Proactive Infrastructure: The Ninja Service Platform David Culler Eric Brewer, Anthony Joseph & Randy Katz UC Berkeley ninja.cs.berkeley.edu

Moving Away from the ‘average’ Device Scalable, Available Internet Services - millions of clients - always up Infomation appliances Client Server

How do we get arbitrarily powerful, personalized services on arbitrarily small devices anywhere? Harness the intelligence in the infrastructureHarness the intelligence in the infrastructure –adapt (distill) content to specific device and context –increasingly diverse population Connectivity!Connectivity! Laptops, Desktops Devices

Imagine You walk into a roomYou walk into a room You have complete, secure, optimized access to local devices and your private resources Your PDA connects to the local infrastructure and asks it to build a custom GUIYour PDA connects to the local infrastructure and asks it to build a custom GUI Next, your PDA asks the infrastructure for a path out to your personal information space, where agents are processing your , v-mail, faxes, and pagesNext, your PDA asks the infrastructure for a path out to your personal information space, where agents are processing your , v-mail, faxes, and pages

How do we enabled distributed innovation on Scalable, Available Services? Servers Clients Servers Infrastructure Services Open => Push services into an Active infrastructure

Ninja Project Goals Enable a service-centric worldEnable a service-centric world –Move applications into the core of the network Robust infrastructure for services:Robust infrastructure for services: –Scalable, highly available, and persistent –Customizable: enable personal preferences (and code!) –Support a wide-range of devices: pagers to PCs –Easy to author Universal framework for constructing and deploying servicesUniversal framework for constructing and deploying services –Programming model and execution environment for scalable services –Authentication and pay-per-use services –Automatic discovery, composition and use of sub-services

Bases (1M’s)Bases (1M’s) –scalable, highly available –persistent state (safe) –databases, agents –“home” base per user –service programming environment Wide-Area Path Active Proxies (100M’s)Active Proxies (100M’s) –not packet routers –bootstrap thin devices into infrastructure –soft-state and well-connected Units (1B’s)Units (1B’s) –sensors / actuators –PDAs / smartphones / PCs –heterogeneous –Minimal functionality: “Smart Clients” A Structured Architecture Approach

What is a Service? ServiceService –Highly available program (or cooperating programs) fixed interface at a fixed location (lives in the infrastructure) guarantees about performance, availability, consistency –Strongly typed interface Multiple services of a given type compete Compete on location, price, robustness, “quality”, brand name Service Discovery Service (SDS)Service Discovery Service (SDS) –Find “best” service of given type current approach based on weighted statistical matching –Construct a “path” from client to service

Ex: Personal Information Management Voice Mail store Laptop (VAT) Univ-Inbox Service store Directory Server 1 AP 1 AP 2 AP 3 AP 4 GSM AP 5 IP Core Network PSTN Directory Server n Users (will) have lots of (new) end devices Each device has its own address, capabilities, etc. Universal Inbox gives users control over how info reaches them Transcoders adapt content to end device

Example: Ninja Jukebox CD “ripper” service CDDB service iSpace Fetches track/title & artist information from an online DB. 1 iSpace Music Directory service HTTPd service Pushes an index of locally available songs to the master directory. 2 WWW Browser Web page with song playlists 3.au/.mp3 player Music stream (.au or.mp3) 4

Example: Millennium Cluster Large-Scale Campus-wide TestbedLarge-Scale Campus-wide Testbed Management by ServicesManagement by Services –push monitoring service into nodes –clusterview service logs, aggregates, manages Resource allocation by market servicesResource allocation by market services –banks, brokers, merchants Cell Phones PDAs Future Devices Wireless Desktop PCs Servers Clusters Massive Cluster Gigabit Ethernet

Why Open Infrastructure Services? DATEK (Trust Contract) Trusted Client https

Embedded Untrusted Interface? Key Store DATEK (Trust Contract) Trusted Client https Content Filter (pseudonym) sRMI NINJA Infrastructure Services Embeded Untrusted Client https

One Time Passwd to pseudo-service Cannot increasing the security of the channel so decrease the value of the content.Cannot increasing the security of the channel so decrease the value of the content.

