Monitoring and Failure Recovery of Cloud-Managed Digital Signage

Digitaal signage kasutatakse laialdaselt erinevates valdkondades, nagu näiteks transpordisüsteemid, turustusvõimalused, meelelahutus ja teised, et kuvada teavet piltide, videote ja teksti kujul. Nende ressursside usaldusväärsus, vajalike teenuste kättesaadavus ja turvameetmed on selliste süsteemide vastuvõtmisel võtmeroll. Digitaalse märgistussüsteemi tõhus haldamine on teenusepakkujatele keeruline ülesanne. Selle süsteemi rikkeid võib põhjustada mitmeid põhjuseid, nagu näiteks vigased kuvarid, võrgu-, riist- või tarkvaraprobleemid, mis on üsna korduvad. Traditsiooniline protsess sellistest ebaõnnestumistest taastumisel hõlmab sageli tüütuid ja tülikaid diagnoose. Paljudel juhtudel peavad tehnikud kohale füüsiliselt külastama, suurendades seeläbi hoolduskulusid ja taastumisaega.Selles väites pakume lahendust, mis jälgib, diagnoosib ja taandub tuntud tõrgetest, ühendades kuvarid pilvega. Pilvepõhine kaug- ja autonoomne server konfigureerib kaugseadete sisu ja uuendab neid dünaamiliselt. Iga kuva jälgib jooksvat protsessi ja saadab trace’i, logib süstemisse perioodiliselt. Negatiivide puhul analüüsitakse neid serverisse salvestatud logisid, mis optimaalselt kasutavad kohandatud logijuhtimismoodulit. Lisaks näitavad ekraanid ebaõnnestumistega toimetulemiseks enesetäitmise protseduure, kui nad ei suuda pilvega ühendust luua. Kavandatud lahendus viiakse läbi Linuxi süsteemis ja seda hinnatakse serveri kasutuselevõtuga Amazon Web Service (AWS) pilves. Peamisteks tulemusteks on meetodite kogum, mis võimaldavad kaugjuhtimisega kuvariprobleemide lahendamist.Digital signage is widely used in various fields such as transport systems, trading outlets, entertainment, and others, to display information in the form of images, videos, and text. The reliability of these resources, availability of required services and security measures play a key role in the adoption of such systems. Efficient management of the digital signage system is a challenging task to the service providers. There could be many reasons that lead to the malfunctioning of this system such as faulty displays, network, hardware or software failures that are quite repetitive. The traditional process of recovering from such failures often involves tedious and cumbersome diagnosis. In many cases, technicians need to physically visit the site, thereby increasing the maintenance costs and the recovery time. In this thesis, we propose a solution that monitors, diagnoses and recovers from known failures by connecting the displays to a cloud. A cloud-based remote and autonomous server configures the content of remote displays and updates them dynamically. Each display tracks the running process and sends the trace and system logs to the server periodically. These logs, stored at the server optimally using a customized log management module, are analysed for failures. In addition, the displays incorporate self-recovery procedures to deal with failures, when they are unable to create connection to the cloud. The proposed solution is implemented on a Linux system and evaluated by deploying the server on the Amazon Web Service (AWS) cloud. The main result of the thesis is a collection of techniques for resolving the display system failures remotely

Building and Protecting vSphere Data Centers Using Site Recovery Manager (SRM)

With the evolution of cloud computing technology, companies like Amazon, Microsoft, Google, Softlayer, and Rackspace have started providing Infrastructure as a Service, Software as a Service, and Platform as a Service offering to their customers. For these companies, providing a high degree of availability is as important as providing an overall great hosting service. Disaster is always being unpredictable, the destruction caused by it is always worse than expected. Sometimes it ends up with the loose of information, data and records. Disaster can also make services inaccessible for very long time if disaster recovery was not planned properly. This paper focuses on protecting a vSphere virtual datacenter using Site Recovery Manager (SRM). A study says 23% of companies close within one year after the disaster struck. This paper also discusses on how SRM can be a cost effective disaster recovery solution compared to all the recovery solutions available. It will also cover Recovery Point Objective and Recovery Time Objective. The SRM works on two different replication methodologies that is vSphere replication and Array based replications. These technologies used by Site Recovery Manager to protect Tier-1, 2, and 3 applications. The recent study explains that Traditional DR solutions often fail to meet business requirements because they are too expensive, complex and unreliable. Organizations using Site Recovery Manager ensure highly predictable RTOs at a much lower cost and level of complexity. Lower cost for DR. Site Recovery Manager can reduce the operating overhead by 50% by replacing complex manual run books with simple, automated recovery plans that can be tested without disruption. For organizations with an RPO of 15 minutes or higher, vSphere Replication can eliminate up to $10,000 per TB of protected data with storage-based technologies. The combined solution can save over USD$1,100 per protected virtual machine per year. These calculations were validated by a third-party global research firm. Integration with Virtual SAN reduces the DR footprint through hyper-converged, software-defined storage that runs on any standard x86 platform. Virtual SAN can decrease the total cost of ownership for recovery storage by 50 percent

KASLR-MT: kernel address space layout randomization for multi-tenant cloud systems

[EN] Cloud computing has completely changed our lives. This technology dramatically impacted on how we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. To provide a secure cloud computing architecture, the highest possible level of protection must be applied. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain a better performance and resources exploitation. Kernel ASLR (KASLR) is a widely adopted protection technique present in all modern operating systems. KASLR is a very effective technique that thwarts unknown attacks but unfortunately its randomness have a significant impact on memory deduplication savings. Both techniques are very desired by the industry, the first one because of the high level of security that it provides and the latter to obtain better performance and resources exploitation. In this paper, we propose KASLR-MT, a new Linux kernel randomization approach compatible with memory deduplication. We identify why the most widely and effective technique used to mitigate attacks at kernel level, KASLR, fails to provide protection and shareability at the same time. We analyze the current Linux kernel randomization and how it affects to the shared memory of each kernel region. Then, based on the analysis, we propose KASLR-MT, the first effective and practical Kernel ASLR memory protection that maximizes the memory deduplication savings rate while providing a strong security. Our tests reveal that KASLR-MT is not intrusive, very scalable and provides strong protection without sacrificing the shareability. (C) 2019 Elsevier Inc. All rights reserved.Vañó-García, F.; Marco-Gisbert, H. (2020). KASLR-MT: kernel address space layout randomization for multi-tenant cloud systems. Journal of Parallel and Distributed Computing. 137:77-90. https://doi.org/10.1016/j.jpdc.2019.11.008S779013

Towards UAV-based MEC service chain resilience evaluation: a quantitative modeling approach

Unmanned aerial vehicle (UAV) and network function virtualization (NFV) facilitate the deployment of multi-access edge computing (MEC). In the UAV-based MEC (UMEC) network, virtualized network function (VNF) can be implemented as a lightweight container running on UMEC host operating system (OS). However, UMEC network is vulnerable to attack, which can result in resource degradation and even UMEC service disruption. Rejuvenation techniques, such as failover technique and live container migration technique, can mitigate the impact of resource degradation but their effectiveness to improve the resilience of UMEC services should be evaluated. This paper presents a quantitative modeling approach based on semi-Markov process to investigate the resilience of a UMEC service chain consisting of any number of VNFs executed in any number of UMEC hosts in terms of availability and reliability. Unlike existing studies, the semi-Markov model constructed in this paper can capture the time-dependent behaviors between VNFs, between host OSes, and between VNFs and host OSes on the condition that the holding times of the recovery and failure events follow any kind of distribution. We perform the sensitivity analysis to identify potential resilience bottlenecks. The results highlight that migration time is the parameter significantly affecting the resilience, which shed the insight on designing the UMEC service chain with high-grade resilience requirements. In addition, we carry out the numerical experiments to reveal that: (i) the type of failure time distribution has a significant effect on the resilience; and (ii) the resilience increases with decreasing number of VNFs, while the availability increases with increasing number of UMEC hosts and the reliability decreases with increasing number of UMEC hosts, which can provide meaningful guidance for the UAV placement optimization in the UMEC network

