Management,)Security)and) Sustainabilityfor Cloud)Compung...

Management, Security and Sustainability for Cloud Compu8ng

Carlos Becker Westphall

Networks and Management Laboratory Federal University of Santa Catarina

JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 1

MANAGEMENT AND SECURITY FOR CLOUD COMPUTING

JULY 22TH, LAS VEGAS, USA 2 WORLDCOMP 2013 -‐ TUTORIAL

(Based on the reference: – M. A. P. Leandro, T. J. Nascimento, D. R. Santos, C. M. Westphall, C. B. Westphall. MulR-‐Tenancy AuthorizaRon System with Federated IdenRty to Cloud Environment Using Shibboleth. InternaRonal Conference on Networks. Feb. 2012.)

Content at a Glance •  IntroducRon and Related Works •  Cloud CompuRng •  IdenRty Management •  Shibboleth •  Federated MulR-‐Tenancy AuthorizaRon System on Cloud – Scenario –  ImplementaRon of the Proposed Scenario – Analysis and Test Results within Scenario

•  Conclusions and Future Works


IntroducRon •  Cloud compuRng systems: reduced upfront investment, expected performance, high availability, infinite scalability, fault-‐tolerance. •  IAM (IdenRty and Access Management) plays an important role in controlling and billing user access to the shared resources in the cloud.


IntroducRon

•  IAM systems need to be protected by federaRons.

•  Some technologies implement federated idenRty, such as the SAML (Security AsserRon Markup Language) and Shibboleth system.

•  The aim of this paper is to propose a mulR-‐tenancy author izaRon system us ing Shibboleth for cloud-‐based environments.


Related Work •  R. Ranchal et al. 2010 - an approach for IDM is proposed, which is independent of Trusted Third Party (TTP) and has the ability to use idenRty data on untrusted hosts.

•  P. Angin et al. 2010 - an enRty-‐centric approach for IDM in the cloud is proposed. They proposed the cryptographic mechanisms used in R. Ranchal et al. without any kind of implementaRon or validaRon.


This Work •  Provide idenRty management and access control and aims to: (1) be an independent third party; (2) authenRcate cloud services using the user's privacy policies, providing minimal informaRon to the Service Provider (SP); (3) ensure mutual protecRon of both clients and providers.

•  This paper highlights the use of a specific tool, Shibboleth, which provides support to the tasks of authenRcaRon, authorizaRon and idenRty federaRon.

•  The main contribuRon of our work is the implementaRon in cloud and the scenario presented.


The NIST Cloud DefiniRon Framework

Community Cloud

Private Cloud

Public Cloud

Hybrid Clouds

Deployment Models

Service Models

EssenRal CharacterisRcs

Common CharacterisRcs

Socware as a Service (SaaS)

Pladorm as a Service (PaaS)

Infrastructure as a Service (IaaS)

Resource Pooling

Broad Network Access Rapid ElasRcity

Measured Service

On Demand Self-‐Service

Low Cost Socware

VirtualizaRon Service OrientaRon

Advanced Security

Homogeneity

Massive Scale Resilient CompuRng

Geographic DistribuRon

Based upon original chart created by Alex Dowbor JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 8

IdenRty Management •  Digital idenRty is the representaRon of an enRty in the form of afributes.

hfp://en.wikipedia.org/wiki/IdenRty_management JULY 22TH, LAS VEGAS, USA 9 WORLDCOMP 2013 -‐ TUTORIAL

IdenRty Management

•  IdenRty Management (IdM) is a set of funcRons and capabiliRes used to ensure idenRty informaRon, thus assuring security.

•  An IdenRty Management System (IMS) provides tools for managing individual idenRRes.

•  An IMS involves: – User –  IdenRty Provider (IdP) – Service Provider (SP)


IMS

•  Provisioning: addresses the provisioning and deprovisioning of several types of user accounts.

•  Authen/ca/on: ensures that the individual is who he/she claims to be.

•  Authoriza/on: provide different access levels for different parts or operaRons within a compuRng system.

•  Federa/on: it is a group of organizaRons or SPs that establish a circle of trust.


•  The OASIS SAML (Security AsserRon Markup Language) standard defines precise syntax and rules for requesRng, creaRng, communicaRng, and using SAML asserRons.

•  The Shibboleth is an authenRcaRon and authorizaRon infrastructure based on SAML that uses the concept of federated idenRty. The Shibboleth system is divided into two enRRes: the IdP and SP.


Shibboleth •  The IdP is the element responsible for authenRcaRng users: Handle Service (HS), Afribute Authority (AA), Directory Service, AuthenRcaRon Mechanism.

•  The SP Shibboleth is where the resources are stored: AsserRon Consumer Service (ACS), Afribute Requester (AR), Resource Manager (RM).

•  The WAYF ("Where Are You From", also called the Discovery Service) is responsible for allowing an associaRon between a user and organizaRon.


In Step 1, the user navigates to the SP to access a protected resource. In Steps 2 and 3, Shibboleth redirects the user to the WAYF page, where he should inform his IdP. In Step 4, the user enters his IdP, and Step 5 redirects the user to the site, which is the component HS of the IdP. In Steps 6 and 7, the user enters his authenRcaRon data and in Step 8 the HS authenRcate the user. The HS creates a handle to idenRfy the user and sends it also to the AA. Step 9 sends that user authenRcaRon handle to AA and to ACS. The handle is checked by the ACS and transferred to the AR, and in Step 10 a session is established. In Step 11 the AR uses the handle to request user afributes to the IdP. Step 12 checks whether the IdP can release the afributes and in Step 13 the AA responds with the afribute values. In Step 14 the SP receives the afributes and passes them to the RM, which loads the resource in Step 15 to present to the user.


Federated MulR-‐Tenancy AuthorizaRon System on Cloud

•  IdM can be implemented in several different types of configuraRon: –  IdM can be implemented in-‐house; –  IdM itself can be delivered as an outsourced service. This is called IdenRty as a Service (IDaaS);

– Each cloud SP may independently implement a set of IdM funcRons.

•  In this work, it was decided to use the first case configuraRon: in-‐house.


ConfiguraRons of IDM systems on cloud compuRng environments


Federated MulR-‐Tenancy AuthorizaRon System on Cloud

•  This work presents an authorizaRon mechanism to be used by an academic insRtuRon to offer and use the services offered in the cloud.

•  The part of the management system responsible for the authenRcaRon of idenRty will be located in the client organizaRon.

•  The communicaRon with the SP in the cloud (Cloud Service Provider, CSP) will be made through idenRty federaRon.

•  The access system performs authorizaRon or access control in the environment.

•  The insRtuRon has a responsibility to provide the user afributes for the deployed applicaRon SP in the cloud.

•  The authorizaRon system should be able to accept mulRple clients, such as a mulR-‐tenancy.


Scenario •  A service is provided by an academic insRtuRon in a CSP, and shared with other insRtuRons. In order to share services is necessary that an insRtuRon is affiliated to the federaRon.

•  For an insRtuRon to join the federaRon it must have configured an IdP that meets the requirements imposed by the federaRon.

•  Once affiliated with the federaRon, the insRtuRon will be able to authenRcate its own users, since authorizaRon is the responsibility of the SP.


Scenario -‐ Academic FederaRon sharing services in the cloud


ImplementaRon of the Proposed Scenario

•  A SP was primarily implemented in the cloud: – an Apache server on a virtual machine hired by the Amazon Web Services cloud.

–  InstallaRon of the Shibboleth SP. –  InstallaRon of DokuWiki, which is an applicaRon that allows the collaboraRve ediRng of documents.

– The SP was configured with authorizaRon via applicaRon, to differenRate between common users and administrators of Dokuwiki.


ImplementaRon of the Proposed Scenario – Cloud Service Provider


ImplementaRon of the Proposed Scenario – cloud IdP


ImplementaRon of the Proposed Scenario

•  The JASIG CAS Server was used to perform user authenRcaRon through login and password, and then passes the authenRcated users to Shibboleth.

•  The CAS has been configured to search for users in a Lightweight Directory Access Protocol (LDAP). To use this directory OpenLDAP was installed in another virtual machine, also running on Amazon's cloud.

•  To demonstrate the use of SP for more than one client, another IdP was implemented, also in cloud, similar to the first. To support this task Shibboleth provides a WAYF component.


Analysis and Test Results within Scenario

•  In this resulRng structure, each IdP is represented in a private cloud, and the SP is in a public cloud.

The results highlighted two main use cases: •  Read access to documents •  Access for edi/ng documents


Conclusions

•  The use of federaRons in IdM plays a vital role. •  This work was aimed at an alternaRve soluRon to a IDaaS. IDaaS is controlled and maintained by a third party.

