Converged Cloud Computing That's Secure, Fast, or Cheap: Pick Three

•

1 like•1,153 views

1. The document discusses ZeroVM, an open source secure execution environment for running untrusted user code fast and at scale. 2. ZeroVM uses techniques like statically compiled binaries and Linux namespaces to run isolated processes securely without unnecessary syscalls or ability to coordinate. 3. ZeroVM images are only 75kb in size and can spin up processes in 5-35ms, making it optimized for massively scalable and secure execution across infrastructure.

Software

1. Fast,
2. Secure, or
3. Cheap
Pick Three
Carina C. Zona
Converged Compute

Carina C. Zonacarina.zona@rackspace.com
@cczona

Fast & safe
execution  
of untrusted
user code
open source
sponsored by  
Rackspace

secure.
lightweight.
app execution
environment.
scaling.
process  
isolation.

Processes can't  
jump, communicate,  
or coordinate.

nearly no syscalls
pread
pwrite 
jail
unjail 
fork
exit

VMs 
Fat
• Shared resources
• Slow spin-up
• Resource hog
• Resource bloat

Containers 
Leaner.
• However...
• Shares even more resources
than VMs -> increasing
contamination risk
• Excessive resources

ZeroVM : Egg Crates
::
Container : Shipping Crates

Secure Scalable Execution
NaCl + zrt = ZeroVM
secure,
fast,
and
cheap

Converged Compute
(securely & scalably)
ZeroVM + Swift = ZeroCloud
secure,
fast,
and
cheap

Write Python apps 
as if they're  
stored procedures
that can 
MapReduce

ZeroCloud Use Cases
1. compute on cold ﬁles
2. text analysis
3. image & video manipulation
4. auditing
5. embedded

environment • NaCL
• run isolated processes, securely
• execution environment
• scale execution
• Linux namespacing (similar to LXC)
• run isolated apps, conveniently
• infrastructure manager
• scale deployment
primary
context
• production
• isolation for restricting things' access to kernel
• deployment
• isolation for layering things on kernel
strengths • determinism 
(executables run the same every time)
• isolation from kernel
• disposable processes
• ﬁne-grained metering
• embeddable
• parallelization
• portability 
(server templates run the same anywhere)
• ease of use
• ecosystem
• abundance of templates & plugins
• institutional adoption  
(Rackspace, New Relic, Google)

Constraints
• X86 64
• cross-compile
• C & Python*
• Deterministic
• Single threaded
• MapReduce: 
1,000 instances**

zerovm.org
docs.zerovm.org
github.com/zerovm
…STARTING IN A FEW MINUTES…
ZeroVM  
Hands-On Workshop
Lars Butler, Egle Sigler, & Cody Bunch

Image Credits 
photos via Flickr under license of
Creative Commons Commercial Use
"Inﬁnite Box" by rumo_der_wolperdinger
"Pink Balloon" by Alan
"Carroll House Shipping Container Home" by Inhabit Blog
"10,000 Shipping Containers Lost At Sea EachYear" by PaulTownsend
"A-salt-ed!" by JD Hancock
"Eggs" by Pietro Izzo
"debug version 2" by Franz & P
"shake your tail feather" by emdot
"MonsterTrucks Live - 29th September 2013" by John5199
"Secure Cloud Computing" by FutUndBeidl
"Door knob with lockbox" by REO
"Engine Arm Aqueduct - BCN Old Main Line - Wolverhampton Level" by Elliott
Brown
"One Set of Building Blocks" by Hans and Carolyn
"The pointed arches of al-As" by Asim Bharwani
"Kacao77 & Persue SeventhLetter Exchange LosAngeles Grafﬁti Art" by A Sin
"128/365 Chilling on theTrampoline" by LeahTautkute
untitled [Tel N°] by Al King
"NOW!That's What I Call Music." by kozumel

Resource Credits
• "Zerovm background" by Prosunjit
Biswas http://www.slideshare.net/
prosunjit/zerovm-background
• "Docker & Containerization:
"Milliseconds Matter" by Ben Golub  
http://cloudcomputing.sys-con.com/
node/3073584 
• ZeroVM documentation  
http://zerovm.org & http://
docs.zerovm.org/
• "Cluster-wide Java/Scala application
deployments with Docker, Chef and
Amazon OpsWorks" by Adam Warski  
http://www.warski.org/blog/2014/06/
cluster-wide-javascala-application-
deployments-with-docker-chef-and-
amazon-opsworks/

YouTube: https://www.youtube.com/watch?v=OsgNn-D9KFc&index=15&list=PLnKL6-WWWE_VtIMfNLW3N3RGuCUcQkDMl Undisclosed vulnerabilities are very serious threat to the cloud security. Once the flaw leaks to the public information, the risk of attacks increases dramatically. In our talk we will go through case study of patching 100 OpenStack compute nodes consisting of 4000 virtual machines with zero-day patch within 16 hours. We will talk about the challenges we have encountered, how we faced them and we will answer the most important question – did we make it within 16 hours.

