[ Home | Class Roster | Syllabus | Status | Glossary | Search | Course Notes]
"WebOS provides OS services to wide-area applications, including mechanisms for resource discovery, a global namespace, remote process execution, resource management, authentication, and security. On a single machine, application developers can rely on the local operating system to provide these abstractions. In the wide area, however, application developers are forced to build these abstractions themselves or to do without. This ad-hoc approach wastes programmer effort and system resources. To address these problems, WebOS provides basic operating systems services needed to build applications that are geographically distributed, highly available, incrementally scalable, and dynamically reconfiguring. An application that demonstrates the utility of WebOS is Rent-A-Server, a web server capable of dynamically replicating itself geographically in response to client access patterns.
WebOS began at the University of California, Berkeley in 1996 as part of the Network of Workstaions project. It was completed in 1998 with the NOW finale. Related efforts continue by project members at Duke University (ISSG), the University of Texas at Austin (Beyond Browsers), and the University of Washington. In addition, all three universities are collaborating on the Active Names work that grew out of WebOS." <from http://www.cs.duke.edu/ari/issg/webos/ >
global naming:
map service name to multiple servers
balance load
transparent recovery from server failures
persistent storage
cache coherent wide area file system
secure HTTP namespace
remote process execution
resource management
authentication and security
trust model
fine grained control of capabilities
Build on existing services IP, TCP, SSL, URL
Being generalized to Active Names
Problem: provide access to replicated web site considering number of servers, load, location, congestion, etc
Solution: because of dynamically changing loads, load this service into the client (Smart Client - Java applet)
GUI thread/Director thread
semi-static information to avoid over-reaction to dynamic changes
piggy-back load, membership info in server responses
stale information decays
fallback to random
Claim: easier to program shared memory than message passing? why
WebFS: allows user extensible properties to include cache consistency policy, prefetching, cache replacement, encryption policy
last write wins
waiting for internet multi-cast to become widespread - to update caches
optimistic re-integration after network partitioning
investigating Smart Proxies to provide URNs
integrate authenticated read/write access/ cache consistency with web server
Problem: protected rest of system from successful attack
on one server.
Solving System: CRISIS
transfer certificates: revocable fine-grained
signed certificates that transfer a subset of rights
validated by reference monitors
Must be countersigned by authority trusted by all sites
Certification Authority (CA) generates identity certificates assign locally trusted on-line agent (OLA) to countersign
typically expires in hours, can be cached
can revoke rights (OLA will refuse to endorse any more)
security manager for local resources, map privelges to domains
named roles group a set of privileges, principle acts as certification authority
For authorization, uses Access Control Lists (ACLs) as follows:
reference monitor verfies all certificates are unexpired and signed by pubic key within a current endorsement of a trusted CA and OLA.
checks for a path of trust between home domain and domains of all signing principals
work back to original granting prinicipal
checks against ACL
grant if match is found between object and all principals
resource manager on each WebOS site handles job requests.
If authenticate, creates a virtual machine controlled by CRISIS security system
Use Janus for virtual machine creation
Internet Chat: chat room = WebFS file
Smart Client and read and write file
File protection and encryption also protect chat room
allows replicated servers
without WebOS, 1200 lines JAVA at client, 4300 lines C++ at server
with WebOs, 850 lines at client, 0 at server
Remote Compute Engine
Wide Area Cooperative Cache
Internet Weather
Smart Clients do traceroutes to subsets of server-determined sites
Sent to centralized controlling server
Uses to advise smart clients?
Problems with proxy approach (client managed (replicated) caches)
server does not know when data stale because does not know who has data
server inaccurate view of content popularity (for ad revenues)
may violate copy right laws
System Design
Every tenth request, server piggybacks server state in HTTP header
includes list of all replicated servers, their location, estimate of power and load, available times
Rent-A-Server keeps load (requests/sec, bytes/sec) which it periodically sends to centralized load daemon
Load daemons send server group state to all servers (which is piggybacked to clients)
They also can spawn new servers or retire old ones (expire lease)
Spawning a new server, sends request on a SSL channel.
creates transfer certificates for executables and service state (including CGI scripts)
Runs HTTP server in JANUS VM
Performance
Three sites, Seattle, Berkeley, Austin
raw packet transfer rates
Berkeley to Seattle, 20 ms round trip
Berkeley to Austin, 187 ms with 2% packet loss
Seattle to Austin, 490 ms with 20% loss
Start 2 clients reading 1KB HTML file
Results single server at Seattle
3 seconds for Berkeley and Seattle
4-10 seconds at Austin
Results with Rent a server
After 90 seconds, spawns second server at Berkely - latency improves to .75
seconds
After 200 seconds, spawns third server at Austin
Caveat: lots of duplicated requests.
From this paper.
service specific applets
Start with random access to set of servers, learn best
response
(assumes locality of service requests)
State updates lazy or eager
server can inform smart clients of new server additions and
other changes of state
(every smart client is associate with at least one server)
query search engine to find new service name space (e.g. service://now
chat service)
NOW = Network Of Workstations
URL points to a page with a service certificate
references both client interface and director applets
initial guess on service group membership
Learns more by requesting service
browser extension to cache the applets
save state of director applet (which is more recent state of service) by serializing this applet to disk
HTTP Redirect (doubles latency, single point of failure, not fault tolerant)
DNS aliasing: random distribution among set of servers (not geographic, variance in service time)
Magic Routing: modifies IP address - can load balance and fault tolerance (no load statistics - service requirements)
Fail-safe TCP: two mirror machines respond to single TCP connection
Active Networks: fault tolerance and load balancing
None take into account service semantics