We’ve been seeing the warning signs of depending on single cloud providers for some time now. Whether it is the vendor lock-in, the costs, or the privacy issues now with the CLOUD Act, nothing hurts more than down time when the cloud provider goes down.
Multicloud is the use of multiple cloud computing and storage services in a single heterogeneous architecture. This also refers to the distribution of cloud assets, software, applications, etc. across several cloud-hosting environments. With a typical multicloud architecture utilizing two or more public clouds as well as multiple private clouds, a multicloud environment aims to eliminate the reliance on any single cloud provider.
This implies the capability to move infrastructure (applications and things they use to operate like databases) without downtime and data loss between multiple cloud providers in response to individual provider outages. Additionally an intelligent broker is need to constantly shop around to optimize cost vs. performance. Doing all that without skipping a heartbeat is really hard. In the end, the cloud platform manages your custom infrastructure as a service across N-different cloud platforms. Multicloud is hard to implement properly especially if it’s not the core pursuit or founding basis to any cloud technology.
Native Multicloud is the Holy Grail
Once the word was out that Multicloud is the “Holy grail of cloud computing”, many vendors started adding multi-cloud functionality on top of their existing platforms. The process got uglier with each cloud provider added, ad hoc, to produce awkward Frankensteins. Security and consistent reliable operation was the first to suffer. If you’re not using a multicloud platform designed from day one, what I call a native multicloud platform, then be weary of running your mission critical infrastructure on it.
You might find that failures and security threats are much more common than going the route of a single cloud provider. At least with a single cloud provider the security surface area does not expand out with unpredictable behavior. The only option is to use a native multicloud solution designed specifically for multicloud. That’s the holy grail, not patched legacy cloud platforms.
P2P cloud is N-way native multicloud without any limit on the number of providers. Each peer in a swarm is a provider of resources. Each peer contributes resources to run a segment of the cloud environment with infrastructure and applications. The concept of perpetually migrating infrastructure to maintain a desired state in ephemeral environments is caked into the paradigm. Decentralized security is a central concept. Perpetually searching for resources to satisfy user needs (governance rules) is built in. It is the original theoretical foundation to native multicloud systems. It is the holy grail that everyone is looking for.
Subutai is a P2P Native Multicloud Platform
Subutai is a clean room implementation of a next generation native multicloud platform (a P2P cloud platform) enabled by the blockchain. The blockchain is used to implement a marketplace to find and rent resources across peers while strengthening trust and accountability on the platform’s reputation system. The blockchain provides the last missing part of the puzzle perplexing researchers for some time now.
If you’re curious and interested in being part of the cloud revolution taking place, come join us. Become a provider to rent resources and earn cryptocurrency. Come join the Subutai Horde.
From its very inception, the Internet was about decentralization. Most directly, it decentralized nations’ telecom infrastructure, and let people interact through increasingly personalized online platforms. But in a larger sense, the Internet decentralized a huge proportion of modern life, from starting a business, to searching for flights, and even to finding a date. Pre-existing power structures were never the same.
Recently, however, the Internet veered away from this core value of decentralization.
Most obviously there is the continuingconcentration of wealth, and thus power within a small number of enormous corporations––most especially in Facebook, Amazon, and Google/Alphabet. Their dominance hasmade it harder for small companies to find a foothold in the market, and in turn it has caused a downturn in truly innovative, consumer-facing ideas. These large corporations, oligarchs, often intentionally hold back features rather than undercut some other product they sell, and in many ways inter-brand compatibility has never been worse.
Historically, ISPs (Internet Service Providers) haven’t engaged heavily in this sort of behavior because they have been restrained by various telecommunication laws and, eventually, byNet Neutrality legislation. Now, concerted efforts by these ISPs have resulted in thenear-total destruction of the Net Neutrality regime — which means that, if anything, this trend away from the decentralized Internet is set to accelerate greatly in the near future.
The only solution is to introduce another decentralizing technology, something that so fundamentally changes the relationship between the user and their data that it can restart the Internet’s initial attempt to disrupt the status quo.
