I’ve finally had a chance to catch my breath from the last few weeks – I’ve been planning out some new Oracle meetup events in the Chicagoland area, and in between all that I’ve been working on learning about and experimenting with the latest public release of Oracle Database 23c – so it’s been like standing on tiptoe in a wave pool with the water lapping just beneath my nose.
But just before all the craziness started, I had a chance to serve as a delegate for Gestalt IT’s Storage Field Day #25 (SFD25) in Millbrae, CA, just a stone’s throw from San Francisco International (SFO). We split our time between the kitschy Aloft hotel for lodging but did our conference at the Westin San Francisco just across the way. It was a great chance to catch up with Stephen Foskett’s team at GestaltIT and with many of my fellow delegates from past Tech Field Day events.
After an interesting flight through a bomb cyclone circling SFO like the drain in Psycho, our pilot terminated his final approach and we found ourselves headed to Sacramento to wait out the storm … only to have severe weather cause yet another delay. (Yeah, I know. First World Problems.)
I eventually arrived rain-soaked five hours late, but ready for two solid days of presentations from four keys vendors who focus specifically on the most-often ignored aspect of modern computing environments: where we keep our organization’s data to insure its maximum availability, accessibility, and security.
From my perspective, two major themes dominated our vendors’ messages: the ever-expanding horizon of new storage components that system reliability engineer professionals need to comprehend to prepare for those new capabilities, and the ever-encroaching threat of ransomware upon IT organizations, including the need to aggressively plan in advance to protect their data’s security as well as the survivability of their critical infrastructure once an attack ensues.
Index Engine: Be Afraid. Be Very Afraid.
The team at Index Engine offered the most compelling presentation of the conference. We all hear daily about the threat of ransomware; this morning, in fact, a new exploit by [add appropriate one here] exposed a major organization to an embarrassing security failure.
Index Engine essentially stated there’s only two states of storage security postures today: Either you’re already infected with malware and you’re responding to that threat, or you just don’t know you’ve been infected yet, but you’ll discover it sometime soon, and then you’ll be forced to respond to the threat, most likely at a most inopportune time.
What surprised me (and admittedly shook me to my core) was the sophistication of the storage system attacks that the Index Engine folks described, including exploits like encrypting only selected sectors (for lack of a better term, seeing everything is SSD now) of LUNs or mount points. I could imagine a situation where that corruption was intelligently positioned against the oldest partitions of an Oracle database’s partitioned table, which means it could be weeks or months before a query against those blocks was detected.
I also found it fascinating that their CyberSense tool leverages machine learning models to detect ever-more-sophisticated patterns of storage encryption strategies typically deployed by ransomware purveyors – an extremely relevant application of ML and analytics that bodes well for any company employing their solution. Ransomware attacks aren’t going away, so it’s good to know someone’s accepting the challenge to detect, mitigate, and defeat them.
StorPool: The Newcomers From Bulgaria.
I’d only just recently heard about StorPool from a completely unexpected recent encounter: I’d detected them while looking for some new vendors who might be interested in sponsoring our upcoming ODTUG Kscope23 event in June in Aurora, CO. Hailing from Bulgaria – which their team described as the original Soviet Silicon Valley (!?!) – they have a long history of building complex, performant storage systems.
They’d taken advantage of Gestalt IT’s offer to review their presentations ahead of time, and it showed. Their presentation team gave us a rather rollicking look at their most recent storage offerings, including a deep dive into some real-world performance comparisons (see above) – something I wish more presenters weren’t resistant to providing us delegates.
Most of all, I appreciated that they acknowledged the fact most of us still working as SREs, our focus is really on storage stability: of course, we expect performant, reliable, and easy-to-manage storage platforms, but we’re also under constant pressure to maintain the costs behind all that “plumbing.” Their solutions offered some hope that it’s actually possible to achieve that even while contemplating an ever-expanding need to store everything (including audit trails and network logs) because for all we know, somebody is going to need that sometime in the future.
AWS: Room.Elephant.1
Of course, Amazon Web Services was one of the two elephants in the room (more on the biggest one in just a minute). So many organizations use AWS file, object, and block storage these days – many without really knowing exactly how much they’re utilizing because of the nature of shadow IT projects. (And yeah – that’s still a thing.)
AWS acknowledged that keeping everything working and everybody happy means we occasionally need to simulate a worst-case scenario should a failure occur … and that’s why they’ve introduced the concept of chaos engineering into their EBS storage systems. And as an admittedly old-school DBA, I’m usually focused on my database backups’ resiliency; however, what’s really scary to contemplate is what would happen if my IT organization lost even a fraction of its latest and legacy application code and configuration files? It’s good to see that AWS recognizes this reality for those of us on the front lines and that they’re actively protecting over an exabyte (that’s a boatload!) of application data through their AWS Backup tools.
IBM: Room.Elephant.2
I hate to admit it, but the team from IBM posted the least informative and entertaining presentation of the whole event. Their sales points were either lackluster or self-aggrandizing, and even in some cases quite unbelievable (as in that IBM is the #1 Data Foundation for Kubernetes environments).
And is there some kind of rule that their slide presentation had all the graphic sophistication of … I dunno … Powerpoint 1995? A little animation here and there couldn’t hurt. Frankly, I was surprised we didn’t watch their sessions from flimsies poised atop an overhead projector they’d rented from an Arkansas public high school. Just an absolutely abysmal showing from one of the still-largest IT companies in the world.
Conclusions & Observations
One thing I did notice: The vendors who practiced their sessions with the GestaltIT team the week before the event generally got a better response from us delegates because they had a better understanding of delegates’ mind sets and prospective diversity of opinions about modern storage systems’ challenges.
After all, some of us have been working with storage technology for between 20 to 50 years, so we’ve seen amazing advances in reliability, but we’ve also seen what happens when a head crash happens on spinning rust. I’d encourage future Tech Field Day attendees regardless of the event theme to avail themselves of Gestalt IT’s offer to pre-present – it’s the best way to get maximum benefit from the whole experience.
I’m looking forward to the next Tech Field Day event I’ll be asked to attend, and I’m excited that there may actually be a Data Field Day theme in the coming months. After all … what curmudgeonly DBA wouldn’t lick their chops waiting for that?