Emulab Federation Preliminary Design Robert Ricci with Jay Lepreau, Leigh Stoller, Mike Hibler University of Utah USC/ISI Federation Workshop December.

Slides:

Advertisements

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Advertisements

BARNALI CHAKRABARTY. What is an Operating System ?

PlanetLab: An Overlay Testbed for Broad-Coverage Services Bavier, Bowman, Chun, Culler, Peterson, Roscoe, Wawrzoniak Presented by Jason Waddle.

COS 461 Fall 1997 Network Objects u first good implementation: DEC SRC Network Objects for Modula-3 u recent implementation: Java RMI (Remote Method Invocation)

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

PlanetLab Operating System support* *a work in progress.

Serverless Network File Systems. Network File Systems Allow sharing among independent file systems in a transparent manner Mounting a remote directory.

Module 5: Configuring Access for Remote Clients and Networks.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Emulab.net: An Emulation Testbed for Networks and Distributed Systems Jay Lepreau and many others University of Utah Intel IXA University Workshop June.

1 Emulab Security. 2 Current Security Model Threat model: No malicious authenticated users, Bad Guys are all “outside” –Protect against accidents on the.

1 Federation of Emulabs and Relevant New Development Jay Lepreau with Rob Ricci, Mike Hibler, Leigh Stoller University of Utah USC/ISI Federation Workshop.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

1 Fast, Scalable Disk Imaging with Frisbee University of Utah Mike Hibler, Leigh Stoller, Jay Lepreau, Robert Ricci, Chad Barb.

Integrated Scientific Workflow Management for the Emulab Network Testbed Eric Eide, Leigh Stoller, Tim Stack, Juliana Freire, and Jay Lepreau and Jay Lepreau.

1 Implementing the Emulab-PlanetLab Portal: Experiences and Lessons Learned Kirk Webb Mike Hibler Robert Ricci Austin Clements Jay Lepreau University of.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.

The StarNet Analyzer. Contact SNA Department x172

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

1 A Large-Scale Network and Distributed Systems Testbed Jay Lepreau Chris Alfeld David Andersen (MIT) Kristin Wright University of Utah

Using the jFed tool to experiment from zero to hero Brecht Vermeulen FGRE, July 7 th, 2015.

Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.

Bootstrap and Autoconfiguration (DHCP)

Network Layer (3). Node lookup in p2p networks Section in the textbook. In a p2p network, each node may provide some kind of service for other.

Presentation on Osi & TCP/IP MODEL

INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.

Using the jFed tool to experiment from zero to hero Brecht Vermeulen Thijs Walcarius GEC 22, March 24 th, 2015.

Module 1: Installing and Upgrading to Exchange Server 2003.

0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

TeraPaths TeraPaths: establishing end-to-end QoS paths - the user perspective Presented by Presented by Dimitrios Katramatos, BNL Dimitrios Katramatos,

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

Federation Strategy Robert Ricci GENI-FIRE Workshop September 2015.

1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.

GEC5 Security Summary Stephen Schwab Cobham Analytical Services July 21, 2009.

A Federation Architecture for DETER Ted Faber, John Wroclawski, Kevin Lahey, John Hickey University of Southern California Information Sciences Institute.

Access Control for Federation of Emulab-based Network Testbeds Ted Faber, John Wroclawski 28 July 2008

Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan Presented.

Rick McGeer Chief Scientist, US Ignite March 17, 2014.

Large-scale Virtualization in the Emulab Network Testbed Mike Hibler, Robert Ricci, Leigh Stoller Jonathon Duerig Shashi Guruprasad, Tim Stack, Kirk Webb,

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Based upon slides from Jay Lepreau, Utah Emulab Introduction Shiv Kalyanaraman

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

Experiences with the ProtoGENI Control Framework Guilherme Fernandes

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

1 Emulab's Current Support For IXPs: An example of support for non-PCs.

CS 283Computer Networks Spring 2013 Instructor: Yuan Xue.

@Yuan Xue CS 283Computer Networks Spring 2011 Instructor: Yuan Xue.

Deterlab Tutorial CS 285 Network Security. What is Deterlab? Deterlab is a security-enhanced experimental infrastructure (based on Emulab) that supports.

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

A System for Monitoring and Management of Computational Grids Warren Smith Computer Sciences Corporation NASA Ames Research Center.

Designing a Federated Testbed as a Distributed System Robert Ricci, Jonathon Duerig, Gary Wong, Leigh Stoller, Srikanth Chikkulapelly, Woojin Seok 1.

