User-customisable policy monitoring for multi-tenant cloud architectures

Cloud computing needs end-user customisation and person- alisation of multi-tenant cloud service oerings. Particularly, QoS and governance policy management and monitoring is needed. We propose a user-customisable policy denition solution that can be enforced in multitenant cloud oerings through automated instrumentation and monitoring. Service processes run by cloud and SaaS providers can be made policy-aware in a transparent way

A coordination protocol for user-customisable cloud policy monitoring

Cloud computing will see a increasing demand for end-user customisation and personalisation of multi-tenant cloud service offerings. Combined with an identified need to address QoS and governance aspects in cloud computing, a need to provide user-customised QoS and governance policy management and monitoring as part of an SLA management infrastructure for clouds arises. We propose a user-customisable policy definition solution that can be enforced in multi-tenant cloud offerings through an automated instrumentation and monitoring technique. We in particular allow service processes that are run by cloud and SaaS providers to be made policy-aware in a transparent way

A distributed architecture for policy-customisable multi-tenant Processes-as-a-Service

Service-based business processes are often developed and deployed by single organizations. In distributed, shared resource environments like the cloud on the other hand, consumers share resources owned by cloud providers. %Higher levels of resource sharing gives more economy of scale for providers in the software-as-a-service (SaaS) or business process-as-a-service (BPaaS) space. This requires multi-tenancy capability for service processes that provides customized behaviour for on shared process implementations to meet the varying needs of different process consumers as tenants of the process resource. In this paper, we define a distributed multi-tenant architecture for BPEL processes provided as a service. A single-version BPEL process is deployed by a provider and offered for all process consumers, combined with a customization and management functionality to create a unique experience for different consumers (process tenants). We provide two core components: a policy model for consumers to express customization/business requirements of service processes and a coordination framework for policy enforcement between consumers and providers to achieve on-the-fly customization of service processes

Software-Defined Networking in Cloud Computing

Through network programmability, we may simplify network management and bring innovation, cloud computing introduced some of its network concepts. One of the most prominent cloud models for minimizing maintenance obligations and simplifying network infrastructure administration is the SDN (Software Defined Network)  architecture. SDN stands out because it provides separation of the control plane and programmability for developing network applications. As a result, SDN is expected to enable more efficient configuration, higher performance, and increased flexibility to support new network architectures. This article is aimed to demonstrates the importance of the SDN and the major role it plays in the organization and how SDNs can be profitable to many organizations that remain in the archaic or a traditional cloud environment and how SDN can restructure the cloud architecture with more security enhancement and also to investigate SDN related issues and challenges to provide insight into the obstacles that this revolutionary network paradigm will face in the future, from both a protocol and architecture standpoint. In this study, systematic literature was conducted and descriptive was used to analyze data. When it comes to SDN, the following challenges and issues stand out: All of these phrases are used to characterize the properties of a system: scalability, high availability, reliability, elasticity, security, performance, resilience, and dependability

DevOps for network function virtualisation: an architectural approach

The Service Programming and Orchestration for Virtualised Software Networks (SONATA) project targets both the flexible programmability of software networks and the optimisation of their deployments by means of integrating Development and Operations in order to accelerate industry adoption of software networks and reduce time-to-market for networked services. SONATA supports network function chaining and orchestration, making service platforms modular and easier to customise to the needs of different service providers, and introduces a specialised Development and Operations model for supporting developers

