| From: | "Thomas E. Spanjaard" <tgen@xxxxxxxxxxxxx> |
| Date: | Sat, 02 Sep 2006 19:45:15 +0000 |
Consider what we want to accomplish. We want to be able to cut up
system resources and link them into 'clusters', with the whole mess
tied together on the internet. Originally I envisioned cutting up
memory, disk, and cpu resources and connecting them to a cluster
individually, but now I believe what we need to do is connect an
entire kernel to the cluster and basically operate as a single system
image.
Now consider the problem of tying an entire kernel into an internet-based
cluster. Does that sound like something that would be 'safe' to
integrate into your real kernel? NO WAY! It is virtually impossible
to 'secure' a kernel which is operating as a single system image in
a cluster of machines connected together via the internet.
What we do is we make it so a DragonFly kernel can be compiled and run
as a userland application running under the real DragonFly kernel. As
a userland application the virtual kernel can be completely firewalled
off from the rest of the system. The virtual kernel can then be
associated with the 'cluster', and managing controlling memory, cpu,
and disk resources is a whole lot easier when you have an entire kernel
as your funnel into the real system's resources. If you want to tie
into multiple clusters you just create multiple virtual kernels! More
to the point, the technology could be used to partition off major
services and EVEN USER LOGINS(!) on a large machine.
Cheers,
--
Thomas E. Spanjaard
tgen@xxxxxxxxxxxxx
Attachment:
signature.asc
Description: OpenPGP digital signature