SNIA SDC 2017: 20 Years and Still Going Strong

The Storage Networking Industry Association’s Software Developer Summit (SNIA SDC) 2017 took place just after vBSDcon 2017 from September 11th through 14th in Santa Clara, California. Developers and decision makers from the largest storage vendors in the industry attended this event and I found it invaluable to my role as iXsystems Senior Analyst to attend as well as to speak.
 

 
While flash-based storage in all its forms is a perennial hot topic at the SDC, it has an inevitable twist: we are steadily making our way back to byte-addressed persistent storage memory, not unlike the core memory of the earliest computers but in orders of magnitude bigger, faster, and cheaper. The first wave of this movement is the Non-Volatile Memory (NVM) programming model which is flash-native, doing away with many layers of abstraction that allow “spinning rust” to appear as block devices to a system.
Open Source had its strongest presence at the SDC in the organization’s 20 year history. I did my part to support this by opening the first day with two talks. The first demonstrated Open Source as an ideal strategy for creating reference implementations of open standards. The second, “Mitigating Ransomware Attacks at the Block Level with OpenZFS”, described why FreeBSD and FreeNAS are great Open Source solutions for combating the real-world threat of ransomware while also serving as excellent reference implementations of open standards such as network protocols, plus techniques straight out of the SNIA Dictionary such as RAID and Replication.
 

 
SNIA has a natural preference for permissively-licensed reference implementations of the standards they develop, but not a consistent track record for delivering and maintaining them. This is changing with their Swordfish storage management stack that members have prototyped in Python and AngularJS under an MIT license. If Open Source is music to my ears, this is the guitar solo and I am excited about the organization’s sharpening focus on Open Source.
The keynotes on the second day continued the Open Source theme with Sage Weil from the Ceph project and Martin Petersen from Oracle with “Recent Developments in The Linux I/O Stack”. OpenZFS specifically came up in an Intel talk when the researcher reported that the relatively larger 128K default block size of ZFS is optimal for use with Intel in-CPU encryption accelerators. Allan Jude of ZFS Book fame looks forward to seeing how even larger block sizes will perform with Intel crypto.
After flash storage and Open Source, one hallway track theme stood out: the impending IoT and ransomware bloodbath that will take place on consumer information devices. Today, from the recent massive Equifax leak to the barrage of ransomware attacks at all levels, there are clearly some valid concerns being raised that warrant changes in behavior by both users and vendors. One equal source of both hope and dread is the European Union General Data Protection Directive which can be thought of as the “strong crypto” of personal information privacy. Under the directive, E.U. countries will be required to establish a system that allows companies and organizations to report “potential” data breaches and to provide their constituents the ability to erase themselves from any system containing Personally Identifiable Information (PII).
This “right to be forgotten” is so attractive that citizens are already beginning to exercise it and unfortunately, the directive offers little guidance in practical implementation and thus will be navigated in the courts. What is clear is that organizations will need to appoint a Data Protection Officer to assess the company’s compliance with the GDPR and respond to GDPR-related inquiries. From an abuse perspective however, will criminals be able to strategically destroy evidence in the name of privacy? Will identity thieves double as identity assassins for want of well-defined and proven security mechanisms for validating information destruction requests? Will the arrival of employees at work constitute the potential for personal information exfiltration? With nine months remaining until the GDPR directive becomes fully enforceable, will company policies and vendor solutions be mature enough for widespread compliance? Finally, consider that U.S. companies like Google are not exempt from the GDPR if they collect personal information from E.U. citizens during the normal course of business. Rest assured, tools such as FreeNAS and TrueNAS are here to help both comply with the GDPR using per-user datasets and encryption at rest, plus mitigate ransomware attacks with block-level snapshots and clones.
The real-world challenge of political and mechanical compliance with the E.U. GDPR is only one example of the fascinating and timely topics of discussion within SNIA and is why I find participation in SNIA events so valuable. Many SNIA members occupy the top levels of their respective employers yet their passion drives them to volunteer with SNIA by giving talks, chairing committees, and organizing events like the SDC. If this balance of experience, passion, and willingness to leave your marketing guns at the door sounds like you, I invite you to learn more about SNIA and consider joining.
 
Michael Dexter
Senior Analyst, iXsystems