Performing a Federated Learning experiment implies a lot of different compute tasks: local training, aggregation, testing on different organizations, etc. The role of the orchestrator is to distribute ML tasks among organizations, while ensuring complete traceability of operations.
The orchestrator registers the status of tasks; when a task is done (status
Done), it evaluates if some remaining tasks (status
Waiting) are now unblocked, and if it’s the case, the status of those tasks is changed to
To do. The new status is sent to all the backends, who store the new tasks
To do in the task queue (Celery). Then, the task queue will assign the task to one of the workers (if multiple) and handle retries if needed.
In case of failure, it will store failure reports and change the status of the faulty task to
In case of manual cancellation, it will change the status of the the tasks to Cancelled on different backends.
Centralized vs. decentralized orchestration¶
Substra offers two types of orchestration: distributed and centralized.
The distributed orchestration is based on a private blockchain using Hyperledger Fabric, while the centralized orchestration is hosted by a central Postgres database.
In both cases, the orchestration stores only non-sensitive metadata of the Substra assets, making it possible to verify the integrity of the assets and ensures that the permissions on the assets are respected.
Distributed orchestration enables trustless verification of the integrity of assets (functions, model, data), but it requires connections between organizations, and introduces a network overhead. It’s not possible to upgrade a Substra network when using distributed orchestration.
On the other hand, centralized orchestration requires trust in the central server, but it is faster and easier to deploy and maintain.
As long as you trust whomever is operating the orchestrator DB not to tamper with it, both modes offer the same level of guarantees. The decentralized mode has nice theoretical guarantees, but the network overhead is very significant, and has a lot of operational drawbacks. That is why, the vast majority (if not all) of the current Substra deployments are using the centralized orchestration system as it is easier to operate and faster. However, the distributed orchestration is still maintained.
This is the database supporting the ledger. You should back up the data of this Pod.
This is the actual orchestration service, accessed over gRPC.
This Pod is managed by a Job running on Helm chart installation or update. It deals with database schema changes.
The orchestrator is a central component. All backends from each Organization must have access to the orchestrator over gRPC for command/queries and event subsription.
The orchestrator authenticates clients with their TLS certificates. As a consequence, the Kubernetes Ingress must do SSL passthrough.
The orchestrator stores its data in a PostgreSQL database. Migrations are executed using a Kubernetes Job on installation and update (this relies on a Helm hook).