Experiences with Eucalyptus: Deploying an Open Source Cloud

Similar documents
2) Xen Hypervisor 3) UEC

OpenStack Ecosystem and Xen Cloud Platform

Building a Private Cloud Cloud Infrastructure Using Opensource

Comparing Open Source Private Cloud (IaaS) Platforms

STeP-IN SUMMIT June 18 21, 2013 at Bangalore, INDIA. Performance Testing of an IAAS Cloud Software (A CloudStack Use Case)

Comparing Ganeti to other Private Cloud Platforms. Lance Albertson

Setting up a private cloud for academic environment with open source software

Efficient Cloud Management for Parallel Data Processing In Private Cloud

T Mobile Cloud Computing Private Cloud & Assignment

Virtualization & Cloud Computing (2W-VnCC)

THE EUCALYPTUS OPEN-SOURCE PRIVATE CLOUD

Introduction to Cloud computing. Viet Tran

Introduction to OpenStack

SURFnet Cloud Computing Solutions

Eucalyptus: An Open-source Infrastructure for Cloud Computing. Rich Wolski Eucalyptus Systems Inc.

Comparative Study of Eucalyptus, Open Stack and Nimbus

Mobile Cloud Computing T Open Source IaaS

Ubuntu 下 的 云 计 算. UbuntuChin 互 动 社 区 王 大 亮

How To Compare Cloud Computing To Cloud Platforms And Cloud Computing

Privileged Cloud Storage By MaaS JuJu

Leveraging BlobSeer to boost up the deployment and execution of Hadoop applications in Nimbus cloud environments on Grid 5000

Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems

Eucalyptus: An Open-source Infrastructure for Cloud Computing. Rich Wolski Eucalyptus Systems Inc.

StACC: St Andrews Cloud Computing Co laboratory. A Performance Comparison of Clouds. Amazon EC2 and Ubuntu Enterprise Cloud

Cloud Platform Comparison: CloudStack, Eucalyptus, vcloud Director and OpenStack

FleSSR Project: Installing Eucalyptus Open Source Cloud Solution at Oxford e- Research Centre

Sistemi Operativi e Reti. Cloud Computing

Introduction to Cloud Computing

A STUDY ON OPEN SOURCE CLOUD COMPUTING PLATFORMS

Onboarding VMs to Cisco OpenStack Private Cloud

Plug-and-play Virtual Appliance Clusters Running Hadoop. Dr. Renato Figueiredo ACIS Lab - University of Florida

What is Ubuntu Cloud? Nick Barcet

Towards an Architecture for Monitoring Private Cloud

OpenStack IaaS. Rhys Oxenham OSEC.pl BarCamp, Warsaw, Poland November 2013

Repoman: A Simple RESTful X.509 Virtual Machine Image Repository. Roger Impey

Building a Cloud Computing Platform based on Open Source Software Donghoon Kim ( donghoon.kim@kt.com ) Yoonbum Huh ( huhbum@kt.

Linux/Open Source and Cloud computing Wim Coekaerts Senior Vice President, Linux and Virtualization Engineering

OGF25/EGEE User Forum Catania, Italy 2 March 2009

Setting up of an Open Source based Private Cloud

OpenNebula An Innovative Open Source Toolkit for Building Cloud Solutions

FREE AND OPEN SOURCE SOFTWARE FOR CLOUD COMPUTING SERENA SPINOSO FULVIO VALENZA

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Mirantis

Deploying Business Virtual Appliances on Open Source Cloud Computing

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ILLUMIO ADAPTIVE SECURITY PLATFORM TM

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Moving SNE to the Cloud

Installation Runbook for Avni Software Defined Cloud

Development of Private Cloud

HYPER-CONVERGED INFRASTRUCTURE STRATEGIES

UZH Experiences with OpenStack

An Introduction to Virtualization and Cloud Technologies to Support Grid Computing

CLEVER: a CLoud-Enabled Virtual EnviRonment

Alfresco Enterprise on AWS: Reference Architecture

SUSE OpenStack Cloud 4 Private Cloud Platform based on OpenStack. Gábor Nyers Sales gnyers@suse.com

LSKA 2010 Survey Report I Device Drivers & Cloud Computing

OpenStack Towards a fully open cloud. Thierry Carrez Release Manager, OpenStack

Eucalyptus Tutorial HPC and Cloud Computing Workshop

Assembling Cloud Infrastructures with Eucalyptus

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Eucalyptus LSS: Load-Based Scheduling on Virtual Servers Using Eucalyptus Private Cloud

VM Management for Green Data Centres with the OpenNebula Virtual Infrastructure Engine

4 SCS Deployment Infrastructure on Cloud Infrastructures

THE CC1 PROJECT SYSTEM FOR PRIVATE CLOUD COMPUTING

5nine Virtual Firewall 2.1 for Microsoft Hyper-V

ILLUMIO ADAPTIVE SECURITY PLATFORM TM

SURFnet cloud computing solutions

Windows Server 2012 R2 Hyper-V: Designing for the Real World

Top virtualization security risks and how to prevent them

Building Docker Cloud Services with Virtuozzo

Ubuntu OpenStack on VMware vsphere: A reference architecture for deploying OpenStack while limiting changes to existing infrastructure

Standard Interfaces for Open Source Infrastructure as a Service Platforms

Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP

Comparison of Several Cloud Computing Platforms

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Cloud Models and Platforms

VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS. Advisor: Software Security Lab.

Data Centers and Cloud Computing

Transcription:

Experiences with Eucalyptus: Deploying an Open Source Cloud Rick Bradshaw - bradshaw@mcs.anl.gov Piotr T Zbiegiel - pzbiegiel@anl.gov Argonne National Laboratory

Overview Introduction and Background Eucalyptus experiences and observations o Scalability o Security o Support Our chosen support model Conclusions and future work

Introduction Clouds for scientific computing? o Magellan Project buy or build What cloud software is available? o Different Cloud APIs EC2 ( http://aws.amazon.com/ec2/ ) Rackspace (http://www.rackspacecloud.com/?cmp=google_rackspace+cloud_exact ) Nimbus ( http://www.nimbusproject.org/ ) many more out there Why did we choose Eucalyptus? o EC2 compatibility o Open Source / Free o UEC from Ubuntu

Eucalyptus 1.6.2

Eucalyptus Scalability: Cluster sizes Tested Eucalyptus with various sized clusters (40, 80, 160, 240 nodes behind one cluster controller) All-around performance best with smaller clusters Performance deteriorated as clusters size grew due to iterative operations Eucalyptus instance termination operation is serial o Instances that don t terminate in a timely manner are communicated to all nodes o The process delays other activities while it works on terminating instances o o Naturally, larger clusters result in longer execution times for such operations Instance requests which never left the cluster controller due to errors are still terminated on the node controllers!

Eucalyptus Scalability: Load Testing Load tests were done to stress the software. Eucalyptus performed acceptably given enough time to complete requests Rapid churning (starting and stopping instances) gives Eucalyptus heartburn. Ran into hard limit on a single cluster controller o Somewhere between 750 and 800 running VMs o Caused by message size limitation in cloud and cluster controller communication protocol

Security: Network Security Eucalyptus network mode: MANAGED-NOVLAN VM network traffic masquerades as Cluster Controller By default, VMs can communicate with Node Controllers and other internal systems. (BAD) iptables rules on node controllers o prevents VMs from making unwanted connections o No impact to cloud operation

Security: IDS Risk areas identified for the VMs Outside IPs scanning/attacking VMs VMs scanning/attacking outside IPs VMs running suspect services Eucalyptus MANAGED-NOVLAN network model provides suitable IDS access IDS watches internal Cluster Controller interface Monitors all inbound and outbound traffic to the VMs Also monitors communication between security groups Can not see VMs communicating within a security group.

Security: Image Security Concerns Users can upload and register customized disk images Sys Admins must register kernel and ramdisk images Uploaded images automatically made public o Users must choose to change permissions o Contents of image can be inadvertently leaked Users can upload compromised images o A myriad of ways to backdoor o Bucket naming is fairly open o This even happened accidentally Users can upload images with exploitable vulnerabilities o Every user is a sys admin o We can recommend but not require best practices

User Support

User Support We chose a community based support model o forums( still haven't found one everyone agrees on ) o wikis o mailing lists o best effort documentation The difference between Job support and OS/VM support o the complexity is greatly increased o learning curve for users is steep o pre-built images do not always work without effort Kernels KVM vs. Xen startup environment

Conclusions Works but still evaluating other solutions o Nimbus o OpenStack Don't believe the hype o every cloud stack has its qualities and faults o usage/api should help make the choice

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information