Securing virtual network function placement with high availability guarantees

Virtual Network Functions as a Service (VNFaaS) is currently under attentive study by telecommunications and cloud stakeholders as a promising business and technical direction consisting of providing network functions as a service on a cloud (NFV Infrastructure), instead of delivering standalone network appliances, in order to provide higher scalability and reduce maintenance costs. However, the functioning of such NFVI hosting the VNFs is fundamental for all the services and applications running on top of it, forcing to guarantee a high availability level against attacks and software failures. Indeed the availability of an VNFaaS relies on the failure rate of its single components, namely the servers, the virtualization software, and the communication network. The proper assignment of the virtual machines implementing network functions to NFVI servers and their protection from both endogenous and exogenous threats is essential to guarantee high availability. We model the High Availability Virtual Network Function Placement (HA- VNFP) as the problem of finding the best assignment of virtual machines to servers guaranteeing protection by replication. We propose a probabilistic approach to measure the real availability of a system and design both efficient and effective algorithms that can be used by stakeholders for both online and offline planning

State of The Art and Hot Aspects in Cloud Data Storage Security

Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed

Availability-driven NFV orchestration

Virtual Network Functions as a Service (VNFaaS) is a promising business whose technical directions consist of providing network functions as a Service instead of delivering standalone network appliances, leveraging a virtualized environment named NFV Infrastructure (NFVI) to provide higher scalability and reduce maintenance costs. Operating the NFVI under stringent availability guarantees is fundamental to ensure the proper functioning of the VNFaaS against software attacks and failures, as well as common physical device failures. Indeed the availability of a VNFaaS relies on the failure rate of its single components, namely the physical servers, the hypervisor, the VNF software, and the communication network. In this paper, we propose a versatile orchestration model able to integrate an elastic VNF protection strategy with the goal to maximize the availability of an NFVI system serving multiple VNF demands. The elasticity derives from (i) the ability to use VNF protection only if needed, or (ii) to pass from dedicated protection scheme to shared VNF protection scheme when needed for a subset of the VNFs, (iii) to integrate traffic split and load-balancing as well as mastership role election in the orchestration decision, (iv) to adjust the placement of VNF masters and slaves based on the availability of the different system and network components involved. We propose a VNF orchestration algorithm based on Variable Neighboring Search, able to integrate both protection schemes in a scalable way and capable to scale, while outperforming standard online policies

Cost and availability aware resource allocation and virtual function placement for CDNaaS provision

We address the fundamental tradeoff between deployment cost and service availability in the context of on-demand content delivery service provision over a telecom operator's network functions virtualization infrastructure. In particular, given a specific set of preferences and constraints with respect to deployment cost, availability and computing resource capacity, we provide polynomial-time heuristics for the problem of jointly deriving an appropriate assignment of computing resources to a set of virtual instances and the placement of the latter in a subset of the available physical hosts. We capture the conflicting criteria of service availability and deployment cost by proposing a multi-objective optimization problem formulation. Our algorithms are experimentally shown to outperform state-of-the-art solutions in terms of both execution time and optimality, while providing the system operator with the necessary flexibility to balance between conflicting objectives and reflect the relevant preferences of the customer in the produced solutions.This work was supported in part by the French FUI-18 DVD2C project and by the European Union’s Horizon 2020 research and innovation program under the 5G-Transformer project (grant no. 761536)

2020 22nd International Conference on Transparent Optical Networks (ICTON)

Producción CientíficaNetwork Function Virtualization (NFV) is a promising networking paradigm that will ease the network manageability and increase its flexibility, while reducing costs. In this paradigm, operators must solve the Virtual Network Function (VNF) placement and chaining problems. It is also important to provide backup resources to ensure the survivability of the offered services when a node failure happens. In this paper, we compare two different protection approaches to ensure the service resilience: individual VNF protection and end-to-end protection. Results show the benefits in terms of use of computing resources and energy consumption of protecting each VNF individually, compared to the end-to-end protection approach.Ministerio de Economía, Industria y Competitividad (grant TEC2017-84423-C3-1-P)Ministerio de Industria, Comercio y Turismo (fellowship BES-2015-074514)Research network Go2Edge (grant RED2018-102585-T)Interreg V-A Spain-Portugal (POCTEP) programme 2014- 202