April 11, 2008

Behind firewall #2 …

Posted in Uncategorized at 1:18 pm by zhaewry

Disclaimer: I work for IBM, some of this material directly relates to my day job. I am not, however speaking in an official capacity. Your mileage may vary. Contents may have settled during shipping.

As many people have noticed, IBM and Linden Lab have announced a project where we are hosting a small number of regions inside the IBM firewalls, as part of exploring secure Second Life regions and future interoperability issues. (Press Release:)

I’ve had a couple of chats with people inside SecondLife, and at VW2008, about how this is happening, and what it might mean in terms of the grid, content creation, the interoperability work that is being done at the Architecture Working Group, and the OpenSim project. This entry is an attempt to summarize those thoughts

Let’s start with the very basics of what we’re doing. IBM and Linden Lab are setting up a small set of regions to run on a single IBM BladeCenter, behind the IBM firewall, with a small local asset server. The asset server, just like the beta grid, is a write-local asset server. What that means is that assets created on these regions end up in the local asset server. Things put into inventory on these regions end up on the local asset server. When the regions, or avatars on the regions fetch an asset, they go to the local asset server. If it has the asset, it serves it up. If it doesn’t, it fetches it from the main grid asset server. We plan to setup a local Vivox voice cluster. The rest of the region services come from the main linden grid. (Beta at the moment, main grid, as we validate the environment.) Note that the behind the firewall asset server won’t be visible from the main grid. Assets created on that asset server won’t be visible on the main grid.

Effectively, these regions form a set of island which are more secure than a regular island because chat, local rezzed assets, and stored assets can live in a region IBM controls. They are otherwise on the grid. They share the Linden asset cloud, they share Linden’s central services, and utilities. Users will log on with their main grid identity. Users logged into the regions will appear online to the main grid, able to receive IMs. Finally, these regions will fully honor the Linden mod/copy/transfer rules. (With an odd twist, playing with non-copy objects on these regions will end up with the asset trapped behind the firewall.)

This is a separate work item from any of our interoperability work. Its a chance for IBM and Linden to explore some of the things which happen when we can run islands which meet corporate needs for secure assets and chat. I am sure that we will learn some things about managing sub-grids, and about how the space gets used, which will inform some of the interoperability efforts, but. other than things of that nature, it is an unrelated project. IBM and Linden Lab have an ongoing collaboration, this is one of the efforts which had emerged from that work.

Several people have wondered if this would allow IBM to snag copies of assets from the main grid. Since this all happens inside the Linden Grid, the answer is no. An object on one of the private regions is as much on the grid as an object on any other private estate.

Someone suggested an Asset server would define a grid. In fact, I think that’s not the right way to think about what makes up a grid. An asset server is in the business of storing, and allowing grid components to fetch digital assets. An asset server can enforce some properties, such as only allowing one copy, of a non-copy asset to be on the grid or meta-gried, An asset server may chose which grid components it wishes to talk to. In a larger mesh of grids, asset servers are likely to be willing to talk to any region which they share a trust relationship. If this is the case, then that doesn’t help us define a grid at all.

I’d argue, tho, fairly softly, that a grid is going to be defined by the boundaries of its trust. Grids will most likely share core policies, and have a common trust policy. and.. we will probably see people define a broad range of grids, with different policies on assets, property rights and how they share objects.

Again, softly, I would argue that we are going to see many regions and grids which talk to multiple sets of asset servers. In the future, I might well have my clothing and shape fetched from a Linden Lab asset server, while rezzing objects from my personal virtual world hosting server’s asset server, on a landscape filled with trees from another “grid’s” asset server. Just like web pages today, some regions will be very homogeneous, filled with locally created and hosted content. Other regions will be filled with content linked in from across the greater set of grids

Finally, I’d observe that, while kicking off some thought about what we mean by “grid” didn’t fall isn’t part of why we are doing work like hosting a secured region, the fact that such questions come up, and get some attention, is desirable. Doing projects like this give the community concrete examples of some of the ways people will build out the virtual worlds space over the next few years.

~ Zha



  1. […] IBM’s big news at the conference was that they would be working with Second Life behind their firewall. But with 6000 plus IBMers in Second Life and a working interest in interoperability issues, it is common knowledge that IBM gets the open metaverse and its potential. Perhaps what is more surprising than the news of Second Life being experimented with on IBM blade servers is that this collaboration hadn’t happened sooner. For more insights on what the IBM behind the firewall project is about read David Levine’s (Zha Ewry in Second Life) post here. […]

  2. Jon Watte said,

    Thanks for sharing your thoughts; they are going down good paths.
    For a write-up of what a truly interoperable multi-vendor virtual world may look like in a little more detail, check out this URL: http://www.interopworld.com/node/22

  3. dusanwriter said,

    And I thought I had enough problems with perms, now there will be meta perms and sim-only assets. 🙂

    I was very excited about this news and I have to say the IBM folks I met at the conference were wonderful and enthused. Please keep us all posted on when you might host “firewalled sims” for others, I now have a list of people who are going to wait on their investment in SL until that happens.

  4. Alex said,

    Topic digest: http://yolto.com/FeedTopic.aspx?Id=896

  5. hosting plan said,

    Thanks for this post.Got new information about web hosting plans..It will be helpful for the users who searching for a best web hosting plans..:)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: