Software Components

HPE Ezmeral Runtime Enterprise is an enterprise-grade software platform that forms a layer between the underlying infrastructure and applications, transforming that infrastructure into an agile and flexible platform for virtual clusters running on containers.



NOTE

See the following articles for additional information about the following scenarios:

The high-level architecture is as follows (numbers correspond to the callouts in the preceding image):

  • Platform Administrator (1): One or more Platform Administrators handle overall administration, including managing hosts and creating tenants or projects. A Kubernetes Administrator can create Kubernetes clusters.
  • Hosts (2): Physical and/or virtual machines. See Controller, Gateway, and Worker Hosts and Gateway Hosts.
  • Data Storage Resources (3): Available on-premises and/or cloud-based storage resource. This comprises the following:
    • Data Source: This is where persistent job data required by the tenants/projects and virtual clusters is read and written. A data source is typically a DataTap: a shortcut that points to existing remote data storage locations on your network. A special TenantStorage DataTap is constructed from local storage to the hosts. DataTaps reduce or even eliminate the need to copy large volumes of data to and from the virtual clusters before and after running jobs, thus saving time and reducing network traffic. Please see About DataTaps.
    • Cluster file system: This is the storage where temporary data that is generated while running jobs within a given cluster is read and written. The cluster file system is built within the virtual cluster, on storage taken from the node storage space of the underlying host (on-premises and/or a remote storage resource).
    • Unique file directories for each tenant/project: Each tenant or project has its own sandboxed shared-storage area within the tenant/project storage space, whether on-premises or on the public cloud. This per-tenant storage can be used to isolate data that should be accessible by only one tenant or project. Optionally, it can be used to enforce a quota on the tenant's/project's use of that storage capacity.
  • Data Resources (4): A wide variety of storage protocols used by high-performance persistent data services, such as NFS, HDFS, and S3, are supported. Connectivity to existing external data sources is supported via both DataTaps and FS Mounts. See About DataTaps and About FS Mounts, respectively.
  • Container Control Plane (5): The control plane consists of the services that are installed on each of the hosts. HPE Ezmeral Runtime Enterprise automatically handles the back-end virtual cluster management, thereby eliminating the need for complex, time-consuming IT support. Platform and Tenant/Project Administrator users can perform all of these tasks in moments using the web interface.
  • Kubernetes (6):HPE Ezmeral Runtime Enterprise includes built-in support for Kubernetes clusters, tenants/projects, and pods. See Kubernetes Physical Architecture for an overview of the Kubernetes implementation.
  • Enterprise Integrations and Security (7): Built-in features help ensure a seamless integration between HPE Ezmeral Runtime Enterprise and your existing enterprise infrastructure, including:
    • Built-in user roles (Platform Administrator, Tenant Administrator, and Member) that allow you to control who can see certain data and perform specific functions. Roles are granted on a per-tenant or per-project basis, meaning that you can either restrict users to a single tenant/project or grant access to multiple tenants/projects. Each user may have at most one role per tenant/project.
    • Authenticating users via either the internal user database or your existing AD/LDAP setup.
    • Kerberos encryption for data traveling within the deployment and between the deployment and your existing infrastructure.
    • Load balancing for optimal resource usage.
    • SSL connections to the web interface for added protection.
    • SSO support to simplify user access.
  • Tenants or Projects (8): Tenants and/or AI/ML projects allow you to restrict access as needed, such as by department. Each tenant or project has its own unique sets of authorized users, DataTaps, applications, and virtual clusters that are never shared with other tenants/projects. Users with access to one tenant or project cannot access or modify any aspect of another tenant/project unless they have also been assigned a role (Tenant/Project Administrator or Member) on that tenant or project. Each tenant/project runs one or more virtual clusters that are created to run a wide variety of Big Data or AI/ML/DL applications, services, and jobs.
  • Tenant/Project Administrators (9): A Tenant or Project Administrator manages the resources assigned to that tenant or project. Each tenant or project must have at least one user with the Tenant Administrator or Project Administrator role, as appropriate.
  • End users (10): Tenant/Project Member users access virtual clusters within tenants to perform jobs.