Shaping the Cloud
HP Labs research explores how next-generation cloud systems might be builtFrom left to right: HP researchers Julio Guijarro and Patrick Goldsack
By Simon Firth
It’s not easy to shape a cloud. That goes for cloud computing systems as much as the atmospheric phenomena for which they’re named.
But as cloud computing becomes ever more central to IT operations, how these intentionally diffuse systems are assembled will have an increasingly significant impact on what they’re able to do and how well they can run.
That’s the thinking at HP’s Cloud and Security Lab in Bristol, UK, where a novel approach to cloud computing, based on highly secure but flexibly managed cells, is being researched.
“It’s based on a completely new kind of architecture,” says Julio Guijarro of the model that he and his colleagues are calling Cells as a Service. “The vision we had required a lot of componentry that didn’t exist,” he adds, “so we had to build all that first in order to make it work.”
A new model
The Cells as a Service model grew out of work the Bristol team has been engaged in for over a decade.
Early investigations into Utility and Grid computing led them to want to build their own platform for deploying cloud-based services, says Guijarro. “That was generating a lot of interest among HP customers,” he recalls, “but nobody was providing the infrastructure that we also needed to build such a platform. So we went down a level and started working on that.”
Much of their early research had involved supplying digital animation companies with remote rendering services, an experience that underlined the degree to which IT customers need to be confident that they are protecting their intellectual property if they’re to migrate to lower-cost, cloud based systems.
As a result, explains fellow researcher Patrick Goldsack, “when we started to think about architecture, we started by asking how you can really provide a secure framework from the ground up, within which we can then deliver different services to different customers.”
A truly secure system, notes Goldsack, ought to be able to serve commercial rivals like Dreamworks and Pixar, or Pepsi and Coca Cola, at the same time, with each 100% confident that their own data is accessible only to themselves. At that same time, though, it should also allow them to collaborate if and when they wish. Banks, for example, might be rivals in some operations and partners in others.
For that to happen, adds Guijarro, “You have to build into the design the ability for A to talk to B when they want to, and for B to talk to A. That’s one of the main differentiators between our system and anything else that is out there today.”
Cells in two senses
The new infrastructure, like other cloud systems, is built out of virtualized machines created automatically and on the fly over sets geographically-distributed servers.
But in this model the virtualized servers have the quality of cells – both in the sense of biological building blocks and of highly secure holding pens for information.
“Each cell has a semi permeable membrane with a tight control over that permeability,” notes Goldsack. “As a result, you can specify your relationship with other cells in the system and the level of permeability you have between the various other cells. In addition, you can alter those levels later on if you wish.”
Existing cloud models typically serve multiple users by requiring that every user own the same kind of rights over the same kind of machines. But thanks to its novel design, the Cells as a Service model offers much more flexibility while at the same time offering the kind of security that cloud customers need.
Cells as a Service admin console.
Underlying innovations
In order to build this new architecture, the HP team had to create an array of underlying technologies that were themselves novel.
“The networking is completely new,” explains Guijarro. “It doesn’t require any special switches or anything. Instead, we virtualized the entire network in software, which gives us a strong control of what happens in the network layer.”
In addition, the Labs team reinvented how virtual disks connect up to virtual machines.
Traditionally, when you create a virtual machine, you create a virtual disk from which it will boot that contains a certain amount of data. It’s possible to create a virtual machine very fast, but as virtual disks have become ever larger they’ve been taking ever longer – over an hour sometimes – to create and copy from a base image.
“We get the performance up using a number of techniques such as copy-on-write and clever caching algorithms,” says Goldsack. “We can do per-volume encryption, and impose access control to the volumes. It’s an entirely new approach to virtual storage appropriate to the cloud.”
A third major innovation is in how the virtualization process is automated. “It’s a very highly distributed, disaggregated asynchronous mechanism, which scales out very beautifully,” Goldsack reports.
A popular demonstrator
The Cells as a Service model has recently been integrated into HP’s G-Cloud demonstrator at HPL Bristol. Now one year old and in its second generation, the demonstrator was built to offer governments a sense of how cloud computing might help them deliver core services much more cost-effectively and efficiently.
Interest so far has been ‘amazing,’ says Goldsack, who notes that corporations are proving as interested as government agencies in sending their senior technology executives to visit.
The tours, he notes, “allow us to share our vision of what Cloud can do for you, what the issues are that you might think about and how we are approaching some of those issues like security, privacy, speed, reliability and high availability.”
At the same time, the visitors help the HP team understand the concerns that potential customers have about the cloud and where they are in the process of moving their services into the cloud environment.
Back to the platform
Next the team wants to move back up the software hierarchy to where they started originally: to look at the kinds of platforms they can build on a Cells as a Service infrastructure.
“That’s really where our interest has always been,” notes Goldsack. “And we’ll likely start doing some work with the client side, too, looking at better ways to bring clients into the cloud.”
After that, they’ll likely create model software solutions to show off the unique capabilities of the Cells as a Service infrastructure.
“This is just the beginning,” suggests Guijarro, “and I don’t think anybody knows where this is going to go.” All along, he notes, the idea has been to give people confidence to move more to the cloud – a move that ought, in turn, to let them to be more innovative in the services they offer.
“It’s one of the most interesting aspects of the research that we do,” he says, “that we’re enabling people to do things that nobody has thought of yet.
* For more on this, see the report the team wrote for Lloyds of London on digital risk.