The GEYSERS optical testbed: a platform for the integration, validation and demonstration of cloud-based infrastructure services

The recent evolution of cloud services is leading to a new service transformation paradigm to accommodate network infrastructures in a cost-scalable way. In this transformation, the network constitutes the key to efficiently connect users to services and applications. In this paper we describe the deployment, validation and demonstration of the optical integrated testbed for the “GEneralized architecture for dYnamic infrastructure SERviceS” (GEYSERS) project to accommodate such cloud based Infrastructure Services. The GEYSERS testbed is composed of a set of local physical testbeds allocated in the facilities of the GEYSERS partners. It is built up based on the requirements specification, architecture definition and per-layer development that constitutes the whole GEYSERS ecosystem, and validates the procedures on the GEYSERS prototypes. The testbed includes optical devices (layer 1), switches (layer 2), and IT resources deployed in different local testbeds provided by the project partners and interconnected among them to compose the whole testbed layout. The main goal of the GEYSERS testbed is twofold. On one hand, it aims at providing a validation ground for the architecture, concepts and business models proposed by GEYSERS, sustained by two main paradigms: Infrastructure as a Service (IaaS) and the coupled provisioning of optical network and IT resources. On the other hand, it is used as a demonstration platform for testing the software prototypes within the project and to demonstrate to the research and business community the project approach and solutions. In this work, we discuss our experience in the deployment of the testbed and share the results and insights learned from our trials in the process. Additionally, the paper highlights the most relevant experiments carried out in the testbed, aimed at the validation of the overall GEYSERS architecture

A Novel Framework for Big Data Security Infrastructure Components

Big data encompasses enormous data and management of huge data collected from various sources like online social media contents, log files, sensor records, surveys and online transactions. It is essential to provide new security models, concerns and efficient security designs and approaches for confronting security and privacy aspects of the same. This paper intends to provide initial analysis of the security challenges in Big Data. The paper introduces the basic concepts of Big Data and its enormous growth rate in terms of pita and zettabytes. A model framework for Big Data Infrastructure Security Components Framework (BDAF) is proposed that includes components like Security Life Cycle, Fine-grained data-centric access control policies, the Dynamic Infrastructure Trust Bootstrap Protocol (DITBP). The framework allows deploying trusted remote virtualised data processing environment and federated access control and identity management

Intercloud Architecture Framework for Heterogeneous Cloud Based Infrastructure Services Provisioning On-Demand

Abstract—This paper presents on-going research to develop the Intercloud Architecture Framework (ICAF) that addresses problems in multi-provider multi-domain heterogeneous cloud based infrastructure services and applications integration and interoperability, to allow their on-demand provisioning. The paper refers to existing standards and ongoing standardisation activity in Cloud Computing, in particular, recently published NIST Cloud Computing Reference Architecture (CCRA) and ITU-T JCA-Cloud activity. The proposed ICAF defines four complementary components addressing Intercloud integration and interoperability: multi-layer Cloud Services Model that combines commonly adopted cloud service models, such as IaaS, PaaS, SaaS, in one multilayer model with corresponding inter-layer interfaces; Intercloud Control and Management Plane that supports cloud based applications interaction

Dynamic collaboration and secure access of services in multi-cloud environments

The cloud computing services have gained popularity in both public and enterprise domains and they process a large amount of user data with varying privacy levels. The increasing demand for cloud services including storage and computation requires new functional elements and provisioning schemes to meet user requirements. Multi-clouds can optimise the user requirements by allowing them to choose best services from a large number of services offered by various cloud providers as they are massively scalable, can be dynamically configured, and delivered on demand with large-scale infrastructure resources. A major concern related to multi-cloud adoption is the lack of models for them and their associated security issues which become more unpredictable in a multi-cloud environment. Moreover, in order to trust the services in a foreign cloud users depend on their assurances given by the cloud provider but cloud providers give very limited evidence or accountability to users which offers them the ability to hide some behaviour of the service. In this thesis, we propose a model for multi-cloud collaboration that can securely establish dynamic collaboration between heterogeneous clouds using the cloud on-demand model in a secure way. Initially, threat modelling for cloud services has been done that leads to the identification of various threats to service interfaces along with the possible attackers and the mechanisms to exploit those threats. Based on these threats the cloud provider can apply suitable mechanisms to protect services and user data from these threats. In the next phase, we present a lightweight and novel authentication mechanism which provides a single sign-on (SSO) to users for authentication at runtime between multi-clouds before granting them service access and it is formally verified. Next, we provide a service scheduling mechanism to select the best services from multiple cloud providers that closely match user quality of service requirements (QoS). The scheduling mechanism achieves high accuracy by providing distance correlation weighting mechanism among a large number of services QoS parameters. In the next stage, novel service level agreement (SLA) management mechanisms are proposed to ensure secure service execution in the foreign cloud. The usage of SLA mechanisms ensures that user QoS parameters including the functional (CPU, RAM, memory etc.) and non-functional requirements (bandwidth, latency, availability, reliability etc.) of users for a particular service are negotiated before secure collaboration between multi-clouds is setup. The multi-cloud handling user requests will be responsible to enforce mechanisms that fulfil the QoS requirements agreed in the SLA. While the monitoring phase in SLA involves monitoring the service execution in the foreign cloud to check its compliance with the SLA and report it back to the user. Finally, we present the use cases of applying the proposed model in scenarios such as Internet of Things (IoT) and E-Healthcare in multi-clouds. Moreover, the designed protocols are empirically implemented on two different clouds including OpenStack and Amazon AWS. Experiments indicate that the proposed model is scalable, authentication protocols result only in a limited overhead compared to standard authentication protocols, service scheduling achieves high efficiency and any SLA violations by a cloud provider can be recorded and reported back to the user.My research for first 3 years of PhD was funded by the College of Engineering and Technology

A Centralized Model for Establishing End-to-End Communication Services via Management Agents

This paper presents a centralized approach for establishing end-to-end communication services via management agents. The main proposal is the modular architecture of the third-party based Service Establishment Agent (SEA). The SEA manages inter-provider service negotiation process with per-domain management agents through an appropriate signaling agent. It also receives and interprets end-toend service requests, selects inter-domain paths, performs mapping of service classes among domains on the path, and evaluates conformance of the offered service level with the required one. It allows implementation of different algorithms for the aforementioned functions as well as their selection and combination according to the predefined management policies. Simulation results show that the proposed model significantly outperforms the distributed model in terms of service negotiation times. In the prototype development process, a policy-based solution for mapping of service classes was implemented. The performance evaluation shows that processing requirements for handling multiple service requests are modest, while benefit of the SEA approach is the lack of need to build long-term consensus among providers about technical choices for achieving network interconnection. The SEA architecture is completely independent of the quality of service mechanisms available in particular domains.</p

Enhancing Federated Cloud Management with an Integrated Service Monitoring Approach

Cloud Computing enables the construction and the provisioning of virtualized service-based applications in a simple and cost effective outsourcing to dynamic service environments. Cloud Federations envisage a distributed, heterogeneous environment consisting of various cloud infrastructures by aggregating different IaaS provider capabilities coming from both the commercial and the academic area. In this paper, we introduce a federated cloud management solution that operates the federation through utilizing cloud-brokers for various IaaS providers. In order to enable an enhanced provider selection and inter-cloud service executions, an integrated monitoring approach is proposed which is capable of measuring the availability and reliability of the provisioned services in different providers. To this end, a minimal metric monitoring service has been designed and used together with a service monitoring solution to measure cloud performance. The transparent and cost effective operation on commercial clouds and the capability to simultaneously monitor both private and public clouds were the major design goals of this integrated cloud monitoring approach. Finally, the evaluation of our proposed solution is presented on different private IaaS systems participating in federations. © 2013 Springer Science+Business Media Dordrecht