Open Source Roadmap: Realtime Enterprise Linux and Security Solutions

About This Presentation

Title:

Open Source Roadmap: Realtime Enterprise Linux and Security Solutions

Description:

University of Wisconsin makes Condor source code available under OSI-approved ... enterprise features, management, and supportability to Condor and MRG Grid ... – PowerPoint PPT presentation

Number of Views:345

Avg rating:3.0/5.0

Slides: 70

Provided by: nick60

Category:

more less

Transcript and Presenter's Notes

Title: Open Source Roadmap: Realtime Enterprise Linux and Security Solutions

1
Open Source Roadmap Realtime Enterprise Linux
and Security Solutions

Agenda
800-915 Realtime Enterprise Linux
915-930 Break
930-1045 Open Source Security Solutions
1045-1100 QA and Closing

2
Red Hat Enterprise MRG Realtime Tim
Burke Senior Director Emerging Technologies
3
Agenda

What? - MRG product objectives
Who? - Target use cases
Performance results
How? - Implementation strategy
Then what? - support, maintenance, hardware
certification
Messaging Grid components

4
Red Hat Enterprise MRG

High performance distributed computing platform
that extends Red Hat's Linux Automation Strategy
with new levels of performance, scale,
utilization, flexibility, and qualities of
service
Transparently schedule any computing task across
local grids, remote grids, cloud infrastructure
such as Amazon EC2, and idle desktop workstations
Enable applications to run with the lowest and
deterministic latency
Send durable messages with two orders of
magnitude higher throughput
New product that integrates Messaging, Realtime,
and Grid

5
MRG Messaging, Realtime, Grid

Integrated platform for high performance
distributed computing
Messaging
High speed, interoperable, open standard
messaging middleware
500,000 messages/sec per storage LUN
Realtime
Predictability, low-latency, quality of service
Linux kernel
Grid
Scheduler high performance computing (HPC) for
distributed workloads, cycle stealing
Managing large pools of computers tasks
The 3 components are complimentary, but can be
used independently

6
MRG Realtime Target Market

Target hardware
Commodity high volume x86, x86-64 computers
(Intel AMD)
Typically 1U-4U rackmount or blades
512MB mem
Not targeting embedded, small footprint devices
Systems certified based on market pull
Target use case
Distributed client/server compute models
High speed networking computation
Not targeting database / fileserver
Workload requirements for consistent, predictable
application response times

7
(No Transcript)
8
MRG Realtime product objectives

Determinism ability to schedule high priority
tasks predictably and consistently
Priority ensure that highest priority
applications are not blocked by low priority
Quality Of Service (QoS) trustworthy,
consistent response times
Proven results
Context switch latency under 25 µs. 99.9999
under 20 µs (from interrupt to commencing running
new process)
Average of 38 improvement over stock RHEL5
Timer event precision enhanced to µs level,
rather than ms

9
Why determinism matters

When close enough isn't good enough
Financial Services time is money
First response wins competitive bids
Legal requirements for consistency
Federal Sector command and control
Rapid response to data inputs
Trustworthy response times
Telco/Network network packet handling
Quality of service

10
MRG Realtime Illustrating determinism

Red Hat Confidential
11
Detail zoom-in of RHEL5 vs MRG Realtime

Red Hat Confidential
12
Typical sources of non-determinism

Application priorities
One application blocks another
Or holds a contended resource (lock)
Linux kernel
When the Linux kernel is running, applications
block
The longer the kernel runs, the longer
applications block
Determinism bounded by longest running kernel
codepath

High priority app runs
High priority app resumes
Interrupt
Kernel interrupt handling scheduler
13
Realtime kernel determinism improvement strategy

Measure identify long-running kernel codepaths
Improve algorithms for more concurrency
Run as little as possible non-preemptable
Defer processing to lower priority kernel threads

High priority app resumes completes
High priority app runs
Next high pri app runs
Interrupt
Lower pri int handler completes data transfer
Int handler blocking portion. Schedule lower
pri processing thread
14
Realtime Linux history

