Presentation is loading. Please wait.

Presentation is loading. Please wait.

Congress Blueprint --policy abstraction

Published by乙 景 Modified over 7 years ago

Similar presentations

Presentation on theme: "Congress Blueprint --policy abstraction"— Presentation transcript:

1 Congress Blueprint --policy abstraction
Yali Zhang

2 What is Congress? Wiki: https://wiki.openstack.org/wiki/Congress
Congress is a core OpenStack project to provide policy as a services across any collection of cloud services (e.g. application, compute, network and storage) in order to offer governance and compliance for dynamic infrastructures. Wiki:

3 What is the Solution? Why Congress? Different policy implementation:
Nova: SolverSchedular Neutron: group policy or configuration Swift: Swift policy engine …… Disadvantages: Complex configuration Tremendous conflict probability Incompetent for across components services …… What is the Solution?

4 Mechanism of Congress Retrieve data from underlying components by different drivers Express violation state with these data tables Functionality of Congress Allow cloud administrators and tenants to use a high-level, general purpose, declarative language to describe business logic. Datalog has been adopted as the policy expression language. Offer a pluggable architecture that connects to any collection of cloud services Enforce policy Proactive: preventing violations before they occur Reactive: correcting violations after they occur Monitoring: give administrators insight into policy and its violations.

5 Typical Example Requirement: Every network attached to a VM must be owned by someone in the same group as the VM owner. error(name2):- nova:servers(device_id, name2, c2, d2, tenant_id2, f2, g2, h2), neutronv2:ports(a, tenant_id, c, network_id, e, f, g, h, device_id, g), neutronv2:networks(network_id, tenant_id3, c3, d3, e3, f3), not same_group(tenant_id, tenant_id3) same_group(x,y) :- group(x,g),group(y,g) Datalog is not intuitive, even difficult. When translate the real intent into Datalog, the logic may be complex. And users must explicitly know the elements in underlying data tables, and how to connect them.

6 A Blueprint of Congress —— policy abstraction
Motivation: Datalog is complex language which is not intuitive to express users’ real intent. And there isn’t a unified policy model in Congress, so this blueprint aims to express a simple and intuitive way to deploy policies. error(vm) :- nova:virtual_machine(vm) nova:network(vm, network) nova:owner(vm, vm_owner) neutron:owner(network, network_owner) not same_group(vm_owner, network_owner) Entities+ attributions Conditions=error state Datalog consists of three parts. Objects which can be fetched from underlying services Objects’ attributions which are the elements to structure violations Prohibition state which expressed by objects’ attributions

7 Policy in Congress can be abstracted into object, violation-condition, action and data.
Object: an object or several related objects which are concerned by policy Violation-condition: the state of objects’ attributes or the relationship between several entities which can produce violation Action: the action needs to take for this policy, such as, monitoring, proactive or some specific reactive actions Data: the information gotten or needed when execute the action Expression in Horizon

8 Details of abstraction elements
Objects The related objects users care about which be jointed by some fields. e.g. Users care about the relation between servers and networks, they just need to choose these two objects without worrying about how to connect them (port). UI will predefine this relationship. Violation-condition Error state expressed by Datalog can be apart into two types. Restriction attributions’ value or statistic value (arithmetic or string manipulation) Restriction whether some attributions in some specific tables (data table manipulation)

9 Expansion of policy abstraction
nova neutron swift New service drivers policy engine admin Define new objects and relationship, violation condition Database user Use new objects and relationship, violation condition

10

Download ppt "Congress Blueprint --policy abstraction"

Similar presentations

Database Systems: Design, Implementation, and Management Tenth Edition

Database Systems: Design, Implementation, and Management Tenth Edition
1 Chapter 2 Database Environment Transparencies © Pearson Education Limited 1995, 2005.

1 Chapter 2 Database Environment Transparencies © Pearson Education Limited 1995, 2005.
Chapter 2 Database Environment.

Chapter 2 Database Environment.
Ch1: File Systems and Databases Hachim Haddouti

Ch1: File Systems and Databases Hachim Haddouti
Chapter 2 Database Environment Pearson Education © 2014.

Chapter 2 Database Environment Pearson Education © 2014.
Chapter 1 An Overview of Database Management. 1-2 Topics in this Chapter What is a Database System? What is a Database? Why Database? Data Independence.

Chapter 1 An Overview of Database Management. 1-2 Topics in this Chapter What is a Database System? What is a Database? Why Database? Data Independence.
Mrs. Maninder Kaur 1Maninder Kaur

Mrs. Maninder Kaur 1Maninder Kaur
Database Environment 1.  Purpose of three-level database architecture.  Contents of external, conceptual, and internal levels.  Purpose of external/conceptual.

Database Environment 1.  Purpose of three-level database architecture.  Contents of external, conceptual, and internal levels.  Purpose of external/conceptual.
A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis

A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis
CIT UPES | Sept 2013 | Unified Modeling Language - UML.

CIT UPES | Sept 2013 | Unified Modeling Language - UML.
CST203-2 Database Management Systems Lecture 2. One Tier Architecture Eg: In this scenario, a workgroup database is stored in a shared location on a single.

CST203-2 Database Management Systems Lecture 2. One Tier Architecture Eg: In this scenario, a workgroup database is stored in a shared location on a single.
UI and Data Entry UI and Data Entry Front-End Business Logic Mid-Tier Data Store Back-End.

UI and Data Entry UI and Data Entry Front-End Business Logic Mid-Tier Data Store Back-End.
1 Introduction to Database Systems. 2 Database and Database System / A database is a shared collection of logically related data designed to meet the.

1 Introduction to Database Systems. 2 Database and Database System / A database is a shared collection of logically related data designed to meet the.
Database Administration COMSATS INSTITUTE OF INFORMATION TECHNOLOGY, VEHARI.

Database Administration COMSATS INSTITUTE OF INFORMATION TECHNOLOGY, VEHARI.
Instructor: Dema Alorini Database Fundamentals IS 422 Section: 7|1.

Instructor: Dema Alorini Database Fundamentals IS 422 Section: 7|1.
Lecture # 3 & 4 Chapter # 2 Database System Concepts and Architecture Muhammad Emran Database Systems 1.

Lecture # 3 & 4 Chapter # 2 Database System Concepts and Architecture Muhammad Emran Database Systems 1.
Bayu Adhi Tama, M.T.I 1 © Pearson Education Limited 1995, 2005.

Bayu Adhi Tama, M.T.I 1 © Pearson Education Limited 1995, 2005.
Database Environment Session 2 Course Name: Database System Year : 2013.

Database Environment Session 2 Course Name: Database System Year : 2013.
EXPOSING OVS STATISTICS FOR Q UANTUM USERS Tomer Shani 19.6.13 Advanced Topics in Storage Systems Spring 2013.

EXPOSING OVS STATISTICS FOR Q UANTUM USERS Tomer Shani Advanced Topics in Storage Systems Spring 2013.
Fall 20021 CSE330/CIS550: Introduction to Database Management Systems Prof. Susan Davidson Office: 278 Moore Office hours: TTh 10-11.

Fall CSE330/CIS550: Introduction to Database Management Systems Prof. Susan Davidson Office: 278 Moore Office hours: TTh

Similar presentations

Ads by Google