Discussion: Proposal to use spare capacity in Hypervisors for Batch in LCG domain

Submitted by ogomezal on

In order to better utilise idle hypervisor resources it would be desirable to be able to opportunistically spawn VMs for batch computing. Such VMs will need access to the LCG network to be productive.

We have set up a prototype which allows for such network access by way of VLANs.

Some topics for discussion:

  1. Implementation of the prototype.
    1. Network separation on the hypervisor level by way of Open vSwitch/OVN. 
  2. Testing of the prototype by the Security team
    1. Which OpenStack project belonging to the Security team can be configured to use this prototype?
  3. Potential for expanding the concept to other use cases at some point in the future, not now:
    1. How to give  users access to this feature? Special roles for 'trusted' users, additional validations on the backend?
    2. How to avoid undesired bridges between ITS and sensitive networks such as LCG.
    3. This mechanism in relation to critical networks such as TN.
  4. AOB
Type
Meeting
Timezone
Europe/Zurich
Location
CERN
Room
31/S-023
Category
Service-specific meetings
Category ID
15260
Indico link
https://indico.cern.ch/event/1580227/
Indico iCal
https://indico.cern.ch/export/event/1580227.ics
Room Map URL
https://maps.cern.ch/mapsearch/mapsearch.htm?n=['31/S-023']
Start Date
End Date
Upcoming Events
Frontier Operations Meeting
Meeting / Database & Metadata
Semileptonic Off-Shell HWW
Meeting / Un-official, private meetings
Forschung trifft Schule Follow-Up: Teilchenphysik in der Unterrichtspraxis
Conference / Lehrkräfte
Astronomical Interferometry: the angular-resolution frontier
Conference / Workshop
All that Antimatters in the Universe
Conference / TH institutes