InterCloud: Utility-Oriented Federation of Cloud Computing Environments for Scaling of Application Services

Cloud computing providers have setup several data centers at different geographical locations over the Internet in order to optimally serve needs of their customers around the world. However, existing systems do not support mechanisms and policies for dynamically coordinating load distribution among different Cloud-based data centers in order to determine optimal location for hosting application services to achieve reasonable QoS levels. Further, the Cloud computing providers are unable to predict geographic distribution of users consuming their services, hence the load coordination must happen automatically, and distribution of services must change in response to changes in the load. To counter this problem, we advocate creation of federated Cloud computing environment (InterCloud) that facilitates just-in-time, opportunistic, and scalable provisioning of application services, consistently achieving QoS targets under variable workload, resource and network conditions. The overall goal is to create a computing environment that supports dynamic expansion or contraction of capabilities (VMs, services, storage, and database) for handling sudden variations in service demands. This paper presents vision, challenges, and architectural elements of InterCloud for utility-oriented federation of Cloud computing environments. The proposed InterCloud environment supports scaling of applications across multiple vendor clouds. We have validated our approach by conducting a set of rigorous performance evaluation study using the CloudSim toolkit. The results demonstrate that federated Cloud computing model has immense potential as it offers significant performance gains as regards to response time and cost saving under dynamic workload scenarios.Comment: 20 pages, 4 figures, 3 tables, conference pape

Cloud Services Enable Efficient AI-Guided Simulation Workflows across Heterogeneous Resources

Applications that fuse machine learning and simulation can benefit from the use of multiple computing resources, with, for example, simulation codes running on highly parallel supercomputers and AI training and inference tasks on specialized accelerators. Here, we present our experiences deploying two AI-guided simulation workflows across such heterogeneous systems. A unique aspect of our approach is our use of cloud-hosted management services to manage challenging aspects of cross-resource authentication and authorization, function-as-a-service (FaaS) function invocation, and data transfer. We show that these methods can achieve performance parity with systems that rely on direct connection between resources. We achieve parity by integrating the FaaS system and data transfer capabilities with a system that passes data by reference among managers and workers, and a user-configurable steering algorithm to hide data transfer latencies. We anticipate that this ease of use can enable routine use of heterogeneous resources in computational science

BECA: A Blockchain-Based Edge Computing Architecture for Internet of Things Systems

The scale of Internet of Things (IoT) systems has expanded in recent times and, in tandem with this, IoT solutions have developed symbiotic relationships with technologies, such as edge Computing. IoT has leveraged edge computing capabilities to improve the capabilities of IoT solutions, such as facilitating quick data retrieval, low latency response, and advanced computation, among others. However, in contrast with the benefits offered by edge computing capabilities, there are several detractors, such as centralized data storage, data ownership, privacy, data auditability, and security, which concern the IoT community. This study leveraged blockchain’s inherent capabilities, including distributed storage system, non-repudiation, privacy, security, and immutability, to provide a novel, advanced edge computing architecture for IoT systems. Specifically, this blockchain-based edge computing architecture addressed centralized data storage, data auditability, privacy, data ownership, and security. Following implementation, the performance of this solution was evaluated to quantify performance in terms of response time and resource utilization. The results show the viability of the proposed and implemented architecture, characterized by improved privacy, device data ownership, security, and data auditability while implementing decentralized storage

A Survey of the Security Challenges and Requirements for IoT Operating Systems

The Internet of Things (IoT) is becoming an integral part of our modern lives as we converge towards a world surrounded by ubiquitous connectivity. The inherent complexity presented by the vast IoT ecosystem ends up in an insufficient understanding of individual system components and their interactions, leading to numerous security challenges. In order to create a secure IoT platform from the ground up, there is a need for a unifying operating system (OS) that can act as a cornerstone regulating the development of stable and secure solutions. In this paper, we present a classification of the security challenges stemming from the manifold aspects of IoT development. We also specify security requirements to direct the secure development of an unifying IoT OS to resolve many of those ensuing challenges. Survey of several modern IoT OSs confirm that while the developers of the OSs have taken many alternative approaches to implement security, we are far from engineering an adequately secure and unified architecture. More broadly, the study presented in this paper can help address the growing need for a secure and unified platform to base IoT development on and assure the safe, secure, and reliable operation of IoT in critical domains.Comment: 13 pages, 2 figure