Subutai is that solution. The Internet was initially supposed to be decentralized based on the fact that its servers were located all over the world, but those servers soon collected into a finite list of corporate-owned master cloud computing locations. Subutai, on the other hand, uses blockchain technology to decentralize computing resources. In essence, they break apart the traditionally centralized master cloud, and separate it into small clouds created and controlled by each user.
Subutai allows you to share unused resources on the computers you already own, but the implications stretch far beyond bang-for-your-computing-buck. When you own your own cloud, when you are your own cloud service provider, there are no limits to what you can do––no artificial control that arises more from the convenience of unaccountable corporations, than the interests of real users.
However, just letting people share and re-use their own computing power has a limited ability to democratize and decentralize cloud computing in general, since many cloud computing tasks require far more speed than one person’s devices can provide, even when combined.
It’s one of the reasons why Subutai developed the Bazaar — a blockchain-driven marketplace that takes the concept of computational bartering to its logical conclusion and acts as “the Airbnb of Cloud and IoT Computing Resources”. Subutai’s internal coupon token, calledGoodWill, allows users to pay for temporary use of idle computer resources on servers around the world. It also means users can rent out their idle resources when they are not in use, using their downtime to subsidize those times when they need to purchase a little extra juice.
It’s where theSubutai Blockchain Router v2.0 also steps in to decentralize the cloud. It acts as a dedicated cryptocurrency wallet and mining device, drawing just 18 watts of power. The Subutai Blockchain Router mines cryptocurrency more efficiently than all other solutions currently available.
Acting as a holistic solution, Subutai lowers the barrier to truly powerful cloud computing, and opens the world of business to a wider swathe of people than ever before. Subutai is decentralizing one of the most powerful business communication tools available today, cloud computing, and while there is no telling exactly how users will choose to put that tool to work, the possibilities are virtually endless.
Just like the creation of the internet itself, Subutai offers a chance for people everywhere, our Horde, to show what they can do when they’re given the chance to decentralize and wrest away power from corporate oligarchs.
Join our Horde and discover new ways to manage cloud computing and crypto-mining.
The Subutai Blockchain Router v2.0 offers advanced P2P cloud router and IoT gateway functions using the world’s most powerful FPGA MSoC, the Xilinx Ultrascale, packed with four 64-bit A53 ARM cores with up to 16GB of DDR4 RAM capacity.
History and Vision
It’s very important to understand the past, the forces shaping our direction, the reasons behind the decisions made and how they shaped our vision for the router. The past and the future are both intertwined together. This is a chronological breakdown of how it all began and why.
Back in 2013, while developing the Subutai P2P Cloud Software, now together referred to as the PeerOS, we began leveraging software defined networking in addition to other less appealing precursor technologies, like Universal Plug and Play to try to “coordinate” with the hardware. Various optimizations required working with networking hardware on the edge. Synergy between the networking hardware and the fog software was extremely promising and the emergence of various network virtualization efforts gave us a glimmer of hope.
Our problem was unique however. Because of the sheer diversity of the network hardware devices found on the edge, we did not know what to expect, and realized that at most a common denominator of capabilities could be relied on. This was limiting and especially disappointing when some common functionality like uPnP is essentially insecure and dangerous.
We quickly realized that our grand unified vision for fog computing and IoT demanded more advanced functionality above and beyond what the average router and gateway offered on the edge. For starters cloud multi-tenancy imposed stringent security requirements along with the need for secure boot infrastructure that starts with a trusted platform environment. The multi-tenancy rabbit hole goes deep to include things like network QoS requirements across the environments of tenants running across the nano centers we call peers. On the IoT gateway side, enabling the connectivity of the “Things” requires not only wireless but wired connectivity and that entails being able to attach various peripheral connect buses between them and the gateway. The advanced security measures for mission critical systems also required hardware acceleration to even be remotely feasible.
Around 2014, we decided to make a daughter board for an existing platform, the Parallella, to build an advanced cloud router and IoT gateway reference device upon which we could develop a specification to guide hardware vendors. In 2015, we manufactured a few engineering units of this board that we called the Subutai Liquid Router. Liquid because it was flexible with programmable logic along side a processing system using a Zynq-7000 series SoC.
