Cloud Computing

Orran Krieger, Senior Staff Engineer, VMware, Inc.; Adjunct Professor, CMU Tichomir Tenev, Senior Staff Engineer, VMware, Inc.

2010 VMware Inc. All rights reserved

Overview
1. 2. 3. 4.
What is cloud computing VMware vCloud abstractions VMware vCloud implementation challenges

Research opportunities

Confidential

What is cloud?

Get someone else to do your IT

IT dept.

Joes Widget Co.

4

Host it R us.

Joes Widget Co.

5

Host it R us.

Joes Widget Co.

6

Host it R us.

Joes Widget Co.

7

Host it R us.

Joes Widget Co.

8

$5/day

Host it R us.

Joes Widget Co.

9

$5/day

Host it R us.

Host 4 Less

Joes Widget Co.

10

$5/day

$3/day

Host it R us.

Host 4 Less

Joes Widget Co.

11

Host it R us.

Host 4 Less

Joes Widget Co.

12

Host it R us.

Host 4 Less

Joes Widget Co.

13

Host it R us.

Host 4 Less

Snoopys Startup
14

Host it R us.

Host 4 Less

Dogspace

Snoopys Startup
15

Host it R us.

Host 4 Less

Dogspace

DogTube

Snoopys Startup
16

Host it R us.

Host 4 Less

Dogspace DogFlix

DogTube

Snoopys Startup
17

Host it R us.

Host 4 Less

Dogspace DogFlix

DogTube dBay

Snoopys Startup
18

Host it R us.

Host 4 Less

Dogspace DogFlix

DogTube dBay

Snoopys Startup
19

Host it R us.

Host 4 Less

DogTube DogFlix dBay

Snoopys Startup
20

Host it R us.

Host 4 Less

DogTube dBay

Snoopys Startup
21

Host it R us.

Host 4 Less

dBay

Snoopys Startup
22

Host it R us.

Host 4 Less

dBay

Snoopys Startup
23

Host it R us.

Host 4 Less

dBay

Snoopys Startup
24

Host it R us.

Host 4 Less

dBay

Snoopys Startup
25

Host it R us.

Host 4 Less

26

What we really want

27

The Evolution Of Cloud

Software as a Service (SaaS):

Application hosted in the cloud. e.g., gmail, google apps, salesforce.com, wikipedia

Platform as a Service (PaaS):

Application development environment and runtime hosted in cloud. e.g., engine yard, Google App Engine, Force.com, SpringSource

Infrastructure as a Service (IaaS):

Developers/administrators obtain general computing, storage, messaging
services

e.g., Terremark, Amazon AWS, Mosso

28

It Started with SaaS/Web

Traditional software model
Develop

Test

Release

Install

Configure

Operate

SaaS model

Develop

Test

Operate

29

The Reality: Success Is Very Hard

Develop

Test

Operate

Most SW companies dont have the in-house skill to operate

at scale: e.g. loadbalancer, network config, security, disaster recovery, & 70%
of investment spent not enhancing application

Enormous investment required in application level to scale. So, successful SaaS vendors started building re-usable
platforms

30

Example Amazon IaaS

Elastic Compute (EC2)

Cloud Front

Simple DB

Amazon AWS

Simple Queue (SQS)

Simple Storage (S3)

31

Example

Animoto April 2008: Peak EC2 instances:

Mon 50, Tues 400, Wed 900, Friday 3400

32

Not a utility!

Very rich set of incompatible services from each vendor Locks out everyone else from innovating Doesnt work for all applications/workloads

33

The Evolution Of Cloud

Software as a Service (SaaS):

Application hosted in the cloud. e.g., gmail, google apps, salesforce.com, wikipedia

Platform as a Service (PaaS):

Application development environment and runtime hosted in cloud. e.g., engine yard, Google App Engine, Force.com, SpringSource

Infrastructure as a Service (IaaS):

Developers/administrators obtain general computing, storage, messaging
services

e.g., Terremark, Amazon AWS, Mosso

34

What Do We Really Want

Original vision of Utility/grid computing:
If computers of the kind I have advocated become the computers of the future, then computing may someday be organized as a public utility just as the telephone system is a public utility... The computer utility could become the basis of a new and important industry.

