SLA-Driven Governance of RESTful Systems

The Software as a Service (SaaS) paradigm has become entrenched in the industry as a deployment model, bringing flexibility to the customers and a recurring revenue to the business. The main architectural paradigm of SaaS systems is the service-oriented one since it provides numerous advantages in terms of elasticity, fault tolerance, and flexible architectural design. Currently, the RESTful paradigm, a layer of abstraction on the server created by defining resources and entities that can be accessed by means of a URI, is the preferred choice for the construction of SaaS, as it promotes the deployment, isolation and integration of microservices through APIs. Nowadays, APIs are regarded as a new form of business product and ever more organizations are publicly opening up access to their APIs as a way to create new business opportunities. In the same way, other organizations also consume a number of third-party APIs as part of their business. We henceforth define the concept of a RESTful System as an information system following the RESTful paradigm to shape the integration model between both its own components as well as other information systems. Furthermore, understanding governance as the way in which a component is directed and controlled, in RESTful Systems, those components will be the RESTful APIs and what we aim to control or regulate is their behavior (i.e., how an API is being consumed or provided). As APIs are increasingly regarded as business products, a crucial activity is to describe the set of plans (i.e., the pricing) that depicts the functionality and performance being offered to clients. API providers usually define certain limitations in each instance of a plan (e.g., quotas and rates); for example, a free plan might be limited to having one hundred monthly requests, and a professional plan to have five hundred monthly requests. However, although API providers use the Service Level Agreement (SLA) concept to delimit the functionality and guarantees to which they commit to their customers, there is no standard model used by API providers for modeling API pricing (including the plans and limitations). Although some providers do model the information regarding the API pricing and API limitations with an ad hoc approach, there is no widely accepted model in the industry. Wherefore answering questions regarding API limitations (e.g., determining whether or not a certain pricing is valid) is still a manual or non-interoperable process coming along with some inconveniences (being tedious, time-consuming, error-prone, etc.). Understating governance as to how a system is directed and controlled, we translate this concept to meet the SLA-driven approach: we consider the SLA (i.e., API pricing) as the element that will drive the directions, policies and rules to deliver and maintain the RESTful System. Adding the SLA to the idea of governance of RESTful systems leads to the main hypothesis of this dissertation: there is no well-established model for describing API pricings)in RESTful systems, which is hindering the automatic SLA-Driven governance. We claim the main goal of this thesis to be: the creation of an expressive, fully-fledged specification of SLAs for RESTful APIs endorsed with an open ecosystem of tools aimed at the SLA-Driven Governance of RESTful systems. The results of this endeavor are twofold: (I) Creation of a sufficiently expressive specification for the description of API pricings and the analysis of their validity. This comprises: (i) conducting an analysis of real-world APIs to evaluate the characteristics of the API pricings and limitations; (ii) identifying the relevance of SLAs in APIs in both academic and industrial scenarios; (iii) proposing a comprehensive model for describing API pricings; (iv) defining analysis operations for common questions regarding the validity in API pricings and limitations; (v) performing an evaluation of the model in real-world APIs. (II) Implementation of an ecosystem of tools to support the SLA-Driven governance of RESTful APIs. This includes: (i) developing a set of API governance tools; (ii) implementing a validity analysis operation; (iii) performing a validation of the tools and operations in realistic scenarios. In this thesis, we present the Governify4APIs ecosystem as the set comprised of (i) a model aimed at describing API pricings that is closely aligned with industry standards in APIs (OpenAPI Specification) and (ii) a set of companion tools for enacting the automatic governance using our specification, ranging from low-level validation tasks to SaaS solutions based on our model. Governify4APIs is, therefore, a fully-fledged specification, aligned with the mainstream standards and intended to enable an SLA-Driven Governance of RESTful Systems.El paradigma del software como servicio (SaaS) se ha afianzado en la industria como modelo de despliegue, aportando flexibilidad a los clientes y unos ingresos constantes a las organizaciones. El principal paradigma arquitectónico de los sistemas SaaS es la arquitectura orientada a servicios, ya que proporciona numerosas ventajas en términos de elasticidad, tolerancia a fallos y diseño flexible. RESTful, una capa de abstracción sobre el servidor creada mediante la definición de recursos y entidades a las que se puede acceder mediante una URI, es la opción preferida para la construcción de SaaS, ya que promueve el despliegue, el aislamiento y la integración de microservicios a través de APIs. Hoy en día, las APIs se consideran una nueva forma de producto empresarial y cada vez más organizaciones abren públicamente el acceso a sus APIs como forma de crear nuevas oportunidades de negocio. Del mismo modo, otras organizaciones también consumen una serie de APIs de terceros como parte de su negocio. A partir de ahora definimos el concepto de Sistema RESTful como un sistema de información que sigue el paradigma RESTful para conformar el modelo de integración tanto entre sus propios componentes como con otros sistemas de información. Además, entendiendo gobierno como la forma en que se dirige y controla un componente, en los sistemas RESTful, esos componentes serán las APIs RESTful y lo que pretendemos controlar o regular es su comportamiento (es decir, cómo se está consumiendo o proporcionando una API). Dado que las APIs están, cada vez más, siendo consideradas como productos comerciales, una actividad crucial es describir el conjunto de planes (es decir, el pricing) que describe la funcionalidad y el rendimiento que se ofrece a los clientes. Los proveedores de API suelen definir ciertas limitaciones en cada instancia de un plan (por ejemplo, quotas y rates); por ejemplo, un plan gratuito podría estar limitado a tener cien peticiones mensuales, y un plan profesional a tener quinientas peticiones mensuales. Sin embargo, aunque los proveedores de APIs utilizan el concepto de Acuerdo de Nivel de Servicio (SLA) para delimitar la funcionalidad y las garantías a las que se comprometen con sus clientes, no existe ningún modelo estándar usado por los proveedores para modelar el pricing de las API (incluyendo los planes y limitaciones). Aunque algunos proveedores modelan la información relativa a los pricings y las limitaciones de las APIs con un enfoque ad hoc, no existe un modelo ampliamente aceptado en el sector. Por lo tanto, responder a las preguntas relativas a las limitaciones de la APIs (por ejemplo, determinar si un determinado pricing es válido o no) sigue siendo un proceso manual o no interoperable, cosa que conlleva algunos inconvenientes (es tedioso, consume tiempo, es propenso a errores, etc.). Entendiendo el gobierno como la forma de dirigir y controlar un sistema, podemos traducir este concepto teniendo en cuenta el SLA, esto es, consideramos este elemento como aquel sobre el que se realiza la dirección, políticas y reglas para entregar y mantener el sistema RESTful. Añadir el concepto SLA a esa idea de gobierno de sistemas RESTful nos lleva a la hipótesis principal de esta tesis: no existe un modelo bien establecido para describir los SLAs (o pricing) en los sistemas RESTful, lo que está dificultando el gobierno automático. Es, por tanto, el objetivo principal de esta tesis la creación de una especificación expresiva y completa de SLAs para APIs RESTful, respaldada por un ecosistema abierto de herramientas orientadas al gobierno de sistemas RESTful dirigido por SLAs. Los resultados principales han sido: (I) Creación de una especificación suficientemente expresiva para la descripción de los pricings de la API y el análisis de su validez. Esto comprende: (i) realizar un análisis de APIs del mundo real para evaluar las características de los pricings y limitaciones de las APIs; (ii) identificar la relevancia de los SLAs en las APIs tanto en escenarios académicos como industriales; (iii) proponer un modelo completo para describir los pricings de las APIs; (iv) definir operaciones de análisis para preguntas comunes sobre la validez en los pricings y limitaciones de las APIs; (v) realizar una evaluación del modelo en APIs del mundo real. (II) Implementación de un ecosistema de herramientas para apoyar la gobernanza SLA-Driven de las APIs RESTful. Esto incluye: (i) desarrollar un conjunto de herramientas de gobierno de APIs; (ii) implementar una operación de análisis de validez; (iii) realizar una validación de las herramientas y operaciones en escenarios realistas. En esta tesis, presentamos el ecosistema Governify4APIs como el conjunto compuesto por (i) un modelo destinado a describir los pricings de las APIs y alineado estrechamente con los estándares de la industria (OpenAPI) y (ii) un conjunto de herramientas complementarias para el gobierno automático utilizando este modelo, que van desde tareas de validación hasta soluciones SaaS. Por lo tanto, Governify4APIs es una especificación acompañada de todo lo necesario, alineada con los estándares industriales y destinada a permitir un gobierno de sistemas RESTful dirigidos por SLAs

