As it is generally known, “cloud computing” typically refers to the use of remotely hosted resources to provide services to customers over one or more networks such as the Internet. Resources made available to customers are typically virtualized and dynamically scalable. Cloud computing services may include any specific type of application. Some cloud computing services are, for example, provided to customers through client software such as a Web browser. The software and data used to support cloud computing services are located on remote servers owned by a cloud computing service provider. Customers consuming services offered through a cloud computing platform need not own the physical infrastructure hosting the actual service, and may accordingly avoid capital expenditure on hardware systems by paying only for the service resources they use, and/or a subscription fee. From a service provider's standpoint, the sharing of computing resources across multiple customers (aka “tenants”) improves resource utilization. Use of the cloud computing service model has been growing due to the increasing availability of high bandwidth communication, making it possible to obtain response times from remotely hosted cloud-based services similar to those of services that are locally hosted.
Cloud computing infrastructures often use virtual machines to provide services to customers. A virtual machine is a completely software-based implementation of a computer system that executes programs like an actual computer system. One or more virtual machines may be used to provide a service to a given customer, with additional virtual machines being dynamically instantiated and/or allocated as customers are added and/or existing customer requirements change. Each virtual machine may represent all the components of a complete system to the program code running on it, including virtualized representations of processors, memory, networking, storage and/or BIOS (Basic Input/Output System). Virtual machines can accordingly run unmodified application processes and/or operating systems. Program code running on a given virtual machine executes using only virtual resources and abstractions dedicated to that virtual machine. As a result of such “encapsulation”, a program running in one virtual machine is completely isolated from programs running on other virtual machines, even though the other virtual machines may be running on the same underlying hardware. In the context of cloud computing, customer-specific virtual machines can therefore be employed to provide secure and reliable separation of code and data used to deliver services to different customers.
A hypervisor (or “virtual machine monitor”) is a system program that provides a virtual environment in which multiple virtual machines can concurrently execute in isolation. The hypervisor provides the virtual execution environment over a physical “hypervisor domain” made up of one or more underlying host computer systems. The hypervisor manages allocation of physical resources from the hypervisor domain to the virtual machines executing in the virtual environment in a way that maintains code and data isolation between virtual machines. Physical resources in the hypervisor domain that are virtualized by the hypervisor for allocation to virtual machines include processor, memory, and other physical resources. Hypervisors referred to as “Type 1”, “native” or “bare-metal” hypervisors run directly on the host's hardware as a hardware control and guest operating system monitor. Other hypervisors referred to as “Type 2” or “hosted” hypervisors are software applications running within a conventional operating system environment. In addition to physical resource virtualization and allocation, hypervisors may also provide virtual machines with other specific services, such as transport services enabling communication between virtual machines.
Traditional approaches to storage virtualization in virtual execution environments offer block-level storage, i.e. virtual block devices. Such storage is easily used by one virtual machine, but cannot be easily shared in a secure and scalable way as is. This results in problems when it is desirable to have higher-level sharing, e.g. at the file system and/or database level. For example, a customer using a collection of virtual machines located within the service provider cloud may desire to store computation results persistently within the cloud at the file or database level, in order to allow convenient, high-level data sharing across multiple virtual machines. With existing systems, such higher-level sharing must be implemented either by the cloud-based service consumer, for example using clustered file system or clustered database software in the virtual machine cluster, or by the cloud-based service provider using consolidated, shared back-end storage systems. In the former case, the responsibility for configuration and management of the shared storage falls on the service consumer, meaning that the cloud computing platform fails to deliver the truly virtualized storage service desired by the service consumer, and does not reduce the consumers' management tasks to a minimum. In the latter case, a straightforward application of “physical world” technologies needed to support secure multi-tenant cloud consumer virtual machine access to consolidated shared backend storage incurs significant overhead for network traffic separation, encryption and protocol security, requiring highly complex security and networking infrastructure to ensure the privacy of storage-related communications within the customer domains. Such complexity of implementation can be excessively costly using existing approaches when potentially thousands of customer partitions (i.e. dedicated subsets of infrastructure) must be supported by the cloud service provider.
One example of an existing cloud-based storage solution is Amazon Elastic Block Store (EBS), which is part of the Amazon Web Services™ offered over the Internet by Amazon.com, Inc. EBS provides persistent block level storage volumes for virtual private servers in the computer cloud. However, EBS cannot be shared by virtual machines as is. As a result, virtual machines need to run a distributed file system, or the EBS block storage needs to be exported over a Network Attached Storage (NAS) protocol. Existing solutions such as EBS disadvantageously require the service customer to implement any higher level data sharing that may be needed to support distributed applications executing across the customer's multiple physical and/or virtual machines.
It would accordingly be desirable to have a new method and system for providing scalable and secure high-level storage access for cloud computing platforms that addresses the aforementioned and other shortcomings of prior approaches.