User Oriented Provisioning of Secure Virtualized Infrastructure

advertisement
Polish Infrastructure
for Supporting Computational Science
in the European Research Space
User Oriented Provisioning of Secure
Virtualized Infrastructure
Authors: Marcin Jarząb, Jacek Kosiński,
Krzysztof Zieliński, Sławomir Zieliński
Speaker: Marcin Jarząb
ACK Cyfronet
Cracow Grod Workshop 2011
Kraków, November 8 2011
EUROPEAN UNION
Problem Statement
 Providing secure virtualized infrastructure to end-user is a very
complex task
 Organization of groups of VM instances,
 Securing the access,
 Compute, Network and Storage resource management,
 Middleware and application configuration related to multi-tenancy
support.
 Solving such a issue requires
 Well-structured provisioning process enabling dialog between provider
and end-user,
 Software solution that automate many tasks related to the process.
2
Agenda
 VM Set concept description,
 User-oriented provisioning process organization of the
virtualized infrastructure,
 Architecture of the solution enabling realization of such
process,
 Implementation status,
 Summary.
3
Concept of the VM Set
 Set of VM appliances
interconnected with
virtual network – IaaS,
 Software platform specification
– PaaS,
 Users access policy,
 Lease period.
 VM Set Requirements
Specification by the users,
 VM Set Deployment Description
document used by the provider,
 Similar to Vmware vApps, but
more flexible.
4
Provisioning Process Organization
 Complex element of the process
 Captures knowledge about the application to be deployed,
 User
asks infrastructure
provider
to create
and expose
a VM
Configuration
templates
applicable
to different
settings
(portSet
numbers, app args.),
 Tasks required of the provider to implement the logical representation
 Filing out a predefined request form.
 Tools
 If the required resources are not available, the instantiation must
 Open Virtualization Format providing a means to package virtual infrastructure
remain in the pending state until the problem is resolved.
 Involves
deployment of specific VMs with the required configuration of OS
deployments,
and
application resources
 OS: Vmware Studio, OpenQRM, xCAT,
 Ensures that requirements are validated against infrastructure provider
 Automated middleware configuration and tuning,
capabilities
Middleware: Puppet, Chef, SmartFrog, CFEngine.
 Networking services; VLAN, VPN,
 Dynamic
composition
 Security
policy, of VM appliances
 Can be achieved by the OVF and OS/middleware provisioning tools.
 Cloud
Architecture
Patterns- VM Factory,VM Template.
Available
resources.
5
Provisioning Infrastructure Architecture
 Designed according to
Service Oriented Infrastructure
paradigm,
 Infrastructure tools exposed
with services.
 User Access Services supporting secure external user
connectivity,
 Boot Services - supporting
addition of new hardware to the
provider’s infrastructure,
 Repositories – configuration
data, VM Set definitions and VM
appliances,
 Infrastructure Management
Services - abstraction layer for
the computing infrastructure
provisioning process.
6
Implementation status
 Solaris OS
 Solaris Containers,
 ZFS for Storage Virtualization,
 Solaris Cluster for HA of Infrastructure Services.
 LDAP database for Configuration Repositories,
 Java Management Extensions (JMX) components for Infrastructure Management Services,
 JBoss jBPM suite for Provisioning Engine.
7
Summary
 Virtualized Infrastructure provisioning according to
detailed user requirements can be efficiently
implemented
 Organization of the process,
 Organization of the VM appliances – VM Sets,
 Flexible Infrastructure Management Framework.
 In shared environments there must be preserved QoS
contracts of already running VM Sets,
 Constant governance is required with policies.
 Scalability; network and storage.
8
Download