Overview
The article discusses Uber's implementation of encryption at rest and disk isolation at scale using their Stateful Platform, Odin. It outlines the challenges faced during the transition from a shared file system to a more secure and efficient volume management system, emphasizing the importance of dynamic volume management and encryption strategies.
What You'll Learn
1
How to implement dynamic volume management for workloads
2
Why block-level encryption is preferred over application-level encryption
3
How to optimize LUKS extension operations to reduce IO stalls
Prerequisites & Requirements
- Understanding of encryption concepts and disk management
- Familiarity with Linux system administration(optional)
Key Questions Answered
What are the benefits of using block-level encryption at Uber?
Block-level encryption secures all data, including metadata and free space, providing a uniform setup that simplifies management. This approach is advantageous over application-level encryption, which can be complex and resource-intensive, ensuring compliance and security across various workloads.
How does Uber manage disk space for workloads in LVM?
Uber uses Logical Volume Management (LVM) to create logical volumes for each workload, allowing for better disk space allocation and management. This setup enables dynamic resizing of volumes based on workload needs, ensuring efficient resource utilization and preventing disk exhaustion.
What challenges did Uber face during the migration to LVM?
The migration to LVM involved balancing a safe rollout with the need to minimize system strain. Challenges included managing disk space allocation dynamically and ensuring that workloads could grow without running out of space, which required a tighter integration between the control plane and host agent.
Key Statistics & Figures
Disk space provided by Odin
3.45 Exabytes
This disk space is distributed across 100,000 hosts, enabling efficient data management for Uber's extensive workloads.
Number of workloads on a single host
more than 100
This high density of workloads showcases the need for effective resource management and isolation strategies.
Technologies & Tools
Some links below are affiliate links. We may earn a commission if you make a purchase.
Storage Management
Lvm
Used for dynamic volume management to allocate disk space efficiently.
Encryption
Luks
Provides block device encryption to secure data at rest.
Container Orchestration
Kubernetes
Future initiatives for managing workloads and resources.
Key Actionable Insights
1Implementing dynamic volume management can significantly enhance resource utilization across workloads.This approach allows for better allocation of disk space, reducing waste and ensuring that workloads have the necessary resources without manual intervention.
2Choosing block-level encryption simplifies compliance and security management.By applying a uniform encryption strategy across the platform, organizations can reduce complexity and ensure that all data is adequately protected.
3Optimizing LUKS operations can mitigate performance issues related to IO stalls.Identifying and addressing non-optimal behaviors in the encryption process can lead to significant improvements in workload performance.
Common Pitfalls
1
Failing to account for the complexities of volume resizing can lead to operational issues.
Without a clear strategy for managing volume sizes, workloads may run out of disk space or experience performance degradation.
Related Concepts
Dynamic Volume Management
Block-level Encryption Strategies
Linux System Administration