Elastic Provisioning In
Virtual Private Clouds
Prashant Shenoy
University of Massachusetts Amherst
*Joint work with Tim Wood, K.K Ramakrishnan and
Kobus Van Der Merwe
Cloud Computing
Cloud Platform types:
• Software as a Service
–
•
Hotmail, Google Docs
Platform as a Service
–
•
Cloud Platform
Google App Engine, Microsoft Azure
Infrastructure as a Service
–
Amazon EC2, VMware vCloud
Rent computation and storage resources on
demand
• Accessed by multiple enterprise sites
Enterprise Sites
Enterprise Cloud Challenges
Existing cloud platforms do not meet the needs of
enterprise customers
•
Insufficient security controls
–
•
Deployment is difficult
–
–
•
Cloud resources are completely separate from local ones
Can’t make VMs look like part of existing LAN
Limited control over network resources
–
–
•
Need isolation at server and network level
Cannot specify network topology or IP addresses
Cannot reserve bandwidth for network links
Inadequate support for Cross-Data center
Management
Moving to the Cloud
Acme wants to move part of its payroll app into the cloud
Acme LAN
Front End
Reports
Processing
Tier
Processing
Tier
Cloud Platform
Data Store
Problem #1: Transparency
Application may have been written for LAN environment
–
Might utilize broadcast or LAN service discovery
Must add Internet gateways for apps previously only on LAN
Now must communicate via public IPs or configure DNS
Lack of transparency causes
application modifications and
infrastructure reconfigurations
Acme LAN
Front End
front.acme.com
GW
Cloud Platform
Processing
proc.cloud.com
Data Store
data.acme.com
GW
Problem #2: Security
Acme’s servers are now accessible from the public internet!
–
Servers formerly on secure LAN now exposed to malicious users
Must configure firewall rules to limit access
–
Fine grain rules are difficult to manage in dynamic environments
Acme LAN
Front End
front.acme.com
Lack of secure cloud connections
exposes enterprise to threats from
both in and out of the cloud
Cloud Platform
Processing
proc.cloud.com
Data Store
data.acme.com
Hacker123
hax.cloud.com
Problem #3: Flexible Resource Mgmt
Benefit of cloud computing: ability to easily adjust resource
capacities and add new VMs
After a change must deal with transparency and security issues
all over again!
– Current platforms do not support network resource reservation
(Bandwidth/QoS guarantees)
–
Enterprises want control over
network resources. Cloud must
support dynamic changes
Acme LAN
Front End
Cloud Platform
+1
front.acme.com
+1
Processing
proc.cloud.com
Data Store
data.acme.com
+1
Processing #2
proc2.cloud.com
Problem #4: Cross Data
Center Management
Enterprise IT services spread across in-house and cloud data
centers.
May be spread across multiple cloud sites
Need the ability to flexibly manage, provision and optimize
across data centers
Follow-the-sun, energy optimizations,
Current platforms: Limited support for cross-data center
optimizations
Key Observation
Existing cloud platforms only cover
storage and computation
Cloud Platform
Disk
VM
+
+
Enterprise Sites
Enterprise Clouds need control
over the network as well
Virtual Private Clouds
A Virtual Private Cloud is…
A secure collection of server, storage, and network resources
spanning one or more cloud data centers
– That is seamlessly connected to one or more enterprise sites
–
VM
Enterprise
Sites
VM
VM
VM
Cloud
Sites
Virtual Private Networks (VPNs)
Layer 2 and 3 MPLS based VPNs
– Created by network provider with no end host configuration
– Already used by many businesses!
–
VPC Benefits
For the customer:
– Isolates network & compute resources
•
Cloud resources are only accessible through VPN
–
Simplifies deployment since cloud looks same as local
resources
–
Unifies resource pools across cloud/data center sites
For the service provider:
– Provides mechanism for control over resource reservation
within provider network
– Simplifies management of multiple data centers by
combining them into large resource pools
VPC Challenges & Solutions
Existing cloud platforms do not integrate with network
service providers
•
Must coordinate with ISP to create VPN endpoints
•
VPN endpoints must be linked to VLANs within the cloud
data center
VPN endpoints are traditionally static
•
Utilize virtual routers with programmable interfaces to
rapidly create and reconfigure routers
•
Use BGP signaling to dynamically adjust VPN topology
CloudNet
Cloud Manager
•
Allocates computation and storage resources
•
Manages VLAN assignment within cloud network
Network Manager
•
Creates and configure VPN endpoints
•
Reserves network resources
Network Manager
VPN
VPN
Routers
Customer Edge
Provider Edge
Cloud Manager
VLAN
VM VM
VLAN
VM VM
WAN Migration
Change the scale of provisioning from managing servers on a
rack to managing resources across data centers
Key building block: ability to migrate applications across data
centers
Existing approach: LAN-based VM migration
VPC enable VM migration over WAN!
WAN Migration
Layer 2 VPNs make WAN act like a LAN
Can use existing LAN migration
techniques to move across WAN
WAN Migration
Layer 2 VPNs make WAN act like a LAN
CE
Customer Site
PE
Cloud Site 1
A
VLAN
PE
B
ARP!
Layer 2 VPN (VPLS)
CE
Router
ARP!
PE
VLAN
Switch
VPN endpoint
Can use existing LAN migration
techniques to move across WAN
B
Cloud Site 2
WAN Migration Challenges
Performance over WAN is problematic
Lower bandwidth and higher latencies imply longer
migration/pause times
Storage may or may not be shared
will need to migrate storage as well
CloudNet WAN Migration
•Once connectivity is setup, migration requires
Storage Migration
• Live Memory Migration
•
•
Storage Migration is done through a combination of
Asynchronous Copy of disk storage to remote site initially
• Synchronous copy of incremental updates subsequently during live
memory migration
•
•
Live Memory Migration needs to balance multiple needs
Total Migration Time for live memory (reduced application performance)
• Pause Time (application has to be quiescent for final transfer)
• Amount of Data Transfer (Bandwidth Requirement)
•
Page 18
Optimizations
•WAN optimizations
Dynamic Stop and Copy
• Content Based Redundancy
• Incremental updates (page deltas)
•
•
Overall benefit is significant reduction in migration and
pause times, especially for limited bandwidth between sites
•
Preliminary results:
•
65% data reduction, 3x reduction in migration times across
data centers in Texas and Illinois
Page 19
Performance of CloudNet Live
Migration over WANs
TPC-W
Page 20
Kernel
SpecJBB
Summary
Cloud Computing for enterprises requires:
• Security
•
Transparency
•
Flexibility
CloudNet can help provide these features
• Defines interface between cloud platform and network provider
•
Uses VPNs for secure, seamless connections
•
Employs virtualization at server, router, and network levels to
improve agility and efficiency
•
Implements optimizations to reduce latency of WAN migration
•
Future work : “DR on a Cloud”
–
Utilize VPLS to simplify deployment of high availability services across
WAN
Questions?
More at http://lass.cs.umass.edu