Previously realtime products were niche,
non-standard
Requiring specialized operating system
Requiring custom development environments
Requiring porting / re-build support for
applications
Precludes most 3rd party ISV software
Requiring deployment training to system
administrators
Previous attempts at submitting realtime
capabilities in the mainstream Linux kernel tree
failed
Detrimental to other use cases (desktop,
database/fileserver throughput)
Patch-bombs
Submitters lacked patience and community
interaction skill

15
MRG Realtime Breakthroughs

Red Hat engineers succeed at mainstream
acceptance
Methodical multi-year implementation
Started with extensive rearchitecting enablers
Incrementally added features beneficial to all
use cases
Iteratively worked to cooperatively build an
inclusive realtime community
MRG Realtime is COTS (Commercial Off The Shelf)
operating system
Standard RHEL5.1 OS
Replacement kernel
Provides full application compatibility
No application recompilation required
Integrated with distributed high speed messaging
grid scheduler
MRG Messaging, MRG Grid

16
MRG Product Composition
MRG Messaging
MRG Grid
IBM Real-time Java
Red Hat Enterprise Linux 5.1
3rd party applications
RHEL5.1 utilities (1000)
RHEL5.1 glibc runtime library
MRG Realtime replacement kernel
17
How? - Productization Strategy

Follow proven Red Hat Enterprise Linux approach
Upstream objective from day1
Transparent, inclusive development
Patience to do it right longterm incremental
inclusion
Select stabilization points
Extensive internal external testing and
hardening
Benefits of this strategy
Red Hat is uniquely positioned to support and
continue to drive upstream focused enhancement
Mainline upstream inclusion allows COTS
advantages
Supportability
No need for custom dead-end releases lagging in
time
Allows usage of full release features ie,
SELinux

18
How? - Demonstrated leadership in upstream
community development

-rt patchset
A working sandbox for a community of developers
users
The recognized Linux epicenter for RT active
work-in-progress
Comprehensive RT enablement, not just a quick
VM/scheduler hack
A growing collection of many features. Not just
1 thing.
Many of its features enabling cleanups are
already upstream.
Large patch set in core kernel codepaths
(interruptss, scheduler, locks, etc).
120,000 lines at its height. As of 2.6.21 -
shrinks to half
Many more in 2.6.19 20. Other parts will go
into .21, .22, ....
Will take well over an additional year to
mainstream all of it. Targeting full RHEL
integration in subsequent major release, ie
RHEL6.

19
How? - Community Project

Upstream -rt developer participants and
approximate contribution rate
45 - Ingo Molnar lead developer and overall
upstream leader. Focus on scheduler, locking,
interrupts. Red Hat fulltime employee
35 - Thomas Gleixner developer, primarily
concentrating on timers. Contractor to Red Hat
10 - Steven Rostedt developer. Red Hat
fulltime employee
10 - all other participants (IBM, Monta Vista,
Timesys, Novell, etc)
All efforts are ultimately shaped towards
long-term mainstream inclusion
Substantial additional Red Hat internal staffing
for productization
Testing test development
Fixing
Tool development system mgt performance
monitoring
Documentation and associated tools development.

20
Real-time kernel work upstream

Priority inheritance futexes (PI-futex) (2.6.18)
Generic IRQ layer (2.6.18)
Core time re-write (2.6.18)
Sleepable RCU (2.6.19)
Latency Tracer (circa 2.6.18)
High-resdynticks (2.6.21)
CFS completely fair scheduler (2.6.22)
Conversion of spin-locks to mutex (2.6.24)
All Interrupt handling in threads (2.6.24)
Full rt-preempt (2.6.25)

Items 2.6.18 and prior are in RHEL5
Work over the last 2 years. 90 Red Hat, 120,000
lines
Mostly maintained in -rt tree
Over the last year, many patches have moved from
-rt to mainline kernel
BKL preemptable (2.6.8)
Mutex patch (2.6.16)
Semaphore-to-Mutex conversion (ongoing 85 done)
Hrtimers subsystem (2.6.16)
Robust futexes (2.6.17)
Lock validator (2.6.18)

