BLOCKBRIDGE ON AWS NVMe

  • High Performance, Low Latency & QoS
  • Thin Provisioning, Snapshots & Clones
  • Multi-host Shared Volumes
  • S3 Backup (Compressed + Encrypted)
  • Secure Access Over WAN
  • Mobility Across Availability Zones
FLAVORNVMeCACHELATENCYIOPS BANDWIDTH
i3.4xlarge2×1.9 TiB100 GiB80/100 μs225/55 K1220/1220 MB
i3.8xlarge4×1.9 TiB200 GiB80/100 μs225/110 K1220/1220 MB
REGIONLOCATIONAMI ID
us-east-1N. Virginiaami-44316e52
us-east-2Ohioami-a4af89c1
us-west-1N. Californiaami-57b39137
us-west-2Oregonami-47c3cb3e

FULLY AUTOMATED AWS AMI

  • Automatic Install & Configuration
  • Automatic Software Updates
  • Instance Detection & Tuning
  • Preconfigured Enhanced Networking

Different region? Ask support@blockbridge.com

AMAZON EC2 FAQ

How do I launch the AMI from the EC2 console?

Finding the AMI

  • Click the AMIs link in the navigation panel located under Images.
  • Select Public images from drop-down menu to the left of the search bar.
  • Search for blockbridge
  • The Blockbridge AWS Owner ID is 319147036085

Launching an Instance

  • Select our AMI and click Launch
  • Select Storage Optimized from the Filter by instance type drop-down menu.
  • Select a supported instance such as i3.4xlarge

Instance Details

  • Enable Auto-assign Public IP, unless you plan to use an Elastic IP.

Configure Security Groups

  • Choose or configure a group that permits TCP traffic to ports 22, 443 and 3260
  • You may optionally enable port 80. Our software automatically redirects port 80 to 443

The instance will take approximately 3 minutes to provision and auto-configure. When complete you can connect to the Blockbridge web interface using https.

The default non-root user is centos. The Blockbridge AMI is based on the Centos 7 Community AMI to minimize hourly charges.

Enhanced networking uses hardware virtualization features to provide high-performance networking capabilities (up to 20Gbit/s) on select instance types. Enhanced networking provides higher bandwidth, higher packet per second (PPS) performance, and consistent low latency. There are no additional charges for enhanced networking.

Blockbridge AMIs support and automatically configure enhanced networking. No additional software or instance configuration is required.

To take advantage of enhanced networking from your client instances, you must:

  • operate on a supported instance type
  • use a supported kernel
  • enable enhanced networking on your instance via aws cli

Note that Amazon Linux natively supports enhanced networking capabilities. However, you will need to manually enable ‘EnaSupport’ on your client instance using the AWS CLI.

For more information, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html

To use Blockbridge, you must open the following TCP ports:

  • 22/TCP SSH access
  • 443/TCP HTTPS access
  • 3260/TCP iSCSI

If you’d like to use IPsec, you must open two additional UDP ports:

  • 500/UDP IPsec IKE
  • 4500/UDP IPsec ESP

The Blockbridge AMI uses both EBS storage and high performance ephemeral NVMe storage. The control plane persistence requirements are satisfied by the EBS root volume of the instance. The data-plane persistence requirements are satisfied by ephemeral storage and optional EBS volumes attached to the instance (to extend capacity as needed).

If you reboot the instance or an instance reboots:

  • all configuration and data are preserved

If you stop an instance:

  • system configuration is preserved
  • virtual disks and data are lost
  • on instance restart, the software will automatically reconfigure

If you terminate an instance:

  • All configuration and data are lost.

To protect data against instance loss you may:

  • replicate virtual disks
  • send compressed/encrypted virtual disk snapshots to S3
  • utilize a stretch cluster

The Blockbridge AMI supports a select set of instance types. Auto-configuration will fail on unsupported instance types. If you would like to run Blockbridge on an instance type that is not currently supported, send us an email at support@blockbridge.com

BLOCKBRIDGE FAQ

Locate the IPv4 or IPv6 Public IP for your instance in the Amazon EC2 Instances list. Then, point your web browser at it with https. To authenticate, you’ll need the unique password for system account.

On first boot, the software generates a unique password for the system operator account. You can obtain the password securely via remote ssh command.

$ ssh centos@your-instance-ip get-creds
system password: a685cafbc6c93a7d7c7487c1
system token:    1/VUVSmObS45L0HAiolso/hsO4QiMA/w2jLID0ui93DT5FRVKY5tLp0w

Use the password to authenticate via command line tools or web interface as the system account.

Tools for popular platforms are located here.

We recommended that you manage storage using the Blockbridge command line tools. The tools automate everything, including host configuration. The tools are faster, less error prone and far more secure than a manual workflow.

