NAS Technology and Applications

Security Level:
Contents

1 Overview

2 Technology

3 Products

4 Applications

1 Huawei Confidential
What Is NAS?
Definition
NAS is a storage device which connects to a network, shares its own storage
with that network, and acts as a file server for file access.

Benefits
• Simple operations eliminate the
need for dedicated IT experts
• Lower cost, shared IP switches,
IP network and 0 SAN switches
• Safe and reliable
RAID • Easy data backup and recovery
NAS storage

2 Huawei Confidential
NAS Origins
With the origination and development of the network, the demand for unstructured
file sharing is growing, which promoted the generation of NAS storage.
1946 First Computer 1974 TCP/IP 1984 IBM/NOVELL/MS/ 1990 Internet link the
No Network 1979 DuKe, first file share 3COM allowing network commercial and
exchange to remove media servers to be shared enterprise network

1946 1979 1984 1990

Shared Media Shared File Shared File NAS Storage

FD, CD, HDD, USB and Directory Server

3 Huawei Confidential
NAS Evolution

Sun NetApp Distributed NAS Huawei Huawei

NFS First NAS product: Startups 2nd NAS: WushanFS Top 2: V5 NAS
Filer Isilon /GlusterFS (2013: Rebranded 9000)

1984 1988 1990 1993 2000 2006 2010 2011 2014 2018

IBM NetApp Apache Dell EMC Huawei

SMB Best NAS: FAS HDFS Top 3: Isilon OceanStor V3/V5 NAS
(1996: MS CIFS) Server400 takeover

4 Huawei Confidential
Differences Among DAS, SAN, and NAS
Item DAS SAN NAS
Direct Dedicated SAN Local area
Network
Attached Network network
Reliability
Performance SAS/ATA/S
Scalability Data sharing Protocols FC/iSCSI/SCSI NFS/CIFS
CSI
Data
Block Block File
RAID Package
offload
FC HBA/iSCSI
File system HBA SAS HBA GE/10GE
INI
offload
Data
Low High Highest
sharing
File sharing,
Small Database and
Scenarios archival, and
servers VMware
backup
DR solution
Low High, dedicated High
(complexity)

Capacity Low High High

5 Huawei Confidential
 Major Players and Products
Players List Global Market Share (2018)

Top
FAS9000 series OceanStor V5 NAS Isilon + Unity
+9000 PowerMax

HNAS 4000 IBM V7000U 3PAR file persona

Others

Open-Source NAS PanFS for HPC NAS VM

6 Huawei Confidential
NAS Components

• NAS Storage Client

• External Server
a. DNS Server
b. AD/LDAP Server
• IP Switch Switch

• NAS Client
a. Server/MainFrame
b. PC
NAS AD
c. Printer storage
d. Scanner

External server

7 Huawei Confidential
NAS Storage Software
• Operating System Kernel
a. Windows
NAS Share (CIFS/NFS)
b. Linux Web Management
• Storage Management • Configuration
a. RAID 0/1/10/5/6/50 File System • Viewing
b. Erasure coding N+M • Monitoring
c. Multi-copy • Statistics
Storage Management
• File System RAID/POOL • Fault Handling

a. DFS
b. Quota and WORM
Operating System Kernel (Windows/Linux)
• NAS Share
a. CIFS, NFS, FTP, and HTTP
NAS Hardware (CPU/Cache/HDD/GE/Switch)
• Web Management

8 Huawei Confidential
Three Types of NAS Devices
Distributed NAS Centralized NAS Gateway NAS

NAS Type Device Form Scale-Out RAID/EC Scenario Major Product Huawei
EC N+M/ Multi- Dell EMC Isilon
Distributed Server cluster Up to 4000 Cloud, big data OceanStor 9000
Copy Ceph
Controller + Disk File sharing, archival, NetApp FAS
Centralized ≤ 24 RAID 0/1/10/5/6 OceanStor V5
(scale-up) and backup Dell EMC Unity
NAS gateway + File sharing, archival, HDS HNAS
Gateway ≤4 Based on SAN Dorado V3
SAN storage and backup Dell EMC FS8600

9 Huawei Confidential
SMB/CIFS
Server Message Block (SMB) is a protocol for network file sharing with one of the most
popular versions being Microsoft SMB.
The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS
are also available on ESXi, Unix, Linux and Mac.
Introduced Introduced Introduced
SMB2 SMB2.1 SMB3.1
Named
as SMB Renamed

SAMBA Introduced SMB3.0

New features
created

10 Huawei Confidential
SMB/CIFS Communication Agreement
Inconsistent SMB versions between the client and the server result in both following a
communication agreement

