110 likes | 220 Views
GENICloud. Types of Clouds. GENICloud Architecture. Challenge 1: Security Policy. Experimenters have public-facing VMs What can go wrong? Sites have specific firewall policies. Challenge 2: Availability. All types of failures Machine room (nature, mechanical) Expiring DHCP leases
E N D
Challenge 1: Security Policy • Experimenters have public-facing VMs • What can go wrong? • Sites have specific firewall policies
Challenge 2: Availability • All types of failures • Machine room (nature, mechanical) • Expiring DHCP leases • Software problems • Obstacles to fast recovery • Distributed administrative domains • Restricted physical access • Default services turned off
Challenge 3: Understanding Your Audience • Physical Hosts, Virtual Machines or Processes? • Custom images / hardware/ Kernels? • Performance isolation? Privacy? • How much scale do we need per host? • Do you care about the xyz interface?
Challenge 4: Federation • Site-specific firewalls/proxies • International laws about content, liability • Sustainability
Challenge 5: Miscellaneous • Naming • Rspec • Educating users / Documentation
Naming Service <instance>.<slice>.<site>.geni-cloud.net boss.<site>.geni-cloud.org • Bind9 server at each authority • AM Sends updated list of instance.slice.site ex: foobar.myslice.hp.geni-cloud.net
Best Practices / Lessons Learned • Framework for monitoring/accounting • Need to treat machines as throw-away • Leverage mature management software
Questions – Chaos!! • On-node virtualization interface: containers vs. virtual machines. • What are the tradeoffs? • Security in GENICloud, including ABAC, • certs, • sign-on restrictions • Use of private networks • restrictions, and how do we use them • from machines connected to the public Internet? • Integration with OpenFlow: • what do we need • how do we do it?