Audition: a DevOps-oriented service optimization and testing framework for cloud environments

This paper demonstrates an approach to automated testing and quality assurance in cloud environments, which also takes deployment cost into consideration. With a distributed service architecture and some given performance goals, the end result will be a suggestion of the optimal resource type and filesystem with the lowest price point for each function of the architecture. Our solution is modeled after the auditioning process in the theater industry, which provides a process that fits well into our context and is easy to understand and follow. The resulting tool, Audition, is a working implementation of our model and is extendable in several ways, allowing for integration with local technologies

Performance of R-GMA for monitoring grid jobs for CMS data production

High energy physics experiments, such as the Compact Muon Solenoid (CMS) at the CERN laboratory in Geneva, have large-scale data processing requirements, with data accumulating at a rate of 1 Gbyte/s. This load comfortably exceeds any previous processing requirements and we believe it may be most efficiently satisfied through grid computing. Furthermore the production of large quantities of Monte Carlo simulated data provides an ideal test bed for grid technologies and will drive their development. One important challenge when using the grid for data analysis is the ability to monitor transparently the large number of jobs that are being executed simultaneously at multiple remote sites. R-GMA is a monitoring and information management service for distributed resources based on the grid monitoring architecture of the Global Grid Forum. We have previously developed a system allowing us to test its performance under a heavy load while using few real grid resources. We present the latest results on this system running on the LCG 2 grid test bed using the LCG 2.6.0 middleware release. For a sustained load equivalent to 7 generations of 1000 simultaneous jobs, R-GMA was able to transfer all published messages and store them in a database for 98% of the individual jobs. The failures experienced were at the remote sites, rather than at the archiver's MON box as had been expected

SSH Key Management Challenges and Requirements

Invited paperSSH (Secure Shell) uses public keys for authenticating servers and users. This paper summarizes progress in SSH key management so far, highlights outstanding problems, and presents requirements for a long-term solution. Proposals are solicited from the research community to address the issue. The problem is of high practical importance, as most of our critical Internet infrastructure, cloud services, and open source software development is protected using these keys.Non peer reviewe

Comparing SSD Forensics with HDD Forensics

The technological industry is growing at an unprecedented rate; to adequately evaluate this shift in the fast-paced industry, one would first need to deliberate on the differences between the Hard Disk Drive (HDD) and Solid-State Drive (SSD). HDD is a hard disk drive that was conventionally used to store data, whereas SSD is a more modern and compact substitute; SSDs comprises of flash memory technology, which is the modern-day method of storing data. Though the inception of data storage began with HDD, they proved to be less accessible and stored less data as compared to the present-day SSDs, which can easily store up to 1 Terabyte in a minuscule chip-size frame. Hence, SSDs are more convenient and user-friendly, where, in contrast, HDDs often require some degree of technical knowledge. However, since SSDs are still a relatively new phenomenon, it has proved to create myriads of problems in the digital forensics department. Since, SSDs are still a more modern concept, the tools that digital forensics employ to investigate evidence obtained from HDDs are not proving to be as efficient; this is primarily due to the fact that data in flash memory drives can only be written if the data unit or data block is erased, ergo, an erase operation occurs every time before something is written into the flash memory. Therefore, the aim of this research is to critically analyze the results obtained by running forensic tools on an HDD and SSD; the results would pertain to the image generated from the HDD and SSD

Package upgrades in FOSS distributions: details and challenges

The upgrade problems faced by Free and Open Source Software distributions have characteristics not easily found elsewhere. We describe the structure of packages and their role in the upgrade process. We show that state of the art package managers have shortcomings inhibiting their ability to cope with frequent upgrade failures. We survey current countermeasures to such failures, argue that they are not satisfactory, and sketch alternative solutions

First-Order Models for Configuration Analysis

Our world teems with networked devices. Their configuration exerts an ever-expanding influence on our daily lives. Yet correctly configuring systems, networks, and access-control policies is notoriously difficult, even for trained professionals. Automated static analysis techniques provide a way to both verify a configuration\u27s correctness and explore its implications. One such approach is scenario-finding: showing concrete scenarios that illustrate potential (mis-)behavior. Scenarios even have a benefit to users without technical expertise, as concrete examples can both trigger and improve users\u27 intuition about their system. This thesis describes a concerted research effort toward improving scenario-finding tools for configuration analysis. We developed Margrave, a scenario-finding tool with special features designed for security policies and configurations. Margrave is not tied to any one specific policy language; rather, it provides an intermediate input language as expressive as first-order logic. This flexibility allows Margrave to reason about many different types of policy. We show Margrave in action on Cisco IOS, a common language for configuring firewalls, demonstrating that scenario-finding with Margrave is useful for debugging and validating real-world configurations. This thesis also presents a theorem showing that, for a restricted subclass of first-order logic, if a sentence is satisfiable then there must exist a satisfying scenario no larger than a computable bound. For such sentences scenario-finding is complete: one can be certain that no scenarios are missed by the analysis, provided that one checks up to the computed bound. We demonstrate that many common configurations fall into this subclass and give algorithmic tests for both sentence membership and counting. We have implemented both in Margrave. Aluminum is a tool that eliminates superfluous information in scenarios and allows users\u27 goals to guide which scenarios are displayed. We quantitatively show that our methods of scenario-reduction and exploration are effective and quite efficient in practice. Our work on Aluminum is making its way into other scenario-finding tools. Finally, we describe FlowLog, a language for network programming that we created with analysis in mind. We show that FlowLog can express many common network programs, yet demonstrate that automated analysis and bug-finding for FlowLog are both feasible as well as complete

Visual IT-infrastructure Management

IT-infrastruktuur hõlmab IT-süsteemi ressursse: füüsilised arvutid, virtuaalmasinad ja nende vahelised ühendused, samuti tarkvara, protsessorid, mälu, kettaruum ja võrguliidesed. IT-süsteemi haldamiseks on vajalik tarkvara, mis võimaldaks ressursside olekut jälgida ning läbi viia ressurssidega seotud tegevusi. Jälgida saab näiteks mälu kasutust, kettaruumi kasutust, protsessori koormust või süsteemi veateateid. Ressurssidega seotud tegevused on näiteks mälu või kettaruumi jaotamine, virtuaalmasina käivitamine või peatamine, virtuaalmasina üleviimine ühest asukohast teise jms. Samuti on oluline haldamise võimalus kaugarvutist üle võrgu. Tüüpiline stsenaarium on privaatpilv teadusasutustes, kus hulk arvuteid vajavad koostöö koordineerimist. Eeskätt keskendub töö eelkirjeldatud tarkvara graafilise kasutajaliidese (GUI) kavandamisele. Oluline on sealjuures tarkvara lihtsus, intuitiivsus ja efektiivsus. Süsteemiadministraatoritel on paljusid süsteemihalduse tegevusi harjumuspärasem teha käsurea kaudu. Seetõttu tuleb arvestada, et kõiki tegevusi ei pruugi olla mõtet GUI-sse sisse ehitada. Uuringutes on välja toodud, et GUI-d peetakse süsteemihalduse valdkonnas vähem usaldusväärseks ning vähem efektiivseks. Küll aga pakub GUI võimaluse IT-süsteemi paremaks visualiseerimiseks. Näiteks saab kasutatud kettaruumi kuvada mitte ainult andmeühikutes tekstina, vaid ka graafilise ribana selliselt, et suuremale andmemahule vastab suurem osa ribast. Nii on info paremini hoomatav. Üks töö osa on olemasolevate lahenduste uurimine. Virtuaalmasinate halduslahendusi pakuvad näiteks VMware, Citrix, Cloudkick, OpenNode jt. Üks juhendajatest, Ilja Livenson, on OpenNode’i arendaja. Lisaks funktsionaalsetele nõuetele võiksid lahendused vastata ka nõuetele, mis puudutavad turvalisust, skaleeritavust, tõrkekindlust ning standardite sobivust. Standardite puhul on oluline, et need oleks avatud ja laialt levinud. Samuti peaks lahendus olema kasutatav mobiiltelefonides, ka siis, kui tegemist on veebipõhise liidesega. Töö praktiline osa toimub OpenNode’i projektis. OpenNode on avatud lähtekoodiga tarkvara virtualiseeritud serverite haldamiseks. See koosneb kesksest haldusserverist (OpenNode Management Server) ning veebipõhisest halduskonsoolist (OpenNode Management Console). Halduskonsoolil on seni puudu olnud paindlik graafilise visualiseerimise võimalus. Töö raames luuakse komponent nimega VM-map (VM-kaart), mille eesmärk on muu hulgas kuvada füüsilisi masinaid koos nendes olevate virtuaalmasinatega, näidata masinate kohta vajadustele vastavat infot ning luua uusi võimalusi haldustegevuste läbiviimiseks. Näiteks on süsteemi graafilises vaates võimalik ühe hiireliigutusega tõsta virtuaalmasin ühest füüsilisest masinast teise.IT-infrastructure is comprised of the resources of an IT-system: physical and virtual machines (VMs), network connections, software, processors, memory, storage space and network interfaces. In order to manage IT-infrastructure, special software is needed to monitor and perform actions on these resources. Actions related to resources are, for example, allocating storage, starting and stopping VMs, migrating VMs, etc. It is also important to be able to do management tasks from one remote computer. A typical scenario is a private cloud dedicated to running simulations for scientific research where many computers in a network need to be managed. This thesis looks at how to create an intuitive and efficient graphical user interface (GUI) for this type of software. Some features that system administrators typically use from the command line may not be worth implementing in the GUI. Studies have shown that system administrators tend to consider the GUI as less reliable and less efficient, but still better for the visualization of infrastructure. For example, used disk space can be represented as a graphical bar instead of text for better comprehensibility. A part of the thesis analyses existing management software: VMware, Citrix, Cloudkick and OpenNode. One of the supervisors, Ilja Livenson, is a developer of OpenNode. In addition to functional requirements, the software should meet requirements for security, scalability, fault tolerance and standards compliance. The standards should preferably be open and commonly used. Also, the solutions should work on mobile devices. The practical part of the thesis is done for the open-source server virtualization project called OpenNode. OpenNode consists of a central management server and a frontend for it called OpenNode Management Console (ONC). The frontend has so far lacked a flexible infrastucture visualization component. As part of the thesis, a component called VM-map is implemented, which is used to view physical machines and the VMs within them, to see information about them and to perform actions such as VM resizing and migration