Application-agnostic Personal Storage for Linked Data

Personaalsete andmete ristkasutuse puudumine veebirakenduste vahel on viinud olukorrani, kus kasutajate identiteet ja andmed on hajutatud eri teenusepakkujate vahel. Sellest tulenevalt on suuremad teenusepakkujad, kel on rohkem teenuseid ja kasutajaid,\n\rväiksematega võrreldes eelisseisus kasutajate andmete pealt lisandväärtuse, sh analüütika, pakkumise seisukohast. Lisaks on sellisel andmete eraldamisel negatiivne mõju lõppkasutajatele, kellel on vaja sarnaseid andmeid korduvalt esitada või uuendada eri teenusepakkujate juures vaid selleks, et kasutada teenust maksimaalselt. Käesolevas töös kirjeldatakse personaalse andmeruumi disaini ja realisatsiooni, mis lihtsustab andmete jagamist rakenduste vahel. Lahenduses kasutatakse AppScale\n\rrakendusemootori identiteedi infrastruktuuri, millele lisatakse personaalse andmeruumi teenus, millele ligipääsu saab hallata kasutaja ise. Andmeruumi kasutatavus eri kasutuslugude jaoks tagatakse läbi linkandmete põhimõtete rakendamise.Recent advances in cloud-based applications and services have led to the continuous replacement of traditional desktop applications with corresponding SaaS solutions. These cloud applications are provided by different service providers, and typically manage identity and personal data, such as user’s contact details, of its users by its own means.\n\rAs a result, the identities and personal data of users have been spread over different applications and servers, each capturing a partial snapshot of user data at certain time moment. This, however, has made maintenance of personal data for service providers difficult and resource-consuming. Furthermore, such kind of data segregation has the overall negative effect on the user experience of end-users who need to repeatedly re-enter and maintain in parallel the same data to gain the maximum benefit out of their applications. Finally, from an integration point of view – sealing of user data has led to the adoption of point-to-point integration models between service providers, which limits the evolution of application ecosystems compared to the models with content aggregators and brokers.\n\rIn this thesis, we will develop an application-agnostic personal storage, which allows sharing user data among applications. This will be achieved by extending AppScale app store identity infrastructure with a personal data storage, which can be easily accessed by any application in the cloud and it will be under the control of a user. Usability of data is leveraged via adoption of linked data principles

Software-Defined Data Protection: Low Overhead Policy Compliance at the Storage Layer is Within Reach!

Most modern data processing pipelines run on top of a distributed storage layer, and securing the whole system, and the storage layer in particular, against accidental or malicious misuse is crucial to ensuring compliance to rules and regulations. Enforcing data protection and privacy rules, however, stands at odds with the requirement to achieve higher and higher access bandwidths and processing rates in large data processing pipelines. In this work we describe our proposal for the path forward that reconciles the two goals. We call our approach "Software-Defined Data Protection" (SDP). Its premise is simple, yet powerful: decoupling often changing policies from request-level enforcement allows distributed smart storage nodes to implement the latter at line-rate. Existing and future data protection frameworks can be translated to the same hardware interface which allows storage nodes to offload enforcement efficiently both for company-specific rules and regulations, such as GDPR or CCPA. While SDP is a promising approach, there are several remaining challenges to making this vision reality. As we explain in the paper, overcoming these will require collaboration across several domains, including security, databases and specialized hardware design

A Portfolio View of a Microsoft Enterprise Architecture

An enterprise architecture (EA) establishes the organization-wide roadmap to achieve an organization’s mission through optimal performance of its core business processes within an efficient information technology (IT) environment. Simply stated, enterprise architectures are “blueprints” for systematically and completely defining an organization’s current (baseline) or desired (target) environment (Schekkerman, 2011). If defined, maintained, and implemented effectively, these blueprints assist in optimizing the interdependencies and interrelationships among the business operations of the enterprise and the underlying IT that support these operations. It has shown that without a complete and enforced EA (Strategic) Business Units, the enterprise run the risk of buying and building systems that are duplicative, incompatible, and unnecessarily costly to maintain and interface. While all the perspectives are key elements of the enterprise architecture, the focus of this project is scoped to three EA perspectives. The first two perspectives are EA’s application and technology architectures, their concepts and key patterns for construction of service oriented and message-based applications that exploit the emerging technology of asynchronous communication services. The third perspective covered is EA’s implementation perspective, which includes the design, development, setup, deployment, and administration of enterprise systems that enable enterprise architecture and modern agile software development and project management