The images above show the daughter board for the Parallella. Yes the daughter board looks more like a mother board instead, being much larger than the Parallella that attaches to it. Notice the switch and ethernet ports along with the Artix 7 FPGA which communicated with the Parallella through it’s LVDS lines via four Samtec connectors. The Parallella had no viable high speed disk interfaces so we added a eMMC RAID controller and multiple eMMC module slots visible in the upper left hand side of the first board image above.
What is an FPGA? MPSoC?
For those not familiar with FPGA technology, the acronym stands for Field Programmable Gate Array. These chips contain a mesh of electronic parts that can be re-programmed to perform different operations. FPGA devices may even be re-programmed after being purchased and put into the field, hence the “Field Programmable” part of the acronym.
An FPGA MPSoC is hybrid multi-processor chip with an FPGA combined. It usually has 2 or more processors with high speed in chip interfaces like AXI to communicate with circuit designs in the FPGA.
Approaching End of Life
All-in-all we had fun and were able to conduct several tests and experiments using this daughterboard design. Many experiments led us to conclusions that helped mould our security framework which is now being published. The Liquid Router was however severely limited in terms of IO bandwidth and the total amount of resources available. Several flaws resulted from a daughter board design. We knew the Liquid Router did what it could for our research, but we had to move on to a new board design without being dependent on another board as a add on.
Some of our research into hardware security mechanisms required using a MiniITX Zynq-7100 to have enough FPGA resources when a fun side project by our engineers turned into a discovery with vast potential. They essentially implemented a miner in the FPGA to operate on a private Ethereum blockchain where they were able to fit the DAG into the limited 1GB of RAM available on this device. It was able to mine at 3-4MH/s due to bandwidth limits but it only consumed approximately 10-watts of power.
At around the same time, we started to see the prices of the next family of Xilinx SoC’s, the Ultrascale+ MPSoC chips, start to drop dramatically. We started designing a new router based on the Ultrascale+ hoping prices would drop considerably to support industrial and commercial applications by the time our design was ready.
Meanwhile working with our partners we realized the availability of more transceivers combined with new memory controller designs using hybrid memory cube serial DRAM with 160GB/s bandwidth which dramatically increases mining hash rates. Tests and theoretical limits now showed hash rates of 20-21 MH/s using HMC memory in the upcoming Residential Edition of the Blockchain Router.
HMC memory is available today, however we’re setting our sights on a new kind of High Bandwidth Memory (HBM) DRAM soon to be integrated directly into the MPSoC family. A standard 8GBs of HBM at 460 GB/s bandwidth is already being packaged inside early FPGA chips themselves. It’s just a short period of time before we see HBM inside the MPSoC family and this could result in hash rates of 58 MH/s.
These possibilities influenced our design directions on both the Industrial and Residential editions of the new router design which we code named the Blockchain Router family of OptDyn products.
Industrial Edition Production Begins
The industrial edition of the Blockchain Router is designed specifically to target high end mission critical IoT applications. The FPGA is used to host hardware security circuitry to augment the expected broadband router functions. We’ve released the security architecture white paper to coincide with the availability of the router for the development of industrial process control applications requiring the highest degree of security and reliability.
Flexibility at its Core
Although more information about the features of the router is available on the specification page, I wanted to stress the compatible expansion headers and shields supported. Specifically 4 PMod headers, a Raspberry Pi header, and an Arduino hat is available.
Almost every detector/sensor, actuator, working with shields for these platforms found at SparkFun Electronics is compatible with the Subutai Blockchain Router. Virtually any new peripheral connect bus could be added to it. In this respect, the Blockchain Router truly surpasses any other IoT gateway on the market. It’s a laboratory and IoT development platform in its own right. Note that this was one of our primary goals when starting out on the design and we’re really excited about it.
Differences Between Editions
The Subutai Blockchain Router’s industrial grade configuration differs from the residential configuration by using FPGA MSoCs operating between extreme temperatures (-40C to 100C) and having a modified memory architecture on the programming logic (PL) side based on HMC DRAM instead of DDR4. The model of the MPSoC’s differs with more transceivers and cross section bandwidth to handle the requirements of Ethereum’s memory hard mining Ethash function. Most importantly though, the FPGA fabric on the industrial grade MPSoC is used for IoT security functions rather than cryptocurrency mining. The Subutai Mission Critical IoT Hardware Security Architecture defines these security functions and their use in mission critical industrial automation applications.