An Integrated Framework for the Methodological Assurance of Security and Privacy in the Development and Operation of MultiCloud Applications

x, 169 p.This Thesis studies research questions about how to design multiCloud applications taking into account security and privacy requirements to protect the system from potential risks and about how to decide which security and privacy protections to include in the system. In addition, solutions are needed to overcome the difficulties in assuring security and privacy properties defined at design time still hold all along the system life-cycle, from development to operation.In this Thesis an innovative DevOps integrated methodology and framework are presented, which help to rationalise and systematise security and privacy analyses in multiCloud to enable an informed decision-process for risk-cost balanced selection of the protections of the system components and the protections to request from Cloud Service Providers used. The focus of the work is on the Development phase of the analysis and creation of multiCloud applications.The main contributions of this Thesis for multiCloud applications are four: i) The integrated DevOps methodology for security and privacy assurance; and its integrating parts: ii) a security and privacy requirements modelling language, iii) a continuous risk assessment methodology and its complementary risk-based optimisation of defences, and iv) a Security and Privacy Service Level AgreementComposition method.The integrated DevOps methodology and its integrating Development methods have been validated in the case study of a real multiCloud application in the eHealth domain. The validation confirmed the feasibility and benefits of the solution with regards to the rationalisation and systematisation of security and privacy assurance in multiCloud systems

Automated and dynamic multi-level negotiation framework applied to an efficient cloud provisioning

