We spend so much time talking about the governance features of enStratus that we often fail to talk about some of the simple operational advantages that enStratus provides. Perhaps the most overlooked operational feature in enStratus is the ability to automatically attach, format, and mount RAID volumes through the enStratus console with the option to have those volumes automatically encrypted.
When you launch an instance in enStratus in the Amazon cloud or any other cloud with an EBS-like concept, enStratus includes a tab that lets you define volumes to be created and attached upon launch. In defining those volumes, you can indicate that you would like to arrange multiple volumes into a RAID and optionally encrypt the file system built on the mounted volume. enStratus takes care of provisioning the block volumes, attaching them to the launched instances, constructing the RAID (if desired), encrypting the file system (if desired), formatting the file system, and mounting the volume(s).
You can customize the software RAID and file system encryption by extending the enStratus scripts on your machine image. By default, we use mdadm to handle software RAID and luks for file system encryption on Unix. We don’t currently provide default options on Windows, but you can extend the scripts to use whatever software RAID and encryption you’d like.
Configuring the RAID and encryption is just part of the story. enStratus manages your encryption keys and takes care of making consistent volume snapshots across your RAID.
On the encryption front, enStratus will generate a unique encryption key to use for encrypting your file system based on the number of bits required by the encryption system you are using. The key is then stored securely outside of the cloud in our credential management system. It only makes brief, well-orchestrated appearances in the cloud when your volumes need to be mounted.
enStratus tracks which volumes/RAID arrays were encrypted with which keys. It can therefore make snapshots of the encrypted volumes, create new volumes, and attach the new volumes automatically to other instances without you having to remember which volumes were encrypted with which keys. All you need are the proper access rights to the instance and volumes in question.
Finally, when it comes time to make backups of a RAID, enStratus enables you to snapshot all volumes attached to a given virtual machine together. In the Servers screen, you can elect to snapshot the server. enStratus will tell then agent on that server to lock all services running on it, lock its file systems, and then enStratus will execute a snapshot of all volumes. The resulting snapshots enable you to reconstruct the RAID in a consistent fashion at a later date.
Best Practice: The only reason to use RAID in the cloud is to get a performance boost in your disk I/O. You should thus only ever use RAID0. Other RAID levels are useless in the cloud. They provide greater resiliency over a RAID0, but erase all speed benefits.
Hey,
Loving your blog, awesome tips on this you have here. I would just like to ask you some questions privately, mind contacting me at
sales@logoforcompany.com
Posted by: company logo design | 08/18/2010 at 05:04 AM
Thanks for taking the time to chat about this, I feel fervently about this and I benefit from learning about this subject. Please, as you gain information, please add to this blog with more information. I have found it really useful.
Posted by: Retro Jordans | 08/17/2010 at 05:30 PM
Regardless, if we're conscious of it, visiting our imagination, or in reflection, existence can only be lived in the present.
Posted by: ffxiv gil | 08/09/2010 at 07:20 PM