Impact of single parameter changes on Ceph cloud storage performance

In a general purpose cloud system efficiencies are yet to be had from supporting diverse applications and their requirements within a storage system used for a private cloud. Supporting such diverse requirements poses a significant challenge in a storage system that supports fine grained configuration on a variety of parameters. This paper uses the Ceph distributed file system, and in particular its global parameters, to show how a single changed parameter can effect the performance for a range of access patterns when tested with an OpenStack cloud system

Introduction to Directory Services

The Directory has grown to be an important OSI application as it acts as a focal point and general support for a number of other applications. This work first points out directory requirements in the OSI framework and other OSI applications, as the Mail Handling System. The first version of the X.500 standard is then described and some Directory related issues are discussed. In particular, X.500 Directory as a database system is examined and some directory service implementations are presented

Security and the digital domain

Security does not sound a very exciting topic for this book, which is showing you new and challenging ways to view your business and how you conduct it. Security means many different things in different contexts. Most of the time, what it is about is protection of people or objects. In our context, security is about protection of information. Two questions arise from the notion of protection of information: 1)Why is protection necessary? and 2)What are we protecting it from? The first question concerns the fact that information has value. If it did not, there would be little point in keeping it. That value is not always value in a strictly financial sense, although the cost of recovering or recreating information may be a significant issue. Archivists have traditionally defined four main types of record value, namely: administrative/informational, legal/evidential, compliance/regulatory and historical. Security is about protecting these as much as anything else. Additionally, a great deal of information is about people, and in many cultures and circumstances people have a right to expect that at least some of the information about them is treated as confidential. Confidentiality implies protection. The second question concerns the fact that there are threats to information, an aspect that we will return to at intervals in this chapter. If one is to protect something, one has to identify what the threats are, so as to take appropriate steps to mitigate them. This chapter is essentially about what the threats are and the steps that can be taken in relation to them. If you have been an archivist or records manager for some time, you will probably have a fairly shrewd idea as to how to deal with many of these issues in a world of physical manifestations of information (books, manuscripts, ledgers, minute books, maps, plans and such like). You may be rather less clear how to deal with these matters in a world of digital manifestations (bits, bytes, computer files, databases and networks). One of the tasks of this chapter is to make the connections between the two worlds, so that you can use and build upon what you already know as the balance of your work moves from physical towards digital, as it probably will

A Distributed Security Architecture for Large Scale Systems

This thesis describes the research leading from the conception, through development, to the practical implementation of a comprehensive security architecture for use within, and as a value-added enhancement to, the ISO Open Systems Interconnection (OSI) model. The Comprehensive Security System (CSS) is arranged basically as an Application Layer service but can allow any of the ISO recommended security facilities to be provided at any layer of the model. It is suitable as an 'add-on' service to existing arrangements or can be fully integrated into new applications. For large scale, distributed processing operations, a network of security management centres (SMCs) is suggested, that can help to ensure that system misuse is minimised, and that flexible operation is provided in an efficient manner. The background to the OSI standards are covered in detail, followed by an introduction to security in open systems. A survey of existing techniques in formal analysis and verification is then presented. The architecture of the CSS is described in terms of a conceptual model using agents and protocols, followed by an extension of the CSS concept to a large scale network controlled by SMCs. A new approach to formal security analysis is described which is based on two main methodologies. Firstly, every function within the system is built from layers of provably secure sequences of finite state machines, using a recursive function to monitor and constrain the system to the desired state at all times. Secondly, the correctness of the protocols generated by the sequences to exchange security information and control data between agents in a distributed environment, is analysed in terms of a modified temporal Hoare logic. This is based on ideas concerning the validity of beliefs about the global state of a system as a result of actions performed by entities within the system, including the notion of timeliness. The two fundamental problems in number theory upon which the assumptions about the security of the finite state machine model rest are described, together with a comprehensive survey of the very latest progress in this area. Having assumed that the two problems will remain computationally intractable in the foreseeable future, the method is then applied to the formal analysis of some of the components of the Comprehensive Security System. A practical implementation of the CSS has been achieved as a demonstration system for a network of IBM Personal Computers connected via an Ethernet LAN, which fully meets the aims and objectives set out in Chapter 1. This implementation is described, and finally some comments are made on the possible future of research into security aspects of distributed systems.IBM (United Kingdom) Laboratories Hursley Park, Winchester, U

Securing Cloud File Systems using Shielded Execution

Cloud file systems offer organizations a scalable and reliable file storage solution. However, cloud file systems have become prime targets for adversaries, and traditional designs are not equipped to protect organizations against the myriad of attacks that may be initiated by a malicious cloud provider, co-tenant, or end-client. Recently proposed designs leveraging cryptographic techniques and trusted execution environments (TEEs) still force organizations to make undesirable trade-offs, consequently leading to either security, functional, or performance limitations. In this paper, we introduce TFS, a cloud file system that leverages the security capabilities provided by TEEs to bootstrap new security protocols that meet real-world security, functional, and performance requirements. Through extensive security and performance analyses, we show that TFS can ensure stronger security guarantees while still providing practical utility and performance w.r.t. state-of-the-art systems; compared to the widely-used NFS, TFS achieves up to 2.1X speedups across micro-benchmarks and incurs <1X overhead for most macro-benchmark workloads. TFS demonstrates that organizations need not sacrifice file system security to embrace the functional and performance advantages of outsourcing

Multimedia Content Distribution Management Using a Distributed Topology

Advertising plays an important role in order for many companies to promote their products and services. It can be expensive to place advertisements with no guarantees that the message will reach the intended persons. In this field, targeted advertising is the mainstream strategy to captivate the potential consumer. People are used to see advertisements everywhere they go in many different forms. One of those is the use of screen displays that are believed to make the ads more engaging. However, using digital screens to advertise may lead to some issues, like down times or unwanted error messages from the device that controls the screens. This can cause a bad experience for both the target audience and the advertiser. This thesis was developed within the scope of a project called Vixtape. It’s a platform with the goal of turning any public screen into an ads displaying device and in the process reward the screen owner by exposing ads to the target audience. It also has the mission of giving the end user a optimal technological experience, no flaws and highly efficient. All these characteristics are accomplished by the use of a new open source technology called Interplanetary File System (IPFS), that allow devices to share content between them in a Peer-to-Peer (P2P) topology. This content distribution method saves Internet bandwidth to the end user (i.e., the Vixtape service client) and also enables the devices to work offline in case their Internet connection drops. This will greatly reduce the common problems seen with ads screen, thus giving a better experience to both the audience and the end user. By the end of this document one can see that, adding a distributed topology to the Vixtape platform increased the Internet usage efficiency of the ads devices by always having up-to-date content available. This avoids that a device unnecessarily requests content from any of the other devices that had previously requested it. Additionally, a strategy to target a given audience was employed in order to choose the right ads to play. This further increases the maximum potential consumers the advertisements are shown to

A comparative study of structured and un-structured remote data access in distributed computing systems

Recently, the use of distributed computing systems has been growing rapidly due to the result of cheap and advanced microelectronic technology. In addition to the decrease in hardware costs, the tremendous development in machine to machine communication interfaces, especially in local area networking, also favours the use of distributed systems. Distributed systems often require remote access to data stored at different sites. Generally, two models of access to remote data storage exist: the un structured and structured models. In the former, data is simply stored as row of bytes, whereas in the latter, data is stored along with the associated access codes. The objective of this thesis is to compare these two models and hence determines the tradeoffs of each model. First of all, an extended review of the field of distributed data access is provided which addressing key issues such as the basic design principles of distributed computing systems, the notions of abstract data types, data inheritance, data type system and data persistence. Secondly, a distributed system is implemented using the persistent programming language PS-algol and the high level language C in conjunction with the remote procedure call facilities available in Unix(^1) 4.2 BSD operating system. This distributed system makes extensive use of Unix's software tools and hence it is called DCSUNIX for Distributed Computing System on UNIX. Thirdly, two specific applications which employ the implemented system will be given so that a comparison can be made between the two remote data access models mentioned above. Finally, the implemented system is compared with the criteria established earlier in the thesis. keywords: abstract data types, class, database management, data persistence, information hiding, inheritance, object oriented programming, programming languages, remote procedure calls, transparency, and type checking