Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Scalable Approach to Deploying and Managing Appliances Kate Keahey Rick Bradshaw, Narayan Desai, Tim Freeman Argonne National Lab, University of Chicago.

Similar presentations


Presentation on theme: "A Scalable Approach to Deploying and Managing Appliances Kate Keahey Rick Bradshaw, Narayan Desai, Tim Freeman Argonne National Lab, University of Chicago."— Presentation transcript:

1 A Scalable Approach to Deploying and Managing Appliances Kate Keahey Rick Bradshaw, Narayan Desai, Tim Freeman Argonne National Lab, University of Chicago

2 06/05/07, TeraGrid 2007http://workspace.globus.org Environmental Problem Complexity Consistency ?

3 06/05/07, TeraGrid 2007http://workspace.globus.org Providers and Consumers Resource providerResource consumers Has a limited number of resources Want the resources when they need them & as much as they need Has to balance the software needs of multiple users Want to use specific software packages Has to provide a limited execution environment for security reasons Wants as much control as possible over resources

4 06/05/07, TeraGrid 2007http://workspace.globus.org Changing the Question Lets see whats available and adapt my problem to use it Here is the environment I need to solve my problem -- deploy it on the Grid Can we provide the middleware that will enable this change of approach?

5 06/05/07, TeraGrid 2007http://workspace.globus.org Virtual Workspaces l Dynamically overlay a required environment over resources in the Grid u Configuration and Information l Configuration management, e.g., Bcfg2, Pacman l Issues: How do I express what I want? How long will it take to install? How reliably will it provide the required environment? u Virtual Machines l Xen, VMware, etc. l Develop and test locally, deploy globally l Short deployment times u Paper: Quality of Service and Quality of Life in the Grid

6 06/05/07, TeraGrid 2007http://workspace.globus.org Virtual Machines: The Good News l Quality of Life u A user can provision a pre-configured customized and consistent environment across the Grid u The site does not need to understand users environment needs in detail u The site can provision environments in a cost- effective manner l And many other fine properties… u Quality of Service l Fine-grained enforcement l Performance isolation u Convenient serialization u Suspend/resume u For more see http://workspace.globus.org

7 06/05/07, TeraGrid 2007http://workspace.globus.org Virtual Machines: The Bad News l In order to run in the Grid a user now has to provide an image… l A site administrator now has to maintain potentially many more platforms than before… l How will the management of all these images scale? l If a user-provided image were to be deployed, how can it be integrated with its deployment context?

8 06/05/07, TeraGrid 2007http://workspace.globus.org To Have a Cake and Eat It Too… Get someone else to configure the image for me… Someone I could trust… Hopefully they can also manage it for me… Assuming I find such a person, how can I adapt this image to actually work with my site? provider

9 06/05/07, TeraGrid 2007http://workspace.globus.org To Have a Cake and Eat It Too… Get someone else to configure the image for me… Someone I could trust… Hopefully they can also manage it for me… Assuming I find such a person, will I be able to log in to those image? client

10 06/05/07, TeraGrid 2007http://workspace.globus.org Overview l Virtual Appliances l Configuring for contextualization u Example l Appliance Configuration and Management l Appliance Deployment l Conclusions

11 06/05/07, TeraGrid 2007http://workspace.globus.org Virtual Appliances l Environment to support a specific set of applications l Can be automatically adapted to many different deployment contexts l Examples of contextualization: u IP address u IP adresses of critical services u Ssh keys u Security certificates VM Image Context IP address SSH keys etc.

12 06/05/07, TeraGrid 2007http://workspace.globus.org Overall Approach Appliance Producer Appliance Deployment build an appliance update an appliance manage appliance deployment Appliance Management AA

13 06/05/07, TeraGrid 2007http://workspace.globus.org Applicance Contextualization (Preparation) contextualization agent Contextualization template IP address signed by provider to have properties XYZ certificate

14 06/05/07, TeraGrid 2007http://workspace.globus.org Appliance Contextualization (Deployment) delivery method Contextualization template IP address: 192.168.7.1 etc. Validate signature: do we have properties XYZ ?