Launching an Instance from AMI
# Provision a virtual storage service and disk
$ bb vss provision -c 32GiB --with-disk

# Attach a disk to the host
$ bb host attach

# Detach a disk from host
$ bb host detach

# Release a virtual storage service
$ bb vss remove

However, If you absolutely need to configure everything by hand, we’ve made that easy too.

Global ➟ provision a storage service
✎ set provisioning type

Service ➟ create a disk
✎ set disk size

Service ➟ create an initiator profile
✎ set CHAP credentials
✎ set permitted initiator IQN

Service ➟ create a target
✎ map the disk
✎ associated the initiator profile

Configure your client

Blockbridge provides standards compliant iSCSI/SCSI attached block storage. Any platform that has a functioning iSCSI initiator in software or hardware can attach to Blockbridge storage. This includes:

  • Windows
  • Linux
  • Solaris
  • VMware
  • iPXE
  • Others

Blockbridge supports shared multi-host access to block devices and SCSI SPC-3 persistent reservations. Shared block devices should only be used with special purpose applications such as clustered filesystems and high availability clusters. General purpose filesystems such as EXT2/3/4 should not be mounted from multiple hosts.

Configuring an Object Store

Global ➟ Configure an object store
✎ set the name of your S3 bucket
✎ set s3.amazonaws.com as the host
✎ set the user access Key ID
✎ set the secret access key
✎ set the default restore passphrase

Creating a Backup

Disk ➟ Snapshot this disk
✎ specify a snapshot label

Disk ➟ Backup to Object Storage
✎ select snapshot
✎ select object store
✎ customize backup label
✎ optionally customize restore passphrase

Restore and Clone from S3

Object Storage ➟ Clone from Object Storage
✎ select an image

With iSCSI port 3260 open, you can connect to your Blockbridge storage from anywhere. This port supports both unencrypted and TLS-secured iSCSI sessions.

You’ll have to ensure that the Inbound traffic rules for your instance’s Security Group will accept traffic from your source IP. To see your current settings from the AWS console:

  1. select your instance from the EC2 instances list,
  2. open the Description tab, then
  3. click on “view inbound rules” in the “Security Groups” field.

For more information on Inbound Rules and Security Groups, see this article: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html

If you would like to add additional capacity to a data-plane, you can attach EBS volumes to your instance at any time. EBS devices are automatically detected and made available for use. They will appear in the unused devices folder of a storage node. Select “add device to pool” to incorporate them. Pool balancing and data distribution controls are properties of the associated datastore.

If you would like to remove a device, you must destage the device from the pool and then remove it from the pool before detaching the EBS volume from the instance.

TROUBLESHOOTING

If you are unable to connect to the EC2 instance:

  • is the instance started?
  • does the instance have an assigned public ip address?
  • does the instance security group permit TCP port 22
  • are you authenticating as user ‘centos’?
  • are using the appropriate ssh keypair (use the -i option to explicitly select)

To determine the accessibility of the ssh port, we recommend using netcat or nmap

$ nc -v xxx.xxx.xxx.xxx 22
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to xxx.xxx.xxx.xxx:443.

$ nmap xxx.xxx.xxx.xxx
Starting Nmap 6.40 ( http://nmap.org ) at 2017-04-13 16:49 EDT
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
3260/tcp open iscsi

Remember that ICMP utilities such as ‘ping’ only work if your security group permits ICMP traffic.

If you are unable to connect to the Blockbridge GUI:

  • is the instance started?
  • is the instance type supported?
  • does the instance have an assigned public ip address?
  • does the instance security group permit TCP port 443
  • are you connecting with https?
  • are you using the system generated password?

To determine the accessibility of the https port, we recommend using netcat or nmap

$ nc xxx.xxx.xxx.xxx 443 --verbose
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to xxx.xxx.xxx.xxx:443.

$ nmap xxx.xxx.xxx.xxx
Starting Nmap 6.40 ( http://nmap.org ) at 2017-04-13 16:49 EDT
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
3260/tcp open iscsi

Remember that ICMP utilities such as ‘ping’ only work if your security group permits ICMP traffic.

Blockbridge defines several provisioning templates including general-purpose performance, provisioned-iops and unlimited performance. If a virtual storage service is provisioned without explicitly specifying a type, a default template is applied (i.e., ‘general-purpose’). The general-purpose template applies traffic shaping similar to AWS: capacity scaled IOPS, IO size enforcement, burst credits and maximum IOPS.

If you are testing performance, we suggest using the ‘unlimited’ profile.

$ bb vss provision --capacity 32GiB --type unlimited --with-disk

You can also create custom templates for your applications. Template definitions and parameters are accessible via the control plane in the infrastructure application. You must be authenticated as ‘system’.