1 / 11

Virtual Workspaces

Virtual Workspaces. Kate Keahey keahey@mcs.anl.gov Argonne National Laboratory. Need a way to configure remote nodes effortlessly, dynamically, flexibly Need to be able to enforce positive and negative resource usage. Why do we need virtual workspaces?. Virtual Workspaces. Grid client

hawa
Download Presentation

Virtual Workspaces

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Workspaces Kate Keahey keahey@mcs.anl.gov Argonne National Laboratory

  2. Need a way to configure remote nodes effortlessly, dynamically, flexibly Need to be able to enforce positive and negative resource usage Why do we need virtual workspaces? Kate Keahey

  3. Virtual Workspaces Grid client Interface Grid clients Execution state Virtual Workspace Software and file configuration state Protection environment Grid Middleware Interface Grid middleware interface Virtual resource configuration • Define interfaces and explore a variety of implementations • Virtual machines are a particularly promising technology Kate Keahey

  4. request use existing VW deploy & suspend Architecture VW Factory create new VW VW EPR Create VW VW Repository inspect and manage Client Resource VW Manager VW start program Implemented based on Globus, tested with bioinformatics applications Tim Freeman, Daniel Galron, SC04 poster Kate Keahey

  5. VMs as VWs: the good • Configurability • Allow full stack customization: choose OS, 32 on 64-bit, libraries… • Enhanced security • Primarily better isolation, but also audit forensics, etc. • Managing state • Freezing computation allows migration, suspend and resume operations, etc. • State management/replication tool • Customize once and copy • Potential as distribution tool • Good enforcement potential Kate Keahey

  6. VMs as VWs: the (not so) bad • Overhead from application perspective • Depends on application, VM implementation • In practice very promising • No access to specialized hardware • Simply needs more work • Resource usage overhead • Depends on implementation • Sharing issues and policies • How do we share between VMs • Software maturity Kate Keahey

  7. VMs and Security: the Good • Protecting users from users • As good as it gets • Protecting resource from a VM • Strong sandboxing • potential for policy-driven resource consumption enforcement • Protecting VM from the resource • Trusted computing: root secure trusted VMMs and attestation: even platform owner cannot break privacy and isolation guarantees • Needs help from hardware • Pretty close to as good as it gets Kate Keahey

  8. VMs and Security: the Challenging • Protecting the VM from the world • VMs are only as secure as the software they run • Who maintains all those VMs? Local administrators would have to maintain too many images… • Protecting the world from the VM • Issue 1: one could use one’s privileges as root on a VM (for example to generate harmful network traffic) • Issue 2: no control over software running on VM means potential vulnerabilities could be exploited (also see above) • Although audit works great by the time the damage is done and it is too late! Kate Keahey

  9. Potential Solutions • VO could do VM certification • Maintenance by the VO makes more sense • Does a VO have enough of a stake in this process? • Ultimately it is the platform owner who is to blame… • Detect when something goes wrong • Hard: traffic of a parallel application can look surprisingly like a denial of service attack! • IDS isolated from the VM: loss of privacy to the user • VO administrator (as well as resource owner) should have the right to stop a suspicious VM • Restricting network traffic • For example: traffic allowed only to VO-owned nodes • Is questionable because the idea is to limit “them”, not us Kate Keahey

  10. Grid Security with VMs • How does a VM authenticate itself? • Can’t put a private key anywhere on the image • Can be compromised • Part of the platform? • Signed and re-signed by a trusted source? • How can we integrate attestation into Grid computing seamlessly? • We need to allow for a mix of technologies Kate Keahey

  11. Conclusions • We need virtual workspaces for Grid computing • Although we need to be able to rely on a mix of technologies VMs are a particularly promising technology to use in Grid computing for security reasons and otherwise • A growing role for the VO • VO might take on additional responsibilities • Administers and maintains VMs, certification authority, could potentially stop suspect VMs, is to blame if something happens… • Should the VO be a legal entity? • Would all this be healthy for a VO? • Do VOs have the resources to do that? • What are the trade-offs and a healthy balance? • Mechanisms for secure, efficient sharing between VOs • Via Grid tools? • Holy Grail • Can we use these new capabilities for Grid computing? Do we need the increased trust? Kate Keahey

More Related