Hardware Isolation Layer (HIL)

Elastic Secure Infrastructure

Overview

HIL provides a low-level service in the datacenter for services to allocate nodes and attach them to networks. The goal here is to have a single underlying service so we can move hardware between clusters that might use different provisioning tools (e.g., an HPC cluster, a Hadoop cluster, a Genie rack, an OpenStack Cloud). HIL takes a portion of the functionality that exists in different forms in Ironic, MaaS, GENI, emulab, etc. and provides it as a micro-service that any of them can use and that Foreman, and all the tools that our HPC cluster administrators have will work on top of.

Motivation

We developed HIL as a fundamental layer of the OCX model, enabling physical capacity to be moved between different services based on demand. For example, we can move machines between HPC clusters in the data center and our OpenStack environment based on demand, even though different services use their own provisioning tools. HIL is the lowest layer of our Elastic Secure Hardware.

Collaboration with Red Hat

We are integrating HIL into Red Hat’s internal scheduler (QUADS) for their scalability lab, and working with the Ansible networking team to integrate HIL as part of Ansible, both to add multi-tenancy and to use Ansible for the networking drivers.

Architecture

Diagram: HIL Architecture

The HIL Architecture Overview is available here: http://hil.readthedocs.io/en/latest/overview.html

Related News