Kubernetes at Datadog Scale - Ara Pulido

PROIDEA

Kubernetes is currently the most popular container orchestration platform, and while many organizations are migrating their workloads to it, Kubernetes is still relatively immature. New corner cases, errors, and quirks are regularly discovered as users push the boundaries of size and scale. Joining Datadog allowed me to discover Kubernetes at a larger scale. In this session I will share what I’ve learned, how it has changed my perspective about the Kubernetes ecosystem, and how you can apply those learnings when scaling your cluster to hundreds or thousands of nodes.

Streamlining HPC Workloads with Containers

Dustin Kirkland

One might find it ironic that some of the world's fastest supercomputers -- vast clusters capable of trillions of floating point operations per second -- can take upwards of a half an hour to reboot in between jobs. While we often talk about the density advantages of containers, it's the opposite approach that we use in the High Performance Computing world! Here, we use exactly 1 system container per node, giving it unlimited access to all of the host's CPU, Memory, Disk, IO, and Network. And yet we can still leverage the management characteristics of containers -- security, snapshots, live migration, and instant deployment to recycle each node in between jobs. In this talk, we'll examine a reference architecture and some best practices around containers in HPC environments.

What Is ZeroVM

Carina C. Zona

Schemas for the Real World [Software Craftsmanship North America 2013]

Carina C. Zona

Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value. How can we balance users’ realities with an app’s business requirements? Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers. -- META Where: Software Craftsmanship North America 2013 (Chicago, Illinois, USA) Date: November 8, 2013 Author: Carina C. Zona

Debugging Tech’s Socioeconomic Class Issues [Madison+ Ruby Conf 2014]

Carina C. Zona

As developers, we have power to be constructors of social justice. If we are members of tech community, then we inherit a chain of responsibility for addressing intersections between our work and its sometimes profoundly local effects on communities. We can choose to engage in debugging and fixes. We start by engaging in introspection about the inequities that our industry imposes on groups who have fewer privileges than we have access to. We’re going to walk through some of these issues, and review methods for implementing change. Date: August 22, 2014 Author: Carina C. Zona Video: https://youtu.be/aRf9w0UJPTM Conference: Madison+ Ruby Location: Madison, WI

Schemas for the Real World [Madison RubyConf 2013]

Carina C. Zona

Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value. How can we balance users’ realities with an app’s business requirements? Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers. -- META Where: Madison Ruby Conference 2013 (Madison, Wisconsin, USA) Date: August 23, 2013 Video: http://www.confreaks.com/videos/2627-madisonruby2013-schemas-for-the-real-world

Doctor, Lawyer, Poker Player, Physicist: The Best Engineers We're Not Competi...

Carina C. Zona

"The team needs more engineers and we need them today."_ We talk about the engineer shortage. But the problem is not what we think it is. We'll explore how hiring for only CS degrees misses exceptional opportunities. Unconventional backgrounds breed great developers. Homogeneity boxes us in. Diverse teams are more productive, more profitable, and more excited about what they're accomplishing. Diversity isn't just demographics. It's about benefitting from distinctly varied perspectives. Who better than the former philosopher, marine biologist, stage hand, or anthropologist? In this talk, we'll walk through why it's worth competing for them. Forget the rock star; hire the opera singer.

Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value. How can we balance users’ realities with an app’s business requirements? Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers. -- META Where: Madison Ruby Conference 2013 (Madison, Wisconsin, USA) Date: August 23, 2013 Video: http://www.confreaks.com/videos/2627-madisonruby2013-schemas-for-the-real-world

Doctor, Lawyer, Poker Player, Physicist: The Best Engineers We're Not Competi...

