacement requires no renewed licensing. Data replication does not require additional licensing. For safety reasons,
company internal audit rules often require duplication of one or more sites. Replication of data doesn’t double license cost—only the net
volume is licensed.
Technical white paper
Page 12
Configuration guidance
The implementations described in the earlier section are examples of specific Risk Archive solutions, and should be reviewed and tuned to fit
customer environment and requirements.
Customization guidelines
• The minimum cluster size is six physical storage servers. If the storage environment is smaller than 200 TB of unique data with no immediate
plans for growth, a more traditional approach should be considered.
• Scality erasure coding (Scality ARC) should be designed in such a way that failure of a single node does not compromise the original
availability strategy. For example, the ARC (8, 4) choice outlined above is not the best choice for a minimal environment consisting of six
storage servers. In that scenario, there would be a total of 12 data chunks and only six storage servers. Failure of a single storage server would
therefore cause the loss of two data chunks, invalidating the plan to support the complete loss of four physical servers. This drives the
recommendation to deploy 12 servers.
Sizing and Capacity considerations
When working with Hewlett Packard Enterprise to design the most efficient hardware configuration, the following information will be used:
• Fill ratio—The percentage of the available disk capacity that will be available for object storage. Overhead should be reserved to support the
planned amount of server failures; 80 percent is the typical starting point.
• Class of Service (n)—How many times will replicated objects be copied across the cluster?
• ARC schema and ratio—How many data chunks and parity chunks should be created from each erasure-coded object? What percentage of
the total number of objects will use erasure coding? What percentage of the total capacity of the object will use erasure coding?
• Average object size—What is the mean average size in KB of the objects to be stored in the archive?
• Cache—A disk write cache is optional, but it improves performance considerably by reordering requests on disks; this cache could simply
be a SATA controller with a cache. To reduce costs, you can forego the cache, but doing so can significantly impact performance, depending
on the workload.
Technical white paper
Page 13
Compute and memory
This solution is not CPU intensive and additional scrutiny beyond choosing current-generation HPE Apollo server models is generally not
required. Advanced configurations should be further qualified.
The required amount of memory (RAM) is actually related to the number of objects and their average size. Configurations with a greater number
of smaller files will require more RAM per storage server. The configurations developed for the BOMs developed for this document assumed a
high portion of small files in the archive (85 percent). Based on that, each storage server includes 128 GB of memory.
Choosing disks
Depending on the use case, performance requirements might take priority over capacity and efficiency. Aggregate throughput of the drives
across all of the storage servers should be considered during any sizing process.
Object storage requirements tend to be primarily driven by capacity, so you should consider required capacity first. Replica count and
erasure coding create the largest impact between raw and real capacities. The erasure coding schema described in this document translates
to a 50 percent overhead for data protection. Environments relying more heavily on object replication might see levels nearing 200 percent
overhead for storing three copies of each unique object.
Choose the type and mix of drives to meet requirements—balanced based on price and performance sensitivity—and whether SSDs will be used
for metadata. Extrapolate from performance results vs. the business use case to help with this selection. HPE drive qualification helps maintain
homogeneity, as drives of the same class and capacity are tuned to have similar performance characteristics, regardless of vendor.
Some other things to remember about disk performance:
• Replica count and erasure coding require multiple media writes for each object PUT.
• With a single 10GbE port, the bandwidth bottleneck is at the port, rather than at the controller/drive; the controller is optimally capable of
about 3 GB/sec, while the effective peak node bandwidth on a 10GbE link is in the 900 MB–1 GB/sec range, out of a theoretical 1.25 GB
maximum load.
• The RING architecture is designed to address parallel workloads. Connector nodes should be scaled appropriately so you do not overload
the backend disk configuration.
• Solid State Disks (SSDs) can be used for metadata storage, object storage, and indexing of keys on the local SATA disks.
Allocating disks to storage servers
Choose the server that fits the needs of your specific use case. For the storage servers, this document presents choices using the HPE Apollo
4510 Server and Apollo 4200 Server. For the BOMs, storage for the archive was specified in multiples of 12, to optimize RING storage efficiency
(net to raw storage). To allow for expansion to maximum data capacity and preserve investment, 8 TB disks are used. Smaller disks can be used
if it is anticipated that the deployment will not reach the maximum levels of archive size.
Choosing a network infrastructure
Consider the desired bandwidth of the storage calculated above, the overhead of replication traffic, and the network configuration of the data
network (number of ports/total bandwidth). Details of traffic segmentation, load balancer configuration, VLAN setup, and/or other networking
configuration/best practices are completely use-case specific and outside the scope of this document.
