proactive infrastructure: the ninja service platform
DESCRIPTION
Proactive Infrastructure: The Ninja Service Platform. David Culler , Eric Brewer , Anthony Joseph & Randy Katz UC Berkeley ninja.cs.berkeley.edu. Server. Client. Scalable Internet Services - millions of clients - always up. Infomation appliances. - PowerPoint PPT PresentationTRANSCRIPT
Proactive Infrastructure:Proactive Infrastructure:The Ninja Service Platform The Ninja Service Platform
David Culler, Eric Brewer, Anthony Joseph & Randy Katz
UC Berkeley
ninja.cs.berkeley.edu
Moving Away from the ‘average’ Device
ScalableInternet Services - millions of clients - always up
Infomationappliances
Client
Server
Core Questions
• Scalable, Highly Available Services => well-Scalable, Highly Available Services => well-engineered, well- maintained and relatively engineered, well- maintained and relatively centralized platformscentralized platforms – How do we preserve the distributed innovation of the
personal computer era in a service-centric world
• Emerging devices are diverse and highly Emerging devices are diverse and highly constrainedconstrained– How do we deliver powerful services on small devices?
=> Push services into an Active infrastructure=> Push services into an Active infrastructure
Ninja Project Goals
• Enable a service-centric world (rather than applications)Enable a service-centric world (rather than applications)– Move applications into the core of the network
• Robust infrastructure for services:Robust infrastructure for services:– Scalable, highly available, and persistent
– Customizable: enable personal preferences (and code!)
– Support a wide-range of devices: pagers to PCs
– Easy to author despite these challenges
• Universal framework for constructing and deploying servicesUniversal framework for constructing and deploying services– Programming model and execution environment for scalable services
– Authentication and pay-per-use services
– Automatic discovery, composition and use of sub-services
Ex: Personal Information Management
Voice Mail store Laptop (VAT)
Univ-InboxService
E-Mail store
DirectoryServer1
AP1
AP2
AP3
AP4
GSM
AP5
IP Core NetworkPSTN
DirectoryServern
• Users (will) have lots of (new) end devices• Each device has its own address, capabilities, etc.• Universal Inbox gives users control over how info reaches them• Transcoders adapt content to end device
Example: Ninja Jukebox
CD “ripper”service
CDDBservice
iSpace
Fetches track/title & artist information from an online DB.
1
iSpace
Music Directoryservice
HTTPdservice
Pushes an index of locally available songs to the master directory.
2
WWW Browser
Web page with song playlists
3
.au/.mp3 player
Music stream (.au or .mp3)
4
Example: Millennium Cluster
• Large-Scale Campus-wide TestbedLarge-Scale Campus-wide Testbed• Management by ServicesManagement by Services
– push monitoring service into nodes
– clusterview service logs, aggregates, manages
• Resource allocation by market servicesResource allocation by market services– banks, brokers, merchants
Cell PhonesPDAs Future Devices
Wireless DesktopPCs
Servers
Clusters
Massive Cluster
Gigabit Ethernet
Traditional Internet Service
DATEK(Trust Contract)Trusted
Clienthttps
Infrastructure Services: Embedded Untrusted Interface
Key Store
DATEK(Trust Contract)Trusted
Clienthttps
Content Filter(pseudonym)
sRMI
NINJA Infrastructure Services
EmbededUntrusted
Client
https
Example: One Time Passwd to pseudo-service
• Cannot increasing the security level of the communications Cannot increasing the security level of the communications channel so decrease the value of the content.channel so decrease the value of the content.
Constrained Personal Info Appliance - Untrusted Gateway
Key Store
DATEK(Trust Contract)Trusted
Client
Content Filter(pseudonym)
https
EmbededUntrusted
Client
https
sRMIPersonalAppl
CF
NINJA
GWY RMIPXY ST
Example: Minimal Trader
• Shared secret between Shared secret between user and keystoreuser and keystore
• keystore maps to service keystore maps to service identity / authenticationidentity / authentication
• Content filter transcodes Content filter transcodes to very concise info to to very concise info to pilotpilot
Uniform Access to Diverse Services
Key Store
RMIPXY
DATEK(Trust Contract)Trusted
Client
Content Filter(pseudonym)
https
EmbededUntrusted
Client
https
sRMIPersonalAppl GWY
CF
NINJA
Trade-R-usTrade-R-us
ST
Automated “Clients”, ...
Key Store
RMIPXY
DATEK(Trust Contract)Trusted
Client
Content Filter(pseudonym)
https
EmbededUntrusted
Client
https
sRMIPersonalAppl GWY
CF
NINJA
Trade-R-usTrade-R-us
BOT svc
ST
Requirements Summary
• Utility: scalable, highly available, reliableUtility: scalable, highly available, reliable• Support for persistent dataSupport for persistent data• Support for streams, not just RPCSupport for streams, not just RPC• Support for automatic data transformationSupport for automatic data transformation• Support for fine-grain authentication and paymentSupport for fine-grain authentication and payment
The Ninja architecture addresses theseThe Ninja architecture addresses these
What is a Service?• ServiceService
– Highly available program (or cooperating programs)• fixed interface at a fixed location (lives in the infrastructure)
• guarantees about performance, availability, consistency
– Strongly typed interface• Multiple services of a given type compete
• Compete on location, price, robustness, “quality”, brand name
• Service Discovery Service (SDS)Service Discovery Service (SDS)– Find “best” service of given type
• current approach based on weighted statistical matching
– Construct a “path” from client to service
• Bases (1M’s)Bases (1M’s)– scalable, highly available– persistent state (safe)– databases, agents– “home” base per user– service programming environment
Wide-Area Path
• Active Proxies (100M’s)Active Proxies (100M’s)– not packet routers – bootstrap thin devices into
infrastructure– soft-state and well-connected
• Units (1B’s)Units (1B’s)– sensors / actuators– PDAs / smartphones / PCs– heterogeneous– Minimal functionality: “Smart Clients”
Impose Structure to Simplify
Bases
• A physical, administrative, and logical boundaryA physical, administrative, and logical boundary– a collection of machines geographically co-located
– administrative guarantees: no network partitions (!), constant power supply, trust within the Base
• Base platform simplifies authoring of servicesBase platform simplifies authoring of services– cluster primitives
• task execution, naming, and monitoring
• load balancing, failure detection, and restart
– persistent data primitives and guarantees• distributed, available data structures
• Hides service implementation from rest of worldHides service implementation from rest of world– granularity of services is at cluster level, not node level
Base Implementation
• iSpace: the building block of a BaseiSpace: the building block of a Base– receptive execution environment
– intra-Base primitives (stub generation, persistent data repository, etc.)
• Multispace: cluster-wide naming and resource mgmtMultispace: cluster-wide naming and resource mgmt
iSpace
SAN
Multispace cluster
iSpace iSpace iSpace
JVM provides code mobility and service upload capability, plus strong typing of service interfaces. Added distributed hash table API (think Linda space) to JRE.
Ground up re-implementation of Sun RMI. Includes authenticated, secure RMI, multicast RMI, and soon, AM-RMI and VIA-RMI.
Name service, RMI stub registry, and service control API:
• LoadService (URL)• interf.[ ]=ListServices• stub=GetService(name)• KillService(name)
KillService semantics unclear… objects vs threads?
Sandbox that contains untrusted, uploaded services. Currently just the JRE’s standard appletSecurityMgr
Service is an interface, plus objects that implement that interface.
Tru
sted
Serv
ices
Ninja RMI
iSpace Execution Environment
JVM + persistent store APIs
Security Mgr Loa
der
UntrustedServices
iSpace
Multispace
iSpace
Multispaceservices
Mul
tisp
ace
Loa
der
• RMI “Redirector Stubs” assembledRMI “Redirector Stubs” assembled– run-time compiled RMI superstub
– contains all of a service’s instance’s stubs
– stub selection policy• fail-over, broadcast, multicast, fork, etc.
– currently, idempotency and atomicity required of service instances
1
2
3
Services names are at the granularity of the entire cluster, not individual nodes.
Distributed Data Structures
• Solve the state management problem once and Solve the state management problem once and provide high-level abstractions to service authorsprovide high-level abstractions to service authors– Hypothesis: given a set of highly-available, scalable,
persistent data structures, persistent BASE services will be much easier to construct
• Example data structures:Example data structures:– append/truncate-only LogLog
• system logging, generational mailstore, undo/redo logs, etc.
– Hash tableHash table• web cache, search index/data, mint accounts, etc.• consistent, persistent, and highly available
– Tree Tree // Trie Trie // Treap Treap
Active Proxy
• Local execution environment (interchangeable)Local execution environment (interchangeable)• No support for persistent data (soft state)No support for persistent data (soft state)• Runs an iSpace but not a MultiSpaceRuns an iSpace but not a MultiSpace• Bootstraps small devices into the infrastructureBootstraps small devices into the infrastructure
– could run Jini or other local discovery mechanisms
– could be in a home or basestation
– performs resource discovery and path creation for the device
– typically well connected (while device is not)
Fast Communication and I/O in Java
• Scalable Ninja services need full Scalable Ninja services need full capabilities of Base devicescapabilities of Base devices– fast SAN, IO rivers
• JNI overhead too largeJNI overhead too large– can violate type safety– chokes JVM
• JDI by JIT interpositioningJDI by JIT interpositioning– intelligent devices reflected as Java
objects– JIT interprets operations on devices– data buffers bypass JVM– ex: Java AM over VIA on Myrinet
JVM JDI?
Scalable SVC
Proc Intelligentdevices
Streamingdata
Status
• Several services running all the timeSeveral services running all the time
• Release 1.0 now availableRelease 1.0 now available– contact info: ninja.cs.berkeley.edu– Includes:
• NinjaRMI, including authentication• iSpace/MultiSpace infrastructure• SDS (soon)• Several example services, including Ninja Jukebox
• Active current focus:Active current focus:– driving applications: e-mail, group calendar– service discovery & path creation– Java I/O and fast communication– cluster-wide data structures
Existing Applications
• Ninja "NOW Jukebox"Ninja "NOW Jukebox"– Harnesses Berkeley Network of Workstations
– Plays real-time MPEG-3 audio served from 110+ CD's worth of music
• Voice-enabled room controlVoice-enabled room control– Speech-to-text Operators control room services (camera, lights, microphone)
– Integration with GSM cell phones and PDA-based UI (soon)
• Stock Trading ServiceStock Trading Service– Accesses real-time stock data from Internet
– Programmatic interface to buy/sell/trade stocks through online brokerage
• NinjaFAXNinjaFAX– Programmable remotely-accessed FAX machine service
– Send/receive FAXes; authentication used for access control
• Keiretsu: The Ninja Pager ServiceKeiretsu: The Ninja Pager Service– Provides instant messaging service via Web, 1/2-way pagers, WorkPads, etc.
Coming Applications
• Universal InboxUniversal Inbox– e-mail, FAX, pager, voicemail accessible anywhere
– persistent data (yes we will use it!)
• Infrastructure-based group calendarInfrastructure-based group calendar– handles both web and PDA access
– supports disconnected operation
• Universal RemoteUniversal Remote– multiple-UI control of household/room devices
– automatic UI generation
• Ecash MintEcash Mint– Authenticated service to act as digital secure cash mint
– Enable real pay-per-use services (e.g. Coke machine)
Ninja Requirements Summary• Utility: scalable, highly available, reliableUtility: scalable, highly available, reliable
– Base, MultiSpace, Smart Client, NinjaRMI, and mobile code
– Architecture for easy development/deployment of services
• Support for persistent dataSupport for persistent data– Base and persistent hash tables
• Support for streams, not just RPCSupport for streams, not just RPC– Operators and wide-area paths
• Support for automatic data transformationSupport for automatic data transformation– Wide-area paths: Strong typing & Automatic Path Creation
– Span spectrum of end-user devices dynamically
• Support for fine-grain authentication and paymentSupport for fine-grain authentication and payment– Authenticated and pay-per-use services
To Read More
• http://ninja.cs.berkeley.eduhttp://ninja.cs.berkeley.edu• The MultiSpace: an Evolutionary Platform for The MultiSpace: an Evolutionary Platform for
Infrastructural Services, S. Gribble, Welsh, Brewer, and Infrastructural Services, S. Gribble, Welsh, Brewer, and Culler. 1999 Usenix Annual Technical Conference.Culler. 1999 Usenix Annual Technical Conference.
• An Architecture for a Secure Service Discovery Service, An Architecture for a Secure Service Discovery Service, Czerwinski, Zhao, Hodes, Joseph, and Katz., MobiCom '99Czerwinski, Zhao, Hodes, Joseph, and Katz., MobiCom '99