1. EUROPEAN UNION Polish Infrastructure for Supporting Computational Science in the European Research Space User Oriented Provisioning of Secure Virtualized Infrastructure Authors: Marcin Jarząb, Jacek Kosiński, Krzysztof Zieliński, Sławomir Zieliński Speaker: Marcin Jarząb ACK Cyfronet Cracow Grod Workshop 2011 Kraków, November 8 2011

2. 2 Problem Statement  Providing secure virtualized infrastructure to end-user is a very complex task  Organization of groups of VM instances,  Securing the access,  Compute, Network and Storage resource management,  Middleware and application configuration related to multi-tenancy support.  Solving such a issue requires  Well-structured provisioning process enabling dialog between provider and end-user,  Software solution that automate many tasks related to the process.

3. 3 Agenda  VM Set concept description,  User-oriented provisioning process organization of the virtualized infrastructure,  Architecture of the solution enabling realization of such process,  Implementation status,  Summary.

4. 4 Concept of the VM Set  Set of VM appliances interconnected with virtual network – IaaS,  Software platform specification – PaaS,  Users access policy,  Lease period.  VM Set Requirements Specification by the users,  VM Set Deployment Description document used by the provider,  Similar to Vmware vApps, but more flexible.

5. 5 Provisioning Process Organization  Ensures that requirements are validated against infrastructure provider capabilities  Security policy,  Available resources.  User asks infrastructure provider to create and expose a VM Set  Filing out a predefined request form.  Complex element of the process  Captures knowledge about the application to be deployed,  Configuration templates applicable to different settings (port numbers, app args.),  Tools  Open Virtualization Format providing a means to package virtual infrastructure deployments,  OS: Vmware Studio, OpenQRM, xCAT,  Middleware: Puppet, Chef, SmartFrog, CFEngine.  Dynamic composition of VM appliances  Cloud Architecture Patterns- VM Factory,VM Template.  Tasks required of the provider to implement the logical representation  If the required resources are not available, the instantiation must remain in the pending state until the problem is resolved.  Involves deployment of specific VMs with the required configuration of OS and application resources  Automated middleware configuration and tuning,  Networking services; VLAN, VPN,  Can be achieved by the OVF and OS/middleware provisioning tools.

6. 6 Provisioning Infrastructure Architecture  Designed according to Service Oriented Infrastructure paradigm,  Infrastructure tools exposed with services.  User Access Services - supporting secure external user connectivity,  Boot Services - supporting addition of new hardware to the provider’s infrastructure,  Repositories – configuration data, VM Set definitions and VM appliances,  Infrastructure Management Services - abstraction layer for the computing infrastructure provisioning process.

7. 7 Implementation status  Solaris OS  Solaris Containers,  ZFS for Storage Virtualization,  Solaris Cluster for HA of Infrastructure Services.  LDAP database for Configuration Repositories,  Java Management Extensions (JMX) components for Infrastructure Management Services,  JBoss jBPM suite for Provisioning Engine.

8. 8 Summary  Virtualized Infrastructure provisioning according to detailed user requirements can be efficiently implemented  Organization of the process,  Organization of the VM appliances – VM Sets,  Flexible Infrastructure Management Framework.  In shared environments there must be preserved QoS contracts of already running VM Sets,  Constant governance is required with policies.  Scalability; network and storage.