In October 2017, ARM published its Platform Security Architecture which serves as a guidance with primitives to be used. The PSA goes a long way towards fixing the IoT security dilemma coming with the tsunami of devices and data. OptDyn’s framework compliments these primitives and proposes concrete mechanisms for hardware based real time intrusion detection and prevention systems facilitated by IoT gateways like the Subutai Blockchain Router.
Ready for Production Use
OptDyn’s Subutai Blockchain Router takes its place as the high end IoT gateway device in the Caninos Loucos project serving as the foundation of Brazil’s national IoT standard. Professor Zuffo of the University of Sao Paulo spearheads the project,
“We’re really excited about the Subutai Blockchain Router and its industrial configuration with its mission critical security subsystems,” said Dr. Marcelo Zuffo, who spearheads the project at the University of São Paulo, and leads the national IoT effort for Brazil. “The Subutai Blockchain Router, as a secure IoT gateway, has the ability to enable everything from Industry 4.0 to Smart Cities in Brazil. We’re very excited to complete this last part of the puzzle thanks our collaboration with OptDyn, Inc.”
“Mission critical IoT systems don’t have the option of learning from failures where lives and property are at stake,” said Professor Miguel Matrakas, manager of Celtab, one of the Research Centers of the Itaipu Technological Park (PTI; a foundation responsible for promoting scientific, technological and innovation development linked to Itaipu Binacional, the largest clean energy generator in the world), who surveyed the Subutai Blockchain Router v1.0 at Latinoware with Hall and OptDyn CTO and Founder Alex Karasulu. “The Subutai Blockchain Router and its industrial configuration provide the crucial hardware security infrastructure needed for IoT applications in the utility sector.”
“We’re impressed with the innovation and level of performance possible for numerous Smart City IoT projects using the Subutai Blockchain Router,” said Bruno Freitas, Head of the Innovation Unit for the State of São Paulo, Brazil. “The benefits of using this technology —which is being manufactured in São Paulo as part of the Brazilian national IoT program— are apparent. We look forward to considering the Subutai Blockchain Router as a viable option to meet the demands for IoT projects that build an intelligent and prosperous state and cities.”
The Residential Edition of the Subutai Blockchain Router is slated to go into production later this year after the Industrial Edition enters the market and we’re very excited about it’s ecological impact as an alternative to GPU based mining. It’s coming at just the right time, and offers greater flexibility over hardwired ASIC solutions. We also see the Blockchain Router opening the cryptocurrency mining market to FPGA vendors as well as ISP’s interested in providing them to their customers.
The primary cost of production for FPGA/SoC manufacturers is the startup costs of R&D and setting up manufacturing facilities. The difference between making 10 million versus 100 million chips is negligible. The high costs of FPGA SoC’s on the market is to control prices to recoup these initial startup costs. With a larger market for their chips FPGA manufacturers will naturally produce more and drop prices to earn more in the end. It’s all about marginal product revenue.
The main winner however is the environment. Thankfully only a small minute fraction of the world’s population is mining as we speak. Imagine the strain on the power grid when even 5% of the population starts to mine for cryptocurrency? If we can reduce the power consumption by even 100% the environment wins. We know we can reach higher levels of power efficiency up to 1083% when compared to existing GPU cards.
Tomas Evensen, Xilinx CTO, sees a great future for low power FPGA based mining to prevent the needless waste of electricity from power hungry GPU mining devices, “With the proper FPGA design, custom hash generating cores in the SoC can calculate hashes faster with fewer clock cycles and require much less power than using software running on mainboard CPUs or GPUs in graphics cards,” said Tomas Evensen, CTO Embedded Software at Xilinx. “We’re excited to see the Subutai Blockchain Router use our FPGAs for the consensus layer of distributed ledger technologies —while also protecting the environment.”
We intend to work closely with Xilinx and our partners to develop even more efficient editions of the Subutai Blockchain Router’s Residential Edition with a healthy pricepoint to compete with the costs of ASIC and GPU based mining products. We’re especially looking forward to the introduction of HBM DRAM in the MPSoC family of Xilinx products to raise the hash rates to a jaw dropping 58 MH/s.
What about ASIC Miners?