Teknoekonominen toteutettavuusanalyysi etäylläpidon liitettävyydestä tehtaissa

Maintenance activities play a major role in factory operations, as they prevent breakdowns and extend machine life. With the advances in sensor, computing and communications technology, sensor data can be increasingly exploited for real-time supervision of machine condition. However, the acquisition of the data is challenging due to proprietary technologies and interfaces applied in Industrial Networks. Therefore, sensor data is rarely utilized in other processes than automation. As the industry is heading towards a new industrial era, also referred to as Industrial Internet or Industrie 4.0, there is growing need to improve data availability for applications that can realize its potential value. In this research, the focus is on the feasibility of remote maintenance deployment in factories. The topic is approached from the connectivity viewpoint. The research is conducted by reviewing the literature, and by interviewing numerous industry experts regarding the connectivity and data exploitation in factories. These form the basis for the value network analysis, in which Value Network Configuration (VNC) method is applied, to analyze the value distribution among different actors in alternative remote connection cases. As a result of the VNC analysis, three alternative value network configurations are formed. They provide a high-level technical architecture of the remote connection implementation and discuss the accumulated value of each actor concerning remote maintenance service. The insights gained from the VNCs and literature are then employed to propose a future technical architecture for remote maintenance connectivity in factories.Huoltotoimet ovat suuressa roolissa tehtaan toiminnassa, sillä ne ehkäisevät konerikkoja ja pidentävät koneen käyttöikää. Sensori-, laskenta- ja tietoliikenneteknologian kehittymisen johdosta sensoridataa voidaan hyödyntää yhä enemmän koneen kunnon reaaliaikaiseen valvontaan. Datan saanti on kuitenkin haastavaa teollisissa verkoissa käytettyjen sovelluskohtaisten teknologioiden ja liitäntöjen takia. Sen vuoksi sensoridataa hyödynnetään harvoin muissa prosesseissa kuin automaatiossa. Teollisuuden suunnatessa kohti uutta teollista aikakautta, joka tunnetaan myös nimillä Teollinen Internet ja Teollisuus 4.0, on datan saatavuutta parannettava sovelluskohteille, jotka voivat realisoida sen potentiaalisen arvon. Tämä tutkimus tarkastelee etäylläpidon käyttöönoton toteutettavuutta tehtaissa. Aihetta lähestytään liitettävyyden näkökulmasta. Tutkimus suoritetaan tarkastelemalla kirjallisuutta sekä haastattelemalla lukuisia teollisuuden asiantuntijoita koskien liitettävyyttä ja datan hyödyntämistä tehtaissa. Nämä muodostavat perustan arvoverkkoanalyysille, jossa sovelletaan arvoverkkokonfiguraatio-menetelmää, jolla analysoidaan arvon jakautumista eri toimijoiden kesken vaihtoehtoisissa etäyhteystapauksissa. Arvoverkkokonfiguraatioanalyysin tuloksena muodostetaan kolme vaihtoehtoista arvoverkkokonfiguraatiota. Ne tarjoavat korkean tason teknisen arkkitehtuurin etäyhteyden implementaatiosta ja tarkastelevat toimijoiden kerryttämää arvoa etäylläpitopalvelun osalta. Arvoverkkokonfiguraatioista ja kirjallisuudesta saatujen näkemysten pohjalta esitellään lisäksi tulevaisuuden tekninen arkkitehtuuri etäylläpidon liitettävyydelle tehtaissa

Network Function Virtualization technologies applied to cellular systems

Future 5G networks will exploit the inherent flexibility associated to the introduction of Network Function Virtualization (NFV) technologies in both the core network and even the Radio Access Network (RAN) through the software implementation of network functions running on general purpose computing/storage resources. The advent of the NFV paradigm provides an inherent capability to add new functionalities, extend, upgrade or evolve existing functionalities and to customize the network on a per-tenant basis. In this context, this work intends to make an analysis of the cuFuture 5G networks open a new spectrum of possibilities, both at the level of services it can offer, and at the level of its deployment. This thesis aims to make a study of some of the technologies that make possible the arrival of 5G, such as virtualization and virtualization applied to networks, NFV. In order to better understand the defined standard for NFV, the analysis of market NFV-MANO available tools is included. In addition, the study and evaluation of the deployment process of a virtualized 5G network scenario has been performed with HPE NFV Director

