Eye on Blades Blog: Trends in Infrastructure
Get HP BladeSystem news, upcoming event information, technology trends, and product information to stay up to date with what is happening in the world of blades.

Customizing BladeSystem Matrix Allocation Rules Engine for Multi-tenancy Solutions

Early this week I was in a couple of halo meeting sessions with folks in our Bangalore India location, taking about "the next big thing". It reminded me that the last thing we worked on - exposing an extensible rules engine into the allocation and placement - was part of the BladeSystem Matrix 6.0 release. I wanted to talk a little about that capability today and give an example of how it can be used in deployments involving multi-tenancy.

BladeSystem Matrix Allocation and Placement Rules

Allocation and placement has always been a key function of BladeSystem Matrix.

When multi-tier service designs (represented my templates) are submitted for instantiation, it is the allocation and placement function that looks at the requirements for the service in terms of individual element specifications, desired service topology and lease period and them binds these to the available resources in the environment based on their characteristics and capacity, availability calendar, and physical topology.

In BladeSystem Matrtix 6.0, this allocation process can be customized by an extensible rules engine. Overall there are 18 different allocation rule sets that can be extended as shown in figure 1. The policy.xml file specifies which of the rule sets should be used. These are further explained the in the Insight Orchestration User Guide on page 48.


Figure 1 Extensible Rules sets


Mutl-tenancy Example

A very common use case I hear from customers is the desire to have a common design for a service but to have some aspects of the resource binding to be determined by the identity of the service owner.

In this scenario, we consider a provider who is servicing two competitors like Marriott and Hilton hotels but wants to put offer a common service template in the catalog. The desire is that when Marriott deploy a new instance of the service, that service instance would connect to Marriott-Corporate network segment. However, if Hilton deploy the service, then their service instance would connect to the Hilton Corporate network segment.

Figure 2. Pre-configured networks for the two competing  corporations

Setting up your Service Template

Here we show a portion of a simple single server template as an illustrative example. This is a multi-homed server with

  • 1. a connection to the corporate network. The network is named "@corporate". Later on in the rule engine we will look for the "@" sign in the name to trigger special rules processing

  • 2. a connection to an internal network private to the service "net1".


Figure 3 Sample Multi-tenancy configuration

 Adding the processing Rule

The rules engine is based on Drools. The rules are written expressed in Java with a Drools rule semantic wrapper. I'll give you a boiler plate wrapper to get you started below. This rule and the Java function are appended to the SubnetCheck.drl file. I'm going to show a very simple example, but can imagine that the creative community will quickly come up with some more sophisticated implementations. In figure 4, I show a simple rule. The rules processing is invoked to refine the candidate networks for allocation to the new service instance. The rule runs for each network (LogicalNetwork) specified in the template, and for each candidate network in the environment. The purpose of the rule processing is to discard candidates that "don't fit".

This snippet basically extracts the information about the subnet specification in the template (the $logicalSubnet), the candidate list of networks ($subnet) from the context ($pVO). It invokes a function customerSpecificSubnetCriteriaCheck to perform the actual processing. 

rule "CustomerSpecificSubnetCriteria"
               $pVO : PolicyExecutionVO( );
               $resLst : List();
               $logicalSubnet : LogicalSubnet();
               $subnet : Subnet() from $resLst;
              eval(customerSpecificSubnetCriteriaCheck($logicalSubnet, $subnet, $pVO)); 
              // match processing is embedded in customerSpecificSubnetCriteriaCheck
              // $pVO.match($subnet, HPIOMessage.get(HPIOBundleKey.ALLOCATION_CRITERIA_CUSTOM, "CustomerSpecificSubnetCriteriaCheck succeeded"));

Figure 4. Boiler plate rule example

The function code is placed in the drl file after the rule statement. Here is the snippet

function boolean customerSpecificSubnetCriteriaCheck(
                                         LogicalSubnet logicalSubnet,
                                         Subnet subnet,
                                         PolicyExecutionVO pVO) {

       AllocationEntry ae = pVO.getAllocationEntry();
       InfrastructureService service = ae.getInfrastructureService();

       String serviceName = service.getName();
       String owner = service.getOwner().substring(owner.lastIndexOf("\\")+1); // strip domain
       String lsName = logicalSubnet.getName();
       String psName = subnet.getName();