Customer Care & Help Desk. Content  What is Help Desk?  Who should use these?  Features of Help Desk  Hierarchy of Help Desk (Level of User)  Flow.

SERVERS. General Design Issues  Server Definition  Type of server organizing  Contacting to a server Iterative Concurrent Globally assign end points.

DISTRIBUTED FILE SYSTEM- ENHANCEMENT AND FURTHER DEVELOPMENT BY:- PALLAWI(10BIT0033)

1 Remote Installation Service Windows 2003 Server Prof. Abdul Hameed.

Python Driven Sensor Observation Service Benjamin Welton NASA USRP.

Network Virtualization Ben Pfaff Nicira Networks, Inc.

Using the jFed tool to experiment from zero to hero

Configuring ALSMS Remote Navigation

Chapter 12: File System Implementation

Dynamic Web Page A dynamic web page is a kind of web page that has been prepared with fresh information (content and/or layout), for each individual viewing.

Design Unit 26 Design a small or home office network

Basic Tutorial Part II 31/12/2018.

Chapter 10: Advanced Cisco Adaptive Security Appliance

Presentation transcript:

Emulab Federation Preliminary Design Robert Ricci with Jay Lepreau, Leigh Stoller, Mike Hibler University of Utah USC/ISI Federation Workshop December 11, 2006

“Many Masters” Model No global master Emulabs make peering agreements “Home” testbed for –Users –Projects –Experiments

Identifying Users Users identified by UUID (X.667) rather than login name –Implementation begun Login names may be unique per project Web login now done with address –Already done on Utah Emulab We may do this for projects too

Starting an Experiment User submits NS file to one testbed –This will be the experiment “master” –Does this have to be project or user master? Hope not, but that poses unsolved challenges. Master testbed does most setup work Each remote testbed boots its part, then reports in Experiment controlled through the master testbed

Approving Remote Experiments Experiments come with “certifications” –Really: Signatures Each Emulab has a list of certification authorities it trusts Experiment accepted if signed by an appropriate authority –In the future, more complex policies Allows for a large set of acceptance policies

Some Possible Certifiers Testbed-wide –“Allow all experiments started at DETER” Project-wide –“Allow all experiments in project tbres from Utah’s Emulab” Experimenter –“Allow Steve Schwab to run experiments”

More Possible Certifiers Vetting committee –“Allow experiments that have been OKed by the DETER board” Other criteria –“Allow projects that Rob has verified as being classes”

Federation API Done with XML-RPC Generally, exchange “virtual to physical” mappings –Send reserved table, not virt_nodes –Send vlans table, not virt_lans Precedents in elab-in-elab support

Dealing With Version Skew General model –Node boot managed by local testbed –Everything else managed by master Leaves a somewhat narrow waist between virtual and physical –Hope: This is less susceptible to skew Version every interface –Allows testbeds to innovate

Proxied Services tmcd (virtual nodes) Event system (PlanetLab portal) Console (capture) VLAN creation (elab-in-elab) Power cycling (elab-in-elab) Frisbee done by pre-staging disk image, then running locally

New Policy Knobs Necessary Prefer local users to remote Limit resource use by remote users Policies based on “threat level” These may also apply to single Emulabs Add more policy knobs as we go

Pre-emptive Model Allow high priority experiments to force swapout of lower-priority experiments assign has some features to help Stateful swapout will make this more painless

“Library” Model You “check out” lease nodes for some period of time You can renew as long as no one has asked for those nodes Probably coupled with a reservation system

Control Network Maintain: All nodes in an experiment can directly communicate Impediments: –Unroutable control networks –Duplicated private IP addresses Solution: Tunnel Nodes get an extra control net IP alias

Filesystem First stage: NFS mounted from project master (TCP) Ideal: Use a real distributed filesystem But, we have to make sure all clients can mount it, or we can proxy them Possibly add special support for single writer, multi reader data

Local Administrators Can see remote experiments they are hosting Can force swapout of these experiments Can still easily find out about who is responsible for an experiment

Resource Assignment – Phase I Experiment master runs assign Each federated testbed needs physical topologies of others Loosely consistent reservation state –We already support optimistic allocation assign should scale for a while –Scales with number of pclasses –Utah: 66 –Six testbeds (1120 nodes): 133

New assign Features “Typing” for cross-emulab links Support for links with non-zero latency Generalize switch notion to handle VPN boxes Fuzzy latency/bw allocation New XML file format (some simplified version of rspec)

Resource Assignment – Phase II Distribute assign Possibilities: –Master partitions topology –Each Emulab “bids” on resources Probably iterative –Assign scarce resources first Possibly simplify virtual topologies (assign_wrapper)