John McCarthy, MIT Centennial in 1961 Virtualization converts computation into a fungible commodity

35

Why would this be transformative

Nicholas Carr:
As with the factory-owned generators that dominated electricity production a
century ago, today's private IT plants will be supplanted by large-scale, centralized utilities.

Gets rid of key impediments to innovation:

Virtual appliance model for distributing installing applications. Avoids need for broad HCL, OS support, Availability of massive capacity on demand.

Enables long-tail in SW

36

Challenges

Very simple fungible commodity

Pure virtual abstractions: dont expose anything physical Standard/simple interfaces to allows for multiple implementations

Must be able to run all applications/workloads: Enterprise, web, HPC Scalability:

Scale up to massive data centers

Scale down to small internal deployments

Security/multitenancy

37

The Internal Cloud

PHYSICAL

VIRTUALIZED

INTERNAL CLOUD

R P 1

R P 2

HW HW HW HW

HW HW HW

HW HW

HW HW

HW HW HW

HW HW

HW

HW

38

The Internal Cloud: what did it take

Requirement
Overprovisioning Support SLA Power management Ethernet networks controlled by network admin

Product/technology
VMotion & storage VMotion Distr. Resource Scheduling (DRS) Distr. Power Management (DPM) vNetwork Distributed Switch

Add and remove capacity on demand

Tolerate
Server Failures Datacenter failures

VMware High Availability (HA)

Fault Tolerance (FT) Site Recovery Manager (SRM) Update Manager VMware Consolidated Backup Lifecycle manager Orchestrator Lab Manager/Stage Manager vApps Virtual Appliance Marketplace (VAM) Open Virtualization Format (OVF)

Automation Support multi-tiered appliances

Authoring multi-tiered applications

Support/drive standards Security Support for desktop

VMware studio
VMsafe vShield Zones VMware View 3
39

Where we are going

Provide SW so that anyone can easily create cloud Supports all applications Can scale up to large deployments Secure multi-tenancy Controlled programmatically through standard interfaces
enabling :

Org 2 Org 1 Company Compan Access Control Access Control Message B yDB service A Self Service UI
Users Users

vDC

Service

vDC

Alloca tion

Alloc ation

Automation from system administrators self service UIs, VMs that implement IaaS, PaaS, SaaS Let the world innovate on implementing DB service,
content distribution service, blob storage service, messaging service

vSphere Client Java, Ruby,

Plug-in

New vCloud API

Technologies vSphere

Enable broad ecosystem of partners, competitors and

researchers:

Can replace any part of the service. Can replace the entire implementation under the API Federation between multiple sites and multiple clouds.

40

40

Key Challenges

Problems with our existing technology:

Core abstractions exposed physical as well as virtual Need to support multi-tenancy Scaling up to 10000 hosts & 100K VMs fundamentally different

Challenges with our approach:

Need to scale down

Need to enable partner ecosystem:

Need to release SW to others to install, configure Need to enable others to innovate. No one circumscribed approach.

41

Overview
1. 2. 3. 4.
What is cloud computing VMware vCloud abstractions VMware vCloud implementation challenges

Research opportunities

42

Confidential

vApp: The application of the cloud

An uplifting of a virtualized workload
VM = Virtualized Hardware Box App = Virtualized Software Solution

Takes the benefits of virtualization: encapsulation, isolation and mobility higher up the stack 1. Product: eCommerce

Policies

Properties:
Comprised of one or more VMs
(may be multi-tier applications)

2.

Topology

3.
4. 5. 6. 7.

