NetJobs: A new approach to network monitoring for the Grid using Grid jobs

With grid computing, the far-fl�ung and disparate IT resources act as a single "virtual datacenter". Grid computing interfaces heterogeneous IT resources so they are available when and where we need them. Grid allows us to provision applications and allocate capacity among research and business groups that are geographically and organizationally dispersed. Building a high availability Grid is hold as the next goal to achieve: protecting against computer failures and site failures to avoid downtime of resource and honor Service Level Agreements. Network monitoring has a key role in this challenge. This work is concerning the design and the prototypal implementation of a new approach to Network monitoring for the Grid based on the usage of Grid scheduled jobs. This work was carried out within the Network Support task (SA2) of the Enabling Grids for E-sciencE (EGEE) project. This thesis is organized as follows: Chapter 1: Grid Computing From the origins of Grid Computing to the latest projects. Conceptual framework and main features characterizing many kind of popular grids will be presented. Chapter 2: The EGEE and EGI projects This chapter describes the Enabling Grids for E-sciencE (EGEE) project and the European Grid Infrastructure (EGI). EGEE project (2004-2010) was the�flagship Grid infrastructure project of the EU. The third and last two-year phase of the project (started on 1 May 2008) was financed with a total budget of around 47 million euro, with a further estimated 50 million euro worth of computing resources contributed by the partners. A total manpower of 9,000 Person Months, of which over 4,500 Person Months has been contributed by the partners from their own funding sources. At its close, EGEE represented a worldwide infrastructure of approximately to 200,000 CPU cores, collaboratively hosted by more than 300 centres around the world. By the end of the project, around 13 million jobs were executed on the EGEE grid each month. The new organization, EGI.eu, has then been created to continue the coordination and evolution of the European Grid Infrastructure (EGI) based on EGEE Grid. Chapter3: gLite Middleware Chapter three gives an overview on the gLite Grid Middleware. gLite is the middleware stack for grid computing used by the EGEE and EGI projects with in a very large variety of scientifi�c domains. Born from the collaborative efforts of more than 80 people in 12 different academic and industrial research centers as part of the EGEE Project, gLite provides a complete set of services for building a production grid infrastructure. gLite provides a framework for building grid applications tapping into the power of distributed computing and storage resources across the Internet. The gLite services are currently adopted by more than 250 Computing Centres and used by more than 15000 researchers in Europe and around the world. Chapter 4: Network Activity in EGEE/EGI Grid infrastructures are distributed by nature, involving many sites, normally in different administrative domains. Individual sites are connected together by a network, which is therefore a critical part of the whole Grid infrastructure; without the network there is no Grid. Monitoring is a key component for the successful operation of any infrastructure, helping in the discovery and diagnosis of any problem which may arise. Network monitoring is able to contribute to the day-to-day operations of the Grid by helping to provide answers to specific questions from users and site administrators. This chapter will discuss all the effort lavished by EGEE and EGI in the Grid Network domain. Chapter 5: Grid Network Monitoring based on Grid Jobs Net Jobs is a prototype of a light weight solution for the Grid network monitoring. A job-based approach has been used in order to prove the feasibility of this non intrusive solution. It is currently configured to monitor eight production sites spread from Italy to France but this method could be applied to the vast majority of Grid sites. The prototype provides coherent RTT, MTU, number of hops and TCP achievable bandwidth tests

Implementation of a NFV monitoring system for reactive environments

This work aims at researching the existent solutions of monitoring and alerting techniques, as well as defining a suitable architecture, design and implementation of a complete and customizable monitoring and alerting framework used to inspect and notify specific conditions on dynamically instantiated applications operating in the network. Such Network Services (NS) are used in the Network Function Virtualization (NFV) architecture, allowing rapid instantiation and configuration of virtualized environments that handle network configuration. This design and implementation seek to provide more flexibility and dynamicity to the network operator to monitor custom or generic metrics and trigger notifications based on custom thresholds, without depending on the Virtual Network Function (VNF) developer to adapt its descriptor and onboard each version into the NFV Orchestrator (NFVO) prior to each usage. The framework here developed follows a modular architecture that separates the monitoring and alerting policies from the onboarding and instantiation process of the Network Functions. The architecture also facilitates the integration with other systems and adapting the functionality of an operational environment thanks to its decoupled and modular approach. The presented work considers a monitoring and alerting framework that is especially useful for dynamic environments such as those relying in NFV, like those in the EU H2020 PALANTIR project. There, the framework is used to help assessing the correct behavior of the Security NSs that are used to prevent or mitigate security anomalies in the network of each client. If abnormalities are found, remediation measures will take place to replace the potentially compromised NS instances with clean, appropriate ones.Objectius de Desenvolupament Sostenible::9 - Indústria, Innovació i Infraestructur

