“We are building on this idea that basically is not new, this idea of virtualization, and I think the technology of virtual machines has been the subject of a renaissance with the zSeries and Linux and the virtualization of Intel machines,” he said. “Part of the reason for the renaissance of virtualization is the idea of trying to consolidate resources and use them as efficiently as possible and in the process making sure that access is secure. That’s a big functionality difference between a virtual machine model and a multi-user operating system.”
The virtual machine model will provide secure access to applications that were not available in earlier Grid experiments.
“One of the things we learned in the process of doing this at Purdue was that in many cases since we were trying to run applications that were not modified, we had to worry about the issues of trust and security,” Figueiredo said. “We had to make sure that if we enabled the user to run an application on the system we trusted the user, so that we had reasonable confidence they would not compromise the physical resources. In practice, we could not trust the user of the application. Therefore, in PUNCH we faced a situation where we could not publish an application because it wasn’t secure, even though we would have liked to make that application available.”
Virtual machine technology provides security on two levels, he explained. Because the user is not interacting with the underlying hardware, it is not vulnerable, even if there are security holes in the operating system running his application. It also protects other users accessing the same physical resources because they are on completely decoupled virtual machines.
The Intel machines at the University of Florida are running on a virtual machine platform provided by VMware, Palo Alto, CA. It is a “cousin” of the VM technology running on the IBM z800, according to Ed Bugnion, chief architect and co-founder of VMware, which is an IBM business partner.
“Our products are about running virtual machines on Intel servers,” Bugnion explained. “By virtual machine we mean in the traditional mainframe sense. Each virtual machine is independent of the other virtual machine. Furthermore, each virtual machine is completely isolated from the other virtual machine so you can consolidate a large number of servers on the same server.”
“In the case of the research at the University of Florida, you can also connect them and use these virtual machines as building blocks for a grid experiment,” Bugnion said.
The IBM zSeries : The Heart of the Grid Project
IBM’s pioneering development of virtual machine technology was one key to selecting the z800 to be the heart of the Grid project at Florida.
“The z800 makes use of highly efficient z/VM virtualization capabilities and supports Linux-based environments and applications — this played a determining role in our decision to deploy IBM technology and seek NSF funding to acquire the machine,” Fortes said in announcing the z800 selection by the university. “We believe that Grid resources of the future will be able to provide virtualization capabilities similar to those already available when using the z800.”