THIS BRIEFING IS UNCLASSIFIED

Building a GED Mission Cloud

SCOTT WALLACE Account Manager, U.S. Intelligence Programs

Principal Architect, U.S. Public Sector

SHAWN WELLS Technical Director, U.S. Intelligence Programs

DAVE EGTS

20 AUGUST 2012

RED HAT IS: A high-growth, billion dollar, S&P 500 index company....

The world's leading developer & supplier of open source software for Enterprise IT...

...offering a comprehensive portfolio of products and services.

CLOUD

MIDDLEWARE

OPERATING SYSTEM

VIRTUALIZATION

STORAGE

CONSULTING

TRAINING

INDIRECT

DIRECTU.S.

OTHERCOUNTRIES

...globally active in all major vertical markets, with strong channel & direct delivery models.

Financial

Government

Tech & Media

Telecom

Logistics & Transportation

Services

Energy

Healthcare

Retail

Manufacturing

...

AND DELIVERING: l  Exceptional Price/Performance l  Operational Flexibility

l  Open Source Quality & Innovation l  Alignment with Customer Requirements

OPEN SOURCE LEADER

#1

1993 1999 2002 2006 2008 2010 2011 2012

SOME OF OUR EMPLOYEES

CEO JIM WHITEHURST

2009

OFFICES WORLDWIDE

80% MORE THAN

FORTUNE

500 COMPANIES

of

use

PRODUCTS & SOLUTIONS.

RED HAT

WIDE-RANGING EXPERIENCE

Financial

Government

Tech & Media

Telecom

Logistics & Transportation

Services

Energy

Healthcare

Retail

Manufacturing

BREADTH ACROSS

MULTIPLE VERTICALS GLOBALLY.

STRENGTH IN

MAJOR VERTICALS GLOBALLY.

14%

12%

13%

8%

...

WHAT WE DO

We offer a range of mission-critical software and services covering:

HOW WE DO IT. THE BENEFITS.

We develop everything via community-powered innovation.

Shared development reduces costs & accelerates innovation.

Open collaboration offers products that genuinely meet customers' requirements.

Better price/performance

Better quality

Faster technology innovation

Alignment to your needs

Flexibility

CLOUD MIDDLEWARE OPERATING SYSTEM

VIRTUALIZATION STORAGE

PRODUCT PROCESS

We participate in & create community- powered upstream projects.

We integrate upstream projects, fostering open community platforms.

We enable software & hardware partners, customers, and academia to participate at every stage of development.

We commercialize these platforms together with a rich ecosystem of services & certifications.

PARTICIPATE

INTEGRATE

STABILIZE

100,000+ PROJECTS (upstream projects)

(community platforms)

(supported products platforms, & solutions)

RED HAT DEVELOPMENT POWERHOUSE

Source: The Linux Foundation Linux Kernel Development March 2012 (Pages 10-11)

RED

HA

T

INTE

L

NO

VEL

L

IBM

TEX

AS

INST

RU

MEN

TS

CON

SULT

AN

TS

BR

OA

DCO

M

NO

KIA

SAM

SUN

G

OR

ACL

E

GO

OG

LE

WO

LFSO

N M

ICR

OEL

ECTR

ON

ICS

AM

D

FUJI

TSU

PEN

GU

TRO

NIX

ATH

ERO

S CO

MM

UN

ICA

TIO

NS

FREE

SCA

LE

MIC

RO

SOFT

ST E

RIC

SSO

N

WIN

D R

IVER

MIT

AC

SFR

AN

ALO

G D

EVIC

ES

TGLX

PIT

A

LIN

AR

O

QLO

GIC

MA

RV

ELL

Corporate Contributions to Linux (SINCE KERNEL 2.6.36)

0%

2%

4%

6%

8%

10%

12% PER

CEN

T OF TO

TAL C

OD

E CH

AN

GES

COMPANY / ORGANIZATION *

* the developers who are 'known to be doing this work on their own, with no financial contribution happening from any company' are not grouped together as 'None' and instead are considered part of the 'long tail,' as are contributors of academic or unknown sponsorship.

'LONG TAIL' OF CONTRIBUTORS

RED HAT DEVELOPMENT POWERHOUSE

Corporate Contributions to OpenStack (August 2012)

0%

10%

20%

30%

40%

50%

60%

PER

CEN

T OF TO

TAL C

OD

E CH

AN

GES

COMPANY / ORGANIZATION

55.20%

10% 7.90%

2.90% 2.60%

Rackspace Nebula Red Hat HP Canonical

Red Hat Contribution Highlights

•  Nova-core, glance-core, quantum-core

•  Stable tree maintenance

•  Release and vulnerability management teams

•  Installation Packaging for EPEL

•  AMQP Generalization (RabbitMQ vs Qpid)

•  LDAP Integration for Keystone (authentication service)

•  Puppet Modules

•  Swift object store interoperability with GlusterFS

SUBSCRIPTION MODEL KNOWLEDGEBASE

OPTIONAL TRAINING CURRICULA AVAILABLE

HARDWARE & SOFTWARE CERTIFICATION

SOFTWARE ASSURANCE

GLOBAL SUPPORT SERVICES

l  UNLIMITED

l  24/7

l  MULTI-LINGUAL

l  MISSION-CRITICAL

l  MULTI-VENDOR CASE OWNERSHIP

STABILITY WITH PRODUCT LIFECYCLE OF UP TO 10 YEARS

UPDATES, PATCHES & UPGRADES

SECURITY RESPONSE TEAM

CUSTOMER PORTAL & FORUMS

AWARD-WINNING SUPPORT

UNCLASSIFIED

Proposed GED ISP Mission Architecture

Overview

•  GED is migrating NRO Ground Enterprise to an ISP/ASP model, desiring non-proprietary and replaceable components

•  Need to build foundations for a heterogeneous ISP, acting as a virtualization platform with integrated HPC/Grid for GED Mission Centers •  Component compatibility with broader IC initiatives

Design Tenets

•  Heterogeneous Hardware and Missions •  Architecture must be agnostic!

•  GPUs, FPGA, Tilera, CEX Cards, etc

•  Incrementally replaced hardware

•  Reduction of Certification & Accreditation efforts

•  Standardized API to all Mission Centers, must ensure Algorithm Portability

UNCLASSIFIED

Proposed GED ISP Virtualization Stack

KVM Hypervisor

KVM Hypervisor

•  Included in Linux since early 2007

•  Runs Linux and Windows

•  The OS is the hypervisor •  Platform consistency

across bare metal to cloud

•  Simplifies certification

RHEV-M Features Feature Description

High Availability Restart guest VMs from failed hosts automatically

Live Migration Move running VMs between hosts with zero downtime

System Scheduler Continuously load balance VMs based on resource usage/policies

Maintenance Manager No downtime on virtual machines during planned maintenance windows. Hypervisor patching.

Image Management Template based provisioning, thin provisioning and snapshots

Monitoring & Reporting For all objects in system – VM guests, hosts, networking, storage, etc

OVF Import/Export Import and export VMs and templates using industry interoperable OVF files

V2V Convert VMs from VMWare and RHEL/Xen

Innovation Velocity

Multi-tenant Virtualization

•  SELinux applies security labels to all system objects (disk drives, network, CPUs…)

http_apache_t

http_content_t

sys_passwd_t

ALLOW

DENY

Multi-tenant Virtualization

•  Virtual machines are a “system object,” and are natively isolated with SELinux

VM_ALPHA

DISK_ALPHA

VM_BRAVO

ALLOW

DENY

DISK_BRAVO

ALLOW

DENY

Common Criteria Certification

KVM OpenStack

Red Hat OpenStack

•  Developer preview released 13-AUG-2012 •  Free preview, non-supported

•  Soliciting feedback from global customers

•  Based off Essex

•  http://www.redhat.com/openstack

•  Commercial Platform

•  To be based off Fulsom, 2013 planned release

Why Enterprise OpenStack?

