# The Cloud, Part II: Virtualization

## Front Matter
### October 21st 2021 - Version 2.1.0

### Contact Details
<div class="alert alert-warning">

 - Dr. James Percival
 - Room 4.85 RSM building (ask first)
 - email: j.percival@imperial.ac.uk
 - Teams: <code>@Percival, James R</code> in module Team, or DM me.
</div>

### Learning Objectives

- Understand the basic difference between an emulator, a virtual machine and a container
- Know how to provision your own virtual machines on Azure
- Know the basics of building your own Docker container
- Understand the basics using SQL in Python

## Virtualization & Containerization

### Emulation

- Computer software acts as a "function" on hardware, taking in inputs and providing an output.
- Software written for one set of hardware can run on another if the inputs are the same and the outputs are processed appropriately.
- Those inputs can be provided by hardware _or_ software
Examples:
  - Old computer consoles
  - Rosetta on M1 Macs

### Translation layers

- Rather than "faking" hardware, we can fake software.
- Take user calls out to one operating system & run them on another
Examples:
  - WINE on Linux runs windows software
  - WSL on Windows (particularly the first version

### Virtual Machines

- As well as faking other hardware, computers can fake being (subset of) themselves.
- Second "layer" of file system, OS kernel & userspace on top of original, rather than BIOS
- Virtual machine
Ecamples:
- Virtual box, WSL 2 (kind of) VMware

- Virtualization is popular in data centres.
- Server chips:
  - have slow clock speeds (vs desktops)
  - have large core counts (up to order 50)
  - want tasks in parallel.
- Virtualization puts many computers on one chip.

### A Concrete example: Buying time on an Azure Virtual Machine

Let's rent a linux VM from Azure

1. Sign into the [Azure portal](https://portal.azure.com)
2. From the **All services** blade search for and select **Virtual machines** and then click **+ Add** and chose **+ Virtual machine**
3. Set up the machine with appropriate settings in terms of base image and access protocol.

Remember machines which are up cost credit.

Don't go away and leave them.

Delete resource groups you're finished with

## Azure Web services

Relevant protocols for Azure:

- Remote Desktop Protocol (RDP), to access Windows (and some linux) virtual machines and to use them in the same manner as a desktop.
- Secure Shell (SSH), to access a terminal on VMs (or apps on linux through X forwarding)
- Hypertext Transfer Protocol (HTTP/HTTPS) to access services via the web, whether through a browser, or another application.

Lets look further how that can work:

#### RDP

The remote desktop protocol (RDP) connects to a remote Windows machine like it's on your desk.

Available for:
- Windows PC
- Linux
- Mac
- Android
- iOS

#### SSH - secure shell

- Cryptographically secured shell (i.e. prompt/terminal/command line interface) c
- Available for (virtually) all systems.
- Most usual way to connect to large HPC systems

- Widely used, cheap to run, easy to leverage.

<div class="alert alert-warning">
    
#### Public key cryptography
    
- based on idea that some things are hard to "undo" without secret information
- many different algorithms
- publish some information-
- keep some secret
    
</div>

<div class="alert alert-warning">
    
##### RSA algorithm
    
- Pick two largish primes ( $p$ & $q) and one integer $e$).
-  Find second integer $d$ with
$$ e\cdot d = 1 \mod (p-1)(q-1) $$
- a couple of extra constrainsts, but nothing
- all (relatively) cheap to do.

<div class="alert alert-warning">
Now maths says
$$ m^{ed} = m \mod pq $$.
If I keep $d$ secret and send you $n:=pq$:
- **you** can send **me** a message $m$ by calculating
$$c = m^e \mod n $$
- I read it by calculating
$$ c^d \mod n = m^{de}\mod n = m \mod n.$$
- **I** can send *you a signed message
by calculating
$$c = m^d \mod n $$
- you read it by calculating
$$ c^e \mod n = m^{de}\mod n = m \mod n.$$
<div>
    
<div class="alert alert-warning">

- breaking the code means factorising $n = p\timesq$
- cost is approximately size of $p/q$
- For a 1024 bit key this is 512 bits, $2^{512}\approx 10^{153}$ operations.

</div>

Command in the form `ssh <user>@<server name>` connects to remote computer as specified user using port 22.

Firewalls tend to block unexpected connections.

 E.g `ssh jrper@sshgw.ic.ac.uk` connects me to the college gateway server.

 

### HTTP/HTML

By now you are probably sick of hearing about HTTP, so won't say any more here.

### Using Azure App Services to serve apps

[Azure Web Apps Services](https://azure.microsoft.com/en-gb/services/app-service/web/) delivers http Apps direct from GitHub. 

We'll do a live demo.

## Containers

- lightweight form of virtualization,
- same operating system kernel, many userspaces and filesystems
- A lot less work means can run more containers on the same machine.

### Docker

- Most famous & widely used container system is [Docker](https://docker.com). 
- Usually used for small linux containers

Terminology:
- scripts are called Dockerfiles
- build bundles called "images" containing a "frozen" system
- unfreeze and run bundle as a container.

_Dockerfile_

```
# set base image to build on
FROM python:3.8

# set/create current working directory inside container
WORKDIR /example

# copy a file from the host to the container
COPY requirements.txt .

# run a shell command
RUN pip install -r requirements.txt

# default command to run when container starts
ENTRYPOINT python 
```

Cheat sheet in lecture notes. As a short summary:

|Command| Example | Usage |
|:-----:|:-------:|:-----:|
|FROM | `FROM python:3.8`| Specify base image to start from.|
| COPY | `COPY file.txt /home` | Copy a local file to the container image.|
| ADD  | `ADD https://example.com/test.zip .` | Copy local or remote file to container image. |
| WORKDIR | `WORKDIR /home/user` | Switch to/create directory in container.|
| RUN     | `RUN python myfile.py`   | Execute command in container image. |
| CMD     | `CMD echo "hello"       | set default command for `docker run` on image.|
| ENTRYPOINT | `ENTRYPOINT echo` | set default command for `docker run` on image (accepts command line arguments). |

Build Dockerfile into image with

```
docker build [OPTIONS] PATH
```

e.g. inside the directory containing the Dockerfile and `requirements.txt` file.

```
docker build --tag example .
```

Start container from image with

```
docker run [OPTIONS] IMAGE [COMMAND]
```

eg.

```
docker run -it example
```

or, for a shell

```
docker run -it example bash
```

Images can be uploaded to Dockerhub.

### Azure container instances

Azure provides a service to run web apps and commands packaged into containers. This provides a simple, testable way to run your programs as a web app.



<div class="alert alert-warning">

### Local Python GUIs

Number GUI Toolkits compatible with Python, including: 
- [TK](https://docs.python.org/3/library/tk.html),
- [GTK+](https://python-gtk-3-tutorial.readthedocs.io/en/latest/)
- [QT5](https://www.riverbankcomputing.com/static/Docs/PyQt5/). 
      
Last one works well with Anaconda
    
</div>

<div class="alert alert-warning">

The _mygui.py_ script needs the `qtpy` package.

```bash
pip install qtpy
```

- Note this is built to work locally, not on Jupyterhub/via Flask.
- Need to use the `%gui qt` iPython magic in Jupyter.
- Other toolkits exist.
    
</div>

In [1]:
%gui qt

import sys
import examples.mygui as mygui

win = mygui.MainWindow(mygui.app)
win.show()

## Security and the Cloud

### Firewalls

There are enough evil people on the Internet that nothing is totally safe.

- Expect to be attacked!
- Network firewalls limit access to expected protocols from expected IPs

Azure provides controls on network interfaces to [limit the ports and services](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal) over the network. Default (and safest) option denies access unless you ask for it.

### App Authentication & Authorization

#### Good password storage

Understanding of how to deal with passwords has improved over the years, but it is still very easy to make a mistake. On the other hand, as a technically trained person it's possible that it's something you will one day be asked to organize (or manage). Current best practice is at or above the following protocols:

1. Use HTTPS f
2. add a "salt" to the password it, then hash it.
3. Store the salt & hashed password with your immutable user key in your database. Forget the password
4. When user logs in apply the same algorithm and then compare results.
5. Regardless, secure your database and only grant access on a need to know basis.

#### Single Sign On (SSO)

- Complicated, both for you and the user. 
- <ake it someone else's problem.

Single Sign On (SSO) does this using "tokens" (very short lived, very long passwords via a trusted third party website. Many providers:
- Google
- Facebook
- Twitter 
- Weibo. 

Many of these use a common framework called Open Authentication version 2 (also known as OAuth2).

A variety of SSO helper packages exist for Python. For Azure & Microsoft Active directory, the relevant package is called `msal`. For (most of) an example use case, leveraging another package called `flask-login` look at the files in the `examples/auth` directory.

- _login.py_
- _teams.py

#### Multifactor Authentication (MFA)

Currently the gold standard for authentication. Need 2 of

1. Something you know (e.g. a password)
2. Something you have (e.g. your phone)
3. Something you are (e.g. your fingerprint).

#### The GDPR and other legal requirements

- The UK and the EU countries have similar data protection laws.
- Storing personal information is complicated.
- Try not to do it
- Only do it as long as you need to

Although computational and environmental data science is less affected than, for example, medicine, it is still possible that they will one day apply to you. Individuals have the right to request a copy of the records held on them and to correct any wrong information which is being stored. 

## Other Azure Cloud Services

### Azure Functions

[Azure Functions](https://azure.microsoft.com/en-gb/blog/introducing-azure-functions/) is a service which allows a Python function to be accessed directly from the web via parameters passed through a URL. An example will be shown in the lecture.

## Data

Azure has several systems available to store data, depending on its format. Might be:

- unstructured binary data,
- structured databases (or spreadsheets)
- or something in between.

### Blob Storage

To quote Microsoft, [blob storage](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction) is designed to hold:

> - Serving images or documents directly to a browser.
> - Storing files for distributed access.
> - Streaming video and audio.
> - Writing to log files.
> - Storing data for backup and restore, disaster recovery, and archiving.
> - Storing data for analysis by an on-premises or Azure-hosted service.

-Data is accessed via a network interface,
- You pay for it!
- Charges depending on:
    - how frequent access is 
    - the volume of data transferred. 
    
In general a URL is assigned to each item, which can be used in multiple ways, including those listed above, to access the blob object.

### SQL

Azure provides a number of ways to access data in databases.

Most of them are built around the [SQL database language](https://www.codecademy.com/articles/sql-commands): 
- From 1974
-  hierarchical approach:
    - database server holds databases,
    - databases hold tables,
    - tables hold records
    - records have multiple values in multiple columns. 

Python comes with inbuilt support for SQL in SQLite format, in which individual databases are stored in local files, via the builtin package `sqlite3`. To use a full fat SQL server on Azure appropriate additional software should be downloaded [e.g the MySql connector](https://docs.microsoft.com/en-us/azure/mysql/connect-python). However the basic syntax to connect to, read and update individual databases remains similar.

In [None]:
import sqlite3

#Connect to/create db file
conn = sqlite3.connect('my_db.sqlite')
cur = conn.cursor()

In [None]:
try:
    cur.execute("CREATE TABLE fruit(id INTEGER PRIMARY KEY AUTOINCREMENT, name VARCHAR(50), price INTEGER)")
    print("Table created")
except sqlite3.OperationalError:
    print("Table exists")

In [None]:
# Write some data
cur.execute("INSERT INTO fruit (name, price) VALUES (?,?);", ("apple", 300))

In [None]:
# Read some data
cur.execute("SELECT * FROM fruit;")
rows = cur.fetchall()

for row in rows:
    print(row)

In [None]:
cur.execute("SELECT price FROM fruit WHERE id=?;", "1")
row = cur.fetchone()
print('Price:', row)

conn.commit()
cur.close()
conn.close()

For complicated interactions use Pandas or SQLAlchemy.

#### Azure ML Service

[This product](https://azure.microsoft.com/en-gb/services/machine-learning/#product-overview) provides a service somewhere between PaaS and SaaS allowing you to develop black box machine learning solutions in classification and prediction. To understand what's going on, you should probably wait until later in the course, but feel free to study independently.

## Summary

You should now:
- Understand the basic difference between an emulator, a virtual machine and a container
- Know how to provision your own virtual machines on Azure
- Know the basics of building your own Docker container
- Understand the basics using SQL in Python

## Further Reading

- The [Azure documentation pages](https://docs.microsoft.com/en-us/azure/?product=featured), particularly:
  - The [pages for Python Developers](https://docs.microsoft.com/en-us/azure/developer/python/)
  - The [pages for Virtual Machines](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/)
  - The [pages for container instances](https://docs.microsoft.com/en-us/azure/container-instances/container-instances-quickstart)
- The other Azure Fundamentals [walkthroughs](https://microsoftlearning.github.io/AZ-900T0x-MicrosoftAzureFundamentals/).
- Docker's [documentation](https://docs.docker.com/) pages.
- The Docker [tutorials](https://www.docker.com/101-tutorial).
- The `msal` [documentation](https://github.com/AzureAD/microsoft-authentication-library-for-python).
- More information on [SQL and Python](https://realpython.com/python-sql-libraries/).