Iaa SCloud Architectures

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 35

IaaS Cloud Architectures:

Virtualized Data Centers to


Federated Cloud Infrastructures
Dr. Sanjay P. Ahuja, Ph.D.
2010-14 FIS Distinguished Professor of Computer
Science
School of Computing, UNF
Introduction
 Virtualization plays an important role as an enabling technology for datacenter
implementation by abstracting compute, network, and storage service platforms
from the underlying physical hardware.

 Because secure, efficient, and scalable management of these virtualized


infrastructures is essential to guarantee optimal datacenter operation, the virtual
infrastructure manager is a key component of the datacenter architecture.

 The virtual infrastructure manager, also called the cloud operating system
(cloud OS), orchestrates the deployment of virtual resources and manages the
physical and virtual infrastructures.

 Management of the datacenter as a cloud makes it possible to complement the


local infrastructure with remote resources from other federated datacenters or
commercial clouds.
Introduction (contd.)
 This cloud vision of the datacenter provides several advantages
including server consolidation to reduce hardware and power
requirements, on-the-fly resizing of the physical infrastructure, service
workload balance among physical resources to improve efficiency
and utilization, server replication to support fault tolerance and high
availability capabilities, and dynamic partitioning of physical
infrastructure to execute and isolate different services and workloads.

 Turning this vision into reality requires developing an open and


flexible cloud architecture reference model that addresses the
requirements of business use cases from IT companies. The model
must provide interoperability and portability to prevent vendor lock-in,
scalability, and standardization.
Challenge in Cloud Computing
 An open challenge in cloud computing is cloud federation, which
involves different architectures and levels of coupling among
federated cloud instances.

 The cloud architecture reference model must include support for the
deployment of different federation scenarios so that cloud providers
and IT companies can use external resources as well as share their
internal resources.
Cloud Infrastructure Anatomy
 The key component of an IaaS cloud architecture is the cloud OS (see figure
in next slide), which manages the physical and virtual infrastructures and
controls the provisioning of virtual resources according to the needs of the
user services.

 A cloud OS’s role is to efficiently manage datacenter resources to deliver a


flexible, secure, and isolated multitenant execution environment for user
services that abstracts the underlying physical infrastructure and offers
different interfaces and APIs for interacting with the cloud.

 While local users and administrators can interact with the cloud using local
interfaces and administrative tools that offer rich functionality for managing,
controlling, and monitoring the virtual and physical infrastructure, remote
cloud users employ public cloud interfaces that usually provide more limited
functionality.
The Cloud OS
The Cloud OS
As a key component in a modern datacenter, the cloud
operating system is responsible for:
1.managing the physical and virtual infrastructure,

2.orchestrating and commanding service provisioning and


deployment,

3.providingfederation capabilities for accessing and


deploying virtual resources in remote cloud infrastructures
Infrastructure and Cloud Drivers
 To provide an abstraction of the underlying infrastructure, technology, the cloud OS
can use adapters or drivers to interact with a variety of virtualization technologies.
These include hypervisor, network, storage, and information drivers.

 The core cloud OS components, including the virtual machine (VM) manager,
network manager, storage manager, and information manager, rely on these
infrastructure drivers to deploy, manage, and monitor the virtualized infrastructures.

 In addition to the infrastructure drivers, the cloud OS can include different cloud
drivers to enable access to remote providers.

 OpenNebula (http://opennebula.org) is an example of an open cloud OS platform


focused on datacenter virtualization that fits with the architecture proposed in Figure
1. Other open cloud managers, such as OpenStack (http://openstack.org) and
Eucalyptus (www.eucalyptus.com), primarily focus on public cloud features.
Virtual Machine Manager
 A cloud OS defines the VM as the basic execution unit and the virtualized
services (group of VMs for executing a multitier service) as the basic
management entity.

 This concept helps create scalable applications because the user can either
add VMs as needed (horizontal scaling) or resize a VM (if supported by the
underlying hypervisor technology) to satisfy a VM workload increase (vertical
scaling).

 Individual multitier applications are isolated from each other, but individual VMs
in the same applications are not, as they all can share a communication
network and services when needed.

 A VM consists of a set of parameters and attributes, including the OS kernel,


VM image, memory and CPU capacity, network interfaces etc.
Virtual Machine Manager (contd.)
 The VM manager is responsible for managing a VM’s entire life cycle and
performing different VM actions—deploy, migrate, suspend, resume, shut
down—according to user commands or scheduling strategies.