       System.out.println("Service: " + serviceName + " Owner: " + owner);
       System.out.println("LogicalSubnet: " + lsName + "Physical Net: " + psName);
       boolean match;
       if (lsName.beginsWith("@")) {
              String key = lsName.substring(1); // strip off @
              // March @key to networks with Id "owner-key"
              match = psName.equalsIgnoreCase(owner+"-"+key);
       } else {
              // regular network. Could include additional security checks here.
              match = true;
       if (match) {
              pVO.match(subnet, HPIOMessage.get(HPIOBundleKey.ALLOCATION_CRITERIA_CUSTOM,
                                                                                  "CustomerSpecificSubnetCriteriaCheck succeeded"));
       } else {
              pVO.doesNotMatch(subnet, HPIOMessage.get(HPIOBundleKey.ALLOCATION_CRITERIA_CUSTOM,
                                                                                                      "Could not find customer specific subnet"));
       return match;

Figure 5. Rule processing example

The function starts by getting the information on the InfrastructureService being provisioned.  This contains details of the entire template being provisioned and can be used for additional context aware processing. From this object we extract the service owner name (stripping off the windows domain), as well as the name of the service. It is also possible to extract information such as the "notes" that are specified for the service where additional information may also be encoded by the requestor.  From the LogicalNetwork object we extract the name (ie "@Corporate" or "net1") in lsName. Similarly we extract the physical network name into psName.

I've included some debug lines using System.out.println . These show up in C:\Program Files\HP\Insight Orchestration\logs\hpio.log.

The purpose of this code is to return "FALSE" if the physical network is not a match candidate for the LogicalNetwork specified in the template, otherwise return "TRUE". The rules processing logic requires that if the rule allows an element to be a selection candidate, then the function pVO.match must be invoked for that element. If the element is to be eliminated from consideration, then pVO.doesNotMatch() needs to be invoked listing a reason for the exclusion. As a matter of coding style, you can either include the calls to both these routines in your custom function, OR you can just include the pVO.doesNotMatch() code in the function, and put the pVO.match() innocation in the body of the rule.

For logical networks not beginning with a "@" we just want to return TRUE and let the normal selection rules apply. For networks beginning with "@" we will be more selective, excluding candidates unless they match a specific pattern. For a logical network specified in the template with name of the form "@key" we want it to match against physical networks named "owner-key", where owner is the id of the requesting user. The logic looks for a lsName beginning with "@" and then strips off the "@" to create the key. We then test the physical server name to see if it matches the owner-key pattern.

Configuring the Code

To configure the use of the rules processing, edit C:\Program Files\HP\Insight Orchestration\conf\policy\policy.xml As shown in Figure 6. Once you have updated the policy.xml file you will need to restart the Insight Orchestration service.

<policy enabled="true" name="SubnetPolicyCheck.applyFitting">

 Figure 6. Configuring rules processing

Provisioning the Service

Now we are ready to deploy the service. Logging on as user Marriott, I create the service using the template shown earlier in Figure 2. Once the provisioning completes, I can look at the service details page for more information about the service. Select the network named "@Corporate" and then click on the resource details tab. From there I see that the network has indeed been mapped to the Marriott-Corporate network by the customer allocation rules processing.


Figure 3 Provisioned Service details


The rules based processing capabilities in BladeSystem Matrix enables simple realization of customized resource allocation processing that can be used to simplify and extend Matrix template deployment. I hope this example helps others to quickly understand the capabilities enabled through this powerful engine and gives a "Quick Start" to writing your own custom rules. If you have cool examples of rule extensions you have implemented, I'd be interested in hearing about them.

Thanks to Manjunatha Chinnaswamynaika for helping me to create this example.

Happy coding Smiley Happy


Isn't it time YOU considered Client Virtualization?

The world sure has gotten complex, hasn’t it?

Did you know that over 10,000 laptops are lost or stolen at airports each week?  That’s right.  In fact, according to the FBI, 2 million laptops are reported stolen every year and 97 percent of them are never recovered.  Has this ever happened to you, to one of your co-workers, or to one of your friends?  I wonder how many of those were company issued systems for employee use while on the road.  I also wonder how many of those laptops have sensitive company information on them, like product specs and customer info?  What about important corporate financial data or HR specifics like salaries, bonuses, and social security numbers?  I shudder at the thought.

Switching gears a bit, a number of my friends and colleagues have been caught up in the snow storms on the eastern coast of the US.  In addition to making them break out the heavy duty snow shovel, sometimes it keeps them from getting to the office to do their job.  And speaking of offices light on staff, remember the H1N1 scare recently?  Corporations wanted to limit the spread of these illnesses, but they were still on the hook with their customers to fulfill their SLAs, which meant that these corporations still needed their employees to perform their jobs to keep the business going.  And think back to the last time you were on the road, and needed access to your applications and sensitive data.  Was it a training session across town?  Or was it a conference the next state or province over? Perhaps it was a customer visit overseas.  (Or maybe it was even on vacation at a beach house – don’t worry, your secret is safe with me.)

