SlideShare una empresa de Scribd logo
1 de 25
Descargar para leer sin conexión
Infrastructure 2.0:
Objects and Identifiers:
Toward an Inter/Inner-Cloud
Registry System
Stuart Bailey
Andrew Benton
I2.0 Workshop, January 2010




                              © 2009 Infoblox Inc. All Rights Reserved.
Specific Issues for the Intercloud Challenge



IPv4 lacks “number portability”
IP also lacks metadata portability (e.g. vm binding,
vn membership, policy, state, location, etc.)
Both are required to take full advantage of cloud
A dynamic context rich registry and rendezvous
service may help with these requirements
Many other dynamic patterns may be expressible
in a such a registry
There are several technologies and efforts which
seem to be relevant: DNS, SNMP, X.500/LDAP,
XMPP, RDF, LISP, HIP, DHCP, DEN, CMDB, etc.

                                               © 2009 Infoblox Inc. All Rights Reserved.
What patterns are important?




                       Intercloud

                                                    member of
  member of



                                                   dns-name=
                                                    testbed.
    dns-name=                               opencloudconsortium.org
  cloud.sun.com


                               interface=                                  interface=
                   URI=a          AWS                                        Yahoo
    interface=                                                             Version Y
       Sun                     Version X
    Version Z

                                            URI=b                  URI=c



                                                                © 2009 Infoblox Inc. All Rights Reserved.
Complex Patterns May Emerge



                                member of          Cloud           member of
      Cloud


                                     Virtual                      Virtual
                  member of         Network       member of      Network

assigned to                       runs on
                      Virtual                                       assigned to
                     Machine                        Virtual
                                                   Machine
                                    runs on
  MAC Address
                                                               MAC Address
                assigned to      Device         assigned to
  IP Address
                                                               IP Address
                 assigned to                   assigned to


                  MAC Address                     IP Address



                                                                  © 2009 Infoblox Inc. All Rights Reserved.
Patterns Evolve



                                member of          Cloud           member of


                                     Virtual                      Virtual
                  member of         Network       member of      Network

assigned-to
                      Virtual                                       assigned to
                     Machine                        Virtual
                                                   Machine

  MAC Address
                                                               MAC Address
                assigned-to      Device         assigned-to
  IP Address
                                                               IP Address
                 assigned-to                   assigned-to


                  MAC Address                     IP Address



                                                                  © 2009 Infoblox Inc. All Rights Reserved.
Patterns Evolve



                                member of          Cloud          member of


                                     Virtual                     Virtual
                  member of         Network      member of      Network

assigned to
                      Virtual                                      assigned to
                     Machine                        Virtual
                                                   Machine

  MAC Address                                  runs on
                                                              MAC Address
                assigned to       Virtual
                                                assigned to
                                 Machine
  IP Address
                                                              IP Address
                 assigned to


                  MAC Address



                                                                 © 2009 Infoblox Inc. All Rights Reserved.
MAP: Metadata Access Point

• MAP is specifically designed to infrastructure
  coordination use cases
     Optimized for loosely structured metadata
     Publish/Subscribe capability for asynchronous
     searches
     Highly scalable architecture
  Design is based on the assumption that you
  will never find the data relation schema to
  satisfy all needs
     So you can move forward in spite of a lack of full
     relation specifications

          Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
IF-MAP for Network Security

                                 Asset
                              Management                                 NAC Decision
                                System                                      Point

              Custom
            Integration
SIM / SEM
                                                MAP                                                                    IPAM
                                               Service


                                                                                                                      DHCP
             IF-MAP
             Protocol                                                                                                 AD

                                                                                                                     RADIUS




Routing     IDS                 RFID                  Switching                   Wireless                  Firewalls



                  Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
Properties of Dynamic Coordination
   Relational Database
                                                        1. Lots of real-time
                                                           data writes
  LDAP/DNS Directory                                    2. Unstructured
                                                           relationships
                                                        3. Diverse interest in
                                                           changes to the
     MAP Database
                                                           current state as they
                                                           occur
                                                        4. Distributed data
                                                           producers &
                                                           consumers
                Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
MAP Access Operations

