Upgrade to Pro — share decks privately, control downloads, hide ads and more …

You Must Unlearn What You Have Learned

Ian Lee
February 01, 2023
Technology
0
1

You Must Unlearn What You Have Learned

High Performance Computing (HPC) systems generate massive amounts of data and logs. In addition, the retention requirements are only increasing to ensure data remains available for incident response, audits, and other business needs. Ingesting and making sense of all the data takes a correspondingly large amount of computing power and storage. With El Capitan, a 2 Exaflop computer arriving and being deployed at LLNL in 2023, we’ll have even larger processing needs in the future. Therefore over the past year, Livermore Computing at LLNL has been migrating our current logging infrastructure to Elasticsearch and Kibana in an effort to handle the increasing amount of data even faster than before. This talk will focus on the changes we’ve made, why we decided to go with Elastic, and address some of the bumps we’ve hit along the way.

Ian Lee

February 01, 2023
Tweet

More Decks by Ian Lee

See All by Ian Lee
Keeping It All Safe: LLNL HPC Security Architecture
ianlee1521
0
12
Development of the TOSS 4 STIG
ianlee1521
0
12
SC21: Addressing Cybersecurity Standards / Policies in HPC Environments
ianlee1521
0
22
Intro to Git for Security Professionals - WWHF WW 2021
ianlee1521
0
84
Releasing Your First (Python) Open Source Project to the Masses!
ianlee1521
0
190
Intro to Git for Security Professionals
ianlee1521
0
340
2020 LLNL Computing Virtual Expo
ianlee1521
0
160
Computing 101 - Software Engineering
ianlee1521
0
170
LLNL Open Source
ianlee1521
0
180

Other Decks in Technology

See All in Technology
Teamsコネクタについて(チーム、チャネル)
miyakemito
2
370
大規模言語モデル活用総まとめ with Azure OpenAI
hirosatogamo
2
1.7k
"Accelerate State of DevOps" ウェブアプリケーションのdeliveryを考えるとき、今何をすればいいのか
renjikari
3
310
人生がときめく自宅ネットワークの魔法
tatematsu_san
1
640
Concevoir son API pour le futur
tgalopin
1
420
マルチベンダに対応したネットワークコントローラを OSS として公開している話 (NTT Tech Conference 2023)
motok1
3
350
C# と HTTP/2 と gRPC
nenonaninu
0
580
IoTによるGPS等の位置情報活用 基礎知識
soracom
PRO
0
100
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
1
2.5k
AWS CDKで作るCloudWatch Dashboard
harukasakihara
3
680
マネジメント3.0モデル入門(120分版)
takufujii
11
2.7k
サービスと共にチームも成長する 〜New Relicを利用したサービスとチームの定量化〜
hirokiotsuka
0
140

Featured

See All Featured
WebSockets: Embracing the real-time Web
robhawkes
58
6.1k
The Mythical Team-Month
searls
210
40k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
31
8.9k
GraphQLとの向き合い方2022年版
quramy
22
10k
Clear Off the Table
cherdarchuk
79
290k
Building Adaptive Systems
keathley
28
1.4k
Fantastic passwords and where to find them - at NoRuKo
philnash
32
1.9k
Code Review Best Practice
trishagee
50
12k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
The Language of Interfaces
destraynor
149
21k
The Invisible Customer
myddelton
113
12k

Transcript

  1. LLNL-PRES-844466
    This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-
    AC52-07NA27344. Lawrence Livermore National Security, LLC
    You Must Unlearn What You Have Learned
    ElasticON Public Sector 2023
    Ian Lee
    HPC Security Architect
    2023-02-01

    View Slide

  2. 2
    LLNL-PRES-844466
    https://upload.wikimedia.org/wikipedia/commons/a/a8/U.S._National_labs_map.jpg

    View Slide

  3. 3
    LLNL-PRES-844466
    Livermore Computing
    3
    Platforms, software, and consulting to enable world-class scientific simulation
    Mission Enable national security missions, support groundbreaking computational science,
    and advance High Performance Computing
    Platforms Sierra #6, Lassen #34, rzVernal #107, Tioga #121, Ruby #145, Tenaya #165, Magma
    #173, Jade #258, Quartz #259, and many smaller compute clusters and infrastructure
    systems

    View Slide

  4. 4
    LLNL-PRES-844466
    The user-centric view of the Livermore Computing environment
    looks deceptively simple (as it should)
    • Each bubble represents a cluster
    • Size reflects theoretical peak performance, color indicates computing zone
    • Only large user-facing compute clusters are represented
    Most of the complex
    underlying infrastructure is
    hidden from users so that
    they can focus on their
    work

    View Slide

  5. 5
    LLNL-PRES-844466
    The operational view reflects the actual complexity of the
    computing environment that we manage
    SNSI
    RZ SCF
    • Each bubble represents a managed cluster or system
    • Size reflects number of nodes, color indicates type of system
    • All production systems are shown, including non-user-facing systems
    • This is before arrival of CTS-2 and
    El Capitan
    • Complexity is increasing over
    time while staffing levels stay flat
    • Older systems are staying in
    service longer
    • It is imperative that we
    continually reevaluate and
    improve our tools and processes
    to keep complexity from getting
    out of control
    CZ
    Green

    View Slide

  6. 6
    LLNL-PRES-844466
    The Old Ways

    View Slide

  7. 7
    LLNL-PRES-844466
    Log Flow to Splunk
    Cluster
    Node Node Node Node Node Node

    View Slide

  8. 8
    LLNL-PRES-844466
    Security Dashboards – Operational and Compliance

    View Slide

  9. 9
    LLNL-PRES-844466
    © 2016 Ian Lee

    View Slide

  10. 10
    LLNL-PRES-844466
    § October 2021: Division re-organization, architecture re-evaluation
    § November 2021: Proposal to migrate to Elasticsearch and Kibana
    § January 2022: Decision to migrate Elasticsearch and Kibana
    Rough Timeline (approx.)

