Cool to see the mainstream press (Newsweek) mention Nimbus: Number Crunching Made Easy.
Just ran across an “interesting” definition of Nimbus:
“Client-side cloud-computing interface to Globus-enabled TeraPort cluster at U of C”
… in these slides: http://eucalyptus.cs.ucsb.edu/documents/eucalyptus-slides-wolski-cloud_expo_apr08.ppt
There is a Nimbus client (which can be replaced by an Amazon’s EC2 client), true. But most of Nimbus is server side software.
Teraport (and other Science Clouds) are not “globus enabled” but rather host the server-side components of Nimbus. Nimbus converts a set of hypervisors into what some will call an “IaaS cloud” or “open source EC2″ (Nimbus was released before EC2 but EC2 protocol support has been added due to customer demand).
The remote messaging modules (EC2 and a separate WS system) are hosted in a container that is based on Axis — some Globus Toolkit components also use that. This is a thin layer that provides marshalling/unmarshalling and security, converting messages to a common format for use with the framework independent “meat” of the Nimbus service (it could be hosted in another container).
See the FAQ, publications, and news if you would like to learn more about Nimbus.
Press Release: Nimbus and Cloud Computing Meet STAR Production Demands
We’ve been running self-configuring 100+ node clusters on EC2 since 2007, but I would be remiss if I did not link to this announcement.
Announcement: Perspectives on Distributed Computing: Thirty People, Four User Types, and the Distributed Computing User Experience is available for download.
“This report chronicles and analyzes the responses of thirty users to questions about using the Globus Toolkit - starting with summaries of results and conclusions but also including very detailed appendices and even transcripts of the interviews. Very interesting information for those involved in distributed computing.”
The Nimbus TP2.2 release provides a standalone context broker that can be used across Nimbus and EC2 clouds and continues our work on EC2 compatibility with the introduction of EC2 metadata server. In addition, the release contains new documentation and bug fixes.
See the changelog for all the details.
Quoting from http://www.phreedom.org/research/rogue-ca/
“As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.”
I wrote a program to look through the trusted certs that came with Firefox 3.0.4 for any CAs with MD5 signature algorithms.
[snip]
UPDATE: the list was not relevant because of a feature of the attack (thanks Thomas). Apparently “only RapidSSL and FreeSSL are practically vulnerable”
UPDATE 2: VeriSign responds, no longer possible with RapidSSL. And they’ve been phasing MD5 out across the board.
It was a good feeling to pause for a moment and put a user quotes page together for Nimbus. We’ve worked hard to make Nimbus usable and useful — but the best is yet to come!
Some interesting things in the new Xen road map.
[via Stephen Spector]
Besides the good stuff added to Nimbus, this release also introduces something called the AutoContainer which allows you to set up a Globus Java web services environment, from scratch and with security working, within about a minute (requires Linux/OSX and Java 1.5+).
The main new features provided in this release are tools facilitating the deployment, configuration and management of clouds. We also updated our implementation to match the current Amazon EC2 deployment. In addition, the release contains new documentation and bug fixes.
You can download the new release from:
http://workspace.globus.org/downloads/index.html
The full changelog can be found here:
http://workspace.globus.org/vm/changelog.html#TP2.1
All this Windows cloud news afoot. Make sure to read this post on the GoGrid blog:
Windows in the Cloud? Been there, done that!
GoGrid has already almost a year of proven experience providing Windows Server 2003/2008 to end users… we are also a Microsoft Gold Certified Partner.
Tom Scavo writes on gridshib-user:
We are pleased to announce GridShib for Globus Toolkit v0.6.1:
http://gridshib.globus.org/downloads/gridshib-gt-0_6_1-src.tar.gz
http://gridshib.globus.org/downloads/gridshib-gt-0_6_1-src.zipPlease visit the GridShib for GT home page for an introduction and links to software and documentation:
http://gridshib.globus.org/docs/gridshib-gt-0.6.1/
This version of GridShib for GT is primarily a bug fix release. There is one new feature, and that is, a refactoring of the blacklisting framework that now permits the blacklisting of identity attributes (such as e-mail addresses) in addition to IP addresses and SAML name identifiers. See the CHANGES file for a complete list of changes in this version:
http://gridshib.globus.org/docs/gridshib-gt-0.6.1/CHANGES.txt
Along with GridShib SAML Tools v0.5.0, version 0.6.1 of GridShib for GT will be included in a Capability Kit to supplement the Coordinated TeraGrid Software and Services (CTSS) stack. This is the next step in a focused effort to deploy GridShib software at both the science gateways and resource providers throughout the TeraGrid. This work is funded by the NSF TeraGrid Grid Integration Group through a sub-award to NCSA.
Thank you for your continued support of GridShib!
For those who haven’t heard about the Xen 0wning Trilogy, make sure to check that out here and here.
In a followup post to some apparent misinformation being spread (Microsoft executive “rebuts” our research!), I was surprised by this comment:
Interestingly, if Mr. Riley only attended our Xen 0wning Trilogy at Black Hat, then he would notice that we were actually very positive about Hyper-V. Of course, I pointed out that Xen 3.3 certainly has a more secure architecture right now, but I also said that I knew (from talking to some MS engineers from the virtualization group) that Hyper-V is going to implement similar features in the next version(s) and that this is very good. I also prized the fact it has only about 100k LOC (vs. about 300k LOC in Xen 3.3).
Xen 3.3 has grown to 300k lines of code for the hypervisor?
At what point does the “tight security auditability” argument start to exponentially diminish for hypervisors in ring 0?
— Next Page »