CS5412: ANATOMY OF A CLOUD

Similar documents
Infrastructures for Cloud Computing and Big Data M

CS5412: DIVING IN: INSIDE THE DATA CENTER

DIVING IN: INSIDE THE DATA CENTER

CS5412: THE BASE METHODOLOGY VERSUS THE ACID MODEL

Ken Birman. Cornell Dept of Computer Science Colloquium

Report to Brewer s original presentation of his CAP Theorem at the Symposium on Principles of Distributed Computing (PODC) 2000

NoSQL systems: sharding, replication and consistency. Riccardo Torlone Università Roma Tre

SCALABLE CONSISTENCY AND TRANSACTION MODELS

CS5412: OTHER DATA CENTER SERVICES

CS5412: THE BASE METHODOLOGY VERSUS THE ACID MODEL IN AN OVERLAY

CS5412: DIVING IN: INSIDE THE DATA CENTER

CS6450: Distributed Systems Lecture 11. Ryan Stutsman

CS October 2017

CISC 7610 Lecture 2b The beginnings of NoSQL

Distributed systems. Lecture 6: distributed transactions, elections, consensus and replication. Malte Schwarzkopf

Distributed Systems. Characteristics of Distributed Systems. Lecture Notes 1 Basic Concepts. Operating Systems. Anand Tripathi

Distributed Systems. Characteristics of Distributed Systems. Characteristics of Distributed Systems. Goals in Distributed System Designs

CS6450: Distributed Systems Lecture 15. Ryan Stutsman

CS /15/16. Paul Krzyzanowski 1. Question 1. Distributed Systems 2016 Exam 2 Review. Question 3. Question 2. Question 5.

CS5412: TRANSACTIONS (I)

CAP Theorem. March 26, Thanks to Arvind K., Dong W., and Mihir N. for slides.

Large-Scale Data Engineering

The CAP theorem. The bad, the good and the ugly. Michael Pfeiffer Advanced Networking Technologies FG Telematik/Rechnernetze TU Ilmenau

Strong Consistency & CAP Theorem

WHAT ARE THE RIGHT ROLES FOR FORMAL METHODS IN HIGH ASSURANCE CLOUD COMPUTING? Ken Birman, Cornell University

CS5412: TRANSACTIONS (I)

Rule 14 Use Databases Appropriately

Next-Generation Cloud Platform

Transactions and ACID

Last time. Distributed systems Lecture 6: Elections, distributed transactions, and replication. DrRobert N. M. Watson

CS555: Distributed Systems [Fall 2017] Dept. Of Computer Science, Colorado State University

CS Amazon Dynamo

CS5412 CLOUD COMPUTING: PRELIM EXAM Open book, open notes. 90 minutes plus 45 minutes grace period, hence 2h 15m maximum working time.

CS 655 Advanced Topics in Distributed Systems

Eventual Consistency 1

Big Data Infrastructure CS 489/698 Big Data Infrastructure (Winter 2017)

Dynamo: Amazon s Highly Available Key-value Store. ID2210-VT13 Slides by Tallat M. Shafaat

Cassandra, MongoDB, and HBase. Cassandra, MongoDB, and HBase. I have chosen these three due to their recent

DrRobert N. M. Watson

CSE 544 Principles of Database Management Systems. Magdalena Balazinska Winter 2015 Lecture 14 NoSQL

ebay s Architectural Principles

Large-Scale Key-Value Stores Eventual Consistency Marco Serafini

SCALABLE CONSISTENCY AND TRANSACTION MODELS THANKS TO M. GROSSNIKLAUS

Consensus a classic problem. Consensus, impossibility results and Paxos. Distributed Consensus. Asynchronous networks.

Mutual consistency, what for? Replication. Data replication, consistency models & protocols. Difficulties. Execution Model.

Extreme Computing. NoSQL.

CONSISTENT FOCUS. Building reliable distributed systems at a worldwide scale demands trade-offs between consistency and availability.

4/9/2018 Week 13-A Sangmi Lee Pallickara. CS435 Introduction to Big Data Spring 2018 Colorado State University. FAQs. Architecture of GFS

Best Practices for Scaling Websites Lessons from ebay

Databases : Lecture 1 2: Beyond ACID/Relational databases Timothy G. Griffin Lent Term Apologies to Martin Fowler ( NoSQL Distilled )

EECS 498 Introduction to Distributed Systems

CompSci 516 Database Systems

Big Data Management and NoSQL Databases

Dynamo: Key-Value Cloud Storage

Final Exam Logistics. CS 133: Databases. Goals for Today. Some References Used. Final exam take-home. Same resources as midterm

CAP Theorem, BASE & DynamoDB

Intuitive distributed algorithms. with F#

ATOMIC COMMITMENT Or: How to Implement Distributed Transactions in Sharded Databases

Performance and Forgiveness. June 23, 2008 Margo Seltzer Harvard University School of Engineering and Applied Sciences

Consistency in Distributed Storage Systems. Mihir Nanavati March 4 th, 2016

Goal of the presentation is to give an introduction of NoSQL databases, why they are there.

Building Consistent Transactions with Inconsistent Replication

Distributed Architectures & Microservices. CS 475, Spring 2018 Concurrent & Distributed Systems

Transactions. CS 475, Spring 2018 Concurrent & Distributed Systems

Consensus, impossibility results and Paxos. Ken Birman

Introduction to Distributed Data Systems

11/5/2018 Week 12-A Sangmi Lee Pallickara. CS435 Introduction to Big Data FALL 2018 Colorado State University

Map-Reduce. Marco Mura 2010 March, 31th

CS5412: HOW MUCH ORDERING?

NoSQL Concepts, Techniques & Systems Part 1. Valentina Ivanova IDA, Linköping University

Indexing Large-Scale Data

Distributed Systems Homework 1 (6 problems)

Dynamo: Amazon s Highly Available Key-Value Store

Megastore: Providing Scalable, Highly Available Storage for Interactive Services & Spanner: Google s Globally- Distributed Database.

Replication in Distributed Systems

CSE 544 Principles of Database Management Systems. Alvin Cheung Fall 2015 Lecture 14 Distributed Transactions

10. Replication. Motivation

Lecture 6 Consistency and Replication

CIB Session 12th NoSQL Databases Structures

Horizontal or vertical scalability? Horizontal scaling is challenging. Today. Scaling Out Key-Value Storage

Don t Give Up on Serializability Just Yet. Neha Narula

Apache Cassandra - A Decentralized Structured Storage System

10.0 Towards the Cloud

Staggeringly Large File Systems. Presented by Haoyan Geng

Replication. Feb 10, 2016 CPSC 416

CLOUD HOSTED COMPUTING FOR DEMANDING REAL-TIME SETTINGS KEN BIRMAN. Rao Professor of Computer Science Cornell University

Consistency. CS 475, Spring 2018 Concurrent & Distributed Systems

CISC 7610 Lecture 5 Distributed multimedia databases. Topics: Scaling up vs out Replication Partitioning CAP Theorem NoSQL NewSQL

11. Replication. Motivation

Data-Intensive Distributed Computing

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN. Chapter 1. Introduction

Paxos provides a highly available, redundant log of events

Distributed Systems. Day 13: Distributed Transaction. To Be or Not to Be Distributed.. Transactions

Exam 2 Review. October 29, Paul Krzyzanowski 1

The CAP theorem explores tradeoffs between consistency, Overcoming CAP with Consistent Soft-State Replication COVER FEATURE

Consistency in Distributed Systems

Integrity in Distributed Databases

Workshop Report: ElaStraS - An Elastic Transactional Datastore in the Cloud

Scaling Out Key-Value Storage

Transcription:

1 CS5412: ANATOMY OF A CLOUD Lecture VIII Ken Birman

How are cloud structured? 2 Clients talk to clouds using web browsers or the web services standards But this only gets us to the outer skin of the cloud data center, not the interior Consider Amazon: it can host entire company web sites (like Target.com or Netflix.com), data (AC3), servers (EC2) and even user-provided virtual machines!

Big picture overview 3 Client requests are handled in the first tier by PHP or ASP pages Associated logic These lightweight services are fast and very nimble Much use of caching: a sharded key-value store in the second tier 1 1 1 1 1 2 1 2 2 2 1 1 1 2 2 2 2 Sharded key-value store Index DB

Many styles of system 4 Near the edge of the cloud focus is on vast numbers of clients and rapid response Inside we find high volume services that operate in a pipelined manner, asynchronously Deep inside the cloud we see a world of virtual computer clusters that are scheduled to share resources and on which applications like MapReduce (Hadoop) are very popular

Asynchronous pipeline model 5 Outside layer of the cloud absorbs read accesses, but updates are tricky Popular model: Guess at the update outcome and respond using that, but send the real update asynchronously to a back-end server / database. Later, correct inconsistencies

In the outer tiers replication is key 6 We need to replicate Processing: each client has what seems to be a private, dedicated server (for a little while) Data: as much as possible, that server has copies of the data it needs to respond to client requests without any delay at all Control information: the entire structure is managed in an agreed-upon way by a decentralized cloud management infrastructure

Shared key-value store? 7 The caching components running in tier two are central to the responsiveness of tier-one services Basic idea is to always used cached data if at all possible, so the inner services (here, a database and a search index stored in a set of files) are shielded from online load We need to replicate data within our cache to spread loads and provide fault-tolerance But not everything needs to be fully replicated. Hence we often use shards with just a few replicas

Sharding used in many ways 8 The second tier could be any of a number of caching services: Memcached: a sharable in-memory key-value store Other kinds of DHTs that use key-value APIs Dynamo: A service created by Amazon as a scalable way to represent the shopping cart and similar data BigTable: A very elaborate key-value store created by Google and used not just in tier-two but throughout their GooglePlex for sharing information Notion of sharding is cross-cutting Most of these systems replicate data to some degree Achieves high availability but also increases performance

Do we always need to shard data? 9 Imagine a tier-one service running on 100k nodes Can it ever make sense to replicate data on the entire set? Yes, if some kinds of information might be so valuable that almost every external request touches it. Must think hard about patterns of data access and use Some information needs to be heavily replicated to offer blindingly fast access on vast numbers of nodes The principle is similar to the way Beehive operates. Even if we don t make a dynamic decision about the level of replication required, the principle is similar We want the level of replication to match level of load and the degree to which the data is needed on the critical path

And it isn t just about updates 10 Should also be thinking about patterns that arise when doing reads ( queries ) Some can just be performed by a single representative of a service But others might need the parallelism of having several (or even a huge number) of machines do parts of the work concurrently The term sharding is used for data, but here we might talk about parallel computation on a shard

What does critical path mean? 11 Focus on delay until a client receives a reply Critical path are actions that contribute to this delay Update the monitoring and alarms criteria for Mrs. Marsh as follows Service instance Response delay seen by end-user would include Internet latencies Service response delay Confirmed

What if a request triggers updates? 12 If the updates are done asynchronously we might not experience much delay on the critical path Cloud systems often work this way Avoids waiting for slow services to process the updates but may force the tier-one service to guess the outcome For example, could optimistically apply update to value from a cache and just hope this was the right answer Many cloud systems use these sorts of tricks to speed up response time

First-tier parallelism 13 Parallelism is vital to speeding up first-tier services Key question: Request has reached some service instance X Will it be faster For X to just compute the response Or for X to subdivide the work by asking subservices to do parts of the job? Glimpse of an answer Werner Vogels, CTO at Amazon, commented in one talk that many Amazon pages have content from 50 or more parallel subservices that ran, in real-time, on your request!

What does critical path mean? 14 In this example of a parallel read-only request, the critical path centers on the middle subservice Update the monitoring and alarms criteria for Mrs. Marsh as follows Service instance Critical path Response delay seen by end-user would include Internet latencies Service response delay Critical path Confirmed Critical path

With replicas we just load balance 15 Update the monitoring and alarms criteria for Mrs. Marsh as follows Service instance Response delay seen by end-user would include Internet latencies Service response delay Confirmed

But when we add updates. 16 Update the monitoring and alarms criteria for Mrs. Marsh as follows D A B C Execution timeline for an individual first-tier replica Soft-state first-tier service Response delay seen by end-user would also include Internet latencies not measured in our work Now the delay associated with waiting for the multicasts to finish could impact the critical path even in a single service Send Send Send Confirmed

What if we send updates without 17 waiting? Several issues now arise Are all the replicas applying updates in the same order? Might not matter unless the same data item is being changed But then clearly we do need some agreement on order What if the leader replies to the end user but then crashes and it turns out that the updates were lost in the network? Data center networks are surprisingly lossy at times Also, bursts of updates can queue up Such issues result in inconsistency

Eric Brewer s CAP theorem 18 In a famous 2000 keynote talk at ACM PODC, Eric Brewer proposed that you can have just two from Consistency, Availability and Partition Tolerance He argues that data centers need very snappy response, hence availability is paramount And they should be responsive even if a transient fault makes it hard to reach some service. So they should use cached data to respond faster even if the cached entry can t be validated and might be stale! Conclusion: weaken consistency for faster response

CAP theorem 19 A proof of CAP was later introduced by MIT s Seth Gilbert and Nancy Lynch Suppose a data center service is active in two parts of the country with a wide-area Internet link between them We temporarily cut the link ( partitioning the network) And present the service with conflicting requests The replicas can t talk to each other so can t sense the conflict If they respond at this point, inconsistency arises

Is inconsistency a bad thing? 20 How much consistency is really needed in the first tier of the cloud? Think about YouTube videos. Would consistency be an issue here? What about the Amazon number of units available counters. Will people notice if those are a bit off? Puzzle: can you come up with a general policy for knowing how much consistency a given thing needs?

21 THE WISDOM OF THE SAGES

ebay s Five Commandments 22 As described by Randy Shoup at LADIS 2008 Thou shalt 1. Partition Everything 2. Use Asynchrony Everywhere 3. Automate Everything 4. Remember: Everything Fails 5. Embrace Inconsistency

Vogels at the Helm 23 Werner Vogels is CTO at Amazon.com He was involved in building a new shopping cart service The old one used strong consistency for replicated data New version was build over a DHT, like Chord, and has weak consistency with eventual convergence This weakens guarantees but Speed matters more than correctness

James Hamilton s advice 24 Key to scalability is decoupling, loosest possible synchronization Any synchronized mechanism is a risk His approach: create a committee Anyone who wants to deploy a highly consistent mechanism needs committee approval. They don t meet very often

Consistency 25 Consistency technologies just don t scale!

But inconsistency brings risks too! 26 Inconsistency causes bugs Clients would never be able to trust servers a free-for-all My rent check bounced? That can t be right! Jason Fane Properties 1150.00 Sept 2009 Tommy Tenant Weak or best effort consistency? Strong security guarantees demand consistency Would you trust a medical electronic-health records system or a bank that used weak consistency for better scalability?

Puzzle: Is CAP valid in the cloud? 27 Facts: data center networks don t normally experience partitioning failures Wide-area links do fail But most services are designed to do updates in a single place and mirror read-only data at others So the CAP scenario used in the proof can t arise Brewer s argument about not waiting for a slow service to respond does make sense Argues for using any single replica you can find But does this preclude that replica being consistent?

What does consistency mean? 28 We need to pin this basic issue down! As used in CAP, consistency is about two things First, that updates to the same data item are applied in some agreed-upon order Second, that once an update is acknowledged to an external user, it won t be forgotten Not all systems need both properties

29 What properties are needed in remote medical care systems? Motion sensor, fall-detector Healthcare provider monitors large numbers of remote patients Medication station tracks, dispenses pills Integrated glucose monitor and Insulin pump receives instructions wirelessly Cloud Infrastructure Home healthcare application

30 Which matters more: fast response, or durability of the data being updated? Mrs. Marsh has been dizzy. Her stomach is upset and she hasn t been eating well, yet her blood sugars are high. Let s stop the oral diabetes medication and increase her insulin, but we ll need to monitor closely for a week Cloud Infrastructure Patient Records DB Need: Strong consistency and durability for data

31 What if we were doing online monitoring? Update the monitoring and alarms criteria for Mrs. Marsh as follows D Execution timeline for an individual first-tier replica A B C Soft-state first-tier service Response delay seen by end-user would also include Internet latencies Local response delay Send Send Send Confirmed flush An online monitoring system might need 1ms response times. It would value consistency, yet be less concerned with durability

Cloud services and their properties 32 Service Memcached Google s GFS BigTable Dynamo Databases MapReduce Zookeeper PNUTS Chubby Properties it guarantees No special guarantees File is current if locking is used Shared key-value store with many consistency properties Amazon s shopping cart: eventual consistency Snapshot isolation with log-based mirroring (a fancy form of the ACID guarantees) Uses a functional computing model within which offers very strong guarantees Yahoo! file system with sophisticated properties Yahoo! database system, sharded data, spectrum of consistency options Locking service very strong guarantees

Core problem? 33 Our challenge is a form of role-driven service in which the properties of the service are shaped by the way we plan to use it One application might have multiple such services in it, like the medical example, which has a monitoring service with real-time roles and a durable database. We don t want to sweep important properties away, but we sometimes have to make tradeoffs

Where does this all lead us? 34 High assurance cloud computing is feasible! Experts already doing it in a plethora of services The main obstacle is that typical application developers tend to use one-size-fits-all packages with one-size-fitsall properties and guarantees. As we develop better tools and migrate them to the cloud platforms developers use, options will improve We ll see that these really are solvable problems!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback