A Data Storage Diode for Classified Sites

Developing a “Storage Diode” by combining specific pieces of storage technologies such as HDF5, multipathing, ACL, user authentication (Kerberos, LDAP...) while leveraging NVMe-oF, is very useful for classified sites requiring remote and secure replication on NVMe SSDs. The storage diode is a dedicated storage system with two isolated Read and Write path, with guaranty of the data integrity. Leveraging dual port NVMe drives and the parallelism of advanced processors, this paper reviews how to fully isolate channels at both logical and physical levels, and dedicate write-only and read-only path to storage devices over a NVMe-oF fabric. This technique allows restricted/classified computing center to push (write) data to the storage diode, assuring the path to the outside world can be only be accessed in Read-Only.

Learning Objectives

Needs for security of sensitive storage sites,Implementation of NVMe-oF disaggregation for secured site,Understanding of many core processor architecture with isolated channels