Polish Infrastructure for Supporting Computational Science in the European Research Space User Oriented Provisioning of Secure Virtualized Infrastructure Authors: Marcin Jarząb, Jacek Kosiński, Krzysztof Zieliński, Sławomir Zieliński Speaker: Marcin Jarząb ACK Cyfronet Cracow Grod Workshop 2011 Kraków, November 8 2011 EUROPEAN UNION Problem Statement Providing secure virtualized infrastructure to end-user is a very complex task Organization of groups of VM instances, Securing the access, Compute, Network and Storage resource management, Middleware and application configuration related to multi-tenancy support. Solving such a issue requires Well-structured provisioning process enabling dialog between provider and end-user, Software solution that automate many tasks related to the process. 2 Agenda VM Set concept description, User-oriented provisioning process organization of the virtualized infrastructure, Architecture of the solution enabling realization of such process, Implementation status, Summary. 3 Concept of the VM Set Set of VM appliances interconnected with virtual network – IaaS, Software platform specification – PaaS, Users access policy, Lease period. VM Set Requirements Specification by the users, VM Set Deployment Description document used by the provider, Similar to Vmware vApps, but more flexible. 4 Provisioning Process Organization Complex element of the process Captures knowledge about the application to be deployed, User asks infrastructure provider to create and expose a VM Configuration templates applicable to different settings (portSet numbers, app args.), Tasks required of the provider to implement the logical representation Filing out a predefined request form. Tools If the required resources are not available, the instantiation must Open Virtualization Format providing a means to package virtual infrastructure remain in the pending state until the problem is resolved. Involves deployment of specific VMs with the required configuration of OS deployments, and application resources OS: Vmware Studio, OpenQRM, xCAT, Ensures that requirements are validated against infrastructure provider Automated middleware configuration and tuning, capabilities Middleware: Puppet, Chef, SmartFrog, CFEngine. Networking services; VLAN, VPN, Dynamic composition Security policy, of VM appliances Can be achieved by the OVF and OS/middleware provisioning tools. Cloud Architecture Patterns- VM Factory,VM Template. Available resources. 5 Provisioning Infrastructure Architecture Designed according to Service Oriented Infrastructure paradigm, Infrastructure tools exposed with services. User Access Services supporting secure external user connectivity, Boot Services - supporting addition of new hardware to the provider’s infrastructure, Repositories – configuration data, VM Set definitions and VM appliances, Infrastructure Management Services - abstraction layer for the computing infrastructure provisioning process. 6 Implementation status Solaris OS Solaris Containers, ZFS for Storage Virtualization, Solaris Cluster for HA of Infrastructure Services. LDAP database for Configuration Repositories, Java Management Extensions (JMX) components for Infrastructure Management Services, JBoss jBPM suite for Provisioning Engine. 7 Summary Virtualized Infrastructure provisioning according to detailed user requirements can be efficiently implemented Organization of the process, Organization of the VM appliances – VM Sets, Flexible Infrastructure Management Framework. In shared environments there must be preserved QoS contracts of already running VM Sets, Constant governance is required with policies. Scalability; network and storage. 8