EUROPEAN UNION

Polish InfrastructurePolish Infrastructurefor Supporting Computational Sciencefor Supporting Computational Science

in the European Research Spacein the European Research Space

User Oriented Provisioning of Secure User Oriented Provisioning of Secure Virtualized InfrastructureVirtualized Infrastructure

Authors: Authors: Marcin Jarząb, Jacek Kosiński, Marcin Jarząb, Jacek Kosiński, Krzysztof Zieliński, Sławomir ZielińskiKrzysztof Zieliński, Sławomir Zieliński

Speaker: Speaker: Marcin JarząbMarcin Jarząb

ACK CyfronetACK Cyfronet

Cracow Grod Workshop 2011

Kraków, November 8 2011

2

Problem StatementProblem Statement

Providing secure virtualized infrastructure to end-user is a very complex task Organization of groups of VM instances, Securing the access, Compute, Network and Storage resource management, Middleware and application configuration related to multi-tenancy

support.

Solving such a issue requires Well-structured provisioning process enabling dialog between provider

and end-user, Software solution that automate many tasks related to the process.

3

AgendaAgenda

VM Set concept description,User-oriented provisioning process organization of the

virtualized infrastructure,Architecture of the solution enabling realization of such

process, Implementation status,Summary.

4

Concept of the VM Set Concept of the VM Set

Set of VM appliances interconnected with virtual network – IaaS,

Software platform specification – PaaS,

Users access policy, Lease period.

VM Set Requirements Specification by the users,

VM Set Deployment Description document used by the provider,

Similar to Vmware vApps, but more flexible.

5

Provisioning Process OrganizationProvisioning Process Organization

Ensures that requirements are validated against infrastructure provider capabilities

Security policy, Available resources.

User asks infrastructure provider to create and expose a VM Set Filing out a predefined request form.

Complex element of the process Captures knowledge about the application to be deployed, Configuration templates applicable to different settings (port numbers, app args.),

Tools Open Virtualization Format providing a means to package virtual infrastructure

deployments, OS: Vmware Studio, OpenQRM, xCAT, Middleware: Puppet, Chef, SmartFrog, CFEngine.

Dynamic composition of VM appliances Cloud Architecture Patterns- VM Factory,VM Template.

Tasks required of the provider to implement the logical representation If the required resources are not available, the instantiation must

remain in the pending state until the problem is resolved. Involves deployment of specific VMs with the required configuration of OS and application resources

Automated middleware configuration and tuning, Networking services; VLAN, VPN, Can be achieved by the OVF and OS/middleware provisioning tools.

6

Provisioning Infrastructure ArchitectureProvisioning Infrastructure Architecture

Designed according to Service Oriented Infrastructure paradigm,

Infrastructure tools exposed with services.

User Access Services -supporting secure external user connectivity,

Boot Services - supporting addition of new hardware to the provider’s infrastructure,

Repositories – configuration data, VM Set definitions and VM appliances,

Infrastructure Management Services - abstraction layer for the computing infrastructure provisioning process.

7

Implementation statusImplementation status

Solaris OS Solaris Containers, ZFS for Storage Virtualization, Solaris Cluster for HA of Infrastructure Services.

LDAP database for Configuration Repositories, Java Management Extensions (JMX) components for Infrastructure Management Services, JBoss jBPM suite for Provisioning Engine.

8

SummarySummary

Virtualized Infrastructure provisioning according to detailed user requirements can be efficiently implemented Organization of the process, Organization of the VM appliances – VM Sets, Flexible Infrastructure Management Framework.

In shared environments there must be preserved QoS contracts of already running VM Sets, Constant governance is required with policies.

Scalability; network and storage.