Carina C. Zona

Biometric unsecurity

Carina C. Zona

Biometrics are widely regarded by the public, and many developers, as heightened security. Their actual track record tells a very different story. Biometric technologies are systematically making the world a less safe place. We have an obligation to do something about that. And we can. In this talk, you'll learn about the breathtaking range of biometrics being tracked and assessed. You'll learn about dangerously wrong conclusions being drawn. You'll learn about spurious underlying premises and untrustworthy training data, and widespread misuses that are determining life and death decisions in government, policing, and health monitoring. Most importantly, you'll learn how to assess these technologies, and avoid contributing ito their development, misuse, and proliferation. NOTE: Content Warnings. ==== META ==== Keynote Address at: DjangoCon Europe (Sept 4, 2020) Session Talk at: PyconAU (Sept 18, 2020) Author: Carina C. Zona Email: cczona@gmail.com Twitter: @cczona

Consequences of an Insightful Algorithm

Carina C. Zona

We have ethical responsibilities when coding. We’re able to extract remarkably precise intuitions about an individual. But do we have a right to know what they didn’t consent to share, even when they willingly shared the data that leads us there? A major retailer’s data-driven marketing accidentially revealed to a teen’s family that she was pregnant. Eek. What are our obligations to people who did not expect themselves to be so intimately known without sharing directly? How do we mitigate against unintended outcomes? For instance, an activity tracker carelessly revealed users’ sexual activity data to search engines. A social network’s algorithm accidentally triggered painful memories for grieving families who’d recently experienced death of their child and other loved ones. We design software for humans. Balancing human needs and business specs can be tough. It’s crucial that we learn how to build in systematic empathy. In this talk, we'll delve into specific examples of uncritical programming, and painful results from using insightful data in ways that were benignly intended. You’ll learn ways we can integrate practices for examining how our code might harm individuals. We’ll look at how to flip the paradigm, netting consequences that can be better for everyone. SLIDES: http://www.slideshare.net/cczona/consequences-of-an-insightful-algorithm VIDEO: http://confreaks.tv/videos/rubyconf2015-keynote-consequences-of-an-insightful-algorithm REVIEWS: https://wakelet.com/wake/5758ef98-8e71-4854-9ea2-683e0b5c98a3 KEYNOTE: RubyConf, JSConfEU, PyConAU, GOTO Berlin, Lean Agile Scotland, CUSEC, Open Source Bridge ADDITIONAL: ArrrrCamp, EuRuKo, DjangoCon, WDCNZ, SCNA

Schemas for the Real World [RubyConf AU 2013]

Carina C. Zona

VIDEO: https://vimeo.com/61172068 Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value. How can we balance users’ realities with an app’s business requirements? Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers. [NOTE: links to Resources are on slide 112. Cheers!] --- META: Conference: RubyConf AU Date: February 21, 2013 Location: Jasper Hotel Session length: 45 minutes Video: https://vimeo.com/61172068

Full Stack & Full Circle: What the Heck Happens In an HTTP Request-Response C...

Carina C. Zona

Presented at Confident Coding III, San Francisco, CA. October 20, 2012. Flying in from 10,000 foot view (“Hey, browser, show me this”, “Okay, here it is”), we’ll take thoughtful overview of the HTTP request/response cycle. Its essence is simply a series of questions & answers, accumulating portions of content to be gracefully assembled for the user. We’ll hone in on some key players amidst the “full stack” of communications, with special attention to how an understanding of the HTTP lifecycle endows any developer or designer with the power to optimize for performance, cost, and UX

Hacking for Sex Education

Carina C. Zona

Cool Git Tricks (That I Learn When Things Go Badly) [1/2]

Carina C. Zona

A Sighting of filterA in Typelevel Rite of Passage

Philip Schwarz

OpenMetadata Community Meeting - 5th June 2024

OpenMetadata

The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features. * How to run your own data quality framework * What is the performance impact of running data quality frameworks * How to run the test cases in your own ETL pipelines * How the Incident Manager is integrated * Get notified with alerts when test cases fail Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E

First Steps with Globus Compute Multi-User Endpoints

Globus

In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.

Globus Compute Introduction - GlobusWorld 2024

Globus

In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...

Juraj Vysvader

Top 7 Unique WhatsApp API Benefits | Saudi Arabia

Yara Milbes

Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience. In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.

Prosigns: Transforming Business with Tailored Technology Solutions

Prosigns

Unlocking Business Potential: Tailored Technology Solutions by Prosigns Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support. Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth. Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices. AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making. Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency. DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration. Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly. Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business. Join us on a journey of innovation and growth. Let's partner for success with Prosigns.

GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)

Alina Yurenko

AI Pilot Review: The World’s First Virtual Assistant Marketing Suite

Google

AI Pilot Review: The World’s First Virtual Assistant Marketing Suite 👉👉 Click Here To Get More Info 👇👇 https://sumonreview.com/ai-pilot-review/ AI Pilot Review: Key Features ✅Deploy AI expert bots in Any Niche With Just A Click ✅With one keyword, generate complete funnels, websites, landing pages, and more. ✅More than 85 AI features are included in the AI pilot. ✅No setup or configuration; use your voice (like Siri) to do whatever you want. ✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It… ✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again. ✅ZERO Limits On Features Or Usages ✅Use Our AI-powered Traffic To Get Hundreds Of Customers ✅No Complicated Setup: Get Up And Running In 2 Minutes ✅99.99% Up-Time Guaranteed ✅30 Days Money-Back Guarantee ✅ZERO Upfront Cost See My Other Reviews Article: (1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review (2) SocioWave Review: https://sumonreview.com/sociowave-review (3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review (4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf

AMB-Review

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos https://www.amb-review.com/tubetrivia-ai Exclusive Features: AI-Powered Questions, Wide Range of Categories, Adaptive Difficulty, User-Friendly Interface, Multiplayer Mode, Regular Updates. #TubeTriviaAI #QuizVideoMagic #ViralQuizVideos #AIQuizGenerator #EngageExciteExplode #MarketingRevolution #BoostYourTraffic #SocialMediaSuccess #AIContentCreation #UnlimitedTraffic

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx

rickgrimesss22

Cracking the code review at SpringIO 2024

Paco van Beckhoven

Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production. Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process? In this session we will cover: - The Art of Effective Code Reviews - Streamlining the Review Process - Elevating Reviews with Automated Tools By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces

Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx

ShamsuddeenMuhammadA

How Recreation Management Software Can Streamline Your Operations.pptx

wottaspaceseo

Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.

Globus Connect Server Deep Dive - GlobusWorld 2024

Globus

Developing Distributed High-performance Computing Capabilities of an Open Sci...

Globus

COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.

Recently uploaded

A Sighting of filterA in Typelevel Rite of Passage

Philip Schwarz

OpenMetadata Community Meeting - 5th June 2024

OpenMetadata

First Steps with Globus Compute Multi-User Endpoints

Globus

Globus Compute Introduction - GlobusWorld 2024

Globus

In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...

Juraj Vysvader

Top 7 Unique WhatsApp API Benefits | Saudi Arabia

Yara Milbes

Prosigns: Transforming Business with Tailored Technology Solutions

Prosigns

GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)

Alina Yurenko

AI Pilot Review: The World’s First Virtual Assistant Marketing Suite

Google

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf

AMB-Review

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx

rickgrimesss22

Cracking the code review at SpringIO 2024

Paco van Beckhoven

Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx

ShamsuddeenMuhammadA

How Recreation Management Software Can Streamline Your Operations.pptx

wottaspaceseo

Globus Connect Server Deep Dive - GlobusWorld 2024

Globus

Developing Distributed High-performance Computing Capabilities of an Open Sci...

Globus

Providing Globus Services to Users of JASMIN for Environmental Data Analysis

Globus

JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.

OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam

takuyayamamoto1800

Understanding Globus Data Transfers with NetSage

Globus

NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?

openEuler Case Study - The Journey to Supply Chain Security

Shane Coughlan

Recently uploaded (20)

A Sighting of filterA in Typelevel Rite of Passage

OpenMetadata Community Meeting - 5th June 2024

First Steps with Globus Compute Multi-User Endpoints

Globus Compute Introduction - GlobusWorld 2024

In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...

Top 7 Unique WhatsApp API Benefits | Saudi Arabia

Prosigns: Transforming Business with Tailored Technology Solutions

GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)

AI Pilot Review: The World’s First Virtual Assistant Marketing Suite

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx

Cracking the code review at SpringIO 2024

Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx

How Recreation Management Software Can Streamline Your Operations.pptx

Globus Connect Server Deep Dive - GlobusWorld 2024

Developing Distributed High-performance Computing Capabilities of an Open Sci...