2015 XSEDE Federation Risk Assessment Overview

The methodology and working documentation for performing the 2012 and 2015 XSEDE Security Risk Assessments.NSF #1053575Ope

Improving Recurrent Software Development: A Contextualist Inquiry Into Release Cycle Management

Software development is increasingly conducted in a recurrent fashion, where the same product or service is continuously being developed for the marketplace. Still, we lack detailed studies about this particular context of software development. Against this backdrop, this dissertation presents an action research study into Software Inc., a large multi-national software provider. The research addressed the challenges the company faced in managing releases and organizing software process improvement (SPI) to help recurrently develop and deliver a specific product, Secure-on-Request, to its customers and the wider marketplace. The initial problem situation was characterized by recent acquisition of additional software, complexity of service delivery, new engineering and product management teams, and low software development process maturity. Asking how release management can be organized and improved in the context of recurrent development of software, we draw on Pettigrew’s contextualist inquiry to focus on the ongoing interaction between the contents, context and process to organize and improve release cycle practices and outcomes. As a result, the dissertation offers two contributions. Practically, it contributes to the resolution of the problem situation at Software Inc. Theoretically, it introduces a new software engineering discipline, release cycle management (RCM), focused on recurrent delivery of software, including SPI as an integral part, and grounded in the specific experiences at Software Inc

Software Service Innovation: An Action Research into Release Cycle Management

Fierce competition in the market is driving software vendors to rely on Software-as-a-Service (SaaS) strategies and to continuously match new software versions with customers’ needs and competitors’ moves. Although release management as a recurrent activity related to SaaS arguably shapes how a vendor services its customers, the literature is surprisingly limited on how software releases are managed to support SaaS strategies. Against this backdrop, we present a collaborative action-research study with Software Inc., a large multi-national software provider, focused on improving the release cycle management process for a complex security software service. The study is part of a comprehensive intervention into Software Inc. that combines a perspective rooted in software process improvement and engineering practices with one rooted in service delivery and customer interactions. The part that is reported in this dissertation draws on the service-dominant logic framework to analyze how the release cycle management process was organized to improve Software Inc.’s ongoing value co-creation with its customers. As a result, the study contributed to improving release cycle management at Software Inc. and it expands industry knowledge about the challenges and opportunities for software vendors to manage releases and improve the value delivered to and co-created with their customers. This added knowledge is of interest to both practitioners and researchers as SaaS strategies increasingly shape the industry with important implications for how software is released

Federated Access Management for Collaborative Environments

abstract: Access control has been historically recognized as an effective technique for ensuring that computer systems preserve important security properties. Recently, attribute-based access control (ABAC) has emerged as a new paradigm to provide access mediation by leveraging the concept of attributes: observable properties that become relevant under a certain security context and are exhibited by the entities normally involved in the mediation process, namely, end-users and protected resources. Also recently, independently-run organizations from the private and public sectors have recognized the benefits of engaging in multi-disciplinary research collaborations that involve sharing sensitive proprietary resources such as scientific data, networking capabilities and computation time and have recognized ABAC as the paradigm that suits their needs for restricting the way such resources are to be shared with each other. In such a setting, a robust yet flexible access mediation scheme is crucial to guarantee participants are granted access to such resources in a safe and secure manner. However, no consensus exists either in the literature with respect to a formal model that clearly defines the way the components depicted in ABAC should interact with each other, so that the rigorous study of security properties to be effectively pursued. This dissertation proposes an approach tailored to provide a well-defined and formal definition of ABAC, including a description on how attributes exhibited by different independent organizations are to be leveraged for mediating access to shared resources, by allowing for collaborating parties to engage in federations for the specification, discovery, evaluation and communication of attributes, policies, and access mediation decisions. In addition, a software assurance framework is introduced to support the correct construction of enforcement mechanisms implementing our approach by leveraging validation and verification techniques based on software assertions, namely, design by contract (DBC) and behavioral interface specification languages (BISL). Finally, this dissertation also proposes a distributed trust framework that allows for exchanging recommendations on the perceived reputations of members of our proposed federations, in such a way that the level of trust of previously-unknown participants can be properly assessed for the purposes of access mediation.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Safety Applications and Measurement Tools for Connected Vehicles

L'abstract è presente nell'allegato / the abstract is in the attachmen