Research On Safety Of Cluster Storage System Based On Lustre

In recent years, the high performance computing technology has been widely usedbecause of the explosive growth of data volume and the great leap forward of userdemand.These applications require not only high performance computing capacity, but alsothe good storage capability. The traditional storage technology revealed its disadvantagesgradually. The cluster system which integrates the object-based storage technology can meetthe demand of high bandwidth, concurrency, high scalability and easy management, so it hasbecome the effective way to solve the problems of traditional storage technology. However,the open network environment has brought huge threat, so the security of cluster storagesystem has become an important topic at present.In this paper, a cluster storage system which integrates the object-based storagetechnology is built by application of Lustre file system, and then a security architecture of thestorage system is proposed based on the analysis of characteristics of Lustre file system andcluster storage. The security architecture is combined with the key technologies to realize thesystem safety, such as data encryption technology, authentication technology, access controltechnology and key management technology.Security architecture proposed in this paper mainly realizes the functions of identityauthentication, data encryption， key management and access control. The identityauthentication is the process to confirm the identity of the operator, and it is the first level ofsecurity system. The data encryption is one of the important ways of protecting data and thekey management is the core problem of ensuring system security. Access control can realizethe effective specification of user permissions. On the basis of the original group keymanagement, the access controller is used to separate access control to the key computation,as a result, the system is more secure and flexible. The architecture reduces the storagerequirements of group key management and improves the efficiency of key calculation. Torealize the function of identity authentication, public key infrastructure is adopted, becausecomparing with Kerberos mechanism, it can save management time and resources andimprove the scalability of the system. Finally, the security architecture is realized on the basis of laboratory cluster systemenvironment, and the related performance is tested. Through the analysis, the securityarchitecture can effectively prevent some common attacks and protect the data of the clusterstorage system based on Lustre. The test results show that the Lustre has good performance incluster storage system, and also reflect the impact of security architecture on the storagesystem. In addition, the results provide the basis for the further optimization.