Customer concerns over cloud storage have shifted from security to performance as larger businesses look to shift...
more data to the cloud, according to Nasuni Corp. founder and CEO Andres Rodriguez.
Rodriguez said encryption has alleviated security concerns. But as Nasuni's customer base shifts from small- and midsize businesses to large enterprises, the company must show customers the cache to prove it can deliver enough performance.
Nasuni's cloud-based UniFS file system provides a single namespace to manage unstructured data. Its virtual appliance caches active data on premises and shifts less frequently accessed files to object storage in Amazon's and Microsoft's public clouds. Nasuni also sells flash- and disk-based appliances bundled with its software.
We caught up with Rodriguez at the company's new headquarters to discuss the challenges in addressing the evolving Nasuni storage customer base, cloud concerns, and why he has placed a bull's-eye over Dell EMC's Isilon NAS.
What are the biggest concerns that customers raise today about the Nasuni storage technology model?
Andres Rodriguez: Performance. They always want to test if their application can run at full performance. There are unusual use cases that can create bad cloud behaviors, and they're always worried about that.
The cloud model is not unlike a lot of storage. All storage technology is some form of caching. But the caching of the cloud model is a dramatic one. So if you hit an application and all of a sudden it's going to thrash the cache, they're very worried about the performance impact. And they're right to be.
How are you addressing that concern?
Rodriguez: Improving the cache and being able to scale out, because that creates a bigger and bigger cache.
When do you think you'll be able to deliver that?
Rodriguez: Probably toward the end of next year, to be conservative. It takes a while, but we've been building all of the building blocks for it for the last two years.
How has the Nasuni storage customer base changed over the years?
Rodriguez: At the very beginning, we felt that we could do it all with virtual machines, but customers begged us for two years to bring in an appliance line. So we brought in hardware appliances, which immediately allowed us to get to the mid-enterprise accounts.
We really help people that have scale problems. We won accounts that are tier one storage buyers, so they're already buying from NetApp or EMC or Hitachi or one of those [vendors]. They have five or more locations that they need infrastructure in. And they have at least 100 TB that we can target in terms of their file storage.
The thing that changed in 2016 was the doors finally opened in the biggest of the accounts where the pain was intense around scale and performance of files across geographies. At scale, we're highly differentiated versus pre-existing infrastructure.
One of our major campaigns right now is all around Isilon. It's a clustered file system designed for big file storage, but the bigger it gets, the slower it gets. It's in one location. It's hard to get the files around the world. If you want DR [disaster recovery], you have to set up a second cluster that's somewhere else that also is very large. Why not just have the cloud in the center? And you can have as many edge appliances as you want, and you have better performance and global access to the files.
What caused the change in 2016?
Rodriguez: Until 2016, it was always, 'The cloud is never going to be high performance enough. The cloud is not secure enough.'
Some of what started happening is the scale started breaking all of the existing systems to such a degree in the biggest of the enterprises that enough smart people looked at the problem and said, 'We know exactly how to do the security thing. We know that the data is encrypted. We're going to stop worrying about that.'
It all came down to, can you really do high performance where the cloud is the hub? Whether it's a private cloud or a public cloud, can this model really outperform or at least match the performance of our existing systems?
In the beginning, you couldn't get above the noise of, 'Commvault is going to have a cloud thing, and 'NetApp is going to have a cloud thing, and everyone is going to have a cloud thing.' They were all the same. It's a new tier for crap. We're going to put the data we never want to see again out there.
What are the primary use cases for Nasuni storage customers?
Rodriguez: Pretty much all our customers run a hybrid model. We have two use cases that are compelling to people.
The vanilla use case is business continuity. In other words, you have 50 locations. You used to have centralized backup. You had Data Domain or Commvault, and you had [Dell EMC] VNX with Windows file server or NetApp at all of those sites.
You now bring Nasuni and you get rid of all that. Nasuni becomes your file server at the edge. Nasuni backs itself up centrally to the cloud, so it's now your backup. Because the cloud is another location, that also becomes your DR.
The other [use case] is collaboration with customers that are having a hard time accessing files and editing files across multiple locations. These are big engineering or architecture firms. They have heavy 3D models. They need high performance. And not only that, when I make changes in London, I want to see those changes in New York. And I want to do the same thing across 17 other sites synchronizing all the time.
The only way to do that is to have an authoritative version of my data that's sitting not in any one place in my infrastructure, but say in the cloud, and then every site is synchronizing constantly against that. That's the advanced use case.
How does Nasuni's approach differ from competitors?
Rodriguez: Avere Systems, Panzura and the Isilon team all did the same thing. They all [created] a traditional file system, and then they put pointers to the object store. But the file system was still XFS or ext3 or some file system that was running in the appliance in the front.
We did it upside down. We put the file system in the object storage, and then we cached portions of that to the appliance. This is why scale has changed the equation for Nasuni.
UniFS is always looking at a live version of itself that's in the cloud. It's a bunch of objects with basically XML that are serving as inodes pointing to other XML that's serving as inodes. But they are all in the cloud. They are not in the appliance. The appliance is just a disposable, transient window to the giant file system.
Everyone has been thinking of the cloud as a tier. We actually think of the appliance as a tier. The cloud is the source.
UniFS is fully portable. We can move you from one object store to another object store completely seamlessly. Everything about the file system is represented in objects, and those objects can be moved from provider to provider. There's no loss of data or metadata.
Everything -- all the metadata, all the data -- is in the public cloud, but all encrypted. The metadata that's on premise is a cache copy version of what's in the cloud.
What have been some of the worst learning pains for Nasuni?
Rodriguez: I think it took us two years to get Active Directory to really work. And I believe, six months ago, we found a nuance that we had missed [for] seven years. So there are still these little quirky things.
Directory services control access to an entire organization's files. They are some of the most complex, spaghetti[-like], mixed-in things. And companies buy other companies, and they create trusted domains, and it's so complicated. Active Directory and LDAP are fabulous technologies, but the implementation of those technologies in real-life environments is complex.
Did you ever have data corruption issues?
Rodriguez: UniFS has never corrupted any file data or versions of file data. The only issue we ever had was a professional service engagement where we migrated some data at the customer site. The team forgot to set a flag internally, so it wasn't marked properly on our end. During a delete operation, we deleted about 3,000 files. It was horrific. That was like, year two. Now we have all kinds of fail-safe mechanisms.
You have to make everything automated. The great risk of traditional storage systems is that there are so many people in the mix: people making the backups, people setting up the provisioning, people changing and replacing drives. People are always the vulnerability.
UniFS was built to stand alone and do everything it needs to do to protect itself: version, replication, everything. That's why it's reliable, because it's a piece of code running. It's not people doing things around it.
Have you noticed any repercussions from the Equifax data breach?
Rodriguez: Absolutely. It took us years to convince people that Nasuni does not make your security better, but it doesn't make it any worse.
When customers get Nasuni, they install it in all their data centers, and the first thing they do when they turn it on is they generate their own encryption keys. The encryption keys are held by the customers and we never see them. And our providers, like Microsoft and Amazon, never see them. So the customer's data is encrypted inside their security perimeter.
It's bulletproof in the sense that if anyone compromises AES 256, we have bigger problems; like the world is falling apart at that point. Encryption runs our planet, and the math on that is rock solid. That's not where people are ever afraid.
Security people have a great saying: 'Show me where the encryption is because I'm going to go look elsewhere. That's where the wall is built. I'm going to look for the door.'
The biggest vulnerability [is] the people that work inside your organization. Always. Time and time again, people will do something stupid that creates a security problem, and it's inside your security perimeter.
Plotting an enterprise data management strategy
Guide to cloud storage appliances
Nasuni offers protection against ransomware attacks