Separating data from metadata for robustness and scalability

textWhen building storage systems that aim to simultaneously provide robustness, scalability, and efficiency, one faces a fundamental tension, as higher robustness typically incurs higher costs and thus hurts both efficiency and scalability. My research shows that an approach to storage system design based on a simple principle—separating data from metadata—can yield systems that address elegantly and effectively that tension in a variety of settings. One observation motivates our approach: much of the cost paid by many strong protection techniques is incurred to detect errors. This observation suggests an opportunity: if we can build a low-cost oracle to detect errors and identify correct data, it may be possible to reduce the cost of protection without weakening its guarantees. This dissertation shows that metadata, if carefully designed, can serve as such an oracle and help a storage system protect its data with minimal cost. This dissertation shows how to effectively apply this idea in three very different systems: Gnothi—a storage replication protocol that combines the high availability of asynchronous replication and the low cost of synchronous replication for a small-scale block storage; Salus—a large-scale block storage with unprecedented guarantees in terms of consistency, availability, and durability in the face of a wide range of server failures; and Exalt—a tool to emulate a large storage system with 100 times fewer machines.Computer Science

Memory Subsystems for Security, Consistency, and Scalability

In response to the continuous demand for the ability to process ever larger datasets, as well as discoveries in next-generation memory technologies, researchers have been vigorously studying memory-driven computing architectures that shall allow data-intensive applications to access enormous amounts of pooled non-volatile memory. As applications continue to interact with increasing amounts of components and datasets, existing systems struggle to eÿciently enforce the principle of least privilege for security. While non-volatile memory can retain data even after a power loss and allow for large main memory capacity, programmers have to bear the burdens of maintaining the consistency of program memory for fault tolerance as well as handling huge datasets with traditional yet expensive memory management interfaces for scalability. Today’s computer systems have become too sophisticated for existing memory subsystems to handle many design requirements. In this dissertation, we introduce three memory subsystems to address challenges in terms of security, consistency, and scalability. Specifcally, we propose SMVs to provide threads with fne-grained control over access privileges for a partially shared address space for security, NVthreads to allow programmers to easily leverage nonvolatile memory with automatic persistence for consistency, and PetaMem to enable memory-centric applications to freely access memory beyond the traditional process boundary with support for memory isolation and crash recovery for security, consistency, and scalability

Towards Deadline Guaranteed Cloud Storage Services

More and more organizations move their data and workload to commercial cloud storage systems. However, the multiplexing and sharing of the resources in a cloud storage system present unpredictable data access latency to tenants, which may make online data-intensive applications unable to satisfy their deadline requirements. Thus, it is important for cloud storage systems to provide deadline guaranteed services. In this paper, to meet a current form of service level objective (SLO) that constrains the percentage of each tenant\u27s data access requests failing to meet its required deadline below a given threshold, we build a mathematical model to derive the upper bound of acceptable request arrival rate on each server. We then propose a Deadline Guaranteed storage service (called DGCloud) that incorporates three algorithms. Its deadline-aware load balancing scheme redirects requests and creates replicas to release the excess load of each server beyond the derived upper bound. Its workload consolidation algorithm tries to maximally reduce servers while still satisfying the SLO to maximize the resource utilization. Its data placement optimization algorithm re-schedules the data placement to minimize the transmission cost of data replication. Our trace-driven experiments in simulation and Amazon EC2 show the higher performance of DGCloud compared with previous methods in terms of deadline guarantees and system resource utilization, and the effectiveness of its individual algorithms

Securing Cloud File Systems using Shielded Execution

Cloud file systems offer organizations a scalable and reliable file storage solution. However, cloud file systems have become prime targets for adversaries, and traditional designs are not equipped to protect organizations against the myriad of attacks that may be initiated by a malicious cloud provider, co-tenant, or end-client. Recently proposed designs leveraging cryptographic techniques and trusted execution environments (TEEs) still force organizations to make undesirable trade-offs, consequently leading to either security, functional, or performance limitations. In this paper, we introduce TFS, a cloud file system that leverages the security capabilities provided by TEEs to bootstrap new security protocols that meet real-world security, functional, and performance requirements. Through extensive security and performance analyses, we show that TFS can ensure stronger security guarantees while still providing practical utility and performance w.r.t. state-of-the-art systems; compared to the widely-used NFS, TFS achieves up to 2.1X speedups across micro-benchmarks and incurs <1X overhead for most macro-benchmark workloads. TFS demonstrates that organizations need not sacrifice file system security to embrace the functional and performance advantages of outsourcing

Assise: Performance and Availability via NVM Colocation in a Distributed File System

The adoption of very low latency persistent memory modules (PMMs) upends the long-established model of disaggregated file system access. Instead, by colocating computation and PMM storage, we can provide applications much higher I/O performance, sub-second application failover, and strong consistency. To demonstrate this, we built the Assise distributed file system, based on a persistent, replicated coherence protocol for managing a set of server-colocated PMMs as a fast, crash-recoverable cache between applications and slower disaggregated storage, such as SSDs. Unlike disaggregated file systems, Assise maximizes locality for all file IO by carrying out IO on colocated PMM whenever possible and minimizes coherence overhead by maintaining consistency at IO operation granularity, rather than at fixed block sizes. We compare Assise to Ceph/Bluestore, NFS, and Octopus on a cluster with Intel Optane DC PMMs and SSDs for common cloud applications and benchmarks, such as LevelDB, Postfix, and FileBench. We find that Assise improves write latency up to 22x, throughput up to 56x, fail-over time up to 103x, and scales up to 6x better than its counterparts, while providing stronger consistency semantics. Assise promises to beat the MinuteSort world record by 1.5x

Viitearkkitehtuuri tapahtumapohjaiselle mikropalveluarkkitehtuurille pilvipalveluissa

The emergence of public cloud computing platforms has had a profound effect on how software is being developed. To take advantage of many of the features of cloud platforms, software architecture of applications must aligned with the characteristics of cloud services. Where systems designed for traditional data center deployments have typically consisted of a single large application and a centralized data store, systems targeting cloud platform have become distributed applications. The microservice architecture is a software architecture style for building distributed systems that consist of autonomous services, each responsible for a single problem domain. Decomposing an application to individual components makes is possible to utilize cloud platform features such as scaling each part of the system according to load and performance. Enterprise applications are the context where the microservice architecture pattern is typically applied. These applications are large, long-lived, in state of constant change and highly integrated to other systems. But building complex enterprise applications as distributed systems poses architectural challenges on how to build a system that is evolvable, maintainable and understandable. This thesis describes patterns for building microservice systems that can scale to a large amount of services while retaining the autonomy the services and the maintainability of the system as a whole. A key factor in these patterns is the use of events for communication between the different components of the system. The thesis then presents a reference architecture on how such a system can be developed by utilizing managed services of a public cloud platform.Lisääntyvä pilvipalveluiden käyttö on vaikuttanut merkittävästi siihen, millaisia sovelluksia kehitetään. Sovelluksen arkkitehtuurin täytyy olla suunniteltu siten, että pilvipalveluiden ominaisuuksia voidaan hyödyntää. Sovellukset, jotka ovat suunniteltu ennen pilvipohjaisia arkkitehtuureja koostuvat tyypillisesti yhdestä suuresta asennettavasta komponentista ja keskitetystä tietovarastosta. Pilvipalveluiden myötä tämän mallin sijaan on ruvettu rakentamaan hajautettuja järjestelmiä. Mikropalveluarkkitehtuuri on ohjelmistoarkkitehtuuri, jossa hajautettu järjestelmä koostetaan yksittäisistä erillisistä palveluista. Jokainen palvelu vastaa järjestelmän tietystä toiminnosta tai osa-alueesta. Arkkitehtuuri, jossa sovellus on pilkottu pieniin autonomisiin komponentteihin mahdollistaa monien pilvipalveluiden ominaisuuksien (kuten kuorman mukaisen skaalauksen) käytn. Monimutkaiset yritysjärjestelmät ovat kenttä, jossa mikropalveluarkkitehtuuria tyypillisesti käytetään. Nämä järjestelmät ovat suuria, jatkuvan muutoksen alaisia ja moninaisin tavoin integroituneita useisiin muihin järjestelmiin. Monimutkaisten yritysjärjestelmien rakentaminen mikropalveluarkkitehtuurilla luo omat haasteensa siinä, miten järjestelmästä saadaan ylläpidettävä, jatkokehityskelpoinen ja ymmärrettävä. Tämä diplomityö kuvaa malleja mikropalvelujärjestelmien rakentamiseen siten, että järjestelmän kasvaessa yksittäiset mikropalvelut pysyvät erillisinä ja autonomisina sekä järjestelmä kokonaisuutena pystyy ylläpidettävänä. Avainrakenne näiden tavoitteiden saavuttamisessa on tapahtumien käyttö tiedon välittämisessä palveluiden välillä. Diplomityössä esitetään sitten viitearkkitehtuuri miten nämä mallit voidaan ottaa käyttöön julkisessa pilvipalvelussa

Replicating multithreaded services

textFor the last 40 years, the systems community has invested a lot of effort in designing techniques for building fault tolerant distributed systems and services. This effort has produced a massive list of results: the literature describes how to design replication protocols that tolerate a wide range of failures (from simple crashes to malicious "Byzantine" failures) in a wide range of settings (e.g. synchronous or asynchronous communication, with or without stable storage), optimizing various metrics (e.g. number of messages, latency, throughput). These techniques have their roots in ideas, such as the abstraction of State Machine Replication and the Paxos protocol, that were conceived when computing was very different than it is today: computers had a single core; all processing was done using a single thread of control, handling requests sequentially; and a collection of 20 nodes was considered a large distributed system. In the last decade, however, computing has gone through some major paradigm shifts, with the advent of multicore architectures and large cloud infrastructures. This dissertation explains how these profound changes impact the practical usefulness of traditional fault tolerant techniques and proposes new ways to architect these solutions to fit the new paradigms.Computer Science