Towards a Big Data system disaster recovery in a Private Cloud

Disaster recovery (DR) plays a vital role in restoring the organization's data in the case of emergency and hazardous accidents. While many papers in security focus on privacy and security technologies, few address the DR process, particularly for a Big Data system. However, all these studies that have investigated DR methods belong to the “single-basket” approach, which means there is only one destination from which to secure the restored data, and mostly use only one type of technology implementation. We propose a “multi-purpose” approach, which allows data to be restored to multiple sites with multiple methods to ensure the organization recovers a very high percentage of data close to 100%, with all sites in London, Southampton and Leeds data recovered. The traditional TCP/IP baseline, snapshot and replication are used with their system design and development explained. We compare performance between different approaches and multi-purpose approach stands out in the event of emergency. Data at all sites in London, Southampton and Leeds can be restored and updated simultaneously. Results show that optimize command can recover 1 TB of data within 650 s and command for three sites can recover 1 TB of data within 1360 s. All data backup and recovery has failure rate of 1.6% and below. All the data centers should adopt multi-purpose approaches to ensure all the data in the Big Data system can be recovered and retrieved without experiencing a prolong downtime and complex recovery processes. We make recommendations for adopting “multi-purpose” approach for data centers, and demonstrate that 100% of data is fully recovered with low execution time at all sites during a hazardous event as described in the paper

Middleware for transparent TCP connection migration : masking faulty TCP-based services

Masteroppgave i informasjons- og kommunikasjonsteknologi 2004 - Høgskolen i Agder, GrimstadMission critical TCP-based services create a demand for robust and fault tolerant TCP communication. Sense Intellifield monitors drill operations on rig sites offshore. Critical TCP-based services need to be available 24 hours, 7 days a week, and the service providers need to tolerate server failure. How to make TCP robust and fault tolerant without modifying existing infrastructure like existing client/server applications, services, TCP stacks, kernels, or operating systems is the motivation of this thesis. We present a new middleware approach, first of its kind, to allow TCP-based services to survive server failure by migrating TCP connections from failed servers to replicated surviving servers. The approach is based on a proxy technique, which requires modifications to existing infrastructure. Our unique middleware approach is simple, practical, and can be built into existing infrastructure without modifying it. A middleware approach has never been used to implement the proxy based technique. Experiments for validation of functionality and measurement of performance of the middleware prototype are conducted. The results show that our technique adds significant robustness and fault tolerance to TCP, without modifying existing infrastructure. One of the consequences of using a middleware to make TCP communication robust and fault tolerant is added latency. Another consequence is that TCP communication can survive server failure, and mask it. Companies providing robust and fault tolerant TCP, is no longer dependant of third party hardware and/or software. By implementing our solution, they can gain economical advantages. A main focus of this report is to present a prototype that demonstrates our technique and middleware approach. We present relevant background theory which has lead to the design architecture of a middleware approach to make TCP communication fault tolerant. Finally we conduct experiments to uncover the feasibility and performance of the prototype, followed by a discussion and conclusion

Federation of Cyber Ranges

Küberkaitse võimekuse aluselemendiks on kõrgete oskustega ja kokku treeninud spetsialistid. Tehnikute, operaatorite ja otsustajate teadlikkust ja oskusi saab treenida läbi rahvusvaheliste õppuste. On mõeldamatu, et kaitse ja rünnakute harjutamiseks kasutatakse toimivat reaalajalist organisatsiooni IT-süsteemi. Päriseluliste süsteemide simuleerimiseks on võimalik kasutada küberharjutusväljakuid.NATO ja Euroopa Liidu liikmesriikides on mitmed juba toimivad ja käimasolevad arendusprojektid uute küberharjutusväljakute loomiseks. Et olemasolevast ressurssi täies mahus kasutada, tuleks kõik sellised harjutusväljakud rahvusvaheliste õppuste tarbeks ühendada. Ühenduvus on võimalik saavutada alles pärast kokkuleppeid, tehnoloogiate ja erinevate harjutusväljakute kitsenduste arvestamist.Antud lõputöö vaatleb kahte küberharjutusväljakut ja uurib võimalusi, kuidas on võimalik rahvuslike harjutusväljakute ressursse jagada ja luua ühendatud testide ja õppuste keskkond rahvusvahelisteks küberkaitseõppusteks. Lõputöö annab soovitusi informatsiooni voogudest, testkontseptsioonidest ja eeldustest, kuidas saavutada ühendused ressursside jagamise võimekusega. Vaadeldakse erinevaid tehnoloogiad ja operatsioonilisi aspekte ning hinnatakse nende mõju.Et paremini mõista harjutusväljakute ühendamist, on üles seatud testkeskkond Eesti ja Tšehhi laborite infrastruktuuride vahel. Testiti erinevaid võrguparameetreid, operatsioone virtuaalmasinatega, virtualiseerimise tehnoloogiad ning keskkonna haldust avatud lähtekoodiga tööriistadega. Testide tulemused olid üllatavad ja positiivsed, muutes ühendatud küberharjutusväljakute kontseptsiooni saavutamise oodatust lihtsamaks.Magistritöö on kirjutatud inglise keeles ja sisaldab teksti 42 leheküljel, 7 peatükki, 12 joonist ja 4 tabelit.Võtmesõnad:Küberharjutusväljak, NATO, ühendamine, virtualiseerimine, rahvusvahelised küberkaitse õppusedAn essential element of the cyber defence capability is highly skilled and well-trained personnel. Enhancing awareness and education of technicians, operators and decision makers can be done through multinational exercises. It is unthinkable to use an operational production environment to train attack and defence of the IT system. For simulating a life like environment, a cyber range can be used. There are many emerging and operational cyber ranges in the EU and NATO. To benefit more from available resources, a federated cyber range environment for multinational cyber defence exercises can be built upon the current facilities. Federation can be achieved after agreements between nations and understanding of the technologies and limitations of different national ranges.This study compares two cyber ranges and looks into possibilities of pooling and sharing of national facilities and to the establishment of a logical federation of interconnected cyber ranges. The thesis gives recommendations on information flow, proof of concept, guide-lines and prerequisites to achieve an initial interconnection with pooling and sharing capabilities. Different technologies and operational aspects are discussed and their impact is analysed. To better understand concepts and assumptions of federation, a test environment with Estonian and Czech national cyber ranges was created. Different aspects of network parameters, virtual machine manipulations, virtualization technologies and open source administration tools were tested. Some surprising and positive outcomes were in the result of the tests, making logical federation technologically easier and more achievable than expected.The thesis is in English and contains 42 pages of text, 7 chapters, 12 figures and 4 tables.Keywords:Cyber Range, NATO, federation, virtualization, multinational cyber defence exercise

Continuous and Concurrent Network Connection for Hardware Virtualization

This project addresses the network connectivity in virtualization for cloud computing. Each Virtual Machine will be able to access the network concurrently and obtains continuous internet connectivity without any disruption. This project proposes a new method of resource sharing which is the Network Interface Card (NIC) among the Virtual Machines with each of them having the full access to it with near-native bandwidth. With this, could computing can perform resource allocation more effectively. This will be essential to migrate the each Operating System (Virtual Machine) that resides on one physical machine to another without disrupting its internet or network connection

Robustness of VoIP Systems

Katedra telekomunikační technik