    View Slide

  11. 11
    LLNL-PRES-844466
    § October 2021: Division re-organization, architecture re-evaluation
    § November 2021: Proposal to migrate to Elasticsearch and Kibana
    § January 2022: Decision to migrate Elasticsearch and Kibana
    Rough Timeline (approx.)
    All of the things. All of them. (Original from Hyperbole and a Half) (https://www.gamespot.com/articles/the-new-gamespot-faq/1100-6414631/)

    View Slide

  12. 12
    LLNL-PRES-844466
    § October 2021: Division re-organization, architecture re-evaluation
    § November: Proposal to migrate to Elasticsearch and Kibana
    § January 2022: Decision to migrate Elasticsearch and Kibana
    § February / March 2022: Fleshing out architecture ideas, finding hardware
    — Elastic 8.0 (Feb 10)
    § April – May 2022: Elastic Cluster Architecture v1
    Rough Timeline (approx.)

    View Slide

  13. 13
    LLNL-PRES-844466

    View Slide

  14. 14
    LLNL-PRES-844466
    § October 2021: Division re-organization, architecture re-evaluation
    § November: Proposal to migrate to Elasticsearch and Kibana
    § January 2022: Decision to migrate Elasticsearch and Kibana
    § February / March 2022: Fleshing out architecture ideas, finding hardware
    — Elastic 8.0 (Feb 10)
    § April – May 2022: Elastic Cluster Architecture v1
    § May – August 2022: Elastic Cluster Architecture v2
    § September – December 2022: Deployment into pre-production, production
    § January 2023 (Last week): LLNL x Elastic Onsite
    Rough Timeline (approx.)

    View Slide

  15. 15
    LLNL-PRES-844466
    Current Architecture
    Cluster
    Node Node Node Node Node Node

    View Slide

  16. 16
    LLNL-PRES-844466
    © 2016 Ian Lee

    View Slide

  17. 17
    LLNL-PRES-844466
    El Capitan
    https://www.llnl.gov/news/llnl-and-hpe-partner-amd-el-capitan-projected-worlds-fastest-supercomputer

    View Slide

  18. 18
    LLNL-PRES-844466
    • Each bubble represents a cluster
    • Size reflects theoretical peak performance, color indicates computing zone
    • Only large user-facing compute clusters are represented
    El Capitan vs the Rest
    El Capitan
    ~ 2 EF (~ 2,000,000 TF)

    View Slide

  19. 19
    LLNL-PRES-844466
    Today
    © 2018 Heather Lee

    View Slide

  20. Disclaimer
    This document was prepared as an account of work sponsored by an agency of the United States government. Neither the United
    States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or
    implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus,
    product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific
    commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or
    imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC.
    The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or
    Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes.
    Using or Thinking about Elastic?
    I would love to chat!
    [email protected]
    @IanLee1521

    View Slide

  21. 21
    LLNL-PRES-844466
    Previous Architecture (Splunk)
    Splunk
    Logstash Logstash Logstash Logstash
    Cluster
    Node Node Node Node Node Node
    Datacenters
    Filebeat
    Cluster
    Node Node Node Node Node Node
    Datacenters
    Filebeat
    Cluster
    Node Node Node Node Node Node
    Datacenters
    Filebeat
    ….
    F5
    Syslog

    View Slide

  22. 22
    LLNL-PRES-844466
    Current Elastic Hardware
    ~ 112TB NVMe (total)
    ~ 2PB HDD (total)
    90x 16TB HDD JBOD
    45x HDD
    ~ 512TB
    45x HDD
    ~ 512TB
    Myelin5
    32GB / 8 core
    data_warm
    Myelin4
    32GB / 8 core
    data_warm
    Myelin3
    32GB / 8 core
    Master, data_hot, data_ingest
    ~ 27 TB
    NVMe
    16-32GB / 8-12 core
    Myelin2
    ~ 27TB
    NVMe
    32GB / 8 core
    Master, data_hot, data_ingest 4-8GB / 2 core
    Myelin1 (mgmt)
    Myelin
    90x 16TB HDD JBOD
    45x HDD
    ~ 512TB
    45x HDD
    ~ 512TB
    Axon5
    32GB / 8 core
    data_warm
    Axon4
    32GB / 8 core
    data_warm
    Axon3
    32GB / 8 core
    Master, data_hot, data_ingest
    ~ 27 TB
    NVMe
    16-32GB / 8-12 core
    Axon2
    ~ 27TB
    NVMe
    32GB / 8 core
    Master, data_hot, data_ingest 4-8GB / 2 core
    32GB / 8 core
    Master, data_hot, data_ingest
    Axon1 (mgmt)
    Axon
    Centrebrain3
    (Monitoring “cluster”)
    16GB / 8 core
    4GB / 2 core
    Centrebrain2
    (Dedicated Master Node)
    8GB / 8 core
    Master, voting_only
    Centrebrain1 (mgmt)
    Centrebrain
    F5

    View Slide

  23. 23
    LLNL-PRES-844466
    Continuous Monitoring
    § LC HPC is the gold standard for
    continuous monitoring at LLNL
    § Aligns with federal trends towards
    continuous monitoring
    § Reduce burden of manual processes on
    sys admins, shifting those efforts
    to automation and alerting
    — Let SysAdmins focus on the
    engineering work

    View Slide