Multi-tenant hybrid cloud architecture

This paper examines the challenges associated with the multi-tenant hybrid cloud architecture and describes how this architectural approach was applied in two software development projects. The motivation for using this architectural approach is to allow developing new features on top of monolithic legacy systems – that are still in production use – but without using legacy technologies. The architectural approach considers these legacy systems as master systems that can be extended with multi-tenant cloud-based add-on applications. In general, legacy systems are run in customer-operated environments, whereas add-on applications can be deployed to cloud platforms. It is thus imperative to have a means connectivity between these environments over the internet. The technology stack used within the scope of this thesis is limited to the offering of the .NET Core ecosystem and Microsoft Azure. In the first part of the thesis work, a literature review was carried out. The literature review focused on the challenges associated with the architectural approach, and as a result, a list of challenges was formed. This list was utilized in the software development projects of the second part of the thesis. It should be noted that there were very few high-quality papers available focusing exactly on the multi-tenant hybrid cloud architecture, so, in the end, source material for the review was searched separately for multi-tenant and for hybrid cloud design challenges. This factor is noted in the evaluation of the review. In the second part of the thesis work, the architectural approach was applied in two software development projects. Goals were set for the architectural approach: the add-on applications should be developed with modern technology stacks; their delivery should be automated; their subscription should be straightforward for customer organizations and they should leverage multi-tenant resource sharing. In the first project a data quality management tool was developed on top of a legacy dealership management system. Due to database connectivity challenges, confidentiality of customer data and authentication requirements, the implemented solution does not fully utilize the architectural approach, as having the add-on application hosted in the customer environment was the most reasonable solution. Despite this, the add-on application was developed with a modern technology stack and its delivery is automated. The subscription process does involve certain manual steps and, if the customer infrastructure changes over time, these steps must be repeated by the developers. This decreases the scalability of the overall delivery model. In the second project a PDA application was developed on top of a legacy vehicle maintenance tire hotel system. The final implementation fully utilizes the architectural approach. Support for multi-tenancy was implemented using ASP.NET Core Dependency Injection and Finbuckle.MultiTenancy-library. Azure Relay Hybrid Connection was used for hybrid cloud connectivity between the add-on application and the master system. The delivery model incorporates the same challenges regarding subscription and customer infrastructure changes as the delivery model of the data quality management tool. However, the manual steps associated with these challenges must be performed only once per customer – not once per customer per application. In addition, the delivery model could be improved to support customer self-service governance, enabling the delegation of any customer environment installations to the customers themselves. Even further, the customer environment installation could potentially cover an entire product family. As an example, instead of just providing access for the PDA application, the installation could provide access for all vehicle maintenance family add-on applications. This would make customer environment management easier and developing new add-on applications faster

SDSN@RT: a middleware environment for single-instance multi-tenant cloud applications

With the Single-Instance Multi-Tenancy (SIMT) model for composite Software-as-a-Service (SaaS) applications, a single composite application instance can host multiple tenants, yielding the benefits of better service and resource utilization, and reduced operational cost for the SaaS provider. An SIMT application needs to share services and their aggregation (the application) among its tenants while supporting variations in the functional and performance requirements of the tenants. The SaaS provider requires a middleware environment that can deploy, enact and manage a designed SIMT application, to achieve the varied requirements of the different tenants in a controlled manner. This paper presents the SDSN@RT (Software-Defined Service Networks @ RunTime) middleware environment that can meet the aforementioned requirements. SDSN@RT represents an SIMT composite cloud application as a multi-tenant service network, where the same service network simultaneously hosts a set of virtual service networks (VSNs), one for each tenant. A service network connects a set of services, and coordinates the interactions between them. A VSN realizes the requirements for a specific tenant and can be deployed, configured, and logically isolated in the service network at runtime. SDSN@RT also supports the monitoring and runtime changes of the deployed multi-tenant service networks. We show the feasibility of SDSN@RT with a prototype implementation, and demonstrate its capabilities to host SIMT applications and support their changes with a case study. The performance study of the prototype implementation shows that the runtime capabilities of our middleware incur little overhead

Exploring and categorizing maintainability assurance research for service and microservice-based systems

Im Laufe des Softwarelebenszyklus eines Programms innerhalb einer sich ständig wechselnden Softwareumgebung ist es wahrscheinlich, dass dieses Programm regelmäßig gewartet werden muss. Wartungen kosten Geld und somit ist es wichtig, dass ebensolche Wartungen effizient und effektiv durchgeführt werden können. Im Laufe der Geschichte der Softwareentwicklung traten unter anderem zwei Architekturmuster hervor: Serviceorientierte Architektur und Microservices. Da diese Architekturmuster ein hohes Maß an Wartbarkeit versprechen, wurden viele Altsysteme hin zu diesen modernen Architekturen migriert. Es kann fatale Folgen für Unternehmen haben, wenn Änderungen an einem System nicht schnell, risikofrei und fehlerfrei umgesetzt werden können. Es wurden bereits viele Forschungsarbeiten bezogen auf die Wartbarkeit von serviceorientierter Architektur publiziert. Systeme basierend auf Microservices fanden jedoch, bezogen auf Wartbarkeitssicherung, nicht viel Beachtung. Sämtliche Forschungsarbeiten befinden sich verteilt auf viele Literaturdatenbanken, wodurch ein umfassender Überblick erschwert wird. Um einen solchen Überblick bereitzustellen, führten wir im Rahmen dieser Bachelorarbeit eine systematische Literaturstudie durch, die sich mit der Wartbarkeitssicherung von serviceorienter Architektur und Systemen basierend auf Microservices beschäftigt. Zur Durchführung dieser systematischen Literaturstudie entwickelten wir eine Reihe von relevanten Forschungsfragen sowie ein striktes Forschungsprotokoll. Aufbauend auf diesem Protokoll sammelten wir insgesamt 223 Forschungsarbeiten von verschiedenen Herausgebern. Diese Arbeiten wurden bezüglich ihres Inhalts zuerst in drei Gruppen von Kategorien unterteilt (architektonisch, thematisch und methodisch). Danach wurden die jeweils relevantesten Forschungsrichtungen aus jeder thematischen Kategorie herausgearbeitet und vorgestellt. Zum Abschluss wurden deutliche Unterschiede der in den Forschungsarbeiten präsentierten Inhalte in Bezug auf serviceorientierte Architektur und Microservice-basierte Systeme herausgearbeitet und dargestellt. Unsere Ergebnisse zeigten eine deutliche Unterrepräsentation von Forschungsarbeiten zur Wartbarkeitssicherung für Microservice-basierte Systeme. Während der Untersuchung der Kategorien konnten wir diverse Forschungsrichtungen innerhalb dieser feststellen. Ein Beispiel hierfür ist die Forschungsrichtung "change impact in business processes" in der Kategorie "Change Impact and Scenarios". Abschließend konnten wir einige Unterschiede bezogen auf die gesammelten Forschungsarbeiten zwischen Systemen basierend auf einer serviceorientierten Architektur und Systemen basierend auf Microservices feststellen. Ein solcher Unterschied kann zum Beispiel in der Kategorie "Antipatterns and Bad Smells" gefunden werden. Im Vergleich zu Forschungsarbeiten, welche sich auf serviceorientierte Architektur beziehen, beinhalten Forschungsarbeiten im Zusammenhang mit Systemen auf Basis von Microservices nur grundlegende Informationen zu Antipatterns, jedoch keine Herangehensweisen, um diese zu erkennen. Aufgrund unserer Ergebnisse schlagen wir einen stärkeren Fokus auf Forschung zur Wartbarkeitssicherung in Microservice-basierten Systemen vor. Mögliche zukünftige Forschungsarbeiten könnten überprüfen, ob Herangehensweisen zur Wartbarkeitssicherung von serviceorientierter Architektur auch bei Microservices anwendbar sind. Darüber hinaus schlagen wir die Durchführung von systematischen Literaturstudien vor, welche Themen wie "runtime adaptation", "testing" und "legacy migration" untersuchen, da diese Themen in unserer Literaturstudie ausgeschlossen wurden.It is very likely that software running in an everchanging environment needs to evolve at multiple points during its lifecycle. Because maintenance costs money, it is important for such tasks to be as effective and efficient as possible. During the history of software development service- and microservice-based architectures have emerged among other architectures. Since these architectures promise to provide a high maintainability, many legacy systems are or were migrated towards a service- or microservice-based architecture. In order to keep such systems running, maintenance is inevitable. While a lot of research has been published regarding maintainability assurance for service-based systems, microservice-based systems have not gotten a lot of attention. All published research is spread across several scientific databases which makes it difficult to get an extensive overview of existing work. In order to provide such overview of maintainability assurance regarding service- and microservice-based systems, we conducted a systematic literature review. To support our literature review, we developed a set of meaningful research questions and a rigid research protocol. Based on our protocol we collected a set of 223 different papers. These papers were first categorized into a threefold set of categories (architectural, thematical and methodical). After that, the most relevant research directions from each thematical category were extracted and presented. Lastly, we extracted and presented notable differences between approaches relating to service-oriented architecture or microservice-based systems. Our findings show a clear underrepresentation of maintainability assurance approaches suitable for microservice-based systems. We further discovered that regarding our formed categories, we could find several research directions such as change impact in business processes in "Change Impact and Scenarios". In the end, we could identify some differences between service- and microservice-based systems concerning approaches we retrieved in this thesis. A difference, for example was that in comparison with papers related to service-oriented architecture in "Antipatterns and Bad Smells", microservices related papers only contained basic information on antipatterns, but no approaches to detect them. Due to our findings we suggest a higher participation in research regarding maintainability assurance for microservice-based systems. Possible future work in this area could include further research on the applicability of service-oriented maintainability assurance approaches or techniques in microservice-based systems. Furthermore, future researchers could conduct follow-up literature reviews and investigate topics such as runtime adaptation, testing and legacy migration, since we excluded such topics from this thesis

Identifying Requirements in Microservice Architectural Systems

Microservices and microservice architecture has grown popularity and interest steadily since 2014 but many challenges are still faced in a software project when trying to adopt the concept. This work gathers challenges, possible solutions, and requirements related to the use of microservice architecture and therefore support the work of different stakeholders in a software project using microservice architecture, while also providing more information to the research as well. The study was conducted using systematic literature review (SLR). Overall, 63 scientific publications from four different scientific databases were selected and analysed. As a result, rapid evolution, life cycle management, complexity, performance, and a large number of integrations were identified as the most common challenges of microservice architecture. Solutions such as service orchestration, fog computing, decentralized data, and use of patterns were proposed to tackle these challenges. Regarding requirements, scalability, efficiency, flexibility, loose coupling, performance, and security appeared most frequently in the literature. The key finding of this work was the importance of data. How data acts as a base for functionalities and when inaccurate can cause complex challenges and make functionalities worthless. Based on this, we have a better understanding on what challenges may occur and what to focus on while working with microservice architecture in software development

Cloud-computing strategies for sustainable ICT utilization : a decision-making framework for non-expert Smart Building managers

Virtualization of processing power, storage, and networking applications via cloud-computing allows Smart Buildings to operate heavy demand computing resources off-premises. While this approach reduces in-house costs and energy use, recent case-studies have highlighted complexities in decision-making processes associated with implementing the concept of cloud-computing. This complexity is due to the rapid evolution of these technologies without standardization of approach by those organizations offering cloud-computing provision as a commercial concern. This study defines the term Smart Building as an ICT environment where a degree of system integration is accomplished. Non-expert managers are highlighted as key users of the outcomes from this project given the diverse nature of Smart Buildings’ operational objectives. This research evaluates different ICT management methods to effectively support decisions made by non-expert clients to deploy different models of cloud-computing services in their Smart Buildings ICT environments. The objective of this study is to reduce the need for costly 3rd party ICT consultancy providers, so non-experts can focus more on their Smart Buildings’ core competencies rather than the complex, expensive, and energy consuming processes of ICT management. The gap identified by this research represents vulnerability for non-expert managers to make effective decisions regarding cloud-computing cost estimation, deployment assessment, associated power consumption, and management flexibility in their Smart Buildings ICT environments. The project analyses cloud-computing decision-making concepts with reference to different Smart Building ICT attributes. In particular, it focuses on a structured programme of data collection which is achieved through semi-structured interviews, cost simulations and risk-analysis surveys. The main output is a theoretical management framework for non-expert decision-makers across variously-operated Smart Buildings. Furthermore, a decision-support tool is designed to enable non-expert managers to identify the extent of virtualization potential by evaluating different implementation options. This is presented to correlate with contract limitations, security challenges, system integration levels, sustainability, and long-term costs. These requirements are explored in contrast to cloud demand changes observed across specified periods. Dependencies were identified to greatly vary depending on numerous organizational aspects such as performance, size, and workload. The study argues that constructing long-term, sustainable, and cost-efficient strategies for any cloud deployment, depends on the thorough identification of required services off and on-premises. It points out that most of today’s heavy-burdened Smart Buildings are outsourcing these services to costly independent suppliers, which causes unnecessary management complexities, additional cost, and system incompatibility. The main conclusions argue that cloud-computing cost can differ depending on the Smart Building attributes and ICT requirements, and although in most cases cloud services are more convenient and cost effective at the early stages of the deployment and migration process, it can become costly in the future if not planned carefully using cost estimation service patterns. The results of the study can be exploited to enhance core competencies within Smart Buildings in order to maximize growth and attract new business opportunities