Evaluation and Deployment of a Private Cloud Framework at DI-FCT-NOVA

In today’s technological landscape, there is an ever-increasing demand for computing resources for simulations, machine learning, or other use-cases. This demand can be seen across the business world, with the success of Amazon’s AWS and Microsoft’s Azure offer- ings, which provide a cloud of on-demand computing resources to any paying customer. The necessity for computing resources is no less felt in the academic world, where departments are forced to assign researchers and teachers to time-consuming system administrator roles, to allocate resources to users, leading to delays and wasted potential. Allowing researchers to request computing resources and then get them, on-demand, with minimal input from any administrative staff, is a great boon. Not only does it increase productivity of the administrators themselves, but it also allows users (teachers, researchers and students) to get the resources they need faster, and more securely. This goal is attainable through the use of a cloud management framework to assist in the administration of a department’s computing infrastructure. This dissertation aims to provide a critical evaluation on the adequacy of three cloud management frameworks, evaluating the requirements for a private cloud at the DI- FCT-NOVA, as well as which features of the selected cloud framework may be used in the fulfilment of the department’s needs. The final goal is to architect and deploy the selected framework to DI-FCT-NOVA, which will give the department a maintainable state-of-the-art private cloud deployment, capable of adequately responding to the needs of its users.No cenário tecnológico atual, existe uma necessidade crescente por recursos computaci- onais quer para simulações, aprendizagem automática, ou outros fins. Essa necessidade pode ser vista no mundo dos negócios, traduzindo-se no sucesso da Amazon AWS e a da Microsoft Azure, entre outras, que oferecem clouds de recursos computacionais a qualquer cliente, sujeito a diferentes formas de pagamento. A necessidade de recursos computacionais não é menos sentida no mundo académico, onde departamentos são forçados a atribuir a investigadores e professores tarefas onerosas que desperdiçam o seu potencial, como administração de sistemas computacionais com o fim de alocar recursos quem deles necessita (docentes, investigadores e estudantes). Permitir que se peçam recursos computacionais, e estes sejam alocados com o mínimo de interacção de uma equipa administrativa, é um grande benefício. Isto não só aumenta a produtividade dos próprios administradores, como também permite que se obtenham os recursos mais depressa, e de forma mais segura. Esta meta é alcançável através do uso de uma framework de gestão de cloud, cujo objectivo é assistir na administração da infraestrutura computacional de um departamento. Esta dissertação tem como objectivo fornecer uma avaliação crítica da adequação de três frameworks de gestão de cloud, avaliar os requisitos necessários para uma cloud privada no DI-FCT-NOVA, e identificar que funcionalidades da framework selecionada podem ser utilizadas para a satisfação dos requisitos indicados. O objectivo final é dese- nhar e instalar a framework selecionada no DI-FCT-NOVA, oferecendo assim uma cloud privada de última geração, capaz de responder adequadamente às necessidades dos seus utilizadores - docentes, investigadores e estudantes

Security and trust in a Network Functions Virtualisation Infrastructure

L'abstract è presente nell'allegato / the abstract is in the attachmen

Elastic, Interoperable and Container-based Cloud Infrastructures for High Performance Computing

Tesis por compendio[ES] Las aplicaciones científicas implican generalmente una carga computacional variable y no predecible a la que las instituciones deben hacer frente variando dinámicamente la asignación de recursos en función de las distintas necesidades computacionales. Las aplicaciones científicas pueden necesitar grandes requisitos. Por ejemplo, una gran cantidad de recursos computacionales para el procesado de numerosos trabajos independientes (High Throughput Computing o HTC) o recursos de alto rendimiento para la resolución de un problema individual (High Performance Computing o HPC). Los recursos computacionales necesarios en este tipo de aplicaciones suelen acarrear un coste muy alto que puede exceder la disponibilidad de los recursos de la institución o estos pueden no adaptarse correctamente a las necesidades de las aplicaciones científicas, especialmente en el caso de infraestructuras preparadas para la ejecución de aplicaciones de HPC. De hecho, es posible que las diferentes partes de una aplicación necesiten distintos tipos de recursos computacionales. Actualmente las plataformas de servicios en la nube se han convertido en una solución eficiente para satisfacer la demanda de las aplicaciones HTC, ya que proporcionan un abanico de recursos computacionales accesibles bajo demanda. Por esta razón, se ha producido un incremento en la cantidad de clouds híbridos, los cuales son una combinación de infraestructuras alojadas en servicios en la nube y en las propias instituciones (on-premise). Dado que las aplicaciones pueden ser procesadas en distintas infraestructuras, actualmente la portabilidad de las aplicaciones se ha convertido en un aspecto clave. Probablemente, las tecnologías de contenedores son la tecnología más popular para la entrega de aplicaciones gracias a que permiten reproducibilidad, trazabilidad, versionado, aislamiento y portabilidad. El objetivo de la tesis es proporcionar una arquitectura y una serie de servicios para proveer infraestructuras elásticas híbridas de procesamiento que puedan dar respuesta a las diferentes cargas de trabajo. Para ello, se ha considerado la utilización de elasticidad vertical y horizontal desarrollando una prueba de concepto para proporcionar elasticidad vertical y se ha diseñado una arquitectura cloud elástica de procesamiento de Análisis de Datos. Después, se ha trabajo en una arquitectura cloud de recursos heterogéneos de procesamiento de imágenes médicas que proporciona distintas colas de procesamiento para trabajos con diferentes requisitos. Esta arquitectura ha estado enmarcada en una colaboración con la empresa QUIBIM. En la última parte de la tesis, se ha evolucionado esta arquitectura para diseñar e implementar un cloud elástico, multi-site y multi-tenant para el procesamiento de imágenes médicas en el marco del proyecto europeo PRIMAGE. Esta arquitectura utiliza un almacenamiento distribuido integrando servicios externos para la autenticación y la autorización basados en OpenID Connect (OIDC). Para ello, se ha desarrollado la herramienta kube-authorizer que, de manera automatizada y a partir de la información obtenida en el proceso de autenticación, proporciona el control de acceso a los recursos de la infraestructura de procesamiento mediante la creación de las políticas y roles. Finalmente, se ha desarrollado otra herramienta, hpc-connector, que permite la integración de infraestructuras de procesamiento HPC en infraestructuras cloud sin necesitar realizar cambios en la infraestructura HPC ni en la arquitectura cloud. Cabe destacar que, durante la realización de esta tesis, se han utilizado distintas tecnologías de gestión de trabajos y de contenedores de código abierto, se han desarrollado herramientas y componentes de código abierto y se han implementado recetas para la configuración automatizada de las distintas arquitecturas diseñadas desde la perspectiva DevOps.[CA] Les aplicacions científiques impliquen generalment una càrrega computacional variable i no predictible a què les institucions han de fer front variant dinàmicament l'assignació de recursos en funció de les diferents necessitats computacionals. Les aplicacions científiques poden necessitar grans requisits. Per exemple, una gran quantitat de recursos computacionals per al processament de nombrosos treballs independents (High Throughput Computing o HTC) o recursos d'alt rendiment per a la resolució d'un problema individual (High Performance Computing o HPC). Els recursos computacionals necessaris en aquest tipus d'aplicacions solen comportar un cost molt elevat que pot excedir la disponibilitat dels recursos de la institució o aquests poden no adaptar-se correctament a les necessitats de les aplicacions científiques, especialment en el cas d'infraestructures preparades per a l'avaluació d'aplicacions d'HPC. De fet, és possible que les diferents parts d'una aplicació necessiten diferents tipus de recursos computacionals. Actualment les plataformes de servicis al núvol han esdevingut una solució eficient per satisfer la demanda de les aplicacions HTC, ja que proporcionen un ventall de recursos computacionals accessibles a demanda. Per aquest motiu, s'ha produït un increment de la quantitat de clouds híbrids, els quals són una combinació d'infraestructures allotjades a servicis en el núvol i a les mateixes institucions (on-premise). Donat que les aplicacions poden ser processades en diferents infraestructures, actualment la portabilitat de les aplicacions s'ha convertit en un aspecte clau. Probablement, les tecnologies de contenidors són la tecnologia més popular per a l'entrega d'aplicacions gràcies al fet que permeten reproductibilitat, traçabilitat, versionat, aïllament i portabilitat. L'objectiu de la tesi és proporcionar una arquitectura i una sèrie de servicis per proveir infraestructures elàstiques híbrides de processament que puguen donar resposta a les diferents