Presentation is loading. Please wait.

Presentation is loading. Please wait.

Your Desktop on Your Keychain Ted Wobber MSR Silicon Valley with Muthukarrupan Annamalai, Andrew Birrell, and Dennis Fetterly.

Similar presentations


Presentation on theme: "Your Desktop on Your Keychain Ted Wobber MSR Silicon Valley with Muthukarrupan Annamalai, Andrew Birrell, and Dennis Fetterly."— Presentation transcript:

1 Your Desktop on Your Keychain Ted Wobber MSR Silicon Valley with Muthukarrupan Annamalai, Andrew Birrell, and Dennis Fetterly

2 Hardware vs. Desktop State Computers are (increasingly) everywhere –In furniture/kiosks/environment? New form factors for carrying state: –Keychains, cellphones, watches Can we make desktop state portable without also carrying the computer hardware? Desktop state = user preferences + user data + applications

3 Who cares?? Corporations and other large organizations –Moving between offices, sites –Office-sharing –Work-at-home scenarios Consumers in general –But kiosk infrastructure and security is a barrier Emerging markets –Desktop hardware is scarce –Benefit may outweigh security risk

4 Models of Desktop Portability Laptops Roaming profiles Remote desktop

5 Laptops Laptops are (usually) bulky and fragile Expensive to purchase and to manage Prone to theft Once stolen, data is (often) vulnerable Backup can be haphazard But, laptops are self contained and offer a valuable platform for disconnected environments

6 Roaming Profiles Applications dont roam In Windows, difficult to separate user, application, and machine-specific state Slow, bandwidth intensive Difficult outside single admin domain Security of host machine?

7 Remote Desktops Needs strong connectivity Latency-sensitive Difficult outside single admin domain Needs managed server to provide RDP service –Most desktop PCs arent professionally managed Local devices?

8 Flash Changes the Equation Current cost: 1GB = ~$80 Still following Moores Law Read/Write performance approaching disk Modern flash has built-in wear-leveling –Max write limitations are rarely a problem For this talk: Flash == USB Flash Device

9 Flash Statistics (estimate) Projected shipments million units in GB in 04; 4GB+ in 05. Estimated revenue on NAND-based Flash at $9.2 billion in 06 timeframe NAND Read/Write speeds are slated to increase as follows: –04 read 8 MB/s; write 6.5MB/s. –05 read. 23 MB/s; write 16MB/s. –06 read 40 MB/s; write 28 MB/s. –07 guesstimates are 100MB/s using multiple NAND chips and cache. Already being extended with onboard CPU, memory, wireless, etc.

10 Carry user state cache on flash Similar problems to roaming profiles: –Applications dont roam –In Windows, difficult to separate user, application, and machine-specific state –Slow, bandwidth intensive –Difficult outside single admin domain –Security of host machine?

11 Boot from Flash Drivers –Problem gets worse with age of installation Flash capacity (in short term) –Size of OS + apps a problem –What happens when disk is full? Machine state (e.g. hibernation) is non portable Backup?

12 Our Solution Host machine runs virtual machine monitor User runs in a virtual machine (VirtualPC) Virtual disk is a server in the sky –Remote disk handles overflow and backup The flash acts as: –A persistent cache/log of virtual disk –Storage for virtual machine state Local disk as lookaside for virtual disk content

13 Why Virtualization? Eliminates host-specific customization –(e.g. drivers, etc) Easy to encapsulate and move VM state Fewer moving parts on host –Easier to manage/secure: VMM is only requirement Development cost (our prototype < 1 kloc) –Simple to customize basic abstractions Good performance and getting better –Hardware support of virtualization Other platforms? XBox2? Virtual disks make provisioning new users easy

14 Differencing Disks Compact representation of overlaid content Standard feature of virtual machines Convenient for shared disk provisioning –E.g. multiple users share same base disk Differencing Disk(s): Base Disk: VMM sees:

15 Why a network connection? At least for now, flash drives are too small –With Windows+Office its easy to overflow a 1GB disk Backup is automatic –Server can keep multiple restore points Perhaps this requirement can be eliminated in the future

16 VMM Host Base Disk Image File Server User-Specific Differencing Disk Disk as seen by your programs Composed of... VirtualPC Your Computing Environment Kiosk Architecture Lookaside Images (~Base Disk) Flash Disk Write Log Read Cache

17 VMM Host Base Disk Image File Server User-Specific Differencing Disk Disk as seen by your programs Composed of... VirtualPC Your Computing Environment Flash Disk Read Cache Disk Writes Lookaside Images (~Base Disk) Write Log

18 VMM Host Base Disk Image File Server User-Specific Differencing Disk Disk as seen by your programs Composed of... VirtualPC Your Computing Environment Flash Disk Write Log Read Cache Disk Reads Lookaside Images (~Base Disk)

19 Demo

20 A bit more detail Persistent state on flash –Virtual machine state (optional) –Writes logged since last merge –Fingerprint for every 16K chunk in remote virtual disk MD5 as a fingerprinting algorithm (128 bits) –Set of cached 16K chunks

21 Persistent, in flash A: Chunk number to Fingerprint map (for entire disk) B: Write Log (sectors) FP 0 FP 1 …FP N 17 … Data for sector 17 ….. 27Data for sector 27 3Data for sector 3 C: Read Cache (chunks) 35 … Data for chunk 35 ….. 7Data for chunk 7 114Data for chunk 114

22 Volatile, in memory FP 0 FP 1 …FP N 17 … Sector 17 ….. 27Sector 27 3Sector 3 35 … Chunk 35 ….. 7Chunk 7 114Chunk 114 A: Chunk number to Fingerprint map (for entire disk) FP 0 FP 1 …FP N C: Write log hash table (sectors) 17 … 27 3 ….. FP 35 … FP 7 FP 114 ….. B: FP to Read Cache hash table (chunks) FP … ….. D: FP to Static Disk hash table (chunks) Lookaside Image

23 Updating the Fingerprint Map Must compute new chunk fingerprints Partial chunks requires unwritten sectors Read old chunk Add new sectors New FP

24 Whats actually implemented Write log is a differencing disk on flash –Differencing drive chain: Flash differencing disk Home differencing disk Home base disk Manual merging only –No automatic updates in background –Standard VirtualPC merge to parent –Merge updates read cache Read cache is untuned

25 Potential Drawbacks Security of kiosk machine Infrastructure rollout Connectivity requirement –As flash sizes grow, need for online server decreases –Range of solutions possible depending on size Artifacts of virtualization –Availability of pass-through devices –Fancy graphics devices unavailable Ensuring that working set fits within the cache

26 Performance Bottlenecks Windows likes to write to disk –Flash fills up quickly –Differencing disk overlays >10% of base image Read/write performance: –4K Reads (sequential or random) ~.8 ms –4K Writes (sequential) ~ 1.0 ms –4K Writes (random) > 20ms !!!! We have confirmed this by analyzing traffic at the USB driver level. The root cause of the 20 ms latency is a mystery. Our observations are inconsistent with NAND-memory specs.

27 Optimizations (current) Fast-launch defragmentation turned off Paging disabled Last-access date on files disabled Various services turned off No anti-virus / indexing

28 Optimizations (possible) Implement real log (for sequentiality) –With redundant write elimination RAM disk for temporary files (e.g. IE) Keep guest-OS NTFS log on local disk Log writes to on-kiosk differencing disk … periodic sync to flash Network read/write compression Virtual disk snapshots

29 Security Primary threats: –Bogus, tapped, or otherwise compromised kiosk –Theft of device But, this is a computer: ASIC or processorNAND Memory

30 Trusting the Kiosk Non-technical considerations –Physical security Site security (e.g. within a corporation) Physical packaging and locks (like an ATM) Kiosk owner must be accountable Technical solutions –NGSCB / Trusted Boot / Attestation Small footprint (e.g. just OS+VMM) helps here –User-specific, unforgeable visual feedback –External helper device with UI (e.g. cellphone)

31 Protecting Against Theft On-flash encryption, unlocks data only after: –Flash authenticates kiosk –Flash informs user that kiosk is OK –User gives credentials (e.g. password or biometric) Lock-out on repetitive failure Host-based encryption is also possible –But gives weaker guarantees User can roll back to disk state on server

32 Related Projects Internet suspend/resume –CMU / Intel Labs –Virtual machine serial portability –Supported by Coda-like distributed FS –Flash for read optimization Stanford Collective project –Portable virtual machine –Virtual state/disk capsule hierarchy

33 Conclusions New model for desktop portability Augments range of existing techniques Spectrum of flash-based solutions Looking for ways we can help product efforts Havent explored business/market ramifications Highlights two growing market forces: Flash and Virtualization


Download ppt "Your Desktop on Your Keychain Ted Wobber MSR Silicon Valley with Muthukarrupan Annamalai, Andrew Birrell, and Dennis Fetterly."

Similar presentations


Ads by Google