Abstract: Techniques for achieving tenant data confidentiality in a cloud environment are presented. A daemon process within a Tenant Storage Machine (TSM) manages a key store for a particular tenant of a cloud storage environment having multiple other tenants. Just TSM storage processes are given access to the key store. Data is decrypted for the particular tenant when access is needed and data is encrypted using encryption keys of the key store when written in the cloud storage environment.

Abstract: Techniques for translating Service Level Agreement (SLA) policy into storage controller requirements within a cloud storage environment are presented. System resource metrics for a storage controller are derived. The SLA policy is defined in terms of SLA parameters. Heuristics are used to translate the SLA parameters into defined percentages of system resources for the storage controller, which are compared to the system resource metrics and adjustments are updates are made as needed.

Abstract: Techniques for tenant-bases storage security and service level assurances in a cloud environment are presented. A Tenant Storage Machine (TSM) for each tenant uses a unique identifier. The TSM is dynamically allocated with operating system resources to run processes based on agreed service level assurances. The service level assurances are stored in a Service Level Assurance (SLA) policy store. The TSM communicates with the SLA policy store via a TSM bus to acquire a SLA policy configured for the tenant and based on which resources are dynamically allocated. Processes running under the TSM run with root privileges to provide security.

Abstract: Techniques for achieving storage and network isolation in a cloud environment are presented. A single Internet Protocol (IP) address is presented to multiple storage tenants that use storage in a cloud environment. When each tenant accesses the IP address, a specific identity of the tenant is resolved and the storage stack for that tenant is sent to the tenant's storage machine having the tenant's storage. The tenant is directly connected to its tenant storage machine thereafter.

Abstract: Techniques for achieving high availability (HA) in a cloud environment are presented. Cloud storage provided to multiple tenants is accessed via a plurality of controllers via a switch. The controllers are organized in a ring and each controller is responsible for detecting failures in adjoining controllers within the ring. Storage services for the tenants are serviced without disruptions even when multiple nodes completely fail at the same time.

Abstract: Techniques for achieving high availability (HA) in a cloud environment are presented. Cloud storage provided to multiple tenants is accessed via a plurality of controllers via a switch. The controllers are organized in a ring and each controller is responsible for detecting failures in adjoining controllers within the ring. Storage services for the tenants are serviced without disruptions even when multiple nodes completely fail at the same time.

Abstract: Techniques for achieving storage and network isolation in a cloud environment are presented. A single Internet Protocol (IP) address is presented to multiple storage tenants that use storage in a cloud environment. When each tenant accesses the IP address, a specific identity of the tenant is resolved and the storage stack for that tenant is sent to the tenant's storage machine having the tenant's storage. The tenant is directly connected to its tenant storage machine thereafter.

Abstract: Techniques for achieving tenant data confidentiality in a cloud environment are presented. A daemon process within a Tenant Storage Machine (TSM) manages a key store for a particular tenant of a cloud storage environment having multiple other tenants. Just TSM storage processes are given access to the key store. Data is decrypted for the particular tenant when access is needed and data is encrypted using encryption keys of the key store when written in the cloud storage environment.