Nibs, niblets, nibbles; brief news items to start the week and give you an appetite for five days of full-tilt action. Let’s see what we have from AWS, Delphix, Druva, and NVM Express.
AWS: there’s not a hole in my bucket
AWS S3 users can now block public access to all their buckets or to individual buckets. In a blog Amazon’s Jeff Barr states: “Newly created Amazon S3 buckets and objects are (and always have been) private and protected by default, with the option to use Access Control Lists (ACLs) and bucket policies to grant access to other AWS accounts or to public (anonymous) requests.”
However, he acknowledges mistakes and misunderstandings can occur, hence this new level of safety.
He says: “You have the ability to block existing public access (whether it was specified by an ACL or a policy) and to ensure that public access is not granted to newly created items. If an AWS account is used to host a data lake or another business application, blocking public access will serve as an account-level guard against accidental public exposure. Our goal is to make clear that public access is to be used for web hosting!”
The feature can be accessed from the S3 Console, the CLI, the S3 APIs, and from within CloudFormation templates.
Delphix drives DataOps idea harder
Delphix, a database virtualization company marketing itself as a DataOps business, has hired Monika Saha as CMO and Sanjeev Sharma to lead its newly-established global Data Transformation team.
Sharma was previously at IBM Engineering, where he was a director and Distinguished Engineer. He is the author of the DevOps Adoption Playbook. Monika Saha is a software/SaaS vet and comes from Zuora where she was the GM of its finance product line.
Delphix says customers include half of the Fortune 50 (including 3/5 top banks, 7/10 top insurance companies and 6/10 top tech companies in the world).
Druva has poached Veritas’s chief product officer Mike Palmer to occupy the same role at his new billet.
Druva took in $80 million in F-round funding in 2017 and this move is part of its expansion into a fuller service data protection and management enterprise supplier.
Palmer worked at Veritas for three years, and before that ran cloud services at Seagate.
NVM Express org formalises NVMe over TCP
NVMe over Fabrics originally used expensive InfiniBand (iWARP) or data centre-class, meaning lossless, Ethernet (ROCE) to extend PCIe bus local drive access speeds out to shared external arrays. Then it was extended to work across a Fibre Channel fabric.
Now, at a cost of slightly increased latency, as with NVMe FC, NVMe can operate across a TCP/IP link using ordinary Ethernet.
NVMe/TCP defines the mapping of NVMe queues, NVMe-oF capsules and data delivery over the IETF Transport Control Protocol (TCP). The NVMe/TCP transport offers optional enhancements such as inline data integrity (DIGEST) and online Transport Layer Security (TLS).
This allows large-scale data centres to utilise their existing ubiquitous Ethernet infrastructure with multi-layered switch topologies and traditional Ethernet network adapters. NVMe/TCP is designed to layer over existing software based TCP transport implementations as well as future hardware accelerated implementations.
Software NVMe/TCP host and controller device drivers are also available for early adoption in both the Linux Kernel and SPDK environments. NVMe/TCP implementations were designed to plug seamlessly to their existing NVMe and NVMe-oF software stacks.