1

WebOS

Dang Tran Tri

Huynh Thi Thu Thuy

Nguyen Huu Tuong Vinh

2

Agenda

• Introduction• Web OS overview• Resource Discovery• Global Namespace• Security and Authentication• Process Control• WebOS Applications• Rent-A-Server• Conclusion

3

Introduction

• Operating System: provide common services to applications: IO, communication, storage.

• With multiprogramming: include abstracting shared resource.

• Local Area Network: birth of Network OS to provide access to network resources.

• We need similar services for Wide Area Network distributed applications.

4

Introduction (cont)

• World Wide Web is the most widely used applications on the Internet.

• Web made geographically distributed read-only data easy to use, but geographically distributed computing resources are not.

• The result is that wide area applications that require access to remote CPU cycles, memory, or disk must be programmed in an ad hoc and application-specific manner.

• =>Increase complexity!

5

Introduction (cont)

• WebOS: a framework for supporting applications that are geographically distributed, highly available, incrementally scalable, and dynamically reconfiguring.

• WebOS includes:– Resource discovery– A global namespace– Remote process execution– Resource management– Authentication and security

6

WebOS Overview

• Resource Discovery– To provide the best overall system

performance, client applications must be able to dynamically locate the server able to deliver the highest quality of service.

– Resource discovery includes mapping a service name to multiple servers, an algorithm for balancing load among available servers, and maintaining enough state to perform fail-over if a server becomes unavailable.

– These operations are performed through Smart Clients.

7

• Wide Area File System:– To support replication and wide-scale sharing,

WebOS provides a cache coherent wide area file system.

– WebOS extends to wide area applications running in a secure HTTP name space the same interface, caching, and performance of existing distributed file systems.

WebOS Overview (Cont)

8

WebOS Overview (Cont)

• Security and Authentication:– To support applications operating across

organizational boundaries, WebOS defines a model of trust providing both security guarantees and an interface for authenticating the identity of principals.

– A key enabling feature is fine-grained control of capabilities provided to remote processes executing on behalf of principals.

9

WebOS Overview (Cont)

• Process Control:– In WebOS, executing a process on a remote

node should be as simple as the corresponding local operation.

– The underlying system is responsible for authenticating the identity of the requester and determining if the proper access rights are held.

10

Resource Discovery

• First, a service name must be mapped onto the replicated service representatives.

• Next, a load balancing decision must be made to determine which server is able to deliver the best performance.

• Finally, enough state is maintained to perform fail over if a service provider becomes unavailable.

11

Resource Discovery (Cont)

• Current Approach– Alta Vista search engine (1995) or Netscape

download page (1994) are geographically distributed by being replicated manually by the service provider. Load balancing across the wide area is achieved by instructing users to access a particular “mirror site” based on their location.

– To distribute load across servers, techniques such as HTTP redirect or DNS Aliasing can be used to send user requests to individual machines.

12

Resource Discovery (Cont)

• Smart Clients– Smart Clients enable extensions of server

functionality to be dynamically loaded onto the client machine.

– Java’s portability and availability in all major Internet browsers allow distributing these extensions as Java applets.

– Naming, load balancing, and fail over are performed from the perspective of the client.

13

Resource Discovery (Cont)

• Smart Client architecture– The GUI thread presents the service interface and

passes user requests to the Director Thread.– The Director is responsible for picking a service

provider likely to provide best service to the user. The decision is made in a service-specific manner. In this case, the nearest mirror site is chosen.

14

Resource Discovery (Cont)

• Bootstrapping Applet Retrieval– Naively, services would be named through URL’s,

with the applet downloaded each time the service is to be accessed. This would imply a central bottleneck, a single point of failure, and effectively doubling latency for small requests.

15

Global Namespace

• Many applications share state and transfer control using network communication

• Parallel applications use shared memory or message passing

• Using frameworks: global cache coherent file systems for communication and synchronization

• Requirements: authentication, security and fault tolerance

16

Global Namespace

• provides a unified way of mapping multiple NFS(Network File System is a file sharing protocol used on Unix systems ) or CIFS(Common Internet File System is a protocol developed by Microsoft) presented resources under a single Hierarchical logical data structure

• allows resources which are not physically located to participate in this structure

• allow data to be replicated and moved around the enterprise without compromising data access

17

WebFS

• A global cache coherent file system

• Goals:Cache coherent access to the global name

space for unmodified applicationA fully file system interface supporting

arbitrary file/directory operationsPerformance comparable to standard file

systems for cache access

18

High level WebFS architecture

19

WebFS performances

• the performance of WebFS relative to the performance of NFS on the modified Andrew Benchmark suite

20

WebFS Naming

• Root directory is defined to contain all HTTP/WebFS sites and is initially empty

• When access one HTTP/WebFS site system checks for the presence of first a WebFS and second an HTTP server.

• Sample:– webFS is mounted on /http– cd /http/www.6conf.slac.stanford.edu– cat index.html– cd image– …

21

WebFS HTTP limitations

• WebFS allows read access to the existing HTTP namespace

• Request the contents of a directory containing a pre-determined filename, but HTTP returns the contents of the file rather than the contents of the directory

• WebFS must address is the limited file statistics exported by HTTP when providing directory information

22

WebFS Authentication

• Uses Public Key Cryptography

• Each file is associated with ACL (Access control lists) enumerate users who read, write or excurse permission on individual files

• Users are uniquely identified by their public keys

23

WebFS cache coherence policies

• Goals: crucial for applications correctness, performance and development ease.