L’approvisionnement du Cloud est le processus de déploiement et de gestion des applications sur les infrastructures publiques du Cloud. Il est de plus en plus utilisé car il permet aux fournisseurs de services métiers de se concentrer sur leurs activités sans avoir à gérer et à investir dans l’infrastructure. Il comprend deux niveaux d’interaction : (1) entre les utilisateurs finaux et les fournisseurs de services pour l’approvisionnement des applications, et (2) entre les fournisseurs de services et les fournisseurs de ressources pour l’approvisionnement des ressources virtuelles. L’environnement Cloud est devenu un marché complexe où tout fournisseur veut maximiser son profit monétaire et où les utilisateurs finaux recherchent les services les plus efficaces tout en minimisant leurs coûts. Avec la croissance de la concurrence dans le Cloud, les fournisseurs de services métiers doivent assurer un approvisionnement efficace qui maximise la satisfaction de la clientèle et optimise leurs profits.Ainsi, les fournisseurs et les utilisateurs doivent être satisfaits en dépit de leurs besoins contradictoires. La négociation est une solution prometteuse qui permet de résoudre les conflits en comblant le gap entre les capacités des fournisseurs et les besoins des utilisateurs. Intuitivement, la négociation automatique des contrats (SLA) permet d’aboutir à un compromis qui satisfait les deux parties. Cependant, pour être efficace, la négociation automatique doit considérer les propriétés de l’approvisionnement du Cloud et les complexités liées à la dynamicité (dynamicité de la disponibilité des ressources, dynamicité des prix). En fait ces critères ont un impact important sur le succès de la négociation. Les principales contributions de cette thèse répondant au défi de la négociation multi-niveau dans un contexte dynamique sont les suivantes: (1) Nous proposons un modèle de négociateur générique qui considère la nature dynamique de l’approvisionnement du Cloud et son impact potentiel sur les résultats décisionnels. Ensuite, nous construisons un cadre de négociation multicouche fondé sur ce modèle en l’instanciant entre les couches du Cloud. Le cadre comprend des agents négociateurs en communication avec les modules en relation avec la qualité et le prix du service à fournir (le planificateur, le moniteur, le prospecteur de marché). (2) Nous proposons une approche de négociation bilatérale entre les utilisateurs finaux et les fournisseurs de service basée sur une approche d’approvisionnement existante. Les stratégies de négociation sont basées sur la communication avec les modules d’approvisionnement (le planificateur et l’approvisionneur de machines virtuelles) afin d’optimiser les bénéfices du fournisseur de service et de maximiser la satisfaction du client. (3) Afin de maximiser le nombre de clients, nous proposons une approche de négociation adaptative et simultanée comme extension de la négociation bilatérale. Nous proposons d’exploiter les changements de charge de travail en termes de disponibilité et de tarification des ressources afin de renégocier simultanément avec plusieurs utilisateurs non acceptés (c’est-à-dire rejetés lors de la première session de négociation) avant la création du contrat SLA. (4) Afin de gérer toute violation possible de SLA, nous proposons une approche proactive de renégociation après l’établissement de SLA. La renégociation est lancée lors de la détection d’un événement inattendu (par exemple, une panne de ressources) pendant le processus d’approvisionnement. Les stratégies de renégociation proposées visent à minimiser la perte de profit pour le fournisseur et à assurer la continuité du service pour le consommateur. Les approches proposées sont mises en œuvre et les expériences prouvent les avantages d’ajouter la (re)négociation au processus d’approvisionnement. L’utilisation de la (re)négociation améliore le bénéfice du fournisseur, le nombre de demandes acceptées et la satisfaction du client.Cloud provisioning is the process of deployment and management of applications on public cloud infrastructures. Cloud provisioning is used increasingly because it enables business providers to focus on their business without having to manage and invest in infrastructure. Cloud provisioning includes two levels of interaction: (1) between end-users and business providers for application provisioning; and (2) between business providers and resource providers for virtual resource provisioning.The cloud market nowadays is a complex environment where business providers need to maximize their monetary profit, and where end-users look for the most efficient services with the lowest prices. With the growth of competition in the cloud, business providers must ensure efficient provisioning that maximizes customer satisfaction and optimizes the providers’ profit. So, both providers and users must be satisfied in spite of their conflicting needs. Negotiation is an appealing solution to solve conflicts and bridge the gap between providers’ capabilities and users’ requirements. Intuitively, automated Service Level Agreement (SLA) negotiation helps in reaching an agreement that satisfies both parties. However, to be efficient, automated negotiation should consider the properties of cloud provisioning mainly the two interaction levels, and complexities related to dynamicity (e.g., dynamically-changing resource availability, dynamic pricing, dynamic market factors related to offers and demands), which greatly impact the success of the negotiation. The main contributions of this thesis tackling the challenge of multi-level negotiation in a dynamic context are as follows: (1) We propose a generic negotiator model that considers the dynamic nature of cloud provisioning and its potential impact on the decision-making outcome. Then, we build a multi-layer negotiation framework built upon that model by instantiating it among Cloud layers. The framework includes negotiator agents. These agents are in communication with the provisioning modules that have an impact on the quality and the price of the service to be provisioned (e.g, the scheduler, the monitor, the market prospector). (2) We propose a bilateral negotiation approach between end-users and business providers extending an existing provisioning approach. The proposed decision-making strategies for negotiation are based on communication with the provisioning modules (the scheduler and the VM provisioner) in order to optimize the business provider’s profit and maximize customer satisfaction. (3) In order to maximize the number of clients, we propose an adaptive and concurrent negotiation approach as an extension of the bilateral negotiation. We propose to harness the workload changes in terms of resource availability and pricing in order to renegotiate simultaneously with multiple non-accepted users (i.e., rejected during the first negotiation session) before the establishment of the SLA. (4) In order to handle any potential SLA violation, we propose a proactive renegotiation approach after SLA establishment. The renegotiation is launched upon detecting an unexpected event (e.g., resource failure) during the provisioning process. The proposed renegotiation decision-making strategies aim to minimize the loss in profit for the provider and to ensure the continuity of the service for the consumer. The proposed approaches are implemented and experiments prove the benefits of adding (re)negotiation to the provisioning process. The use of (re)negotiation improves the provider’s profit, the number of accepted requests, and the client’s satisfaction

Automated and dynamic multi-level negotiation framework applied to an efficient cloud provisioning