And let’s think about our friends in the IT department (maybe that’s you).  Windows 7 was announced recently, and many companies are already taking strides to implement it across their organizations.  Think about the last operating system upgrade your company did.  How long did it take to get the whole company onto the new OS?   Did it ever get there completely?  How many support cases would you guess were generated in that transition?  Maybe your company has specialized or custom applications to enable business - how long did it take for your applications to be supported on the new operating system? 

It all sounds a bit daunting, I know.  But it’s the world we live in now, so we need to plan for it and implement solutions that address these issues. 

Have you considered client virtualization?

With client virtualization (technologies like application virtualization, VDI, and workstation blades), data is stored in the data center, where you’ve invested heavily to ensure security. It provides users anytime/anywhere access of their applications and data, and there’s no need to be tied to a single computing paradigm or physical workplace.  And client virtualization simplifies software and hardware management and maximizes resource utilization.

And HP Client Virtualization Solutions get you there with the strength, experience, and innovation you’ve come to expect from the world’s largest technology company, offering the industry’s best end to end technology and services portfolio.  From thin clients to servers and server blades, from networking to storage, and from management software to services, HP has client virtualization covered.

Where are you with client virtualization?  Interested?  Investigating?  Full on, in-production environments?  I’d be interested in hearing your thoughts on the subject - where you are with this technology, where you feel we'll be as a technology space in the future, etc - feel free to leave a comment below. 

Until next time,

Joseph George
HP Client Virtualization Team

VWworld 2009 Impressions - 3 things I learnt today

Okay, I have to admit I learnt a lot more than just 3 things today at the VMworld 2009 event. Outside  of making the mistake of visiting San Francisco in the middle of August thinking that it would be as warm as it is back home in Texas, the trip is going well and the VMworld event has been really interesting.

I spent the first session of the morning attending the Paul Martiz’s open address. Top items:
• 96% of all fortune 100 companies use VMware software – and that if you want a free ticket to next years conference successful sell VMware software into one of these companies
• Over 70% of current IT budget (in most companies) is spent on keeping the “lights on”. Less than 30% is spent on innovation.
• Biggest realization that companies get after virtualizing is that it frees up resources to do other things and speeds up adding in new capacity
• Virtualization = easier to manage infrastructure
• The one biggest expense in the datacenter is storage – even in a poor economy data is not decrease, it continues to grow
• vSphere provides full fault tolerance

During Ann Livermore’s address at 9.30, the top items were:
• HP is the leader in VMware solutions
• 3 big trends – DataCenter transformation, infrastructure expansion and everything being provided as a service
• Between 2005 and 2012 there wil be a 10X growth  in Virtual machines – all of which needs to be planned and managed
• That virtualizing will increase productivity
• Mark Potter cited many consolidation examples of where virtualizing had decreased the overall volume of servers and had provide more control of the virtualized infrastructure.
• And most importantly, stop virtualizing servers, start virtualizing infrastructure

More tomorrow, so stay tuned.
And if you want to keep up with up-to-date VMworld 2009 news, don’t forget to follow us on Twitter @HPStorageGuy, @BladeNews @ProLiant 

Chris Purcell 9/1

Showing results for 
Search instead for 
Do you mean 
Follow Us

About the Author(s)
  • More than 25 years in the IT industry developing and managing marketing programs. Focused in emerging technologies like Virtualization, cloud and big data.
  • I am a member of the Enterprise Group Global Marketing team blogging on topics of interest for HP Servers. Check out blog posts on all four Server blog sites-Reality Check, The Eye on Blades, Mission Critical Computing and Hyperscale Computing- for exciting news on the future of compute.
  • I work within EMEA HP Servers Central Team as a launch manager for new products and general communications manager for EMEA HP Server specific information. I also tweet @ServerSavvyElla
  • HP Servers, Converged Infrastructure, Converged Systems and ExpertOne
  • WW responsibility for development of ROI and TCO tools for the entire ISS portfolio. Technical expertise with a financial spin to help IT show the business value of their projects.
  • I am a member of the HP BladeSystem Portfolio Marketing team, so my posts will focus on all things blades and blade infrastructure. Enjoy!
  • Luke Oda is a member of the HP's BCS Marketing team. With a primary focus on marketing programs that support HP's BCS portfolio. His interests include all things mission-critical and the continuing innovation that HP demonstrates across the globe.
  • Global Marketing Manager with 15 years experience in the high-tech industry.
  • 20 years of marketing experience in semiconductors, networking and servers. Focused on HP BladeSystem networking supporting Virtual Connect, interconnects and network adapters.
  • Working with HP BladeSystem.
  • Greetings! I am on the HP Enterprise Group marketing team. Topics I am interested in include Converged Infrastructure, Converged Systems and Management, and HP BladeSystem.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.