Constrained Personal Device & Untrusted Gateway Key Store DATEK (Trust Contract) Trusted Client Content Filter (pseudonym) https Embeded Untrusted Client https sRMI Personal Appl CF NINJA GWY RMI PXY ST

Example: Minimal Trader Shared secret between user and keystoreShared secret between user and keystore keystore maps to service identity / authenticationkeystore maps to service identity / authentication Content filter transcodes to very concise info to pilotContent filter transcodes to very concise info to pilot

Uniform Access to Diverse Services Key Store RMI PXY DATEK (Trust Contract) Trusted Client Content Filter (pseudonym) https Embeded Untrusted Client https sRMI Personal Appl GWY CF NINJA Trade-R-us ST

Automated “Clients”,... Key Store RMI PXY DATEK (Trust Contract) Trusted Client Content Filter (pseudonym) https Embeded Untrusted Client https sRMI Personal Appl GWY CF NINJA Trade-R-us BOT svc ST

Requirements Utility: scalable, highly available, reliableUtility: scalable, highly available, reliable Support for persistent dataSupport for persistent data Support for streams, not just RPCSupport for streams, not just RPC Support for automatic data transformationSupport for automatic data transformation Support for fine-grain authentication and paymentSupport for fine-grain authentication and payment  Provide support in the Ninja platform  Compose services upon it

Ninja Platform Architecture BaseBase Active ProxyActive Proxy UnitsUnits PathsPaths Service DiscoveryService Discovery

Base A physical, administrative, and logical boundaryA physical, administrative, and logical boundary –a collection of machines geographically co-located –administrative guarantees: no network partitions (!), constant power supply, trust within the Base Base platform simplifies authoring of servicesBase platform simplifies authoring of services –cluster primitives task execution, naming, and monitoring load balancing, failure detection, and restart –persistent data primitives and guarantees distributed, available data structures Hides service implementation from rest of worldHides service implementation from rest of world –granularity of services is at cluster level, not node level

Base Implementation iSpace: the building block of a BaseiSpace: the building block of a Base –receptive execution environment –intra-Base primitives (stub generation, persistent data repository, etc.) Multispace: cluster-wide naming and resource mgmtMultispace: cluster-wide naming and resource mgmt iSpace SAN Multispace cluster iSpace

JVM provides code mobility and service upload capability, plus strong typing of service interfaces. Added distributed hash table API (think Linda space) to JRE. Ground up re-implementation of Sun RMI. Includes authenticated, secure RMI, multicast RMI, and soon, AM- RMI and VIA-RMI. Name service, RMI stub registry, and service control API: LoadService (URL) interf.[ ]=ListServices stub=GetService(name) KillService(name) KillService semantics unclear… objects vs threads? Sandbox that contains untrusted, uploaded services. Currently just the JRE’s standard appletSecurityMgr Service is an interface, plus objects that implement that interface. Trusted Services Ninja RMI iSpace Execution Environment JVM + persistent store APIs Security Mgr Loader Untrusted Services iSpace

Multispace iSpace Multispace services Multispace Loader RMI “Redirector Stubs” assembledRMI “Redirector Stubs” assembled –run-time compiled RMI superstub –contains all of a service’s instance’s stubs –stub selection policy fail-over, broadcast, multicast, fork, etc. –currently, idempotency and atomicity required of service instances Services names are at the granularity of the entire cluster, not individual nodes.

Distributed Data Structures Solve the state management problem once and provide high-level abstractions to service authorsSolve the state management problem once and provide high-level abstractions to service authors –Hypothesis: given a set of highly-available, scalable, persistent data structures, persistent BASE services will be much easier to construct Example data structures:Example data structures: Log –append/truncate-only Log system logging, generational mailstore, undo/redo logs, etc. –Hash table web cache, search index/data, mint accounts, etc. consistent, persistent, and highly available –Tree / Trie / Treap

Fast Communication and I/O in Java Scalable Ninja services need full capabilities of Base devicesScalable Ninja services need full capabilities of Base devices –fast SAN, IO rivers JNI overhead too largeJNI overhead too large –can violate type safety –chokes JVM JDI by JIT interpositioningJDI by JIT interpositioning –intelligent devices reflected as Java objects –JIT interprets operations on devices –data buffers bypass JVM –ex: Java AM over VIA on Myrinet Streaming data JVM Node HW/OS Fast Devices JNI Scalable Service

Active Proxy Local execution environment (interchangeable)Local execution environment (interchangeable) No support for persistent data (soft state)No support for persistent data (soft state) Runs an iSpace but not a MultiSpaceRuns an iSpace but not a MultiSpace Bootstraps small devices into the infrastructureBootstraps small devices into the infrastructure –could run Jini or other local discovery mechanisms –could be in a home or basestation –performs resource discovery and path creation for the device –typically well connected (while device is not)

Wide-Area Paths Path is a first-class entityPath is a first-class entity Explicit or automatic creationExplicit or automatic creation Can change dynamicallyCan change dynamically –change path or its operators Unit of authentication -- delegate along the pathUnit of authentication -- delegate along the path Unit of local resource allocationUnit of local resource allocation –bandwidth, cycles, etc.