•  The infrastructure obtained aims to: (1) be an independent third party, (2) authenRcate cloud services using the user's privacy policies, providing minimal informaRon to the SP, (3) ensure mutual protecRon of both clients and providers.


Conclusions •  This paper highlights the use of a specific tool, Shibboleth, which provides support to the tasks of authenRcaRon, authorizaRon and idenRty federaRon.

•  Shibboleth was very flexible and it is compaRble with internaRonal standards.

•  It was possible to offer a service allowing public access in the case of read-‐only access, while at the same Rme requiring credenRals where the user must be logged in order to change documents.


Future Work •  We propose an alternaRve authorizaRon method, where the user, once authenRcated, carries the access policy, and the SP should be able to interpret these rules.

•  The authorizaRon process will no longer be performed at the applicaRon level.

•  Expanding the scenario to represent new forms of communicaRon.

•  Create new use cases for tesRng. •  Use pseudonyms in the CSP domain.


Some References - E. Bertino, and K. Takahashi, Identity Management - Concepts, Technologies, and Systems. ARTECH HOUSE, 2011. - “Security Guidance for Critical Areas of Focus in Cloud C o m p u t i n g , ” C S A . O n l i n e a t : h t t p : / /www.cloudsecurityalliance.org. - “Domain 12: Guidance for Identity and Access Management V2.1.,” Cloud Security Alliance. - CSA. Online at: https://cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf. - D. W. Chadwick, Federated identity management. Foundations of Security Analysis and Design V, Springer-Verlag: Berlin, Heidelberg 2009 pp. 96–120. JULY 22TH, LAS VEGAS, USA 29 WORLDCOMP 2013 -‐ TUTORIAL

Some References - A. Albeshri, and W. Caelli, “Mutual Protection in a Cloud Computing environment,” Proc. 12th IEEE Intl. Conf. on High Performance Computing and Communications (HPCC 10), pp. 641-646. - R. Ranchal, B. Bhargava, A. Kim, M. Kang, L. B. Othmane, L. Lilien, and M. Linderman, “Protection of Identity Information in Cloud Computing without Trusted Third Party,” Proc. 29th IEEE Intl. Symp. on Reliable Distributed Systems (SRDS 10), pp. 368–372. - P. Angin, B. Bhargava, R. Ranchal, N. Singh, L. B. Othmane, L. Lilien, and M. Linderman, “An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing,” Proc. 29th IEEE Intl. Symp. on Reliable Distributed Systems (SRDS 10), pp. 177–183. JULY 22TH, LAS VEGAS, USA 30 WORLDCOMP 2013 -‐ TUTORIAL

MANAGEMENT AND SUSTAINABILITY FOR CLOUD

COMPUTING – PART 1


(Based on the reference: -‐ J. Werner, G. A. Geronimo, C. B. Westphall, F. L. Koch, R. R. de Freitas, C. M. Westphall. Environment, Services and Network Management for Green Clouds. CLEI Electronic Journal. Aug. 2012.)

Summary

1 -‐ IntroducRon 2 -‐ MoRvaRon 3 -‐ Proposals and SoluRons 4 -‐ Case Studies 5 -‐ Results 6 -‐ Conclusions 7 -‐ Future Works


1 IntroducRon

•  We propose an integrated soluRon for env i ronment , serv ices and network management based on organizaRon theory model.

•  This work introduces the system management model, analyses the system’s behavior, describes the operaRon principles, and presents case studies and some results.


1 IntroducRon

•  We extended CloudSim to simulate the organizaRon model approach and implemented the migraRon and reallocaRon policies using this improved version to validate our management soluRon.

•  OrganizaRon: 2 introduces a moRvaRng scenario. 3 outlines the system design. 4 presents case studies. 5 presents some results.


2 MoRvaRon

•  Our research was moRvated by a pracRcal scenario at our university’s data center.

•  OrganizaRon theory model for integrated management of the green clouds focusing on:

•  (i) opRmizing resource allocaRon through predicRve models;


2 MoRvaRon

•  (ii) coordinaRng control over the mulRple elements, reducing the infrastructure uRlizaRon;

•  (iii) promoRng the “balance” between local and remote resources; and

•  (iv) aggregaRng energy management of network devices.


2 MoRvaRon (Concepts & Analysis)

Cloud compuRng •  This structure describes the most common implementaRon of cloud; and

•  I t i s based on server v irtual izaRon funcRonaliRes, where there is a layer that abstracts the physical resources of the servers and presents them as a set of resources to be shared by VMs.


