Service providers have been increasingly providing their web services (e.g., web sites) at third party data centers in the cloud by running a plurality of virtual machines (VMs) on a host/server at the data center. Here, a VM is a software implementation of a physical machine (i.e. a computer) that executes programs to emulate an existing computing environment such as an operating system (OS). The VM runs on top of a hypervisor, which creates and runs one or more VMs on the host. The hypervisor presents each VM with a virtual operating platform and manages the execution of each VM on the host. By enabling multiple VMs having different operating systems to share the same host machine, the hypervisor leads to more efficient use of computing resources, both in terms of energy consumption and cost effectiveness, especially in a cloud computing environment.
Non-volatile memory express, also known as NVMe or NVM Express, is a specification that allows a solid-state drive (SSD) to make effective use of a high-speed Peripheral Component Interconnect Express (PCIe) bus attached to a computing device or host. Here the PCIe bus is a high-speed serial computer expansion bus designed to support hardware I/O virtualization and to enable maximum system bus throughput, low I/O pin count and small physical footprint for bus devices. NVMe typically operates on a non-volatile memory controller of the host, which manages the data stored on the non-volatile memory (e.g., SSD, SRAM, flash, HDD, etc.) and communicates with the host. Such an NVMe controller provides a command set and feature set for PCIe-based SSD access with the goals of increased and efficient performance and interoperability on a broad range of enterprise and client systems. The main benefits of using an NVMe controller to access PCIe-based SSDs are reduced latency, increased Input/Output (I/O) operations per second (IOPS) and lower power consumption, in comparison to Serial Attached SCSI (SAS)-based or Serial ATA (SATA)-based SSDs through the streamlining of the I/O stack.
Currently, a VM running on the host can access the PCIe-based SSDs via the physical NVMe controller attached to the host and the number of storage volumes the VM can access is constrained by the physical limitation on the maximum number of physical storage units/volumes that can be locally coupled to the physical NVMe controller. Since the VMs running on the host at the data center may belong to different web service providers and each of the VMs may have its own storage needs that may change in real time during operation and are thus unknown to the host, it is impossible to predict and allocate a fixed amount of storage volumes ahead of time for all the VMs running on the host that will meet their storage needs. Although enabling access to remote storage devices over a network can provide extensible/flexible storage volumes to the VMs during a storage operation, accessing those remote storage devices over the network could introduce data security, integrity, and transmission efficiency issues. It is also desirable to be able to monitor and analyze user's access to the remote storage devices for Service Level Agreement (SLA) and/or billing purposes.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent upon a reading of the specification and a study of the drawings.
Aspects of the present disclosure are best understood from the following detailed description when read with the accompanying figures. It is noted that, in accordance with the standard practice in the industry, various features are not drawn to scale. In fact, the dimensions of the various features may be arbitrarily increased or reduced for clarity of discussion.
The following disclosure provides many different embodiments, or examples, for implementing different features of the subject matter. Specific examples of components and arrangements are described below to simplify the present disclosure. These are, of course, merely examples and are not intended to be limiting. In addition, the present disclosure may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed.
A new approach is proposed that contemplates systems and methods to support a plurality of value-added services for storage operations on a plurality of remote storage devices virtualized as extensible/flexible storages and NVMe namespace(s) via an NVMe controller in real time. First, the NVMe controller virtualizes and presents the remote storage devices to one or more VMs running on a host attached to the NVMe controller as logical volumes so that each of the VMs running on the host can access these remote storage devices to perform read/write operations as if they were local storage devices via the NVMe namespace(s). The NVMe controller then monitors and meters resources (such as CPU, storage and network bandwidth) consumed by the activities/operations by the VMs to the virtualized remote storage devices as well as the data being transmitted during such operations in real time and creates analytics for billing purposes. In addition, the NVMe controller performs one or more of crypto operations, checksum operations, and compression and/or decompression operations on the data written to and/or read from the remote storage devices by the VMs as part of the value-added services to improve security, integrity, and efficient transmission of the data.
By virtualizing the remote storage devices as if they were local disks to the VMs and enabling the plurality of value-added services for accessing the virtualized remote storage devices, the proposed approach enables the VMs to have secured and fast access to extended storage units accessible over a network, removing any physical limitation on the number of storage volumes accessible by the VMs via the NVMe controller. In addition, by monitoring/metering the VMs' read/write operations to the remote storage devices in real time, the proposed approach enables collecting and creating analytics on user activities to the remote storage devices for billing based on the amount of data being transmitted by the read/write operations instead of or in addition to billing based on storage space occupied by the data. Such data metering-based billing is especially suitable for value-added services provisioned for the remote storage devices over the network where network bandwidth taken by the data is often a more critical metrics/bottleneck than the storage space occupied by the data.
In the example of
In the example of
In the example of
In the example of
In some embodiments, each of the VMs 110 running on the host 112 has an NVMe driver 114 configured to interact with the NVMe access engine 106 of the NVMe controller 102 via the PCIe/NVMe link/connection 111. In some embodiments, each of the NVMe driver 114 is a virtual function (VF) driver configured to interact with the PCIe/NVMe link/connection 111 of the host 112 and to set up a communication path between its corresponding VM 110 and the NVMe access engine 106 and to receive and transmit data associated with the corresponding VM 110. In some embodiments, the VF NVMe driver 114 of the VM 110 and the NVMe access engine 106 communicate with each other through a SR-IOV PCIe connection as discussed above.
In some embodiments, the VMs 110 run independently on the host 112 and are isolated from each other so that one VM 110 cannot access the data and/or communication of any other VMs 110 running on the same host. When transmitting commands and/or data to and/or from a VM 110, the corresponding VF NVMe driver 114 directly puts and/or retrieves the commands and/or data from its queues and/or the data buffer, which is sent out or received from the NVMe access engine 106 without the data being accessed by the host 112 or any other VMs 110 running on the same host 112.
In the example of
In the example of
In some embodiments, the NVMe storage proxy engine 104 organizes the remote storage devices as one or more logical or virtual volumes/blocks in the NVMe namespaces, to which the VMs 110 can access and perform I/O operations as if they were local storage volumes. Here, each volume is classified as logical or virtual since it maps to one or more physical storage devices either locally attached to or remotely accessible by the NVMe controller 102 via the storage access engine 108. In some embodiments, multiple VMs 110 running on the host 112 are enabled to access the same logical volume or virtual volume and each logical/virtual volume can be shared among multiple VMs.
In some embodiments, the NVMe storage proxy engine 104 establishes a lookup table that maps between the NVMe namespaces of the logical volumes, Ns—1, . . . , Ns_m, and the remote physical storage devices/volumes, Vol—1, . . . , Vol_n, accessible over the network as shown by the non-limiting example depicted in
In some embodiments, the NVMe storage proxy engine 104 further includes an adaptation layer/shim 116, which is a software component configured to manage message flows between the NVMe namespaces and the remote physical storage volumes. Specifically, when instructions for storage operations (e.g., read/write operations) on one or more logical volumes/namespaces are received from the VMs 110 via the NVMe access engine 106, the adaptation layer/shim 116 converts the instructions under NVMe specification to one or more corresponding instructions on the remote physical storage volumes under the storage network protocol such as iSCSI according to the lookup table. Conversely, when results and/or feedbacks on the storage operations performed on the remote physical storage volumes are received via the storage access engine 108, the adaptation layer/shim 116 also converts the results to feedbacks about the operations on the one or more logical volumes/namespaces and provides such converted results to the VMs 110.
In the example of
In some embodiments, the NVMe storage proxy engine 104 is configured to support a plurality of value-added services to the user of the VMs 110 by performing a plurality of operations on the data being transmitted through the NVMe controller 102 as discussed in details below. In some embodiments, the NVMe storage proxy engine 104 is configured to provision the plurality of value-added services according to a service-level agreement (SLA), which is a service contract that formally defines types, levels, and timings of the services provided by a storage service provider to a user of the VM 110. For non-limiting examples, the plurality of value-added services include but are not limited to, billing based on network usage, storage data security, integrity, and efficient delivery.
