June 13, 2013

Examining Questions of Virtualization and Security in the Cloud

Ian Armas Foster

When considering moving excess or experimental HPC applications to a cloud environment, there will always be obstacles. Were that not the case, the cost effectiveness of cloud-based HPC would rule the high performance landscape.

Jonathan Stuart Ward and Adam Barker of the University of St. Andrews produced an intriguing report on the state of cloud computing, paying a significant amount of attention to the problems facing cloud computing.

The researchers split the problems into two factions: technological and legal. The second bit has added gravity today in light of recent leaks on the data mining activities of the United States National Security Agency, although those specific circumstances will not be discussed here. However, according to the report, an incident in 2010 (Wikileaks) laid the foundation for an environment where such infringement could happen.

However, the technological concerns are more relevant to those seeking to outsource HPC applications to the cloud. Virtualization, according to the report, is a key to running high performance applications in a cloud setting. That should be neither surprising nor interesting, as cloud computing is sometimes referred to as ‘computing in a virtualized environment.’

However, it is an important distinction to consider. As the report noted, “virtualizing a computer system reduces its management overhead and allows it to be moved between physical hosts and to be quickly instantiated or terminated.”

As computations in a public cloud must be somehow sent back to the host and it is preferable that such sending happens quickly, virtualization is understandably important. The preferred infrastructure to virtualize into a cloud environment would be that of the Intel x86, used in many localized HPC instances. That affinity presents problems for cloud computing.

“The x86 architecture was not conceived as a platform for virtualization. The mechanisms which allow x86 based virtualization either require a heavily modified guest OS or utilise an additional instruction set provided by modern CPUs which handles the intercepting and redirecting traps and interrupts at the hardware level.” It is of course possible to virtualize such an architecture, but it will result in what the researchers call a performance penalty. That penalty has been significantly reduced over the last few years, but is still present and can manifest itself in I/O performance, sometimes in extreme ways.

“IO performance in certain scenarios,” the researchers note, “suffers an 88% slowdown compared to the equivalent physical machine.” One of the main principles behind computing in the cloud is the optimization of resources. Virtualized machines (or Virtual Machines, or VMs) curtail performance to ensure the servers are in usage, which is not necessarily ideal.

A further issue raised by Ward and Barker to computing in the cloud is the interoperability among major cloud service providers like Amazon, Google, Rackspace, and Microsoft. They related it to mainframe computing, which was dominated by IBM in the 1970s. “Increased interoperability is essential in order to avoid the market shakeout the mainframe industry encountered in the 1970s. This is a significant concern for the future of cloud computing.”

Scaling up is another issue presented by the researchers, but one they feel is at least somewhat adequately addressed by the development of NoSQL. “It is NoSQL which has been a driving force behind cloud computing. The unstructured and highly scalable properties of many common NoSQL databases allows for large volumes of users to make use of single database installation to store many different types of information.” It is this notion that carries the storage capacity for HPC applications in things like Azure and S3.

Of course, it is difficult to discuss the complications of computing in the cloud without addressing security and what the report refers to as trust issues. The report, which was coincidentally published last week, seems prescient considering the NSA PRISM leaks that have been brought to light over the last week or so.

The researchers here delved into how the Wikileaks incident in 2010 laid the groundwork. “Without a comprehensive legal framework in place it is impossible to conclusively argue what parties cannot access or otherwise interfere with cloud based operations. This issue is problematic for organisations such as Wikileaks which are not well received by world governments. Unfavorable organisations can be effectively barred from operating on the cloud by any organisations able to exert influence against the provider.” Determining jurisdiction in these circumstances is hazy. The Amazon datacenter in question over the Wikileaks scandal was based in Europe. However, Amazon is based in the United States, potentially subjecting it to US government pressure if necessary.

“Worse still is the possibility that governments can compel cloud providers to provide access to client’s services or data,” the researchers argued.  “This is a major problem for cloud computing and if this issue remains unanswered, [one] could potentially see cloud providers relinquishing user and company data to world governments based on a legal mandate.”

The security issue is not a new one. Companies with sensitive data take measures to ensure the security of their cloud-housed data, such as adding additional vendor-supplied security layers or participating in a sort of ‘virtual private cloud.’

In this case, it seems unlikely that the NSA would mine experimental financial data to find terrorism patterns. However, as the report noted, a potentially dangerous precedent could be set by these actions. Will this break the trust of companies looking to keep their potentially critical and sensitive data in a cloud service? It is unclear, but this report at least indicates that could happen.

From I/O bottleneck issues to scalability to security and trust issues, the complications of cloud HPC are significant. However things like NoSQL (for scale) and better virtualization tools and workload managers are being built to mitigate those issues.