Resources Req: CPU, Mem, Disk, Bandwidth

Only port 80 is used DR RPO: 1 hour VRM: Encrypt w/ SHA-1 Decommission in 2 month
Websphere
Exchange

Encapsulates requirements on the

deployment environment

Distributed as an OVF package

Tomcat

Built by:
ISVs / Virtual Appliance Vendors IT administrators SI/VARs
SAP

43

vDC: vApp Deployment Environment

vDC
vApp vApp

Type of Commodity
Compute, Storage and Network
SLAs

Quantity
MB of RAM, MHz of CPU, GB
foo bar (isolated)

of Storage
VDCNet (fenced)

Scope for Over-provisioning Other features

L2 Networks Persistent vApps

Trust Network DMZ Network

44

Resource Allocation / Charging Models

Charge based on resource consumption

True utility model that enabled only by VMware virtualization
technology. Plans: pre-reserved resources + burst margin.

Charge based on vApp size

Comparable to existing (non-virtualized) models. Plans: pre-allocated, allocate-as-you-go

45

Org: Unit of multi-tenancy

Multi Tenancy Organization 1 Organization 2

46

All together: Orgs, vDCs, vApps and Networks

Organization 1

vDC
vDC vApp
Storage

vDC
Resource Pool

47

The vCloud API

Pure virtual Simple to use Simple to implement

Standardizable
Extensible Secure Scalable Supports legacy applications and enterprise users

48

Simple Example: Power On

Request
POST https://vcloud.example.com/vapp/413/power/action/powerOn

49

Simple Example: Power On

Request
POST https://vcloud.example.com/vapp/413/power/action/powerOn

50

Simple Example: Power On

Response
202 Accepted <?xml version="1.0" encoding="UTF-8"?> <Task href="https://vcloud.example.com/task/389"

type="application/vnd.vmware.vcloud.task+xml"
startTime="2009-7-31T09:30:47Z" status="running" ...> <Link rel="task:cancel href="htt.../task/389/action/cancel"/> <Owner href="https://vcloud.example.com/vapp/413" type="application/vnd.vmware.vcloud.vapp+xml name="My vApp"/> </Task>

51

Simple Example: Look at a vApp

Request

GET https://vcloud.example.com/vapp/413 Content-type: vnd.vmware.cloud.vapp+xml

52

Simple Example: Look at a vApp

Request

GET https://vcloud.example.com/vapp/413 Content-type: vnd.vmware.cloud.vapp+xml

53

Simple Example: Look at a vApp

Response

<VApp name="My vApp" status="1" href="https://vcloud.example.com/vapp/413" ...> <Link rel="up" href= "https://vcloud.example.com/vdc/128"/> <NetworkSection>...</NetworkSection> <ovf:OperatingSystemSection ...> <Link rel="edit" href="http..." ... />

<Description>Microsoft Windows Server 2003</Description>

</ovf:OperatingSystemSection> <ovf:VirtualHardwareSection ovf:transport="iso"> <Link rel="edit" href="http..." ... /> <Item></Item> </ovf:VirtualHardwareSection> </VApp>

54

Entity Model

UML Notation:
whole-part relationship part is exclusively owned by whole

UML Notation: UML Notation: One-way association

group-member relationship
member maybe shared between groups

55

Entity Model

56

Entity Model

UML Notation: general-specific relationship

57

Entity Model

58

List of Operations
vApp Operations
POST <vapp-uri>/action/{deploy, undeploy} POST <vapp-uri>/power/action/{powerOn, powerOff} POST <vapp-uri>/power/action/{reset, suspend} POST <vapp-uri>/power/action/{shutdown, reboot} GET <vapp-uri>/screen POST <vapp-uri>/screen/action/acquireTicket

Upload/Download/Provisioning Operations
POST <vdc-uri>/action/composeVApp POST <vdcuri>/action/instantiateVAppTemplate POST <vdc-uri>/action/instantiateOvf POST <vdc-uri>/action/annotate POST <vdc-uri>/action/uploadVAppTemplate POST <vdc-uri>/media PUT <upload-uri> GET <download-uri> DELETE <resourceEntity-uri>

vApp Configuration Operations

POST <vapp-parent-element-uri> DELETE <vapp-element-uri> PUT <vapp-element-uri>

Task Management
GET <tasks-list-uri> GET <task-uri> POST <task-uri>/action/cancel

