1 / 21

GENI Software

GENI Software . Marshall Brinn, GPO Architect January 7, 2013. Outline. GENI Principles GENI Software Categories GENI Software Details GENI Software Requirements. GENI Principles.

lindley
Download Presentation

GENI Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GENI Software Marshall Brinn, GPO Architect January 7, 2013

  2. Outline • GENI Principles • GENI Software Categories • GENI Software Details • GENI Software Requirements

  3. GENI Principles • The GENI Architecture Team has recently worked to define and publish a set of concise statements that define the GENI project and architecture efforts: • Differentiators: What makes GENI different from other cloud infrastructures or distributed test-beds? • Principles: What are GENI’s essential motivating values and goals? • Requirements: What are the top level system requirements that drive the architecture and implementation? While still a work-in-progress, we hope they convey a good sense of the “what” and “why” of GENI.

  4. GENI Differentiators • GENI provides open access to resources to the American academic and research community • GENI provides custom, segregated and programmable computation, network and storage topologies • GENI provides low-level metrics on hardware substrate to facilitate repeatable experimentation in virtual environments • GENI provides access to uncommon or expensive resources to researchers  • GENI provides resources with broad geographic diversity, spanning the United States and providing access to international federation resources • GENI provides the ability for users to 'opt-in' their internet traffic to experimental services or networks

  5. GENI Principles • GENI is dedicated to supporting science and network experimentation and researchers • GENI is a federation of autonomous test-beds and resources • GENI establishes a common trust fabric to allow disparate resources to interoperate reliably • GENI establishes and enforces policies that provide assurances to resource owners that their resources will not be misused.  • GENI federation members agree to abide by these policies in exchange for these assurances. • GENI supports interoperability among disparate resources and control frameworks

  6. GENI Requirements • GENI will provide custom, segregated and programmable computation, network and storage topologies • GENI will provide common authentication and authorization services to support federated aggregates in validating experimenter resource requests • GENI will provide support for protecting federated aggregates from misuse by, at least, forensics and slice shutdown services

  7. GENI Software Context Review Federation: A collection of people and institutions who agree to share resources and abide by common procedures in order to share resources in a reliable, mutually beneficial manner. Operations Center: Processes and tools monitoring activity on GENI resources for adherence to policies. Clearinghouse: Set of services establishing federation-level authentication, authorization and accountability of experimenter use of federation resources. Tools: Software capabilities that interact with federation resources on behalf of experimenters Aggregates: Software entities that represent federated resources in transactions with experimenter tools. Resources: Physical resources (compute, network, storage) made available to the federation by means of a participating aggregate. Experimenter: A researcher seeking to perform network experiments on customized data plane. Grey boxes are real-world entities, represented in software by Purple boxes.

  8. GENI Software Suite • Aggregate Managers: Allows the owner of a set of resources to share these resources with the GENI federation by means of the GENI Aggregate Manager (AM) API • Experimenter Tools: Allows an experimenter to express and implement their needs for resources and topologies and experiment configurations • Clearinghouse: Establish federation-level trust, identity, policy • GMOC: Support forensics and high-level oversight, monitoring and management of GENI operations

  9. GENI Software Suite: Aggregate Manager Think of the Aggregate Manager as providing Control Plane and Management Plane operations on customized Data Planes • Control Plane: Creates custom Data Plane topologies • Slicing Services: HyperVisors (OpenStack, KVM, Xen) • Programmability Services: OpenFlow • Stitching Services: Intra-Aggregate and Inter-Aggregate services for stitching cross-aggregate topologies • Management Plane: Monitoring Aggregate behavior, taking protective action if necessary • GMOC Monitoring/Reporting/Control Interface

  10. GENI Software Suite: Aggregate Manager [2] Any service that presents resources in accordance with the GENI AM API is an Aggregate Manager. There are several implementations that are deployed and interoperate within the GENI federation • ProtoGENI / InstaGENI: Developed and maintained by University of UTAH, partnered with HP and Princeton, derived from Emulab capability • ORCA / ExoGENI: Developed and maintained at RENCI in North Carolina • FOAM/FlowVisor : Maintained by Open Network Labs, presents OpenFlow “flow space” as an virtual resource

  11. GENI Software Suite: Experimenter Tools • Resource Management Tools: Allow experimenters to express and build custom topologies • GENI Portal: Web-based access to Clearinghouse services and Aggregate resources • Emphasis on making “Simple things simple, Difficult things possible” • Omni: Command-line interface to Aggregate resources • FLACK: Graphical interface to building and viewing custom topologies

  12. GENI Software Suite: Experimenter Tools [2] • Experiment Management Tools: Support configuring and running experiments on the GENI-provided data plane, and reviewing/analyzing results • Orchestration: OMF, GUSH • Instrumentation/Monitoring: GEMINI and GIMI projects esp. GEMINI Portal, LabWIKI • Archiving/Analysis: iRODS, UNIS

  13. GENI Software Suite: Clearinghouse • Series of federation-level services to establish broad common trusted sense of identity and policy • Introduces “Project” level of management of activity on slices/slivers • Establishes privileges of experimenters based on their roles on “projects” • Establishes accountability (“one neck to wring”) for all activity on a project to that project’s PI • Establishes federation-level certificates and trust roots to enable all tools and aggregates to interoperate reliably • Establishes a common directory of federation-level services for other services to discover one another

  14. GENI Federation Software Architecture Schematic GMOC GENI Clearinghouse Identity Provider Service Authority Logging Service Credential Store AuthZ Service Project Authority Slice Authority Member Authority Aggregate Experimenter Tool

  15. GENI Software Suite: GMOC The GENI Meta-Operations Center (GMOC) provides top-level oversight and management services to protect resources against misuse (intentional or not) • Forensics: Detailed logging of operations and metrics on resources for real-time monitoring and post-analysis of experiments, failures, misbehavior • What operations were taken by whom when? • What level of network or compute activity was taking place on which resources? • What slivers belong to which slices, projects, PI’s? • Management: Ability to determine a misbehaving experiment (intentionally or not) and shut it down on all participating aggregates without impacting other co-located experiments

  16. Aggregate Manager: Managing Campus Boundaries for Experiments Policy and trust inputs allow the campus to control which requests flow over the control plane, including which resources are connected to the data plane. • Control/Management Plane (IP) • AM API Requests/Responses • GENI CH Credentialing • GMOC Control Messages • GMOC Monitoring • Data Plane (L2) • Trans-Aggregate Experiment Traffic Aggregate Manager • Shibboleth AuthN • InCommon AuthN • PKI-based Credentials • VLAN-based segregation • Signed, Authenticated Requests • Slice/Sliver Expiration • FOAM ‘FlowSpace’ Authorization • ABAC-based AuthZ (Future) OUTSIDE CAMPUS FW INSIDE CAMPUS FW RESOURCE RESOURCE GENI and Campus Resources

  17. GENI Aggregate Authentication • GENI Authentication is based on: • InCommon Identity Provider (IDP) of users signing into GENI tools • Shibboleth provides single sign-on sessions based on this identity • GENI participating campuses should be members of the OCI-sponsored InCommon Federation, which provides trusted and validated user credentials • Organizations should provide “Research and Scholarship” InCommon category IDP’s • https://spaces.internet2.edu/display/InCCollaborate/Research+and+Scholarship+Category • Provides information such as Affiliation, Email, Name [First, Last], EPPN • GPO provides a default IDP for campuses that do not yet provide such an IDP

  18. GENI Policy Management • GENI Aggregates use policy to control its responses to critical questions such as: • Which experimenters do I trust? • With which other aggregates am I willing to collaborate? • How many resources should I allocate to which experimenters or experiments? • Currently, the GENI Clearinghouse presents a bundle of ‘trusted roots’ that federated aggregates accept and thereby trust any credential signed by someone trusted by GENI. • In the future, GENI expects to use the far more expressive ABAC language to capture and police policy statements Note that the expressing and policing of policy statements can and is done in software. But the establishment of these policies and trust are human and inter-organizational (out-of-band) actions.

  19. Deployment Requirements: Software This list is not complete and may vary by the type of rack, but provides a sense of the kinds of requirements to deploy a GENI rack • Hardware Configuration • Encoding hardware configuration details such as switch configurations, compute node MAC’s and switch ports, dedicated VLAN’s, capacities/constraints of H/W, QoS budgets • Integration with Campus Infrastructure • Integration with site health/reporting tools (is rack up?) • Rack power-down/reboot integration with site management tools • GENI Federation • Installation of GENI trust roots • Creation/distribution of GENI-signed credentials

  20. Software Plans and Milestones

  21. Summary • The GENI Federation is a collaborative effort among people: experimenters, resource owners and network managers • The GENI project provides a broad range of software tools that represent the interests of these people to allow them to share resources in a trusted, efficient manner

More Related