Fall 2000: CS 771/871 Operating Systems

[ Home | Class Roster | Syllabus | Status | Glossary | Search | Course Notes]

WebOS

"WebOS provides OS services to wide-area applications, including mechanisms for resource discovery, a global namespace, remote process execution, resource management, authentication, and security. On a single machine, application developers can rely on the local operating system to provide these abstractions. In the wide area, however, application developers are forced to build these abstractions themselves or to do without. This ad-hoc approach wastes programmer effort and system resources. To address these problems, WebOS provides basic operating systems services needed to build applications that are geographically distributed, highly available, incrementally scalable, and dynamically reconfiguring. An application that demonstrates the utility of WebOS is Rent-A-Server, a web server capable of dynamically replicating itself geographically in response to client access patterns.

WebOS began at the University of California, Berkeley in 1996 as part of the Network of Workstaions project. It was completed in 1998 with the NOW finale. Related efforts continue by project members at Duke University (ISSG), the University of Texas at Austin (Beyond Browsers), and the University of Washington. In addition, all three universities are collaborating on the Active Names work that grew out of WebOS." <from http://www.cs.duke.edu/ari/issg/webos/ >

Issues

• global naming:

  • map service name to multiple servers

  • balance load

  • transparent recovery from server failures

• persistent storage

  • cache coherent wide area file system

  • secure HTTP namespace

• remote process execution

• resource management

• authentication and security

  • trust model

  • fine grained control of capabilities    

Build on existing services IP, TCP, SSL, URL

Naming

Being generalized to Active Names

Problem: provide access to replicated web site considering number of servers, load, location, congestion, etc

Solution: because of dynamically changing loads, load this service into the client (Smart Client - Java applet)

• GUI thread/Director thread

• semi-static information to avoid over-reaction to dynamic changes

• piggy-back load, membership info in server responses

• stale information decays

• fallback to random

Persistent State

Claim: easier to program shared memory than message passing? why

• WebFS: allows user extensible properties to include cache consistency policy, prefetching, cache replacement, encryption policy

• last write wins

• waiting for internet multi-cast to become widespread - to update caches

• optimistic re-integration after network partitioning

• investigating Smart Proxies to provide URNs

• integrate authenticated read/write access/ cache consistency with web server

Security/Authentication

Problem: protected rest of system from successful attack on one server.
Solving System: CRISIS

• transfer certificates: revocable fine-grained
  signed certificates that transfer a subset of rights

• validated by reference monitors

• Must be countersigned by authority trusted by all sites

• Certification Authority (CA) generates identity certificates assign locally trusted on-line agent (OLA) to countersign

• typically expires in hours, can be cached

• can revoke rights (OLA will refuse to endorse any more)

• security manager for local resources, map privelges to domains

• named roles group a set of privileges, principle acts as certification authority

• For authorization, uses Access Control Lists (ACLs) as follows:

  • reference monitor verfies all certificates are unexpired and signed by pubic key within a current endorsement of a trusted CA and OLA.

  • checks for a path of trust between home domain and domains of all signing principals

  • work back to original granting prinicipal

  • checks against ACL

  • grant if match is found between object and all principals

Process Control

• resource manager on each WebOS site handles job requests.

• If authenticate, creates a virtual machine controlled by CRISIS security system

• Use Janus for virtual machine creation 

Applications

• Internet Chat: chat room = WebFS file

  • Smart Client and read and write file

  • File protection and encryption also protect chat room

  • allows replicated servers

  • without WebOS, 1200 lines JAVA at client, 4300 lines C++ at server

  • with WebOs, 850 lines at client, 0 at server

• Remote Compute Engine

• Wide Area Cooperative Cache

• Internet Weather

  • Smart Clients do traceroutes to subsets of server-determined sites

  • Sent to centralized controlling server

  • Uses to advise smart clients?

Rent-A-Server

Problems with proxy approach (client managed (replicated) caches)

• server does not know when data stale because does not know who has data

• server inaccurate view of content popularity (for ad revenues)

• may violate copy right laws

System Design

• Every tenth request, server piggybacks server state in HTTP header

• includes list of all replicated servers, their location, estimate of power and load, available times

• Rent-A-Server keeps load (requests/sec, bytes/sec) which it periodically sends to centralized load daemon

• Load daemons send server group state to all servers (which is piggybacked to clients)

• They also can spawn new servers or retire old ones (expire lease)

• Spawning a new server, sends request on a SSL channel.

• creates transfer certificates for executables and service state (including CGI scripts)

• Runs HTTP server in JANUS VM

Performance

• Three sites, Seattle, Berkeley, Austin

• raw packet transfer rates

  • Berkeley to Seattle, 20 ms round trip

  • Berkeley to Austin, 187 ms with 2% packet loss

  • Seattle to Austin, 490 ms with 20% loss

• Start 2 clients reading 1KB HTML file

• Results single server at Seattle
  3 seconds for Berkeley and Seattle
  4-10 seconds at Austin

• Results with Rent a  server
  After 90 seconds, spawns second server at Berkely - latency improves to .75 seconds
  After 200 seconds, spawns third server at Austin

Caveat: lots of duplicated requests.

Smart Clients

From this paper.

• service specific applets

• Start with random access to set of servers, learn best response
  (assumes locality of service requests)

• State updates lazy or eager

• server can inform smart clients of new server additions and other changes of state
  (every smart client is associate with at least one server)

• query search engine to find new service name space (e.g. service://now chat service)
  NOW = Network Of Workstations

• URL points to a page with a service certificate

• references both client interface and director applets

• initial guess on service group membership

• Learns more by requesting service

• browser extension to cache the applets

• save state of director applet (which is more recent state of service) by serializing this applet to disk

Related Work

• HTTP Redirect (doubles latency, single point of failure, not fault tolerant)

• DNS aliasing: random distribution among set of servers (not geographic, variance in service time)

• Magic Routing: modifies IP address - can load balance and fault tolerance (no load statistics - service requirements)

• Fail-safe TCP: two mirror machines respond to single TCP connection

• Active Networks: fault tolerance and load balancing

None take into account service semantics

Copyright chris wild 2000.
For problems or questions regarding this web contact [Dr. Wild].
Last updated: 24 Oct 2000 .