Typical configuration choices for data traffic include one to two 1GbE or 10GbE networks, as shown in the base case implementations. InfiniBand
is also supported, but it is less common than 1GbE and 10GbE.
Planning for connector installation
In this reference architecture, the HTTP/REST connectors are installed locally to the storage servers. This approach is by design with an object
storage use case in mind, and the configuration scales linearly as nodes are added to the environment.
For optimal performance to support high-client count and bandwidth, connectors can be deployed on dedicated servers.
Technical white paper
Page 14
Multi-geographic considerations
This paper highlights a single RING stretched across three failure domains. Depending on your business and user requirements, you can choose
from the following options:
• One site and one RING (a simple configuration)
• Two sites with one RING configured to tolerate the loss of one site
• Three sites with one RING configured to tolerate the loss of one or two sites, as this is treated as a configuration parameter
In addition, multiple RINGs can be configured for a disaster recovery scenario using file or object data copy mechanisms operating between
the RINGs. Hewlett Packard Enterprise and Scality can assist with designing such disaster tolerant implementations.
Sample Bill of Materials and Ordering information
Bill of Materials for RA Servers
The Bill of Materials (BOMs) below were developed for servers to be used in deploying the Risk Archive Solution described in this paper. For
each implementation, deploy one Supervisory Server, two Connector Servers, and twelve storage servers. Select either the Apollo 4510 server or
the Apollo 4200 as the storage server, based on anticipated storage size requirements, as discussed earlier. A goal of the configurations was
investment protection, balancing optimal performance while allowing for expansion utilizing installed components.
Supervisory Server BOM
QUANTITY
PRODUCT
DESCRIPTION
1
755259-B21
HPE DL360p Gen9 4-Gen9 CTO Server
1
755384-L21
HPE DL360 Gen9 Intel Xeon E5-2630v3 FIO Processor Kit
2
726719-B21
HPE 16GB (1x16GB) Dual Rank x4 DDR4-2133 CAS-15-15-15 Kit
1
665243-B21
HPE Ethernet 10Gb 2P 560FLR-SFP+ Adptr
1
749976-B21
HPE H240ar 12Gb 2-ports Int FIO Smart Host Bus Adapter
1
766211-B21
HPE DL360 Gen9 P440ar/H240ar SAS Cbl
2
657750-B21
HPE 1TB 6G SATA 7.2K rpm Gen9 (3.5-inch) SC Midline 1yr Warranty Hard Drive
2
720478-B21
HPE 500W Flex Slot Platinum Hot Plug Power Supply Kit
1
789388-B21
HPE 1U Gen9 Easy Install Rail Kit
1
859080-B21
HPE Apollo 4000 Risk Compliant Archive Solution
Connector Server BOM
QUANTITY
PRODUCT
DESCRIPTION
1
755259-B21
HPE DL360p Gen9 4-Gen9 CTO Server
1
755384-L21
HPE DL360 Gen9 Intel Xeon E5-2630v3 FIO Processor Kit
1
755384-B21
HPE DL360 Gen9 Intel Xeon E5-2630v3 Processor Kit
2
726719-B21
HPE 16GB (1x16GB) Dual Rank x4 DDR4-2133 CAS-15-15-15 Kit
1
665243-B21
HPE Ethernet 10Gb 2P 560FLR-SFP+ Adptr
1
749976-B21
HPE H240ar 12Gb 2-ports Int FIO Smart Host Bus Adapter
1
766211-B21
HPE DL360 Gen9 P440ar/H240ar SAS Cbl
2
657750-B21
HPE 1TB 6G SATA 7.2K rpm Gen9 (3.5-inch) SC Midline 1yr Warranty Hard Drive
2
720478-B21
HPE 500W Flex Slot Platinum Hot Plug Power Supply Kit
1
789388-B21
