Converged Cloud Computing That's Secure, Fast, or Cheap: Pick Three

1. Fast,2. Secure, or3. Cheap

Pick Three

Carina C. Zona

Converged Compute

Carina C. [email protected]

@cczona

Talk + Workshop

SECURE, FAST, OR CHEAP?

Fast & safe execution

of untrusted user code

open source sponsored by

Rackspace

secure.lightweight.

app executionenvironment.

scaling.process isolation.

Secureexecution

NaCL

Static binary validation

Processes can't jump, communicate,

or coordinate.

ZeroVM

nearly no syscalls

pread

pwrite

jail

unjail

fork

exit

Channels

Lightweight

VMsFat

• Shared resources

• Slow spin-up

• Resource hog

• Resource bloat

ContainersLeaner.

• However...

• Shares even more resources than VMs -> increasing contamination risk

• Excessive resources

ZeroVM : Egg Crates::

Container : Shipping Crates

Optimized for safe multi-tenancy

75kb 5-35ms

Massivelyscalable

Secure Scalable Execution

NaCl + zrt = ZeroVMsecure,

fast, and

cheap

Execute within the datastore

Converged compute

Converged Compute(securely & scalably)

ZeroVM + Swift = ZeroCloud secure, fast, and

cheap

Write Python appsas if they're

stored proceduresthat can

MapReduce

ZeroCloud Use Cases

1. compute on cold files

2. text analysis

3. image & video manipulation

4. auditing

5. embedded

environment • NaCL

• run isolated processes, securely

• execution environment

• scale execution

• Linux namespacing (similar to LXC)

• run isolated apps, conveniently

• infrastructure manager

• scale deployment

primary context

• production

• isolation for restricting things' access to kernel

• deployment

• isolation for layering things on kernel

strengths • determinism

(executables run the same every time)

• isolation from kernel

• disposable processes

• fine-grained metering

• embeddable

• parallelization

• portability

(server templates run the same anywhere)

• ease of use

• ecosystem

• abundance of templates & plugins

• institutional adoption

(Rackspace, New Relic, Google)

Constraints• X86 64

• cross-compile

• C & Python*

• Deterministic

• Single threaded

• MapReduce:1,000 instances**

building blocks

zerovm.orgdocs.zerovm.org

github.com/zerovm

…STARTING IN A FEW MINUTES…

ZeroVM Hands-On Workshop

Lars Butler, Egle Sigler, & Cody Bunch

Image Creditsphotos via Flickr under license of

Creative Commons Commercial Use

"Infinite Box" by rumo_der_wolperdinger

"Pink Balloon" by Alan

"Carroll House Shipping Container Home" by Inhabit Blog

"10,000 Shipping Containers Lost At Sea Each Year" by Paul Townsend

"A-salt-ed!" by JD Hancock

"Eggs" by Pietro Izzo

"debug version 2" by Franz & P

"shake your tail feather" by emdot

"Monster Trucks Live - 29th September 2013" by John5199

"Secure Cloud Computing" by FutUndBeidl

"Door knob with lockbox" by REO

"Engine Arm Aqueduct - BCN Old Main Line - Wolverhampton Level" by Elliott Brown

"One Set of Building Blocks" by Hans and Carolyn

"The pointed arches of al-As" by Asim Bharwani

"Kacao77 & Persue SeventhLetter Exchange LosAngeles Graffiti Art" by A Sin

"128/365 Chilling on the Trampoline" by Leah Tautkute

untitled [Tel N°] by Al King

"NOW! That's What I Call Music." by kozumel

Image Creditsfrom additional sources

"Ketchup" designed by Tom Glass, Jr. from the thenounproject.com

Chromium logo by Logonoid

Manta logo by Joyent

"The dark side in a whole new light: Evil Star Wars Stormtrooper photographed in tender scenes with young son" by Kristina Alexanderson, in the Daily Mail

Resource Credits

• "Zerovm background" by Prosunjit Biswas http://www.slideshare.net/prosunjit/zerovm-background

• "Docker & Containerization: "Milliseconds Matter" by Ben Golub http://cloudcomputing.sys-con.com/node/3073584

• ZeroVM documentation http://zerovm.org & http://docs.zerovm.org/

• "Cluster-wide Java/Scala application deployments with Docker, Chef and Amazon OpsWorks" by Adam Warski http://www.warski.org/blog/2014/06/cluster-wide-javascala-application-deployments-with-docker-chef-and-amazon-opsworks/