Pure Storage Boosts Crypto Features, Takes CIA Money
June 07, 2013
Pure Storage recently announced that it updated its FA-400 all-flash array, boosting both capacity and performance, plus a few significant software enhancements. The company also announced an investment by In-Q-Tel, the CIA's venture capital arm.
While the amount In-Q-Tel paid out wasn't made public, investment from the spook community is a major endorsement when selling to security-centric government and military clients.
- Forrester Study: The Total Economic Impact of VMware View
- HP Datacenter Care: Enterprise-Wide Support For Business-Critical IT
On the security front, the new version of Pure's software encrypts all data on the system at rest using self-encrypting SSDs and AES-256 encryption. I assume the self-encrypting drives come from Samsung, as it's another of Pure's investors.
Pure does key management in an interesting way. Rather than storing the key in a small amount of non-volatile memory on the controller, it encodes the key with dispersal codes, which is similar to mechanisms used by Amplidata and Cleversafe. The key is then spread across all the SSDs in the system; recovering the key requires half plus one of the SSDs.
This means the encryption at rest is good not just for drive disposal but for systems in transit--as long as no more than half the SSDs are shipped via any one interceptable route.
[Encrypting stored data is great for security, but it can also be used for data disposal, says Howard Marks in "The Best Use of Encryption You’ve Never Considered.”]
The performance and capacity improvements for the FA-400 come from updating the system to the latest components from their suppliers. Faster Sandy Bridge (Xeon E5-2600) processors and more memory boost the system's IOPS rating from 200 to 400K. Bigger SSDs double the raw flash capacity to 23TB, which with Pure's deduplication should yield somewhere between 80TB and 100TB of space for most users.
Software updates include low- or zero-impact snapshots and integration with host offload interfaces such as VAAI and ODX. Interestingly, the snapshot mechanism isn't tied to LUNS or logical volumes, thus allowing the system to take snapshots of arbitrary LBA ranges. While this will require some future software integration, it lays the groundwork for per-VM snapshots via vVols and consistency groups.
The system also now supports in-place upgrades of all components, including the controllers, so users can upgrade to the new FA-400 controllers without downtime.
In addition, Pure has built an interesting cloud management model. FA-400 systems report their health to Pure's NOC more or less continuously. For administrators trying to troubleshoot the product, this eliminates tedious process of opening a ticket, waiting for a response, sending logs, waiting for a response, and so on. It also allows Pure to proactively correlate events across customers, so Pure can notify customers that have similar usage patterns to install patches before those patterns trigger a bug.
A Changing Market From where I sit, the market opportunity has come and gone for drag racers--that is, the very fast but feature-limited flash systems from vendors such as IBM/TMS and Violin. Now that full-featured, all-flash arrays can deliver 400,000 IOPS along with deduplication, snapshots and the rest of the storage management capabilities we've come to expect from a disk array, there's no reason to buy a fast rackmount SSD.
IBM and Violin have recognized this, but their response of adding third-party storage management to a management processor and putting the rackmount SSD behind a virtualization engine like SVC is a stopgap at best.
Will Pure Storage join EMC and NetApp as a mainstay of the storage industry? Maybe. Each time a raft of startups brings new technology to market, the results are pretty much the same: a couple get picked up by the big boys at a good price, like 3Par and EqualLogic; a few go for pennies on the dollar, like Exanet or OnStor.
If a company is lucky, it becomes a player in its own right, but the odds are long. Pure Storage has managed to establish the mind share needed to become a player, but whether it can turn that mind share into substantial sales is still an open question.
Note: The folks at Pure Storage asked me not to use the term "spook" to refer to In-Q-Tel, the CIA, No Such Agency, the DIA or any other government body that may be flying a black helicopter over my house, but I just couldn't resist.