converged cloud computing that's secure, fast, or cheap: pick three
TRANSCRIPT
1. Fast,2. Secure, or3. Cheap
Pick Three
Carina C. Zona
Converged Compute
Talk + Workshop
SECURE, FAST, OR CHEAP?
Fast & safe execution
of untrusted user code
open source sponsored by
Rackspace
secure.lightweight.
app executionenvironment.
scaling.process isolation.
Secureexecution
NaCL
Static binary validation
Processes can't jump, communicate,
or coordinate.
ZeroVM
nearly no syscalls
pread
pwrite
jail
unjail
fork
exit
Channels
Lightweight
VMsFat
• Shared resources
• Slow spin-up
• Resource hog
• Resource bloat
ContainersLeaner.
• However...
• Shares even more resources than VMs -> increasing contamination risk
• Excessive resources
ZeroVM : Egg Crates::
Container : Shipping Crates
Optimized for safe multi-tenancy
75kb 5-35ms
Massivelyscalable
Secure Scalable Execution
NaCl + zrt = ZeroVMsecure,
fast, and
cheap
Execute within the datastore
Converged compute
Converged Compute(securely & scalably)
ZeroVM + Swift = ZeroCloud secure, fast, and
cheap
Write Python appsas if they're
stored proceduresthat can
MapReduce
ZeroCloud Use Cases
1. compute on cold files
2. text analysis
3. image & video manipulation
4. auditing
5. embedded
environment • NaCL
• run isolated processes, securely
• execution environment
• scale execution
• Linux namespacing (similar to LXC)
• run isolated apps, conveniently
• infrastructure manager
• scale deployment
primary context
• production
• isolation for restricting things' access to kernel
• deployment
• isolation for layering things on kernel
strengths • determinism
(executables run the same every time)
• isolation from kernel
• disposable processes
• fine-grained metering
• embeddable
• parallelization
• portability
(server templates run the same anywhere)
• ease of use
• ecosystem
• abundance of templates & plugins
• institutional adoption
(Rackspace, New Relic, Google)
Constraints• X86 64
• cross-compile
• C & Python*
• Deterministic
• Single threaded
• MapReduce:1,000 instances**
building blocks
zerovm.orgdocs.zerovm.org
github.com/zerovm
…STARTING IN A FEW MINUTES…
ZeroVM Hands-On Workshop
Lars Butler, Egle Sigler, & Cody Bunch
Image Creditsphotos via Flickr under license of
Creative Commons Commercial Use
"Infinite Box" by rumo_der_wolperdinger
"Pink Balloon" by Alan
"Carroll House Shipping Container Home" by Inhabit Blog
"10,000 Shipping Containers Lost At Sea Each Year" by Paul Townsend
"A-salt-ed!" by JD Hancock
"Eggs" by Pietro Izzo
"debug version 2" by Franz & P
"shake your tail feather" by emdot
"Monster Trucks Live - 29th September 2013" by John5199
"Secure Cloud Computing" by FutUndBeidl
"Door knob with lockbox" by REO
"Engine Arm Aqueduct - BCN Old Main Line - Wolverhampton Level" by Elliott Brown
"One Set of Building Blocks" by Hans and Carolyn
"The pointed arches of al-As" by Asim Bharwani
"Kacao77 & Persue SeventhLetter Exchange LosAngeles Graffiti Art" by A Sin
"128/365 Chilling on the Trampoline" by Leah Tautkute
untitled [Tel N°] by Al King
"NOW! That's What I Call Music." by kozumel
Image Creditsfrom additional sources
"Ketchup" designed by Tom Glass, Jr. from the thenounproject.com
Chromium logo by Logonoid
Manta logo by Joyent
"The dark side in a whole new light: Evil Star Wars Stormtrooper photographed in tender scenes with young son" by Kristina Alexanderson, in the Daily Mail
Resource Credits
• "Zerovm background" by Prosunjit Biswas http://www.slideshare.net/prosunjit/zerovm-background
• "Docker & Containerization: "Milliseconds Matter" by Ben Golub http://cloudcomputing.sys-con.com/node/3073584
• ZeroVM documentation http://zerovm.org & http://docs.zerovm.org/
• "Cluster-wide Java/Scala application deployments with Docker, Chef and Amazon OpsWorks" by Adam Warski http://www.warski.org/blog/2014/06/cluster-wide-javascala-application-deployments-with-docker-chef-and-amazon-opsworks/