AWS Architecture Notes
Describes architectural considerations for the HPE Ezmeral Data Fabric software-as-a-service (SaaS) platform when deployed on Amazon AWS.
Deployment Topology
To take advantage of the benefits of cloud computing, you can provision an HPE Ezmeral Data Fabric in Amazon AWS and in other public clouds. A single instance of the Data Fabric is referred to as a fabric. The fabric provides a high-performance file system for files, objects, tables, and streaming files and can be deployed quickly and easily. The HPE Ezmeral Data Fabric is designed so that many fabrics deployed in different public clouds or on premises can communicate with each other seamlessly in a global namespace (GNS).
Deployment Prerequisites
- Fabric name
- Access key
- Secret key
- Region
- Virtual private cloud (VPC) ID
- Public subnet ID
Public and Private Subnets
To enable a global namespace consisting of many fabrics accessible over the internet, the user must provide a public subnet. The global namespace cannot currently be implemented with private subnets. The Data Fabric architecture does not prevent the use of private subnets, but some code changes are required before private subnets can be supported. Note that air-gapped, on-premises installations are fully supported.
Regions and Availability Zones
- US East (Ohio)
- US East (N. Virginia)
- US West (N. California)
- US West (Oregon)
- Asia Pacific (Mumbai)
- Asia Pacific (Hyderabad)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
- Asia Pacific (Melbourne)
Amazon Machine Images (AMIs)
Users of the HPE Ezmeral Data Fabric do not need to create or manage the AMIs needed to support the Data Fabric on AWS. HPE provides a set of publicly available AMIs that facilitate installation and upgrade of the fabric without the need for user interaction.
Security Groups
During fabric creation, a security group is created for each fabric. The security group is configured with predefined in-bound and out-bound rules to support the list of ports required for fabric-to-fabric communication.
STS Support for AWS S3 Object Stores
With release 7.7.0 and later, Data Fabric provides a new
option for gaining access to AWS S3 object stores. You can import an external AWS S3 server
by using the maprcli clustergroup addexternal command and specifying an
Amazon Resource Name (ARN) to enable STS authentication. For more information, see Integrating the AWS Security Token Service (STS) with Data Fabric.
Using STS simplifies the process of accessing AWS services by using STS tokens for authentication. With STS tokens, the Data Fabric user can assume an AWS role and get temporary credentials to perform S3 actions. Once the external S3 object store is imported into the global namespace, all S3 operations automatically use STS.
Instance, Disk, and Memory Information
Upgrades
When a new software version is available, the user is notified. At the user’s discretion, the platform can perform a non-disruptive, rolling upgrade from one major software version to another. However, upgrade capability is currently limited to on-premises deployments. See Upgrading a Data Fabric.
Scaling
Adding nodes to a fabric can be done using a rolling upgrade process. Note that adding nodes is currently supported only for on-premises deployments. See Adding Nodes (On-premises Deployment).
Administrative Interface
The Data Fabric UI provides a browser-based graphical user interface for monitoring and managing all fabrics in a global namespace.
SSO and Predefined Roles
The Data Fabric leverages the Keycloak identity and access management (IAM) solution to ensure that all the fabrics in a global namespace have access to the same user information. Keycloak can be used as a passthrough with other popular IAM solutions.
- Infrastructure Admin
- Fabric Manager
- Fabric User