Inventory Listing
GET <vapp-uri> GET <vdc-uri> GET <vAppTemplate-uri> GET <media-uri> GET <network-uri>

Catalog Management
GET <catalog-uri> POST <catalog-uri>/catalogItems

59

Mapping of Abstractions
New Layer above vSphere
vDC

New Technologies
Provider vDC
vSphere

Support new abstractions

Support vCloud API

Portgroup

vSphere

Resource Pool Datastore

Scalability Security

Physical

Physical Infrastructure
VLAN Host SAN

Provider vDC: Compute resources and Storage vDC: allocation out of provider vDC given to Org: Sub-allocation of storage and compute Networks

60

Overview
1. 2. 3. 4.
What is cloud computing VMware vCloud abstractions VMware vCloud implementation challenges

Research opportunities

61

Architecture Overview

UI

API

VMRC

Image Transfer

HTTPS

HTTPS

HTTPS

HTTPS
Firewall

webapp servlet

Rest API Dispatcher

Console Proxy

Transfer Service

Presentation Layer Core

cell

VC Proxy

Inventory

Task Mgr
cell

62

Architecture Overview

UI

API

VMRC

Image Transfer

Firewall

Load Balancer cell cell

Core (UI/API)

cellcell

cell

cell cell

cell cell
Console Proxy

cell cell cell

Image Transfer

cell

63

Architecture Overview

UI

API

VMRC

Image Transfer

Firewall

Load Balancer

cell

cell

cell

cell
Database

Message Bus

Database can be clustered

Message Bus is used for cell communications

64

Architecture Overview

UI

API

VMRC

Image Transfer

Firewall

Load Balancer

cell

cell

cell

cell
Database

Message Bus

additional can for pick up the role If aSome cells haveOperationsroles,be handled by any cell and to run task scheduler cell with special role dies, other cellsexample monitoring (some performance gain can be achieved by directing same session to same cell)
65

Architecture Overview

UI

API

VMRC

Image Transfer

Firewall

Load Balancer

cell

cell
Database

Message Bus

When a cell is added a load balancing of special roles can happen

66

Substrate
UI API VMRC Img xfer

Firewall

Load Balancer

cell
Substrate

cell

cell

cell
Database

Some operations call ESXi directly

ESXi

VC

Any cellOnly make a VIM call can one cell listening for updates for a VC keeps open connection
ESXi

ESXi

67

Substrate Multiple VC Support

UI API VMRC Img xfer

Firewall

Load Balancer

cell

cell

cell

cell
Database

Can support Multiple VCs

VC

VC

ESXi

ESXi

ESXi

ESXi

ESXi

ESXi

68

System Security

UI

Enable secure usage across the public Internet

Console Proxy Shields direct access to ESX hosts. Secure Upload and Download Secure channel for transfer (SSL).
VMRC Proxy

Public Internet

cell

Image Transfer

Uploaded image can be scanned for vulnerabilities. Custom moderation process can be configured to inspect images prior to addition into the system.

Storage

VC and ESX

69

In general: Shield the substrate with a Middle tier

Middle Tier
Outer Firewall Inner Firewall vCloud Client

vCloud Substrate

ESX VC ESX

vCloud Client

target identification

Cell
LB

Connections carry

ESX

vCloud

Cell

VC

ESX

Client

ESX
Port 443 Ports 902, 903

70

Image Transfer

Client

Embeddable client to allow users to upload vApps (OVF) and media (iso, flp) into cloud. Supports chunked resumable uploads

Steps:

vCloud cell
vDC service Transfer Server

Client posts OVF envelope to vDC

Routed to vDC service, authenticated and authorized. vDC service validates the OVF & creates objects in DB. The to-be-uploaded image is now visible in the cloud, but shows up as unresolved.

