for multitenant filesystems
play

for Multitenant Filesystems Giorgos Kappes, Andromachi - PowerPoint PPT Presentation

Jul 04, 2023 •477 likes •767 views

Virtualization Aware Access Control for Multitenant Filesystems Giorgos Kappes, Andromachi Hatzieleftheriou, Stergios V. Anastasiadis gkappes, ahatziel, stergios (at) cs.uoi.gr Department of Computer Science and Engineering University of

  1. Virtualization Aware Access Control for Multitenant Filesystems Giorgos Kappes, Andromachi Hatzieleftheriou, Stergios V. Anastasiadis gkappes, ahatziel, stergios (at) cs.uoi.gr Department of Computer Science and Engineering University of Ioannina, Greece 15th TERENA TF-Storage Task Force Meeting

  2. Storage Consolidation Host 1 Host N Host 1 Host N VM VM ... VM VM VM VM VM VM ... Local Storage Local Storage Shared Storage Benefits • Efficient usage and management of storage resources • Sharing support • High capacity utilization • Reduced cost G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 2

  3. Storage Interfaces Direct virtual disk access through block interface + Isolation, snapshoting, versioning, migration + Heterogeneous clients — Semantic loss hardens consistency, sharing, manageability — Reduced performance due to layering and FS nesting Direct filesystem sharing through file interface + Isolation, snapshoting, versioning, migration + Semantic awareness: sharing, consistency, manageability + Elimination of layering and nesting: increased performance — Complicates support for heterogeneous clients G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 3

  4. Storage Multitenancy Goal • Storage infrastructure shared among different tenants Requirements • Scalability: Support enormous number of end users • Isolation: Isolate the user identities and access control of different tenants • Sharing: Flexible data sharing within or between tenants • Compatibility: Compatibility with existing applications • Manageability: Flexible resource management Research focus • Efficient and secure multitenancy in VM filesystems G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 4

  5. Ceph Storage A distributed and unified storage platform • Everything is stored in the form of objects • Scalable, no single point of failure, software-based, flexible Ceph object store (RADOS) • A reliable, distributed, autonomous object store Storage interfaces: • Direct access through librados • Object-level (RADOSGW): HTTP REST gateway • Block-level (RBD): A reliable and distributed block device • File-level (CEPHFS): A POSIX-compliant distributed FS G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 5

  6. Ceph FS Client Auth Auth Auth OSD MDS MON OSD Ceph Storage Cluster A distributed object-based filesystem • Parallelization of file I/O • Elimination of the potential metadata bottleneck Separate management of file metadata and data • Metadata managed by Metadata Servers (MDS) • Data managed by Data Servers (OSD) G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 6

  7. Metadata Server Goal • Create filesystem hierarchy on top of objects • Manage metadata: hierarchy, permissions, timestamps, etc. Metadata is stored in RADOS • Inodes are embedded inside folders • Folders are stored as single objects or as multiple fragments ID: 75 ID: 76 /etc crontab 101 anacron 175 cron.d 102 … mdadm 106 crontab cron.d group group 103 … anacron mdadm dentry inode Object G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 7

  8. Metadata Server Metadata caching and failure recovery • Recently updated metadata is cached • The MDS journals metadata updates for failure recovery Other features • High availability: Multiple standby MDSs • Scalability: Multiple active MDSs, subtree partitioning G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 8

  9. Data Server Stores file data and metadata in object-form • Objects: files with identifier, binary data, object metadata OBJ OBJ OBJ OBJ OBJ Multiple active OSDs • Scalability Placement Group 1 Placement Group 2 • Fault tolerance OSD1 OSD2 OSD3 Data placement • CRUSH maps objects to PGs and PGs to OSDs • PGs are logically grouped into pools • Clients run the CRUSH algorithm themselves G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 9

  10. Monitor Maintains the state of the cluster • The state is maintained into the cluster map • Clients check in periodically to obtain a fresh map copy Cluster map • Composition of: MON map, MDS map, OSD map, CRUSH map • The maps track the state of the servers, PGs, storage, etc. • The cluster map gets updated each time the state changes Monitor quorum • Consensus about the cluster map is established with Paxos • An odd number of monitors is required G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 10

  11. Client Provides Access to the filesystem • Linux kernel client • FUSE client Clients calculate the final position of an object • First step: calculate object id (OID) OID: INODE number, object fragment number • Second step: choose a Placement Group inside a pool PG: hash of OID, total number of PGs, pool number • Third step: choose the OSDs to store the object List of OSDs: Run CRUSH to map the PG to OSDs G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 11

