Re: [sop] two architectures - which one do you prefer?

Michael Hammer <mphmmr@gmail.com> Mon, 20 February 2012 17:33 UTC

Return-Path: <mphmmr@gmail.com>
X-Original-To: sop@ietfa.amsl.com
Delivered-To: sop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D47F621F87B3 for <sop@ietfa.amsl.com>; Mon, 20 Feb 2012 09:33:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.292
X-Spam-Level:
X-Spam-Status: No, score=-3.292 tagged_above=-999 required=5 tests=[AWL=0.306, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 55UL3-rxJiil for <sop@ietfa.amsl.com>; Mon, 20 Feb 2012 09:32:59 -0800 (PST)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2B9A121F858A for <sop@ietf.org>; Mon, 20 Feb 2012 09:32:58 -0800 (PST)
Received: by lahl5 with SMTP id l5so7602496lah.31 for <sop@ietf.org>; Mon, 20 Feb 2012 09:32:58 -0800 (PST)
Received-SPF: pass (google.com: domain of mphmmr@gmail.com designates 10.112.100.34 as permitted sender) client-ip=10.112.100.34;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of mphmmr@gmail.com designates 10.112.100.34 as permitted sender) smtp.mail=mphmmr@gmail.com; dkim=pass header.i=mphmmr@gmail.com
Received: from mr.google.com ([10.112.100.34]) by 10.112.100.34 with SMTP id ev2mr8301737lbb.13.1329759178051 (num_hops = 1); Mon, 20 Feb 2012 09:32:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DtmkjZm1gw+4W5/h4AFqWVZD6WxhIVkvUGoocWL+Bg8=; b=nIILWdUKfh7A6jDBMrkqkukNmu80jBN77LftdjH6Ojs/aEbVF7e4UhumLfWnEzct7j mMN1Ks/11ygHDjd6fYageDc+/UEhDUqb17APwp0CgSGTYV47k0H44uYxCB1FiwaJiXxW XUK7B0QgMrQasH/Qz4NiTGKCstxb07FD9F6WI=
MIME-Version: 1.0
Received: by 10.112.100.34 with SMTP id ev2mr6904964lbb.13.1329759177895; Mon, 20 Feb 2012 09:32:57 -0800 (PST)
Received: by 10.112.104.70 with HTTP; Mon, 20 Feb 2012 09:32:57 -0800 (PST)
In-Reply-To: <618BE8B40039924EB9AED233D4A09C510300246C@XMB-BGL-416.cisco.com>
References: <618BE8B40039924EB9AED233D4A09C510300242D@XMB-BGL-416.cisco.com> <DF7E69B2-DBDF-4494-86BD-1B8840D99F49@cisco.com> <618BE8B40039924EB9AED233D4A09C510300246C@XMB-BGL-416.cisco.com>
Date: Mon, 20 Feb 2012 12:32:57 -0500
Message-ID: <CAA3wLqXxgoS1ebCgO_RqmQ=RNV4WSqK5Py0wJBjjp=ebFAbEdg@mail.gmail.com>
From: Michael Hammer <mphmmr@gmail.com>
To: "Ashish Dalela (adalela)" <adalela@cisco.com>
Content-Type: multipart/alternative; boundary=14dae9d2f3ca6f6eab04b968afc4
Cc: sop@ietf.org, "Adam Greenhalgh \(agreenha\)" <agreenha@cisco.com>
Subject: Re: [sop] two architectures - which one do you prefer?
X-BeenThere: sop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Service Orchestration and Desciption for Cloud Services <sop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sop>, <mailto:sop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sop>
List-Post: <mailto:sop@ietf.org>
List-Help: <mailto:sop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sop>, <mailto:sop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Feb 2012 17:33:04 -0000

If you treat the "cloud" like a computer, then an OS needs to ensure that
each application plays in its own sandbox and had minimal interactions with
other applications.  The only interaction being the sharing of computer,
memory, and network resources.

If you abdicate responsibility to the applications, then you have no
security.  That would not be good.
I don't see how you would get around this.  The fathers of the Internet
confess that trusting the end-users to behave correctly because they were
trust-worthy was a  mistake.  We should not make that mistake once again.

Mike


On Mon, Feb 20, 2012 at 5:21 AM, Ashish Dalela (adalela)
<adalela@cisco.com>wrote;wrote:

> Yes, and a related model is that a zone (POD) has one type of
> application and that is controlled by a separate domain specific
> controller. So, you could tier the controllers. I guess I'm still
> wondering how "deep" the application wants to control the
> infrastructure.
>
> Thanks, Ashish
>
> -----Original Message-----
> From: Adam Greenhalgh (agreenha)
> Sent: Monday, February 20, 2012 3:33 PM
> To: sop@ietf.org
> Cc: Ashish Dalela (adalela)
> Subject: Re: [sop] two architectures - which one do you prefer?
>
> I suspect that in fact the model that might come to the fore is a hybrid
> of these two, where the application is the "God" of a zone of the data
> centre and a "Greater God" oversees the bigger picture for the whole
> datacenter. The complexity is going to come from the interaction between
> these "Gods".
>
> Adam
>
> On 20 Feb 2012, at 09:32, Ashish Dalela (adalela) wrote:
>
> >
> > BTW, these may not be the only architectures out there. So, if anyone
> believes there are more architectures, it would be great to have that in
> the discussion. I'm just familiar with two of them, so hope to hear if
> there are more. I realize that "God" may be a strong word for some
> people (J), but we could replace this with the word "controller" without
> loss of meaning.
> >
> > Thanks, Ashish
> >
> > From: Ashish Dalela (adalela)
> > Sent: Monday, February 20, 2012 11:28 AM
> > To: sop@ietf.org
> > Subject: two architectures - which one do you prefer?
> >
> > Folks,
> >
> > There are two dominant architectures being pushed for cloud in the
> industry today.
> >
>
> > 1.  Application is the God of the datacenter. All infrastructure is
> food supplied to the application to continue its operation, and
> additional infrastructure is provisioned if an application asks for it.
> The "management" of the infrastructure is in the application, because
> the infrastructure really exists for the purposes of the application.
> You obviously have to often re-write or re-design or at the least
> enhance your applications to be able to orchestrate the infrastructure.
> >
> > 2.  A new God is created for both infrastructure and application. In
> this model, some new controller monitors both application and
> infrastructure, holds the policies for which application / user can have
> which resources, how much a user has to be billed for a type of service,
> etc. You don't have to re-write your applications but you have to create
> an additional control layer on top of infrastructure and application.
> You want this additional layer to be as flat as possible, but allow
> sufficient abstractions for easy control.
> >
> > These obviously entail different architectures, from an application
> control standpoint. In the first model, the application controls itself
> and the infrastructure. In the second model, the application is also a
> resource along with infrastructure, managed by some external controller.
> >
> > Any discussion or comments on these two models?
> >
> > Thanks, Ashish
> > _______________________________________________
> > sop mailing list
> > sop@ietf.org
> > https://www.ietf.org/mailman/listinfo/sop
>
> _______________________________________________
> sop mailing list
> sop@ietf.org
> https://www.ietf.org/mailman/listinfo/sop
>