The Ninja Service Platform Architecture or, “The Right Way to do Thin Client Computing” Steve Gribble UC Berkeley CS Division [email protected].
Download
Report
Transcript The Ninja Service Platform Architecture or, “The Right Way to do Thin Client Computing” Steve Gribble UC Berkeley CS Division [email protected].
The Ninja Service Platform
Architecture
or,
“The Right Way to do Thin Client Computing”
Steve Gribble
UC Berkeley CS Division
[email protected]
Approaches to Date
Sony MagicLink: No connectivity to speak of, limited
application capability, but a very flashy OS. This PDA was a
(small) island unto itself. Pessimal form-factor.
Palm Pilot / IBM WorkPad: Thin, zippy, out-of-the-way OS,
huge bazaar following. Originally intended for occasional
synchronization and long periods of disconnected use. (We’re
changing that usage model.)
Windows CE devices: Big OS attempting to fool apps into
thinking PDA is a full-fledged desktop machine. Rich
hardware. Applications are scaled down versions of
Windows 95 apps (e.g. pocket IE), and perform very poorly.
Our Approach
• Carefully choose where you fight your battles
– slim OS on the PDA
– split applications between PDA and infrastructure
• solve hard problems in infrastructure, not PDA
• PDA is mostly a UI, plus a soft-state cache
• It’s a connected world
– “access is the killer app”
– use intelligent infrastructure to bridge between complex
online services and simple devices
• Ninja
– software infrastructure to support next generation services
and heterogeneous devices
Ninja Project Goals
• Infrastructure for Internet-based Services which are ...
–
–
–
–
Scalable: support large and growing user population
Highly-available: continually up and running
Fault-tolerant: mask hardware & software faults
Customizable: Enable users to inject personal preferences (and code!)
• Universal architecture for constructing and deploying services
– programming model and execution environments for scalable services
– mobile code for rapid service deployment
• Authenticated and pay-per-use services
– HINDE: architecture for digitally secure e-cash
• Span the spectrum of end-user devices
– PCs, workstations, web browsers, PDAs, cell-phones, (2-way) pagers, …
– infrastructure automatically deploys components needed to assist
impoverished devices in accessing services
Architecture Overview
Base: Scalable, highlyavailable platform for
persistent-state services
Workstations & PCs
AP
Internet
AP
Cellphones, Pagers, etc.
Active Proxy:
Bootstraps thin devices
into infrastructure, runs
mobile code
PDAs
(e.g. IBM Workpad)
Bases
• A physical, administrative, and logical boundary
– a collection of machines geographically co-located
– administrative guarantees: no network partitions (!),
constant power supply, trust within the Base
• Base platform simplifies authoring of services
– cluster primitives
• task execution, naming, and monitoring
• load balancing, failure detection, and restart
– persistent data primitives and guarantees
• distributed, available data structures
• Hides service implementation from rest of world
– granularity of services is at cluster level, not node level
Services: Programmatic Access
• Service
– Highly available program (or cooperating programs)
• fixed interface at a fixed location (in a Base)
• guarantees about performance, availability, consistency
– Strongly typed interface
• Multiple services of a given type compete
• Compete on location, price, robustness, “quality”, brand name
• Finding services: Service Discovery Service (SDS)
– Find “best” service of given type
• “best” according to multiple criteria (cost, geographic and
administrative location, speed, reputation, etc.)
– “Path” construction tied to service discovery
Base Implementation
iSpace
iSpace
iSpace
iSpace
SAN
Multispace cluster
• iSpace: the building block of a Base
– receptive execution environment
– intra-Base primitives (stub generation, consistent persistent
data repository access, etc.)
• Multispace: cluster-wide naming and resource mgmt
iSpace Execution Environment
Untrusted
Services
Security Mgr
Loader
Sandbox that contains
untrusted, uploaded
services. Currently just
the JRE’s standard
appletSecurityMgr
Trusted
Services
Service is an interface, plus objects
that implement that interface.
Name service, RMI stub
registry, and service
control API:
• LoadService (URL)
• interf.[ ]=ListServices
• stub=GetService(name)
• KillService(name)
Ninja RMI
KillService semantics
unclear… objects vs
threads?
Ground up re-implementation
JVM + persistent store APIs
of Sun RMI. Includes
authenticated, secure RMI,
iSpace
multicast RMI, and soon, AMRMI and VIA-RMI.
JVM provides code mobility and service upload
capability, plus strong typing of service interfaces. Added
distributed hash table API (think Linda space) to JRE.
Service instances must
be restartable, and must
provide their own interinstance consistency
mechanisms. (Hint: use
the consistent
distributed data
structure primitives.)
Multispace
services
iSpace
Multispace
Loader
Multispace
Cluster-wide name
service, RMI stub
registry, and service
control API. Services
names are at the
granularity of the entire
cluster, not individual
nodes.
• Multicast soft-state beacons to
distribute Multispace state
– beacons contain list of service
instances on each node, and an RMI
stub for each service instance
Multispace
services
Multispace
Loader
Multispace
iSpace
• RMI “Redirector Stubs” assembled
1
2
– run-time compiled RMI superstub
– contains all of a service’s instance’s stubs
– stub selection policy
• fail-over, broadcast, multicast, fork, etc.
3
– currently, idempotency and atomicity
required of service instances
Distributed Data Structures
• Solve the state management problem once and
provide high-level abstractions to service authors
– Hypothesis: given a set of highly-available, scalable,
persistent data structures, persistent BASE services will
be much easier to construct
• Example data structures:
– append/truncate-only Log
• system logging, generational mailstore, undo/redo logs, etc.
– Hash table
• web cache, search index/data, mint accounts, etc.
• pop quiz: why and how is this different than a filesystem?
– Tree / Trie / Treap
• to get interval search capabilities
Example Application: Parallelisms
• Provides “relevant site”
information given a URL
– an inversion of Yahoo! directory
• Yahoo!: returns URLs from a
hierarchy of topics
• Parallelisms: builds an index of all
URLs, and returns other URLs in
same topic groups
– read-mostly traffic, nearly no
consistency requirements
– large database of URLs
• ~ gigabyte of space for 1.5 million
URLs and 80000 topics
• Service FE itself is very simple
– 400 semicolons of C
• 130 for app-specific logic
• 270 for threads, HTTP munging, etc.
http://ninja.cs.berkeley.edu/~demos/
paralllelisms/parallelisms.html
Existing Applications
– Ninja "NOW Jukebox"
• Harnesses Berkeley Network of Workstations
• Plays real-time MPEG-3 audio served from 110+ CD's worth of music
– Voice-enabled room control
• Speech-to-text Operators control room services (camera, lights, microphone)
• Eventual integration with GSM cell phones and PDA-based UI
– Stock Trading Service
• Accesses real-time stock data from Internet
• Programmatic interface to buy/sell/trade stocks through online brokerage
– NinjaFAX
• Programmable remotely-accessed FAX machine service
• Send/receive FAXes; authentication used for access control
– Keiretsu: The Ninja Pager Service
• Provides instant messaging service via Web, 1/2-way pagers, WorkPads, etc.
Future Applications
• Universal Inbox
– e-mail, FAX, pager, voicemail accessible anywhere
• Universal Remote
– multiple-UI control of household/room devices
– automatic UI generation
• Ecash Mint
– Authenticated service to act as digital secure cash mint