21
Upstream success Improve kernel lock
synchronization

Improve granularity identify and correct
contention points
Mutex rather than semaphores
Mutexes are lighter weight
Lock validator
Efficient runtime confirmation of lock ordering
Can detect race conditions without actually
hitting them
Priority Inheritance (PI)
Prevents low priority processes blocking higher
priority. Problem scenario
Low priority process takes lock
High priority process needs lock, but must wait
Long running medium priority process preempts low
priority process
Solution temporarily boost low pri process to
allow completion
Required for realtime java 1000's of threads

22
Upstream success timer precision interrupt
handling

Timer enhancements
Infrastructure cleanup factor common code,
increase fields to represent nanosecond precision
Timer precision utilize high resolution
hardware timers at microsecond precision rather
than approximate periodic time interrupt
millisecond precision
Generic timeof day cleanly accommodate diverse
clock sources
VDSO gettimeofday() - performance enhancement for
millisecond accuracy
Dynamic ticks power savings no need to to
timer interrupt 1000 times per second on idle
system transition to low power state (great for
OLPC)
Interrupt handling
Generic IRQ mechanism infrastructure cleanup
factor common code
More fine-grained hardware interrupt control
CFS Completely fair scheduler
Provides fair interactive response times in
almost all situations
Includes modular scheduler framework realtime
task scheduler first

23
How? - No application changes required

All of the realtime enhancements are in the
kernel under the hood from an application
perspective.
No application changes are required to benefit
from realtime enhancements.
Applications which are latency bottlenecked due
to kernel scheduling and interrupt handling will
see benefit.
Latencies introduced entirely in userspace
(sub-optimal application code, unbounded java
garbage collection, etc) are not eliminated.
Recompilation is not required (same gcc/glibc as
standard RHEL5)
Applications recompiled on RHEL5 benefit from pi
mutex glibc implementation enhancements to avoid
syscall overhead on uncontested locks.

24
How? - performance monitoring tools

Existing standard RHEL5 based performance
monitoring tools remain relevant
Gdb, OProfile Frysk source level debuggers
profiler
SystemTap, kprobe kernel event tracing and
dynamic data collection
kexec/kdump standard kernel dump / savecore
capabilities
Latency Tracer new MRG Realtime feature
Runtime trace capture of longest latency
codepaths both kernel and application. Peak
detector
Selectable triggers for threshold tracing
Detailed kernel profiles based on latency triggers

25
How? - Testing Strategy

Internal external collaborative effort
Internal
Run through standard RHEL gauntlet.
Incorporate additional latency/performance tests.
Include debug variant lock validation, other
sanity checks
External
Share code and leverage pre-existing -rt
community
Involve hardware partners and select customers in
beta
Leverage baseline kernel testing (ie 2.6.23) of
non-rt kernel in Fedora
Bound testing support to a finite set of
targeted hardware (based on customer pull)

26
What? - Requirements expectations Support /
Maintenance / Compatibility

Fully supported offering, extending the RHEL5
capability set
Sold separately from standard RHEL, different
pricing model
Ongoing maintenance. ie, not a 1-shot. Security
errata, fixes and enhancements.
Expecting ongoing feature enhancement, continued
access to innovation.
Itemization of tested / supported hardware per
customer need
Compatibility
Fully application level compatible with RHEL5
Kernel ABI different from RHEL5 and evolving at
discrete milestones
3rd party kernel modules require rebuild and
retest
Professional service engagements also available

27
Then what? - maintenance

Following the RHEL maintenance strategy that made
Red Hat voted 1 IT value as voted by CIO Insight
Bugfixes and security fixes will be provided
regularly.
The -rt patch set is rapidly evolving. Each
upstream kernel has been incorporating selected
portions. This will probably take well over a
year to get the bulk of it in. Many fixes and
feature enhancements will necessitate sizable
change. Hence the traditional RHEL frozen code
fork is not possible.
Anticipating kernel rebasing in some updates.
Frequency TBD
Development / test builds with each upstream
version ie 3 months
Product update rebases less frequently ie 6
months
This makes ongoing maintenance enhancement much
more upstream focused (vs typical static RHEL
branch)

