Scale-out vendor Quobyte scales up security, policy engine functionality in 3.0 release

The security enhancements include end-to-end AES data encryption, TLS support, an X.509 digital certificate and new Kubernetes support.

Björn Kolbeck, Quobyte’s CEO

Today, distributed parallel file system vendor Quobyte is announcing the 3.0 release of their Data Center File System. Its major enhancements are beefed-up 360 degree security, and improvements to their policy engine.

Quobyte’s offices are split between Berlin and Santa Clara, with the engineering team in Berlin, while the marketing, sales and support are in California. The customer base is split between Europe and North America.

Founded in 2013, the company makes a scale-out, software-defined unified storage offering with a file system base. There are multiple similar players in the market, some of which are small startups like Quobyte, but others are established players like Intel. Quobyte, however, does see their technology as being differentiated in the market.

“Our approach is very different because our scalability has two parts,” said, Björn Kolbeck, Quobyte’s CEO. “While we scale linearly, we also scale on the operational side of things. Our background is at Google, and we learned there how they manage infrastructure at scale. We replicated their model so our customers have the same benefits. It allows a team of two admins to be able to  manage 100 PB. The software takes care of things that break so that everything can be done while the system is live. There’s no need for downtime, to take controllers offline for maintenance. It’s a very different model of how to run infrastructure.”

Their software-defined nature is less distinctive, but it is versatile.

“We are software-defined, with no appliances,” Kolbeck said. “Our software runs on almost any x86 server from the last five years. Others’ software has limited configurations, or doesn’t run everywhere.”

Quobyte’s market consists of some HPC workloads but also enterprise workloads.

“Customers use us for work like 3D rendering, visual effects, transcoding, and life sciences,” Kolbeck stated. “Our goal isn’t the filer market. It’s work that requires scalability and performance.”

Quobyte goes to market through a 100% channel strategy.

“Our partners are VARS who put the hardware and software together who add value and pitch our product to their customers. They can choose the server platform that their customers want.”

A key upgrade with the 3.0 version is the introduction of 360 degree security.

“This was a major demand for prospects and customers, because of heightened sensibilities in this area,” Kolbeck indicated. “It provides a level of protection that is not possible on an NFS-based file system.”

The enhancements begin with the implementation of end-to-end AES data encryption.

“We have also added TLS support between data centres so customers can communicate over that in plain text communication,” Kolbeck said. “Also new is support for access keys for the file system, allowing users to use the same credentials.”

Also new is an X. 509 digital certificate to verify public key ownership, and an event stream.

“We also now provide full Kubernetes support,” Kolbeck said. “Those environments are challenging for authentication.”

The policy engine has also been upgraded with this release.

“Our engine has always been policy driven, but we made it more powerful to control almost all aspects of a cluster, such as tenants, volumes and client – down to the files,” Kolbeck said. “We also control expiration. These policies can be reconfigured at runtime without interruption of service

Automation ensures the optimal selection of redundancy and placement, including a new automatic policy that switches between replication and erasure coding as well as flash and HDD inside a file

“A minor feature that we have added is self-service capability, which includes a revamped UI where every user can log in and manage access keys, and check resource consumption,” Kolbeck indicated. “With the self-service capability, the customer can now do this without talking to admins.”

Version 3.0 also adds a multi-cluster data mover with bi-directional sync.

“This data mover component improves multi-cluster support to synchronize between clusters, Kolbeck said. “Together with the addition of TLS between clusters, these new features allow you to properly secure multi-clusters. We have also added native drivers for Hadoop and MPI-IO, which provide significantly lower latency by bypassing the kernel.”