Operators/Connectors Operators: –transformation –aggregation –agents –wrappers for legacy servers –application and transport levelConnectors: –abstract wires –ADUs –varying semantics –uni/multicast –includes AN components Interfaces: –Set of methods –Currently in Java w/ XML spec –Goal: inherit COM objects –Strong types enable automated connection

Automatic Path Creation After resource discovery –we know the source & sink –next we must create a path between them 1) Find logical path of operators –path must type check 2) Place operators on bases/APs –some operators have affinity; place them first –some operators may be Active Networks components 3) Add connectors as needed

Status Several services running all the timeSeveral services running all the time Release 1.0 now availableRelease 1.0 now available –contact info: ninja.cs.berkeley.edu –Includes: NinjaRMI, including authentication iSpace/MultiSpace infrastructure SDS (soon) Several example services, including Ninja Jukebox Active current focus:Active current focus: –driving applications: , group calendar, PDA svcs –service discovery & path creation –Java I/O and fast communication –cluster-wide data structures

Existing Applications Ninja "NOW Jukebox"Ninja "NOW Jukebox" –Harnesses Berkeley Network of Workstations –Plays real-time MPEG-3 audio served from 110+ CD's worth of music Voice-enabled room controlVoice-enabled room control –Speech-to-text Operators control room services (camera, lights, microphone) –Integration with GSM cell phones and PDA-based UI (soon) Stock Trading ServiceStock Trading Service –Accesses real-time stock data from Internet –Programmatic interface to buy/sell/trade stocks through online brokerage NinjaFAXNinjaFAX –Programmable remotely-accessed FAX machine service –Send/receive FAXes; authentication used for access control Keiretsu: The Ninja Pager ServiceKeiretsu: The Ninja Pager Service –Provides instant messaging service via Web, 1/2-way pagers, WorkPads, etc.

Coming Applications Universal InboxUniversal Inbox – , FAX, pager, voic accessible anywhere –persistent data (yes we will use it!) Infrastructure-based group calendarInfrastructure-based group calendar –handles both web and PDA access –supports disconnected operation Universal RemoteUniversal Remote –multiple-UI control of household/room devices –automatic UI generation Ecash MintEcash Mint –Authenticated service to act as digital secure cash mint –Enable real pay-per-use services (e.g. Coke machine)

Ninja Requirements Summary Utility: scalable, highly available, reliableUtility: scalable, highly available, reliable –Base, MultiSpace, Smart Client, NinjaRMI, and mobile code –Architecture for easy development/deployment of services Support for persistent dataSupport for persistent data –Base and persistent hash tables Support for streams, not just RPCSupport for streams, not just RPC –Operators and wide-area paths Support for automatic data transformationSupport for automatic data transformation –Wide-area paths: Strong typing & Automatic Path Creation –Span spectrum of end-user devices dynamically Support for fine-grain authentication and paymentSupport for fine-grain authentication and payment –Authenticated and pay-per-use services

Thoughts Strong typing, mobile code, & type safety are fundamental in designing, developing, and using the next generation infrastructureStrong typing, mobile code, & type safety are fundamental in designing, developing, and using the next generation infrastructure Service Composition is the next level of ProgrammingService Composition is the next level of Programming

To Read More The MultiSpace: an Evolutionary Platform for Infrastructural Services, S. Gribble, Welsh, Brewer, and Culler Usenix Annual Technical Conference.The MultiSpace: an Evolutionary Platform for Infrastructural Services, S. Gribble, Welsh, Brewer, and Culler Usenix Annual Technical Conference. An Architecture for a Secure Service Discovery Service, Czerwinski, Zhao, Hodes, Joseph, and Katz., MobiCom '99An Architecture for a Secure Service Discovery Service, Czerwinski, Zhao, Hodes, Joseph, and Katz., MobiCom '99