In Broker We Trust: A Double-auction Approach for Resource Allocation in NFV Markets

Network function virtualization (NFV) is an emerging scheme to provide virtualized network function services for next-generation networks. However, finding an efficient way to distribute different resources to customers is difficult. In this paper, we develop a new double-auction approach named DARA that is used for both service function chain routing and NFV price adjustment to maximize the profits of all participants. To the best of our knowledge, this is the first work to adopt a double-auction strategy in this area. The objective of the proposed approach is to maximize the profits of three types of participants: 1) NFV broker; 2) customers; and 3) service providers. Moreover, we prove that the approach is a weakly dominant strategy in a given NFV market by finding the Bayesian Nash equilibrium in the double-auction game. Finally, according to the results of the performance evaluation, our approach outperforms the single-auction mechanism with higher profits for the three types of participants in the given NFV market

Security in Cloud Computing: Evaluation and Integration

Au cours de la dernière décennie, le paradigme du Cloud Computing a révolutionné la manière dont nous percevons les services de la Technologie de l’Information (TI). Celui-ci nous a donné l’opportunité de répondre à la demande constamment croissante liée aux besoins informatiques des usagers en introduisant la notion d’externalisation des services et des données. Les consommateurs du Cloud ont généralement accès, sur demande, à un large éventail bien réparti d’infrastructures de TI offrant une pléthore de services. Ils sont à même de configurer dynamiquement les ressources du Cloud en fonction des exigences de leurs applications, sans toutefois devenir partie intégrante de l’infrastructure du Cloud. Cela leur permet d’atteindre un degré optimal d’utilisation des ressources tout en réduisant leurs coûts d’investissement en TI. Toutefois, la migration des services au Cloud intensifie malgré elle les menaces existantes à la sécurité des TI et en crée de nouvelles qui sont intrinsèques à l’architecture du Cloud Computing. C’est pourquoi il existe un réel besoin d’évaluation des risques liés à la sécurité du Cloud durant le procédé de la sélection et du déploiement des services. Au cours des dernières années, l’impact d’une efficace gestion de la satisfaction des besoins en sécurité des services a été pris avec un sérieux croissant de la part des fournisseurs et des consommateurs. Toutefois, l’intégration réussie de l’élément de sécurité dans les opérations de la gestion des ressources du Cloud ne requiert pas seulement une recherche méthodique, mais aussi une modélisation méticuleuse des exigences du Cloud en termes de sécurité. C’est en considérant ces facteurs que nous adressons dans cette thèse les défis liés à l’évaluation de la sécurité et à son intégration dans les environnements indépendants et interconnectés du Cloud Computing. D’une part, nous sommes motivés à offrir aux consommateurs du Cloud un ensemble de méthodes qui leur permettront d’optimiser la sécurité de leurs services et, d’autre part, nous offrons aux fournisseurs un éventail de stratégies qui leur permettront de mieux sécuriser leurs services d’hébergements du Cloud. L’originalité de cette thèse porte sur deux aspects : 1) la description innovatrice des exigences des applications du Cloud relativement à la sécurité ; et 2) la conception de modèles mathématiques rigoureux qui intègrent le facteur de sécurité dans les problèmes traditionnels du déploiement des applications, d’approvisionnement des ressources et de la gestion de la charge de travail au coeur des infrastructures actuelles du Cloud Computing. Le travail au sein de cette thèse est réalisé en trois phases.----------ABSTRACT: Over the past decade, the Cloud Computing paradigm has revolutionized the way we envision IT services. It has provided an opportunity to respond to the ever increasing computing needs of the users by introducing the notion of service and data outsourcing. Cloud consumers usually have online and on-demand access to a large and distributed IT infrastructure providing a plethora of services. They can dynamically configure and scale the Cloud resources according to the requirements of their applications without becoming part of the Cloud infrastructure, which allows them to reduce their IT investment cost and achieve optimal resource utilization. However, the migration of services to the Cloud increases the vulnerability to existing IT security threats and creates new ones that are intrinsic to the Cloud Computing architecture, thus the need for a thorough assessment of Cloud security risks during the process of service selection and deployment. Recently, the impact of effective management of service security satisfaction has been taken with greater seriousness by the Cloud Service Providers (CSP) and stakeholders. Nevertheless, the successful integration of the security element into the Cloud resource management operations does not only require methodical research, but also necessitates the meticulous modeling of the Cloud security requirements. To this end, we address throughout this thesis the challenges to security evaluation and integration in independent and interconnected Cloud Computing environments. We are interested in providing the Cloud consumers with a set of methods that allow them to optimize the security of their services and the CSPs with a set of strategies that enable them to provide security-aware Cloud-based service hosting. The originality of this thesis lies within two aspects: 1) the innovative description of the Cloud applications’ security requirements, which paved the way for an effective quantification and evaluation of the security of Cloud infrastructures; and 2) the design of rigorous mathematical models that integrate the security factor into the traditional problems of application deployment, resource provisioning, and workload management within current Cloud Computing infrastructures. The work in this thesis is carried out in three phases

5G network slicing for rural connectivity: multi-tenancy in wireless networks

As the need for wireless broadband continues to grow around the world, there is an increasing focus to minimise the existing digital divide and ensuring that everyone receives high-quality internet services, especially the inhabitants of rural areas. As a result, different technological solutions are being studied and trialled for improving rural connectivity, such as 5G with dynamic spectrum access. One of the architectures of 5G is network slicing, which supports network virtualisation and consists of independent logical networks, called slices, on the 5G network. Network slicing supports the multi-tenancy of different operators on the same physical network, and this feature is known as neutral host networks (NHN). It allows multiple operators to co-exist on the same physical network but on different virtual networks to serve end users. Generally, the 5G NHN deployment is handled by an infrastructure provider (InP), who could be a mobile network operator (MNO), an Internet service provider, a third-party operator, etc. At the same time, potential tenants would lease slices from the InP. The NHN strategy would help reduce resource duplication and increase the utilisation of existing resources. The existing research into NHN for small cells, in-building connectivity solutions, and other deployment scenarios help to understand the technological and business requirements. End-to-end sharing across operators to provide services to their end users is another innovative application of 5G NHN that has been tested for dense areas. Meanwhile, the feasibility and policy impact of NHN is not studied extensively for the rural scenario. The research in this thesis examines the use of NHN in macro- and small-cell networks for 5G communication systems to minimise the digital divide, with a special focus on rural areas. The study also presents and analyses the 5G multi-tenancy system design for the rural wireless scenario, focusing mainly on exploring suitable business cases through network economics, techno-economic study, and game theory analysis. The results obtained from the study, such as cost analysis, business models, sensitivity analysis, and pricing strategies, help in formulating the policy on infrastructure sharing to improve rural connectivity. The contributions of the thesis are useful for stakeholders and policymakers to assess the suitability of the rural 5G NHN by exploring state-of-the-art technologies, techno-economic analysis, sensitivity analysis, newer business models, investment assessment, cost allocation, and risk sharing. Initially, the research gap is highlighted through the extensive literature review and stakeholders’ views on rural connectivity collected from discussions with them. First, the in-depth discussion on the network economics of the rural 5G NHN includes the study of potential future scenarios, value network configurations, spectrum access strategy models, and business models. Secondly, the techno-economic analysis studies the key performance indicators (KPI), cost analysis, return on investment, net present value, and sensitivity analysis, with the application for the rural parts of the UK and India. Finally, the game theory framework includes the study of strategic interaction among the two key stakeholders, InP and the MNO, using models such as investment games and pricing strategies during multi-tenancy. The research concludes by presenting the contribution towards the knowledge and future work.As the need for wireless broadband continues to grow around the world, there is an increasing focus to minimise the existing digital divide and ensuring that everyone receives high-quality internet services, especially the inhabitants of rural areas. As a result, different technological solutions are being studied and trialled for improving rural connectivity, such as 5G with dynamic spectrum access. One of the architectures of 5G is network slicing, which supports network virtualisation and consists of independent logical networks, called slices, on the 5G network. Network slicing supports the multi-tenancy of different operators on the same physical network, and this feature is known as neutral host networks (NHN). It allows multiple operators to co-exist on the same physical network but on different virtual networks to serve end users. Generally, the 5G NHN deployment is handled by an infrastructure provider (InP), who could be a mobile network operator (MNO), an Internet service provider, a third-party operator, etc. At the same time, potential tenants would lease slices from the InP. The NHN strategy would help reduce resource duplication and increase the utilisation of existing resources. The existing research into NHN for small cells, in-building connectivity solutions, and other deployment scenarios help to understand the technological and business requirements. End-to-end sharing across operators to provide services to their end users is another innovative application of 5G NHN that has been tested for dense areas. Meanwhile, the feasibility and policy impact of NHN is not studied extensively for the rural scenario. The research in this thesis examines the use of NHN in macro- and small-cell networks for 5G communication systems to minimise the digital divide, with a special focus on rural areas. The study also presents and analyses the 5G multi-tenancy system design for the rural wireless scenario, focusing mainly on exploring suitable business cases through network economics, techno-economic study, and game theory analysis. The results obtained from the study, such as cost analysis, business models, sensitivity analysis, and pricing strategies, help in formulating the policy on infrastructure sharing to improve rural connectivity. The contributions of the thesis are useful for stakeholders and policymakers to assess the suitability of the rural 5G NHN by exploring state-of-the-art technologies, techno-economic analysis, sensitivity analysis, newer business models, investment assessment, cost allocation, and risk sharing. Initially, the research gap is highlighted through the extensive literature review and stakeholders’ views on rural connectivity collected from discussions with them. First, the in-depth discussion on the network economics of the rural 5G NHN includes the study of potential future scenarios, value network configurations, spectrum access strategy models, and business models. Secondly, the techno-economic analysis studies the key performance indicators (KPI), cost analysis, return on investment, net present value, and sensitivity analysis, with the application for the rural parts of the UK and India. Finally, the game theory framework includes the study of strategic interaction among the two key stakeholders, InP and the MNO, using models such as investment games and pricing strategies during multi-tenancy. The research concludes by presenting the contribution towards the knowledge and future work

Market driven elastic secure infrastructure

In today’s Data Centers, a combination of factors leads to the static allocation of physical servers and switches into dedicated clusters such that it is difficult to add or remove hardware from these clusters for short periods of time. This silofication of the hardware leads to inefficient use of clusters. This dissertation proposes a novel architecture for improving the efficiency of clusters by enabling them to add or remove bare-metal servers for short periods of time. We demonstrate by implementing a working prototype of the architecture that such silos can be broken and it is possible to share servers between clusters that are managed by different tools, have different security requirements, and are operated by tenants of the Data Center, which may not trust each other. Physical servers and switches in a Data Center are grouped for a combination of reasons. They are used for different purposes (staging, production, research, etc); host applications required for servicing specific workloads (HPC, Cloud, Big Data, etc); and/or configured to meet stringent security and compliance requirements. Additionally, different provisioning systems and tools such as Openstack-Ironic, MaaS, Foreman, etc that are used to manage these clusters take control of the servers making it difficult to add or remove the hardware from their control. Moreover, these clusters are typically stood up with sufficient capacity to meet anticipated peak workload. This leads to inefficient usage of the clusters. They are under-utilized during off-peak hours and in the cases where the demand exceeds capacity the clusters suffer from degraded quality of service (QoS) or may violate service level objectives (SLOs). Although today’s clouds offer huge benefits in terms of on-demand elasticity, economies of scale, and a pay-as-you-go model yet many organizations are reluctant to move their workloads to the cloud. Organizations that (i) needs total control of their hardware (ii) has custom deployment practices (iii) needs to match stringent security and compliance requirements or (iv) do not want to pay high costs incurred from running workloads in the cloud prefers to own its hardware and host it in a data center. This includes a large section of the economy including financial companies, medical institutions, and government agencies that continue to host their own clusters outside of the public cloud. Considering that all the clusters may not undergo peak demand at the same time provides an opportunity to improve the efficiency of clusters by sharing resources between them. The dissertation describes the design and implementation of the Market Driven Elastic Secure Infrastructure (MESI) as an alternative to the public cloud and as an architecture for the lowest layer of the public cloud to improve its efficiency. It allows mutually non-trusting physically deployed services to share the physical servers of a data center efficiently. The approach proposed here is to build a system composed of a set of services each fulfilling a specific functionality. A tenant of the MESI has to trust only a minimal functionality of the tenant that offers the hardware resources. The rest of the services can be deployed by each tenant themselves MESI is based on the idea of enabling tenants to share hardware they own with tenants they may not trust and between clusters with different security requirements. The architecture provides control and freedom of choice to the tenants whether they wish to deploy and manage these services themselves or use them from a trusted third party. MESI services fit into three layers that build on each other to provide: 1) Elastic Infrastructure, 2) Elastic Secure Infrastructure, and 3) Market-driven Elastic Secure Infrastructure. 1) Hardware Isolation Layer (HIL) – the bottommost layer of MESI is designed for moving nodes between multiple tools and schedulers used for managing the clusters. It defines HIL to control the layer 2 switches and bare-metal servers such that tenants can elastically adjust the size of the clusters in response to the changing demand of the workload. It enables the movement of nodes between clusters with minimal to no modifications required to the tools and workflow used for managing these clusters. (2) Elastic Secure Infrastructure (ESI) builds on HIL to enable sharing of servers between clusters with different security requirements and mutually non-trusting tenants of the Data Center. ESI enables the borrowing tenant to minimize its trust in the node provider and take control of trade-offs between cost, performance, and security. This enables sharing of nodes between tenants that are not only part of the same organization by can be organization tenants in a co-located Data Center. (3) The Bare-metal Marketplace is an incentive-based system that uses economic principles of the marketplace to encourage the tenants to share their servers with others not just when they do not need them but also when others need them more. It provides tenants the ability to define their own cluster objectives and sharing constraints and the freedom to decide the number of nodes they wish to share with others. MESI is evaluated using prototype implementations at each layer of the architecture. (i) The HIL prototype implemented with only 3000 Lines of Code (LOC) is able to support many provisioning tools and schedulers with little to no modification; adds no overhead to the performance of the clusters and is in active production use at MOC managing over 150 servers and 11 switches. (ii) The ESI prototype builds on the HIL prototype and adds to it an attestation service, a provisioning service, and a deterministically built open-source firmware. Results demonstrate that it is possible to build a cluster that is secure, elastic, and fairly quick to set up. The tenant requires only minimum trust in the provider for the availability of the node. (iii) The MESI prototype demonstrates the feasibility of having a one-of-kind multi-provider marketplace for trading bare-metal servers where providers also use the nodes. The evaluation of the MESI prototype shows that all the clusters benefit from participating in the marketplace. It uses agents to trade bare-metal servers in a marketplace to meet the requirements of their clusters. Results show that compared to operating as silos individual clusters see a 50% improvement in the total work done; up to 75% improvement (reduction) in waiting for queues and up to 60% improvement in the aggregate utilization of the test bed. This dissertation makes the following contributions: (i) It defines the architecture of MESI allows mutually non-trusting tenants of the data center to share resources between clusters with different security requirements. (ii) Demonstrates that it is possible to design a service that breaks the silos of static allocation of clusters yet has a small Trusted Computing Base (TCB) and no overhead to the performance of the clusters. (iii) Provides a unique architecture that puts the tenant in control of its own security and minimizes the trust needed in the provider for sharing nodes. (iv) A working prototype of a multi-provider marketplace for bare-metal servers which is a first proof-of-concept that demonstrates that it is possible to trade real bare-metal nodes at practical time scales such that moving nodes between clusters is sufficiently fast to be able to get some useful work done. (v) Finally results show that it is possible to encourage even mutually non-trusting tenants to share their nodes with each other without any central authority making allocation decisions. Many smart, dedicated engineers and researchers have contributed to this work over the years. I have jointly led the efforts to design the HIL and the ESI layer; led the design and implementation of the bare-metal marketplace and the overall MESI architecture

Economic regulation for multi tenant infrastructures

Large scale computing infrastructures need scalable and effi cient resource allocation mechanisms to ful l the requirements of its participants and applications while the whole system is regulated to work e ciently. Computational markets provide e fficient allocation mechanisms that aggregate information from multiple sources in large, dynamic and complex systems where there is not a single source with complete information. They have been proven to be successful in matching resource demand and resource supply in the presence of sel sh multi-objective and utility-optimizing users and sel sh pro t-optimizing providers. However, global infrastructure metrics which may not directly affect participants of the computational market still need to be addressed -a.k.a. economic externalities like load balancing or energy-efficiency. In this thesis, we point out the need to address these economic externalities, and we design and evaluate appropriate regulation mechanisms from di erent perspectives on top of existing economic models, to incorporate a wider range of objective metrics not considered otherwise. Our main contributions in this thesis are threefold; fi rst, we propose a taxation mechanism that addresses the resource congestion problem e ffectively improving the balance of load among resources when correlated economic preferences are present; second, we propose a game theoretic model with complete information to derive an algorithm to aid resource providers to scale up and down resource supply so energy-related costs can be reduced; and third, we relax our previous assumptions about complete information on the resource provider side and design an incentive-compatible mechanism to encourage users to truthfully report their resource requirements effectively assisting providers to make energy-eff cient allocations while providing a dynamic allocation mechanism to users.Les infraestructures computacionals de gran escala necessiten mecanismes d’assignació de recursos escalables i eficients per complir amb els requisits computacionals de tots els seus participants, assegurant-se de que el sistema és regulat apropiadament per a que funcioni de manera efectiva. Els mercats computacionals són mecanismes d’assignació de recursos eficients que incorporen informació de diferents fonts considerant sistemes de gran escala, complexos i dinàmics on no existeix una única font que proveeixi informació completa de l'estat del sistema. Aquests mercats computacionals han demostrat ser exitosos per acomodar la demanda de recursos computacionals amb la seva oferta quan els seus participants son considerats estratègics des del punt de vist de teoria de jocs. Tot i això existeixen mètriques a nivell global sobre la infraestructura que no tenen per que influenciar els usuaris a priori de manera directa. Així doncs, aquestes externalitats econòmiques com poden ser el balanceig de càrrega o la eficiència energètica, conformen una línia d’investigació que cal explorar. En aquesta tesi, presentem i descrivim la problemàtica derivada d'aquestes externalitats econòmiques. Un cop establert el marc d’actuació, dissenyem i avaluem mecanismes de regulació apropiats basats en models econòmics existents per resoldre aquesta problemàtica des de diferents punts de vista per incorporar un ventall més ampli de mètriques objectiu que no havien estat considerades fins al moment. Les nostres contribucions principals tenen tres vessants: en primer lloc, proposem un mecanisme de regulació de tipus impositiu que tracta de mitigar l’aparició de recursos sobre-explotats que, efectivament, millora el balanceig de la càrrega de treball entre els recursos disponibles; en segon lloc, proposem un model teòric basat en teoria de jocs amb informació o completa que permet derivar un algorisme que facilita la tasca dels proveïdors de recursos per modi car a l'alça o a la baixa l'oferta de recursos per tal de reduir els costos relacionats amb el consum energètic; i en tercer lloc, relaxem la nostra assumpció prèvia sobre l’existència d’informació complerta per part del proveïdor de recursos i dissenyem un mecanisme basat en incentius per fomentar que els usuaris facin pública de manera verídica i explícita els seus requeriments computacionals, ajudant d'aquesta manera als proveïdors de recursos a fer assignacions eficients des del punt de vista energètic a la vegada que oferim un mecanisme l’assignació de recursos dinàmica als usuari

Scheduling Stochastic Multi-Stage Jobs to Elastic Hybrid Cloud Resources

[EN] We consider a special workflow scheduling problem in a hybrid-cloud-based workflow management system in which tasks are linearly dependent, compute-intensive, stochastic, deadline-constrained and executed on elastic and distributed cloud resources. This kind of problems closely resemble many real-time and workflow-based applications. Three optimization objectives are explored: number, usage time and utilization of rented VMs. An iterated heuristic framework is presented to schedule jobs event by event which mainly consists of job collecting and event scheduling. Two job collecting strategies are proposed and two timetabling methods are developed. The proposed methods are calibrated through detailed designs of experiments and sound statistical techniques. With the calibrated components and parameters, the proposed algorithm is compared to existing methods for related problems. Experimental results show that the proposal is robust and effective for the problems under study.This work is sponsored by the National Natural Science Foundations of China (Nos. 71401079, 61572127, 61472192), the National Key Research and Development Program of China (No. 2017YFB1400801) and the Collaborative Innovation Center of Wireless Communications Technology. Ruben Ruiz is partially supported by the Spanish Ministry of Economy and Competitiveness, under the project "SCHEYARD-Optimization of Scheduling Problems in Container Yards" (No. DPI2015-65895-R) financed by FEDER funds.Zhu, J.; Li, X.; Ruiz García, R.; Xu, X. (2018). Scheduling Stochastic Multi-Stage Jobs to Elastic Hybrid Cloud Resources. IEEE Transactions on Parallel and Distributed Systems. 29(6):1401-1415. https://doi.org/10.1109/TPDS.2018.2793254S1401141529

Client-side resource management on the cloud: survey and future directions

Cloud computing and how to bridge the gap between various providers is getting increasing attention. In this context, efficiently scheduling tasks on heterogeneous resources is of extreme importance. The state-of-the-art for this field has been continuously growing during the last years and has reached a point in which a comprehensive overview indicating current solutions and ongoing challenges is of extreme importance for researchers. This paper aims to offer this analysis from a client-side scheduling perspective in which emphasis is not put on physical resource selection but on task to virtual machine mappings and virtual machine allocation. It provides a taxonomy for the current state-of-the-art and a unified model concerning the various metrics and goals used throughout literature. This model is designed to be sufficiently generic, extensible, and comprehensive to support most of the future work in the field. Several promising research directions and existing challenges are described