GWDG-Cloud: Aspects to discuss

noiseboliviaΑσφάλεια

5 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

51 εμφανίσεις

GWDG
-
Cloud:
Aspects to
discuss

Virtual machine
s


Aspect:

Selection of VM base

images

Alternatives:

Constrained:

-

O
nly a fixed set
is
available for selection for users (
e.g.
“Ubuntu 11.10
”, “
剈EL‶.1
”, “
佰O湓畳攠u1.2
”)

-


T
his model is used by Amazon, Rack
s
pace, etc.

low

Free:

User can upload their own VM images

high

Influence

on
:

Contextualisation, Web
-
Interface

Comment:



Aspect:

Support for snapshots

Alternatives:

No

none

Yes

medium

Influence

on
:

Web
-
Interface,
private
storage provisioning

Comment:

Not for the first version


Aspect:

VM access for users

Alternatives:

SSH with passwords

low

SSH with keys

low

VNC with TLS

low

Influence

on
:


Comment:

VNC


Aspect:

Resource sharing

model for compute resources (host level)

Alternatives:

Default
: the linux scheduler treats every VM process as any
other process
:

-

B
est
-
effort scheduling: no guarantees, no limits

-

N
o way to define exact CPU usage boundaries for a VM

none

Per VM CPU usage isolation

(e.g. via cgroups):

-

F
ine granular control of
CPU u
sage

for a VM possible

medium

Influence

on
:

Web
-
Interface, h
ost setup

Comment:

High prio
rity

after initial version


Aspect:

Update
s

of VM specification
s

(e.g. RAM
, cores, …)

Alternatives:

Not supported

none

Offline update
s

medium
/ high

Online

updates

(restricted to supported features of the
hypervisor)

m
edium
/ high

Influence

on
:

Web
-
Interface, h
ost setup

Comment:

Offline updates



Aspect:

Backup of VMs

Alternatives:

None

(users have to setup their own backup, e.g. TSM)

none

Preconfigured
, file based
,

intra VM TSM backup

low

External image based backup

medium

Influence

on
:

Contextualisation, s
torage setup

Comment:

User triggered offline image backup

by cloning /
snapshots;

no
VM
based TSM integration
for now


Aspect:

Support for Windows VMs

Alternatives:

None

none

Provide support

medium

Influence on:

Contextualisation,
storage provisioning,
host setup

Comment:

yes


Network


Aspect:

Network isolation

Alternatives:

No
:

-

U
ser
s

can run e.g. tcpdump and see the network traffic
of other VMs running on the same host

none

Yes
:

-

T
raffic of every VM is isolated

medium

Influence

on
:

Network setup

Comment:

yes


Aspect:

Network model(s)

Alternatives:

Flat with public IPs
:

-

VMs get
IPs from one public network

-

I
nbound / outbound access from / to

the internet


-

D
oes not scale (limited amount of public IPs
, size of
network limited due to broadcasts, etc.
)

low

Private LAN for each VM (e.g. 192.168.1.x)
:

-

Outbound access to internet

-

I
nbound access only possible through port forwarding
(meaning standard ports for services can not be used)

-

LAN connectivity limited to
the
host

the VM runs on

-

S
cales

l
ow /
(
mediu
m
)

Network virtualization through GRE
-
tunnels or VXLAN
:

-

= Sot
A / future of ne
twork models for
IaaS
clouds

-

P
rivate LANs can be defined for groups of VMs
distributed over multiple hosts

-

V
ery fine granular
and dynamic
control of networks
aspects (connectivity, bandwith, QoS, etc.)

-

Very fine granular monitoring of network

-

S
cales

high

Influence

on
:

Web
-
Interface, network setup

Comment:

Public

IP
s +

private
IPs
with port configuration (firewall + frontend)
,
VLAN access


Aspect:

DNS integration

Alternatives:

None

none

Provide support

low

Influence on:

Web
-
Interface, network setup

Comment:

Static

DNS


Storage


Aspect:

Private storage provisioning for VMs

Alternatives:

Image based
:

-

E
nlarge
existing
backing image / provision new image
file and make it available as block device inside the
VM (e.g. /dev/sdb)

-

N
o usage limits (e.g.
file

locking, extended attributes,
etc. work as expected
)

-

VM base image and additional storage can be treated
the same way

-

U
sed by all IaaS providers (Amazon, Rackspace,
CloudSigma,…)

l
潷 
浥m極i

Direct
VM
attached network / cluster file systems (NFS /
GlusterFS…)
:

-

Need to setup shares,
q
uotas, ACLs,
etc.

-

D
ependent on
a
working network configuration inside
the VM

-

U
sage limits (e.g. file locking problems for NFS)

-

C
an be treated the same as the shared storage case

medium

Influence:

Web
-
Interface, Host set
up, Contextualisation

Comment:

Initially s
tatic,
direct attached; later
file based unified storage (cifs / nfs)


Aspect:

Shared storage provisioning for VMs

Alternatives:

Not supported

none

NFS:

-

F
amiliar to a lot of users

-

C
omparatively easy to setup

-

S
ome usage limits (file locking, etc.)

-

Scaling problems

(without dedicated hardware)


medium

GlusterFS:

-

C
omparatively easy to setup

-

S
cales


medium

Influence

on
:

Host setup
, storage setup
, Contextualisation

Comment:



Web
-
Interface



Aspect:

Web
-
Interface authentication mechanisms

Alternatives:

Custom:


-

U
se own DB

medium

LDAP:

-

I
ntegrate with GWDG LDAP

low

Shibboleth:


-

I
ntegrate with MPG/NDS AAI

medium

Influence

on
:

Web
-
Interface

Comment:




Aspect:

Web
-
Interface integration with
portal (Liferay)

Alternatives:

IFrame based integration:

-

W
orks with any web technology used

-

N
o deep integration / workarounds must be used
(single sign in / off, access to user data in Liferay, look
and feel, management, …)

浥m極i

Use same web
technology as is used for the other portlets

(Portlet

+ JSF + JPA on Tomcat)

low

Try to use current technol
ogy choice (Grails) as Liferay p
ortlet

low
-

impossi
ble

Influence

on
:

Web
-
Interface

Comment: