Difference between revisions of "GeoTagging"
(Created page with "=Geo and Asset Tagging= Would it not be nice to know where a machine resides? Be able to preallocate it for a certain task during provisioning and enforce its use for the sam...") |
(→Geo and Asset Tagging) |
||
| Line 5: | Line 5: | ||
extended into the machine's Trusted Platform Module (TPM). This gives users more visibility and control inside the cloud. Private, Public and Hybrid clouds through asset tags can partition and reserve resources and ensure a desired quality of service. | extended into the machine's Trusted Platform Module (TPM). This gives users more visibility and control inside the cloud. Private, Public and Hybrid clouds through asset tags can partition and reserve resources and ensure a desired quality of service. | ||
| + | A variant of the general asset-tag is the geo-tag, where does a machine physically reside. Governments for instance may restrict where their workloads may run, where their data may be saved. For taxation purposes a retailer may want to ensure that their online web portal is placed only on machines in certain states. It may also have similar constraints on the data it stores. Companies may restrict what categories of research are carried out in different geos. | ||
| + | |||
| + | <a href="/wiki/File:Geo-tagging-in-openstack.JPG" class="image" title="Geo-Tagging in OpenStack"> | ||
| − | |||
| − | |||
| − | |||
| − | |||
NIST and Intel are collaborating on Asset Tagging and in particular Geo-Tagging. Mid-2014 Intel plans to release an attestation service that measures asset tag information, confirming that it has not been tampered with since the machine was registered at the time of provisioning. | NIST and Intel are collaborating on Asset Tagging and in particular Geo-Tagging. Mid-2014 Intel plans to release an attestation service that measures asset tag information, confirming that it has not been tampered with since the machine was registered at the time of provisioning. | ||
Revision as of 09:31, 25 September 2013
Contents
Geo and Asset Tagging
Would it not be nice to know where a machine resides? Be able to preallocate it for a certain task during provisioning and enforce its use for the same? Trusted Compute Pools (TCP) is being extended to enable a cloud provider to do just that, that is, create asset-tags, and have those values securely extended into the machine's Trusted Platform Module (TPM). This gives users more visibility and control inside the cloud. Private, Public and Hybrid clouds through asset tags can partition and reserve resources and ensure a desired quality of service.
A variant of the general asset-tag is the geo-tag, where does a machine physically reside. Governments for instance may restrict where their workloads may run, where their data may be saved. For taxation purposes a retailer may want to ensure that their online web portal is placed only on machines in certain states. It may also have similar constraints on the data it stores. Companies may restrict what categories of research are carried out in different geos.
<a href="/wiki/File:Geo-tagging-in-openstack.JPG" class="image" title="Geo-Tagging in OpenStack">
NIST and Intel are collaborating on Asset Tagging and in particular Geo-Tagging. Mid-2014 Intel plans to release an attestation service that measures asset tag information, confirming that it has not been tampered with since the machine was registered at the time of provisioning.
This blueprint details how asset and geo-tagging can be incorporated and taken advantage of in OpenStack clouds.
Compute Node Provisioning
In addition to compute nodes being provisioned for trust, asset-tags and geo-tags may be assigned at the same time. These can be simple strings, "3 rd Floor, Expo Center, Hong Kong", or complex XML data providing sub-items such as GPS co-ordinates, postal address, and more.
Dashboard
The Horizon dashboard would need to be extended to request a geo or asset tag and display the same in the context of both the compute nodes and that of the virtual machine instances running.
Nova Sheduler Filter
Asset Tag and Geo Tag filters should be specified. These are used to filter out compute nodes from the set of devices able to host a virtual machine based the geo measured and that requested.
During Live migration, the filter is applied to determine to which machine a given VW may be relocated.
Storage Changes
If an asset or geo-tag is specified as part of the put or get request, it is honored. This will need to be reflected as changes in the Swift hash functions which determine where the replicas are stored.
Audit Tasks
Audit tasks could for trusted nodes also determine if any geo/asset-tags are specified and capture these in logs and/or reports.
Attestation Service
The TCP 1.5 Attestation Service, which can understand asset and geo tags, needs to be integrated into the cloud installation. The Attestation service will provide an API which enables retrieving asset and geo tags from attested machines. These can be cached at the attestation service or even at the nova scheduler to speed scheduling decisions as long as the value cached is no older than some specifiable time window.
Overall Flow
The cloud user specifies by way of filter extra-specs any asset and geo-tags require. This in turn is used to filter out the machines that are eligible to host the desired virtual machines and then deploy the same. Data get and put requests would take additional tag arguments if the user wants to restrict where data is stored.
