Vulnerabilities / Threats // Insider Threats
9/5/2012
12:00 PM
George Crump
George Crump
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Flash First: Your Next Storage Strategy?

As flash storage costs decline, its performance advantages over hard drives become even more appealing.

Many IT departments have a virtualize-first strategy. This means that anytime a new server is requested, the default reaction is to virtualize that server. A standalone physical server requires special justification. We may be heading the same way with storage, where new storage additions are flash first, and hard drives are used only for storing active data.

Cost has been the key hindrance for solid state device (SSD) adoption, but reducing that cost per effective GB is a key reason that data centers will move to a flash-first strategy. As we discuss in our recent article "SSD Can Achieve HDD Price Parity," continued advances in flash controller technology, combined with advanced flash storage system design, have made it possible for flash SSD systems to achieve price parity with enterprise disk storage systems. A key is the enablement of multi-level cell (MLC) based flash systems, which essentially combine consumer grade flash NAND with advanced controllers to deliver enterprise reliability into a system that provides enterprise redundancy.

On top of safely using MLC-based SSD to drive down price, there is almost a universal adoption of deduplication and/or compression in the flash appliance market. The combination can provide a five times or greater effective capacity, and flash has the performance capabilities to support the additional workload of flash lookup. All deduplication is not created equal though, and as we pointed out in our recent webinar "What is Breaking Deduplication," users and suppliers need to pay careful attention to make sure deduplication does not become a performance problem as their systems scale in capacity.

With cost issues being addressed so rapidly, the other reason for a flash-first strategy is that initiatives like server and desktop virtualization have made storage performance bottlenecks a near-universal problem in the data center. The random I/O that a host loaded with even a few virtual machines is significant and can easily tax hard drive-based systems. This problem will increase as the VM density per host increases with each processor upgrade. Random I/O is, of course, the flash storage trump card. Other than DRAM-based systems, nothing responds to random I/O faster than flash.

Capacity and capacity management are also less of a concern now. Certainly data continues to grow, but designing a system large enough to store all an organization's data is not that difficult. What was difficult was storing all that data and keeping storage response time acceptable. Flash resolves the performance problem, and there is a suite of tools and systems that will manage the movement of active data to a flash storage device.

Finally, thanks to the performance advantage and easier to justify price point, flash makes the storage administrator's life easier. Once everything, or almost everything, is on flash, the job of performance tuning and scaling virtual machine density becomes significantly easier. Also there are so many ways to implement and leverage flash that you don't have to wait for your storage refresh budget to come through. Flash can be added via a standalone appliance, in the server host, or as a network cache to solve specific performance problems right away.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4734
Published: 2014-07-21
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

CVE-2014-4960
Published: 2014-07-21
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

CVE-2014-5016
Published: 2014-07-21
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to appl...

CVE-2014-5017
Published: 2014-07-21
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter...

CVE-2014-5018
Published: 2014-07-21
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.