L’approvisionnement du Cloud est le processus de déploiement et de gestion des applications sur les infrastructures publiques du Cloud. Il est de plus en plus utilisé car il permet aux fournisseurs de services métiers de se concentrer sur leurs activités sans avoir à gérer et à investir dans l’infrastructure. Il comprend deux niveaux d’interaction : (1) entre les utilisateurs finaux et les fournisseurs de services pour l’approvisionnement des applications, et (2) entre les fournisseurs de services et les fournisseurs de ressources pour l’approvisionnement des ressources virtuelles. L’environnement Cloud est devenu un marché complexe où tout fournisseur veut maximiser son profit monétaire et où les utilisateurs finaux recherchent les services les plus efficaces tout en minimisant leurs coûts. Avec la croissance de la concurrence dans le Cloud, les fournisseurs de services métiers doivent assurer un approvisionnement efficace qui maximise la satisfaction de la clientèle et optimise leurs profits.Ainsi, les fournisseurs et les utilisateurs doivent être satisfaits en dépit de leurs besoins contradictoires. La négociation est une solution prometteuse qui permet de résoudre les conflits en comblant le gap entre les capacités des fournisseurs et les besoins des utilisateurs. Intuitivement, la négociation automatique des contrats (SLA) permet d’aboutir à un compromis qui satisfait les deux parties. Cependant, pour être efficace, la négociation automatique doit considérer les propriétés de l’approvisionnement du Cloud et les complexités liées à la dynamicité (dynamicité de la disponibilité des ressources, dynamicité des prix). En fait ces critères ont un impact important sur le succès de la négociation. Les principales contributions de cette thèse répondant au défi de la négociation multi-niveau dans un contexte dynamique sont les suivantes: (1) Nous proposons un modèle de négociateur générique qui considère la nature dynamique de l’approvisionnement du Cloud et son impact potentiel sur les résultats décisionnels. Ensuite, nous construisons un cadre de négociation multicouche fondé sur ce modèle en l’instanciant entre les couches du Cloud. Le cadre comprend des agents négociateurs en communication avec les modules en relation avec la qualité et le prix du service à fournir (le planificateur, le moniteur, le prospecteur de marché). (2) Nous proposons une approche de négociation bilatérale entre les utilisateurs finaux et les fournisseurs de service basée sur une approche d’approvisionnement existante. Les stratégies de négociation sont basées sur la communication avec les modules d’approvisionnement (le planificateur et l’approvisionneur de machines virtuelles) afin d’optimiser les bénéfices du fournisseur de service et de maximiser la satisfaction du client. (3) Afin de maximiser le nombre de clients, nous proposons une approche de négociation adaptative et simultanée comme extension de la négociation bilatérale. Nous proposons d’exploiter les changements de charge de travail en termes de disponibilité et de tarification des ressources afin de renégocier simultanément avec plusieurs utilisateurs non acceptés (c’est-à-dire rejetés lors de la première session de négociation) avant la création du contrat SLA. (4) Afin de gérer toute violation possible de SLA, nous proposons une approche proactive de renégociation après l’établissement de SLA. La renégociation est lancée lors de la détection d’un événement inattendu (par exemple, une panne de ressources) pendant le processus d’approvisionnement. Les stratégies de renégociation proposées visent à minimiser la perte de profit pour le fournisseur et à assurer la continuité du service pour le consommateur. Les approches proposées sont mises en œuvre et les expériences prouvent les avantages d’ajouter la (re)négociation au processus d’approvisionnement. L’utilisation de la (re)négociation améliore le bénéfice du fournisseur, le nombre de demandes acceptées et la satisfaction du client.Cloud provisioning is the process of deployment and management of applications on public cloud infrastructures. Cloud provisioning is used increasingly because it enables business providers to focus on their business without having to manage and invest in infrastructure. Cloud provisioning includes two levels of interaction: (1) between end-users and business providers for application provisioning; and (2) between business providers and resource providers for virtual resource provisioning.The cloud market nowadays is a complex environment where business providers need to maximize their monetary profit, and where end-users look for the most efficient services with the lowest prices. With the growth of competition in the cloud, business providers must ensure efficient provisioning that maximizes customer satisfaction and optimizes the providers’ profit. So, both providers and users must be satisfied in spite of their conflicting needs. Negotiation is an appealing solution to solve conflicts and bridge the gap between providers’ capabilities and users’ requirements. Intuitively, automated Service Level Agreement (SLA) negotiation helps in reaching an agreement that satisfies both parties. However, to be efficient, automated negotiation should consider the properties of cloud provisioning mainly the two interaction levels, and complexities related to dynamicity (e.g., dynamically-changing resource availability, dynamic pricing, dynamic market factors related to offers and demands), which greatly impact the success of the negotiation. The main contributions of this thesis tackling the challenge of multi-level negotiation in a dynamic context are as follows: (1) We propose a generic negotiator model that considers the dynamic nature of cloud provisioning and its potential impact on the decision-making outcome. Then, we build a multi-layer negotiation framework built upon that model by instantiating it among Cloud layers. The framework includes negotiator agents. These agents are in communication with the provisioning modules that have an impact on the quality and the price of the service to be provisioned (e.g, the scheduler, the monitor, the market prospector). (2) We propose a bilateral negotiation approach between end-users and business providers extending an existing provisioning approach. The proposed decision-making strategies for negotiation are based on communication with the provisioning modules (the scheduler and the VM provisioner) in order to optimize the business provider’s profit and maximize customer satisfaction. (3) In order to maximize the number of clients, we propose an adaptive and concurrent negotiation approach as an extension of the bilateral negotiation. We propose to harness the workload changes in terms of resource availability and pricing in order to renegotiate simultaneously with multiple non-accepted users (i.e., rejected during the first negotiation session) before the establishment of the SLA. (4) In order to handle any potential SLA violation, we propose a proactive renegotiation approach after SLA establishment. The renegotiation is launched upon detecting an unexpected event (e.g., resource failure) during the provisioning process. The proposed renegotiation decision-making strategies aim to minimize the loss in profit for the provider and to ensure the continuity of the service for the consumer. The proposed approaches are implemented and experiments prove the benefits of adding (re)negotiation to the provisioning process. The use of (re)negotiation improves the provider’s profit, the number of accepted requests, and the client’s satisfaction

Influencers of effective partnership working between voluntary community sector organisations in Liverpool

With the election of a Coalition Government in May 2010, the concept of “partnership” has never been so prominent in public policy. This builds on a foundation of partnership working playing an increasing role in the policy arena following on from ‘New Labour’s Modernisation Strategy’ and initiatives such as area regeneration partnerships. Partnership working has become the recognised solution to addressing entrenched complex social issues, such as poverty, based on the recognition that a single public agency cannot address the complexity of social problems alone. Furthermore, the Voluntary Community Sector (VCS) is becoming of greater concern to policy makers with the recognition that the sector plays a fundamental public service delivery role, especially to vulnerable and disadvantaged communities. This remit is likely to increase with the publication in October 2010, of the Coalition’s Government strategy for Voluntary Community Sector organisations, which places the sector as central to transforming public service delivery and building the Government’s civil society vision. However, it is well-established that the public sector as a whole is facing in mounting finanical pressure and all public agencies will be required to deliver both greater efficiencies and service improvements. Against a background of increasing partnerships, a more visible role for the VCS, and significantly reducing resources, VCS organisations will increasingly have to work together to achieve their aims and maintain service delivery to vulnerable people. Therefore, this research will seek to understand the drivers and factors influencing partnership working between VCS organisations, through undertaking a comprehensive literature review and primary research. An ‘interpretivist’ paradigm underpins a case study approach with five VCS organisations in Liverpool. Semi-structured interviews will be conducted with key managers from the Case Study organisations supported by a limited amount of documentary evidence. The primary research data will be analysed to identify key themes and the outcomes explored in the context of the literature. An analysis of specific factors influencing partnerships will be undertaken to improve our understanding of effective partnerships between VCS organisations

