User Oriented Provisioning of Secure Virtualized Infrastructure

1. User Oriented Provisioning of Secure Virtualized Infrastructure Authors: Marcin Jarząb, Jacek Kosiński, Krzysztof Zieliński, Sławomir ZielińskiSpeaker: Marcin Jarząb ACK Cyfronet Cracow Grod Workshop 2011 Kraków, November 8 2011

2. Problem Statement • Providing secure virtualized infrastructure to end-user is a very complex task • Organization of groups of VM instances, • Securing the access, • Compute, Network and Storage resource management, • Middleware and application configuration related to multi-tenancy support. • Solving such a issue requires • Well-structured provisioning process enabling dialog between provider and end-user, • Software solution that automate many tasks related to the process.

3. Agenda • VM Set concept description, • User-oriented provisioning process organization of the virtualized infrastructure, • Architecture of the solution enabling realization of such process, • Implementation status, • Summary.

4. Concept of the VM Set • Set of VM appliances interconnected with virtual network – IaaS, • Software platform specification – PaaS, • Users access policy, • Lease period. • VM Set Requirements Specification by the users, • VM Set Deployment Description document used by the provider, • Similar to Vmware vApps, but more flexible.

5. Complex element of the process • Captures knowledge about the application to be deployed, • Configuration templates applicable to different settings (port numbers, app args.), • Tools • Open Virtualization Format providing a means to package virtual infrastructure deployments, • OS: Vmware Studio, OpenQRM, xCAT, • Middleware: Puppet, Chef, SmartFrog,CFEngine. • Dynamic composition of VM appliances • Cloud Architecture Patterns- VM Factory,VM Template. • User asks infrastructure provider to create and expose a VM Set • Filing out a predefined request form. • Tasks required of the provider to implement the logical representation • If the required resources are not available, the instantiation must remain in the pending state until the problem is resolved. • Involves deployment of specific VMs with the required configuration of OS and application resources • Automated middleware configuration and tuning, • Networking services; VLAN, VPN, • Can be achieved by the OVF and OS/middleware provisioning tools. • Ensures that requirements are validated against infrastructure provider capabilities • Security policy, • Available resources. Provisioning Process Organization

6. Provisioning Infrastructure Architecture • Designed according to Service Oriented Infrastructure paradigm, • Infrastructure tools exposed with services. • User Access Services -supporting secure external user connectivity, • Boot Services - supporting addition of new hardware to the provider’s infrastructure, • Repositories – configuration data, VM Set definitions and VM appliances, • Infrastructure Management Services - abstraction layer for the computing infrastructure provisioning process.

7. Implementation status • Solaris OS • Solaris Containers, • ZFS for Storage Virtualization, • Solaris Cluster for HA of Infrastructure Services. • LDAP database for Configuration Repositories, • Java Management Extensions (JMX) components for Infrastructure Management Services, • JBoss jBPM suite for Provisioning Engine.

8. Summary • Virtualized Infrastructure provisioning according to detailed user requirements can be efficiently implemented • Organization of the process, • Organization of the VM appliances – VM Sets, • Flexible Infrastructure Management Framework. • In shared environments there must be preserved QoS contracts of already running VM Sets, • Constant governance is required with policies. • Scalability; network and storage.