Cloud Computing Overview

On February 1, 2010, In Cloud Computing, Technology, Virtual Machines, By admin

Till a few years ago, if you wanted to run something on the Internet, either to provide service to the public, or to your own employees, you would do one of the following:

  1. Your own in-house Datacenter: You put your servers in your data closet, bought a T1 or T3 link from your telco, and published a DNS name for your service (chat.mycompany.com, for example)
  2. You could rent a full/half/quarter rack from a co-location facility such as Exodus of the past. Load up your own servers, install your server OS, install your Applications, install your firewall etc. and run your service

The principal reasons for renting space in a colo rack were:

  • Good electricty (Dual power sources + UPS, for example)
  • Good network connectivity (fiber connection to Sprint, ATT and other backbone networks)
  • Higher bandwidth for a lower price ( T1 is 1.544Mbps to your own data closer and may cost you $500/month, versus a $350 10Mbps link at the colo with capacity to burst upto 100Mbps for at most 5% of the time)

Setting up and getting going in a colo was, and continues to be a pain. It could involve a multi year contract, and some upfront setup charges.
Fast forward to today, and the colo scenario has been replaced by Cloud computing. Cloud computing consists of the following different types:

  1. Infrastructure As A Service (IaaS) – rent virtual machines from the Cloud Service Provider, and run (almost) any software (OS + Apps) on it
    • Example: Amazon EC2. Smallest VM is 8.5cents an hour ($744.60/year)
  2. Platform As A Service (PaaS) – rent capacity on An Application Platform to run your application. You do not get to choose the OS or hardware, and the application environment is usually very restricted. Google App Engine, for instance, requires you to write brand new applications in a language called Python
    • Example: Salesforce’s force.com and google’s Google App Engine
  3. Software As A Service(SaaS) – you rent an application. You do not get to choose hardware, the Operating System, or the Application. You just buy ‘functionality’.
    • Example: WebEx. You purchase the capability to run web conferencing.

All of the three cloud compute options bring about an ease of use and low barrier to entry for customers that is an astounding improvement over the colo scenario of years past. Billing by the hour of use, pioneered by Amazon’s EC2 service, makes it very easy for customers to try out software, and develop on the cloud.

Advances in Cloud compute technologies are encouraging people to outsource their own datacenter and its operations to the Cloud. One step in this migration may be to run Cloud compute software in your own datacenter, and then move suitable applications to the public cloud.

So, where does Thinsy fit in this Cloud compute world? Thinsy develops two flagship products:

  1. Thinsy Internal Cloud Platform
  2. Thinsy Virtual Conference Application for the Cloud (VMware cloud, Thinsy Internal Cloud or other Xen based Clouds)

The Thinsy Internal Cloud platform is Virtualization based cloud software for customers to build their own Clouds, in their own datacenters. It enables IT departments to offer a PAAS (Platform As A Service) cloud to their internal customers. It has been designed from the ground up to be friendly for providing PAAS. For example, when VMware and Citrix were building Windows applications to manage their Virtualization, we built a web browser based management application.

The Thinsy Virtual Conference is an application that runs on top of a PAAS cloud, and offers a Software As A Service WebEx like web conferencing system. It has some unique features – instead of sharing the desktop of a presenter, we share a dedicated windows desktop in the cloud. This works really well in environments where the Presenter’s upload bandwidth is low.

Tagged with:
 
0 Comments
Leave A Response

Creating a KVM VM with virtio Disk and Net Drivers on Centos 5.4 (Redhat 5.4)

On January 20, 2010, In Technology, Virtual Machines, By admin

As a followup to my previous post, I set out to accomplish a (seemingly) simple task: Install CentOS 5.4 with KVM Virtualization on a system and then create a CentOS 5.4 KVM VM with virtio Net and Disk drivers.

It turns out that there is more to this task than meets the eye. So, here’s my step by step procedure.

Step 1: Install Centos (Redhat 5.4) with KVM Virtualization on a Intel VT or AMD Pacifica enabled server (I used a Intel Core 2 Duo E6420/2GB/120GB SATA system)

  • Install CentOS 5.4 64 bit with the “Virtualization” option
  • While installing, choose the “Customize now” instead of customize later, and select KVM instead of ‘Virtualization’ in the Virtualization customization screen.
  • For this install, I chose to disable SELinux. I’m sure its useful in some security contexts, but for most of my use – it is just a source of endless problems. Someday, I might actually spend the time to learn how SELinux works. Right now, it feels to me like the Windowsification of Linux. Moving on…
  • When the newly installed system boots up, you need to create a bridge(software switch) called br0, move the IP address of eth0 to br0, and then make eth0 an uplink to the bridge br0. Here’s how to do it:
    • Create a file /etc/sysconfig/network-scripts/ifcfg-br0 with the following contents:
      • DEVICE=br0
        TYPE=Bridge
        BOOTPROTO=static
        IPADDR=192.168.1.213
        NETMASK=255.255.255.0
        GATEWAY=192.168.1.10
        ONBOOT=yes
    • Edit /etc/sysconfig/network-scripts/ifcfg-eth0 and replace its contents with:
      • DEVICE=eth0
        ONBOOT=yes
        BRIDGE=br0
        NM_CONTROLLED=no
    • Reboot your system. Note that this configuration is for a static IP server.
    • Add the following lines to /etc/sysconfig/iptables to allow relevant traffic:
      • -A RH-Firewall-1-INPUT -i br0 -j ACCEPT
      • -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 5900:6900 -j ACCEPT

Step 2: Create a CentOS 5.4 KVM VM using the CentOS boot CD

Well, this task got complicated quickly. My intent was to make this VM connect to a bridged network interface, so that I could benchmark it by running nuttcp to another physical machine. CentOS 5.4 (Redhat 5.4) does not come with scripts for a bridged VM network out of the box. This is why we needed to create the br0 bridge in the previous step.

  • In order to use the br0 bridge effectively, we need a utility called tunctl (I have a precompiled version here – http://www.thinsy.com/utils/tunctl.gz ). Please this in /usr/sbin on your new CentOS box.
  • It turns out that creating a VM by calling qemu directly involves a lot of options. I ended up building a script for this purpose. You can download it here: http://www.thinsy.com/utils/start_a_kvm.sh.gz. Place start_a_kvm.sh in /usr/sbin.
  • Create a directory for our VM called /vms/1
  • Create two 8GB files vdisk0 and vdisk1 in this directory using the following commands:
    • dd if=/dev/zero of=./vdisk0 count=1 bs=1 seek=8589934591
    • dd if=/dev/zero of=./vdisk1 count=1 bs=1 seek=8589934591
  • Create a file called vm.params with the following contents ( a sample is available at http://www.thinsy.com/utils/vm.params):
    • MAC=52:54:00:00:00:01
      DISK0=/vms/1/vdisk0
      DISK1=/vms/1/vdisk1
      MEMORY=512
      VNCDISP=0
  • For booting and installing the VM from the CentOS 5.4 CD image, run the following command:
    • /usr/sbin/start_a_kvm.sh /vms/1/vm.params /tmp/CentOS-5.4-i386-bin-DVD.iso boot_from_cd
  • This will cause a tap interface called tap0 to be created, connected to the bridge br0, and the VM created by calling kvm-qemu directly
  • The start_a_kvm.sh script sets up the VM to publish a graphical console using the VNC protocol at TCP port 5900 + $VNCDISP, where VNCDISP is set in the vm.params file. Use your favorite vncviewer to connect to this graphical console.
  • When the VM is started up, you will get the graphical console of the VM. Now go through the process of installing the OS on your newly created VM

Step 3: First boot of the CentOS in your newly created VM

After the OS installation is completed, you can reboot the VM from the virtual hard drive, without the CDROM image attached. Here is the command to do that:

/usr/sbin/start_a_kvm.sh /vms/1/vm.params

There you have it – a KVM VM with paravirtualized drivers (virtio) for network and disk.

All this without the use of libvirt or virt-manager or one of the myriad programs that did not quite work for me.

Step 4: Fixup VNC mouse tracking

One of the most annoying things about the qemu vnc server is the fact that the mouse works like cr**. Here’s a simple fix for that problem. Download the following xorg.conf file and place it in your newly created VM’s /etc/X11 directory. This configures a VNC screen of size 1024×768 with a mouse that actually works – http://www.thinsy.com/utils/xorg.conf.gz

— soapbox mode on —

Truth be told, if you peel away the layers of crud such as libvirt and virt-manager, the KVM architecture is quite elegant. I am convinced that KVM, and not Xen, is the future of Linux virtualization. My preliminary tests indicate that the KVM performance is not as good as Xen, but I fully expect that to be resolved quickly. Besides, if performance is of great import to you, you should be looking at ‘Containers’ technology such as openvz.

— soapbox mode off —


Tagged with:
 
0 Comments
Leave A Response

Cheat sheet for creating a KVM Virtual Machine on Centos 5.4

On January 19, 2010, In Technology, Virtual Machines, By admin

Step 1: Install Centos 5.4 (Redhat 5.4)

  • Install CentOS 5.4 64 bit with the Virtualization option
  • Choose “Customize now” instead of customize later.
  • Choose KVM instead of ‘Virtualization’ in the Virtualization customization

Step 2: Create a VM with virtio (para-virtualized) disk drivers

  • Create an empty 8GB file using ‘dd if=/dev/zero of=/vm/vdisk0 count=1 bs=1 seek=8589934591′
  • /usr/libexec/qemu-kvm -drive file=/vm/vdisk0,if=virtio -cdrom /tmp/CentOS-5.4-i386-bin-DVD.iso -m 512 -boot d
  • When the VM boots from the CentOS DVD, install it

Step 3: First Boot

  • After OS install, boot using ‘/usr/libexec/qemu-kvm -drive file=/vm/vdisk0,if=virtio,boot=on -m 512′

You will note that disk I/O is much faster using the virtio drivers. This VM is still using the emulated Realtek 8139 network interface, which is pretty slow. My next step is to use the virtio network interface for the VM.

Tagged with:
 
0 Comments
Leave A Response

A good introduction to Digital Audio, specifically PCM

On January 15, 2010, In Audio/Video, By admin

Here’s a blog with a few good entries on Digital Audio, specifically the details of PCM encoding. We deal with a number of audio related issues in our Thinsy Virtual Conference product, so this is good basic reading material.

What is PCM? – http://www.ypass.net/blog/2010/01/pcm-audio-part-1-what-is-pcm/

What does a PCM stream look like – http://www.ypass.net/blog/2010/01/pcm-audio-part-2-what-does-a-pcm-stream-look-like/

Basic Audio Effects – http://www.ypass.net/blog/2010/01/pcm-audio-part-3-basic-audio-effects-volume-control/

Tagged with:
 
0 Comments
Leave A Response

Incompatibilities between various ‘cloud’ VMs

On January 14, 2010, In Technology, By admin

In this blog entry, I would like to make some observations on the sorry state of inter cloud VM compatibility, and why that reduces the value proposition of a Virtualization based cloud.

It is well known that you cannot take a VMware VM, and run it as is on a Xen hypervisor – some conversion work needs to be done. What is less obvious is that it is not even easy to move a Xen VM from one vendor’s cloud to another. You can’t just take an Amazon VM and run it on, say your own Oracle VM Server based Xen VM Server.

If you consider VMs from an interoperability perspective, the spectrum looks like this:

  1. Most Compatible – Fully Virtualized. VM built from a bootable CD that you upload. Contains no hypervisor specific network or disk drivers.
  2. Fully Virtualized VM with Paravirtual Network and Disk Drivers
  3. Para Virtualized VM supplied by Cloud provider (e.g. Amazon EC2)
  4. Container technology such as Virtuozzo (e.g. running Drupal in godaddy web hosting)
  5. Application sharing (e.g. virtual hosts in an apache instance)

Intuitively, performance increases as you go from (1) to (5).

In the simple, single server hosted application use case, since you cannot really move a VM from EC2 to Rackspace, for example, why use a VM based cloud at all? Why not just purchase hosting from godaddy and use their Wordpress, or Drupal etc.? You only need EC2 if you are going to run java software, or serve media using a Flash Media Server, etc.

My point is this. Standards are going to be critical to cloud customers.

  • A universal VM format, that can be instantiated on any compatible cloud (OVF is inadequate, more on that later)
  • A management API that allows for creation, power up, backup, snapshot and restore of VMs
  • VM Network configuration API, including the ability to configure VPNs and VLANs.
  • Standards for monitoring VM Servers and VMs
 
0 Comments
Leave A Response

VMware based cloud service providers will enjoy more success than Xen based cloud service providers

On December 1, 2009, In Uncategorized, By admin

I’ve been watching the buzz related to cloud computing over the last year or so, and I notice that a lot of the new investments and development is going towards Xen based clouds, i.e. EC2 knock offs.

The way users use a Xen based EC2 like cloud is distinctly different from the way a VMware based cloud could be used. The ‘n-tier web application’ model is a natural fit for EC2. The Guest OS in the VM is largely irrelevant — so long as you can run java, ruby, php, perl or ASP/ASP.NET.

VMware users are more likely to be corporations with existing VMware Virtual Infrastructure, moving their existing services to the cloud, or purchasing new services comaptible with their existing infrastructure (internal cloud).

This is what leads to my prediction – VMware has a large body of working Virtual Machines out in the field. These VMs, and large number of IT staff who possess ESX know-how will prove to be a very useful market for Service Providers who offer VMware compatible VMs as a service.

All the Xen Service Providers, offering their own versions of Xen, mostly incompatible with each other, will suffer the same slide into irrelevancy that Xen is currently undergoing.

 
0 Comments
Leave A Response

Does Active Directory Authentication for Cloud Services require a VPN?

On October 9, 2009, In Technology, By admin

I’ve been working on Active Directory Authentication of a cloud hosted product of ours, and here are some observations.

DESIRED END USER EXPERIENCE

  • A corporate user of our EC2 hosted web based application should be automatically logged into the application without needing to type in a username/password yet again.
  • Once the user logs into his/her computer, the browser should forward the user’s credentials to the EC2 hosted application.

DESIRED ADMIN EXPERIENCE

  • The admin should not have to maintain a separate user database for this new cloud based application (service).
  • It would be nice if initial setup of this Authentication is painless.

UNDERLYING TECHNOLOGY ASPECTS

  • Active Directory seems to be pervasive among Enterprise and Government users. AD seems less popular among Small Businesses
  • The technology goal of this project turns out to be – Authenticate users of our EC2 hosted web based application against an existing company Active Directory.
  • Single Sign On i.e. the ability for the end user to log into his computer by typing in his username/password, and never having to type in his username/password thereafter is possible only within the corporate network, i.e. when Windows decides that the server is located within the ‘trusted zone’, i.e. the Intranet

AUTHENTICATION PROTOCOLS:

The authentication protocols that AD makes available are

  1. NTLM v1
  2. NTLM v2
  3. Kerberos

NTLM v1 seems to be insecure, and deprecated by Microsoft. Also, Vista and Win 7 browsers will not authenticate against your server using NTLMv1, so this is not a useful solution.

NTLM v2 is more secure. However, this may not be the right solution for a distributed service such as our EC2 hosted application.

Kerberos is the authentication scheme that I chose for our product. The initial setup is more involved than I like, but our job is to automate this initial complex configuration, and we will. More on the actual implementation in another blog entry.

VPN REQUIRED FOR SINGLE SIGN ON?

This brings me to an interesting angle. In order for Internet Explorer to consider a website as being in the ‘trusted zone’, it needs to be in the Intranet of the company. This implies that the Amazon hosted EC2 service must necessarily be connected back to the Enterprise network using a VPN connection.

Only then will users be able to seamlessly sign on to the web based service from the corporate network without having to type in their username/password.

Note that if the user is connecting to the EC2 hosted application from his home or somewhere else in the Internet, the password prompt will pop up, and correctly, Single Sign On will not happen.

Tagged with:
 
0 Comments
Leave A Response
Go To Top »