1. Field of the Invention
This invention relates to computer systems and, more particularly, to securing kernel metadata communication in systems employing distributed software services.
2. Description of the Related Art
Many business organizations and governmental entities rely upon applications that process large amounts of data, often exceeding a terabyte or more of data for mission-critical applications. Numerous servers may be utilized to provide the needed processing, and the data may be distributed across multiple, often heterogeneous, storage devices. In order to handle such heavy processing loads and large volumes of data, various types of distributed software services may be used in such environments, such as distributed computing services (e.g., facilities that split up large processing tasks into smaller tasks for execution at various hosts), distributed storage virtualization, cluster management, distributed file systems, distributed content management, distributed workflow management solutions and the like.
In many distributed software service deployments, the software stack at a given computer host may include a user-mode layer and a kernel-mode or privileged layer. The user-mode layer may perform tasks such as data manipulations or computations that require relatively rare interactions with operating system functions such as process management or device interactions, while the kernel-mode layer may interact heavily with the operating systems in use at the hosts. In many cases the kernel-mode layers of the distributed software service stacks at different hosts may need to communicate metadata (e.g., configuration information related to the specific software service being provided) to each other. While in some environments, networks with limited accessibility (e.g., fibre channel links that are isolated from Internet Protocol (IP) networks) may be used for inter-host communication of such metadata, the popularity of shared commodity networks (such as Ethernet-based IP networks) for this purpose is increasing. Typically, secure communication protocols such as Secure Sockets Layer (SSL) may be available for user-mode interactions over such networks, but may not be easily usable for kernel-mode interactions. A technique that utilizes secure communication facilities available at the user-mode layers to achieve secure kernel-to-kernel metadata communication may therefore be desirable.
In particular, distributed storage virtualization services may benefit from such a technique. Distributed storage virtualization includes a set of services to provide enhanced storage functionality and reduce the complexity of dealing with large heterogeneous storage environments. Virtualization services may be configured to present physical storage devices as virtual storage devices (e.g., logical volumes in block storage environments) to storage clients, and to add storage features not present in individual storage devices to the storage model. For example, features to increase fault tolerance, such as data mirroring, snapshot/fixed image creation, or data parity, as well as features to increase data access performance, such as disk striping, may be implemented in the storage model via hardware or software. As in the case of other distributed services, virtualization services software may include user and kernel layers at both virtualization servers (e.g., hosts that provide or support the virtualization features) and virtualization clients (e.g., hosts where the virtualization features are utilized). The metadata that may need to be communicated between kernel layers at virtualization servers and clients may include virtual device layout information (i.e., logical address to physical address translation information), access permissions, security tokens used by various clients to access specific virtual devices, etc. When transmitted over general-purpose networks such as IP networks, such sensitive metadata may result in increased vulnerability to malicious attacks. A mechanism to enhance the security of kernel-to-kernel storage virtualization metadata communication may therefore be particularly beneficial.