 To perform these actions, the VM manager relies on the hypervisor drivers,


which expose the basic functionality of underlying hypervisors such as Xen,
KVM, and VMware to avoid limiting the cloud OS to a specific virtualization
technology.

 The VM manager is also responsible for preserving the service-level


agreements contracted with the users, which are usually expressed in terms
of VM availability in infrastructure clouds. To guarantee this availability, the
VM manager should include different mechanisms for detecting VM crashes
and automatically restarting the VM in case of failure.
Network Manager
The deployment of services in a cloud involves not only the provision of VMs
but also the instantiation of communication networks to interconnect the
different service components and to make the service reachable for external
users, if needed.

The network manager should be able to manage private networks to


interconnect both the service’s internal components and public IP address
pools and connect the front-end service components to the Internet.

The network manager uses the network drivers to provision virtual networks
over the physical network infrastructure. It needs to ensure traffic isolation
between virtual networks.
Storage Manager
 The storage manager’s main function is to provide storage services and final-
user virtual storage systems as a commodity.

 The storage system must be scalable so that it can grow dynamically according
to service needs; highly available and reliable, to avoid data access disruption in
data access in case of failure; high-performance, to support strong demands of
data-intensive workloads; and easy to manage, abstracting users from the
underlying physical storage’s complexity.

 To reach these goals, the storage manager relies on the existing storage drivers,
which introduce a layer of abstraction between users or services and physical
storage and enable the creation of a storage resource pool where storage
devices appear as one, allowing data to be moved freely among devices.
Image Manager
 Image managers must handle a huge amount of VM images belonging to
different users, with different operating systems and software configurations.

 Thus, the cloud OS must have the appropriate tools to manage these images efficiently
and securely, as well as having additional functionality for administering image
repositories.

 A set of attributes defines the VM image, including the image’s name, a description of
its contents, the type of image—public, private, or shared—the image owner, and the
image’s location within the repository.

 Basic image functionality should include tools for creating a new image in a repository,
deleting an image, cloning an image from an existing one, adding or changing an
image attribute, sharing an image with other users, publishing an image for public use,
or listing the images available in the repository.
Information Manager
 The information manager is responsible for monitoring and gathering
information about the state of VMs, physical servers, and other
components of virtual and physical infrastructures such as network
devices and storage systems. This monitoring function is essential to
ensure that all these components are performing optimally.

 The information manager uses the information drivers to collect monitoring


information from virtual and physical resources. At the physical server level,
the administrator can install different specialized tools for monitoring
purposes such as Nagios (www.nagios.com) and Ganglia
(http://ganglia.sourceforge.net).

 Monitoring at the VM level relies on the information provided by hypervisors,


which can be very limited and might differ from one hypervisor to another.
Authentication and Authorization
 Clouds must incorporate mechanisms to authenticate users and
administrators and to provide them with access only to authorized resources.

 User authentication verifies and confirms the identity of users who try to access cloud
resources. This function can be implemented using different methods, such as simple
password verification mechanisms via LDAP; trusted authentication mechanisms
based on public keys, X.509 certificates or Kerberos.

 Authorization policies control and manage user privileges and permissions to access
different cloud resources, such as VMs, networks, or storage systems. Access control
can be implemented using role-based mechanisms, where a role defines a group of
permissions to perform certain operations over specific cloud resources and users can
be assigned particular roles.

 Quota mechanisms can be used to limit the amount of resources—CPU, memory,


network bandwidth, or disk—a specific user can access.
Accounting and Auditing
 Accounting’s objective is to obtain and record resource usage
information of deployed services. This function relies on the
information manager to monitor resources and collect usage
information from metric measurements. Accounting is essential to
implementing the mechanisms that produce billing information.

 Auditing provides information about activity in cloud resources,


indicating who accessed cloud resources, when they gained
access, and what operations they performed. This information is
useful to improve cloud security and protect it from threats such as
unauthorized access, abusive use of resources, and other forms of
intrusion.
Federation Manager
 The federation manager enables access to remote cloud infrastructures,
which can be either partner infrastructures governed by a similar cloud OS
entity or public cloud providers.

 The federation manager should provide basic mechanisms for deployment,


runtime management, and termination of virtual resources in remote
clouds; remote resource monitoring; user authentication in remote cloud
instances; access control management and remote resource permission;
and tools for image building on different clouds with different image
formats.

 The federation manager’s design could differ depending on the supported


types of federation—for example, cloud aggregation, bursting, or brokering
—and levels of coupling and interoperability. The cloud OS must
implement the federation manager as an internal component to support
federation architectures at the infrastructure level.
Scheduler
 There are two levels of scheduling within a cloud infrastructure: at
the physical host level, managed by the hypervisor scheduler, which
is responsible for deciding when VMs can obtain system resources
—such as physical CPU or memory—and which physical CPUs are
assigned to each VM; and at the cloud level, managed by the cloud
OS scheduler, which is responsible for deciding the particular
physical server where each VM is deployed.

 The cloud OS scheduler’s main function is to decide the initial


placement of each VM following specific criteria.

 In a federated environment, the scheduler could decide to deploy


the VM in a remote cloud when insufficient resources are available
in the local infrastructure.
Scheduler (contd.)
 The scheduler could also provide dynamic optimization capabilities,
enabling the dynamic reallocation (migration) of VMs from one
physical resource to another to meet specific optimization criteria.

 The table in the next slide lists different scheduling policies, based on
varying optimization criteria, to guide both initial placement and
dynamic reallocation actions.

 The user can also specify the constraints that can restrict scheduler
decisions such as, for example, hardware (amount of CPU, memory,
and so on), platform (type of hypervisor, OS, and so on), affinity (two
or more VMs that need to be deployed in the same physical server or
the same physical cluster), location (geographical restrictions), or
service-level agreement constraints (guaranteed CPU capacity or high
operational reliability).
Optimization Criteria for Allocation and Reallocation
Policies of the Scheduler
Scheduler (contd.)
 The cloud OS invokes the scheduler every time a new VM is waiting
to be deployed as well as periodically to optimize the entire virtual
infrastructure, reallocating VMs if necessary to meet the established
optimization criteria.

 The scheduler interacts with the VM manager to deploy or allocate


the VM in the selected server or with the federation manager to
deploy VMs in remote clouds.
Administrative Tools
 The cloud OS must provide different tools and interfaces (command-
line or GUI) for users and administrators to perform various tasks.

 For privileged administration, the system should include both user


administration tools (to create, modify, or delete users and manage
user authorization and access control policies) and physical
infrastructure management tools (to boot or shut down physical
servers, monitor physical infrastructure, and so on).

 Unprivileged users should also be provided with tools to manage their


own infrastructure—for example, VM management tools (to deploy,
shut down, suspend, restore, or monitor a VM), virtual network
management tools (to create or delete virtual networks), virtual storage
management tools (to create, delete, or attach a virtual disk), and
image management tools (to create, clone, or delete images).
Service Manager
 The cloud OS should be able to manage and support virtualized multitier
services. A multitier service can comprise several component/tiers with some
intrinsic dependencies among them. These services can be deployed as a group
of interconnected VMs in the cloud with specific deployment dependencies and,
optionally, some location, affinity, and elasticity requirements.

 The service manager’s admission control function entails deciding whether to


accept or reject a service, depending on the service requirements and resource
availability in the cloud.

 Once it accepts a service, the service manager is responsible for managing its
life cycle, which can involve several actions, including deploying, suspending,
resuming, or canceling the service.

 To deploy a new service, the service manager interacts with the scheduler to
decide the best placement for the various VMs that comprise the service,
according to the selected optimization criteria and service constraints.
Service Manager (contd.)
 Another service manager function is the management of service
elasticity. The service manager can incorporate different
mechanisms for service auto-scaling based on elasticity rules, which
trigger the deployment of new instances (horizontal scaling) or by
resizing existing instances (vertical scaling) when user-specified
service metrics exceed certain thresholds.

 Independent of the service manager, users are always allowed to


employ the interfaces provided by the administrative tools or the
cloud interface to deploy, resize, migrate, or shut down their
individual VMs.
Cloud Interfaces
 In the current cloud ecosystem, most cloud products and providers
offer their own APIs, such as Amazon EC2 or VMware’s vCloud.
Although some of these APIs are becoming de facto standards, this
heterogeneity makes it difficult to achieve interoperability and
portability across clouds.

 Several standards bodies are addressing interoperability and


portability issues surrounding cloud infrastructures. Example, OGF
OCCI (http://occi-wg.org), OVF (http://dmtf.org/standards/cloud).
Cloud Federation
 Cloud federation, which enables cloud providers and IT companies to
collaborate and share their resources, is associated with many portability
and interoperability issues.