Server- NAS Storage SMB/CIFS Version

Side
Version SMB/CIFS3.1.1 SMB/CIFS3.0.2 SMB/CIFS3.0 SMB/CIFS 2.1 SMB/CIFS2.0

Windows 10
SMB 3.1.1 SMB 3.0.2 SMB 3.0 SMB 2.1 SMB 2.0
/2016
Windows 8.1
SMB 3.0.2 SMB 3.0.2 SMB 3.0 SMB 2.1 SMB 2.0
/2012R2
Windows 8
SMB 3.0 SMB 3.0 SMB 3.0 SMB 2.1 SMB 2.0
/2012
Windows 7
SMB 2.1 SMB 2.1 SMB 2.1 SMB 2.1 SMB 2.0
/2008 R2

11 Huawei Confidential
NFS
Network File System (NFS) is a distributed file system protocol originally
developed by Sun Microsystems (Sun) in 1984. It is an open standard defined
in a Request for Comments (RFC), allowing anyone to implement the protocol.
In 2003, Sun Microsystems transferred NFS protocol development to the
Internet Engineering Task Force (IETF).

12 Huawei Confidential
NFS Working Principle
NFS implements remote communication based on the Remote Procedure Call
(RPC) protocol. RPC uses the client-server model.

1. The RPC client sends a call

request with parameters to the
RPC server and waits for a
response.
2. Upon receipt of the call request,
the RPC server obtains the
process parameters, outputs the
calculation results, and sends
the reply to the client.
3. The RPC client receives the
reply and obtains call results.

13 Huawei Confidential
NFS vs. CIFS

Item NFS CIFS/SMB

Accessing Operating System Linux, Unix Windows

Development Group IETF Microsoft

Security Authentication Client IP, Domain User Local User, Domain User

Supported Domain System NIS, LDAP AD

Session State Stateless Stateful

Transport Protocol TCP, UDP TCP

14 Huawei Confidential
Contents

1 Overview

2 Technology

3 Products

4 Applications

15 Huawei Confidential
Quotas
Problem: With the increase of information assets and file sharing, storage
space management is becoming more and more complicated.
When multiple users access a shared
Quota 1: 1 TB
directory, sometimes some users will NAS
overuse the space and others cannot Manager
Share:
use it, or even cause the entire 5 TB
Quota 2: 1 TB
system to run abnormally.
Dev Team
Solution: Quota Mechanism Quota 3: 1 TB
By limiting the file capacity or number
Test Team
of users, users can be prevented
from occupying excessive storage Quota 4: 1 TB

resources, thereby improving system Others QA

reliability.
16 Huawei Confidential
Quota Levels
Three Quota Levels: Example:
Level Threshold Restrict I/Os or Not NAS
Advisory Soft Hard
Denying I/O operations and
Hard Quota High
reporting alarms Directory 1
90% Soft 700 GB 850 GB

Reporting alarms and allowing

fs/0
data writes during the grace
Soft Quota Middle Directory 2
period, restricting data writes
immediately after the expiration 90% Soft 1000 files 3000 files

Advisory Just reporting alarms and not Directory N

Low
Quota restricting writes 90% Soft 1TB 2TB

17 Huawei Confidential
Quota Working Principle

Dimensions Quota Support Matrix

• Capacity Resource Level Directory User User group

• File quantity Advisory quota Y Y Y

Capacity Soft quota Y Y Y

Hard quota Y Y Y
Objects
Advisory quota Y Y Y
• Directory
File
• User quantity
Soft quota Y Y Y

• User group Hard quota Y Y Y

18 Huawei Confidential
WORM

WORM stands for Write Once Read Difference Between WORM and Common File
Many. It puts a file into protection mode
immediately after data is written by WORM Common
manual setting or time expiration. File File
Read
Modify
Delete
What supports WORM?

CD/DVD-ROMs, electronic exams, e-contracts, archives

Rename
Any others?

19 Huawei Confidential
WORM Mode

• Enterprise WORM: Provides administrators

with the flexibility to manage files. This mode is Key Difference Between Modes
mainly used in enterprise internal control. WORM-E WORM-C

• Compliance WORM: Implements a data Privileged

Delete
protection mechanism in compliance with
SEC17a-4
regulations. This model allows enterprises to avoid Compliance

legal risks in archiving confidential documents.

20 Huawei Confidential
Global Namespace
The Answer - Global
NAS Nightmare Namespace (GNS)
• File virtualization technology:
Aggregates different file systems
and provides a unified access
namespace.
• GNS allows clients to access files
even not knowing the locations of
the discrete files, just like accessing
web sites without knowing their IP
addresses.

21 Huawei Confidential
DNS
• DNS
Domain Name System (DNS) is a network Domain Name Resolver
service, mainly used for the conversion
between domain names and IP addresses.

• Functions of DNS Server

1. Domain Name Resolver
2. Load Balancing

• Benefits
1. Access Internet more conveniently without
having to remember each IP address.
2. Access more balanced without single point
of bottleneck.
22 Huawei Confidential
DNS Load Balancing
Client DNS
server • Principle
1. A client uses a domain name to access a NAS
service.
2. A DNS request is sent to the DNS server to obtain
an IP address based on the domain name.
3. The DNS server selects an IP address and returns it
to the client.
NAS
storage • Load Balancing Policies
1. Round-robin
2. CPU usage of each node
3. Number of connections per node
4. Port bandwidth usage of each node
5. Comprehensive load of each node

23 Huawei Confidential
Built-in and External DNS Servers
Built-in DNS TOPO
• External DNS Server Client
E.g: Windows DNS Server, Open
source BIND
Advantage: Unified Management for
multiple NAS
NAS/DNS
• Built-in DNS Server server
Advantages: high reliability, cost free,
and simple networking

24 Huawei Confidential
NAS Audit Logs
NAS audit logs are used in security audit scenarios to trace each file operation.
They are recorded when files are accessed.

• Supported file operations:

a. Create, Delete, Rename
b. Open, Close
c. Read, Write
d. Get_attr, Set_attr
e. Get_security, Set_security

• Supports integration with

3rd-party log servers.

25 Huawei Confidential
Multi-Tenancy
Customer Requirements:
• When enterprises or users use the same physical storage device, their logical resources
may be interfered or accessed by each other, adversely affecting data security.
• User management brings extra O&M costs to IT service providers.

Each vStore has independent NAS protocol services,

including:
1. Domain service (AD/LDAP/NIS)
2. CIFS service
3. NFS service
4. NDMP service
Each service can be disabled and enabled separately.

26 Huawei Confidential
Multi-Protocol Access
Multi-Protocol Access enables Windows, Linux, and Unix clients to access
the same directory or file concurrently.
Multi-Protocol Access Security
Item Permission User
Local User
SMB NT ACL
AD Server
UNIX Mode Client
NFS
NFS v4 ACL NIS / LDAP

Shared Access File Consistency

Item Read File Write File
Read File Yes No
Write File No No

27 Huawei Confidential
Multi-Protocol File Sharing
Application Scenario: Enterprise Office File Sharing

28 Huawei Confidential
Contents

1 Overview

2 Technology

3 Products

4 Applications

29 Huawei Confidential
Centralized NAS – OceanStor V5
Highlights
• Parallel File and Block Service from storage pool with no gateway
• Scaling & High Availability: scale-out up to 16 controllers and active-active DR
• Cloud-Oriented: Storage as a Service and Hybrid cloud

Front View Software Architecture

iSCSI/FC/FCoE NFS/CIFS/FTP/HTTP

Block Service File Service

Rear View
Storage Pool RAID 2.0+

30 Huawei Confidential
Distributed NAS – OceanStor 9000
Application servers Management terminal Highlights:
• Outstanding performance: The

P25A/P36A/C36A
Fastest NAS system in the
Management switch
industry

• Flexible scalability: The

Largest single file system in
10GE/IB/GE switch 10GE/IB
switch
the industry
(separate purchase
required)

• Ease to use: Unified

management for
OceanStor 9000 diversified applications

31 Huawei Confidential
Contents

1 Overview

2 Technology

3 Products

4 Applications

32 Huawei Confidential
Non-Linear Media Editing System
Ingesting Editing Production Long-term
system system system archive

Data Data Data

migration migration migration

NAS Solution Production: Features and Archival storage: Features

Requirements and Requirements
1. High bandwidth, big files, and big I/O block (> 1 MB) 1. Massive capacity
2. SMB 2/SMB 3 for Windows/MAC clients 2. Low TCO
3. Easy to increase performance and capacity
4. Easy to migrate data Solution: OceanStor 9000
Solution: OceanStor 9000 high-density node
33 Huawei Confidential
Medical PACS System
Doctors' Terminals Image Capture Technicians
X-Ray MR/MRI
Clinical Outpatient
Medical Treatment ECHO EMG ECG
Process

PACS Server PACS DB Servers PACS App Server

DICOM Servers

PACS Imaging
Storage
NAS Storage

PACS Features and Requirements

1. Massive volume of small files, most ranging from 128 KB to 1 MB
Solution: OceanStor V5 NAS
2. High OPS and low I/O latency
3. High reliability

34 Huawei Confidential
EDA System
User

Compute (Physical)
EDA
NAS Application
Client (VM)
software • EDA Dev
Cadence • EDA Test
Synopsys Business Features
Task Short (< 3 hours) Mentor
submission • Massive volume of
Task management (IBM LSF) License small files: > 4
and scheduling obtaining billions
Result
returning
Normal (< 24 hours) • File size (95% of files)
Task < 128 KB
Master Slave scheduling License • Parallel access, high
server
Long (> 24 hours) OPS, and low
Red Hat Linux CentOS latency
NFS 10GE
NAS storage Solution: OceanStor
resources
Archive V5 NAS
35 Huawei Confidential
Video Surveillance System

Video surveillance architecture

Features and Requirements
Management
Video storage • Big file and big I/O block (> 1 MB)
platform Smart application • Sequential writes with high
NAS Storage
bandwidth
• Massive capacity and easy
scale-out
• Centralized management

Solution: OceanStor 9000

36 Huawei Confidential
Thank you. Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Copyright © 2020 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.