Managing Service Dependencies in Service Compositions

In the Internet of Services (IoS) providers and consumers of services engage in business interactions on service marketplaces. Provisioning and consumption of services are regulated by service level agreements (SLA), which are negotiated between providers and consumers. Trading composite services requires the providers to manage the SLAs that are negotiated with the providers of atomic services and the consumers of the composition. The management of SLAs involves the negotiation and renegotiation of SLAs as well as their monitoring during service provisioning. The complexity of this task arises due to the fact that dependencies exist between the different services in a composition. Dependencies between services occur because the complex task of a composition is distributed between atomic services. Thus, the successful provisioning of the composite service depends on its atomic building blocks. At the same time, atomic services depend on other atomic services, e.g. because of data or resource requirements, or time relationships. These dependencies need to be considered for the management of composite service SLAs. This thesis aims at developing a management approach for dependencies between services in service compositions to support SLA management. Information about service dependencies is not explicitly available. Instead it is implicitly contained in the workflow description of a composite service, the negotiated SLAs of the composite service, and as application domain knowledge of experts, which makes the handling of this information more complex. Thus, the dependency management approach needs to capture this dependency information in an explicit way. The dependency information is then used to support SLA management in three ways. First of all dependency information is used during SLA negotiation the to ensure that the different SLAs enable the successful collaboration of the services to achieve the composite service goal. Secondly, during SLA renegotiation dependency information is used to determine which effects the renegotiation has on other SLAs. Finally, dependency information is used during SLA monitoring to determine the effects of detected violations on other services. Based on a literature study and two use cases from the logistics and healthcare domains different types of dependencies were analyzed and classified. The results from this analysis were used as a basis for the development of an approach to analyze and represent dependency information according to the different dependency properties. Furthermore, a lifecycle and architecture for managing dependency information was developed. In an iterative approach the different artifacts were implemented, tested based on two use cases, and refined according to the test results Finally, the prototype was evaluated with regard to detailed test cases and performance measurements were executed. The resulting dependency management approach has four main contributions. Firstly, it represents a holistic approach for managing service dependencies with regard to composite SLA management. It extends existing work by supporting the handling of dependencies between atomic services as well as atomic and composite services at design time and during service provisioning. Secondly, a semi-automatic approach to capturing dependency information is provided. It helps to achieve a higher degree of automation as compared to other approaches. Thirdly, a metamodel for representing dependency information for SLA management is shown. Dependency information is kept separately from SLA information to achieve a better separation of concerns. This facilitates the utilization of the dependency management functionality with different SLA management approaches. Fourthly, a dependency management architecture is presented. The design of the architecture ensures that the components can be integrated with different SLA management approaches. The test case based evaluation of the dependency management approach showed its feasibility and correct functioning in two different application domains. Furthermore, the performance evaluation showed that the automated dependency management tasks are executed within the range of milliseconds for both use cases. The dependency management approach is suited to support the different SLA management tasks. It supports the work of composite service providers by facilitating the SLA management of complex service compositions

Fatias de rede fim-a-fim : da extração de perfis de funções de rede a SLAs granulares

