Date post: | 15-Apr-2017 |
Category: |
Government & Nonprofit |
Upload: | shawn-wells |
View: | 153 times |
Download: | 3 times |
THIS BRIEFING IS UNCLASSIFIED
Building a GED Mission Cloud
SCOTT WALLACE Account Manager, U.S. Intelligence Programs
Principal Architect, U.S. Public Sector
SHAWN WELLS Technical Director, U.S. Intelligence Programs
DAVE EGTS
20 AUGUST 2012
RED HAT IS: A high-growth, billion dollar, S&P 500 index company....
The world's leading developer & supplier of open source software for Enterprise IT...
...offering a comprehensive portfolio of products and services.
CLOUD
MIDDLEWARE
OPERATING SYSTEM
VIRTUALIZATION
STORAGE
CONSULTING
TRAINING
INDIRECT
DIRECTU.S.
OTHERCOUNTRIES
...globally active in all major vertical markets, with strong channel & direct delivery models.
Financial
Government
Tech & Media
Telecom
Logistics & Transportation
Services
Energy
Healthcare
Retail
Manufacturing
...
AND DELIVERING: l Exceptional Price/Performance l Operational Flexibility
l Open Source Quality & Innovation l Alignment with Customer Requirements
OPEN SOURCE LEADER
#1
1993 1999 2002 2006 2008 2010 2011 2012
SOME OF OUR EMPLOYEES
CEO JIM WHITEHURST
2009
OFFICES WORLDWIDE
80% MORE THAN
FORTUNE
500 COMPANIES
of
use
PRODUCTS & SOLUTIONS.
RED HAT
WIDE-RANGING EXPERIENCE
Financial
Government
Tech & Media
Telecom
Logistics & Transportation
Services
Energy
Healthcare
Retail
Manufacturing
BREADTH ACROSS
MULTIPLE VERTICALS GLOBALLY.
STRENGTH IN
MAJOR VERTICALS GLOBALLY.
14%
12%
13%
8%
...
WHAT WE DO
We offer a range of mission-critical software and services covering:
HOW WE DO IT. THE BENEFITS.
We develop everything via community-powered innovation.
Shared development reduces costs & accelerates innovation.
Open collaboration offers products that genuinely meet customers' requirements.
Better price/performance
Better quality
Faster technology innovation
Alignment to your needs
Flexibility
CLOUD MIDDLEWARE OPERATING SYSTEM
VIRTUALIZATION STORAGE
PRODUCT PROCESS
We participate in & create community- powered upstream projects.
We integrate upstream projects, fostering open community platforms.
We enable software & hardware partners, customers, and academia to participate at every stage of development.
We commercialize these platforms together with a rich ecosystem of services & certifications.
PARTICIPATE
INTEGRATE
STABILIZE
100,000+ PROJECTS (upstream projects)
(community platforms)
(supported products platforms, & solutions)
RED HAT DEVELOPMENT POWERHOUSE
Source: The Linux Foundation Linux Kernel Development March 2012 (Pages 10-11)
RED
HA
T
INTE
L
NO
VEL
L
IBM
TEX
AS
INST
RU
MEN
TS
CON
SULT
AN
TS
BR
OA
DCO
M
NO
KIA
SAM
SUN
G
OR
ACL
E
GO
OG
LE
WO
LFSO
N M
ICR
OEL
ECTR
ON
ICS
AM
D
FUJI
TSU
PEN
GU
TRO
NIX
ATH
ERO
S CO
MM
UN
ICA
TIO
NS
FREE
SCA
LE
MIC
RO
SOFT
ST E
RIC
SSO
N
WIN
D R
IVER
MIT
AC
SFR
AN
ALO
G D
EVIC
ES
TGLX
PIT
A
LIN
AR
O
QLO
GIC
MA
RV
ELL
Corporate Contributions to Linux (SINCE KERNEL 2.6.36)
0%
2%
4%
6%
8%
10%
12% PER
CEN
T OF TO
TAL C
OD
E CH
AN
GES
COMPANY / ORGANIZATION *
* the developers who are 'known to be doing this work on their own, with no financial contribution happening from any company' are not grouped together as 'None' and instead are considered part of the 'long tail,' as are contributors of academic or unknown sponsorship.
'LONG TAIL' OF CONTRIBUTORS
RED HAT DEVELOPMENT POWERHOUSE
Corporate Contributions to OpenStack (August 2012)
0%
10%
20%
30%
40%
50%
60%
PER
CEN
T OF TO
TAL C
OD
E CH
AN
GES
COMPANY / ORGANIZATION
55.20%
10% 7.90%
2.90% 2.60%
Rackspace Nebula Red Hat HP Canonical
Red Hat Contribution Highlights
• Nova-core, glance-core, quantum-core
• Stable tree maintenance
• Release and vulnerability management teams
• Installation Packaging for EPEL
• AMQP Generalization (RabbitMQ vs Qpid)
• LDAP Integration for Keystone (authentication service)
• Puppet Modules
• Swift object store interoperability with GlusterFS
SUBSCRIPTION MODEL KNOWLEDGEBASE
OPTIONAL TRAINING CURRICULA AVAILABLE
HARDWARE & SOFTWARE CERTIFICATION
SOFTWARE ASSURANCE
GLOBAL SUPPORT SERVICES
l UNLIMITED
l 24/7
l MULTI-LINGUAL
l MISSION-CRITICAL
l MULTI-VENDOR CASE OWNERSHIP
STABILITY WITH PRODUCT LIFECYCLE OF UP TO 10 YEARS
UPDATES, PATCHES & UPGRADES
SECURITY RESPONSE TEAM
CUSTOMER PORTAL & FORUMS
AWARD-WINNING SUPPORT
UNCLASSIFIED
Proposed GED ISP Mission Architecture
Overview
• GED is migrating NRO Ground Enterprise to an ISP/ASP model, desiring non-proprietary and replaceable components
• Need to build foundations for a heterogeneous ISP, acting as a virtualization platform with integrated HPC/Grid for GED Mission Centers • Component compatibility with broader IC initiatives
Design Tenets
• Heterogeneous Hardware and Missions • Architecture must be agnostic!
• GPUs, FPGA, Tilera, CEX Cards, etc
• Incrementally replaced hardware
• Reduction of Certification & Accreditation efforts
• Standardized API to all Mission Centers, must ensure Algorithm Portability
UNCLASSIFIED
Proposed GED ISP Virtualization Stack
KVM Hypervisor
KVM Hypervisor
• Included in Linux since early 2007
• Runs Linux and Windows
• The OS is the hypervisor • Platform consistency
across bare metal to cloud
• Simplifies certification
RHEV-M Features Feature Description
High Availability Restart guest VMs from failed hosts automatically
Live Migration Move running VMs between hosts with zero downtime
System Scheduler Continuously load balance VMs based on resource usage/policies
Maintenance Manager No downtime on virtual machines during planned maintenance windows. Hypervisor patching.
Image Management Template based provisioning, thin provisioning and snapshots
Monitoring & Reporting For all objects in system – VM guests, hosts, networking, storage, etc
OVF Import/Export Import and export VMs and templates using industry interoperable OVF files
V2V Convert VMs from VMWare and RHEL/Xen
Innovation Velocity
Multi-tenant Virtualization
• SELinux applies security labels to all system objects (disk drives, network, CPUs…)
http_apache_t
http_content_t
sys_passwd_t
ALLOW
DENY
Multi-tenant Virtualization
• Virtual machines are a “system object,” and are natively isolated with SELinux
VM_ALPHA
DISK_ALPHA
VM_BRAVO
ALLOW
DENY
DISK_BRAVO
ALLOW
DENY
Common Criteria Certification
KVM OpenStack
Red Hat OpenStack
• Developer preview released 13-AUG-2012 • Free preview, non-supported
• Soliciting feedback from global customers
• Based off Essex
• http://www.redhat.com/openstack
• Commercial Platform
• To be based off Fulsom, 2013 planned release
Why Enterprise OpenStack?
Code Name Release Date
Austin 10/21/2010
Bexar 2/3/2011
Cactus 4/15/2011
Diablo 9/22/2011
Essex 4/5/2012
Red Hat OpenStack
• Currently #3 commercial code contributor, Founding member of OpenStack Foundation
• Leveraging established OSS->Commercial engineering processes
• Expand OpenStack beyond “community project,” and enable commercial OEM/ISV/Security certifications
• Lifecycle support (SLAs, multi-year release stability)
Deltacloud
Restful API for simple, any-platform access
Deltacloud
RHEL6 Scalability
RHEL6 Scalability
UNCLASSIFIED
Proposed GED ISP Storage Foundation
Storage Layer
Storage Layer
Storage Layer
Pandora Internet Radio
Challenges • Explosive user growth
• 12 formats per song
• ‘Hot’ Content
Solution
• 3 data centers, 6 nodes per
• Replication between centers
• 2PB+ Capacity
Pattern Energy High performance computing for weather prediction
Challenges • Rapidly calculate weather
predictions, often 20TB of data per model
• Identity wind and solar abundance in advance
Solution
• 32 compute nodes
• Tuned for high throughput
GED ISP STORAGE
UNCLASSIFIED
Proposed GED ISP HPC GRID
GED ISP: HPC Grid
• Specifically to run compute intensive algorithms
• A layer providing common interface for job submission, monitoring, reporting
• Intelligence to match hardware resources with job requirements
• Management of multiple users, user groups, and resources
Red Hat Grid: Forever Young! • Technology established in 1985,
25 year history
• 375,000 known hosts worldwide, 680K LOC, unifies 15 different technologies including Condor
• Designed for secure multi-tenancy, high transactions and high throughput
Proposed GED Grid Architecture
Proposed GED Grid Features • Dynamic Slots – Resource partitions
grow/shrink dynamically to GED job needs
• Concurrency Limits – Set limits on how much of a certain resource (e.g. software licenses, db connections) can be used at once
• Federated Grids/Clusters – Allows independent GED pools to use each others resources, controllable by policy
• Standards Based APIs – Web service interface provides job submission and management
• Workflow Management – The ability to specify job dependencies, allows for construction of complex algorithm workflows
• Compute On-Demand (COD) – The ability for a node or set of nodes to be claimed by a user in such a way that others may use the nodes only until “claimed user” needs them
• Job Safety – Jobs can be checkpointed, restarted
• High Availability – The job negotiator, collector, and scheduler have their state replicated to allow for graceful failover
• Dynamic Pool Creation – Through a technology known as Gline-ins, nodes can be dynamically added to a pool and automatically service jobs
• Parallel Universe – Run parallel (including MPI) jobs. Co-allocation of GED compute nodes done automatically.
Proposed GED Grid Features
“We run millions of jobs per week and Red Hat Grid has done a fantastic job of scaling to our demand and providing key features for our animation production pipeline”
Lars Carstensen Principal Engineer, Dreamworks
Integrating with GED ISP
UNCLASSIFIED
Putting it all together
Peripheral Activities
• Preparing for C&A
• Technical Training
• Reference Architectures
C&A
• Major components Common Criteria certified
• FIPS 140-2 certified cryptography
• Virtualization components already on Westfields Approved Products List
• Sample C&A paperwork available (SRTM, PUG, GUG, SP template)
Training • To enable thousands of colleges, universities, and commercial training
centers around the world to teach open source principles, programming, and system administration to hundreds of thousands of students
• To create communities of participating schools, instructors, government, and students paired with Red Hat to learn from each other, to develop open source curricula and contribute to Open Source Software projects
• To make available high quality courseware and scalable, open platforms for hosting and managing Open Source Courses
• To make the combined program self-funding, but not to maximize any profitability
Performance Based Testing
Red Hat OSS In Universities
• Carnegie Mellon folds open source into new degree offering
• http://www.iosn.net/foss/news/carnegie-mellon-folds-open-source-into-new-degree-offering
Reference Architectures
• Formal documentation on architecture installation, operation, and maintenance
• Vetted by involved vendor engineering departments