Robust Reconfiguration of Cloud Applications

International audienceCloud applications involve a set of interconnected software components running on remote virtual machines. Once cloud applications are deployed, one may need to reconfigure them by adding/removing virtual machines or components hosted on these machines. These tasks are error-prone since they must preserve the application consistency and respect important architectural invariants related to software dependencies. We present in this paper a protocol for automating these reconfiguration tasks

Formally Reasoning on a Reconfigurable Component-Based System --- A Case Study for the Industrial World

International audienceThe modularity offered by component-based systems made it one of the most employed paradigms in software engineering. Precise structural specification is a key ingredient that enables their verification and consequently their reliability. This gains special relevance for reconfigurable component-based systems. To this end, the Grid Component Model (GCM) provides all the means to define such reconfigurable component-based applications. In this paper we report our experience on the formal specification and verification of a reconfigurable GCM application as an industrial case study

High-level Language Support for the Control of Reconfigurations in Component-based Architectures

International audienceNowadays, smart home is extended beyond the house itself to encompass connected platforms on the Cloud as well as mobile personal devices. This Smart Home Extended Architecture (SHEA) helps customers to remain in touch with their home everywhere and any time. The endless increase of connected devices in the home and outside within the SHEA multiplies the deployment possibilities for any application. Therefore, SHEA should be taken from now as the actual target platform for smart home application deployment. Every home is different and applications offer different services according to customer preferences. To manage this variability, we extend the feature modeling from software product line domain with deployment constraints and we present an example of a model that could address this deployment challenge

Реконфигурирование компонентно-ориентированных систем на базе графовых грамматик

Dynamic reconfigurations can modify the architecture of component-based systems without incurring any system downtime. In this context, the main contribution of the present article is the establishment of correctness results proving component-based systems reconfigurations using graph grammars. New guarded reconfigurations allow us to build reconfigurations based on primitive reconfiguration operations using sequences of reconfigurations and the alternative and the repetitive constructs, while preserving configuration consistency. A practical contribution consists of the implementation of a component-based model using the GROOVE graph transformation tool. Then, after enriching the model with interpreted configurations and reconfigurations in a consistency compatible manner, a simulation relation is exploited to validate component systems’ implementations. This sound implementation is illustrated on a cloud-based multitier application hosting environment managed as a component-based system.Динамические реконфигурирования могут изменять архитектуру компонентно-ориентированных систем, не подвергаясь никакому системному простою. В этом контексте основной вклад данной статьи – доказательство результатов корректности реконфигурирования систем, используя графовые грамматики. В этой статье предложены новые охраняемые реконфигурирования на базе логики Хоара, которые построены на основе примитивных операций по реконфигурированию и включают последовательности реконфигурирований, альтернативные и повторяющиеся конструкции, сохраняя при этом непротиворечивость конфигураций. Практический вклад состоит в описании имплементации компонентно-ориентированной модели, используя программный инструмент GROOVE для преобразования графов. После обогащения модели интерпретированными конфигурациями и реконфигурированиями, совместимого с непротиворечивостью, отношение симуляции используется для доказательства корректности имплементации, выполненной под GROOVE. Эта имплементация иллюстрирована на примере многоуровневого облачно-ориентированного приложения

Resilience of Stateful IoT Applications in a Dynamic Fog Environment

International audienceFog computing provides computing, storage and communication resources at the edge of the network, near the physical world. Subsequently , end devices nearing the physical world can have interesting properties such as short delays, responsiveness, optimized communications and privacy. However, these end devices have low stability and are prone to failures. There is consequently a need for failure management protocols for IoT applications in the Fog. The design of such solutions is complex due to the specificities of the environment, i.e., (i) dynamic infrastructure where entities join and leave without synchronization, (ii) high heterogeneity in terms of functions, communication models, network, processing and storage capabilities, and, (iii) cyber-physical interactions which introduce non-deterministic and physical world's space and time dependent events. This paper presents a fault tolerance approach taking into account these three characteristics of the Fog-IoT environment. Fault tolerance is achieved by saving the state of the application in an uncoordinated way. When a failure is detected, notifications are propagated to limit the impact of failures and dynamically reconfig-ure the application. Data stored during the state saving process are used for recovery, taking into account consistency with respect to the physical world. The approach was validated through practical experiments on a smart home platform

