Upload
fritz
View
49
Download
1
Tags:
Embed Size (px)
DESCRIPTION
User Oriented Provisioning of Secure Virtualized Infrastructure. Authors: Marcin Jarząb, Jacek Kosiński, Krzysztof Zieliński, Sławomir Zieliński Speaker: Marcin Jarząb ACK Cyfronet. Cracow Grod Workshop 2011 Kraków, November 8 2011. Problem Statement. - PowerPoint PPT Presentation
Citation preview
EUROPEAN UNION
Polish InfrastructurePolish Infrastructurefor Supporting Computational Sciencefor Supporting Computational Science
in the European Research Spacein the European Research Space
User Oriented Provisioning of Secure User Oriented Provisioning of Secure Virtualized InfrastructureVirtualized Infrastructure
Authors: Authors: Marcin Jarząb, Jacek Kosiński, Marcin Jarząb, Jacek Kosiński, Krzysztof Zieliński, Sławomir ZielińskiKrzysztof Zieliński, Sławomir Zieliński
Speaker: Speaker: Marcin JarząbMarcin Jarząb
ACK CyfronetACK Cyfronet
Cracow Grod Workshop 2011
Kraków, November 8 2011
2
Problem StatementProblem Statement
Providing secure virtualized infrastructure to end-user is a very complex task Organization of groups of VM instances, Securing the access, Compute, Network and Storage resource management, Middleware and application configuration related to multi-tenancy
support.
Solving such a issue requires Well-structured provisioning process enabling dialog between provider
and end-user, Software solution that automate many tasks related to the process.
3
AgendaAgenda
VM Set concept description,User-oriented provisioning process organization of the
virtualized infrastructure,Architecture of the solution enabling realization of such
process, Implementation status,Summary.
4
Concept of the VM Set Concept of the VM Set
Set of VM appliances interconnected with virtual network – IaaS,
Software platform specification – PaaS,
Users access policy, Lease period.
VM Set Requirements Specification by the users,
VM Set Deployment Description document used by the provider,
Similar to Vmware vApps, but more flexible.
5
Provisioning Process OrganizationProvisioning Process Organization
Ensures that requirements are validated against infrastructure provider capabilities
Security policy, Available resources.
User asks infrastructure provider to create and expose a VM Set Filing out a predefined request form.
Complex element of the process Captures knowledge about the application to be deployed, Configuration templates applicable to different settings (port numbers, app args.),
Tools Open Virtualization Format providing a means to package virtual infrastructure
deployments, OS: Vmware Studio, OpenQRM, xCAT, Middleware: Puppet, Chef, SmartFrog, CFEngine.
Dynamic composition of VM appliances Cloud Architecture Patterns- VM Factory,VM Template.
Tasks required of the provider to implement the logical representation If the required resources are not available, the instantiation must
remain in the pending state until the problem is resolved. Involves deployment of specific VMs with the required configuration of OS and application resources
Automated middleware configuration and tuning, Networking services; VLAN, VPN, Can be achieved by the OVF and OS/middleware provisioning tools.
6
Provisioning Infrastructure ArchitectureProvisioning Infrastructure Architecture
Designed according to Service Oriented Infrastructure paradigm,
Infrastructure tools exposed with services.
User Access Services -supporting secure external user connectivity,
Boot Services - supporting addition of new hardware to the provider’s infrastructure,
Repositories – configuration data, VM Set definitions and VM appliances,
Infrastructure Management Services - abstraction layer for the computing infrastructure provisioning process.
7
Implementation statusImplementation status
Solaris OS Solaris Containers, ZFS for Storage Virtualization, Solaris Cluster for HA of Infrastructure Services.
LDAP database for Configuration Repositories, Java Management Extensions (JMX) components for Infrastructure Management Services, JBoss jBPM suite for Provisioning Engine.
8
SummarySummary
Virtualized Infrastructure provisioning according to detailed user requirements can be efficiently implemented Organization of the process, Organization of the VM appliances – VM Sets, Flexible Infrastructure Management Framework.
In shared environments there must be preserved QoS contracts of already running VM Sets, Constant governance is required with policies.
Scalability; network and storage.