Embed Size (px)
Citation preview
Elastic Provisioning In Virtual Private Clouds
Prashant Shenoy
University of Massachusetts Amherst
*Joint work with Tim Wood, K.K Ramakrishnan and Kobus Van Der Merwe
Cloud Computing
Cloud Platform types:• Software as a Service
– Hotmail, Google Docs
• Platform as a Service– Google App Engine, Microsoft Azure
• Infrastructure as a Service– Amazon EC2, VMware vCloud
Rent computation and storage resources on demand• Accessed by multiple enterprise sites
Cloud Platform
Enterprise Sites
Enterprise Cloud Challenges
Existing cloud platforms do not meet the needs of enterprise customers• Insufficient security controls– Need isolation at server and network level
• Deployment is difficult– Cloud resources are completely separate from local ones– Can’t make VMs look like part of existing LAN
• Limited control over network resources– Cannot specify network topology or IP addresses– Cannot reserve bandwidth for network links
• Inadequate support for Cross-Data center Management
Cloud Platform
Moving to the Cloud
Acme wants to move part of its payroll app into the cloud
Front EndReports
Data StoreProcessing
Tier
ProcessingTier
Acme LAN
Cloud Platform
Acme LAN
Problem #1: TransparencyApplication may have been written for LAN environment
– Might utilize broadcast or LAN service discovery
Must add Internet gateways for apps previously only on LAN
Now must communicate via public IPs or configure DNS
Front End
Data Store
Processingproc.cloud.com
Lack of transparency causes application modifications and infrastructure reconfigurations
GW
GW
front.acme.com
data.acme.com
Cloud Platform
Acme LAN
Problem #2: SecurityAcme’s servers are now accessible from the public internet!
– Servers formerly on secure LAN now exposed to malicious users
Must configure firewall rules to limit access– Fine grain rules are difficult to manage in dynamic environments
Front Endfront.acme.com
Data Storedata.acme.com
Processingproc.cloud.com
Hacker123hax.cloud.com
Lack of secure cloud connections exposes enterprise to threats from
both in and out of the cloud
Cloud Platform
Acme LAN
Problem #3: Flexible Resource MgmtBenefit of cloud computing: ability to easily adjust resource
capacities and add new VMs– After a change must deal with transparency and security issues
all over again!– Current platforms do not support network resource reservation
(Bandwidth/QoS guarantees)
Front Endfront.acme.com
Data Storedata.acme.com
Processingproc.cloud.com
Processing #2proc2.cloud.com
Enterprises want control over network resources. Cloud must
support dynamic changes
+1
+1
+1
Problem #4: Cross Data Center Management
Enterprise IT services spread across in-house and cloud data centers.
May be spread across multiple cloud sites
Need the ability to flexibly manage, provision and optimize across data centers
Follow-the-sun, energy optimizations,
Current platforms: Limited support for cross-data center optimizations
Key Observation
Existing cloud platforms only cover storage and computation
Enterprise Clouds need control over the network as well
+
+
Cloud Platform
Enterprise Sites
VMDisk
Virtual Private CloudsA Virtual Private Cloud is…
– A secure collection of server, storage, and network resources spanning one or more cloud data centers
– That is seamlessly connected to one or more enterprise sites
Virtual Private Networks (VPNs)– Layer 2 and 3 MPLS based VPNs– Created by network provider with no end host configuration– Already used by many businesses!
VMVM
VMVMEnterprise
Sites
CloudSites
VPC BenefitsFor the customer:– Isolates network & compute resources
• Cloud resources are only accessible through VPN– Simplifies deployment since cloud looks same as local
resources– Unifies resource pools across cloud/data center sites
For the service provider:– Provides mechanism for control over resource reservation
within provider network– Simplifies management of multiple data centers by
combining them into large resource pools
VPC Challenges & SolutionsExisting cloud platforms do not integrate with network service providers• Must coordinate with ISP to create VPN endpoints
• VPN endpoints must be linked to VLANs within the cloud data center
VPN endpoints are traditionally static• Utilize virtual routers with programmable interfaces to
rapidly create and reconfigure routers
• Use BGP signaling to dynamically adjust VPN topology
Cloud ManagerNetwork Manager
CloudNetCloud Manager• Allocates computation and storage resources
• Manages VLAN assignment within cloud network
Network Manager• Creates and configure VPN endpoints
• Reserves network resources
VM VMVLANVPN
VM VMVPN VLAN
Provider Edge
Customer EdgeRouters
WAN Migration
Change the scale of provisioning from managing servers on a rack to managing resources across data centers
Key building block: ability to migrate applications across data centers
Existing approach: LAN-based VM migration
VPC enable VM migration over WAN!
WAN MigrationLayer 2 VPNs make WAN act like a LAN
Can use existing LAN migration techniques to move across WAN
PE
WAN Migration
PE
Customer Site
PE A
Cloud Site 1
Layer 2 VPN (VPLS)
B
B
ARP!
ARP!
Can use existing LAN migration techniques to move across WAN
VPN endpoint
Router
Cloud Site 2Switch
VLAN
VLAN
CE
CE
Layer 2 VPNs make WAN act like a LAN
WAN Migration Challenges
Performance over WAN is problematic
Lower bandwidth and higher latencies imply longer migration/pause times
Storage may or may not be shared
will need to migrate storage as well
CloudNet WAN Migration
•Once connectivity is setup, migration requires• Storage Migration• Live Memory Migration
• Storage Migration is done through a combination of• Asynchronous Copy of disk storage to remote site initially• Synchronous copy of incremental updates subsequently during live
memory migration
• Live Memory Migration needs to balance multiple needs• Total Migration Time for live memory (reduced application performance)• Pause Time (application has to be quiescent for final transfer)• Amount of Data Transfer (Bandwidth Requirement)
Page 18
Optimizations
•WAN optimizations• Dynamic Stop and Copy• Content Based Redundancy• Incremental updates (page deltas)
• Overall benefit is significant reduction in migration and pause times, especially for limited bandwidth between sites
• Preliminary results:
• 65% data reduction, 3x reduction in migration times across data centers in Texas and Illinois
Page 19
Performance of CloudNet Live Migration over WANs
TPC-W Kernel SpecJBB
Page 20
SummaryCloud Computing for enterprises requires:• Security
• Transparency
• Flexibility
CloudNet can help provide these features• Defines interface between cloud platform and network provider
• Uses VPNs for secure, seamless connections
• Employs virtualization at server, router, and network levels to improve agility and efficiency
• Implements optimizations to reduce latency of WAN migration
• Future work : “DR on a Cloud” – Utilize VPLS to simplify deployment of high availability services across
WAN
Questions?
More at http://lass.cs.umass.edu