If you’ve ever felt bad for crumpling a clean sheet of paper after a mistake with indelible ink, then you can imagine the waste for mistakes when designing ASICs. Once burnt onto the silicon there’s no going back. The algorithm design cannot be improved, new blockchain algorithms cannot be supported.
For these and other reasons the process of designing and mass producing ASICs are still very high. Using already manufactured FPGAs does not incur that startup cost while FPGAs can be reprogrammed to improve efficiency even after consumers purchase the product. The first consumers are going to have to absorb the start up costs of these ASICS. We’re already seeing suggested prices of two to three thousand dollars for Bitmain products.
In terms of power efficiency FPGAs and ASICs are comparable. In terms of performance ASICs exhibit 20-50% higher performance. This is offset by the differences in flexibility which is a central theme of the Subutai Blockchain Router.
Also remember there’s no router functionality or multi-purpose function to these devices. The Blockchain Router is a cloud router and IoT gateway first and foremost. Our aim is not to just mine crypto. In fact, it’s never was our primary objective. That’s something the router can do on the side while handling its traditional router and gateway functions. Even if new blockchains with different mining algorithms emerge, the Blockchain Router can be reprogrammed to work with them so consumers will not be stuck with yet another useless electronic device that costs too much. Even if mining capabilities are disabled altogether the router can still use the fabric for its advanced security features.
What is the problem with the CLOUD Act, and how Subutai is the answer …
Before the CLOUD Act
Before the CLOUD Act the US government could ONLY get its hands on the data US companies kept on servers inside US borders. If a US company hosted data outside, say in the EU, the US government was unable to access this information using a warrant or subpoena. Accessing data from servers in other countries required treaties and understandings with these governments.
After the CLOUD Act
The CLOUD Act allows ALL the data hosted on servers inside and outside of the US by American corporations to be accessible to US authorities via warrant or subpoena. Additionally this information, associated with US and non-US citizens can be shared with other governments without congressional approval which bypasses national privacy laws in the US and of other nations.
What does this mean for Cloud Computing?
It’s ironic that they used a title for the act whose acronym (almost) spells out CLOUD: the CLarifying Overseas Use of Data Act. Whether or not the data being hosted by US companies outside of the US is stored technically in a cloud does not matter. The data could just be sitting on a disk drive of a server in a foreign state. However the reason for trying to force the CLOUD acronym is clear, the act impacts the cloud industry more than any other since their cloud resources are used predominantly to host applications and data overseas.
This is really bad news for cloud providers with centralized control and administration of their cloud. This should scare companies using their services in the US and outside even more than ever. Let’s take each case separately with the largest fake cloud provider “AcmeZoo, Inc.” which has regions all over the world. Up until now AcmeZoo was able to get business abroad because of laws preventing the US government from accessing data in regions outside of the US. The government of Brazil might have even considered hosting applications in AcmeZoo’s São Paulo region. They might have even seen it as OK, to pass privacy laws that have Brazilian companies hosting the information of Brazilian citizens in AcmeZoo data centers as long as they were in Brazil. With the CLOUD Act all this changes. It no longer matters where that data is stored, AcmeZoo being a US based company is required to hand the data of Brazilian citizens over to US authorities which can basically share it with any other nation now.
What does this mean for P2P Cloud Computing and Subutai?
This is great news for Subutai and couldn’t have happened at a better time. Subutai is the solution that everyone now certainly needs after the CLOUD Act has passed.
Subutai is a Peer-to-Peer (P2P) Cloud platform. It lets anyone buy or sell resources from anyone else to create private cloud environments across edge computers or data center servers. It is completely in the control of the cloud owner. The owner provides governance rules to specify who and from where they are willing to purchase resources and at what cost. There are several parameters that can be used to control your private cloud as it perpetually looks for resources to maintain your desired state for it.
Can’t US authorities get cloud data from OptDyn, a US based company?
Short answer NO.
OptDyn is a US-based company and is the creator of Subutai. OptDyn runs the Subutai Bazaar which is a marketplace with a reputation system and tracker for peer resources. It provides services to help clouds find resources satisfying governance rules around reputation and parameters such as uptime etc.