Unlike read/write operations to local storage devices 120, where storage capacities of the devices are the only constraint, read/write operations on the logical volumes that map to the remote storage devices over the network are often constrained by the network bandwidth between the VMs 110 and to the remote storage devices 122 in addition to the physical limitations on the capacities of the remote storage devices 122. In the example of
In some embodiments, the metering component 117 of the NVMe storage proxy engine 104 is further configured to generate analytics on the read/write operations by a VM 110 based on the amount of the data transmitted and metered using various analytical approaches that include but are not limited to statistics, operations research, and mathematical algorithms. In some embodiments, the analytics generated by the metering component 117 reveal meaningful patterns of storage access and data transmission by the VM 110 in terms of various metrics such as amount and timing of peak and/or data average usage, logical volumes most and/or least frequently accessed by the VM 110, and timing and/or frequencies of such access by the read/write operations of the VM 110, etc. In some embodiments, the NVMe access engine 106 is configured to present the identified patterns in the analytics of the VM 110 to its user in the form of a multi-dimensional representation, wherein each dimension of the multi-dimensional representation represents one of the metrics measured above. Such patterns identified in the analytics by the metering component 117 provide real time information and insights on users/applications activities in terms of the read/write operations by the VMs 110 and enables a service provider to dynamically customize its services and/or billing policies to better serve the user in real time via the NVMe storage proxy engine 104. For a non-limiting example, the NVMe storage proxy engine 104 may adjust the allocation of network bandwidth for the VM 110 dynamically in real time based on the pattern of its data transmission to the remote storage devices 122 over the network. For another non-limiting example, the NVMe storage proxy engine 104 is configured to pre-fetch data from a volume of the remote storage devices 122 that are most frequently accessed by the VM 110 to a cache (e.g., memory 208) locally associated with the NVMe controller 102 in anticipation of the next read operation by the VM 110 and delete a volume least frequently requested by the VM 110 from the local cache if the cache is close to being fully occupied.
In the example of
In some embodiments, the NVMe storage proxy engine 104 further includes a data security component 118, which is a security layer on top of the adaptation layer/116 and is configured to perform crypto operations to encrypt data to be written by the write operations before the data is transmitted to the remote storage devices 122 and to decrypt data read by the read operations from the remote storage devices 122 before it is provided to the VMs 110. The remote storage devices 122 are configured to perform the corresponding decryption and/or encryption operations on the data encrypted and/or decrypted by the data security component 118 of the NVMe storage proxy engine 104 using the same set of encryption keys. In some embodiments, the data security component 118 is configured to offload the crypto operations to components of the physical NVMe controller 102 (e.g., NVMe processing engine 202), which utilizes both hardware and embedded software to implement the security algorithms to accelerate the crypto operations so that the crypto operations would not introduce any latency into the data transmission between the VMs 110 and the remote storage devices 122 through the NVMe storage proxy engine 104. In some embodiments, the data security component 118 is configured to maintain keys used for the crypto operations in a secured environment on components of the physical NVMe controller 102 (e.g., memory 208), wherein access to the keys is restricted to the VM 110 issuing the instructions for the read/write operations and the data security component 118 only while no other VM 110 is allowed access to the keys. In some embodiments, the VM 110 and the data security component 118 are required to mutually authenticate each other via, for a non-limiting example, exchange of a shared secret, before being able to access the keys for the crypto operations.
In some embodiments, the NVMe storage proxy engine 104 further includes a data integrity component 118A, which is configured to perform checksum operations on data being transmitted between the VMs 110 and the remote storage devices 122 during the read/write operations for data integrity. For a non-limiting example, the checksum operations can be cyclic redundancy check (CRC) operations such as CRC-16 that check against accidental change in the data being transmitted. During a read operation, the data security component 118 performs a checksum operation on each data block/packet being transmitted from the remote storage devices 122 and attaches a value (e.g., a CRC-16 value) of the checksum operation to the data block in, for a non-limiting example, a data integrity field (DIF) following T10-DIF standard. When the host 112 of the VM 110 receives the data block from the NVMe storage proxy engine 104, the host 112 will then retrieve the value from the DIF of the received data block and compare it with its own calculated value by running CRC-16 operations on the received data block. During a write operation, the host 112 of the VMs 110 calculates a value based on a checksum operation on each data block to be written to remote storage devices 122 and attaches the checksum value to the data block based on standards. The data integrity component 118A of the NVMe storage proxy engine 104 will then compare and verify the checksum value based on the value stored on the physical NVMe controller 102 before transmitting and writing the data block to the remote storage devices 122. In some embodiments, the data integrity component 118A is configured to offload the checksum operations to components of the physical NVMe controller 102 (e.g., NVMe processing engine 202), which utilizes both hardware and embedded software to accelerate the checksum operations and free up host CPU cycles so that the operations would not introduce any latency into the data transmission between the VMs 110 and the remote storage devices 122 through the NVMe storage proxy engine 104. In some embodiments, the data integrity component 118A is configured to maintain the values used in the checksum operations in a secured environment on components of the physical NVMe controller 102 (e.g., memory 208).
