Dynamic collaboration and secure access of services in multi-cloud environments

The cloud computing services have gained popularity in both public and enterprise domains and they process a large amount of user data with varying privacy levels. The increasing demand for cloud services including storage and computation requires new functional elements and provisioning schemes to meet user requirements. Multi-clouds can optimise the user requirements by allowing them to choose best services from a large number of services offered by various cloud providers as they are massively scalable, can be dynamically configured, and delivered on demand with large-scale infrastructure resources. A major concern related to multi-cloud adoption is the lack of models for them and their associated security issues which become more unpredictable in a multi-cloud environment. Moreover, in order to trust the services in a foreign cloud users depend on their assurances given by the cloud provider but cloud providers give very limited evidence or accountability to users which offers them the ability to hide some behaviour of the service. In this thesis, we propose a model for multi-cloud collaboration that can securely establish dynamic collaboration between heterogeneous clouds using the cloud on-demand model in a secure way. Initially, threat modelling for cloud services has been done that leads to the identification of various threats to service interfaces along with the possible attackers and the mechanisms to exploit those threats. Based on these threats the cloud provider can apply suitable mechanisms to protect services and user data from these threats. In the next phase, we present a lightweight and novel authentication mechanism which provides a single sign-on (SSO) to users for authentication at runtime between multi-clouds before granting them service access and it is formally verified. Next, we provide a service scheduling mechanism to select the best services from multiple cloud providers that closely match user quality of service requirements (QoS). The scheduling mechanism achieves high accuracy by providing distance correlation weighting mechanism among a large number of services QoS parameters. In the next stage, novel service level agreement (SLA) management mechanisms are proposed to ensure secure service execution in the foreign cloud. The usage of SLA mechanisms ensures that user QoS parameters including the functional (CPU, RAM, memory etc.) and non-functional requirements (bandwidth, latency, availability, reliability etc.) of users for a particular service are negotiated before secure collaboration between multi-clouds is setup. The multi-cloud handling user requests will be responsible to enforce mechanisms that fulfil the QoS requirements agreed in the SLA. While the monitoring phase in SLA involves monitoring the service execution in the foreign cloud to check its compliance with the SLA and report it back to the user. Finally, we present the use cases of applying the proposed model in scenarios such as Internet of Things (IoT) and E-Healthcare in multi-clouds. Moreover, the designed protocols are empirically implemented on two different clouds including OpenStack and Amazon AWS. Experiments indicate that the proposed model is scalable, authentication protocols result only in a limited overhead compared to standard authentication protocols, service scheduling achieves high efficiency and any SLA violations by a cloud provider can be recorded and reported back to the user.My research for first 3 years of PhD was funded by the College of Engineering and Technology

Data-Driven Methods for Data Center Operations Support

During the last decade, cloud technologies have been evolving at an impressive pace, such that we are now living in a cloud-native era where developers can leverage on an unprecedented landscape of (possibly managed) services for orchestration, compute, storage, load-balancing, monitoring, etc. The possibility to have on-demand access to a diverse set of configurable virtualized resources allows for building more elastic, flexible and highly-resilient distributed applications. Behind the scenes, cloud providers sustain the heavy burden of maintaining the underlying infrastructures, consisting in large-scale distributed systems, partitioned and replicated among many geographically dislocated data centers to guarantee scalability, robustness to failures, high availability and low latency. The larger the scale, the more cloud providers have to deal with complex interactions among the various components, such that monitoring, diagnosing and troubleshooting issues become incredibly daunting tasks. To keep up with these challenges, development and operations practices have undergone significant transformations, especially in terms of improving the automations that make releasing new software, and responding to unforeseen issues, faster and sustainable at scale. The resulting paradigm is nowadays referred to as DevOps. However, while such automations can be very sophisticated, traditional DevOps practices fundamentally rely on reactive mechanisms, that typically require careful manual tuning and supervision from human experts. To minimize the risk of outages—and the related costs—it is crucial to provide DevOps teams with suitable tools that can enable a proactive approach to data center operations. This work presents a comprehensive data-driven framework to address the most relevant problems that can be experienced in large-scale distributed cloud infrastructures. These environments are indeed characterized by a very large availability of diverse data, collected at each level of the stack, such as: time-series (e.g., physical host measurements, virtual machine or container metrics, networking components logs, application KPIs); graphs (e.g., network topologies, fault graphs reporting dependencies among hardware and software components, performance issues propagation networks); and text (e.g., source code, system logs, version control system history, code review feedbacks). Such data are also typically updated with relatively high frequency, and subject to distribution drifts caused by continuous configuration changes to the underlying infrastructure. In such a highly dynamic scenario, traditional model-driven approaches alone may be inadequate at capturing the complexity of the interactions among system components. DevOps teams would certainly benefit from having robust data-driven methods to support their decisions based on historical information. For instance, effective anomaly detection capabilities may also help in conducting more precise and efficient root-cause analysis. Also, leveraging on accurate forecasting and intelligent control strategies would improve resource management. Given their ability to deal with high-dimensional, complex data, Deep Learning-based methods are the most straightforward option for the realization of the aforementioned support tools. On the other hand, because of their complexity, this kind of models often requires huge processing power, and suitable hardware, to be operated effectively at scale. These aspects must be carefully addressed when applying such methods in the context of data center operations. Automated operations approaches must be dependable and cost-efficient, not to degrade the services they are built to improve. i