  12. Access control (1) Authorization Request Client MDS (2) Capability OSD OSD Access control decisions happen at the MDS • The MDS authorizes a request and provides capabilities to clients • The clients present the capabilities to OSDs • The OSDs validate the capabilities G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 12

  13. Motivation UID: 1050 UID: 1100 Problem of multitenancy GID: 1000 GID: 1000 UID: 1000 UID: 1000 • Shared FS namespace TENANT N TENANT 1 Shared File System • Crosstalk between tenants • Complicated security UID: 2000 GID: 1000 UID: 1000 FS NATIVE USERS Native multitenancy at the filesystem level • Clean way to isolate multiple tenants • Shared hardware, operating system, fileservers • Configurable isolation, sharing, performance, manageability G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 13

  14. Prior approaches Centralized • The principals’ identities of all tenants centrally maintained — Poor scalability, isolation and manageability Peer-to-peer • The principals of each tenant managed locally • Tenants communicate to publicize their principals’ identities — Overhead to periodically synchronize the tenants Mapping • Local principal IDs mapped to global unique IDs — Mapping overhead, sharing complications, security violations G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 14

  15. The Dike Approach Hierarchical identification and authentication • The tenants manage their principals • The provider manages the tenants Native multitenant authorization • Separate ACLs per tenant and provider • Namespace isolation through filesystem views Efficient permission management and storage • Shared common permissions • Inheritance of permissions G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 15

  16. Identification Filesystem Filesystem Clients Authentication Clients Authentication Service Server Tenant Tenant Authentication Authentication Server Server OSD OSD MDS Users 1 Users N FILESYSTEM SERVERS TENANT 1 TENANT N Principals • Tenant principals: Use/manage tenant resources • Native FS principals: Manage the FS Tenant Authentication Server (TAS) • Certifies local clients and principals Filesystem Authentication Server (FAS) • Certifies filesystem services, tenants, native principals G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 16

  17. Authentication Tenant principals Metadata ticket Tenant TENANTS Authentication Server • Securely specifies tenant principal (3) Request • Provides access to MDS Clients (2) Connect Data ticket (7) Data (8) Data ticket • Securely specifies tenant principal MDS and permissions OSD OSD PROVIDER Authenticate • Provides access to OSDs Filesystem Authentication Server Native principals (1) Principal authenticated by TAS (5) Client contacts MDS Steps (6) MDS issues Data ticket (2) Principal requests FS access (3) Client contacts TAS (7) Client contacts OSD (4) Client receives Metadata ticket (8) Client accesses data G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 17

  18. Authorization TENANT 1 Access control isolation Client • Separate ACLs per tenant, provider Authorization Metadata • Metadata accessible through views Request Ticket MDS Filesystem view Tenant 1 Policy Authorization • Used by native principals to Tenant 1 Policy Data Ticket Tenant 2 Policy Decision Tenant 2 Policy manage tenants ... ... ... ... Tenant N Policy Tenant N Policy Tenant view Per file access policy • Used by tenants to access or manage tenant resources File sharing • Private to a principal • Shared across principals of one or more tenants G. Kappes, Department of Computer Science & Engineering, University of Ioannina, Greece 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

This time we'll talk about filesystems. We'll start out by looking at disk partitions, which are

This time we'll talk about filesystems. We'll start out by looking at disk partitions, which are

Linux System Administration SSU: Disks and Filesystems 1 This time we'll talk about filesystems. We'll start out by looking at disk partitions, which are the traditional places to put filesystems. Then we'll take a look at logical

711 views • 58 slides
Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Moreno Baricevic Gilberto Daz Axel Kohlmeyer Stefano Cozzini ULA ICTP CNR-IOM DEMOCRITOS Merida, VENEZUELA Trieste, ITALY Trieste, ITALY Introduction Introduction to storage and to storage and filesystems filesystems Introduction

1.19k views • 51 slides
681 Florida St Considerations for multitenant arts use What is Nonprofit Shared Space? 2+

681 Florida St Considerations for multitenant arts use What is Nonprofit Shared Space? 2+

681 Florida St Considerations for multitenant arts use What is Nonprofit Shared Space? 2+ organizations at a physical site Reduced cost Often Sometimes to Below market and/or higher distinguished centralize a set or stabilized

427 views • 27 slides
Hard State Revisited: Network Filesystems Hard State Revisited: Network Filesystems Jeff Chase

Hard State Revisited: Network Filesystems Hard State Revisited: Network Filesystems Jeff Chase

Hard State Revisited: Network Filesystems Hard State Revisited: Network Filesystems Jeff Chase CPS 212, Fall 2000 Network File System (NFS) Network File System (NFS) server client syscall layer user programs VFS syscall layer NFS VFS

430 views • 29 slides
Block Devices, Filesystems And Block Layer Alignment Christoph Anton Mitterer

Block Devices, Filesystems And Block Layer Alignment Christoph Anton Mitterer

. DCACHE WORKSHOP DEUTSCHES ELEKTRONEN-SYNCHROTRON DESY ZEUTHEN April 19, 2012 Block Devices, Filesystems And Block Layer Alignment Christoph Anton Mitterer christoph.anton.mitterer@lmu.de BLOCK DEVICES, FILESYSTEMS AND BLOCK LAYER

843 views • 45 slides
I/O 2 / Filesystems 1 1 Changelog Changes made in this version not seen in fjrst lecture: 13

I/O 2 / Filesystems 1 1 Changelog Changes made in this version not seen in fjrst lecture: 13

I/O 2 / Filesystems 1 1 Changelog Changes made in this version not seen in fjrst lecture: 13 November: Correct cluster number on FAT directory entry slide. 1 last time page replacement modifjcations for scanning Linux: guess fjle pages used

2.03k views • 95 slides
A Collaborative Monitoring Mechanism for Making a Multitenant Platform Accountable Chen Wang

A Collaborative Monitoring Mechanism for Making a Multitenant Platform Accountable Chen Wang

A Collaborative Monitoring Mechanism for Making a Multitenant Platform Accountable Chen Wang Ying Zhou CSIRO ICT Centre The University of Sydney Australia Australia chen.wang@csiro.au ying.zhou@sydney.edu.au Service Level Agreement (SLA)

1.3k views • 22 slides
HPC Filesystems Today Whats Working and Opportunities to Improve May 15 2017 Ned Bass

HPC Filesystems Today Whats Working and Opportunities to Improve May 15 2017 Ned Bass

HPC Filesystems Today Whats Working and Opportunities to Improve May 15 2017 Ned Bass Dagstuhl Seminar 17202 This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under

651 views • 7 slides
Filesystems CC BY-SA 2015 Nate Levesque What is a filesystem? How your operating system stores

Filesystems CC BY-SA 2015 Nate Levesque What is a filesystem? How your operating system stores

Filesystems CC BY-SA 2015 Nate Levesque What is a filesystem? How your operating system stores files and directories on disk Often provides some useful features in addition to just deciding how data gets organized on your hard drive

749 views • 33 slides
ShieldFS: The Last Word in Ransomware Resilient Filesystems Andrea Continella , Alessandro

ShieldFS: The Last Word in Ransomware Resilient Filesystems Andrea Continella , Alessandro

ShieldFS: The Last Word in Ransomware Resilient Filesystems Andrea Continella , Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, Federico Maggi * US patent pending 2016-17 the "years of

976 views • 81 slides
Taming Metadata Storms in Parallel Filesystems with MetaFS Tim Shaffer Motivation A

Taming Metadata Storms in Parallel Filesystems with MetaFS Tim Shaffer Motivation A

Taming Metadata Storms in Parallel Filesystems with MetaFS Tim Shaffer Motivation A (well-meaning) user tried to run a bioinformatics pipeline to analyze a batch of genomic data. MAKER 2 Motivation Shared filesystem performance became

507 views • 35 slides
Filesystems and I/O Balance on the NERSC T3E Tina Butler, NERSC Systems Group This work was

Filesystems and I/O Balance on the NERSC T3E Tina Butler, NERSC Systems Group This work was

N ATIONAL E NERGY R ESEARCH S CIENTIFIC C OMPUTING C ENTE R Filesystems and I/O Balance on the NERSC T3E Tina Butler, NERSC Systems Group This work was supported by the Director, Office of Advanced Scientific Computing Research, Division of

479 views • 21 slides
Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c https://www.mediapost.com/publications/article/312409/from-cyber-monday-to-cyber-month-the-broadening-o.html Amazon Holiday Traf fi c This is only a 12-day outlook! The peak is likely much

695 views • 38 slides
Data Management Parallel Filesystems Dr David Henty HPC Training and Support

Data Management Parallel Filesystems Dr David Henty HPC Training and Support

Data Management Parallel Filesystems Dr David Henty HPC Training and Support d.henty@epcc.ed.ac.uk +44 131 650 5960 Overview Lecture will cover Why is IO difficult Why is parallel IO even worse Lustre GPFS Performance

496 views • 25 slides
Formalising Filesystems in the ACL2 Theorem Prover An Application To FAT32 Mihir Mehta

Formalising Filesystems in the ACL2 Theorem Prover An Application To FAT32 Mihir Mehta

Formalising Filesystems in the ACL2 Theorem Prover An Application To FAT32 Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 05 November, 2018 1/25 Why filesystem verification matters

486 views • 25 slides
I/O / Filesystems 1 1 last time when LRU fails special-case for single-access fjle data

I/O / Filesystems 1 1 last time when LRU fails special-case for single-access fjle data

I/O / Filesystems 1 1 last time when LRU fails special-case for single-access fjle data readahead handle scans by predicting reads device driver halfs top: from system call, use bufger, request data, wait for data bottom: from interrupt,

1.13k views • 84 slides
ECONOMY 2019 ECONOMIC IMPACT REPORT Photo By: Bill Monaghan 41/32/5 Southeastern PA is the

ECONOMY 2019 ECONOMIC IMPACT REPORT Photo By: Bill Monaghan 41/32/5 Southeastern PA is the

DRIVES THE ECONOMY 2019 ECONOMIC IMPACT REPORT Photo By: Bill Monaghan 41/32/5 Southeastern PA is the Commonwealths key economic engine. THE FIVE COUNTIES GENERATE 41% OF STATES ECONOMIC ACTIVITY WITH 32% OF ITS POPULATION ON 5% OF ITS

606 views • 31 slides
Concurrency www.thoughts-on-java.org Databases try to isolate concurrent transactions

Concurrency www.thoughts-on-java.org Databases try to isolate concurrent transactions

Concurrency www.thoughts-on-java.org Databases try to isolate concurrent transactions Concurrency Mechanism and isolation levels are database specific Hibernate inherits concurrency control from the database Uses database features

232 views • 7 slides
Correlation in Extensive-Form Games: Saddle-Point Formulation and Benchmarks Gabriele Farina 1

Correlation in Extensive-Form Games: Saddle-Point Formulation and Benchmarks Gabriele Farina 1

Correlation in Extensive-Form Games: Saddle-Point Formulation and Benchmarks Gabriele Farina 1 Chun Kai Ling 1 Fei Fang 2 Tuomas Sandholm 1,3,4,5 1 Computer Science Department, Carnegie Mellon University 2 Institute for Software Research, Carnegie

2.22k views • 30 slides
Supersymmetry Search Supersymmetry Search in Trilepton in Trilepton Final States Final States

Supersymmetry Search Supersymmetry Search in Trilepton in Trilepton Final States Final States

Supersymmetry Search Supersymmetry Search in Trilepton in Trilepton Final States Final States at ATLAS: at ATLAS: Backgrounds from Secondary Leptons Backgrounds from Secondary Leptons from from b-Decays -Decays and Systematic

420 views • 30 slides
Performance Isolation in Xen Diwaker Gupta (UC San Diego) Lucy Cherkasova (HP Labs) Rob Gardner

Performance Isolation in Xen Diwaker Gupta (UC San Diego) Lucy Cherkasova (HP Labs) Rob Gardner

Performance Isolation in Xen Diwaker Gupta (UC San Diego) Lucy Cherkasova (HP Labs) Rob Gardner (HP Labs) Amin Vahdat (UC San Diego) Outline Background and Motivation Controlling aggregate CPU consumption QoS in the driver domain

564 views • 28 slides
NMR Spectral Assignment and Structural Calculations Lucia Banci CERM University of Florence

NMR Spectral Assignment and Structural Calculations Lucia Banci CERM University of Florence

NMR Spectral Assignment and Structural Calculations Lucia Banci CERM University of Florence Structure determination through NMR Protein Sample NMR spectroscopy Sequential resonance assignment Collection of conformational constraints 3D

875 views • 54 slides
Lecture 5: Morphology Kai-Wei Chang CS @ University of Virginia kw@kwchang.net Couse webpage:

Lecture 5: Morphology Kai-Wei Chang CS @ University of Virginia kw@kwchang.net Couse webpage:

Lecture 5: Morphology Kai-Wei Chang CS @ University of Virginia kw@kwchang.net Couse webpage: http://kwchang.net/teaching/NLP16 6501 Natural Language Processing 1 This lecture v What is the structure of words? v Can we build an analyzer to

327 views • 31 slides
PROTEIN SYNTHESIS RNA (ribonucleic acid) 3 types RNA DIFFERENCES 1. messenger RNA (mRNA)

PROTEIN SYNTHESIS RNA (ribonucleic acid) 3 types RNA DIFFERENCES 1. messenger RNA (mRNA)

2/18/2013 Central Dogma of Biology PROTEIN SYNTHESIS RNA (ribonucleic acid) 3 types RNA DIFFERENCES 1. messenger RNA (mRNA) single uncoiled long strand DNA RNA - transmits DNA info ribose sugar deoxyribose during protein synthesis

81 views • 4 slides

More recommend