The NIST Cloud DefiniRon Framework

41

Community Cloud

Private Cloud

Public Cloud

Hybrid Clouds

Deployment Models

Service Models

EssenRal CharacterisRcs

Common CharacterisRcs

Socware as a Service (SaaS)

Pladorm as a Service (PaaS)

Infrastructure as a Service (IaaS)

Resource Pooling

Broad Network Access Rapid ElasRcity

Measured Service

On Demand Self-‐Service

Low Cost Socware

VirtualizaRon Service OrientaRon

Advanced Security

Homogeneity

Massive Scale Resilient CompuRng

Geographic DistribuRon

Based upon original chart created by Alex Dowbor JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL


Green cloud •  The green cloud is not very different from cloud compuRng, but it infers a concern over the structure and the social responsibility of energy consumpRon; and

•  Hence aiming to ensure the infrastructure sustainability without breaking contracts.



Analysis •  Table I relates (1) the 3 possible combinaRons between VMs and PMs, with (2) the average acRvaRon delay, and (3) the chances of the services not being processed (risk); and

•  It also presents the energy consumed according to each scenario.



PM State VM State Time Risks WaUs Consump8on

Down Down 30s High 0Ws None

Up Down 10s Medium 200Ws Medium

Up Up 0s None 215Ws High

RELATION BETWEEN SITUATIONS & RISKS & ACTIVATION DELAY & CONSUMPTION (ASSUNÇÃO, M. D. ET AL. ENERGY 2010)


2 MoRvaRon (Related Works)

•  E. Pinheiro, et al. “Load balancing and unbalancing for power and performance in cluster-‐based systems” in Proceedings of the Workshop on Compilers and OperaRng Systems for Low Power. 2001.

•  Pinheiro et al. have proposed a technique for managing a cluster of physical machines that minimizes power consumpRon whi le maintaining the QoS level.



•  The main technique to minimize power consumpRon is to adjust the load balancing system to consolidate the workload in some resources of the cluster to shut down the idle resources.

•  At the end, besides having an economy of 20% compared to fullRme online clusters, it saves less than 6% of the whole consumpRon of the data center.



•  R. N. Calheiros, et al. “Cloudsim: A toolkit for modeling and simulaRon of cloud compuRng environments and evaluaRon of resource provisioning algorithms” Socware: PracRce and Experience. 2011.

•  Calheiros et al. have developed a framework for cloud compuRng simulaRon. It has four main features:



•  (i) it allows for modeling and instanRaRon of major cloud compuRng infrastructures,

•  (ii) it offers a pladorm providing flexibility of service brokers, scheduling and allocaRons policies,

•  ( i i i ) its virtualizaRon engine can be customized, thus providing the capability to simulate heterogeneous clouds, and



•  (iv) it is capable of choosing the scheduling strategies for the resources.

•  R. Buyya, et al. “Intercloud: URlity-‐oriented federaRon of cloud compuRng environments for sca l ing of appl icaRon serv ices” Proceedings of the 10th InternaRonal Conference on Algorithms and Architectures for Parallel Processing. 2010.



•  Buyya et al. suggested creaRng federated clouds, called Interclouds, which form a cloud compuRng environment to support dynamic expansion or contracRon.

•  The simulaRon results revealed that the availability of these federated clouds reduces the average turn-‐around Rme by more than 50%.



•  It is shown that a significant benefit for the applicaRon’s performance is obtained by using simple load migraRon policies.

•  R. Buyya, et al. “Energy-‐Efficient Management of Data Center Resources for Cloud CompuRng: A Vision, Architectural Elements, and Open Challenges” in Proceedings of the 2010 InternaRonal Conference on Parallel and Distr ibuted Processing Techniques and ApplicaRons.


2 MoRvaRon (Related Works) •  Buyya et al. aimed to create architecture of green cloud. In the proposals some simulaRons are executed comparing the outcomes of proposed policies, with simulaRons of DVFS (Dynamic Voltage and Frequency Scaling).

•  They leave other possible research direcRons open, such as opRmizaRon problems due to the virtual network topology, increasing response Rme for the migraRon of VMs because of the delay between servers or virtual machines when they are not located in the same data centers.



•  L. Liu, et al. “Greencloud: a new architecture for green data center” in Proceedings of the 6th internaRonal conference industry session on autonomic compuRng. 2009.

