ResBaz Cloud – Containerised Research Apps as a Service

Just over three years or so ago, the OU’s KMi started experimenting with a service to support researchers that made RStudio – and a linked MySQL database – available as on online service (Open Research Data Processes: KMi Crunch – Hosted RStudio Analytics Environment).

I’m not sure if they’ve also started exploring the provision of other browser accessed applications – Jupyter noteboooks, for example – but developing online personal application delivery models is something I’ve felt the OU should be exploring for a long time – for undergraduate and postgraduate teaching, as well as research.

I don’t know whether KMi have been looking at delivering apps via self-service launching of dockerised/containerised applications, or whether there are any HE or Research Council infrastructure projects looking at supporting this sort of thing, but it seems that other enlightened agencies are… For example, a few weeks ago I came across a tweet from ex-JISC disrupter Dave Flanders mentioning the Australian ResBaz cloud service:

DIT4C_0_9_6

Offering a free service to the Australian academic research community (I’m grateful to the team for providing me with reviewer access:-), early stage researchers can request access (or configure access?) to a named research cluster, and then deploy containers to it:

DIT4C_0_9_6_container

The containerised applications on offer are initially configured by the ResBaz team – I don’t think there’s a way of pointing to your own Dockerfile/setupconfig/image on Dockerhub – but this means there is an element of support that will help you get set up with an application that you know will run!

DIT4C_0_9_6_node

The containers you create persist – you can turn them off and on again, as well as deleting them and creating new ones – which means you can save project and data files within the container. There’s also an option to export the container, supports portability, I guess.

The platform itself is reminiscent of a minimal take on something like wakari.io, which provides access to a hosted version of IPython notebooks within a claimed workbench environment. To my mind, KMi Crunch as more of a workbench feel to it, because it provides application integration, (RSTudio + MySQL), albeit baked in. At the moment, ResBaz doesn’t seem to offer that. (However, another service that I’ll be blogging about in a day or two, binder, does provide support for 1-click created linked containers (although again, the configuration options are limited). I think binder is builds on elements of tmpnb.org, which itself demonstrates support for a full blown Jupyter install capable of running several kernels, which may be something for the ResBaz folk to think about (for example, offering at least an R kernel within the notebooks, and maybe Python 3 as well as Python 2.7?)

Home

One of the great things about the ResBaz set-up seems to be its support for training events. From my own personal experience, it’s really handy to be able to point workshop participants to online, browser reachable versions of the applications covered in the workshop you’re running.

For OU teaching, I think we really should be looking seriously at using software packages that can be accessed via a browser and run either as a local virtualised service or as a remotely hosted service to try to mitigate against software install issues/hassles. For OU postgrad research students, I think that running applications via containers has a lot to recommend it. And for academic researchers, including the growing number of digital humanities researchers, I think that the range of benefits associated with being able to run research software using what is essentially as software-application-as-a-service model are increasing.

But then, what do I know? I just watched a bunch of folk wasting much of the day trying to work out how to support a raft of remote, informal learners install some remotely hosted and maintained third party s/w onto all manner of personally managed weird and wonderful Windows machines. (The ones on company machines tend not to have the privileges they need to install the software, so we just forget about them. The ones on notebooks wondering why their machines start to fall over when they have to run more than a browser, or the ones who have tablets that can’s install anything other than custom built applications, are also discounted… If the OU is set on becoming a global, online provider, someone needs to start thinkingdoing something about this…)

See also: Seven Ways of Running IPython Notebooks

6 comments

  1. Simon Rae

    Hi Tony, the bit where you talk about
    “OU teaching, I think we really should be looking seriously at using software packages that can be accessed via a browser and run either as a local virtualised service or as a remotely hosted service to try to mitigate against software install issues/hassles.”
    reminds me so much of the bad old / good old days of ACS (Academic Computing Services) and centrally provided computing services. All the best (?) Computing Applications available to students & staff at the end of a link from their dumb terminal. And all the bother of updating, housekeeping and finance were covered by the highly trained ACS staff! And, on very good days, there was a synergy between staff unsure of what the computer could do for them and computer centre staff and together they would work something out that would advance both of their fields (two minds being better than one!).
    Not so much an option for students of course, but if sympathetically organized, I think there’s much to be said for the teaching organizations to take back the humdrum control of IT and remove some of the worry that learners have with doing it all themselves.

    • Tony Hirst

      @simon My attitude is that folk will increasingly have access to the web, but not necessarily access to a computer onto which they can install software applications. (TM351 course development has been hampered by the fact that IT managed OU machines don’t allow folk to use virtual machines. And IT seem so far reluctant to consider ways for making it easy for folk to run arbitrary VMs or docker containers on OU mediated hardware.)

      I remember the days of the OU OLA CD, which used to provide installable generic apps as well as course specific software. I also wondered once whether the OU could follow Google’s lead in making an “OU updater” available [http://ouseful.open.ac.uk/blogarchive/005516.html]. The current OU IT mafia drive to roll out managed desktops suggests one possibility – students are given a student flavour of the OU desktop, with course software preinstalled, to run in a VM – but I can’t really see a plausible adoption path that ends up with that result?

      IMHO, we are now in a position where we can offer students access to “computer lab” machines, variously flavoured, that can run either on a student’s own machine (if it can cope with it) or remotely (and then either on OU mediated services or via a commercial third party on which students independently run the software). But the lack of imagination and support for trying to innovate in our production processes and delivery models means it might make more sense to look to working with third parties to try to find ways of (self-)supporting our students.

  2. Tim Dettrick (@tjdett)

    Tony, as the dev behind DIT4C (http://dit4c.github.io/), which powers the ResBaz Cloud, there are a few points I’d like to expand on:

    I don’t think there’s a way of pointing to your own Dockerfile/setupconfig/image on Dockerhub

    There is, but it’s restricted to the owners of compute nodes: https://i.imgur.com/9UKLOfE.png

    DIT4C predates the current confidence in AppArmor to allow users to run arbitrary Docker containers without being a security risk. My experience with AppArmor + Docker has not been great, which is part of the reason I don’t share that confidence, but eventually DIT4C might allow arbitrary Docker containers protected by SELinux. For the moment, DIT4C containers run as non-root users without setuid binaries, using proot (http://proot.me/) to provide package installation support.

    For more detail on why, I highly recommend reading Jérôme Petazzoni’s take on it here:

    TLDR: arbitrary containers supplied by users would currently break the security model

    I think binder is builds on elements of tmpnb.org, which itself demonstrates support for a full blown Jupyter install capable of running several kernels, which may be something for the ResBaz folk to think about (for example, offering at least an R kernel within the notebooks, and maybe Python 3 as well as Python 2.7?)

    Well, to start off with you can run the tmpnb.org notebook environment (https://hub.docker.com/r/jupyter/demo) on DIT4C. That’s not an accident – I had a chat with the devs in the early days to make DIT4C would be compatible with their images. I’ve loaded it (all 8GB!) on the review node if you’d like a look.

    We also have a Python 3 image in beta (https://github.com/dit4c/dockerfile-dit4c-container-ipython/tree/python3) and proof-of-concept Jupyter image with Octave & Julia kernels. An R-kernel Jupyter image was considered, but our R trainers considered it superfluous given RStudio is the more common platform. When the scope moves beyond training I imagine that could change.

    The main aim is to make it easy to create new images for DIT4C, so researchers aren’t just limited in the tools they can use with it.

    More info on DIT4C here: http://dit4c.github.io/

  3. Tony Hirst

    @Tim
    Thanks for those comments – as a technology optimist, I appreciate that many of my “wouldn’t it be nice if…” ideas don’t really take into account security concerns!
    Re: the tmpnb/Jupyter kernels – it was an observation as much as anything, again under the possibly naive assumption that it’s relatively straightforward(?!) to add additional kernels. (I appreciate I know nothing about the practicalities of running real s/w deployments!)
    The ResBaz cloud looks to be a really great resource. It’d be great to learn more about the human processes involved in supporting it (eg setting up accounts etc), which I guess play a key part in the sustainability/costing of the project. I guess there are trade-offs to be made between getting trusted folk to do stuff on behalf of users, versus building systems to let non-trusted folk do stuff? (And many times it may be that the former will be quicker, cheaper, more reliable, more secure?)

    • David F. Flanders (@dfflanders)

      Tony, should we enable anyone to use so long as they have a .edu, .ac.uk, etc? We want to make it better! How can we get you and your colleagues at the OU to run ResBaz community training there (and everywhere) atop resbaz.cloud.edu.au ?!

      • Tony Hirst

        @David That sounds like the original Facebook strategy to me!;-) I think that Marian Petre at the OU was doing something around Software Carpentry, but not sure what? I’ll try to ask around the OU Research School about that sort of training they provide and whether there’s an opportunity to run something here. I take it for now you are most focussed on supporting researchers?