SEUSS: rapid serverless deployment using environment snapshots

Modern FaaS systems perform well in the case of repeat executions when function working sets stay small. However, these platforms are less effective when applied to more complex, large-scale and dynamic workloads. In this paper, we introduce SEUSS (serverless execution via unikernel snapshot stacks), a new system-level approach for rapidly deploying serverless functions. Through our approach, we demonstrate orders of magnitude improvements in function start times and cacheability, which improves common re-execution paths while also unlocking previously-unsupported large-scale bursty workloads.Published versio

ENTICE VM Image Analysis and Optimised Fragmentation

Virtual machine (VM) images (VMIs) often share common parts of significant size as they are stored individually. Using existing de-duplication techniques for such images are non-trivial, impose serious technical challenges, and requires direct access to clouds' proprietary image storages, which is not always feasible. We propose an alternative approach to split images into shared parts, called fragments, which are stored only once. Our solution requires a reasonably small set of base images available in the cloud, and additionally only the increments will be stored without the contents of base images, providing significant storage space savings. Composite images consisting of a base image and one or more fragments are assembled on-demand at VM deployment. Our technique can be used in conjunction with practically any popular cloud solution, and the storage of fragments is independent of the proprietary image storage of the cloud provider

Trusted Launch of Virtual Machine Instances in Public IaaS Environments

Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their adoption is hampered by data security concerns. At the same time, Trusted Computing (TC) is experiencing an increasing interest as a security mechanism for IaaS. In this paper we present a protocol to ensure the launch of a virtual machine (VM) instance on a trusted remote compute host. Relying on Trusted Platform Module operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for VM instances in public IaaS environments. We also present a proof-of-concept implementation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for the use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security

Establishing Scientific Computing Clouds on Limited Resources using OpenStack

Antud töö uurib, kuidas OpenStacki pilveplatvormi kasutada väikese jõudlusega pilvedes teadusarvutuse ja õppetöö eesmärgil. OpenStacki on küllaltki keeruline seadistada ning enamus dokumentatsioonist on paraku suunatud suurte sadade serveritega pilvede loomisele. OpenStacki paljude komponentide erinevaid võimalusi on küllaltki raske hoomata. Antud tö ö püüab need valikud Tartu Ülikooli Mobiilipilve aborile kuuluva kahe serveriga pilve näitel lahti rääkida.This work explores how OpenStack cloud platform could be used on limited hardware resources for scientific computing and teaching purposes. OpenStack has deep learning curve and most of the documentation is targeted for creating large scale clouds with hundreds of servers. OpenStack has a lot of components and configuration options which are quite hard to navigate at first. Thus this work tries to provide the rationale for making those technology choices and bases this on sample two server setup belonging to Tartu University Mobile Cloud Lab

Trusted Launch of Generic Virtual Machine Images in Public IaaS Environments

Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their faster-pased adoption is hampered by data security concerns. In the same time, Trusted Computing (TC) is experiencing a revived interest as a security mechanism for IaaS. We address the lack of an implementable mechanism to ensure the launch of a virtual machine (VM) instance on a trusted remote host. Relying on Trusted Platform Modules operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for generic VM images in public IaaS environments. We also present a proof-of-concept implemen- tation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security