Nimbus – a toolkit for building IaaS computing clouds

The Nimbus project [141-143] provides an open source, extensible IaaS implementation supporting Web Service Resource Framework (WSRF) [144] as well as the Amazon EC2 interfaces [90]. It allows a client to lease remote computing and storage resources by deploying virtual machines on them. The service allows authenticated clients to dynamically deploy and manage workspaces in the form of virtual machines. To deploy a workspace a user has to provide the information about the virtual machine image which has to be used to start virtual machine(s) as well as configuration in form of an XML file which describes the deployment (e.g. the period for which he/she wants to lease the resources, number of virtual machines to be deployed). Once the virtual machines are deployed the client gets the relevant information about the virtual machines (e.g. the IP addresses) as well as the so-called endpoint reference (EPR) [144] which can be used for interact with the service and manage the deployment (e.g. increase the lease time, pause, resume or terminate the virtual machines). The authentication and authorization part of the toolkit gives a possibility to client to be authorized based on the VO role information which is contained in his/her credentials obtained from Virtual Organization Membership Service (VOMS) [145]. The service provides several flexible options for configuring the networking (allocating new network address, bridging existing address, etc.) of deployed virtual machines. A client, for example, can request that virtual machines are started with different network interface cards to which addresses from different pools (e.g. private IP address pool and public IP address pool) must be assigned.

87 The toolkit consists of several components which are schematically presented on Figure 4.4: Storage Service Workspace Service IaaS Gateway C o n te xt b ro ke r Workspace Client Cloud Client Context Client Workspace Resource Manager Workspace Pilot Amazon EC2 Other providers Workspace Control

Figure 4.4 Schematic representation of Nimbus toolkit components

 Workspace service allows a remote client to request the deployment of one or several virtual machines and provides an interface for managing them. Its main constituent is a Web Service (WS) front-end to a virtual machine based resource manager deployed on a site. The users can communicate with the workspace service either by means of WSRF [144], or alternatively it can be contacted using Amazon‘s EC2 [90] Web Service Description Language (WSDL) specification.

 Workspace resource manager implements the deployment of virtual machines on a resource provider's infrastructure

 Workspace pilot is used for deployment of virtual machines using sites' local resource managers such as Portable Batch System (PBS) [146] or Sun Grid Engine (SGE) [147]. The use of this service allows resource providers to deploy Nimbus toolkit without significant alteration of their current site setup.

88

 The workspace control components are used to bring the virtual machine image specified by the user from the storage service to the machine where it has to be deployed. They are used to start, stop and suspend the virtual machine as well as configure virtual machine networking settings and deliver contextualization information to it. Currently workspace control works with Xen [86] and KVM [87] virtual machine hypervisors.

 IaaS gateway serves as an interface between the authenticated clients and other IaaS infrastructures. It is currently capable of mapping the X.509 credentials of Nimbus users with Amazon EC2 accounts. Using this components Nimbus users can deploy their virtual machines on Amazon EC2 infrastructure.

 Context broker allows client to deploy a functioning cluster of virtual machines (opposed to a set of ―unconnected‖ virtual machines) with a single request. It acts as an orchestrator for the group of virtual machines deployed within the same request. It assigns different types to the virtual machines from the same deployment according to the configuration provided by the user who submitted the deployment request and helps newly started virtual machines to discover each other. It also delivers configuration information needed for the services running inside virtual machines according to virtual machine type defined by the user. The features provided by this component are essential for the deployment ―one-click‖ dynamic virtual grid sites on the IaaS computing cloud.

 Nimbus storage service acts as a secure manager of cloud disk space. For each user it maintains a repository of available virtual machine images. Users can add or remove images to their repositories. It is based on the Globus GridFTP [148] service which allows supporting a rich setoff network file systems.

89

 Workspace client, having a rich set of possible configuration options provides full access to the Nimbus functionality. However it is relatively complex to use and is typically used in conjunction with a user-friendly wrapper scripts developed by scientific communities.

 Cloud client, is a popular end-user tool for interacting with Nimbus services. It has a reduced functionality but is very user-friendly and easy to use.

These components are lightweight and self-contained, one can select several of them and setup a service in a variety of ways. For example, the initial configuration of Nimbus included the workspace service, workspace resource manager, workspace control, nimbus storage service, and cloud client. By adding the context broker to this set of services it has become possible to deploy ―one-click‖ virtual clusters. Another example is the IaaS cloud at the University of Victoria, where the resources manager is replaced with the workspace pilot resulting in a cloud with different leasing semantics. The combination of context broker and the IaaS gateway allows deployment of ―one-click‖ virtual clouds on Amazon EC2 infrastructure.

Currently there are several scientific IaaS clouds deployed using nimbus in several universities:

 Nimbus at University of Chicago

 Stratus at University of Florida

 Wispy at Purdue University

 Kupa at Masaryk University

4.3 Development of „Classic‟ model for integration of cloud