April 11, 2008
Behind firewall #2 …
Disclaimer: I work for IBM, some of this material directly relates to my day job. I am not, however speaking in an official capacity. Your mileage may vary. Contents may have settled during shipping.
As many people have noticed, IBM and Linden Lab have announced a project where we are hosting a small number of regions inside the IBM firewalls, as part of exploring secure Second Life regions and future interoperability issues. (Press Release:)
I’ve had a couple of chats with people inside SecondLife, and at VW2008, about how this is happening, and what it might mean in terms of the grid, content creation, the interoperability work that is being done at the Architecture Working Group, and the OpenSim project. This entry is an attempt to summarize those thoughts
Let’s start with the very basics of what we’re doing. IBM and Linden Lab are setting up a small set of regions to run on a single IBM BladeCenter, behind the IBM firewall, with a small local asset server. The asset server, just like the beta grid, is a write-local asset server. What that means is that assets created on these regions end up in the local asset server. Things put into inventory on these regions end up on the local asset server. When the regions, or avatars on the regions fetch an asset, they go to the local asset server. If it has the asset, it serves it up. If it doesn’t, it fetches it from the main grid asset server. We plan to setup a local Vivox voice cluster. The rest of the region services come from the main linden grid. (Beta at the moment, main grid, as we validate the environment.) Note that the behind the firewall asset server won’t be visible from the main grid. Assets created on that asset server won’t be visible on the main grid.
Effectively, these regions form a set of island which are more secure than a regular island because chat, local rezzed assets, and stored assets can live in a region IBM controls. They are otherwise on the grid. They share the Linden asset cloud, they share Linden’s central services, and utilities. Users will log on with their main grid identity. Users logged into the regions will appear online to the main grid, able to receive IMs. Finally, these regions will fully honor the Linden mod/copy/transfer rules. (With an odd twist, playing with non-copy objects on these regions will end up with the asset trapped behind the firewall.)
This is a separate work item from any of our interoperability work. Its a chance for IBM and Linden to explore some of the things which happen when we can run islands which meet corporate needs for secure assets and chat. I am sure that we will learn some things about managing sub-grids, and about how the space gets used, which will inform some of the interoperability efforts, but. other than things of that nature, it is an unrelated project. IBM and Linden Lab have an ongoing collaboration, this is one of the efforts which had emerged from that work.
Several people have wondered if this would allow IBM to snag copies of assets from the main grid. Since this all happens inside the Linden Grid, the answer is no. An object on one of the private regions is as much on the grid as an object on any other private estate.
Someone suggested an Asset server would define a grid. In fact, I think that’s not the right way to think about what makes up a grid. An asset server is in the business of storing, and allowing grid components to fetch digital assets. An asset server can enforce some properties, such as only allowing one copy, of a non-copy asset to be on the grid or meta-gried, An asset server may chose which grid components it wishes to talk to. In a larger mesh of grids, asset servers are likely to be willing to talk to any region which they share a trust relationship. If this is the case, then that doesn’t help us define a grid at all.
I’d argue, tho, fairly softly, that a grid is going to be defined by the boundaries of its trust. Grids will most likely share core policies, and have a common trust policy. and.. we will probably see people define a broad range of grids, with different policies on assets, property rights and how they share objects.
Again, softly, I would argue that we are going to see many regions and grids which talk to multiple sets of asset servers. In the future, I might well have my clothing and shape fetched from a Linden Lab asset server, while rezzing objects from my personal virtual world hosting server’s asset server, on a landscape filled with trees from another “grid’s” asset server. Just like web pages today, some regions will be very homogeneous, filled with locally created and hosted content. Other regions will be filled with content linked in from across the greater set of grids
Finally, I’d observe that, while kicking off some thought about what we mean by “grid” didn’t fall isn’t part of why we are doing work like hosting a secured region, the fact that such questions come up, and get some attention, is desirable. Doing projects like this give the community concrete examples of some of the ways people will build out the virtual worlds space over the next few years.