  Publish: Tell others that…<metadata…>
    Clients store metadata into MAP for others to see
        Incorporates create, modify and delete functionality


  Search: Tell me if…match(metadata pattern)
    Clients retrieve published metadata associated with a particular
    identifier and linked identifiers
        Constrained by link-match and result-filter criteria
        Constrained by maximum depth and size criteria


  Subscribe: Tell me when…match(metadata pattern)
    Clients request asynchronous results for searches that match when
    others publish new metadata
        A client’s subscription consists of a list of one or more searches
        Client names its searches so that asynchronous results are unambiguous

                 Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
MAP Element Model

  Model Components:
                         All objects are represented by unique
        Identifiers
                         identifiers
                         Connote relationships between pairs of
             Links
                         identifiers
         Metadata Attributes attached to Identifiers or Links

  Important Properties:
     All identifiers and links exist implicitly, but have no
     meaning until metadata is attached to them
     Identifier and Metadata types are defined in modular XML
     schemas
        Metadata in particular is designed to be extensible

              Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
Example Use Scenario

                                                        1. Initial setup:
                      dns-name =
                    hr.corp.myco.co
                           m                              a)       HR publishes its metadata
                                                                   to MAP. This will the one
                      content-owner
                                                                   side of the links it will later
                        = hr-dept,                                 create for each employee.
                        contact =
                      123-456-7890
                                                          b)       Servers each subscribe to a
                                                                   pattern that will match
                                                                   newly added employees




                    identifier = “dns-name[name=hr.corp.myco.com]”
                    match-links = “employee-attribute[name=“active]
     Server1        max-depth = “1” result-filter = “distinguished-name”
               Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
Example Use Scenario

  employee-attribute                                             2. New Employee:
                               dns-name =
      = active
                             hr.corp.myco.co
                                    m                              a)       HR later publishes an
                                                                            “employee-attribute=active”
 distinguished-name =          content-owner
                                                                            metadata link between
    C=US, O=myco,
       OU=people,
                                 = hr-dept,                                 itself and the new
                                 contact =
       CN=12534                123-456-7890                                 employee’s identifier
                                                                   b)       Server1 receives an
                                                                            asynchronous notification
                                                                            of each new employee due
                                                                            to its subscription, which
                                                                            causes it to creates a new
                                                                            user account.
                           identifier = “dns-name[name=hr.corp.myco.com]”
                           match-links = “employee-attribute[name=“active]
            Server1        max-depth = “1” result-filter = “distinguished-name”
                        Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
Example Use Scenario

    employee-attribute                                                3. Provisioning Pattern
                                    dns-name =
        = active
                                  hr.corp.myco.co
                                         m                              a)       This pattern repeats itself
                                                                                 for each new employee
   distinguished-name =
      C=US, O=myco,
                                    content-owner
                                      = hr-dept,
                                                                        b)       Notifications of transitions
         OU=people,
         CN=12534
                                      contact =                                  to inactive states can occur
                                    123-456-7890
                                                                                 at the same time.
                                                                        c)       Other related identifer
failed-login-attempts = 3,
  login-status = allowed                                                         metadata and link metadata
                                                                                 may be published by others
                            role =
                access-finance-server-allowed
                                                                                 at a later time.


                                  identifier = “dns-name[name=hr.corp.myco.com]”
                                  match-links = “employee-attribute[name=“active]
                Server1           max-depth = “1” result-filter = “distinguished-name”
                             Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
Current State

    TCG published IF-MAP v1.1 Standard in May’09
      Coincided with Interop’09 with multi-vendor
      collaborative demonstrations
    Interop’09 demonstration use cases:
      Remote User Access Security
      Industrial Controls Security
      Physical Access Security
      Datacenter Management Security




            Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
An October 2009 Proposal (Working #2)


•   IF-MAP 1.1 Specification (A Free and Open Standard):
     • http://www.trustedcomputinggroup.org/
• Proposal: Quick collaboration on an Intercloud registry
  prototype (a step toward a golden spike)
• Open Cloud Consortium agreed has agreed to host
  prototype on their network
• Infoblox will donate IF-MAP service software and
  operations and IF-MAP client developer training
• Need: cloud provider prototype participation, IF-MAP
  service hardware partners, governance activity
• Unencumbered IF-MAP client stacks available
• Andrew Benton is an IF-MAP client development expert!

                                                           © 2009 Infoblox Inc. All Rights Reserved.
Intercloud and Innercloud Registries




                                       © 2009 Infoblox Inc. All Rights Reserved.
Clouds can publish capabilities and entry points




                IF-MAP
                Publish




                                                   © 2009 Infoblox Inc. All Rights Reserved.
Entry points and capabilities can be discovered




                                          1. IF-MAP
                                           Search




                           2. IF-MAP
                            Search


                                                      © 2009 Infoblox Inc. All Rights Reserved.
Response to changes can be automated




                         IF-MAP
                        Subscribe


                                       © 2009 Infoblox Inc. All Rights Reserved.
IF-MAP 1.1 STANDARD Identifiers
 identity
          dns-name
          email-address
          kerberos-principal
          username
          other (vendor defined)

 ip-adddress (v4 or v6)
 mac-address
 device




                      Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
OCC IF-MAP 1.1 Metadata for Inter/Inner Cloud
 Registries (v1)

assigned-to (Link) Recommended for: dns-name, ip-address, mac-address, and
    device
cloud (Link) Recommended for: dns-name and other:Intercloud
interface (Link) Recommended for: dns-name and other:URI
member-of (Link) Recommended for: dns-name, ip-address, mac-address, and
    other:name
resides-on (Link) Recommended for: other:name and device
vdatacenter Recommended for: other:name
vmachine Recommended for: dns-name, ip-address, and mac-address
vnet Recommended for: other:name

Also defines: file, directory, table, collection, datastore




                                                              © 2009 Infoblox Inc. All Rights Reserved.
Patterns Evolve



                                member of          Cloud           member of


                                     Virtual                      Virtual
                  member of         Network       member of      Network

assigned-to
                      Virtual                                       assigned to
                     Machine                        Virtual
                                                   Machine

  MAC Address
                                                               MAC Address
                assigned-to      Device         assigned-to
  IP Address
                                                               IP Address
                 assigned-to                   assigned-to


                  MAC Address                     IP Address



                                                                  © 2009 Infoblox Inc. All Rights Reserved.
An Update



• Initial Inter/Inner-Cloud metadata schema for IF-MAP 1.1
  proposed by Open Cloud Consortium (OCC)
• IF-MAP 1.1 based Intercloud Registry prototype using
  the OCC Inter/Inner-Cloud metadata schema running
  and tested on Cisco UCS blade server
• Cisco agreed to donate UCS blade server system to
  Open Cloud Consortium for further registry research
• IF-MAP enabled Multicloud prototype running on
  Eucalyptus running on Amazon AWS for Innercloud
  Registry Protyping




                                               © 2009 Infoblox Inc. All Rights Reserved.
Next Steps



• Define Standard Registry Semantics and Metadata
  • Rainmaker?
  • Lighthouse?
  • Others?
• Distributed Unencumbered Open Source Registry
  Clients




                                            © 2009 Infoblox Inc. All Rights Reserved.

Más contenido relacionado

La actualidad más candente

Mobile App Assurance: Yesterday, Today, and Tomorrow.
Mobile App Assurance: Yesterday, Today, and Tomorrow.Mobile App Assurance: Yesterday, Today, and Tomorrow.
Mobile App Assurance: Yesterday, Today, and Tomorrow.Bob Binder
 
[AzurePT] Desenvolvimento para o Windows Azure: Diferença para o developer
[AzurePT] Desenvolvimento para o Windows Azure: Diferença para o developer[AzurePT] Desenvolvimento para o Windows Azure: Diferença para o developer
[AzurePT] Desenvolvimento para o Windows Azure: Diferença para o developerVitor Tomaz
 
eFolder Webinar, Continuity Cloud Demo
eFolder Webinar, Continuity Cloud DemoeFolder Webinar, Continuity Cloud Demo
eFolder Webinar, Continuity Cloud DemoDropbox
 