•  Liu et al. presented the GreenCloud architecture to reduce data center power consumpRon while guaranteeing the performance from user perspecRve.



•  P. Mahavadevan, et al. “On Energy Efficiency for Enterprise and Data Center Networks” in IEEE CommunicaRons Magazine. 2011.

•  Mahadevan et al. described the challenges relaRng to life cycle energy management of network devices, present a sustainability analysis of these devices, and develop techniques to significantly reduce network operaRon power.


2 MoRvaRon (Problem Scenario)

•  To understand the problem scenario, we introduce the elements, interacRons, and operaRon principles in green clouds.

•  The target in green clouds is: how to keep resources turned off as long as possible?

•  The interacRons and operaRon principles of the scenario are:



•  (i) there are mulRple applicaRons generaRng different load requirements over the day;

•  (ii) a load “balance” system distributes the load to acRve servers in the processing pool;

•  (iii) the resources are grouped in clusters that include servers and local environmental control units; and



•  (iv) the management system can turn on/off machines overRme, but the quesRon is when to acRvate resources on-‐demand?

•  In other words, taking too much delay to acRvate resources in response to a surge of demand (too reacRve) may result in the shortage of processing power for a while.


3 Proposals and SoluRons




•  The four roles that operaRons system may be classified as are: VM management; Servers management; Network management; and Environment management.

•  The three roles that service system may be classified as are: Monitor element; Service scheduler; and Service analyser.



•  We can take as example of Planning Rules the following noRons:

•  (i) if the PM presents a high load, to decrease the load, we will move the VM with more processing to another PM; and

•  (ii) if the datacenter presents a high load, to decrease the general load, we will turn on more PMs.



•  We can take as example of Beliefs the following noRons:

•  (i) the acRvaRon of a VM type A increases the consumpRon in B KWh; and

•  (ii) the VM type A supports C requests per second.

4 Case Studies

•  We modeled the system using Norms (NM), Beliefs (BL) and Plan Rules (PR), inferring that we would need (NM) to reduce energy consumpRon.

•  Based on inferences from NM, BL and PR agents would monitor the system and determine acRons dynamically.


5 Results The main components implemented in the improved version at CloudSim are as follows: HostMonitor: controls the input and output of physical machines; VmMonitor: controls the input and output of virtual machines; NewBroker: controls the size of requests; SensorGlobal: controls the sensors; CloudletSchedulerSpaceShareByTimeout: controls the size and simulaRon Rme; VmAllocaRonPolicyExtended: allocaRon policy; VmSchedulerExtended: allocates the virtual machines; URlizaRonModelFuncRon: checks the format of requests; CloudletWaiRng: controls the Rme of the request; and DatacenterExtended: controls the datacenter.


5 Results


5 Results

PROPOSED SCENARIO CHARACTERISTCS

Parameter Value

VM – Image size 1GB

VM -‐ RAM 256MB

PM -‐ Engine Xen

PM -‐ RAM 8GB

PM -‐ Frequency 3.0GHZ

PM -‐ Cores 2


5 Results (consump/on)


5 Results (SLA viola/ons)


5 Results (Hybrid strategy)


5 Results (Hybrid strategy)

REDUCTION OF COST AND POWER CONSUMPTION

Strategy Cost Consump8on

On-‐demand -‐ 3.2 % -‐ 23.5 %

Idle resources -‐ 49.0 % -‐ 59.0 %


6 Conclusions

•  Tests were realized to prove the validity of the system by uRlizing the CloudSim simulator from the University of Melbourne in Australia.

•  We have implemented improvements related to service-‐based interacRon.

•  We implemented migraRon policies and relocaRon of virtual machines by monitoring and controlling the system.


6 Conclusions

We achieved the following results in the test environment: -‐ Dynamic physical orchestraRon and service orchestraRon led to 87,18% energy savings, when compared to staRc approaches; and -‐ Improvement in load “balancing” and high availability schemas provide up to 8,03% SLA error decrease.


7 Future Works •  As future work we intend to simulate other strategies to get a more accurate feedback of the model, using other simulaRon environment and tesRng different approaches of beliefs and plan rules.

•  Furthermore, we would like to exploit the integraRon of other approaches from the field of arRficial intelligence, viz. bayesian networks, advanced strategies of intenRon reconsideraRon, and improved coordinaRon in mulR-‐agent systems.



MANAGEMENT AND SUSTAINABILITY FOR CLOUD COMPUTING – PART 2


(Based on the reference: -‐ G. A. Geronimo, J. Werner, C. B. Westphall, C. M. Westphall, L. DefenR. Provisioning and Resource AllocaRon for Green Clouds. InternaRonal Conference on Networks. Jan. 2013.)

Summary

1 -‐ IntroducRon 2 – State of the Art 3 – Model 4 – Proposal (Results) 5 -‐ Conclusions 6 – Future Works 7 – Some References



(J. Werner, G. A. Geronimo, C. B. Westphall et al. CLEI EJ 2012)

1 IntroducRon

-‐ The aim of Green Cloud CompuRng is to achieve a balance between the resource consumpRon and quality of service. -‐ Dynamic provisioning and allocaRon strategies are needed to regulate the internal se|ngs of the cloud to address oscillatory peaks of workload. -‐ In this context, we propose strategies to opRmize the use of the cloud resources without decreasing the availability.


1 IntroducRon

-‐ This work introduces two hybrid strategies based on a distributed system management model, describes the base strategies, operaRon principles, tests, and presents the results. -‐ We extended CloudSim to simulate the organizaRon model upon which we were based and to implement the strategies, using this improved version to validate our soluRon.


1 IntroducRon

-‐ We aim to propose an allocaRon strategy to private clouds and a provisioning strategy for Green Clouds, which suits the oscillatory workload and unexpected peaks. -‐ We will focus on finding a soluRon that consumes low power and generates acceptable request losses.


1 IntroducRon

OrganizaRon of this presentaRon: -‐ 2. comments the state of the art based in some references; -‐ 3. explains under which model the strategies were based; -‐ 4. presents the proposal, tests, and the results; -‐ 5. concludes this presentaRon; and -‐ 6. addresses some future works.


2 State of the Art

-‐ The reference [8] uses a Dynamic Voltage Frequency Scaling (DVFS) strategy to decrease the energy consumpRon in PMs used as virtualizaRon hosts. -‐ It adapts the clock frequency of the CPUs with the real usage of the PMs. It decreases the frequency in idle nodes and increases when is needed. -‐ JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 81

2 State of the Art

-‐ The workload balance strategy for clusters in [9], tries to achieve a lower energy consumpRon unbalancing the cluster workload, generaRng idle nodes and turning off them. -‐ The paper [10] tries to decrease the hosRng costs in public and/or federated clouds using the costs and fines in contracts as metrics to befer allocate the resources.


3 Model

-‐ Management Systems based on the OrganizaRon Theory, providing the means to describe why / how elements of the cloud environment should behave to achieve global system objecRves, which are (among others): opRmum performance, reduce operaRng costs, appointment of dependence, service level agreements, and energy efficiency. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 83

3 Model

-‐ Managing Cloud through the principles of the OrganizaRon Theory provides the possibility for an automaRc configuraRon management system, since adding a new element (e.g., V i r tua l Machines , Phys ica l Machines , Uninterrupted Power Supply, Air CondiRoning) is just a mafer of adding a new service on the Management Group. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 84

3 Model

-‐ The proposed strategies are based on a proacRve management of Clouds, which is based on the distribuRon of responsibiliRes in holes, as seen in next figure. The responsibility of management of the cloud elements is distributed among several agents, separated in holes, and each agent controls individually, a Cloud element that suits him. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 85

3 Model


4 Proposal

-‐ For the conscious resource provisioning of the data center, we propose a hybrid strategy that uses public cloud as an external resource used to miRgate probable Service level Agreements (SLAs) breaches due to unexpected workload peaks. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 87

4 Proposal

-‐ In parallel, to the opRmal use of local resources, we propose a strategy of dynamic reconfiguraRon of the VMs afributes, allocated in the data center. -‐ Given the distributed model presented in the previous secRon, we use the Cloud simulaRon tool CloudSim to simulate the university data center environment.


4 Proposal (AllocaRon)

-‐ The resource allocaRon strategy is a proposal that introduces a composiRon of two other approaches: (1) the migraRon of VMs, which aims to focus on the processing of cloud, and (2) the Dynamic ReconfiguraRon of VMs, which aims to relocate dynamically the resources used by the VMs. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 89



PROPOSED SCENARIO CHARACTERISTCS


Parameter Value

VM – Image size 1GB

VM -‐ RAM 256MB

PM -‐ Engine Xen

PM -‐ RAM 8GB

PM -‐ Frequency 3.0GHZ

PM -‐ Cores 2


1) VMs Migra/on Strategy: This strategy aims to reduce power consumpRon by disabling the idle PMs of the Cloud. To induce idleness in the PMs, the VMs are migrated and concentrated in a few PMs. 2) VMs Dynamic Reconfigura/on Strategy: It adjusts the parameters of the VM, without migraRng it or turning it off. For example, we can increase or decrease the parameters of CPU and memory allocated.



Four scenarios were simulated in order to seek the comparaRve analysis between ordinary cloud (Scenario 1), the exisRng methods (Scenarios: 2 and 3), and the proposed approach (Scenario 4). Those were: No strategies; MigraRng VMs Strategy; Reconfiguring the VMs Strategy; Reconfiguring and migraRng VMs Strategy. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 94


Scenario Reconf. Strategy Migrat. Strategy Consump8on Timeout

1 No No -‐ -‐

2 No Yes 84.3 % 8.0 %

3 Yes No 0.4 % -‐

4 Yes Yes 87.2 % 7.3 %


Table I (RESULTS OF ALLOCATION’S SCENARIOS) shows the results of the simulaRons. It tells what strategies were used in each scenario and what percentage (approximate) reducRon was obtained, compared to the scenario without strategies.

4 Proposal (Provisioning)

-‐ The hybrid strategy is based on the merge of two other strategies, the On-‐Demand strategy (OD) and the Spare Resources strategy (SR). -‐ It aims to present a power consumpRon lower than the SR strategy and a wider availability than the OD strategy. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 96


1) On-‐Demand Strategy: The principle of OD strategy is to acRvate the resources when they are needed. In our case, when a service reaches a saturaRon threshold, new VMs would be instanRated. When there is no more space to instanRate new VMs, new PMs would be acRvated to host the new VMs. The opposite also applies; when a threshold of idleness is reached, the idle VMs and PMs are disabled. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 97


On-‐Demand Strategy proved to be very efficient energeRcally, since it maintains a minimum amount of acRve resources. But, it has been shown ineffecRve in scenarios that had sudden spikes in demand, because the process to acRvate the resource took too much Rme, and the requests ended up generaRng losses. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 98


Spare Resource Strategy: To miRgate the problem of requests Rmeouts, originated by a long acRvaRon Rme of resources, we adopt the strategy SR, whose principle is reserve idle resources ready to be used. In our case, there was always one idle VM ready to process the incoming requests and one idle PM ready to instanRate new VMs. If these resources were used, they were no longer considered idle, and new idle resources were acRvated.



The Spare Resource strategy has been shown effecRve in remedying unexpected peak demands, but it showed the same behavior of OD strategy in cases where demand rose very rapidly; in other words, the idle feature was not enough to process the demand. Another negaRve point was the energy consumpRon; since they always had an acRve and idle resource, the consumpRon has been greater than the OD strategy. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 100


3) Hybrid Strategy: Seeking the merger of the strengths of the previous strategies and miRgaRng its shortcomings, we propose a hybrid strategy. This strategy aims to reduce the energy consumpRon on private cloud and reduce the breakage of SLA’s service in general.



As shown in next figure, the cloud enables the VMs when the service in quesRon reaches its saturaRon threshold, just as the OD strategy. When more PMs space is unable to allocate more VMs, it uses the public cloud to host the new VMs while the PM is passing through the acRvaRon process. This is to fulfill requests that would be lost during the acRvaRon process. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 102


4) Tests Results: As previously menRoned, we performed some modificaRons to the CloudSim code, in order to enable the simulaRon of scenarios. Before we started the simulaRon, we defined some variables for the scenario, such as the saturaRon threshold and idleness, for example. Some of these variables are shown in Table II. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 104

4 Proposal (Provisioning) Variable Value

SaturaRon Threshold (Load 1 minute) 1.0

Idleness Threshold (Load 1 minute) 0.1

AcRvaRon VM Rme (seconds) 10

AcRvaRon PM Rme (seconds) 120

Size of Request (MI) 1000 to 2000

Number of PMs 8

Maximum number of VMs per PMs 5

SLA Rmeout threshold (seconds) 10


Table II (SIMULATION’S VARIABLES)


To get an overview of how each strategy would behave in different scenarios, we ran a series of tests which varied (1) the amount of requests and (2) the size of the requests. To maintain the defined request distribuRon (explained in the beginning of SecRon 3), we used mulRpliers to increase the requests. Those mulRpliers started from 2 to 20 in steps of 2 (2, 4, 6, etc.).



The size of the requests ranged from 1000 to 2000 MI (Millions InstrucRons), in steps of 100 (1000, 1100, 1200, etc.). This way, it performed a series of 100 simulaRons. This test evaluated the power consumpRon of the private cloud and the total number of Rmeouts. Next figures demonstrates 100 simulaRons in two images, the percentage of Rmeouts (top) and the energy consumpRon of the private cloud (bofom) are plofed.



Table III shows the results obtained in the ”worst case scenario”, by definiRon, with the mulRplier equal to 20 and the request size equal to 2000 MI. Regarding the results in Table III, it took the Hybrid Strategy as a basis of comparison. In this case, the values listed are for hybrid strategy. For example, the hybrid strategy presented 3% less requisiRon Rmeouts than the OD strategy. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 110


Table III (HYBRID STRATEGY COMPARED TO THE OTHER STRATEGIES)

On demand Spare

Timeouts -‐ 3 % 15 %

ConsumpRon -‐ 18 % -‐ 52 %


5 Conclusions

Based on what was presented in the previous secRons, and considering the objecRves set at the beginning of this paper, we consider the intended goal was achieved. Two strategies for allocaRon and provisioning, were proposed; both aimed at opRmizing the energy resource without sacrificing service availability.


5 Conclusions

The allocaRon strategy in private clouds, compared to a normal cloud, demonstrated a 87% reducRon in energy consumpRon. It was observed that this strategy is not effecRve in scenarios where the workload is oscillaRng. That’s because it ends up generaRng too much unnecessary reconfiguraRons and migraRons. Despite this, it sRll shows a significant gain in energy savings when compared to a cloud without any strategy deployed. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 113

5 Conclusions

The hybrid strategy for provisioning in green clouds, demonstrated a 52% consumpRon reducRon over the SR strategy, and a Rmeout rate 3% lower than the OD strategy. Thus, we conclude that the use of this strategy is recommended in situaRons where the acRvaRon Rme of the resource is expensive for the health of SLA. We also idenRfied that using this is not recommended when the public cloud should be used sparingly due to their course or other factors. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 114

6 Future Works

As future work, we aim at adding the strategy of Dynamic ReconfiguraRon of VMs in public clouds. This procedure was not adopted because, during the development of this work, this feature was not a market reality. We also intend to invest in new simulaRons of the cloud extending the variables (such as DVFS and UPS) and, if possible, explore some arRficial intelligence techniques such as Bayesian networks. JULY 22TH, LAS VEGAS, USA WORLDCOMP 2013 -‐ TUTORIAL 115

6 Future Works

Our PCMONS (Private Cloud Monitoring System), open-‐source soluRons for cloud monitoring and management, also will help to manage green clouds, by automaRng the instanRaRon of new resource usage. We foresee, in opposiRon to unexpected peaks scenarios, work with cloud management based on prior knowledge of the behavior of hosted services. It is believed to be necessary to develop a descripRon language to represent the structure and behavior of a service, enabling the exchange of informaRon between applicaRons for planning, provisioning, and managing the cloud.


7 Some References

-‐ J. Werner, G. A. Geronimo, C. B. Westphall, F. L. Koch, R. R. Freitas, and C. M. Westphall, “Environment, services and network management for green clouds,” CLEI Electronic Journal, vol. 15, no. 2, p. 2, 2012. -‐ R. Buyya, A. Beloglazov, and J. Abawajy, “Energy-‐Efficient management of data center resources for cloud compuRng: A vision, architectural elements, and open challenges,” in Proceedings of the 2010 Interna/onal Conference on Parallel and Distributed Processing Techniques and Applica/ons (PDPTA 2010), Las Vegas, USA, July 12, vol. 15, 2010.


7 Some References

-‐ R. Buyya, “Modeling and simulaRon of scalable cloud compuRng environments and the cloudsim toolkit: Challenges and opportuniRes,” in HPCS 2009. Interna/onal Conference on. IEEE, 2009, pp. 1–11. -‐ G. von Laszewski, L. Wang, A. Younge, and X. He, “Power aware scheduling of virtual machines in dvfs enabled clusters,” in Cluster Compu/ng and Workshops, 2009. CLUSTER ’09. IEEE Interna/onal Conference on, 2009, pp. 1–10.


Management,)Security)and) Sustainabilityfor Cloud)Compung...

Documents

Transcript of Management,)Security)and) Sustainabilityfor Cloud)Compung...