In some embodiments, the NVMe storage proxy engine 104 further includes a data compression component 119 configured to compress data to be written to and decompress data read from the remote storage devices 122. The remote storage devices 122 are configured to decompress and/or compress the data compressed and/or decompressed by the data compression component 119 of the NVMe storage proxy engine 104 using the same compression/decompression approaches. Compressing data to be written to the remote storage devices 122 not only reduces the storage space to be consumed on the remote storage devices 122, but also reduces the network bandwidth required for transmitting the data, which is critical when a large amount of data is to be transmitted by multiple VMs at the same time. In some embodiments, the data compression component 119 is configured to offload its data compression and decompression operations to components of the physical NVMe controller 102 (e.g., NVMe processing engine 202), which utilizes both hardware and embedded software to accelerate the operations so that the operations would not introduce any latency into the data transmission between the VMs 110 and the remote storage devices 122 through the NVMe storage proxy engine 104.
In the example of
In some embodiments, each virtual NVMe controller 502 is configured to support identity-based authentication and access from its corresponding VM 110 for its operations, wherein each identity permits a different set of API calls for different types of commands/instructions used to create, initialize and manage the virtual NVMe controller 502, and/or provide access to the logic volume for the VM 110. In some embodiments, the types of commands made available by the virtual NVMe controller 502 vary based on the type of user requesting access through the VM 110 and some API calls do not require any user login. For a non-limiting example, different types of commands can be utilized to initialize and manage virtual NVMe controller 502 running on the physical NVMe controller 102.
As shown in the example of
During operation, each virtual NVMe controller 502 creates and maps one or more logical volumes in one or more NVMe namespaces mapped to a plurality of remote storage devices accessible over a network. Each virtual NVMe controller 502 then presents the NVMe namespaces of the logical volumes to its corresponding VM 110 as if they were local storage volumes. When the VM 110 performs read/write operations on the logical volumes, the virtual NVMe controller 502 monitors and meters the number of the read/write operations and the amount of data being transmitted as a result of the read/write operations. The virtual NVMe controller 502 is further configured to perform a plurality of operations on the data being transmitted for data security, integrity, and transmission efficiency as part of the value-added services provided to the user of the VM 110.
In some embodiments, each virtual NVMe controller 502 depicted in
The methods and system described herein may be at least partially embodied in the form of computer-implemented processes and apparatus for practicing those processes. The disclosed methods may also be at least partially embodied in the form of tangible, non-transitory machine readable storage media encoded with computer program code. The media may include, for example, RAMs, ROMs, CD-ROMs, DVD-ROMs, BD-ROMs, hard disk drives, flash memories, or any other non-transitory machine-readable storage medium, wherein, when the computer program code is loaded into and executed by a computer, the computer becomes an apparatus for practicing the method. The methods may also be at least partially embodied in the form of a computer into which computer program code is loaded and/or executed, such that, the computer becomes a special purpose computer for practicing the methods. When implemented on a general-purpose processor, the computer program code segments configure the processor to create specific logic circuits. The methods may alternatively be at least partially embodied in a digital signal processor formed of application specific integrated circuits for performing the methods.
The foregoing description of various embodiments of the claimed subject matter has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the claimed subject matter to the precise forms disclosed. Many modifications and variations will be apparent to the practitioner skilled in the art. Embodiments were chosen and described in order to best describe the principles of the invention and its practical application, thereby enabling others skilled in the relevant art to understand the claimed subject matter, the various embodiments and with various modifications that are suited to the particular use contemplated.
This application claims the benefit of U.S. Provisional Patent Application No. 61/987,956, filed May 2, 2014 and entitled “Systems and methods for accessing extensible storage devices over a network as local storage via NVMe controller,” which is incorporated herein in its entirety by reference. This application is related to co-pending U.S. patent application Ser. No. 14/279,712, filed May 16, 2014 and entitled “Systems and methods for NVMe controller virtualization to support multiple virtual machines running on a host,” which is incorporated herein in its entirety by reference. This application is related to co-pending U.S. patent application Ser. No. 14/300,552, filed Jun. 10, 2014 and entitled “Systems and methods for enabling access to extensible storage devices over a network as local storage via NVMe controller,” which is incorporated herein in its entirety by reference. This application is related to co-pending U.S. patent application Ser. No. 14/317,467, filed Jun. 27, 2014 and entitled “Systems and methods for enabling local caching for remote storage devices over a network via NVMe controller,” which is incorporated herein in its entirety by reference.
Number | Date | Country | |
---|---|---|---|
61987956 | May 2014 | US |