HPE 1U Gen9 Easy Install Rail Kit
Technical white paper
Page 15
Apollo 4510 Storage Server BOM
QUANTITY
PRODUCT
DESCRIPTION
1
799581-B21
HPE Apollo 4510 Gen9 CTO Chassis
1
799377-B21
HPE XL4510 8HDD Cage Kit
1
786593-B21
HPE ProLiant XL450 Gen9 Configure-to-order Server Node for Apollo 4510 Chassis
1
783901-L21
HPE Apollo 450 Gen9 E5-2630v3 FIO Kit
1
783901-B21
HPE Apollo 450 Gen9 E5-2630v3 Kit
8
726719-B21
HPE 16GB 2Rx4 PC4-2133P-R Kit
1
665243-B21
HPE Ethernet 10Gb 2P 560FLR-SFP+ Adptr
1
761878-B21
HPE H244br FIO Smart HBA
2
726821-B21
HPE Smart Array P440/4G Controller
1
808967-B21
HPE Apollo 4510 P440 x2/P840 Cable Kit
2
655710-B21
HPE 1TB 6G SATA 7.2k 2.5in SC MDL HDD
1
797291-B21
HPE 800GB 12G SAS ME Gen9 3.5-in LP Enterprise Midline 3yr Wty SSD
24
805334-B21
HPE 8TB 6G SATA 7.2K rpm LFF Low Profile Midline 1yr Warranty
3
720479-B21
HPE 800W Common Slot Platinum Plus Hot Plug Power Supply Kit
1
681254-B21
HPE 4.3U Rail Kit
Apollo 4200 Storage Server BOM
QUANTITY
PRODUCT
DESCRIPTION
1
808027-B21
HPE Apollo 4200 Gen9 24LFF CTO Svr
1
806563-B21
HPE Apollo 4200 Gen9 LFF Rear HDD Cage Kit
1
803306-L21
HPE Apollo 4200 Gen9 Intel Xeon E5-2630v3 FIO Processor
1
803306-B21
HPE Apollo 4200 Gen9 Intel Xeon E5-2630v3 Processor Kit
8
726719-B21
HPE 16GB 2Rx4 PC4-2133P-R Kit
1
665243-B21
HPE Ethernet 10Gb 2P 560FLR-SFP+ Adptr
1
813546-B21
HPE SAS Controller Mode for Rear Storage
2
797273-B21
HPE 2TB 6G SATA 7.2K rpm LFF Low Profile Midline 1yr Warranty HDD
1
797291-B21
HPE 800GB 12G SAS VE LFF 3.5-in LPC Enterprise 3 yr warranty SSD
12
805334-B21
HPE 8TB 6G SATA 7.2K rpm LFF Low Profile Midline 1yr Warranty
1
806565-B21
HPE Apollo 4200 Gen9 IM Card Kit
1
806562-B21
HPE Apollo 4200 Gen9 Redundant Fan Kit
2
720479-B21
HPE 800W FS Plat Ht Plg Pwr Supply Kit
1
822731-B21
HPE 2U Shelf-Mount Adjustable Rail Kit
Technical white paper
Page 16
Rack infrastructure
Hewlett Packard Enterprise has several models of racks available, offering sites a choice based on anticipated load and features such as
embedded intelligence, cooling, and cable management. For the risk archive solution, HPE Enterprise Series Racks may be the optimal choice.
These racks offer innovative intelligence capabilities for asset management, unparalleled structural integrity, cooling, power, and cable
management advances, while supporting a wide choice of IT power and management options. Shock-pallet rack models that allow shipment of
fully configured racks directly to your data center for immediate deployment. The 1200mm racks offer additional room at the back to simplify
cabling and airflow, and provide the depth needed for the HPE Apollo 4510 systems.2 The Advanced Series Racks are also available, and mostly
suited for light loads.
In addition to the standard width 600mm racks, an 800mm wide rack is available. These racks provide additional space between the racking area
and side panels for cable and airflow management.
PRODUCT
DESCRIPTION
BW908A
HPE 42U 600mm x 1200mm Enterprise Shock Rack
BW914A
HPE 47U 600mm x 1200mm Enterprise Shock Rack
BW920A
HPE 42U 800mm x 1200mm Enterprise Shock Rack
Scality Software and Services available from Hewlett Packard Enterprise
Note that Scality software is licensed per usable capacity of the planned amount of protected data.
