8 research outputs found
Virtual Organization Clusters: Self-Provisioned Clouds on the Grid
Virtual Organization Clusters (VOCs) provide a novel architecture for overlaying dedicated cluster systems on existing grid infrastructures. VOCs provide customized, homogeneous execution environments on a per-Virtual Organization basis, without the cost of physical cluster construction or the overhead of per-job containers. Administrative access and overlay network capabilities are granted to Virtual Organizations (VOs) that choose to implement VOC technology, while the system remains completely transparent to end users and non-participating VOs. Unlike alternative systems that require explicit leases, VOCs are autonomically self-provisioned according to configurable usage policies. As a grid computing architecture, VOCs are designed to be technology agnostic and are implementable by any combination of software and services that follows the Virtual Organization Cluster Model. As demonstrated through simulation testing and evaluation of an implemented prototype, VOCs are a viable mechanism for increasing end-user job compatibility on grid sites. On existing production grids, where jobs are frequently submitted to a small subset of sites and thus experience high queuing delays relative to average job length, the grid-wide addition of VOCs does not adversely affect mean job sojourn time. By load-balancing jobs among grid sites, VOCs can reduce the total amount of queuing on a grid to a level sufficient to counteract the performance overhead introduced by virtualization
Recommended from our members
Towards a Next-Generation Runtime Infrastructure Engine for Configuration Management Systems
A common approach to configuration management is to couple a high-level declarative programming language with a runtime engine. The language is used to specify configurations and the engine is used to deliver and apply those configurations on a set of computing resources. The design and architecture of current runtime engines of configuration management systems lack 1) essential coordination and synchronization of actions between computing resources and 2) strong security mechanisms.
This thesis examines a number of techniques that can be applied to the area of configuration management to address these limitations. In particular, the combination of these techniques leads to a new architecture for the runtime engines of modern configuration management systems, providing them with secure coordination and synchronization capabilities. A prototype of this new approach was developed and evaluated in an environment that simulates highly-demanding computing landscapes and the results show that the new architecture is able to reduce the occurrence and impacts of configuration errors in these environments
Gestion automatique des configurations réseaux : une approche déductive
La gestion des rĂ©seaux informatiques est une tĂąche de plus en plus complexe et sujette aux erreurs. Les recherches dans le passĂ© ont montrĂ© quâentre 40% et 70% des modifications apportĂ©es Ă la configuration dâun rĂ©seau Ă©chouent Ă leur premiĂšre tentative dâutilisation,
et la moitiĂ© de ces Ă©checs sont motivĂ©s par un problĂšme situĂ© ailleurs dans le rĂ©seau. Les opĂ©rateurs de rĂ©seau sont ainsi confrontĂ©s Ă un problĂšme commun : comment sâassurer quâun service installĂ© sur le rĂ©seau dâun client fonctionne correctement et que le rĂ©seau lui-mĂȘme est exempt de dĂ©faut de toute nature ? LâingĂ©nieur rĂ©seau a donc Ă chaque fois quâun nouveau service sera ajoutĂ© au rĂ©seau, la responsabilitĂ© dâun groupe de pĂ©riphĂ©riques dont les configurations sont gĂ©rĂ©es individuellement et manuellement.
Cette opération vise deux objectifs :
1) Mettre en oeuvre la fonctionnalité désirée.
2) PrĂ©server le bon fonctionnement des services existants, en Ă©vitant de mettre en conflit les nouveaux paramĂštres et ceux dĂ©jĂ configurĂ©s sur le mĂȘme rĂ©seau.
LâĂ©volution fulgurante du nombre de dispositifs, la complexitĂ© des configurations, les besoins spĂ©cifiques de chaque service, le nombre mĂȘme de services quâun rĂ©seau doit ĂȘtre capable de supporter, et le fait que les donnĂ©es traversent gĂ©nĂ©ralement des rĂ©seaux hĂ©tĂ©rogĂšnes appartenant Ă plusieurs opĂ©rateurs, rendent cette tĂąche de plus en plus difficile. Nous pouvons aisĂ©ment comprendre la nĂ©cessitĂ© de nouvelles approches au problĂšme de gestion de configuration rĂ©seau.
