Storage Short Take #4 – End of Year Edition!

Here we are in the 4th installment of the biweekly Storage Short Take. I know, I know, I just did one last week. However, as you can see a lot has happened in a short period of time, and since this is the last one of 2018 – you should brace yourself for ’19! Whodathunk that there would be so much to cover at the end of the year? So much for a quiet time!

Today’s Topics

Here’s what’s in today’s Short Take:

2019 Predictions!

Ah yes, it’s started. Let’s see what kind of predictions people are making already for 2019!

Let’s start with Toshiba Electronics – Europe.  Aside from the usual “there will be more data” non-predictions, Rainer Kaese (Sr. Mgr. BizDev Storage Products) expects major capacity increases thanks to Helium HDDs, massive storage bays in rack mounts, and AI/DL/BC data explosion (natch).

Blocks and Files have compiled their own meta-list. It includes data lakes, converged systems, capacity (natch), edge computing, as well as some vendor thoughts.

DZone has their list out as well. Didn’t they run into some controversy earlier in the year? I can’t recall now.

StorageCraft offers a few of the same predictions as you’d expect. As sampling: “With the explosive rate of data growth, the current approach to fragmented data storage, management and protection will be untenable. IT fragmentation with a multitude of point-products has created silos, complexity, vulnerability, and out-of-control storage costs. Data silos will have to collapse.” 2019 prediction, or 2010? You be the judge!

At least Forrester is a bit more specific, getting closer to some actual flags-in-the-ground claims.

Along the same vein, you have to give Andy Patrizio over at Network World credit – he’s not vague about what he thinks is going to happen. In some cases, I think he’s on to something.

Hedvig is the first one that I’ve seen to really focus on regulation as an influencer of storage trends. This one is worth a read.

Flashback! What did they say about 2018?

I think this is probably going to need its own blog entry, come to think of it. But here are some of the predictions from 2018 by way of comparison.

Forbes was ready to thrown in completely behind persistent memory (also called Storage-Class Memory, or SCM, but that term has fallen out of favor) and the likes of Optane. It also claimed HCI to be dominant, but surprisingly industry leaders Nutanix and VMware VSAN aren’t on their radar. A good clue is that they don’t actually know how to spell NVMe-oF…

InformationAge shows us the utility (and futility) of vague predictions. Can the same article be written for 2019 as it was for 2018? If so, I don’t think you’re doing it right.

ESG wants it both ways, coming right up to the point of taking a stand but backing away at the last second. Nevertheless, there are some pretty good insights in this one.

[Back to Table of Contents]

Storage Media

In Storage Short Take #2, I brought up the rumor that Xilinx was in talks to buy Mellanox. Now it appears the rumor mill is in full swing, as Microsoft is now said to be a suitor. However, not everyone is buying it (I’m not, either).

[Back to Table of Contents]

Companies In The News

CommVault has been busy. They’ve been assigned eleven patents recently, including “Migrating components in hierarchical storage network, data management improvements, synchronizing selected portions of data in storage management, retaining and using data block signatures in data protection operations, shared library in storage system, database protection using block-level mapping, process block-level backup for selective file restoration for virtual machines, search filtered file system using secondary storage, migrating data to disk without interrupting running backup operations, monitoring and copying multimedia messages to storage locations in compliance with policy, predicting scale of data migration between production and archive storage systems.”
[Back to Table of Contents]

Industry News

The Register sums up the IDC numbers for All Flash Arrays (AFA). Some interesting movement on the part of NetApp and HPE, but DellEMC still leads the pack.

SNIA is calling for vendors with Swordfish implementations to sign up for the first Plugfest of 2019, to be held January 22-23 in Santa Clara, CA.  It’ll be at the same time as the SNIA Member’s Symposium (see below).

TechTarget has a summary of the NVMe Developer Days at the beginning of December. And, not just because I’m in the article, I think it’s good. 🙂
[Back to Table of Contents]

Storage Standards

NVM Express announced the “pending availability” of NVMe-MI 1.1 (Management Interface). From the NVM Express Newsletter:

We are excited about the increased market penetration as well, and according to a new article from EE Times, NVMe has finally hit a tipping point. At the inaugural Conference ConCepts’ NVMe Developer Days, Jillian Coffin of TechTarget even said that “the advent of NVMe will expand the addressable flash and broader storage markets and 27 percent of companies have plans for formal evaluations of NVMe over the next 24 months.”

SNIA has formed a new Technical Working Group that focuses on Computational Storage. If you haven’t heard much about it yet, you will. It’s going to be hitting your radar a lot in a very short time period. I’m guessing that by next Fall you’ll forget that you didn’t know anything about it.
[Back to Table of Contents]

Webinars and Conferences

PacketPushers invited me to the Virtual Design Clinic #3, where I talked a little about networking and NVMe-oF.

SNIA will be presenting a webinar on how Applications Take Advantage of Persistent Memory, with Raghu Kulkarni from Viking Technology and Alex McDonald from NetApp. Webinar is on Tuesday, January 15, 2019 at 10:00a PST.

Want to know about Virtualization and Storage? Check out the Virtualization and Storage Networking Best Practices, on January 17, 2019. Presented by Cody Hosterman (Pure) and Jason Massae (VMware), this is a great opportunity to see these two masters of their craft at work.

Sagi Grimberg and I will be discussing NVMe™/TCP, thanks to the SNIA Networking Storage Forum (NSF). The webinar will be held on January 22, 2019.

The SNIA Member’s Symposium will be held from Monday, January 21 – Friday, January 25, 2019 in Santa Clara, CA. Probably one of the best “sleeper” conferences about storage, every subject you can think of – from networking to solid state to management to form factors, etc. will be covered. Also part of the symposium is the Persistent Memory Summit, which has shown itself to be the forward-looking venue on persistent memory (also called Storage Class Memory) in the industry.

CiscoLive-Europe will be held in Barcelona, Spain, from January 28-February 1, 2019. I’ll be speaking on NVMe and NVMe over Fabrics Deep Dive, BRK2494 at 11:30am (local time) on Friday, Feb 2. I’ll be there the entire week, however, and available for meet ups and ask-the-engineer.

Looking further ahead, one of the “gotchas” of Hyperconvergence is the impact on Networking. To that end, the Networking Storage Forum is holding a seminar on the Networking Requirements for Hyperconvergence that answers the age-old question, “Why can’t I add a 33rd node?”

Synology Security

[Back to Table of Contents]
As you may know, I blog about Synology from time to time. One of the things that I like about them is that they don’t hide issues, and they provide constant communication about security issues that can affect your NAS setup. Here are some of the more recent ones, in order of severity.

Critical Severity

Affected: Diskstation Manager and Synology Router Manager. These are biggies. DSM runs the entire NAS, and SRM runs their router. They have found a vulnerability that allows remote attackers to execute arbitrary code via a susceptible version. What’s the susceptible version? Well… all of them.

CVE-2018-1160

  • Severity: Critical
  • CVSS3 Base Score: 9.8
  • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Solution? None yet. It’s ongoing and they will update when they can. For now, ensure strong firewalls and harden the access into your devices from outside your environment.

Affected: Surveillance Station. A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Surveillance Station.

Solution? Synology has issued a major security update for Surveillance Station 8.2.2. If you’re using Surveillance Station package or VS960HD, Synology recommends you perform software/firmware updates to avoid exposure to security risks. References: Synology-SA-18:58 and Synology-SA-18:59.

Moderate Severity

Affected: Magellan (a number of vulnerabilities in SQLite). Vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products.

If you’re not sure if your NAS uses Magellan, well, it pretty much does. It affects everything from DSM to SRM to Active Backup to Download Station to Universal Search to Python 3 to Surveillance Station… and more.

Solution? None yet. The CVE ID is pending. From Tencent, it appears that the vulnerabilities are particularly prevalent in Chrome and Chromium products. This is not an issue with Synology, per se, but if you use Chrome or WebView (Android apps use WebView) to access your NAS, you could be particularly hit by this.

Affected: Active Directory Server. CVE-2018-16841 and CVE-2018-16851 allow remote authenticated users to conduct denial-of-service attacks via a susceptible version of Synology Active Directory Server. These are Samba attacks and it’s wise for anyone running AD to constantly keep track of vulnerabilities like these.

Solution? None yet. This is less a Synology thing and more of a Microsoft thing.
[Back to Table of Contents]

Bonus Round

As if there wasn’t enough to consume, take a look at Managing Disk Volumes in Kubernetes: Current Capabilities and Future Opportunities:

And, of course…

See you in 2019!

Follow, sponsor, or see more at:
Advertisements

3 Comments

Leave a Reply

%d bloggers like this: