Hi, my name is Douglas Copas, an Oracle Cloud Infrastructure Solution Architect. In this blog post, I’ll introduce you to Oracle Cloud Infrastructure Storage Gateway. In simple terms, and in the current incarnation, Storage Gateway is piece of software that uses the Oracle Cloud Infrastructure Object Storage API to turn an ordinary NFS share into an Object Storage backed NFS share. Normally, for an application to use Object Storage, that application needs to support and use the Object Storage API. The Storage Gateway abstracts this away, letting the client simply write to a standard file directory.
For a while now, I’ve been of the opinion that the age old question “What is a cloud?” actually has a simple answer: it’s an API. Specifically, of course, it’s an API that provides compute, storage, and network resources, but it’s an API nonetheless. When seen through the lens of this API, classic computing infrastructure takes on a flexibility and fluidity not possible in the physical world and only hinted at in the monolithic enterprise virtualization solutions of yesteryear. The modern, API-driven cloud infrastructure is powerful. As we’ll see with Storage Gateway, the Oracle Cloud Infrastructure API has been leveraged to achieve something very clever and useful. But first a side note about Object Storage.
What Is Object Storage and How Is It Different from Block Storage?
Object Storage can be thought of as something in-between the unstructured, content-agnostic block storage (most akin to the home PC’s local hard disk) and a document management system, which tracks versioning, authorship, and, to some extent, content. Object Storage is a network-connected system whereby objects are read and written to a remote system via a REST API. These objects then reside in a logical construct called a bucket. These objects can be anything, but generally the system is designed for immutable items such as photos, videos, and compressed archives. Things that are written once by one person and read many times by many others lend themselves well to this system.
Of course, Oracle Cloud Infrastructure Object Storage has an API, and that API allows us to do something very clever.
Introducing Storage Gateway
Now, networked storage is a concept that goes back many years. A quick look at Wikipedia tells me that Sun developed NFS in 1984, “allowing a user on a client computer to access files over a computer network much like local storage is accessed.” The idea is simple: one or more servers use their own storage to store (and serve) files for clients. But what if the server didn’t write things locally? What if the files were in turn sent into the cloud? This is where Oracle Cloud Infrastructure Storage Gateway fits in.
How It Works
The idea is simple. Take a Linux server on Oracle Cloud Infrastructure running NFS server bits, and install the Oracle Cloud Infrastructure Storage Gateway bits. After a little configuration, when a file is written or modified in a Storage Gateway backed share, that file is automatically uploaded to a connected Object Storage bucket. NFS itself does most of the work, advertising the share, managing the transfer between the NFS server and the NFS clients, and so on. Storage Gateway handles other tasks, like read and write caching and multipart upload. This basically means that you can have a NFS server with no local storage for the files, enabling some of the scenarios that NFS itself enables. Why only some? I’ll discuss that at the end of the post.
How to Install It
One of the awesome things about Oracle Cloud Infrastructure is the documentation, and the Storage Gateway installation instructions are no exception. Here I just want to list a few notes about the process that you might find helpful.
First, when creating a server in Oracle Cloud Infrastructure to host Storage Gateway, plan ahead. Unsurprisingly, the server needs some large block volumes attached to it to act as a cache. We recommend having at least three separate volumes, for the cache, metadata, and logs. Failing to do this results in some scary warning messages in the installation process, and failing to plan ahead results in multiple aborted installation attempts while block volumes are attached.
Second, a note about the management console and admin password. Without using the -a option for advanced options, the installation script makes the management (web) console available on port 443, with no URI. If you are installing Storage Gateway on a VM with a public IP address, the console will be immediately reachable by anyone (security list rules notwithstanding), and in fact the first user to connect via the management console will be prompted to set an initial password. To avoid any security exposure, a temporary explicit DENY rule for incoming traffic on the management port can be added to iptables on the Storage Gateway server, until the sudo ocisg do password:reset and sudo ocisg password:set <new_password> commands can be issued from the CLI.
You also need to create an Object Storage bucket in your tenancy for each NFS share that you want to back.
How to Use It (and How Not to)
Overview of Storage Gateway: Recommended Uses and Workloads is a must-read at this point. Imagine a scenario where a client workload produces backups in .tgz form. A simple cron job or two, and standby systems in another region will always have the latest backup available from which to restore.
I want to stress that using Object Storage to back a block storage share (NFS) has consequences. Workloads that perform frequent read/writes to files should not have those files residing in an Oracle Cloud Infrastructure Storage Gateway share. Likewise, there is no support for multiple-write merging. Consequently, the system is not a good choice for a collaboration workspace. In fact, keeping humans out of this file system altogether is probably a good idea. This is no problem in the cloud, where automation is the watchword and should always be the first choice.
Stay tuned for my next post in which I’ll discuss private inter-region VCN peering in EMEA (and provide a nice use case for Storage Gateway in the process).