Enhancing Pure Cloud Block Store with Multi-tenant Capabilities

As organizations scale, so do the complexities of managing storage resources across different departments, teams, and applications. Traditional single-tenant storage environments can struggle to meet the demands of large, diverse enterprises, often resulting in inefficient resource utilization and complicated access management. Multi-tenant storage environments address these challenges, offering a way to isolate and manage data for multiple tenants or projects on a single storage platform.

With new multi-tenant capabilities in the latest release of Pure Cloud Block Store ™, version 6.6.11, organizations gain the power to effectively segment storage resources, enforce customized access policies, and set usage limits at a granular level. By introducing realms and delegated administration, this new release provides the foundation for efficient storage governance.

Multi-tenant storage opens up a range of valuable use cases: from enterprises that need separate storage spaces for each department, to companies looking to keep production, development, and testing environments distinct or provide separation for various projects. With Pure Cloud Block Store's new multi-tenant features, managing these scenarios becomes straightforward, providing each tenant or environment with the resources it needs while keeping everything securely separated.

Figure 1: Basic concepts of multi-tenant management.

Realms are introduced as a new organizational unit within Pure Cloud Block Store/Purity, designed for streamlined data management. Realms serve as dedicated segments of the storage environment, allowing administrators to define clear, isolated zones for different departments, teams, or projects.

Figure 2: New realm creation.

Once you create a realm, you then need to use the realm name as a prefix in subsequent commands. For example during volume creation, you would use the following command: purevol create realm0::pod0::vol0

Administrators can enforce quota limits on individual realms to maintain control over storage consumption, ensuring resources are allocated according to policy and preventing overuse. Furthermore, quality of service (QoS) rate limits can be set on a per-realm basis, allowing for precise control over IOPS and bandwidth. This enables customized performance boundaries, ensuring fair and efficient resource distribution across tenants.

Figure 3: Setting quota limits and QoS.

Figure 4: Trying to create a volume larger (10G) than the realm0 quota limit (1G) will result in an error.

Figure 5: Trying to create another volume once the quota has been reached will also result in an error.

Footprint reporting provides insight into capacity utilization for data within each realm as if that data is the only data on the array, with applicable data reduction factors taken into account. This metric aids in transparent accounting for data storage.

Delegated administration is now available through enhanced management access policies, allowing organizations to assign tailored administrative permissions. With role-based access that applies at either the array-wide level or within specific realms, administrators can grant precise control over who can access, modify, or view resources. Management access policies replace the previously fixed roles (array admin, storage admin, ops admin, and read-only), providing a flexible and fine-grained approach to user management within Pure Cloud Block Store.

Figure 6: Newly created realms for development and production environments.

Figure 7: Array admin can see all existing realms.

Figure 8: Administrator created for development realm.

Figure 9: List of users and their respective resources.

Figure 10: The realm administrator only sees their own realm.

Figure 11: The realm administrator can only manage their own realm.

The copy data management between realms feature (available in a form of directed availability) allows users with cross-realm permissions to move data from one realm to another based on access levels. For instance, a database administrator with read-only access to a production realm can copy objects to a separate development realm where they have full permissions-without compromising production data integrity. To enable this feature, contact Pure Technical Support.

These new features collectively provide enhanced flexibility and efficiency in managing multi-tenant storage environments. By leveraging realms and delegated administration, organizations can ensure strict data governance, support tenant isolation, and optimize performance for diverse workloads on a single Pure Cloud Block Store instance.

Public link

Please use the above public link if you want to share this noodl on another website.