VSC Wholesale &amp; Retail Softswitch
VSC Wholesale &amp; Retail SoftswitchVSC Wholesale &amp; Retail Softswitch
VSC Wholesale &amp; Retail Softswitchmytlaw
 
3 Networking CloudStack Developer Day
3  Networking CloudStack Developer Day 3  Networking CloudStack Developer Day
3 Networking CloudStack Developer Day Kimihiko Kitase
 
Webcast: Reduce Costs, Improve Agility with Convergenomics
Webcast: Reduce Costs, Improve Agility with ConvergenomicsWebcast: Reduce Costs, Improve Agility with Convergenomics
Webcast: Reduce Costs, Improve Agility with ConvergenomicsEmulex Corporation
 
OSGi Remote Services With Sca
OSGi Remote Services With ScaOSGi Remote Services With Sca
OSGi Remote Services With Scamfrancis
 
TBIZ2011 - Juniper. Next Generation Data Center
TBIZ2011 - Juniper. Next Generation Data Center TBIZ2011 - Juniper. Next Generation Data Center
TBIZ2011 - Juniper. Next Generation Data Center TechnologyBIZ
 
Introduction To AMF
Introduction To AMFIntroduction To AMF
Introduction To AMFtomhensel
 
Nevmug Green Pages Cisco Nexus January 2009
Nevmug   Green Pages Cisco   Nexus January 2009Nevmug   Green Pages Cisco   Nexus January 2009
Nevmug Green Pages Cisco Nexus January 2009csharney
 
Developments in Managed Content Distribution
Developments in Managed Content DistributionDevelopments in Managed Content Distribution
Developments in Managed Content DistributionCisco Service Provider
 
Network Storage: State of the Industry
Network Storage: State of the IndustryNetwork Storage: State of the Industry
Network Storage: State of the IndustryIMEX Research
 
Sao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixSao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixVerimatrix
 

La actualidad más candente (16)

Mobile App Assurance: Yesterday, Today, and Tomorrow.
Mobile App Assurance: Yesterday, Today, and Tomorrow.Mobile App Assurance: Yesterday, Today, and Tomorrow.
Mobile App Assurance: Yesterday, Today, and Tomorrow.
 
[AzurePT] Desenvolvimento para o Windows Azure: Diferença para o developer
[AzurePT] Desenvolvimento para o Windows Azure: Diferença para o developer[AzurePT] Desenvolvimento para o Windows Azure: Diferença para o developer
[AzurePT] Desenvolvimento para o Windows Azure: Diferença para o developer
 
eFolder Webinar, Continuity Cloud Demo
eFolder Webinar, Continuity Cloud DemoeFolder Webinar, Continuity Cloud Demo
eFolder Webinar, Continuity Cloud Demo
 
VSC Wholesale &amp; Retail Softswitch
VSC Wholesale &amp; Retail SoftswitchVSC Wholesale &amp; Retail Softswitch
VSC Wholesale &amp; Retail Softswitch
 
3 Networking CloudStack Developer Day
3  Networking CloudStack Developer Day 3  Networking CloudStack Developer Day
3 Networking CloudStack Developer Day
 
Webcast: Reduce Costs, Improve Agility with Convergenomics
Webcast: Reduce Costs, Improve Agility with ConvergenomicsWebcast: Reduce Costs, Improve Agility with Convergenomics
Webcast: Reduce Costs, Improve Agility with Convergenomics
 
OSGi Remote Services With Sca
OSGi Remote Services With ScaOSGi Remote Services With Sca
OSGi Remote Services With Sca
 
TBIZ2011 - Juniper. Next Generation Data Center
TBIZ2011 - Juniper. Next Generation Data Center TBIZ2011 - Juniper. Next Generation Data Center
TBIZ2011 - Juniper. Next Generation Data Center
 
Introduction To AMF
Introduction To AMFIntroduction To AMF
Introduction To AMF
 
Nevmug Green Pages Cisco Nexus January 2009
Nevmug   Green Pages Cisco   Nexus January 2009Nevmug   Green Pages Cisco   Nexus January 2009
Nevmug Green Pages Cisco Nexus January 2009
 