Orientador: Christian Rodolfo Esteve RothenbergTese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Nos últimos dez anos, processos de softwarização de redes vêm sendo continuamente diversi- ficados e gradativamente incorporados em produção, principalmente através dos paradigmas de Redes Definidas por Software (ex.: regras de fluxos de rede programáveis) e Virtualização de Funções de Rede (ex.: orquestração de funções virtualizadas de rede). Embasado neste processo o conceito de network slice surge como forma de definição de caminhos de rede fim- a-fim programáveis, possivelmente sobre infrastruturas compartilhadas, contendo requisitos estritos de desempenho e dedicado a um modelo particular de negócios. Esta tese investiga a hipótese de que a desagregação de métricas de desempenho de funções virtualizadas de rede impactam e compõe critérios de alocação de network slices (i.e., diversas opções de utiliza- ção de recursos), os quais quando realizados devem ter seu gerenciamento de ciclo de vida implementado de forma transparente em correspondência ao seu caso de negócios de comu- nicação fim-a-fim. A verificação de tal assertiva se dá em três aspectos: entender os graus de liberdade nos quais métricas de desempenho de funções virtualizadas de rede podem ser expressas; métodos de racionalização da alocação de recursos por network slices e seus re- spectivos critérios; e formas transparentes de rastrear e gerenciar recursos de rede fim-a-fim entre múltiplos domínios administrativos. Para atingir estes objetivos, diversas contribuições são realizadas por esta tese, dentre elas: a construção de uma plataforma para automatização de metodologias de testes de desempenho de funções virtualizadas de redes; a elaboração de uma metodologia para análises de alocações de recursos de network slices baseada em um algoritmo classificador de aprendizado de máquinas e outro algoritmo de análise multi- critério; e a construção de um protótipo utilizando blockchain para a realização de contratos inteligentes envolvendo acordos de serviços entre domínios administrativos de rede. Por meio de experimentos e análises sugerimos que: métricas de desempenho de funções virtualizadas de rede dependem da alocação de recursos, configurações internas e estímulo de tráfego de testes; network slices podem ter suas alocações de recursos coerentemente classificadas por diferentes critérios; e acordos entre domínios administrativos podem ser realizados de forma transparente e em variadas formas de granularidade por meio de contratos inteligentes uti- lizando blockchain. Ao final deste trabalho, com base em uma ampla discussão as perguntas de pesquisa associadas à hipótese são respondidas, de forma que a avaliação da hipótese proposta seja realizada perante uma ampla visão das contribuições e trabalhos futuros desta teseAbstract: In the last ten years, network softwarisation processes have been continuously diversified and gradually incorporated into production, mainly through the paradigms of Software Defined Networks (e.g., programmable network flow rules) and Network Functions Virtualization (e.g., orchestration of virtualized network functions). Based on this process, the concept of network slice emerges as a way of defining end-to-end network programmable paths, possibly over shared network infrastructures, requiring strict performance metrics associated to a par- ticular business case. This thesis investigate the hypothesis that the disaggregation of network function performance metrics impacts and composes a network slice footprint incurring in di- verse slicing feature options, which when realized should have their Service Level Agreement (SLA) life cycle management transparently implemented in correspondence to their fulfilling end-to-end communication business case. The validation of such assertive takes place in three aspects: the degrees of freedom by which performance of virtualized network functions can be expressed; the methods of rationalizing the footprint of network slices; and transparent ways to track and manage network assets among multiple administrative domains. In order to achieve such goals, a series of contributions were achieved by this thesis, among them: the construction of a platform for automating methodologies for performance testing of virtual- ized network functions; an elaboration of a methodology for the analysis of footprint features of network slices based on a machine learning classifier algorithm and a multi-criteria analysis algorithm; and the construction of a prototype using blockchain to carry out smart contracts involving service level agreements between administrative systems. Through experiments and analysis we suggest that: performance metrics of virtualized network functions depend on the allocation of resources, internal configurations and test traffic stimulus; network slices can have their resource allocations consistently analyzed/classified by different criteria; and agree- ments between administrative domains can be performed transparently and in various forms of granularity through blockchain smart contracts. At the end of his thesis, through a wide discussion we answer all the research questions associated to the investigated hypothesis in such way its evaluation is performed in face of wide view of the contributions and future work of this thesisDoutoradoEngenharia de ComputaçãoDoutor em Engenharia ElétricaFUNCAM

Information Technology Sourcing Across Cultures: Preparing Leaders for Cross-Cultural Engagements and Implementing Best Practices with Cultural Sensitivity

This research exercised a mixed method exploratory sequential design inquiry into the topical area of leadership behaviors and cross-cultural awareness that permeate successful global information technology (IT) outsource alliances. When IT is aligned with an entity\u27s objectives, strategic technology leadership is actively engaged in governance, infrastructure architecture, planning, and cross-cultural collaboration. Bilateral contracting foster and forge interactive organizational cultures however, the advent of right shoring has introduced cultural complexity for IT leadership roles born of national, international, and sub-culture global dimensions. This research surfaced significant variations in IT professional opinions as to the leadership practices, cultural compatibility and service fulfillment performance factors in IT outsourcing alliances. The variations in response levels exceeded my expectation and raised my cultural awareness that when cross-cultural differences exist in global IT outsourcing alliance operations, virtual team members must accept such differences with applied cultural sensitivity. Also, while task-related conflicts may help to surface different perspectives and viewpoints and provide opportunities for exploring innovation, relationship and process conflicts may affect team cohesiveness and have negative influences on team performances regardless of adhering to agreed governance principles. To produce the proper group member interaction across cultures, individuals must reflectively monitor their sensitivity to combinations of internally diverse and potentially contested ways of acting to create highly distinctive and desirable group behavior across cultural clusters. This research demonstrates the strength of the situating cultural theory, applies it to specific domains of globally distributed IT service operations and contributes to literature by generating an in-depth understanding of cultural influences on global IT alliances. The electronic version of this Dissertation is at Ohio Link ETD Center, http://www.ohiolink.edu/et