Reliable and energy efficient resource provisioning in cloud computing systems

Cloud Computing has revolutionized the Information Technology sector by giving computing a perspective of service. The services of cloud computing can be accessed by users not knowing about the underlying system with easy-to-use portals. To provide such an abstract view, cloud computing systems have to perform many complex operations besides managing a large underlying infrastructure. Such complex operations confront service providers with many challenges such as security, sustainability, reliability, energy consumption and resource management. Among all the challenges, reliability and energy consumption are two key challenges focused on in this thesis because of their conflicting nature. Current solutions either focused on reliability techniques or energy efficiency methods. But it has been observed that mechanisms providing reliability in cloud computing systems can deteriorate the energy consumption. Adding backup resources and running replicated systems provide strong fault tolerance but also increase energy consumption. Reducing energy consumption by running resources on low power scaling levels or by reducing the number of active but idle sitting resources such as backup resources reduces the system reliability. This creates a critical trade-off between these two metrics that are investigated in this thesis. To address this problem, this thesis presents novel resource management policies which target the provisioning of best resources in terms of reliability and energy efficiency and allocate them to suitable virtual machines. A mathematical framework showing interplay between reliability and energy consumption is also proposed in this thesis. A formal method to calculate the finishing time of tasks running in a cloud computing environment impacted with independent and correlated failures is also provided. The proposed policies adopted various fault tolerance mechanisms while satisfying the constraints such as task deadlines and utility values. This thesis also provides a novel failure-aware VM consolidation method, which takes the failure characteristics of resources into consideration before performing VM consolidation. All the proposed resource management methods are evaluated by using real failure traces collected from various distributed computing sites. In order to perform the evaluation, a cloud computing framework, 'ReliableCloudSim' capable of simulating failure-prone cloud computing systems is developed. The key research findings and contributions of this thesis are: 1. If the emphasis is given only to energy optimization without considering reliability in a failure prone cloud computing environment, the results can be contrary to the intuitive expectations. Rather than reducing energy consumption, a system ends up consuming more energy due to the energy losses incurred because of failure overheads. 2. While performing VM consolidation in a failure prone cloud computing environment, a significant improvement in terms of energy efficiency and reliability can be achieved by considering failure characteristics of physical resources. 3. By considering correlated occurrence of failures during resource provisioning and VM allocation, the service downtime or interruption is reduced significantly by 34% in comparison to the environments with the assumption of independent occurrence of failures. Moreover, measured by our mathematical model, the ratio of reliability and energy consumption is improved by 14%

Käyttäjätason ohjelmistokontittaminen pilviradioliityntäverkossa

The amount of devices connected through mobile networks has been growing rapidly. This growth will create a demand for network capacity that cannot be met with traditional methods. This problem could be solved by implementing a cloud radio access network (RAN), a new concept, to adapt cloud computing technologies, such as software containers, from the software industry to RANs. This adaptation will also create a need to modify working practices in order to better comply with these new cloud computing technologies. While cloud RAN has recently received much research attention, the actual software implementations have not been widely discussed in the literature. Therefore, this thesis evaluates the feasibility of using software containers in the user-plane applications of cloud RAN in terms of networking and inter-container communications (ICC). This is accomplished by identifying potential approaches for ICC and for container networking as well as measuring the performance of these approaches. Two approaches are proposed for ICC and container networking. The approaches were evaluated in terms of throughput and latency. These approaches were found to be suitable for use in cloud RAN user-plane applications. However, since the measurements were performed in a simplified environment, implementing the approaches into a cloud RAN component will require further work.Mobiiliverkkoihin liitettävien laitteiden määrä kasvaa nopeasti. Tämä kasvu tulee luomaan verkon kapasiteetille kysynnän, johon ei kyetä vastaamaan perinteisin menetelmin. Tämä ongelma voitaineen ratkaista implementoimalla pilviradioliityntäverkko (Cloud RAN), uusi konsepti, joka sovittaa ohjelmistoalalla vakiintuneita pilvilaskentateknologioita käytettäväksi radioliityntäverkoissa (radio access network, RAN). Tämä sovitusprosessi luo tarpeen mukauttaa myös työskentelytavat yhteensopiviksi uusien pilvilaskentateknologioiden kanssa. Vaikka pilviradioliityntäverkkoa on tutkittu aktiivisesti viime aikoina, käytännön ohjelmistototeutukset eivät juuri ole olleet esillä kirjallisuudessa. Tämä diplomityö arvioi ohjelmistokonttien (software containers) soveltuvuutta käytettäväksi pilviradioliityntäverkon käyttäjätason (user-plane) applikaatioissa verkottamisen (networking) ja ohjelmistokonttien välisen kommunikoinnin (inter-container communications, ICC) suhteen. Tämä arviointi suoritetaan identifioimalla mahdollisia toteutuksia ohjelmistokonttien väliselle kommunikaatiolle ja ohjelmistokonttien verkottamiselle sekä mittaamalla näiden toteutuksien suorituskyky. Tässä diplomityössä ehdotetaan tutkittavaksi kaksi toteutusta ohjelmistokonttien väliselle kommunikaatiolle ja ohjelmistokonttien verkottamiselle. Nämä toteutukset arvioitiin välityskyvyn (throughput) ja latenssin suhteen. Näiden toteutuksien todettiin olevan soveliaita käytettäväksi pilviradioliityntäverkon käyttäjätason applikaatioissa. Kuitenkin, koska mittaukset toteutettiin yksinkertaistetussa ympäristössä, vaatii toteutuksien implementointi pilviradioliityntäverkon komponenttiin lisätyötä

Building the Infrastructure for Cloud Security

Computer scienc