càrregues de treball. Per a això, s'ha considerat la utilització d'elasticitat vertical i horitzontal desenvolupant una prova de concepte per proporcionar elasticitat vertical i s'ha dissenyat una arquitectura cloud elàstica de processament d'Anàlisi de Dades. Després, s'ha treballat en una arquitectura cloud de recursos heterogenis de processament d'imatges mèdiques que proporciona distintes cues de processament per a treballs amb diferents requisits. Aquesta arquitectura ha estat emmarcada en una col·laboració amb l'empresa QUIBIM. En l'última part de la tesi, s'ha evolucionat aquesta arquitectura per dissenyar i implementar un cloud elàstic, multi-site i multi-tenant per al processament d'imatges mèdiques en el marc del projecte europeu PRIMAGE. Aquesta arquitectura utilitza un emmagatzemament integrant servicis externs per a l'autenticació i autorització basats en OpenID Connect (OIDC). Per a això, s'ha desenvolupat la ferramenta kube-authorizer que, de manera automatitzada i a partir de la informació obtinguda en el procés d'autenticació, proporciona el control d'accés als recursos de la infraestructura de processament mitjançant la creació de les polítiques i rols. Finalment, s'ha desenvolupat una altra ferramenta, hpc-connector, que permet la integració d'infraestructures de processament HPC en infraestructures cloud sense necessitat de realitzar canvis en la infraestructura HPC ni en l'arquitectura cloud. Es pot destacar que, durant la realització d'aquesta tesi, s'han utilitzat diferents tecnologies de gestió de treballs i de contenidors de codi obert, s'han desenvolupat ferramentes i components de codi obert, i s'han implementat receptes per a la configuració automatitzada de les distintes arquitectures dissenyades des de la perspectiva DevOps.[EN] Scientific applications generally imply a variable and an unpredictable computational workload that institutions must address by dynamically adjusting the allocation of resources to their different computational needs. Scientific applications could require a high capacity, e.g. the concurrent usage of computational resources for processing several independent jobs (High Throughput Computing or HTC) or a high capability by means of using high-performance resources for solving complex problems (High Performance Computing or HPC). The computational resources required in this type of applications usually have a very high cost that may exceed the availability of the institution's resources or they are may not be successfully adapted to the scientific applications, especially in the case of infrastructures prepared for the execution of HPC applications. Indeed, it is possible that the different parts that compose an application require different type of computational resources. Nowadays, cloud service platforms have become an efficient solution to meet the need of HTC applications as they provide a wide range of computing resources accessible on demand. For this reason, the number of hybrid computational infrastructures has increased during the last years. The hybrid computation infrastructures are the combination of infrastructures hosted in cloud platforms and the computation resources hosted in the institutions, which are named on-premise infrastructures. As scientific applications can be processed on different infrastructures, the application delivery has become a key issue. Nowadays, containers are probably the most popular technology for application delivery as they ease reproducibility, traceability, versioning, isolation, and portability. The main objective of this thesis is to provide an architecture and a set of services to build up hybrid processing infrastructures that fit the need of different workloads. Hence, the thesis considered aspects such as elasticity and federation. The use of vertical and horizontal elasticity by developing a proof of concept to provide vertical elasticity on top of an elastic cloud architecture for data analytics. Afterwards, an elastic cloud architecture comprising heterogeneous computational resources has been implemented for medical imaging processing using multiple processing queues for jobs with different requirements. The development of this architecture has been framed in a collaboration with a company called QUIBIM. In the last part of the thesis, the previous work has been evolved to design and implement an elastic, multi-site and multi-tenant cloud architecture for medical image processing has been designed in the framework of a European project PRIMAGE. This architecture uses a storage integrating external services for the authentication and authorization based on OpenID Connect (OIDC). The tool kube-authorizer has been developed to provide access control to the resources of the processing infrastructure in an automatic way from the information obtained in the authentication process, by creating policies and roles. Finally, another tool, hpc-connector, has been developed to enable the integration of HPC processing infrastructures into cloud infrastructures without requiring modifications in both infrastructures, cloud and HPC. It should be noted that, during the realization of this thesis, different contributions to open source container and job management technologies have been performed by developing open source tools and components and configuration recipes for the automated configuration of the different architectures designed from the DevOps perspective. The results obtained support the feasibility of the vertical elasticity combined with the horizontal elasticity to implement QoS policies based on a deadline, as well as the feasibility of the federated authentication model to combine public and on-premise clouds.López Huguet, S. (2021). Elastic, Interoperable and Container-based Cloud Infrastructures for High Performance Computing [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/172327TESISCompendi