Providing Globus Services to Users of JASMIN for Environmental Data Analysis

OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam

Understanding Globus Data Transfers with NetSage

openEuler Case Study - The Journey to Supply Chain Security

Converged Cloud Computing That's Secure, Fast, or Cheap: Pick Three

1. 1. Fast, 2. Secure, or 3. Cheap Pick Three Carina C. Zona Converged Compute

2. Carina C. Zonacarina.zona@rackspace.com @cczona

3. Talk + Workshop

4. SECURE, FAST, OR CHEAP?

5. Fast & safe execution   of untrusted user code open source sponsored by   Rackspace

6. secure. lightweight. app execution environment. scaling. process   isolation.

7. Secure  execution

8. NaCL

9. Static binary validation

10. Processes can't   jump, communicate,   or coordinate.

11. ZeroVM

12. nearly no syscalls pread pwrite  jail unjail  fork exit

13. Channels

14. Lightweight

15. VMs  Fat • Shared resources • Slow spin-up • Resource hog • Resource bloat

16. Containers  Leaner. • However... • Shares even more resources than VMs -> increasing contamination risk • Excessive resources

17. ZeroVM : Egg Crates :: Container : Shipping Crates

18. Optimized for safe multi-tenancy

19. 75kb  5-35ms

20. Massively  scalable

21. Secure Scalable Execution NaCl + zrt = ZeroVM secure, fast, and cheap

22. Execute within the datastore

23. Converged compute

24. Converged Compute (securely & scalably) ZeroVM + Swift = ZeroCloud secure, fast, and cheap

25. Write Python apps  as if they're   stored procedures that can  MapReduce

26. ZeroCloud Use Cases 1. compute on cold ﬁles 2. text analysis 3. image & video manipulation 4. auditing 5. embedded

27. environment • NaCL • run isolated processes, securely • execution environment • scale execution • Linux namespacing (similar to LXC) • run isolated apps, conveniently • infrastructure manager • scale deployment primary context • production • isolation for restricting things' access to kernel • deployment • isolation for layering things on kernel strengths • determinism  (executables run the same every time) • isolation from kernel • disposable processes • ﬁne-grained metering • embeddable • parallelization • portability  (server templates run the same anywhere) • ease of use • ecosystem • abundance of templates & plugins • institutional adoption   (Rackspace, New Relic, Google)

28.

29. Constraints • X86 64 • cross-compile • C & Python* • Deterministic • Single threaded • MapReduce:  1,000 instances**

30. building blocks

31. zerovm.org docs.zerovm.org github.com/zerovm …STARTING IN A FEW MINUTES… ZeroVM   Hands-On Workshop Lars Butler, Egle Sigler, & Cody Bunch

32. Image Credits  photos via Flickr under license of Creative Commons Commercial Use "Inﬁnite Box" by rumo_der_wolperdinger "Pink Balloon" by Alan "Carroll House Shipping Container Home" by Inhabit Blog "10,000 Shipping Containers Lost At Sea EachYear" by PaulTownsend "A-salt-ed!" by JD Hancock "Eggs" by Pietro Izzo "debug version 2" by Franz & P "shake your tail feather" by emdot "MonsterTrucks Live - 29th September 2013" by John5199 "Secure Cloud Computing" by FutUndBeidl "Door knob with lockbox" by REO "Engine Arm Aqueduct - BCN Old Main Line - Wolverhampton Level" by Elliott Brown "One Set of Building Blocks" by Hans and Carolyn "The pointed arches of al-As" by Asim Bharwani "Kacao77 & Persue SeventhLetter Exchange LosAngeles Grafﬁti Art" by A Sin "128/365 Chilling on theTrampoline" by LeahTautkute untitled [Tel N°] by Al King "NOW!That's What I Call Music." by kozumel

33. Image Credits  from additional sources "Ketchup" designed byTom Glass, Jr.   from the thenounproject.com Chromium logo by Logonoid Manta logo by Joyent  "The dark side in a whole new light: Evil Star Wars Stormtrooper photographed in tender scenes with young son" by Kristina Alexanderson, in the Daily Mail

34. Resource Credits • "Zerovm background" by Prosunjit Biswas http://www.slideshare.net/ prosunjit/zerovm-background • "Docker & Containerization: "Milliseconds Matter" by Ben Golub   http://cloudcomputing.sys-con.com/ node/3073584  • ZeroVM documentation   http://zerovm.org & http:// docs.zerovm.org/ • "Cluster-wide Java/Scala application deployments with Docker, Chef and Amazon OpsWorks" by Adam Warski   http://www.warski.org/blog/2014/06/ cluster-wide-javascala-application- deployments-with-docker-chef-and- amazon-opsworks/