Code Name Release Date

Austin 10/21/2010

Bexar 2/3/2011

Cactus 4/15/2011

Diablo 9/22/2011

Essex 4/5/2012

Red Hat OpenStack

•  Currently #3 commercial code contributor, Founding member of OpenStack Foundation

•  Leveraging established OSS->Commercial engineering processes

•  Expand OpenStack beyond “community project,” and enable commercial OEM/ISV/Security certifications

•  Lifecycle support (SLAs, multi-year release stability)

Deltacloud

Restful API for simple, any-platform access

Deltacloud

RHEL6 Scalability

RHEL6 Scalability

UNCLASSIFIED

Proposed GED ISP Storage Foundation

Storage Layer

Storage Layer

Storage Layer

Pandora Internet Radio

Challenges •  Explosive user growth

•  12 formats per song

•  ‘Hot’ Content

Solution

•  3 data centers, 6 nodes per

•  Replication between centers

•  2PB+ Capacity

Pattern Energy High performance computing for weather prediction

Challenges •  Rapidly calculate weather

predictions, often 20TB of data per model

•  Identity wind and solar abundance in advance

Solution

•  32 compute nodes

•  Tuned for high throughput

GED ISP STORAGE

UNCLASSIFIED

Proposed GED ISP HPC GRID

GED ISP: HPC Grid

•  Specifically to run compute intensive algorithms

•  A layer providing common interface for job submission, monitoring, reporting

•  Intelligence to match hardware resources with job requirements

•  Management of multiple users, user groups, and resources

Red Hat Grid: Forever Young! •  Technology established in 1985,

25 year history

•  375,000 known hosts worldwide, 680K LOC, unifies 15 different technologies including Condor

•  Designed for secure multi-tenancy, high transactions and high throughput

Proposed GED Grid Architecture

Proposed GED Grid Features •  Dynamic Slots – Resource partitions

grow/shrink dynamically to GED job needs

•  Concurrency Limits – Set limits on how much of a certain resource (e.g. software licenses, db connections) can be used at once

•  Federated Grids/Clusters – Allows independent GED pools to use each others resources, controllable by policy

•  Standards Based APIs – Web service interface provides job submission and management

•  Workflow Management – The ability to specify job dependencies, allows for construction of complex algorithm workflows

•  Compute On-Demand (COD) – The ability for a node or set of nodes to be claimed by a user in such a way that others may use the nodes only until “claimed user” needs them

•  Job Safety – Jobs can be checkpointed, restarted

•  High Availability – The job negotiator, collector, and scheduler have their state replicated to allow for graceful failover

•  Dynamic Pool Creation – Through a technology known as Gline-ins, nodes can be dynamically added to a pool and automatically service jobs

•  Parallel Universe – Run parallel (including MPI) jobs. Co-allocation of GED compute nodes done automatically.

Proposed GED Grid Features

“We run millions of jobs per week and Red Hat Grid has done a fantastic job of scaling to our demand and providing key features for our animation production pipeline”

Lars Carstensen Principal Engineer, Dreamworks

Integrating with GED ISP

UNCLASSIFIED

Putting it all together

Peripheral Activities

•  Preparing for C&A

•  Technical Training

•  Reference Architectures

C&A

•  Major components Common Criteria certified

•  FIPS 140-2 certified cryptography

•  Virtualization components already on Westfields Approved Products List

•  Sample C&A paperwork available (SRTM, PUG, GUG, SP template)

Training •  To enable thousands of colleges, universities, and commercial training

centers around the world to teach open source principles, programming, and system administration to hundreds of thousands of students

•  To create communities of participating schools, instructors, government, and students paired with Red Hat to learn from each other, to develop open source curricula and contribute to Open Source Software projects

•  To make available high quality courseware and scalable, open platforms for hosting and managing Open Source Courses

•  To make the combined program self-funding, but not to maximize any profitability

Performance Based Testing

Red Hat OSS In Universities

•  Carnegie Mellon folds open source into new degree offering

•  http://www.iosn.net/foss/news/carnegie-mellon-folds-open-source-into-new-degree-offering

Reference Architectures

•  Formal documentation on architecture installation, operation, and maintenance

•  Vetted by involved vendor engineering departments