Optimized Error Detection in Cloud User for Networking Services

Big sensor data is prevalent in both industry and scientific research applications where the data is generated with high volume and velocity it is difficult to process using on-hand database management tools or traditional data processing applications. Cloud computing provides a promising platform to support the addressing of this challenge as it provides a flexible stack of massive computing, storage, and software services in a scalable manner at low cost. Some techniques have been developed in recent years for processing sensor data on cloud, such as sensor-cloud. However, these techniques do not provide efficient support on fast detection and locating of errors in big sensor data sets. For fast data error detection in big sensor data sets, in this paper, we develop a novel data error detection approach which exploits the full computation potential of cloud platform and the network feature of WSN

Controlo de infrastrutura de rede para campus virtuais

Mestrado em Engenharia de Computadores e TelemáticaThis dissertation provides a way to merge Cloud Computing infrastructures with traditional or legacy network deployments, leveraging the best in both worlds and enabling a logically centralized control for it. A design/architecture is proposed to extend existing Cloud Computing software stacks so they are able to manage networks outside the Cloud Computing infrastructure, by extending the internal, virtualized network segments. This is useful in a variety of use cases such as incremental Legacy to Cloud network migration, hybrid virtual/ traditional networking, centralized control of existing networks, bare metal provisioning and even offloading of advanced services from typical home gateways into the operator, improving control and reducing maintenance costs. An implementation is presented and tested on top of OpenStack, the principal Open-Source Cloud Computing software stack available. It includes changes to the API, command line interface and existing mechanisms which previously only supported homogeneous vendor equipment, such that they support any hardware and be able to automate their provisioning. By using what is called External Drivers, any organization (an hardware vendor, a Cloud provider or even a telecommunications operator) can develop their own driver to support new, specific networking equipment. Besides this ease of development and extensibility, two drivers are already developed in the context of this work: one for OpenWrt switches/routers and one for Cisco EtherSwitch IOS switching modules. Test results indicate that there are low penalties on latency and throughput, and that provisioning times (for setting up or tearing down networks) are reduced in comparison with similar maintenance operations on traditional computer networks.Esta dissertação apresenta uma forma de juntar infrastruturas Cloud Computing com redes tradicionais ou legadas, trazendo o melhor de ambos os mundos e possibilitando um controlo logicamente centralizado. Uma arquitetura é proposta com o intuito de extender implementações de Cloud Computing para que possam gerir também redes fora da infrastrutura de Cloud Computing, extendendo os segmentos de rede internos, virtualizados. Isto é útil para um variado conjunto de casos de uso, tais como migração incremental de redes legadas para a Cloud, redes híbridas virtuais/tradicionais, controlo centralizado de redes já existentes, aprovisionamento de bare metal e até mesmo a passagem de serviços tipicamente fornecidos por um home gateway para o lado do operador, melhorando o controlo e reduzindo custos de manutenção. Uma implementação da solução é apresentada e testada em cima do OpenStack, a principal solução Open-Source de Cloud Computing disponível. A implementação inclui alterações à API, à interface de linha de comandos e aos mecanismos já existentes, que apenas suportam implementações homogéneas, para que possam suportar qualquer equipamento e automatizar o aprovisionamento dos mesmos. Através daquilo que se chamam drivers externos, qualquer organização (seja um fabricante de equipamentos de rede, um fornecedor de Cloud ou uma operadora de telecomunicações) pode desenvolver o seu próprio drivers para suportar novos, específicos equipamentos de hardware. Para além da facilidade de desenvolvimento e extensibilidade, dois drivers são também fruto deste trabalho: um para switches/routers OpenWrt e outro para os módulos de switching Cisco EtherSwitch, sistema operativo IOS. Testes efetuados indicam que há baixas penalizações na latência e largura de banda, e ainda que os tempos de aprovisionamento são reduzidos em comparação com semelhantes operações de manutenção em redes informáticas tradicionais

Gestão e engenharia de CAP na nuvem híbrida

Doutoramento em InformáticaThe evolution and maturation of Cloud Computing created an opportunity for the emergence of new Cloud applications. High-performance Computing, a complex problem solving class, arises as a new business consumer by taking advantage of the Cloud premises and leaving the expensive datacenter management and difficult grid development. Standing on an advanced maturing phase, today’s Cloud discarded many of its drawbacks, becoming more and more efficient and widespread. Performance enhancements, prices drops due to massification and customizable services on demand triggered an emphasized attention from other markets. HPC, regardless of being a very well established field, traditionally has a narrow frontier concerning its deployment and runs on dedicated datacenters or large grid computing. The problem with common placement is mainly the initial cost and the inability to fully use resources which not all research labs can afford. The main objective of this work was to investigate new technical solutions to allow the deployment of HPC applications on the Cloud, with particular emphasis on the private on-premise resources – the lower end of the chain which reduces costs. The work includes many experiments and analysis to identify obstacles and technology limitations. The feasibility of the objective was tested with new modeling, architecture and several applications migration. The final application integrates a simplified incorporation of both public and private Cloud resources, as well as HPC applications scheduling, deployment and management. It uses a well-defined user role strategy, based on federated authentication and a seamless procedure to daily usage with balanced low cost and performance.O desenvolvimento e maturação da Computação em Nuvem abriu a janela de oportunidade para o surgimento de novas aplicações na Nuvem. A Computação de Alta Performance, uma classe dedicada à resolução de problemas complexos, surge como um novo consumidor no Mercado ao aproveitar as vantagens inerentes à Nuvem e deixando o dispendioso centro de computação tradicional e o difícil desenvolvimento em grelha. Situando-se num avançado estado de maturação, a Nuvem de hoje deixou para trás muitas das suas limitações, tornando-se cada vez mais eficiente e disseminada. Melhoramentos de performance, baixa de preços devido à massificação e serviços personalizados a pedido despoletaram uma atenção inusitada de outros mercados. A CAP, independentemente de ser uma área extremamente bem estabelecida, tradicionalmente tem uma fronteira estreita em relação à sua implementação. É executada em centros de computação dedicados ou computação em grelha de larga escala. O maior problema com o tipo de instalação habitual é o custo inicial e o não aproveitamento dos recursos a tempo inteiro, fator que nem todos os laboratórios de investigação conseguem suportar. O objetivo principal deste trabalho foi investigar novas soluções técnicas para permitir o lançamento de aplicações CAP na Nuvem, com particular ênfase nos recursos privados existentes, a parte peculiar e final da cadeia onde se pode reduzir custos. O trabalho inclui várias experiências e análises para identificar obstáculos e limitações tecnológicas. A viabilidade e praticabilidade do objetivo foi testada com inovação em modelos, arquitetura e migração de várias aplicações. A aplicação final integra uma agregação de recursos de Nuvens, públicas e privadas, assim como escalonamento, lançamento e gestão de aplicações CAP. É usada uma estratégia de perfil de utilizador baseada em autenticação federada, assim como procedimentos transparentes para a utilização diária com um equilibrado custo e performance

