IBM upgrades FlashSystem to tackle ransomware

Not being able to break into the vault

IBM's Cyber Vault offers users a secure and isolated environment for critical data on primary storage, according to Scott Baker, chief marketing officer and vice president of IBM storage product marketing. Cyber Vault should be thought of as operational air gapping, he said. The vault is disconnected from the primary RAID, still within the IT network itself, but secure and separated from the primary storage.

Scott Baker

"Cyber Vault creates an environment by which restore points can be scanned and verified from the perspective that they are devoid of any kind of malware or ransomware fingerprints, as defined by the scanning tools themselves," Baker said.

Cyber Vault uses IBM Safeguarded Copy as a protection mechanism, which enables users to set policies to create immutable snapshots of data that cannot be altered or deleted, Kennelly said. To receive a copy, users need dual authentication, and even then, they will only be given a copy of a copy.

"We make sure there's no backdoor getting [to the snapshots]," Kennelly said.

Immutable snapshots are a critical part of a viable ransomware product, IDC's Burgener said. IBM integrated Safeguarded Copy with its Snapshot Scheduler, which enables customers to set policies around automatically executing and retaining snapshots over time. This level of automation makes it easier for users to meet their recovery point objective and recovery time objective goals, he said.

One consultant was optimistic about the arrival of the new offerings, but also believes such products face a growing and ever-changing challenge with no end in sight.

"With this level of resiliency, the combination of these two [offerings] has the potential to go a long way toward solving the ransomware problem," said Frank Dzubeck, president of Communications Network Architects Inc. "But [ransomware] is not going away, and it's becoming a bigger problem than many users realize."

A Gartner survey released in early 2020 reported that 61% of survey takers had been infected with ransomware -- and that 60% of those infected had to shut down within six months.

Angela Lambert

The study also reported that only 50% of companies that paid the ransom got their data back, and some 31% of those affected discontinued their relationship with their vendors.

"If 61% of users have been impacted, it's an indication that there are a ton of corporations out there that aren't reporting the attacks," Dzubeck said.

With enterprises having no way to guarantee full prevention of cyber attacks, these types of solutions can minimize business disruption in the wake of an attack via fast recovery of protected data.

While the new offerings unveiled this week are being delivered by IBM's storage group, much of the unit's focus is on other technology areas, namely security and hybrid cloud. This is in line with a broader trend occurring in the data storage industry where vendors target hot use cases that give them a better chance of selling their hardware, noted Angela Lambert, principal analyst at Technology Business Research Inc. in Hampton, N.H.

"For example, Dell EMC recently announced a similar offering, PowerProtect Cyber Recovery for AWS," Lambert said. "With enterprises having no way to guarantee full prevention of cyber attacks, these types of solutions can minimize business disruption in the wake of an attack via fast recovery of protected data. They can serve as important tools to support customers' response strategies."

New midrange and high-end FlashSystems

IBM FlashSystem, first introduced in April 2013, has now been around for almost a decade. Last year, IBM refreshed its entry-level Flash System 5200. Now IBM is adding new midrange and high-end models to the FlashSystem portfolio with its 7300 and 9500 models. This gives users entry-level, midrange and high-end models in 1U, 2U and 4U form factors.

Eric Burgener

Despite its history, FlashSystem is far from alone in the all-flash array market. Other players include NetApp with its All-Flash FAS, Pure Storage FlashArray//X, Dell EMC PowerStore and PowerMax, and HPE Alletra, both Primera and Nimble.

IDC's Burgener said that, like Pure, IBM sets itself apart by using custom memory modules, in IBM's case FlashCore Modules, while most competitors use off-the-shelf SSDs. The FlashCore Modules drive high storage densities and low latency storage access. Both models announced Tuesday are performance and capacity dense compared to the competition, Burgener added.

The FlashCore Modules bring very high raw capacity and then add compression to really increase effective density in a rack unit, Kennelly said.

"We can put up to a petabyte of storage in 1U, which has a lot of impact for things like sustainability," he said

To get an effective petabyte in a single rack unit, the vendor is using its FlashCore Module, which has a capacity of up to 38.4 TB in a 2.5-inch form factor and provides computational storage that brings 3:1 in-line compression. Kennelly said this added compression provides higher effective capacity and up to a 50% performance boost on the 9500 and a 25% performance boost on the 7300.

The FlashCore Module is built in-house by IBM, although customers can select regular SSDs as well. The third-generation FlashCore Module saw a hardware upgrade, including new Arm processors, field programmable gate arrays and flash chips, according to IBM's Baker. The modules are a combination of quad-level cell NAND (QLC), single-level cell NAND (SLC) and DRAM. 

The addition of the Arm processor marks the first time the company has added the processor to one of its storage offerings, which is designed to provide speed and performance especially when used in hybrid cloud environments.

From a hardware perspective, the 9500 is using the Intel Ice Lake processors that bring the benefit of PCIe 4.0 performance as well as a doubling of the ports with now up to 48 32 Gigabit Fibre Channel (GFC) and is ready for 64 GFC with new network interface cards. IBM also offers 12 100 Gb ports or 20 25 Gb ports, depending on what the customer needs.

The hardware on the 7300 model is more in line with midrange storage needs, with a multicore Intel Cascade Lake processor, according to Baker.

Cyber Vault is built into the new models, and comes standard with the offering, Kennelly said.

Expanding its hybrid reach

The final new aspect of FlashSystem is tying the all-flash array into the hybrid cloud. IBM Spectrum Virtualize software can now be installed on edge to core to public cloud, AWS, Azure and IBM Cloud, according to Kennelly. This enables things like replication across these different environments with a consistent OS.

IBM officials said Spectrum Virtualize will have complete interoperability with VMware sometime in the first half of this year, enabling VMware's vCenter users to work directly with IBM's FlashSystem with the addition of a vSphere API for Storage Awareness, APIs that make it easier for storage admins to maintain data stores, a 3.0 driver and support for vVol 2.0 support. It also makes the product easier to implement, IBM said.

Customers want the same enterprise-class storage OS both on premises and in the public cloud, Burgener said.

"They get the same set of comprehensive, enterprise-class storage management capabilities managed in exactly the same way in all locations," he said.

IBM also updated its SAN Volume Controller with a new Ice Lake processor. The latest version of the SAN Volume Controller still uses the same Spectrum Virtualize software, and customers can take existing legacy storage from other vendors and manage them as if they were IBM devices. This enables customers to better utilize existing IT investments -- even non-IBM gear, according to Baker.