 Cloud developers and researchers have proposed or implemented


numerous federation architectures, including cloud bursting, brokering,
aggregation, and multitier.

 These architectures can be classified according to the level of coupling or


interoperation among the cloud instances involved, ranging from loosely
coupled (with no or little interoperability among cloud instances) to tightly
coupled (with full interoperability among cloud instances).
Loosely Coupled Federation
 This scenario is formed by independent cloud instances—for
example, a private cloud complementing its infrastructure with
resources from an external commercial cloud—with limited
interoperation between them.

 A cloud instance has little or no control over remote resources (for


example, decisions about VM placement are not allowed),
monitoring information is limited (for example, only CPU, memory,
or disk consumption of each VM is reported), and there is no
support for advanced features such as cross-site networks or VM
migration.
Partially Coupled Federation
 This scenario typically consists of various partner clouds that
establish a contract or framework agreement stating the terms and
conditions under which one partner cloud can use resources from
another.

 This contract can enable a certain level of control over remote


resources (for example, allowing the definition of affinity rules to
force two or more remote VMs to be placed in the same physical
cluster); can agree to the interchange of more detailed monitoring
information (for example, providing information about the host where
the VM is located, energy consumption, and so on); and can enable
some advanced networking features among partner clouds (for
example, the creation of virtual networks across site boundaries).
Tightly Coupled Federation

 This scenario usually includes clouds belonging to the same


organization and is normally governed by the same cloud OS type.

 In this scenario, a cloud instance can have advanced control over


remote resources—for example, allowing decisions about the exact
placement of a remote VM—and can access all the monitoring
information available about remote resources.

 In addition, it can allow other advanced features, including the


creation of cross-site networks, cross-site migration of VMs,
implementation of high availability techniques among remote cloud
instances, and creation of virtual storage systems across site
boundaries.
Cloud Federation Architectures
Bursting (Hybrid) Architecture

 Cloud bursting or hybrid architecture combines the existing on-


premise infrastructure (usually a private cloud) with remote
resources from one or more public clouds to provide extra capacity
to satisfy peak demand periods.

 Because the local cloud OS has no advanced control over the


virtual resources deployed in external clouds beyond the basic
operations the providers allow, this architecture is loosely coupled.
Most existing open cloud managers support the hybrid cloud
architecture and is used in infrastructures such as StratusLab (
http://stratuslab.eu).
Broker Architecture
 The central component of the broker architecture is a broker that serves
various users and has access to several public cloud infrastructures. A
simple broker should be able to deploy virtual resources in the cloud as
selected by the user.

 An advanced broker offering service management capabilities could make


scheduling decisions based on optimization criteria such as cost,
performance, or energy consumption to automatically deploy virtual user
service in the most suitable cloud, or it could even distribute the service
components across multiple clouds. This architecture is also loosely
coupled since public clouds typically do not allow advanced control over
the deployed virtual resources.

 Brokering is the most common federation scenario. Examples include


BonFIRE (www.bonfire-project.eu), Open Cirrus, and FutureGrid (
http://futuregrid.org).
Aggregated Architecture

 Cloud aggregation consists of two or more partner clouds that


interoperate to aggregate their resources and provide users with a
larger virtual infrastructure. This architecture is usually partially
coupled, since partners could be provided with some kind of
advanced control over remote resources, depending on the terms
and conditions of contracts with other partners.

 These partner clouds usually have a higher coupling level when


they belong to the same corporation than when they are owned by
different companies that agree to cooperate and aggregate their
resources. The Reservoir federated infrastructure is an example of
an aggregated cloud architecture.
Multitier Architecture

 The multitier architecture consists of two or more cloud sites, each


running its own cloud OS and usually belonging to the same
corporation, that are managed by a third cloud OS instance
following a hierarchical arrangement.

 This upper cloud OS instance has full control over resources in


different cloud sites—a tightly coupled scenario—and it exposes the
resources available in the different cloud sites as if they were
located in a single cloud.

 This architecture is beneficial for corporations with geographically


distributed cloud infrastructures because it provides uniform access.
It is also useful for implementing advanced management features
such as high availability, load balancing, and fault tolerance.
Reference and Acknowledgement

The contribution of the following paper is duly acknowledged for this


presentation:

Moreno-Vozmediano, R., Montero, R., and Llorente, I., "IaaS Cloud


Architecture: From Virtualized Data Centers to Federated Cloud
Infrastructures", IEEE Computer Vol. 45 (12), Dec. 2012, pp. 65-72.

You might also like