Tom Krcha - Future of Flash
Tom Krcha - Future of FlashTom Krcha - Future of Flash
Tom Krcha - Future of Flash
 
10 fn s29
10 fn s2910 fn s29
10 fn s29
 
Developments in Managed Content Distribution
Developments in Managed Content DistributionDevelopments in Managed Content Distribution
Developments in Managed Content Distribution
 
10 fn s18
10 fn s1810 fn s18
10 fn s18
 
Network Storage: State of the Industry
Network Storage: State of the IndustryNetwork Storage: State of the Industry
Network Storage: State of the Industry
 
Sao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixSao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - Verimatrix
 

Similar a Intercloud Registry

Virtual data centers with OpenStack Quantum
Virtual data centers with OpenStack QuantumVirtual data centers with OpenStack Quantum
Virtual data centers with OpenStack QuantumLew Tucker
 
Hybrid Cloud Computing (IBM System z)
Hybrid Cloud Computing (IBM System z)Hybrid Cloud Computing (IBM System z)
Hybrid Cloud Computing (IBM System z)IBM Danmark
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformDavid Chou
 
Hybrid IT Delivery Model - Loughborough University
Hybrid IT Delivery Model - Loughborough UniversityHybrid IT Delivery Model - Loughborough University
Hybrid IT Delivery Model - Loughborough UniversitySchneider Electric
 
The Ever Changing Cloud, CloudExpo 2012
The Ever Changing Cloud, CloudExpo 2012The Ever Changing Cloud, CloudExpo 2012
The Ever Changing Cloud, CloudExpo 2012Lew Tucker
 
Vsphere4 100325065654-phpapp01
Vsphere4 100325065654-phpapp01Vsphere4 100325065654-phpapp01
Vsphere4 100325065654-phpapp01Suresh Kumar
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network ServiceLew Tucker
 
The unified data center for cloud david yen
The unified data center for cloud david yenThe unified data center for cloud david yen
The unified data center for cloud david yendeepersnet
 
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Intergen
 
Track 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahaniTrack 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahaniEMC Forum India
 
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras
 
Build the foundation for Private Cloud
Build the foundation for Private CloudBuild the foundation for Private Cloud
Build the foundation for Private CloudAppZero
 
Decrease TCO w/ Server-side App Virtualization
Decrease TCO w/ Server-side App VirtualizationDecrease TCO w/ Server-side App Virtualization
Decrease TCO w/ Server-side App VirtualizationAppZero
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
MS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure PlatformMS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure PlatformSpiffy
 
Cloud Foundry Bootcamp
Cloud Foundry BootcampCloud Foundry Bootcamp
Cloud Foundry BootcampAndy Piper
 

Similar a Intercloud Registry (20)

Virtual data centers with OpenStack Quantum
Virtual data centers with OpenStack QuantumVirtual data centers with OpenStack Quantum
Virtual data centers with OpenStack Quantum
 
Hybrid Cloud Computing (IBM System z)
Hybrid Cloud Computing (IBM System z)Hybrid Cloud Computing (IBM System z)
Hybrid Cloud Computing (IBM System z)
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services Platform
 
Hybrid IT Delivery Model - Loughborough University
Hybrid IT Delivery Model - Loughborough UniversityHybrid IT Delivery Model - Loughborough University
Hybrid IT Delivery Model - Loughborough University
 
The Ever Changing Cloud, CloudExpo 2012
The Ever Changing Cloud, CloudExpo 2012The Ever Changing Cloud, CloudExpo 2012
The Ever Changing Cloud, CloudExpo 2012
 
Vsphere4 100325065654-phpapp01
Vsphere4 100325065654-phpapp01Vsphere4 100325065654-phpapp01
Vsphere4 100325065654-phpapp01
 
vSphere 4
vSphere 4vSphere 4
vSphere 4
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network Service
 
The unified data center for cloud david yen
The unified data center for cloud david yenThe unified data center for cloud david yen
The unified data center for cloud david yen
 
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?
 