View on 5G Architecture: Version 1.0

The current white paper focuses on the produced results after one year research mainly from 16 projects working on the abovementioned domains. During several months, representatives from these projects have worked together to identify the key findings of their projects and capture the commonalities and also the different approaches and trends. Also they have worked to determine the challenges that remain to be overcome so as to meet the 5G requirements. The goal of 5G Architecture Working Group is to use the results captured in this white paper to assist the participating projects achieve a common reference framework. The work of this working group will continue during the following year so as to capture the latest results to be produced by the projects and further elaborate this reference framework. The 5G networks will be built around people and things and will natively meet the requirements of three groups of use cases: • Massive broadband (xMBB) that delivers gigabytes of bandwidth on demand • Massive machine-type communication (mMTC) that connects billions of sensors and machines • Critical machine-type communication (uMTC) that allows immediate feedback with high reliability and enables for example remote control over robots and autonomous driving. The demand for mobile broadband will continue to increase in the next years, largely driven by the need to deliver ultra-high definition video. However, 5G networks will also be the platform enabling growth in many industries, ranging from the IT industry to the automotive, manufacturing industries entertainment, etc. 5G will enable new applications like for example autonomous driving, remote control of robots and tactile applications, but these also bring a lot of challenges to the network. Some of these are related to provide low latency in the order of few milliseconds and high reliability compared to fixed lines. But the biggest challenge for 5G networks will be that the services to cater for a diverse set of services and their requirements. To achieve this, the goal for 5G networks will be to improve the flexibility in the architecture. The white paper is organized as follows. In section 2 we discuss the key business and technical requirements that drive the evolution of 4G networks into the 5G. In section 3 we provide the key points of the overall 5G architecture where as in section 4 we elaborate on the functional architecture. Different issues related to the physical deployment in the access, metro and core networks of the 5G network are discussed in section 5 while in section 6 we present software network enablers that are expected to play a significant role in the future networks. Section 7 presents potential impacts on standardization and section 8 concludes the white paper

Edge and Big Data technologies for Industry 4.0 to create an integrated pre-sale and after-sale environment

The fourth industrial revolution, also known as Industry 4.0, has rapidly gained traction in businesses across Europe and the world, becoming a central theme in small, medium, and large enterprises alike. This new paradigm shifts the focus from locally-based and barely automated firms to a globally interconnected industrial sector, stimulating economic growth and productivity, and supporting the upskilling and reskilling of employees. However, despite the maturity and scalability of information and cloud technologies, the support systems already present in the machine field are often outdated and lack the necessary security, access control, and advanced communication capabilities. This dissertation proposes architectures and technologies designed to bridge the gap between Operational and Information Technology, in a manner that is non-disruptive, efficient, and scalable. The proposal presents cloud-enabled data-gathering architectures that make use of the newest IT and networking technologies to achieve the desired quality of service and non-functional properties. By harnessing industrial and business data, processes can be optimized even before product sale, while the integrated environment enhances data exchange for post-sale support. The architectures have been tested and have shown encouraging performance results, providing a promising solution for companies looking to embrace Industry 4.0, enhance their operational capabilities, and prepare themselves for the upcoming fifth human-centric revolution

Enabling Scalable and Sustainable Softwarized 5G Environments

The fifth generation of telecommunication systems (5G) is foreseen to play a fundamental role in our socio-economic growth by supporting various and radically new vertical applications (such as Industry 4.0, eHealth, Smart Cities/Electrical Grids, to name a few), as a one-fits-all technology that is enabled by emerging softwarization solutions \u2013 specifically, the Fog, Multi-access Edge Computing (MEC), Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) paradigms. Notwithstanding the notable potential of the aforementioned technologies, a number of open issues still need to be addressed to ensure their complete rollout. This thesis is particularly developed towards addressing the scalability and sustainability issues in softwarized 5G environments through contributions in three research axes: a) Infrastructure Modeling and Analytics, b) Network Slicing and Mobility Management, and c) Network/Services Management and Control. The main contributions include a model-based analytics approach for real-time workload profiling and estimation of network key performance indicators (KPIs) in NFV infrastructures (NFVIs), as well as a SDN-based multi-clustering approach to scale geo-distributed virtual tenant networks (VTNs) and to support seamless user/service mobility; building on these, solutions to the problems of resource consolidation, service migration, and load balancing are also developed in the context of 5G. All in all, this generally entails the adoption of Stochastic Models, Mathematical Programming, Queueing Theory, Graph Theory and Team Theory principles, in the context of Green Networking, NFV and SDN