1 / 24

A Scalable Approach to Deploying and Managing Appliances

This paper discusses a scalable approach to deploying and managing appliances in a grid environment, using virtual machines and contextualization techniques. It explores the challenges and benefits of this approach, as well as provides examples and solutions for appliance configuration and management.

pbadillo
Télécharger la présentation

A Scalable Approach to Deploying and Managing Appliances

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Scalable Approach to Deploying and Managing Appliances Kate Keahey Rick Bradshaw, Narayan Desai, Tim Freeman Argonne National Lab, University of Chicago

  2. Environmental Problem • Complexity ? • Consistency http://workspace.globus.org

  3. Has a limited number of resources Want the resources when they need them & as much as they need Has to balance the software needs of multiple users Want to use specific software packages Has to provide a limited execution environment for security reasons Wants as much control as possible over resources Providers and Consumers Resource provider Resource consumers http://workspace.globus.org

  4. Here is the environment I need to solve my problem -- deploy it on the Grid Changing the Question Let’s see what’s available and adapt my problem to use it Can we provide the middleware that will enable this change of approach? http://workspace.globus.org

  5. Virtual Workspaces • Dynamically overlay a required environment over resources in the Grid • Configuration and Information • Configuration management, e.g., Bcfg2, Pacman • Issues: How do I express what I want? How long will it take to install? How reliably will it provide the required environment? • Virtual Machines • Xen, VMware, etc. • Develop and test locally, deploy globally • Short deployment times • Paper: “Quality of Service and Quality of Life in the Grid” http://workspace.globus.org

  6. Virtual Machines: The Good News • Quality of Life • A user can provision a pre-configured customized and consistent environment across the Grid • The site does not need to understand user’s environment needs in detail • The site can provision environments in a cost-effective manner • And many other fine properties… • Quality of Service • Fine-grained enforcement • Performance isolation • Convenient serialization • Suspend/resume • For more see http://workspace.globus.org http://workspace.globus.org

  7. Virtual Machines: The Bad News • In order to run in the Grid a user now has to provide an image… • A site administrator now has to maintain potentially many more platforms than before… • How will the management of all these images scale? • If a user-provided image were to be deployed, how can it be integrated with its deployment context? http://workspace.globus.org

  8. Get someone else to configure the image for me… To Have a Cake and Eat It Too… Someone I could trust… Hopefully they can also manage it for me… Assuming I find such a person, how can I adapt this image to actually work with my site? provider http://workspace.globus.org

  9. Get someone else to configure the image for me… Someone I could trust… Hopefully they can also manage it for me… To Have a Cake and Eat It Too… Assuming I find such a person, will I be able to log in to those image? client http://workspace.globus.org

  10. Overview • Virtual Appliances • Configuring for contextualization • Example • Appliance Configuration and Management • Appliance Deployment • Conclusions http://workspace.globus.org

  11. VM Image Virtual Appliances • Environment to support a specific set of applications • Can be automatically adapted to many different deployment contexts • Examples of contextualization: • IP address • IP adresses of critical services • Ssh keys • Security certificates Context IP addressSSH keys etc. http://workspace.globus.org

  12. build an appliance update an appliance manage appliance deployment A A’ Overall Approach Appliance Producer Appliance Management Appliance Deployment http://workspace.globus.org

  13. Applicance Contextualization(Preparation) contextualization agent Contextualization template IP address certificate signed by provider to have properties XYZ http://workspace.globus.org

  14. Appliance Contextualization(Deployment) delivery method Contextualization template IP address: 192.168.7.1 etc. Validate signature: do we have properties XYZ ? http://workspace.globus.org

  15. Example: Virtual Cluster <Parameters> <Param name='DNSServer'> <List> <Item value='192.168.1.2'/> <Item value='192.168.1.3'/> </List> </Param> <Param name='nodenames'> <List> <Item value='192.168.7.1'/> <Item value='192.168.7.2'/> <Item value='192.168.7.3'/> <Item value='192.168.7.4'/> </List> </Param> <Param name='users'> <List> <Item name='user1' value='sad8hgewjnb'/> <Item name='user2' value='saasd2sjnb'/> </List> </Param> </Parameters> • Torque cluster • Assign IP addresses • Create accounts • Name resolution • ssh/scp keys for the nodes • Torque configuration files • The configuration template is consumed by self-contained Bcfg2 agent inside the VM http://workspace.globus.org

  16. Incremental construction Versioning Describe capabilities Xen? Vmware? Testing of appliances Maintenance Security RSS feed Bugtraq, US-CERT Security Advisories Attestation and signing Automation is important! Appliance Provider Software SL3 SL4 … OSG TeraGrid STAR … CCSM … http://workspace.globus.org

  17. Appliance Provider Software • Bcfg2 • Incrementally constructed configuration profiles • E.g., OS, security services, application • Node analysis capabilities • Supplied with many Linux distributions • http://trac.mcs.anl.gov/projects/bcfg2 • rPath • Recipe-style configuration • Create a project, choose packages, “cook”, build the software appliance • Freely available online • Many appliances available, integrated with EC2 • http://www.rpath.com/rbuilder/ http://workspace.globus.org

  18. Appliance Deployment • Matching appliances to resources • What VMM? What kernels? Etc. • Secure admission of appliances • Validate signature • Admission policies and workspace assertions • E.g., no root access, configuration and versioning assertions • SC05 Poster: “Making your workspace secure: establishing trust with VMs in the Grid” • Contextualization • Providing contextualization information • Secure delivery • Host certificates, virtual clusters, etc. http://workspace.globus.org

  19. The Workspace Service (1) The workspace service allows users to dynamically deploy and manage VMs on a pool of nodes Pool node Pool node VWS Service (2) A Workspace is deployed based on (a) image + meta-data and (b) resource allocation (3) Access is determined based on attribute authorization, image validation work in progress (4) Contextualization: - Multiple methods of IP address assignment • Host certificates • - Personalization work in progress Pool node Pool node Pool node Pool node Pool node Pool node http://workspace.globus.org

  20. Contextualization and Delivery • The deployment software will rely on a range of services • Certificate authorities, IP management, etc. • Existing contextualization agents • DHCP • Workspace DHCP delivery method • Ad hoc methods • E.g., current workspace tools, configuring certificates, etc. • Configuration tools • Needed for application-specific tools • Delivery methods • Kernel parameters • Secure communication over the network • Files http://workspace.globus.org

  21. Appliance Layers • Layered Appliance • A set of interdependent layers • Appliance layers • Less data needs to travel • More flexible • Faster deployment • Trust management • Collaborative aspects of configuration Customization Layer Application Layer VO Layer System Layer http://workspace.globus.org

  22. build an appliance update an appliance manage appliance deployment New Roles Appliance Producer (Virtual Organization) Appliance Deployer (Resource Providers) http://workspace.globus.org

  23. Conclusions • Virtualization has the potential to allow providers to reach more users • Flexibility, fast turnaround, etc. • Examples: EC2 and others • Configuration management is increasing in importance important • Configuration for the masses… • We have the methods, but they need to be adapted • The role of VOs will grow • VO administrators trusted by the sites • VO security procedures http://workspace.globus.org

  24. Credits • Workspace team • Tim Freeman, Borja Sotomayor • Bcfg2 • Rick Bradshaw, Narayan Desai • Thanks to • Brett Adam, Ian Foster, Frank Siebenlist, Ravi Subramaniam, Marty Wesley http://workspace.globus.org

More Related