Modular Coordination of Multiple Autonomic Managers

International audienceComplex computing systems are increasingly self-adaptive, with an autonomic computing approach for their administration. Real systems require the co-existence of multiple autonomic management loops, each complex to design. However their uncoordinated co-existence leads to performance degradation and possibly to inconsistency. There is a need for methodological supports facilitating the coordination of multiple autonomic managers. In this paper we propose a method focusing on the discrete control of the interactions of managers. We follow a component-based approach and explore modular discrete control, allowing to break down the combinatorial complexity inherent to the state-space exploration technique. This improves scalability of the approach and allows constructing a hierarchical control. It also allows re-using complex managers in different contexts without modifying their control specifications. We build a component-based coordination of managers, with introspection, adaptivity and reconfiguration. We validate our method on a multiple-loop multi-tier system

Optimal and Automated Microservice Deployment: formal definition, implementation and validation of a deployment engine

The main purpose of this work was to study the problem of optimal and automated deployment and reconfiguration (at the architectural level) of microservice systems, proving formal properties and realizing an implemented solution. It started from the Aeolus component model, which was used to formally define the problem of deploying component-based software systems and to prove different results about decidability and complexity. In particular, the Aeolus authors formally prove that, in the general case, such problem is undecidable. Starting from these results we expanded on the analysis of automated deployment and scaling, focusing on microservice architecture. Using a model inspired by Aeolus, considering the characteristics of microservices, we formally proved that the optimal and automated deployment and scaling for microservice architectures are algorithmically treatable. However, the decision version of the problem is NP-complete and to obtain the optimal solution it is necessary to solve an NP-optimization problem. To show the applicability of our approach we decided to also realize a model of a simple but realistic case-study. The model is developed using the Abstract Behavioral Specification (ABS) language, and to calculate the different deployment and scaling plans we used an ABS tool called SmartDepl. To solve the problem, SmartDepl relies on Zephyrus2. Zephyrus2 is a configuration optimizer that allows to compute the optimal deployment configuration of described applications. This work resulted in an extended abstract accepted at the Microservices 2019 conference in Dortmund (Germany), a paper accepted at the FASE 2019 (part of ETAPS) conference in Prague (Czech Republic), and an accepted book chapter

A Formal Approach to Microservice Architecture Deployment *

International audienceFollowing previous work on the automated deployment of componentbased applications, we present a formal model specifically tailored for reasoning on the deployment of microservice architectures. The first result that we present is a formal proof of decidability of the problem of synthesizing optimal deployment plans for microservice architectures, a problem which was proved to be undecidable for generic component-based applications. Then, given that such proof translates the deployment problem into a constraint satisfaction problem, we present the implementation of a tool that, by exploiting state-of-the-art constraint solvers, can be used to actually synthesize optimal deployment plans. We evaluate the applicability of our tool on a realistic microservice architecture taken from the literature

Robust reconfigurations of component assemblies

International audienceIn this paper, we propose a reconfiguration protocol that can handle any number of failures during a reconfiguration, always producing an architecturally-consistent assembly of components that can be safely introspected and further reconfigured. Our protocol is based on the concept of Incrementally Consistent Sequences (ICS), ensuring that any reconfiguration incrementally respects the reconfiguration contract given to component developers: reconfiguration grammar and architectural invariants. We also propose two recovery policies, one rolls back the failed reconfiguration and the other rolls it forward, both going as far as possible, failure permitting. We specified and proved the reconfiguration contract, the protocol, and recovery policies in Coq