Editor's Notes

Containers are driving down the overhead that has been necessary for traditional virtualization. But there have been serious tradeoffs made with their adoption. Containerization's resource sharing approach is exposing more of the host system. We're treating higher exposure as inevitable tradeoff for lower overhead. In multi-tenant environments, that's a heck of a gamble.
ZeroVM is an open source project sponsored by Rackspace. It's easy to talk about ZeroVM & ZeroCloud as if they're interchangeable terms. They're not. ZeroCloud is converged compute built on capabilities provided by ZeroVM. So let's start with looking at that foundation: ZeroVM is simply a generic technology for [READ]: Validate code, sandbox application processes, parallelize.
In a nutshell: [read] We'll be walking through each of these characteristics.
Validate & isolate. Of processes (vs containers isolating apps, or hypervisors isolating OSs).
Validate once, with security guarantees.
NaCl also reduces the number of syscalls available. Then passes off to ZeroVM environment. Essentially ZeroVM is a trampoline. It locks down syscalls down to near-zero, then executes each processes in isolation. [Vocabulary sidenote on overloading of term]
Over 100 syscalls in Linux, etc. ZeroVM stubs out nearly all. [READ list] When we talk about virtualization for the cloud, this is one of those attributes. Most of the kernel doesn't need to be exposed, and it's unwise to. e.g. ZeroVMs cannot access host networking.
The runtime provides virtual in-memory file system.You can connect to resources on the host, or other ZeroVM instances, only via declared I/O channels. ZRT throws aways writes unless you declare a channel for them to persist to.
ZeroVM virtualizes, but not in the ways that we conventionally think about.
Rather than trying to force containers to poorly serve that need.
75 kilobytes 5-35 milliseconds So it's very embeddable. We'll revisit that topic later.
Parallelizes application processes as individual ZeroVM instances.
[READ equation], a baseline technology for [READ title]. I promised that this talk is about fast, secure, and cheap. ZeroVM provides security guarantees. While its light weight enables fast & cheap. Now let's look at how ZeroCloud contributes to these.
Because it's lightweight: execute on the datastore Because it's secure: execute untrusted user code on datastore. MapReduce on large datasets becomes trivial.
Swift is so scalable, great API, tremendous community supporting development. We wrote middleware that uses ZeroVM to turn Swift into converged compute platform. Benefits of converge: no compute cluster, no network, no latency.]
So, ZeroCloud is that integration. Mapreduce in the object store. Great for untrusted user code in multi-tenant cloud. There's one more thing...
ZeroCloud extends Swift's feature set. The middleware adds capabilities that are akin to stored procedures. Which you can write in Python.
#1 (17GB / 5 hours / 3 minutes. In-memory decompression.) #2 project gutenberg, log search, machine learning #3 watermarking, vid screenshots, transcoding #4 compliance & regulatory (healthcare record privacy, financial auditors) #5 SSDs, IoT
That said, running zerovm instances inside a Docker container is potentially a great option for bringing more security to the container.
Isolation, speed, stored procedures, & determinism are the primary distinctions Hadoop: mapreduce & stored procedures are hard. Mongo: mapreduce is slow, race conditions, JS Manta: meters by second. proprietary. PaaS. (otoh, fewer constraints on what executables are possible)
* Python 2.7.3 (core), Lua port, PHP port. ** Each instance can pass around a lot of file descriptors (1,000?) So for the most part, not legacy apps.
NaCl, ZeroVM, Swift, middleware...they're all building blocks. ZeroCloud is just one combination. I promised "Fast, Secure, or Cheap: Pick Three". But you can pick 2 or 1. They're each incredibly versatile for building on. e.g. Adapt the middleware. Explore interesting ways to use ZeroVM (e.g. Raspberry pi? Parallelized queues?). Share use cases for converged compute in Swift.

Converged Cloud Computing That's Secure, Fast, or Cheap: Pick Three

Recommended

Recommended

More Related Content

More from Carina C. Zona

More from Carina C. Zona (6)

Recently uploaded

Recently uploaded (20)

Converged Cloud Computing That's Secure, Fast, or Cheap: Pick Three

Editor's Notes