PRODUCT
DESCRIPTION
SCALITY RING LICENSES INCLUDING CONNECTORS (EXCEPT EMAIL)
P8Y89AAE
Scality RING Single Site Perpetual License (per TB) from 200TB E-LTU for HPE ProLiant Svrs
P8Y90AAE
Scality RING Single Site Hardware Lifetime License (per TB) from 200TB E-LTU for HPE ProLiant Svrs
P8Y91AAE
Scality RING Geo Perpetual License (per TB) from 200TB E-LTU for HPE ProLiant Svrs
P8Y92AAE
Scality RING Geo Hardware Lifetime License (per TB) from 200TB E-LTU for HPE ProLiant Svrs
SCALITY RING CONNECTORS & SOLUTIONS
P8Y93AAE
Scality RING Connector for Email App (per TB) from 200TB up to 1000TB E-LTU
SCALITY RING PROFESSIONAL SERVICES
P8Y94AAE
Scality RING Engineer Professional Services (per Day) E-LTU
P8Y95AAE
Scality RING Installation Package (up to 3 Geographical Sites) E-LTU
P8Y96AAE
Scality RING Capacity Expansion Professional Services per TB of Usable Capacity Expansion E-LTU
P8Y97AAE
Scality RING Paid POC 5-10 Days Scality Engineer on Site E-LTU
P8Y98AAE
Scality RING Advanced 3-day Operation Training with Scality Engineer E-LTU
P8Y99AAE
Scality RING Certification Course (base) per Person E-LTU
SCALITY RING DEDICATED CARE SERVICE (DCS)
P8Z00AAE
2
Scality RING Dedicated Care Service—Yearly Fee E-LTU
For IT sites requiring standard depth, the Apollo 4200 platform can be deployed with the 1075mm Enterprise Racks.
Technical white paper
Page 17
HPE Technology Services
HPE Technology Services helps to deliver confidence, reduce risk, and help to realize agility and stability for the HPE Trade and Match/Risk
Compliance offering. We have the support that will meet your IT and business needs. HPE Foundation Care will help support your server if
there is ever a problem. For a higher level of support, HPE Proactive Care will help prevent issues from occurring and give you an enhanced
call experience is there is an issue. For more information, go to hpe.com/services.
Summary
In all industries and markets, regulatory bodies have increased controls and penalties including high fines and legal action. Compliant data
archiving is required to counter the tremendous business risk of non-compliance. Scality running on HPE ProLiant and HPE Apollo hardware
combines object storage software and industry-standard servers to provide low cost, reliable, flexible, centralized management that businesses
need for large scale unstructured data. The addition of iTernity storage archive software provides the functionality needed to leverage the
Scality-HPE platform to address the most demanding Risk Compliance challenges.
The reference architecture and designs developed for this joint solution enable customers, working with experts from Hewlett Packard Enterprise
and its partners, to develop optimal, customer-specific Risk Archive implementations. The components of the solution are optimized for
enterprise use cases, and have been qualified together, enabling confident and smooth deployment.
Technical white paper
Resources
Implementing a proof-of-concept
As a matter of best practice for all deployments, Hewlett Packard Enterprise recommends implementing a proof-of-concept using a
test environment that matches as closely as possible to the planned production environment. In this way, appropriate performance and
scalability characterizations can be obtained. For help with a proof-of-concept, contact an HPE Services representative
(hpe.com/us/en/services/consulting.html) or your HPE partner
Additional information
• Contact your local HPE representative for questions about HPE hardware for Scality object storage solution and/or iTernity iCAS storage
archives. Online information regarding the Apollo family is also available at hpe.com/us/en/servers/apollo.html.
• Documents for HPE Scality object storage solutions on industry-standard servers are at hpe.com/info/hpc-bigdata-industrysolutions.
Information includes technical white papers providing additional information on Scality RING implementations on HPE Apollo platforms
• HPE Secure Encryption at hpe.com/servers/secureencryption
• HPE Integrated Lights Out at hpe.com/info/ilo
Learn more at
hpe.com/servers/fsi-solutions
Sign up for updates
Rate this document
© Copyright 2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice.
The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying
such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall
not be liable for technical or editorial errors or omissions contained herein.
Intel Xeon and Intel Logo are trademarks of Intel Corporation in the U.S. and other countries. Red Hat is a registered trademark of Red
Hat, Inc. in the United States and other countries. SAP is the trademark or registered trademark of SAP SE in Germany and in several
other countries. The OpenStack Word Mark is either a registered trademark/service mark or trademark/service mark of the OpenStack
Foundation, in the United States and other countries and is used with the OpenStack Foundation’s permission. We are not affiliated with,
endorsed or sponsored by the OpenStack Foundation, or the OpenStack community. Pivotal and Cloud Foundry are trademarks and/or
registered trademarks of Pivotal Software, Inc. in the United States and/or other countries. Linux is the registered trademark of Linus
Torvalds in the U.S. and other countries.
4AA6-4128ENW, April 2016, Rev. 1
Download PDF
Similar pages