1
PCs for Mere Mortals
Monica Lam
Stanford University
2
PCs
• Hardware: Cheap and fast– $500: 2.6 GHz, 128 MB mem, 40GB disk
• Market penetration– 69% of U.S. households have PCs– 75% of U.S. people using the Internet– 24% of U.S. households have DSL
� Software� insecure, fragile, frustrating to use
3
Internet Worms
• MSBlaster, Nimda, CodeRed , …• Slammer
– infected > 75,000 machines, most within 10 minutes
– damage estimated to be $1 billion
• Patches were available before attacks– Not installed on computers:
at home, companies, Microsoft
4
System Management
• Set up– Software purchases and installations– Network of machines– File servers with back up– Firewalls
• Maintenance: – Security patches, software upgrades– Hardware upgrades
• Error recovery– Recover data from back up – Re-install OS + software
5
Home Computer Administration Tasks
• Fall on consumers• Cannot solve problems
by simply purchasing new computers!• How much does professional system
admin cost?
6
Professional System Admin
• Adminstration and support– $11,900 a PC a year (Gartner)
• Labor costs >> hardware costs • Hidden costs: loss of productivity• A linear function!
7
Incremental Improvement Insufficient
• Professional system admin is necessary!– Office users– Telecommuters– Consumers
• Must make system administration scalescale• Leverage hardware technology
– machine cycles– network bandwidth– storage capacity
8
How do we make computers as easy to use as TVs?
• Turn on computer connected to a network• Plug in personal “key” to unlock private
data• Dial to different channels of the latest
software
9
No software installation!No operating system re-install!
No computer viruses!Automatic backups
Global access everywhere
10
Appliances
• Unix-based PC• Fixed function• Simple and intuitive interface• Guaranteed automatic updates
11
+ OS, Applications, Data(bits)
Virtual Appliance
Appliance
12
Virtual Appliance Computing Model
VAPRepository
INTERNET
User Data
VAPreceivers
13
Appliance Flow
VAPRepository
INTERNET
User Data
VAPreceivers
(1) Publisher stores VAPs
14
VAPRepository
INTERNET
User Data
VAPreceivers
Appliance Flow
(2) User logs onto a VAP Receiver
15
VAPRepository
INTERNET
User Data
VAPreceivers
Appliance Flow
(3) VAP receiver authenticates user
16
VAPRepository
INTERNET
User Data
VAPreceivers
Appliance Flow
(4) VAP receiver gets latest copy of VAP, mounts user data
17
VAPRepository
INTERNET
User Data
VAPreceivers
Appliance Flow
(5) VAP receiver runs VAP and writes back user data
18
OSes are not run onOSes are not run onbarebone hardwarebarebone hardware
– Rich API– Impossible to perfect– Vulnerable– Who re-installs the OS?
Updates it and backs it up?
19
VAP receiver: A Service Plane
• A relatively small trusted computing base• Runs VAPs using a virtual machine
monitor – e.g. VMware GSX / ESX– Runs Linux, Windows software
• Provides service functions:– Transfers, updates, backs up VAPs
All without modification to appliancesAll without modification to appliances
20
Advantages
• Security– Up-to-date security patches– Pristine copy with each log in
• Appliance publication model is scalable• User mobility• Simple hardware management
– Anonymous hardware
21
Top 4 Questions
4. What if I wish to install a flash plug in? or new software?� Published appliance is a fully-tested superset of most users’ environments
� Use multiple VAPs� Company admins prepare 1 for each role� Distribution of software as VAPs� Install software in separate playpen VAP
22
4. What if I wish to install a flash plug in? or new software?
Top 4 Questions
� Limited software selection� Limited interactivity� Application lock-ins� Data privacy: photos? tax returns? email?
� Scattered data
3. Why not just more web applications?
23
3. Why not just more web applications?
Top 4 Questions
2. How slow is this model? 2. How slow is this model?
1. How to deploy this?1. How to deploy this?
4. What if I wish to install a flash plug in? or new software?
24
VAPs as a Data Type
• VAPs are large!• What is in a VAP? • Operations
– Create– Store– Update– Customize– Transfer– Back up
25
A Virtual Appliance
• Contents of the bits on an x86 machines• Program disk
– Default Windows XP: 1.5 GB– Red Hat version 7.2: 1.6 GB
• Data disk– Use CVS or network-mounted files for
sharing
• Suspended memory image (100s MB)
26
Virtual Networks of Virtual Appliances
Firewall
DNS LDAP
Plone
Parent Network
• A group appliance
27
Updates
Version 0
Diffs = Copy-on-write disks
• New software installation & upgrades– Sizes similar to installer and update
packages– Guaranteed to work
28
Customizations = InheritancePublisherupdates
� ��� ��
+ UserParameters
inheritance
��� �� �
� � � � � ��� � � �� � � + UserParameters
inheritance
��� �� �
� � � � � ��� � � �� � �
29
Transfer: Moving Memory Image• Move memory image, demand-fetch the
rest– Memory image holds working set– Eliminates boot-up overhead
• Especially significant for Java apps
– “Ballooning” reduces size of state
• Transfers a new memory image in about 10 minutes over DSL link
30
Transfer opt: Cache
• Opportunity:– Same appliances used on same machines
• Cache– Immutable appliances simplify caching– Speeds up re-use of similar appliances
31
Transfer opt: Portable storage
• USB flash drive: 1.5 GB, $175• Compact flash microdrive: 4 GB, $369• 1.8’’ portable hard disk: 40 GB, $180• 2.5’’ portable hard disk: 60 GB, $125
We can carry our cache with us!We can carry our cache with us!
32
Transfer opt: Portable storage
A bootable image of a VAP receiver + a cache• Easy deployment:
– Make any PC our own– Does not change the state of hosting PC
• Universal access:– Access to all VAPs on the network
• Network accelerator: – Fast access to appliances previously used
33
USB drives (cont.)
• Automatic storage management– A precharging process
pre-loads drive with popular blocks
• Automatic backup:– Continuously saves data in background– Keychain mostly carries redundant state
• Secure: leaves no trace on host computer
34
Collective Prototype
• CVL: a Collective virtual appliance language– Virtual appliance networks– Customization specified as inheritance
• Repository– Naming to keep track of versions
35
Collective Prototype (cont.)
• VAP Receiver – Assumes the computer can be connected to
the network using DHCP– 500 MB bootable image
• Knoppix Linux• VMware GSX virtual machine monitor
– Talks to the repository via NFS over SSH
36
Preliminary Results
• $4G Microdrive over simulated DSL speeds
• No perceivable difference – editing files– playing MP3
• local / remote music: same interface, no perf diff
37
Comparing with a local appliance
-2
0
2
4
6
8
10
12
14
Windows 2000Linux Redhat Linux kernel compile
LAN DSL NFS
cachednot
cached cachednot
cached
38
Replaces Labor with Technology
Manual labor � processor cycles� network bandwidth � storage
System admin� virtual machines� distributing VAPs over the network� portable storage as a network
accelerator
39
Conclusions
• Practical alternative to PC desktop model– Works with all x86 software– Runs on generic x86 PC connected to the
network
• Supports Windows, Linux, … Java machines simultaneously
• Up-to-date systems � better security• Easier-to-use software � more software
Top Related