If the US government required this information it could get it without a subpoena. The best they can do with a warrant is get the names of people and the environments they run. They cannot access data in your P2P cloud environments. First of all OptDyn does not own those servers, others do in the ecosystem. Furthermore you keep your keys to your cloud. It cannot be accessed through OptDyn without doing those operations with your keys when interacting with the Bazaar. These keys are kept and managed in your browser using the Subutai E2E Security plugins.
When using Subutai, you can protect yourself from the CLOUD Act by running on peers owned and operated on servers owned by non-US companies. Subutai has all the governance rules to allow you to restrict exactly where you cloud will run. This is why it was created in the first place as a first class Infrastructure as a Service Cloud and IoT platform.
If you’re a Brazilian Government Agency you should stop using AcmeZoo, Inc. for cloud services from their São Paulo region. Your data is no longer safe there and can be traded to other governments thanks to the CLOUD Act. You can use Subutai with local Brazilian hosting providers under Brazilian law and jurisdiction instead to get an even more resilient government cloud or also leverage your own data centers in combination. This will guarantee that your data will never get into the hands of others you don’t want it in.
Shortly after September 11th of 2001 I traveled to Brazil, as I had done for many years before and have done for many years since then. However on this trip I had a very sad message to give to my Brazilian friends: “I am sorry, but you can not trust the United States any more.”
The reason I gave this message to the Brazilian people was that my country had passed the first of many laws that reduced the privacy rights of people around the world. That first law was called “The Patriot Act”, and if was a direct attack on the Fourth Amendment of the US Constitution. In the name of trying to suppress terrorism, the government weakened (some people would say eliminated) the protection granted to citizens of needing a court order or subpoena for searching your property.
I knew what the Patriot Act could mean, but it was only after a couple of years that the proof came to light. Through a disclosure by Edward Snowden it was discovered that the NSA of the United States was monitoring President Dilma’s (the president of Brazil) email. After that I wrote an open letter to President Dilma saying “I told you so.”
Over the years I (and many others) have hoped that the Patriot Act would have been tempered and greater privacy protections and oversights would have been built in, or that the most controversial parts of the Patriot Act (that was supposed to expire in 2015) would indeed expire. Unfortunately that has not been true, and the Patriot Act (and some of its sisters such as the “Foreign Intelligence Surveillance Act (FISA)” and the “Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring Act (USA FREEDOM Act)” both strengthened some of the worst parts of the Patriot Act, or extended them.
The recently passed “CLOUD” legislation was another step forward (or backward, depending on your point of view) to access data that would normally be protected by laws of different countries. In short, the US based law’s intent was to clarify and “streamline” access to data held in servers outside of the USA by USA based cloud companies. Previously the laws surrounding the surrender of this data was made “cloudy” (pun intended) by whether or not the data was actually protected by the privacy laws of the country in which the data resided. As an example, if the USA government wanted data on one of its citizens that was being held in Ireland, then the privacy laws of Ireland might prevent the data from being given to the government of the USA.
There were ways of working this out. An existing set of Mutual Legal Assistance Treaties (MLATs) allowed the United States Government (and other governments) to work together to deliver the information needed that would respect both government’s privacy laws. However, the USA wanted to “streamline” this more and thus the “CLOUD” legislation that allows pre-negotiated contracts between countries, and giving cloud providers only 14 days to object to these requests with what has been described as a complex “comity” analysis.
In addition, this “CLOUD” legislation opens up the possibility of other countries who value privacy even less than the United States, using these mechanisms to gain access to USA (or other countries’) citizens.
In other words, if you put the Patriot Act, the FISA laws, the FREEDOM Act and the CLOUD legislation together, it ends up with privacy “lost in the FOG”.
All of this is without the recent revelation by Edward Snowden that certain agencies of the United States can intercept packets of data that may be traveling from New York to San Francisco but (because of the way that the Internet works) could go outside of USA borders and be “tapped” at that point.
We talk about the “slippery slope”….there is nothing more slippery than layers of laws that chip away at privacy laws.
Therefore it is best to use cloud structure where you have control. Control of where your data is stored and control of who is storing your data. Control of where your processing is done. Control of where your Internet packets are traveling.
It pains me to have to talk about my own country this way, but as Benjamin Franklin once said: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”