Track 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahaniTrack 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahani
 
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the Cloud
 
Build the foundation for Private Cloud
Build the foundation for Private CloudBuild the foundation for Private Cloud
Build the foundation for Private Cloud
 
Building a Hybrid Cloud
Building a Hybrid CloudBuilding a Hybrid Cloud
Building a Hybrid Cloud
 
Decrease TCO w/ Server-side App Virtualization
Decrease TCO w/ Server-side App VirtualizationDecrease TCO w/ Server-side App Virtualization
Decrease TCO w/ Server-side App Virtualization
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual Environments
 
MS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure PlatformMS TechDays 2011 - Cloud Computing with the Windows Azure Platform
MS TechDays 2011 - Cloud Computing with the Windows Azure Platform
 
Cloud Foundry Bootcamp
Cloud Foundry BootcampCloud Foundry Bootcamp
Cloud Foundry Bootcamp
 
PHP in the Cloud
PHP in the CloudPHP in the Cloud
PHP in the Cloud
 

Más de Infrastructure 2.0

Application Mobility - Lightning Talk
Application Mobility - Lightning TalkApplication Mobility - Lightning Talk
Application Mobility - Lightning TalkInfrastructure 2.0
 
OCC Intercloud Testbed Status Jan 20, 2010
OCC Intercloud Testbed Status Jan 20, 2010OCC Intercloud Testbed Status Jan 20, 2010
OCC Intercloud Testbed Status Jan 20, 2010Infrastructure 2.0
 
20100120 Pvm Cherchez La Federation
20100120 Pvm Cherchez La Federation20100120 Pvm Cherchez La Federation
20100120 Pvm Cherchez La FederationInfrastructure 2.0
 
Infrastructure2.0 Model Proposal 1 19 10
Infrastructure2.0 Model Proposal 1 19 10Infrastructure2.0 Model Proposal 1 19 10
Infrastructure2.0 Model Proposal 1 19 10Infrastructure 2.0
 

Más de Infrastructure 2.0 (7)

Workgroup Issues
Workgroup IssuesWorkgroup Issues
Workgroup Issues
 
Application Mobility - Lightning Talk
Application Mobility - Lightning TalkApplication Mobility - Lightning Talk
Application Mobility - Lightning Talk
 
OCC Intercloud Testbed Status Jan 20, 2010
OCC Intercloud Testbed Status Jan 20, 2010OCC Intercloud Testbed Status Jan 20, 2010
OCC Intercloud Testbed Status Jan 20, 2010
 
Cloud APIs Overview Tucker
Cloud APIs Overview   TuckerCloud APIs Overview   Tucker
Cloud APIs Overview Tucker
 
20100120 Pvm Cherchez La Federation
20100120 Pvm Cherchez La Federation20100120 Pvm Cherchez La Federation
20100120 Pvm Cherchez La Federation
 
Infrastructure2.0 Model Proposal 1 19 10
Infrastructure2.0 Model Proposal 1 19 10Infrastructure2.0 Model Proposal 1 19 10
Infrastructure2.0 Model Proposal 1 19 10
 
