577 research outputs found
Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study
Cloud computing has emerged as a popular paradigm and an attractive model for
providing a reliable distributed computing model.it is increasing attracting
huge attention both in academic research and industrial initiatives. Cloud
deployments are paramount for institution and organizations of all scales. The
availability of a flexible, free open source cloud platform designed with no
propriety software and the ability of its integration with legacy systems and
third-party applications are fundamental. Open stack is a free and opensource
software released under the terms of Apache license with a fragmented and
distributed architecture making it highly flexible. This project was initiated
and aimed at designing a secured cloud infrastructure called BradStack, which
is built on OpenStack in the Computing Laboratory at the University of
Bradford. In this report, we present and discuss the steps required in
deploying a secured BradStack Multi-node cloud infrastructure and conducting
Penetration testing on OpenStack Services to validate the effectiveness of the
security controls on the BradStack platform. This report serves as a practical
guideline, focusing on security and practical infrastructure related issues. It
also serves as a reference for institutions looking at the possibilities of
implementing a secured cloud solution.Comment: 38 pages, 19 figures
Container-based network function virtualization for software-defined networks
Today's enterprise networks almost ubiquitously deploy middlebox services to improve in-network security and performance. Although virtualization of middleboxes attracts a significant attention, studies show that such implementations are still proprietary and deployed in a static manner at the boundaries of organisations, hindering open innovation. In this paper, we present an open framework to create, deploy and manage virtual network functions (NF)s in OpenFlow-enabled networks. We exploit container-based NFs to achieve low performance overhead, fast deployment and high reusability missing from today's NFV deployments. Through an SDN northbound API, NFs can be instantiated, traffic can be steered through the desired policy chain and applications can raise notifications. We demonstrate the systems operation through the development of exemplar NFs from common Operating System utility binaries, and we show that container-based NFV improves function instantiation time by up to 68% over existing hypervisor-based alternatives, and scales to one hundred co-located NFs while incurring sub-millisecond latency
Exploring live cloud migration on amazon EC2
Cloud users may decide to live migrate their virtual machines from a public cloud provider to another due to a lower cost or ceasing operations. Currently, it is not possible to install a second virtualization platform on public cloud infrastructure (IaaS) because nested virtualization and hardwareassisted virtualization are disabled by default. As a result, cloud users' VMs are tightly coupled to providers IaaS hindering live migration of VMs to different providers. This paper introduces LivCloud, a solution to live cloud migration. LivCloud is designed based on well-established criteria to live migrate VMs across various cloud IaaS with minimal interruption to the services hosted on these VMs. The paper discusses the basic design of LivCloud which consists of a Virtual Machine manager and IPsec VPN tunnel introduced for the first time within this environment. It is also the first time that the migrated VM architecture (64-bit & 32-bit) is taken into consideration. In this study, we evaluate the implementation of the basic design of LivCloud on Amazon EC2 C4 instance. This instance has a compute optimized instance and has high performance processors. In particular we explore three developed options. Theses options are being tested for the first time on EC2 to change the value of the EC2 instance's control registers. Changing the values of the registers will significantly help enable nested virtualization on Amazon EC2
LibrettOS: A Dynamically Adaptable Multiserver-Library OS
We present LibrettOS, an OS design that fuses two paradigms to simultaneously
address issues of isolation, performance, compatibility, failure
recoverability, and run-time upgrades. LibrettOS acts as a microkernel OS that
runs servers in an isolated manner. LibrettOS can also act as a library OS
when, for better performance, selected applications are granted exclusive
access to virtual hardware resources such as storage and networking.
Furthermore, applications can switch between the two OS modes with no
interruption at run-time. LibrettOS has a uniquely distinguishing advantage in
that, the two paradigms seamlessly coexist in the same OS, enabling users to
simultaneously exploit their respective strengths (i.e., greater isolation,
high performance). Systems code, such as device drivers, network stacks, and
file systems remain identical in the two modes, enabling dynamic mode switching
and reducing development and maintenance costs.
To illustrate these design principles, we implemented a prototype of
LibrettOS using rump kernels, allowing us to reuse existent, hardened NetBSD
device drivers and a large ecosystem of POSIX/BSD-compatible applications. We
use hardware (VM) virtualization to strongly isolate different rump kernel
instances from each other. Because the original rumprun unikernel targeted a
much simpler model for uniprocessor systems, we redesigned it to support
multicore systems. Unlike kernel-bypass libraries such as DPDK, applications
need not be modified to benefit from direct hardware access. LibrettOS also
supports indirect access through a network server that we have developed.
Applications remain uninterrupted even when network components fail or need to
be upgraded. Finally, to efficiently use hardware resources, applications can
dynamically switch between the indirect and direct modes based on their I/O
load at run-time.
[full abstract is in the paper]Comment: 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution
Environments (VEE '20), March 17, 2020, Lausanne, Switzerlan
- …