Security Audit Compliance for Cloud Computing

Cloud computing has grown largely over the past three years and is widely popular amongst today's IT landscape. In a comparative study between 250 IT decision makers of UK companies they said, that they already use cloud services for 61% of their systems. Cloud vendors promise "infinite scalability and resources" combined with on-demand access from everywhere. This lets cloud users quickly forget, that there is still a real IT infrastructure behind a cloud. Due to virtualization and multi-tenancy the complexity of these infrastructures is even increased compared to traditional data centers, while it is hidden from the user and outside of his control. This makes management of service provisioning, monitoring, backup, disaster recovery and especially security more complicated. Due to this, and a number of severe security incidents at commercial providers in recent years there is a growing lack of trust in cloud infrastructures. This thesis presents research on cloud security challenges and how they can be addressed by cloud security audits. Security requirements of an Infrastructure as a Service (IaaS) cloud are identified and it is shown how they differ from traditional data centres. To address cloud specific security challenges, a new cloud audit criteria catalogue is developed. Subsequently, a novel cloud security audit system gets developed, which provides a flexible audit architecture for frequently changing cloud infrastructures. It is based on lightweight software agents, which monitor key events in a cloud and trigger specific targeted security audits on demand - on a customer and a cloud provider perspective. To enable these concurrent cloud audits, a Cloud Audit Policy Language is developed and integrated into the audit architecture. Furthermore, to address advanced cloud specific security challenges, an anomaly detection system based on machine learning technology is developed. By creating cloud usage profiles, a continuous evaluation of events - customer specific as well as customer overspanning - helps to detect anomalies within an IaaS cloud. The feasibility of the research is presented as a prototype and its functionality is presented in three demonstrations. Results prove, that the developed cloud audit architecture is able to mitigate cloud specific security challenges

Gerenciamento de nuvem computacional usando critérios de segurança

Orientador: Paulo Lício de GeusTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: A nuvem computacional introduziu novas tecnologias e arquiteturas, mudando a computação empresarial. Atualmente, um grande número de organizações optam por utilizar arquiteturas computacionais tradicionais por considerarem esta tecnologia não confiável, devido a problemas não resolvidos relacionados a segurança e privacidade. Em particular, quanto á contratação de um serviço na nuvem, um aspecto importante é a forma como as políticas de segurança serão aplicadas neste ambiente caracterizado pela virtualização e serviços em grande escala de multi-locação. Métricas de segurança podem ser vistas como ferramentas para fornecer informações sobre o estado do ambiente. Com o objetivo de melhorar a segurança na nuvem computacional, este trabalho apresenta uma metodologia para a gestão da nuvem computacional usando a segurança como um critério, através de uma arquitetura para monitoramento da segurança com base em acordos de níveis de serviço de segurança Security-SLA para serviços de IaaS, PaaS e SaaS, que usa métricas de segurançaAbstract: Cloud Computing has introduced new technology and architectures that changed enterprise computing. Currently, there is a large number of organizations that choose to stick to traditional architectures, since this technology is considered unreliable due to yet unsolved problems related to security and privacy. In particular, when hiring a service in the cloud, an important aspect is how security policies will be applied in this environment characterized by both virtualization and large-scale multi-tenancy service. Security metrics can be seen as tools to provide information about the status of the environment. Aimed at improving security in the Cloud Computing, this work presents a methodology for Cloud Computing management using security as a criterion, across an architecture for security monitoring based on Security-SLA for IaaS, PaaS and SaaS services using security metricsDoutoradoCiência da ComputaçãoDoutor em Ciência da Computação23/200.308/2009FUNDEC