Transfer session

Message Bus

Client PUTs file chunks: Transfer server writes to spooling FS On File complete posts message on bus After last file, vDC service: Validates OVF

vSphere Datastore

Spooling FS

Copies files to datastore

Updates the state of the user-visible object to resolved.

71

Image Transfer
All state in DB to handle failures in cell OVF validated at multiple points Upload of completes before sending bits to Datastore

Client

vCloud cell

vDC service

Transfer Server

Transfer session

Message Bus

vSphere Datastore

Spooling FS

72

Overview
1. 2. 3. 4.
What is cloud computing VMware vCloud abstractions VMware vCloud implementation challenges

Research opportunities

73

Example: Implementation/enhancing cloud SW

Automation at scale Componementalized architecture:
third party innovation out of cycle release of function

Security: detection, not trusting service provider, ... Rest API: versioning, efficiency, client interoperability, enabling
ecosystem

74

Example: replace the OS

Our general purpose OSes are a compromise
between: An execution environment for running device
drivers. An execution environment for running complex general-purpose applications. An execution environment for portable applications and services with few OS needs.

applications
75

General Purpose Operating System

General

Simple
Portable Apps & services

The general application support has gotten

enormously complicated. They are enormously difficult to customize to support new workloads, or to exploit new specialized HW. Massive investment to support all the different OSes, e.g., validation in application, device driver development Come with substantial management overhead.

Windows

Linux

Solaris

MacOS

DD execution

DD execution DD execution Hypervisor

DD execution

76

Windows

Linux

Solaris Hypervisor

MacOS

DD execution

DD execution

DD execution

DD execution

77

Java App

Storage

Appliance

HPC App

Security SVC

Hypervisor

Applications with reduced needs can be moved off of general purpose OS. Application OS can be a reduced OS, or a highly customized library OS: more easily exploit new HW, massive multi-core, extra blades Java applications require restricted interfaces, native code that invokes OS services can be shipped to legacy environment. Cluster services require highly deterministic real-time environment. HPC applications require specialized services (e.g., scheduling & memory management) Security services can be implemented with a reduced TCB

78

Research in OS development

Scalable deployment for HPC. Communication protocol. Developing library OS that is re-usable. Scalability for massive multi-core. Migration to and from generic OS.
Real time Scalability

Control of TLB for managed code Code and file system sharing Examples: Managed Code (Libra IBM, Liquid VM BEA,
Maxine VM SUN), HEC/HPC (UNM/Sandia, Cambridge) Games (Sony PS3), Denali from UofWashington

79

Example: Fungible computing

Virtualization lets us move anything anywhere, but your mileage

may vary: Cost may be very different Performance may be very different. Cost to the SP may be very different

What metrics can be collected presented to user? How do we characterize application? How do we characterize physical capacity?

80

Example: Grid/batch

New scheduler for grid/batch tasks New scheduler for data intensive supercomputing: e.g., Hadoop Fork task across 100s of nodes: e.g. SnowFlock from UofToronto

Special purpose OS?

81

Example: Federation between clouds

Exploiting long tail for data deduplication Encryption/security for data Trading floor/futures market for capacity

Move VMs near users

82

Example: Augmented desktop

When your desktop is in the cloud, what changes? Disaster recovery Being a system admin for your mom.

Moving from cloud provider to cloud provider.

Fusion on steroids.

83

Example: Enhanced infrastructure

Architecture can evolve without OS stifling innovation Implicitly managed storage hierarchy Scale out storage

Level 2 versus Level 3 networking

Networking services: FW, loadbalancer, VPN,

84

Concluding Remarks

Cloud computing is going to be transformative to our industry Lots of changes needed before enterprise adopts Lots of new research opportunities

Vendor lock in will damage innovation and kill the research community

Beneath all these clouds, we need utility computing Open source vCloud API (www.vmware.com/go/vcloudapi)

85