-
Notifications
You must be signed in to change notification settings - Fork 4
Execution environments
The primary role of execution environment is to provide some kind of service. In most (all?) cases this is about allowing to run some arbitrary programs or VMs.
-
Execution environments can be anything from VMs to specific applications (e.g. Blender renderer). This is still TBD, see below.
-
From the security perspective there are two, largely complementary aspects:
- protect host from payload (VMs)
- protect payload from host (SGX)
Thus, we might want to combine more than one exec env to achieve both kinds of protection (e.g. SGX and some VM technology).
- Execution environments are provided only on provider nodes. At least this is what Golem Core is concerned about. If the app integrator decides that they want to also spawn e.g. a docker or VM on a consumer computer (which might or might not be part of the Golem network), they are free to start it, but it won't be managed by Golem daemon.
Open questions:
-
Perhaps specific apps/services should not be considered an execution env, but rather be clients of them? E.g. our Blender service would still need to be hosted within some execution environment: docker, VM, or... "host direct" (which in practice means e.g.: POSIX exec env).
-
Choice of exec env management software. Current candidates:
- libvirt
- openstack
- something else?
Also, how does current Clay code fit into this picture?