15 06/05/07, TeraGrid 2007http://workspace.globus.org Example: Virtual Cluster l Torque cluster u Assign IP addresses u Create accounts u Name resolution u ssh/scp keys for the nodes u Torque configuration files l The configuration template is consumed by self-contained Bcfg2 agent inside the VM

16 06/05/07, TeraGrid 2007http://workspace.globus.org Appliance Provider Software l Incremental construction l Versioning l Describe capabilities u Xen? Vmware? l Testing of appliances l Maintenance u Security RSS feed l Bugtraq, US-CERT Security Advisories l Attestation and signing u Automation is important! SL3 OSGTeraGrid STARCCSM…… SL4 …

17 06/05/07, TeraGrid 2007http://workspace.globus.org Appliance Provider Software l Bcfg2 u Incrementally constructed configuration profiles l E.g., OS, security services, application u Node analysis capabilities u Supplied with many Linux distributions u http://trac.mcs.anl.gov/projects/bcfg2 l rPath u Recipe-style configuration l Create a project, choose packages, cook, build the software appliance u Freely available online u Many appliances available, integrated with EC2 u http://www.rpath.com/rbuilder/

18 06/05/07, TeraGrid 2007http://workspace.globus.org Appliance Deployment l Matching appliances to resources u What VMM? What kernels? Etc. l Secure admission of appliances u Validate signature u Admission policies and workspace assertions l E.g., no root access, configuration and versioning assertions u SC05 Poster: Making your workspace secure: establishing trust with VMs in the Grid l Contextualization u Providing contextualization information u Secure delivery u Host certificates, virtual clusters, etc.

19 06/05/07, TeraGrid 2007http://workspace.globus.org The Workspace Service Pool node Pool node Pool node Pool node Pool node Pool node Pool node Pool node (1) The workspace service allows users to dynamically deploy and manage VMs on a pool of nodes (2) A Workspace is deployed based on (a) image + meta-data and (b) resource allocation (3) Access is determined based on attribute authorization, image validation work in progress (4) Contextualization: - Multiple methods of IP address assignment - Host certificates - Personalization work in progress VWS Service

20 06/05/07, TeraGrid 2007http://workspace.globus.org Contextualization and Delivery l The deployment software will rely on a range of services u Certificate authorities, IP management, etc. l Existing contextualization agents u DHCP u Workspace DHCP delivery method l Ad hoc methods u E.g., current workspace tools, configuring certificates, etc. l Configuration tools u Needed for application-specific tools l Delivery methods u Kernel parameters u Secure communication over the network u Files

21 06/05/07, TeraGrid 2007http://workspace.globus.org Appliance Layers l Layered Appliance u A set of interdependent layers l Appliance layers u Less data needs to travel u More flexible u Faster deployment u Trust management l Collaborative aspects of configuration System Layer Customization Layer Application Layer VO Layer

22 06/05/07, TeraGrid 2007http://workspace.globus.org New Roles Appliance Producer (Virtual Organization) Appliance Deployer (Resource Providers) build an appliance update an appliance manage appliance deployment

23 06/05/07, TeraGrid 2007http://workspace.globus.org Conclusions l Virtualization has the potential to allow providers to reach more users u Flexibility, fast turnaround, etc. u Examples: EC2 and others l Configuration management is increasing in importance important u Configuration for the masses… u We have the methods, but they need to be adapted l The role of VOs will grow u VO administrators trusted by the sites u VO security procedures

24 06/05/07, TeraGrid 2007http://workspace.globus.org Credits l Workspace team u Tim Freeman, Borja Sotomayor l Bcfg2 u Rick Bradshaw, Narayan Desai l Thanks to u Brett Adam, Ian Foster, Frank Siebenlist, Ravi Subramaniam, Marty Wesley


Download ppt "A Scalable Approach to Deploying and Managing Appliances Kate Keahey Rick Bradshaw, Narayan Desai, Tim Freeman Argonne National Lab, University of Chicago."

Similar presentations


Ads by Google