Lighthouse 20100120
Lighthouse 20100120Lighthouse 20100120
Lighthouse 20100120
 

Intercloud Registry

  • 1. Infrastructure 2.0: Objects and Identifiers: Toward an Inter/Inner-Cloud Registry System Stuart Bailey Andrew Benton I2.0 Workshop, January 2010 © 2009 Infoblox Inc. All Rights Reserved.
  • 2. Specific Issues for the Intercloud Challenge IPv4 lacks “number portability” IP also lacks metadata portability (e.g. vm binding, vn membership, policy, state, location, etc.) Both are required to take full advantage of cloud A dynamic context rich registry and rendezvous service may help with these requirements Many other dynamic patterns may be expressible in a such a registry There are several technologies and efforts which seem to be relevant: DNS, SNMP, X.500/LDAP, XMPP, RDF, LISP, HIP, DHCP, DEN, CMDB, etc. © 2009 Infoblox Inc. All Rights Reserved.
  • 3. What patterns are important? Intercloud member of member of dns-name= testbed. dns-name= opencloudconsortium.org cloud.sun.com interface= interface= URI=a AWS Yahoo interface= Version Y Sun Version X Version Z URI=b URI=c © 2009 Infoblox Inc. All Rights Reserved.
  • 4. Complex Patterns May Emerge member of Cloud member of Cloud Virtual Virtual member of Network member of Network assigned to runs on Virtual assigned to Machine Virtual Machine runs on MAC Address MAC Address assigned to Device assigned to IP Address IP Address assigned to assigned to MAC Address IP Address © 2009 Infoblox Inc. All Rights Reserved.
  • 5. Patterns Evolve member of Cloud member of Virtual Virtual member of Network member of Network assigned-to Virtual assigned to Machine Virtual Machine MAC Address MAC Address assigned-to Device assigned-to IP Address IP Address assigned-to assigned-to MAC Address IP Address © 2009 Infoblox Inc. All Rights Reserved.
  • 6. Patterns Evolve member of Cloud member of Virtual Virtual member of Network member of Network assigned to Virtual assigned to Machine Virtual Machine MAC Address runs on MAC Address assigned to Virtual assigned to Machine IP Address IP Address assigned to MAC Address © 2009 Infoblox Inc. All Rights Reserved.
  • 7. MAP: Metadata Access Point • MAP is specifically designed to infrastructure coordination use cases Optimized for loosely structured metadata Publish/Subscribe capability for asynchronous searches Highly scalable architecture Design is based on the assumption that you will never find the data relation schema to satisfy all needs So you can move forward in spite of a lack of full relation specifications Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 8. IF-MAP for Network Security Asset Management NAC Decision System Point Custom Integration SIM / SEM MAP IPAM Service DHCP IF-MAP Protocol AD RADIUS Routing IDS RFID Switching Wireless Firewalls Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 9. Properties of Dynamic Coordination Relational Database 1. Lots of real-time data writes LDAP/DNS Directory 2. Unstructured relationships 3. Diverse interest in changes to the MAP Database current state as they occur 4. Distributed data producers & consumers Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 10. MAP Access Operations Publish: Tell others that…<metadata…> Clients store metadata into MAP for others to see Incorporates create, modify and delete functionality Search: Tell me if…match(metadata pattern) Clients retrieve published metadata associated with a particular identifier and linked identifiers Constrained by link-match and result-filter criteria Constrained by maximum depth and size criteria Subscribe: Tell me when…match(metadata pattern) Clients request asynchronous results for searches that match when others publish new metadata A client’s subscription consists of a list of one or more searches Client names its searches so that asynchronous results are unambiguous Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 11. MAP Element Model Model Components: All objects are represented by unique Identifiers identifiers Connote relationships between pairs of Links identifiers Metadata Attributes attached to Identifiers or Links Important Properties: All identifiers and links exist implicitly, but have no meaning until metadata is attached to them Identifier and Metadata types are defined in modular XML schemas Metadata in particular is designed to be extensible Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 12. Example Use Scenario 1. Initial setup: dns-name = hr.corp.myco.co m a) HR publishes its metadata to MAP. This will the one content-owner side of the links it will later = hr-dept, create for each employee. contact = 123-456-7890 b) Servers each subscribe to a pattern that will match newly added employees identifier = “dns-name[name=hr.corp.myco.com]” match-links = “employee-attribute[name=“active] Server1 max-depth = “1” result-filter = “distinguished-name” Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 13. Example Use Scenario employee-attribute 2. New Employee: dns-name = = active hr.corp.myco.co m a) HR later publishes an “employee-attribute=active” distinguished-name = content-owner metadata link between C=US, O=myco, OU=people, = hr-dept, itself and the new contact = CN=12534 123-456-7890 employee’s identifier b) Server1 receives an asynchronous notification of each new employee due to its subscription, which causes it to creates a new user account. identifier = “dns-name[name=hr.corp.myco.com]” match-links = “employee-attribute[name=“active] Server1 max-depth = “1” result-filter = “distinguished-name” Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 14. Example Use Scenario employee-attribute 3. Provisioning Pattern dns-name = = active hr.corp.myco.co m a) This pattern repeats itself for each new employee distinguished-name = C=US, O=myco, content-owner = hr-dept, b) Notifications of transitions OU=people, CN=12534 contact = to inactive states can occur 123-456-7890 at the same time. c) Other related identifer failed-login-attempts = 3, login-status = allowed metadata and link metadata may be published by others role = access-finance-server-allowed at a later time. identifier = “dns-name[name=hr.corp.myco.com]” match-links = “employee-attribute[name=“active] Server1 max-depth = “1” result-filter = “distinguished-name” Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 15. Current State TCG published IF-MAP v1.1 Standard in May’09 Coincided with Interop’09 with multi-vendor collaborative demonstrations Interop’09 demonstration use cases: Remote User Access Security Industrial Controls Security Physical Access Security Datacenter Management Security Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 16. An October 2009 Proposal (Working #2) • IF-MAP 1.1 Specification (A Free and Open Standard): • http://www.trustedcomputinggroup.org/ • Proposal: Quick collaboration on an Intercloud registry prototype (a step toward a golden spike) • Open Cloud Consortium agreed has agreed to host prototype on their network • Infoblox will donate IF-MAP service software and operations and IF-MAP client developer training • Need: cloud provider prototype participation, IF-MAP service hardware partners, governance activity • Unencumbered IF-MAP client stacks available • Andrew Benton is an IF-MAP client development expert! © 2009 Infoblox Inc. All Rights Reserved.
  • 17. Intercloud and Innercloud Registries © 2009 Infoblox Inc. All Rights Reserved.
  • 18. Clouds can publish capabilities and entry points IF-MAP Publish © 2009 Infoblox Inc. All Rights Reserved.
  • 19. Entry points and capabilities can be discovered 1. IF-MAP Search 2. IF-MAP Search © 2009 Infoblox Inc. All Rights Reserved.
  • 20. Response to changes can be automated IF-MAP Subscribe © 2009 Infoblox Inc. All Rights Reserved.
  • 21. IF-MAP 1.1 STANDARD Identifiers identity dns-name email-address kerberos-principal username other (vendor defined) ip-adddress (v4 or v6) mac-address device Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners.
  • 22. OCC IF-MAP 1.1 Metadata for Inter/Inner Cloud Registries (v1) assigned-to (Link) Recommended for: dns-name, ip-address, mac-address, and device cloud (Link) Recommended for: dns-name and other:Intercloud interface (Link) Recommended for: dns-name and other:URI member-of (Link) Recommended for: dns-name, ip-address, mac-address, and other:name resides-on (Link) Recommended for: other:name and device vdatacenter Recommended for: other:name vmachine Recommended for: dns-name, ip-address, and mac-address vnet Recommended for: other:name Also defines: file, directory, table, collection, datastore © 2009 Infoblox Inc. All Rights Reserved.
  • 23. Patterns Evolve member of Cloud member of Virtual Virtual member of Network member of Network assigned-to Virtual assigned to Machine Virtual Machine MAC Address MAC Address assigned-to Device assigned-to IP Address IP Address assigned-to assigned-to MAC Address IP Address © 2009 Infoblox Inc. All Rights Reserved.
  • 24. An Update • Initial Inter/Inner-Cloud metadata schema for IF-MAP 1.1 proposed by Open Cloud Consortium (OCC) • IF-MAP 1.1 based Intercloud Registry prototype using the OCC Inter/Inner-Cloud metadata schema running and tested on Cisco UCS blade server • Cisco agreed to donate UCS blade server system to Open Cloud Consortium for further registry research • IF-MAP enabled Multicloud prototype running on Eucalyptus running on Amazon AWS for Innercloud Registry Protyping © 2009 Infoblox Inc. All Rights Reserved.
  • 25. Next Steps • Define Standard Registry Semantics and Metadata • Rainmaker? • Lighthouse? • Others? • Distributed Unencumbered Open Source Registry Clients © 2009 Infoblox Inc. All Rights Reserved.