Au cours de notre Ă©tude, nous avons utilisĂ© un formalisme basĂ© sur la logique de configurations qui offre plusieurs avantages, tel que : la vĂ©rification efficace et aisĂ©e des configurations dâĂ©quipements multiples, la sĂ©paration claire entre les spĂ©cifications de contraintes de configuration et sa validation rĂ©elle, mis en relief dans lâoutil de configuration et de vĂ©rification automatique de configuration appelĂ© ValidMaker. Nous avons aussi prĂ©sentĂ© un modĂšle de donnĂ©es gĂ©nĂ©riques pour des informations de configuration des dispositifs rĂ©seaux qui prennent en compte lâhĂ©tĂ©rogĂ©nĂ©itĂ© des fabricants et de leurs versions. Les concepts tels que Meta-CLI ont Ă©tĂ© utilisĂ©s pour reprĂ©senter la configuration extraite du dispositif sous forme dâarbre dont les feuilles reprĂ©sentent les paramĂštres extraits dans le but de pouvoir tester certaines propriĂ©tĂ©s complexes et dâen dĂ©duire les informations restantes. Nonobstant le fait que nos rĂ©sultats sont basĂ©s et validĂ©s sur des cas dâutilisation et des configurations matĂ©rielles dâune entreprise cible, la mĂ©thodologie pourrait ĂȘtre appliquĂ©e Ă des Ă©quipements se rapportant Ă nâimporte quel fournisseur de service rĂ©seau
Spécification, validation et satisfiabilité [i.e. satisfaisabilité] de contraintes hybrides par réduction à la logique temporelle
Depuis quelques annĂ©es, de nombreux champs de l'informatique ont Ă©tĂ© transformĂ©s par l'introduction d'une nouvelle vision de la conception et de l'utilisation d'un systĂšme, appelĂ©e approche dĂ©clarative. Contrairement Ă l'approche dite impĂ©rative, qui consiste Ă dĂ©crire au moyen d'un langage formelles opĂ©rations Ă effectuer pour obtenir un rĂ©sultat, l'approche dĂ©clarative suggĂšre plutĂŽt de dĂ©crire le rĂ©sultat dĂ©sirĂ©, sans spĂ©cifier comment ce «but» doit ĂȘtre atteint. L'approche dĂ©clarative peut ĂȘtre vue comme le prolongement d'une tendance ayant cours depuis les dĂ©buts de l'informatique et visant Ă rĂ©soudre des problĂšmes en manipulant des concepts d'un niveau d'abstraction toujours plus Ă©levĂ©. Le passage Ă un paradigme dĂ©claratif pose cependant certains problĂšmes: les outils actuels sont peu appropriĂ©s Ă une utilisation dĂ©clarative. On identifie trois questions fondamentales qui doivent ĂȘtre rĂ©solues pour souscrire Ă ce nouveau paradigme: l'expression de contraintes dans un langage formel, la validation de ces contraintes sur une structure, et enfin la construction d'une structure satisfaisant une contrainte donnĂ©e. Cette thĂšse Ă©tudie ces trois problĂšmes selon l'angle de la logique mathĂ©matique. On verra qu'en utilisant une logique comme fondement formel d'un langage de « buts », les questions de validation et de construction d'une structure se transposent en deux questions mathĂ©matiques, le model checking et la satisfiabilitĂ©, qui sont fondamentales et largement Ă©tudiĂ©es. En utilisant comme motivation deux contextes concrets, la gestion de rĂ©seaux et les architectures orientĂ©es services, le travail montrera qu'il est possible d'utiliser la logique mathĂ©matique pour dĂ©crire, vĂ©rifier et construire des configurations de rĂ©seaux ou des compositions de services web. L'aboutissement de la recherche consiste en le dĂ©veloppement de la logique CTLFO+, permettant d'exprimer des contraintes sur les donnĂ©es, sur la sĂ©quences des opĂ©rations\ud
d'un systĂšme, ainsi que des contraintes dites «hybrides». Une rĂ©duction de CTL-FO+ Ă la logique temporelle CTL permet de rĂ©utiliser de maniĂšre efficace des outils de vĂ©rification existants. ______________________________________________________________________________ MOTS-CLĂS DE LâAUTEUR : MĂ©thodes formelles, Services web, RĂ©seaux
Exploring the automatic identiïŹcation and resolution of software vulnerabilities in grid-based environments
Security breaches occur due to system vulnerabilities with numerous reasons including; erro- neous design (human errors), management or implementation errors. Vulnerabilities are the weaknesses that allow an attacker to violate the integrity of a system. To address this, system administrators and security professionals typically employ tools to determine the existence of vulerabilities. Security breaches can be dealt with through reactive or proactive methods. Reactive approaches are passive, in which when a breach occurs, site administrators respond to provide damage control, tracking down how the attacker got in, resolving the vulnerability and fixing the system. On the other hand, proactive approaches preemptively discover and fix vulnerabilities in their systems and networks before attacks can occur. For many research and business areas, organizations need to collaborate with peers by sharing their resources (storage servers, clusters, databases etc). This is often achieved through formation of Virtual Organisations (VO). For successful operation of such endeavors, security is a key issue and system configuration is vital. A faulty or incomplete configuration of a given site can cause hinderances to their normal operation and indeed be a threat to the whole VO. Management of such infrastructures is complex since they should ideally address the overall configuration and management of a dynamic set of VO-specific resources across multiple sites, as well as configuration and management of the underlying infrastructure upon which the VO exists - referred to in this thesis as the fabric.
This thesis investigates the feasibility of using a proactive approach towards detecting vulner- abilities across VO resources. First, it investigates whether vulnerability assessment tools can preemptively help in detecting fabric level weaknesses. Then it explores how the combina- tion of advanced authorisation infrastructures with configuration management tools can allow distributed site administrators to address the challenges associated with vulnerabilities. The primary contribution of this work is a novel approach for vulnerability management which addresses the specific challenges facing VO-wide security and incorporation of fabric man- agement security considerations
The Fifth Workshop on HPC Best Practices: File Systems and Archives
The workshop on High Performance Computing (HPC) Best Practices on File Systems and Archives was the fifth in a series sponsored jointly by the Department Of Energy (DOE) Office of Science and DOE National Nuclear Security Administration. The workshop gathered technical and management experts for operations of HPC file systems and archives from around the world. Attendees identified and discussed best practices in use at their facilities, and documented findings for the DOE and HPC community in this report
Directing change using bcfg2
Configuration management tools have become quite adept at representing target configurations at a point in time. While a point-in-time model helps with system configuration tasks, it cannot represent the complete scope of configuration tasks needed to manage a complex environment over time. In this paper, we introduce a mechanism for representing changes over time in target configurations and show how it alleviates several common administrative problems. We discuss the motivating factors, design, and implementation of this approach in Bcfg2. We also describe how this approach can be applied to other tools