Panasas is bringing more advanced security features to its PanFS portable parallel file systems to address the demands for data protections in modern high-performance computing (HPC) environments and artificial intelligence (AI) and machine learning workloads.
The company known for its HPC storage portfolio this week unveiled PanFS version 9, which comes with such security measures as encryption of data at rest and file labeling support for Security-Enhanced Linux (SELinux) — an array of Linux kernel security modifications that manages how files are accessed.
The new features are the first in a series of security-based steps the company will take as HPC is embraced by enterprises that need the performance and scalability to address such modern workloads as AI, machine learning and data analytics and as IT environments become more distributed and data-centric.
“It used to be that HPC was inside the glass house,” Curtis Anderson, software architect at Panasas, told Enterprise Storage Forum. “Sometimes literally there was just a network firewall between the HPC environment and the rest of the corporation or the organization. These days, it’s becoming more integrated. It’s more of a service available to a lot of different people and you can’t afford to have it behind air gaps, networks and other kinds of things people used to use for their HPC environment. Enterprise customers are moving into HPC, being lured by machine learning, so now [data] is becoming more of a core resource, so you can’t afford those kinds of barriers to get to the information resources. Security [is about] making sure that even when machines are available and the systems are available, you’re actually still controlling who gets access to data and how exposed it is.”
HPC Market Expands into Enterprises
Panasas’ focus on security comes at a time of growth for the HPC space. A report on MarketsandMarkets said the global HPC market will grow from $37.8 billion last year to $49.9 billion by 2025, averaging 5.5 percent increases each year. Organizations in such industries as finance, medical and government and defense are looking for ways to run software faster.
In addition, the trend toward hybrid HPC environments – with some work being done on premises and the rest in the cloud – will also help drive growth, particularly as enterprises adopt the technologies and cloud providers expand the HPC services they offer, the report found.
“Enterprises are interested in HPC, partly because of AI and machine learning,” Anderson said. “That’s driving a lot of attention.”
Also read: Best Encrypted Cloud Storage for 2021
Encryption at Rest
Panasas’ encryption-at-rest data protection, which complies with the NIST security framework, is provided by AES 256-bit hardware-based encryption on self-encrypting drives.
“As an HPC customer, you don’t have to worry about a failed drive leaving your organization,” Anderson said. “The data on it is just not accessible because it was encrypted at rest. No one’s going to steal the drive, so it takes the physical maintenance operations off the table in terms of data security. You’re still left with operational security, such as, ‘Can someone log in?’ But this just takes that whole physical security off the table in terms of data leaks.”
Panasas has been shipping ActiveStor Ultra storage appliances with self-encrypting drives installed. The hard disk and solid-state drives have always been encrypting. What Panasas is offering now through an upgrade to PanFS9 is the ability to lock and unlock it via security keys, Anderson said.
Because the encryption capability has already been available in the storage appliances, the ability now to use the security keys to essentially turn the encryption on and off won’t impact the performance of the systems.
Panasas also is working with key management solution companies like Thales Group to ensure that the encryption keys are kept secure.
“We’re integrating with professional, dedicated key management infrastructure vendors, people whose business is entirely that,” Anderson said. “You’re getting the best of breed in storage and in key management. We’re leveraging their expertise.”
Feedback from Panasas customers has been positive, he said. Some have told the vendor that while they may not feel the need now to leverage the encryption-in-place feature, they’re glad to know it’s in place when the time comes.
Security Labels and SELinux
At the file access layer, PanFS9 stores SELinux context information as per-file security labels that can be used by SELinux and multi-level security policies for greater access control, according to the company.
Anderson said the company changed its proprietary DirectFlow protocol, which is the high-bandwidth connection from a computer node into Panasas storage, so that it has to pass SELinux security context labels. Company officials believe that such security measures will become more widely embraced over time.
“It’s used in the higher security environments, such as government contracting and not so much in corporations or in enterprise accounts,” Anderson said. “But we think they may get this someday. It sort of bullpens for people who are really interested in online security, which started with SE-Linux, and we’ll continue expanding that. For people who cover the physical security, we’re doing the encryption at rest.”
Security a Key Focus
Security isn’t a foreign concept to Panasas. The company for a long time had such capabilities in its offering as access control lists. However, the encryption at rest and SELinux features are part of a new effort by Panasas to build out its range of more modern security offerings.
“We’re continuing down that path because we like the idea that security is going to become a bigger and bigger issue,” Anderson said. “In the HPC niche, security is becoming a bigger deal. Encryption at rest and tighter access controls on data of those types of things. The government contracting space is moving closer to the enterprise. We have just a general push into security because we believe that the market is more interested in that, in general.”
Along with the security features, Panasas also is making some performance tweaks via PanFS9 to its Dynamic Data Acceleration software, which was rolled out last year to improve the performance of storage devices, bringing intelligence to mixed HPC and AI and machine learning workload processing. With PanFS9, the software was enhanced to improve performance on both the storage and metadata nodes. In addition, PanFS drives better metadata performance for DirectFlow, NFS and SMB protocols.
Read next: 3 Reasons to Outsource the Management of Your Public Cloud