28
Then what? - Hardware certification

Commodity high volume systems not custom
realtime-only gear
Different kernel from RHEL5, so RHEL5 certs don't
equal RT cert
RHEL5 cert is a prerequisite
Additional cert tests in RT, ie latency
Kernel rebasing in updates necessitates
re-validating cert
Certification implications
Different certification branding designation, ie
RT Tested
Recognize it's a small identified set of HW we
get in-house, into routine regression testing, to
automatically perform re-validation with each
rebase.
Only test full systems, not individual drivers.
Target certified platforms based on customer
justification

29
Collaboratively developed realtime OS
messaging. Realtime java. The power of
community.
Financial Services Firms
Telco / NEBS
Federal
IBM realtime java
Red Hat AMQP Messaging
Red Hat - MRG Realtime
Linux Kernel Community
HP
Intel
AMD
IBM
30
How? - Realtime Java (RTSJ)

Versions of Java which are more deterministic
primarily by removing garbage collection
unpredictability and inter-JVM communication
MRG Realtime is the only Linux kernel having the
prerequisites (ie, Priority Inheritance,
preemption)
Working closely w/ IBM
IBM WebSphere Real Time
Realtime spec conformant 200,000 rt thread
capable
Exclusive realtime garbage collector
1ms max GC pause time
Uses at most 30 cpu in any 10ms window
Deployed by US Navy
DDG Destroyer program

31
What? - The broader pictureEnterprise realtime

Most use cases are not isolated systems
Commonly networked pipeline of systems
TCP/IP, middleware, messaging
3rd party software

Clients
32
MRG Messaging

Provides messaging that is up to 100-fold faster
than before
Spans fast messaging, reliable messaging,
large-file messaging
Implements AMQP, the industry's first open
messaging standard, for unprecedented
interoperability that is cross-language,
cross-platform, multi-vendor, spans hardware and
software, and extends down to the wire level
Uses Linux-specific optimizations to achieve
optimal performance on Red Hat Enterprise Linux
and MRG Realtime
Takes advantage of RHEL clustering, IO, kernel,
and more
Includes new high-performance AIO Journal for
durable messaging
Provides native infiniband support for transient
messaging
Runs on non-Linux platforms without the full
performance and quality of service benefits that
Red Hat Enterprise Linux provides

33
About AMQP

AMQP is an open specification for messaging
It is a complete specification if it doesnt
contain all the information necessary to
implement, we consider that a bug in the
specification
Anyone may use the AMQP specification to create
useful implementations without being charged for
the IP rights to do so
AMQP aims to be technology and language-neutral
Available in C, C, Java, JMS, .NET, C, Ruby,
Python, etc.
Requires IP, and can be used with TCP, UDP, SCTP,
Infiniband, etc.
Products complying with AMQP are inter-operable
AMQP is a Wire-Level protocol based on the
ubiquitous IP
Wire-level compatibility means it can be embedded
in the network
Applications written to Product X will plug into
servers running Product Y
Red Hat is a founding member of the AMQP Working
Group

34
MRG Grid

Brings advantages of scale-out and flexible
deployment to any application
Delivers better asset utilization, allowing
applications to to take advantage of all
available computing resources
Dynamically provisions additional peak capacity
for Christmas Rush-like situations
Executes across multiple platforms and in virtual
machines
Provides seamless and flexible High Throughput
Computing (HTC) and High Performance Computing
(HPC) across
Local grids
Remote grids
Remote clouds (Amazon EC2)
Cycle-stealing from desktop PCs

35
MRG Grid is based on Condor

MRG Grid is based on the Condor Project created
and hosted by the University of Wisconsin,
Madison
Red Hat and the University of Wisconsin have
signed a strategic partnership around Condor
University of Wisconsin makes Condor source code
available under OSI-approved open source license
Red Hat University of Wisconsin jointly fund
and staff Condor development on-campus at the
University of Wisconsin
Red Hat and the University of Wisconsin's
partnership will
Add enhanced enterprise features, management, and
supportability to Condor and MRG Grid
Add High Throughput Computing capabilities to
Linux

36
Red Hat Enterprise MRG Availability

MRG Announcement Beta Launch December 2007
Public beta
MRG v1.0 Early 2008
RHEL-only support for MRG Messaging broker
MRG Grid Technology Preview
MRG v1.1 Late 2008
Multi-platform support for MRG Messaging
Java-based broker
AMQP support updated to newly available AMQP
version (1.0)
MRG Grid support available

37
Recaping RHEL Model Differences

Smaller focused customer base, high touch
More rapid access to kernel innovation
Focused subset of hardware platforms supported
x86, x86-64 only
3 or 6 month updates
SLA balancing technology access vs assurance
Certification smaller hw set, fewer kernel ISV
participants
Different pricing model, coupled with
professional services

38
Summary Which RHEL is best for you?

Standard RHEL4 5
General purpose server, without strict
performance SLAs
Throughput intensive ie database (TPC-C/H),
file serving, web / mail servers, HPC clusters
No identified high priority processes - treated
equally
Tuning with cpu affinity and interrupt binding
in RHEL45 provides required latency
Cost sensitive
Virtualization capabilities
3rd party kernel ISVs

MRG Realtime
Specialized server for deterministic low-latency
performance SLA
Specifically identified high priority processes
requiring rapid scheduling in response to events
ie recalculate of risk / trade based on new
info
Requirements for high precision in timing, ie
gettimeofday()

39
Why is Red Hat the superior realtime platform?

(compatibility) standard RHEL5 user space install
no application changes
(leadership) RH engineer is leading the
upstream/mainstream realtime initiative
(results) RH engineers have produced the vast
majority of the implementation
(technical expertise) realtime hits the most
core/sensitive kernel areas
(vision) realtime capabilities continue to evolve
(product delivery support) its the RHEL guys
(completeness) not just a kernel a complete
realtime stack
(partnerships) the only realtime java certified
platform w/ IBM

40
Additional Information
http//redhat.com/mrg Detailed technical MRG
Realtime whitepaper http//www.redhat.com/f/pdf/m
rg/mrg_realtime_whitepaper.pdf
41
(No Transcript)
42
Open Source Security Solutions Kevin
Unthank Senior Product Manager Red Hat Identity
Management Products
43
Why do organizations care about security?

2. Risk reduction
(To protect money, data, reputation)

1. Compliance
(Because they have to)
FIPS201
HSPD-12
SOX
PCI
HIPAA
GLB

44
Open source software is a security innovation

1. Open source means more eyes on the code and
therefore less security bugs
2. Open source means rapid response to any
vulnerabilities

Time from a critical issue being known to the
public until the day that a fix is available via
RHN Red Hat Enterprise Linux 4, Feb 2005-Feb 2006
45
Open source software delivers security innovation

3. Security features
NX emulation
Address space randomization (ASLR)
Position Independent Executables (PIE)
Update signing
Module signing
Address space randomization for vDSO
Restricted access to kernal memory
Heap memory checks
Fortify Source
ELF Data Hardening
Stack Smashing protection (Canary values)
Pointer encryption
Memory Protection
CVE compatible
OVAL compatible
SELinux

4. SELinux
Granular policy based control over a program's
access to data and the kernal resources.
Developed w/ NSA and open source community
Transparent to applications and users
RHEL 5 All system space locked down
SELinux partner program
EAL4/CAPP/LSPP/MLS

46
SELinux in detail
47
Common Criteria, MLS LSPP

NIAP/Common Criteria
Red Hat Enterprise Linux 4 EAL 4/CAPP (October
2005)
Red Hat Enterprise Linux 4 EAL4/LSPP (February
2006)
Red Hat Enterprise Linux 5 EAL4/CAPP/LSPP/RBAC
(June 2007)

Sensitivity Levels

Categories
Need to know

48
Red Hat Efforts

NSS Provides FIPS 140-2 certified encryption

Red Hat Certificate System
49
NSS Architecture Diagram
S/MIME
SSL
Certificate library
Crypto device management
FIPS 140 validated S/W crypto
Hardware security module
Hardware crypto accelerator
Smart cards
50
Trusted Platform Module

Planned for inclusion in next minor release of
RHEL (5.2)
What functionality would you like to see?
What functionality would you use?

51
Linux Unified Key Setup (LUKS)

New in RHEL 5
Data-at-rest encryption
FIPS 140-2 (using NSS)
Works with device-mapper

52
Information Assurance Policies
53
Path to initial compliance

Scripting
Copious amounts of scripting
GEN004000 (G633) This prevents non-root user
from running tracerouteecho Locking down
GEN004000chmod 700 /bin/traceroutechmod 700
/bin/traceroute6echo GEN004000 Complete
Times 100 or so
justin_at_taco ks wc -l rhel5-desktop-baseline-1.7
.cfg 1166 rhel-5-desktop-baseline-1.7.cfg

Centralized config file version management
RHN Satellite
Other tools
CFEngine
CVS
Subversion
Third-party Utilities
Bastille
Security Blanket
By hand
Torture for x gt 1

54
NIST Standards-based work

Security Content Automation Protocol (SCAP)
Open Vulnerability and Assessment Language (OVAL)
Red Hat currently utilizes OVAL
ltdefinitionsgt ltdefinition
id"ovalcom.redhat.rhsadef20070555"
version"201" class"patch"gt ltmetadatagt
lttitlegtRHSA-20070555 pam security, bug fix,
and enhancement update (Moderate)lt/titlegt
Extensible Configuration Checklist Description
Format (XCCDF)
Enumeration for configuration requirements
DISA FSO committed to deploying STIG as XCCDF
Others working with NIST
Security policy becomes one file

55
Audit

audictctl -a exit,always -S mknod -F success0

56
Why do organizations care about security?

3. Increase efficiency of IT
(And therefore save costs)
Many security solutions
- Collect, centralize, and analyze data
- Enable centralized management

4. Enable their business
(And bring in new revenue streams)

Internet SSL ---------------
NAS
RADIUS
LDAP
NAS
RADIUS
x50
x50
x5
57
What does Red Hat Directory Server provide?

Centrally store vital security data
Identity
Username, data, password, organization, groups
Machine name, groupings
Synch info with Microsoft Active Directory
Policy
Application Settings
User Profiles
Access Control Information
Directory not a database
Read optimized
Organized around users, machines, and policy
LDAP
Manage this data
GUI or command line

Make security data highly available
Replicate
Authenticate users
Widely supported OS access through NIS or PAM
gateway
Supports Kerberos via SASL
Integrated support for X.509 certificates
Can call out to databases, legacy systems via
plug-in API
Control access at a fine level
Using external criteria like type of connection,
day of week/time, hostname/IP
Using groups (engineering) or roles
(managers)

58
What does Red Hat Certificate System provide?

Introduction
System for managing certificates
Create, provision, store, revoke
Standards based
Use public key cryptography
Common Criteria Certification
Authentication of users
Replaces password
Certificate put on smart card, USB
Used to prove identity
Integrated with RHEL
Integrated with Windows

Authentication of machines
Machine has a certificate
Uses it to prove identity to other machines
Encryption
Prevent wrong person from viewing
Certificates used to create secure communication
channel
Certificates used to encrypt data
Signatures
Prevent anyone from tampering
Certificate used to sign email

59
Smart Cards
60
Enterprise Linux 5 System Login

Smart card login installed and available on every
single instance of Red Hat Enterprise Linux 5
Easily configurable with standard desktop GUI
Advantages
Multi factor authentication strong credentials
System has to trust issuing authority
System checks cert validity with OCSP server
Drawbacks
Disconnected operation
Doesn't provide single sign-on

61
PKI and Kerberos Independently Successful

PKI
Smart card authentication
Web services
TLS, SSL
Encryption
Signing
Data integrity
Non Repudiation
Asymmetric keys

Kerberos
System Login
Secure Filesystem access
NFSv4, CIFS
Email server access
Printing
Symmetric keys

62
Kerberos PKINIT
Authentication Server
x509 Certificate
Encrypted Ticket Granting Ticket
Ticket Granting Server
Ticket Granting Ticket
Service Ticket
Service Ticket
Kerberized Service

Enterprise Single Sign-on
Strong authentication with strong credentials

63
Security Information Situation Today

Many security and security management
applications store and manage their own vital
security information
Identity
Policy
Audit
Difficult to analyze across applications, so
organizations can't
Form a full picture of their security stance
Comply with government regulations
Protect themselves sufficiently
Efficiently enable their operations
Example Identity silos
Example gt problem for Policy, Audit

64
What is needed?