Multi-Level Security Lustre*
MORE LUSTRE USERS ARE INCREASINGLY SECURITY CONSCIOUS
Across government and commercial organizations, traditional HPC requirements for both high performance infrastructure and a high level of security are increasingly overlapping. Government, financial services, and life sciences are among those workflows most likely to adopt Lustre* Parallel File System to address their growing performance and scalability needs to ingest, process, and share sensitive data that requires a higher level of protection.
BUILDING SECURE LUSTRE ENVIRONMENTS REQUIRES SIGNIFICANT DOMAIN EXPERTISE
Until recently, however, building a secure environment on Lustre required a great deal of in-house expertise, from advanced configuration to custom code.
Today DDN offers a Multi-Level Security (MLS) Solution for Lustre that provides complete Lustre user and data isolation. MLS Lustre Solutions from DDN can be built on our smaller or larger appliances, so customers choose the performance, capacity, and scalability of their solution without constraint. DDN’s unique performance optimization improves the performance of the secure environment by up to 2x, minimizing the overhead of security components.
A COMPLETE MLS LUSTRE SOLUTION WITH THE PERFORMANCE AND SCALE OF DDN LUSTRE APPLIANCES
Built on DDN’s EXAScaler® parallel file system appliances (EXAScaler, ES14KX™, ES12KX®, ES7KX®) which includes Intel® Enterprise Edition for Lustre, DDN’s Multi-Level Security Solution for Lustre is ideal for government, health and life sciences, research labs, financial, and other data-intensive organizations handling sensitive, personalized data that is currently or may in the future be subject to security guidelines stipulated by SEC, FINRA, new EU Data Protection Guidelines and specific regulation under provisions like HiPAA, CLIA, FISMA, and more.
- DDN EXAScaler appliances bring centralized configuration and management as well as industry-leading density, performance, and scale
- SE Linux provides a strong security foundation
- Containerization with Docker isolates user data
- Kerberos handles user authentication
- DDN delivers a complete solution with unique performance enhancement up to 2x
SOLUTION DETAILS AND TECHNICAL SPECIFICATIONS
The MLS Lustre File System solution is a combination of a DDN unique-feature set, comprised of a DDN hardware foundation, Lustre-specific development, and specialized professional services engagement.
Lustre Parallel File System
This solution framework is currently based on security features of Centos/Red Hat 7.2 (SE Linux) and Intel Enterprise Edition for Lustre in addition to a DDN-unique set of features implemented on EXAScaler 3.x.
Support for Docker Containers
Isolation through Docker containers is another security enhancement capability currently offered. Running Lustre File System on container provides a fine-grained security isolation technique required for multitenancy organizations that needs to isolate centralized data from certain groups of people/hosts. This feature allows an additional level of security beyond the standard POSIX ACLs, isolating Lustre client nodes to a specific Lustre subdomain. The Docker container support is available through Intel Foundation Edition for Lustre (Lustre 2.9), Centos/RedHat 7.2, and beyond, and is integrated into DDN EXAScaler.
The security of SE Linux/MLS and support for Docker containers may be improved with Kerberos support for stronger and reliable authentication. The Kerberos support has been integrated into Lustre 2.8 code.
Specialized Professional Services Engagement
The implementation of a highly secure Lustre File System infrastructure relies on Professional Services (PS) engagement. DDN’s PS engagement for Secure Lustre Solution is designed to assess the customer’s environment and implement a solution that best addresses their requirements. DDN Professional Services will conduct a brief assessment and discuss the project needs with the customer, work on a suitable architecture, and implement the solution. The professional service engagement for Secure Lustre environments is required for any implementation of the MLS Lustre Solution.
Click here for DDN EXAScaler Lustre Hardware Appliance Specifications.