• Polices:Last writer winsAppend onlyMulticast updates

24

WebFS samples

• implementation of last writer wins cache coherence policy

25

WebFS samples

• implementation of append only cache coherence policy

26

WebFS samples

• implementation of multicast updates cache coherence policy

27

Transparent Result Caching

• Dynamic objects generated on the fly by HTTP Server one fundamental obstacle to aggressive caching in the Internet

• Caching dynamic objects to improve performance• Transparent Result Caching (TREC) to enable caching

of a certain class of dynamic objects• Return the cached contents of the file (not re-executing

the program) when initial request for particular program result

• Allows administrators to mark such program results as uncacheable or cacheable

• Samples: search engine application

28

Security and Authentication

• WebOS Security model Step 1: users transfer some portion of their access rights to webOS server when attempting to access a remote resource

Step 2: WebOS servers communicate using SSL

Step 3: The remote server checks if the proper credentials are held in local ACL’s

29

Link Layer

• WebOS relies upon a hierarchy of certification authorities (CA’s), responsible for producing X.509 certificates mapping principals to their public keys

• CA contains: CA identity, the name of principals, public key, the period during which the mapping is valid and digital signature of the entire certificate

• Using SSL to authenticate the identity of communicating servers to one another.

• SSL uses public keys from WebOS server’s X.509 certificate to establish an RC4 symmetric key for section communication.

30

Transfer of Rights

• Principals register with webOS and are able to control the transfer of portions of their rights to servers acting on their behalf

• A webOS server can recursively transfer rights to a second server by signing the appropriate transfer certificate if has a transfer right

• Principals transfer rights by creating a transfer certificate (specifies resource, identity of the target webOS server and time period during which the transfer certificate is valid)

31

Specifying and Validating Rights

• WebOS access rights are specified through Access Control List (ACL’s)

• Rights: read, write, modify, and execute permission on a given resource

• The steps to validate access to the resource:– Check for a valid timestamp in the transfer certificate– Determine if the requesting webOS server has the

proper authority to act on the principal’s behalf for the requested resource

– Check its local ACL’s to determine whether the principal has the proper access permission for the requested resource

32

Process Control

• Goals: safety and fairness

• As simple as forking a process on the local processor

• Using scheduling mechanism of local operating system to allocate fairness

• Using resource manager is responsible for jobs requests from remote sites

33

WebOS Applications

• Internet Chat:- The Internet Chat application is a simple client and server application. - The Chat Client stack contains the scripts for the client, and would be distributed to each person on the network.- The Chat Server stack contains the scripts for the chat server.

34

35

WebOS Applications(cont.)

• Internet Chat(cont.):- The initial implementation:

+1200 lines of Java code in the client+4200 lines of C++ code in the server.

- By using WebFS :+ 850 lines in the client+ The WebFS interface entirely

replaced the 4200 lines of chat server code.

36

WebOS Applications(cont.)

• Remote Compute Engine

- Using Web OS:

+ Remote programs to be invoked in the same way as local programs.

+Can allow access to the same files as local programs.

37

WebOS Applications(cont.)

- WebOS functionality is used:+The identity of requesting agents is

authenticated.+ Programs are provided secure access

to private files on both local and remote systems.

+Programs run in a restricted virtual machine isolated from other programs

Protect the local system from malicious users.

38

WebOS Applications(cont.)

• Wide Area Cooperative Cache:- WebOS simplifies the implementation of the cooperative cache:

+Smart Clients are used to determine the appropriate proxy cache to contact.

+WebFS is used to transport cache files among the proxies and to securely share any necessary state among the proxies.

+Finally, the authentication model allows proxies to validate their identities both to one another and to the client.

39

WebOS Applications(cont.)

• Internet WeatherA number of sites are currently

attempting to provide regular updates of congestion, latency, and partitions in the Internet.

theWebOS framework to generate more comprehensive snapshots of Internet conditions.

+ A centralized server provides Smart Client applets to view the current Internet weather.

40

Rent-A-Server

• Motivation Rent-A-Server allows sites to deal with

peak loads. Benefits for Rent-A-Server:

• Geographic Locality• Dynamic Reconfiguration • Transparent End-to-End Availability • Secure Coherent Data Access• Safe Remote Execution

41

Rent-A-Server(cont.)

• Current Approachs:– Mirror sites:are used to improve locality and to

distribute load. The system must always maintain enough

mirrors to deal with its peak loads.– Caching proxies:

• Groups of clients requests proxy machine.• Proxy machine attempts to satisfy the requests

from its local cache, sending the requests to the remote server if the cache cannot supply the data.

42

Rent-A-Server(cont.)

• System Design:– HTTP servers periodically send load information

to a load daemon. – In response to an update, the load daemon

transmits the state of all servers. – The HTTP servers transmit this state

information as part of the HTTP header to Smart Clients.

– The Smart Clients can use this information to determine which server to contact for its next request.

43

Rent-A-Server(cont.)

• System Design:(cont.)– When the load daemon notices that the

service as a whole is becoming overloaded, it contacts the resource manager on an available surrogate to create another server replica.

– WebFS is used to securely transmit any executables or data files needed to start the server.

44Rent-A-Server Architecture

45

Conclusion

• Extending server functionality onto client machines allows for more flexible implementation of name resolution, load balancing, and fault tolerance.

• Simplifying the implementation of a number of wide area applications.

• Demonstrating how Rent-AServer, an application developed in framework.

46

Reference

• http://www.uwm.edu/~kahl/Forecast/Teachers/

• http://www.cs.duke.edu/~vahdat/webfs/

47

Smart Clients

• Smart Clients : A Framework For Building Scalable Services.– Incremental Scalability: If the offered load begins to

exceed a service's hardware capacity, it should be a simple operation to add hardware to increase system capacity.

– Load Balancing: Load should be spread dynamically among server resources so that clients receive the best available quality of service.

– Dynamic Resource Recruitment: Related to the issue of scalability, a service should be able to transparently recruit resources to handle peaks in the load.