[occi-wg] IO Console Resource -- Infrastructure docRe: IO Console Resource -- Infrastructure doc proposal
Gary Mazz
garymazzaferro at gmail.com
Thu Aug 12 03:14:03 CDT 2010
Hi,
Below is a fragment of an email from Csom Gyula which addressed many
issues. Thijs ask to have this issue carved out and on a separate email
thread. This fragment was in response to a proposal for text and
graphical consoles as an occi resource.
A Console Resource was proposed to help support features commonly found
in private cloud implementations based on hypervisor and blade server
configurations . After there was some support for the proposal, I
elected to work out some use case details to ensure implementation
practices and common architectural models were captured. The use cases
would probably be better served in some sort of spreadsheet, but this is
what I have for the moment. I'll follow up with diagrams if more
interest is gained in the proposal.
This is a work in progress and is likely to incorporate more detail
within the next week
Cheers
gary
Fragment from email by Csom Gyula "Re: [occi-wg] New revision of the spec:
> [7] Graphics: I agree with Gary, console is a must:) His spec is
> definitve... here let me add just
> some notes:
> * We are using KVM/QEMU as the hypervisor so I can confirm that
> KVM/QEMU provides graphical terminal support, namely VNC:)
> * Security is an issue at least in two ways. First the terminal gives
> access to the running compute resource hence it needs password
> protection or such. Second the terminal
> access operates on the host level not on the vm level. That is the
> terminal address would
> be the IP of the physical host the vm is running on. Generally it is
> not a secure thing
> to give direct access to interna hostl infrastructure. For instance
> in our solution (currently in development) we use a VNC proxy that
> hides the internal locations.
> * Isn't occi.console.status the same as (or projection of) the
> socci.compute.status? It could
> be a useful information though. I guess it should be dinamically
> queried from the corresponding
> compute resource.
> * Either the console should be the part of the compute resource or it
> should link to the compute resource it belongs to, that is:
> * either console should be moved under the compute namespace (ie.
> occi.compute.console.xxx)
> * or there must be a bidirectional link between the two
> (occi.console.compute_link -> compute
> and occi.compute.console_link -> console or such)
>
Some good notes @Gary can you respond?
How do you feel about the subject if those attributes are mandatory or
optional?
GM>
I think part of the issue is our deployment use case model that is
somewhat incomplete in terms of a console.
*Computer **and Blade **Platform Use Cases*
*Generalized **VM Execution **Use Cases*
USE CASE] A VM executes on single computer platform with a single or
multiple cpu cores.
USE CASE] A VM executes on blade platform with a single or multiple cpu
cores.
*Generalized IO Console Configuration **Use Cases*
USE CASE] A single computer platform supports one or more serial ports
for console I/O
USE CASE] A single compute platform supports one or more video outputs
and one keyboard input
USE CASE] A blade platform supports one or more serial ports for console
I/O
USE CASE] A blade platform supports one more video output and one
keyboard input
*Generalized IO Console Client to IO Console Server Connectivity Use Cases*
USE CASE] A blade platform management controller presents blade's video
outputs and keyboard inputs via a network protocol including VNC, RDP
and XWindows
USE CASE] A blade platform management controller presents blade's serial
ports via a network protocol including TELNET and SSH
USE CASE] A KVM device controller presents single computer's video
outputs and keyboard inputs via a network protocol including VNC, RDP
and XWindows
USE CASE] A Terminal Server presents a single computer's serial ports
via a network protocol including TELNET and SSH
*
*Hypervisor Software Use Cases**
USE CASE] A Hypervisor Software executing on a single blade presents
VM's video outputs and keyboard inputs via a network protocol including
VNC, RDP and XWindows
USE CASE] A Hypervisor Software executing on a single blade presents a
VM's serial ports via a network protocol including TELNET and SSH
USE CASE] A Hypervisor Software executing on a single blade element
presents VM's video outputs and keyboard inputs via a network protocol
including VNC, RDP and XWindows
USE CASE] A Hypervisor Software executing on a single blade element
presents a VM's serial ports via a network protocol including TELNET and
SSH
*IO Console Sharing Use Cases*
USE CASE] More than one user may access a blade's platform management
controller's presented blade's video outputs and keyboard inputs via a
network (console instance sharing)
USE CASE] More than one user may access a blade's platform management
controller's presented blade's serial ports via a network (console
instance sharing)
USE CASE] More than one user may access a Terminal Server's presented
single compute serial port via a network (console instance sharing)
USE CASE] More than one user may access a KVM device's presented single
compute serial port via a network (console instance sharing)
*IO Console Configuration Use Cases*
USE CASE] Network Address of Terminal Server's presented single
computer's serial port can be set by VM configuration
USE CASE] Network port number of Terminal Server's presented single
computer's serial port can be set by VM configuration
USE CASE] Network Address of Terminal Server's presented single
computer's serial port can be set by Cloud Provider Administration
USE CASE] Network port number of Terminal Server's presented single
computer's serial port can be set by Cloud Provider Administration
USE CASE] Network Address of Terminal Server's presented single
computer's serial port can be read by Cloud User(s) though VM configuration
USE CASE] Network port number of Terminal Server's presented single
computer's serial port can be read by Cloud Provider Administration
though VM configuration
USE CASE] Terminal Server's Network Address presenting a single
computer's serial port can be is common across all Terminal Server's
serial ports
USE CASE] Network Address of KVM's presented single computer's graphical
console can be set by VM configuration
USE CASE] Network port number of KVM's presented single computer's
graphical console can be set by VM configuration
USE CASE] Network Address of KVM's presented single computer's graphical
console can be set by Private Cloud Administration
USE CASE] Network port number of KVM's presented single computer's
graphical console can be set by Cloud Provider Administration
USE CASE] Network Address of KVM's presented single computer's graphical
console can be read by Cloud User(s) though VM configuration
USE CASE] Network port number of KVM's presented single computer's
graphical console can be read by Cloud Provider Administration though VM
configuration
USE CASE] KVM's Network Address presenting a single computer's graphical
console can be is common across all Terminal Server's serial ports
USE CASE] Network Address of a blade's platform management controller's
presented blade's serial port can be set by VM configuration
USE CASE] Network port number of a blade's platform management
controller's presented blade's serial port can be set by VM configuration
USE CASE] Network Address of a blade's platform management controller's
presented blade's serial port can be set by Cloud Provider Administration
USE CASE] Network port number of a blade's platform management
controller's presented blade's serial port can be set by Cloud Provider
Administration
USE CASE] Network Address of a blade's platform management controller's
presented blade's serial port can be read by Cloud User(s) though VM
configuration
USE CASE] Network port number of a blade's platform management
controller's presented blade's serial port can be read by Cloud Provider
Administration though VM configuration
USE CASE] Terminal Server's Network Address presenting a blade's serial
port can be is common across all a blade's platform management
controller's serial ports presented
USE CASE] Network Address of a blade's platform management controller's
presented blade's graphical console can be set by VM configuration
USE CASE] Network port number of a blade's platform management
controller's presented blade's graphical console can be set by VM
configuration
USE CASE] Network Address of a blade's platform management controller's
presented blade's graphical console can be set by Cloud Provider
Administration
USE CASE] Network port number of a blade's platform management
controller's presented blade's graphical console can be set by Cloud
Provider Administration
USE CASE] Network Address of a blade's platform management controller's
presented blade's graphical console can be read by Cloud User(s) though
VM configuration
USE CASE] Network port number of a blade's platform management
controller's presented blade's graphical console can be read by Cloud
Provider Administration though VM configuration
USE CASE] Terminal Server's Network Address presenting a blade's
graphical console can be is common across all a blade's platform
management controller's serial ports presented
*IO Console Authentication Use Cases*
USE CASE] A Terminal Server's presented single compute serial port has
only one credential for all Private Cloud Administrators (user/customer)
accessing the port
USE CASE] A Terminal Server's presented single compute serial port has
only one credential for each Private Cloud Administrator (user/customer)
accessing the port
USE CASE] A Terminal Server has only one credential for all Private
Cloud Administrators (user/customer) accessing all presented single
compute serial ports
USE CASE] Terminal Server's presented single compute serial port's
credentials can be set with the VM configuration by the Cloud Provider
Administrator
USE CASE] Terminal Server's presented single compute serial port's
credentials can be set with the VM configuration by the Private Cloud
Administrator (user/customer)
USE CASE] Terminal Server's presented single compute serial port's
credentials can be set with a external management application by the
Cloud Administrator
USE CASE] Terminal Server's credentials can be set with the VM
configuration by the Cloud Provider Administrator
USE CASE] Terminal Server's credentials can be set with the VM
configuration by the Private Cloud Administrator (user/customer)
USE CASE] Terminal Server's credentials can be set with a external
management application by the Cloud Administrator
USE CASE] A KVM's presented single computer's graphical console has only
one credential for all Private Cloud Administrators (user/customer)
accessing the port
USE CASE] A KVM's presented single computer's graphical console has only
one credential for each Private Cloud Administrator (user/customer)
accessing the port
USE CASE] A KVM has only one credential for all users accessing all
presented computer's graphical consoles
USE CASE] KVM's presented single computer's graphical console's
credentials can be set with the VM configuration by the Cloud Administrator
USE CASE] KVM's presented single computer's graphical console's
credentials can be set with the VM configuration by the Private Cloud
Administrators (user/customer)
USE CASE] KVM's presented single computer's graphical console's
credentials can be set with a external management application by the
Cloud Administrator
USE CASE] KVM's credentials can be set with the VM configuration by the
Cloud Administrator
USE CASE] KVM's credentials can be set with the VM configuration by the
Private Cloud Administrator (user/customer)
USE CASE] KVM's credentials can be set with a external management
application by the Cloud Administrator
USE CASE] A blade's platform management controller's presented blade
serial ports has only one credential for all Private Cloud
Administrators (user/customer) accessing the port
USE CASE] A blade's platform management controller's presented blade
serial ports has only one credential for each Private Cloud
Administrator (user/customer) accessing the port
USE CASE] A blade's platform management controller has only one
credential for all Private Cloud Administrators (user/customer)
accessing all presented blade serial ports
USE CASE] A blade's platform management controller's presented blade
serial port's credentials can be set with the VM configuration by the
Cloud Provider Administrator
USE CASE] A blade's platform management controller's presented blades
serial port's credentials can be set with the VM configuration by the
Private Cloud Administrator (user/customer)
USE CASE] A blade's platform management controller's presented blade
serial port's credentials can be set with a external management
application by the Cloud Provider Administrator
USE CASE] A blade's platform management controller's credentials can be
set with the VM configuration by the Cloud Provider Administrator
USE CASE] A blade's platform management controller's credentials can be
set with the VM configuration by the Private Cloud Administrator
(user/customer)
USE CASE] A blade's platform management controller's credentials can be
set with a external management application by the Cloud Provider
Administrator
USE CASE] A blade's platform management controller's presented blade's
graphical console has only one credential for all Private Cloud
Administrators (user/customer) accessing the port
USE CASE] A blade's platform management controller's presented blade's
graphical console has only one credential for each Private Cloud
Administrator (user/customer) accessing the port
USE CASE] A blade's platform management controller has only one
credential for all Private Cloud Administrators (user/customer)
accessing all presented blade's graphical consoles
USE CASE] A blade's platform management controller's presented blade's
graphical console's credentials can be set with the VM configuration by
the Cloud Provider Administrator
USE CASE] A blade's platform management controller's presented blade's
graphical console's credentials can be set with the VM configuration by
the Private Cloud Administrator (user/customer)
USE CASE] A blade's platform management controller's presented blade's
graphical console's credentials can be set with a external management
application by the Cloud Provider Administrator
USE CASE] A blade's platform management controller's credentials can be
set with the VM configuration by the Cloud Provider Administrator
USE CASE] A blade's platform management controller's credentials can be
set with the VM configuration by the Private Cloud Administrator
(user/customer)
USE CASE] A blade's platform management controller's credentials can be
set with a external management application by the Cloud Provider
Administrator
**Limits *
*Desktop Virtualization created by the executing operating system in a
VM is not in the scope of this use case model.
**Comments:* *
I'm looking into a more robust way of defining the security identifier
and credentials ,
I'm also looking at an interoperable way to incorporate the
configuration issues into OCCI. I put a proposal together if we all
agree on the use cases.
-------- Original Message --------
Subject: Re: IO Console Resource -- Infrastructure doc proposal
Date: Wed, 04 Aug 2010 14:56:53 -0600
From: Gary Mazz <garymazzaferro at gmail.com>
To: Andy Edmonds <andy.edmonds at gmail.com>
CC: Thijs Metsch <tmetsch at platform.com>, "occi-wg at ogf.org"
<occi-wg at ogf.org>
References: <4C593B8D.7000103 at gmail.com>
<E2AC825D4FC7764DA86D9C8ECA27A2DE0420AFB8 at catoexm05.noam.corp.platform.com>
<4C598503.4090508 at gmail.com>
<AANLkTinWcmxnoEsNxhjBEJe59=Jbo3UjhwPFKVqiWFy9 at mail.gmail.com>
I thought I added the mailing list to the email thread. :0
I'll repost.. with the original pdf attached.
-g
Andy Edmonds wrote:
> Please can this discussion happen on the mailing list - it goes
> completely against the grain of an "open community".
>
> Andy
> andy.edmonds.be <http://andy.edmonds.be>
>
>
> On Wed, Aug 4, 2010 at 18:19, Gary Mazz <garymazzaferro at gmail.com
> <mailto:garymazzaferro at gmail.com>> wrote:
>
>
> State and Status good question..
>
> State is an attribute set by the user to enable or disable the
> operation of the console instance.
> Status is the current operational disposition of the console instance.
>
> I think this is a MUST. XEN, ESXi, VirtualBox will not configure a
> virtual machine without the console set. I'm not sure, but I also
> believe the same is true for qemu. Without the console, we exclude
> many private cloud configurations.
>
> The big issue is what happens when the user moves a configuration
> (VM) to a provider that does not support the feature. What gets
> reported back ? Does the provider maintain the configuration
> (ala OVF like), but shows the instance status as an unsupported
> resource. Or, does the provider ignore the resource and report
> back "unknown" ? If the resource is ignored, how will that
> impact VM instance configuration changes and teleportability of
> the VM to another platform/provider ? Right now I cannot see
> resources or configurations being discarded just because the
> platform doesn't support the resource. Resources and
> configurations must be maintained, even though unsupported, to
> properly support teleportation.
>
> -g
>
>
>
> Thijs Metsch wrote:
>
>
> Overall looks good...Just wondering why there is a state and
> status? one immutable and one mutable?
>
> But would be cool if you could post it to the list as well...
>
> Also we should try to figure out if this is a MUST, SHOULD or
> MAY section according to RFC2116...
>
> Thanks Gary.
>
> -Thijs
>
> -----Original Message-----
> From: Gary Mazz [mailto:garymazzaferro at gmail.com
> <mailto:garymazzaferro at gmail.com>]
> Sent: Wed 04-Aug-10 12:06
> To: Thijs Metsch; Andy Edmonds
> Cc: Subject: IO Console Resource -- Infrastructure
> doc proposal
>
> Hi,
>
> I've created a new section for the infrastructure document
> for the IO
> Console. The console is very important for virtual machine
> configurations.
>
> I've attached the section for the document. Please review and
> comment if
> considered for inclusion.
>
> -g
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/occi-wg/attachments/20100812/d1a86cd4/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Infrastructure IOConsole.pdf
Type: application/pdf
Size: 50529 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/occi-wg/attachments/20100812/d1a86cd4/attachment.pdf
More information about the occi-wg
mailing list