Virtual Appliances for Scientific Applications Kate Keahey [email protected] Argonne National Laboratory University of Chicago
Mar 27, 2015
Virtual Appliances for Scientific Applications
Kate [email protected]
Argonne National LaboratoryUniversity of Chicago
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
The Grid Metaphor
How do we store energy?
How do we charge for energy?
How do we reliably deliver energy?
What happens if a power station fails?
How do we ensure quality of service?
What elements make for a safe and efficient power Grid?
How do we make sure that supply meets demand?
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Computational Grids
How do we store computing?
How do we charge for computing?
How do we reliably deliver cycles?
What happens if a power station fails?
How do we ensure quality of service?
What elements make for a safe and efficient power Grid?
How do we make sure that supply meets demand?
What is the “unit” of resource usage?
How can we manage different computing environments?
How can we ensure that disk, CPUs, network are all available?
How can we negotiate for computation?
NCSA
ANLCaltech
SDSC
Tera Grid
Grid Middleware
How can we use Grid resources as easily andintuitively as we use electrical power today?
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Provisioning Critical Resources
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Quality of Service Issues of control
Trust management Dynamic relationships
Protocols to negotiate SLA-based relationships Enforcement tools What worked
Coarse-grained sharing for relatively tight-knit communities with strong incentives to collaborate
Non-critical needs Informal relationships
What proved difficult: Formal sharing for loosely knit communities
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Quality of Life Lots of heterogeneous resources, none of them good for
my application Consistent environment Short-term leasing
Changing configuration quickly, quick turnaround Some examples:
Support for legacy physics applications Unusual platforms needed by ornitologists Climate scientists need very consistent configurations
What worked Access to resources with standardized configuration Tightly-knit communities Everything else proved difficult
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Workspaces for Grid Computing
Virtual Workspace Environment definition Resource allocation
The GT4 Virtual Workspace Service (VWS) allows an authorized client to deploy and manage
workspaces on-demand. GT4 WSRF-based protocol set, leverages multiple GT
services Multiple back-ends possible, currently using Xen http://workspace.globus.org
Paper: Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid, Scientific Programming Journal
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Workspace Service
Poolnode
Trusted Computing Base (TCB)
ImageNode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
The workspace service has a WSRF frontend that allows users to deploy and manage
virtual workspaces
The VWS manages a set of nodesinside the TCB (typically a cluster).
This is called the node pool.
Each node must have a VMM (Xen)installed, along with the workspacebackend (software that manages
individual nodes)
VM images are staged to adesignated image node
inside the TCB
VWSNode
VWSService
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
ImageNode
Deploying Workspaces
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Workspace Deployment Request
-Workspace metadata-Describes the workspace-Contextualization information (IP, security,partitions,etc.)
-Resource Allocation-Specifies availability, CPU%, disk, memory, nodes, etc.
VWSService
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
ImageNode
Interacting with Workspaces
Poolnode
Trusted Computing Base (TCB)
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
The workspace service publishesinformation on each workspace
as standard WSRF ResourceProperties.
Users can query thoseproperties to find out
information about theirworkspace (e.g. what IP
the workspace was bound to) as well as
manage the resources a workspace was
assigned
Users can interact directly with their
workspaces the same way the would with a
physical machine.
VWSService
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
The Case of OSG Edge Services
CDF
CMS ATLAS
Guest VO
ESF
SE CE
Site
GT4 Workspace Service & VMM
Dynamically deployed ES Wafers for each VO
Wafer images stored in SE
Compute nodes and Storage nodes
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
OSG Edge Services Requirements:
Edge Services are VO-specific Resource usage negotiation and enforcement
Features: IP addresses Management Host certificates for Edge Services, naming issues Resource allocation (re)negotiation Integration into the local infrastructure
Challenges: Image configuration and maintenance Fine-grain resource usage enforcement Running out of public IPs…
Paper: Division of Labor: Tools for Growth and Scalability of Grids, ICSOC 2006
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
The Case of the OSG Virtual Cluster
ImageNode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
Poolnode
VWSService
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
OSG Virtual Cluster
Requirements: Leasing/Glide-ins: resource allocation for VO-specific
computation Short execution time, workflows
Scientific gateways Features:
Describing and managing aggregate workspaces Application-specific configuration on the fly
Challenges: Integration with local scheduling infrastructure
Paper: Virtual Clusters for Grid Communities, CCGrid 2006 (TR2005)
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
no STAR
The Case of the STAR Application
no STAR
no STAR
STAR
STAR
STAR
VWS
GRAM
STAR
GRAM
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
STAR Application
Requirements: Hard-to-install legacy applications Consistent environment requirements
Features: Image size (6-10 GB), 8 min deployment time Image Caching
Challenges: Integration with local scheduling infrastructure
Presentation: Virtual Workspace Appliances, SC06
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
The Case of the Alice Application
Requirements: Pull-based computing model
Features: Partition management
Blank partitions Partition sharing between workspaces
Capability maching Workspace descriptions Factory pre-reqisites
Ongoing effort
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Moving Forward Deployment: a chicken and egg problem
The Chicken: overcoming Xenophobia Hypervisor installations are invasive Security: the cure or the disease? Infrastructure: scheduling, etc. Incentives
The Egg: users Where do I get an image from? VO administrators How do we describe, identify, query for images?
Integrated vision of knitting multiple resources together
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Overall Approach
Appliance Producer
ApplianceDeployment
build an appliance
update an appliance
manage appliance deployment
Appliance Management
A
A’
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Deployment (1)
Matching Appliances to Resources Appliance meta-data
VM image? What VMM, architecture, etc.
Resource characteristics What kind of appliances am I willing to deploy?
Workspace Service Workspace meta-data VWS Factory pre-conditions
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Deployment (2)
Establishing trust in an appliance Assert appliance properties, sign them to
the image Direct or indirect assertion
Trust the process, not just the person Probe appliances
Presentation: Making your workspace secure: establishing trust with VMs in the Grid, SC05
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Deployment (3)
Adapting appliances for deployment IP address delivery Generating certificates Making an appliance work within a specific
deployment framework (contextualization) Virtual clusters Application-level configuration
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Producing Appliances
Configuration for the masses The profile of an appliance configurer has
changed Building appliances incrementally Appliance attestation
Functionality testing Trust the process, not just the person
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Managing Appliances
Security updates Security RSS Feed
Bugtraq, US-CERT Security Advisories
Will the system still work? Functionality testing
Component dependencies
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Appliance Layers
Layered Appliance A set of interdependent
layers
Appliance layers Less data needs to
travel More flexible Faster deployment Trust management
Collaborative aspects of configuration
System Layer
Customization Layer
Application Layer
VO Layer
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Virtual Organizations
myVO.org
grid-proxy-init
Sharing resources: images, hardware, networks, storage facilities, security context
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Conclusions
We need languages and protocols to describe, discover and name appliances
Growing role of a VO Configuration management Virtual networks and namespaces Beyond a security context
Sustainable deployment model How does producing, deploying and
managing appliances work together?
VAs for Scientific Computing Virtual Appliances Leadership Summit 2007
Credits
Workspace team Tim Freeman, Borja Sotomayor
Guest appearances Rick Bradshaw, Predrag Buncic, Narayan
Desai, Abhishek Rana, Frank Siebenlist, Doug Olson, Frank Wuerthwein and others.