Home > IEEE Papers > A Case For Grid Computing On Virtual Machines

A Case For Grid Computing On Virtual Machines

A Case For Grid Computing On Virtual Machines

Authors: Renato J. Figueiredo, Peter A. Dinda, Jose A. B. Fortes

Proceedings of the 23rd International Conference on Distributed Computing Systems (ICDCS’03)


We advocate a novel approach to grid computing that is based on a combination of “classic” operating system level virtual machines (VMs) and middleware mechanisms to manage VMs in a distributed environment. The abstraction is that of dynamically instantiated and mobile VMs that are a combination of traditional OS processes (the VM moitors) and files (the VM state). We give qualitative arguments that justify our approach in terms of security, isolation, customization, legacy support and resource control, and we show quantitative results that demonstrate the feasibility of our approach from a performance perspective. Finally, we describe the middleware challenges implied by the approach and an architecture for grid computing using virtual machines.

Essential matter:

The Grid middleware solutions are implemented as an operating system users. This has some limitations of traditional user account model in conflicting with administrative domain boundaries. Implementing security mechanism for integrity of Grid resources from untrusted, and legacy code running on general purpose OS having multiplexing at this level(operating system user) is somewhat sloppy.

Figueiredo et al. proposes to fundamentally change the way grid computing is performed by raising the level of abstraction from that of the operating system user to that of the operating system virtual machine or VM. This addresses three fundamental issues:

  • support for legacy applications,
  • security against untrusted code and users
  • computation deployment independently of site administration.

Virtual machine presents a raw image to each user, and this mechanism is powerful because users become decoupled from

  • system Software and resource
  • other user sharing the resource

also it ensures that untrusted application can only access OS of virtual machine. Another advantage of this mechanism is that we can migrate running VMs to appropriate resources.

Section 2. (summarizing advantages and quatifying VM technology for computation-intensive benchmarking)

Note: Virtual Machines can be divided into two categories: ISA-VM (Instruction Set Architecture), ABI-VM(Application Binary Intruction) with virtualization of System calls.

A classic virtual machine abstraction allows for great flexibility in support of multiple OS and is the focus of this paper. Unlike conventional OS, classic VMs allow dynamic multiplexing of Users onto physical resources at granularity of single user per OS session, so this support the user-wise VM configuration and isolation from other users sharing same physical resource.

Security and Isolation:

  • Threat: Integrity of resources can be compromised by malicious users codes running on Grid , in a same way integrity of the computation may be compromised by malicious resource.

Classic VMs achieve stronger software security than multiprogrammed OS user approach. In a scenario where grid users have access to classic VMs, it is more difficult for malicious users to attack as he/she have to break two level of security VMM and the OS.


VMs can be highly customizable without requiring system restart i.e. changing virtual hardware parameters such as memory and disk sizes. In grid environment it becomes possible to offer VM that satisfy user requirements from a pool of physical machines.

Administrator privileges:

In typical shared multiprogrammed system, system operations are reserved to privileged user-administrator. Malicious users are barred from unauthorized access to the resources like disk by using “mount” and accessing the remote data, but this can be compromised if malicious user somehow gain privilege of administrator.

Where as in classic VMs administrative privilege can be given to Grid application, and its malicious activity will remain confined to VM only, and each grid user can have its own VM.

Resource control:

Dynamic resource control is important in Grid. First it allows a provider to limit the impact that a remote user may have on resources available for a local user. Secondly, accounting for the resource usage.

Site Independence:

A virtual machine can be instantiated on any resources that are sufficiently powerful to support it because it is not tied to particular physical resources. Furthermore, a running virtual machine can be suspended and resumed, providing a mechanism to migrate a running machine from resource to resource.

Performance consideration:

The Overall overhead incurred by VMs thus depends on systemcharacteristics, including the processor’s ISA, the VMM architecture and implemtation, and the type of workload running in the system. Qualitative analysis is beyond scope of paper, and the quantitative analysis of the implementation can be obtained, here in paper they have focused on the performance of a VM instance for compute-intensive scientific applications.

Section 3. (Middleware Challengesof this approach)

Virtual machine monitors are readily available, it is certainly possible to deploy VMs atatic computing units with existing grid middleware running within them. However this abstraction layer is fully exploited when VMs are initiated and managed dynamically.

  • Data management: This involves transfer of VM images so that it can be instantiated anywhere and migrated when necessary, and support for location-independent access to user files.  The components of a VM session are distributed across three different logical entities : image servers(schiving static VM states), computation servers(capable of instantiating VM images dynamically), data servers(capability of storing data). VM state information needs to be transferred from an image server to a VM host where it is instantiated, and from data server to VM guest where it is processed.

    VM image and data management via virtual file systems. Users A and B are multiplexed onto the server V via two instances of Red Hat 7.2 virtual machines. Client-side VFS proxies at the host V cache VM state from image servers (e.g. server I), while proxies within virtual machines cache user blocks from a data server D.

  • High Performance data transfers: Globus employs File staging techniques, it requires the users to specify files require and to be transferred, and also it can transfer whole file when they are opened. Condor uses on-demand transfer. PUNCH virtual file system(PVFS) supports on-demand block transfers with performance within 1% of the underlying NFS file system. VM naturally supports logical user account abstraction because dedicated VM guests can be assigned on a per-user basis, and user identities within a VM guest are completely decoupled from the identities of its VM host.
  • Image Management: The state associated with a static VM image is usually larger than the working set that is associated with a dynamic VM instance. The transfer of entire VM states can lead to unnecessary traffic due to the copying of unused data. On-demand transfers are therefore desirable. In addition, in the common case, large parts of VM images canshared by multiple readers (e.g. a master static Linux virtual system disk can be shared by multiple dynamic instances, as in Figure above). Read-only sharing patterns can be exploited by proxy-based virtual file systems, for example by implementing a proxy-controlled disk cache that acts as a second-level cache to the kernel’s file buffers.
  • User and application data management: Proxy based virtual file system approach for efficient, location-transparent, on-demand access to user and application data.
  • Virtual machine migration: Combining image management, user and  application data management, and check-pointing,a VM-based grid deployment can support the seamless migration of entire computing environments to different Virtualized servers while keeping remote data connections are active.

Resource management: Virtual machines provide a powerful new layer of abstraction in distributed computing environments, one that creates new opportunities and challenges for scheduling and resource management. Intriguingly, this is true both from the perspective of resources “looking up” at applications and applications “looking down” at resources.

  • Resource perspective:  Virtual machines, on the other hand, are straightforward—the user gets a ”raw” machine on which he/she can run whatever he pleases. The resource owner in turn sees a single entity to schedule onto his/her resources. Other mechanisms for providing such fine-grain control, they impose particular systems software interfaces or computational models on the user.  The focus is on the problem of scheduling virtual machines on the host operating system. For example, the resource owner’s constraints and the constraints of the virtual machines that the users require could be compiled the into a real-time schedule, mapping each virtual machine into one or more periodic real-time tasks on the underlying host operating system.
  • Application perspective: To achieve appropriate performance on distributed computing environments, applications typically have to adapt to the static and dynamic properties of the available resources. Virtual machines make this process simpler in some respects by allowing the application to bring its preferred execution environment along with it. However, complexity is introduced in other respects. First, virtual machines are themselves a new resource, increasing the pool of resources to be considered. Second, virtual machines represent collections of shares in the underlying physical resources.Virtual Networking:
  • The integration of a dynamically created VM to the network is dependent upon the policies implemented in the site hosts the (physical) VM server. With respect to these policies, two scenarios can arise.
    1. The VM host has provisions for IP addresses that can be given out to dynamic VM instances. For instance, a CPU farm may provide the capability of instantiating full-blown virtual back-ends as a service. In this scenario, the VM may obtain an IP address dynamically from the host’s network (e.g. via DHCP), which can then be used by the middleware to reference the VM for the duration of a session.
    2. The VM host does not provide IP addresses to VM instances. In this scenario, network virtualization techniques — similar to VPNs — may be applied to assign a network identity to the VM at the user’s (client) site. The simplest approach is to tunnel traffic, at the Ethernet level, between the remote virtual machine and the local network of the user. For example, if we used SSH to start the machine, we could use the SSH tunneling features.

Architecture: In this architecture, the nodes of a virtual computational grid support, in addition to virtual machine monitors, a set of tools that limit the share of resources that the virtual machines are permitted to use, grid middleware such as Globus (and SSH) for instantiating machines, and resource monitoring software such as RPS. Virtual machine instances or the capability for instantiating virtual machines (VM futures) are advertised via a grid information service such as Globus MDS or URGIS. Virtual file systems give all nodes access to currently stored VM images. User accounts, implemented as Globus accounts or SSH keys, allow users only to instantiate and store virtual machines.

  • A user X (or grid middleware F on their behalf) first  consults an information service, querying for a VM future (a physical machine able to instantiate a dynamic VM) P that meets their needs. If necessary, X also consults an information service to query for a VM image server I with a base O/S installation that meets their application needs. Alternatively, users may provide VM images of their own (e.g. a customized O/S installation)
  • The middleware then establishes a data session between the physical server P and the image server I to allow for the instantiation of a dynamic VM. This data connection can be established via explicit transfers (e.g. GridFTP) or via implicit, on-demand transfers.
  • Once the data session for image I is established, the user can negotiate with the physical machine the startup of a VM instance Vi (e.g. using Globus GRAM or SSH). The virtual machine Vi may start from a preboot (cold) state, or from a post-boot (warm) state stored as part of the image. In addition, upon startup, the VM is assigned an IP address (via DHCP, or by connecting to a virtual network).
  • Once the VM instance Vi is running and on the network, additional data sessions are established. These connect the O/S within Vi to application server A and to the user’s data server D. As previously, these sessions can be realized with explicit or implicit transfers.
  • The application executes in the virtual machine; if it is an interactive application, a handle is provided back to the user (e.g. a login session, or a virtual display session such as VNC).

Classic virtual machines support a grid computing abstraction where computation becomes decoupled from the underlying physical resources. In this model, entire computing environments can be represented as data (a large state) and physical machines can be represented as resources for instantiating data. This powerful abstraction simplifies addressing many issues in grid computing and provides a new layer at which to work. The authors illustrates the middleware challenges that must be overcome to build grid computing on top of virtual machine monitors and described how we are addressing those challenges.  Figueiredo et al. provide the description of software architecture and its integration with existing middleware to support a VM-based infrastructure for computational grids, and provides necessary resources to the services layer.

Categories: IEEE Papers
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: