424 research outputs found
VISOR: virtual machine images management service for cloud infarestructures
Cloud Computing is a relatively novel paradigm that aims to fulfill the computing as utility dream. It has appeared to bring the possibility of providing computing resources (such as servers, storage and networks) as a service and on demand, making them accessible through common Internet protocols. Through cloud offers, users only need to pay for the amount of resources they
need and for the time they use them. Virtualization is the clouds key technology, acting upon virtual machine images to deliver fully functional virtual machine instances. Therefore, virtual machine images play an important role in Cloud Computing and their efficient management becomes a key concern that should be carefully addressed. To tackle this requirement, most cloud offers provide their own image repository, where images are stored and retrieved from, in order to instantiate new virtual machines. However, the rise of Cloud Computing has brought
new problems in managing large collections of images.
Existing image repositories are not able to efficiently manage, store and catalogue virtual machine images from other clouds through the same centralized service repository. This becomes especially important when considering the management of multiple heterogeneous cloud offers. In fact, despite the hype around Cloud Computing, there are still existing barriers to its widespread adoption. Among them, clouds interoperability is one of the most notable issues.
Interoperability limitations arise from the fact that current cloud offers provide proprietary interfaces, and their services are tied to their own requirements. Therefore, when dealing with multiple heterogeneous clouds, users face hard to manage integration and compatibility issues.
The management and delivery of virtual machine images across different clouds is an example of such interoperability constraints.
This dissertation presents VISOR, a cloud agnostic virtual machine images management service and repository. Our work towards VISOR aims to provide a service not designed to fit in a specific cloud offer but rather to overreach sharing and interoperability limitations among different clouds. With VISOR, the management of clouds interoperability can be seamlessly abstracted
from the underlying procedures details. In this way, it aims to provide users with the
ability to manage and expose virtual machine images across heterogeneous clouds, throughout the same generic and centralized repository and management service. VISOR is an open source software with a community-driven development process, thus it can be freely customized and further improved by everyone. The conducted tests to evaluate its performance and resources
usage rate have shown VISOR as a stable and high performance service, even when compared
with other services already in production. Lastly, placing clouds as the main target audience is not a limitation for other use cases. In fact, virtualization and virtual machine images are not exclusively linked to cloud environments. Therefore and given the service agnostic design concerns, it is possible to adapt it to other usage scenarios as well.A Computação em Nuvem (”Cloud Computing”) é um paradigma relativamente novo que visa
cumprir o sonho de fornecer a computação como um serviço. O mesmo surgiu para possibilitar o
fornecimento de recursos de computação (servidores, armazenamento e redes) como um serviço
de acordo com as necessidades dos utilizadores, tornando-os acessíveis através de protocolos de
Internet comuns. Através das ofertas de ”cloud”, os utilizadores apenas pagam pela quantidade
de recursos que precisam e pelo tempo que os usam. A virtualização é a tecnologia chave
das ”clouds”, atuando sobre imagens de máquinas virtuais de forma a gerar máquinas virtuais
totalmente funcionais. Sendo assim, as imagens de máquinas virtuais desempenham um papel
fundamental no ”Cloud Computing” e a sua gestão eficiente torna-se um requisito que deve ser
cuidadosamente analisado. Para fazer face a tal necessidade, a maioria das ofertas de ”cloud”
fornece o seu próprio repositório de imagens, onde as mesmas são armazenadas e de onde
são copiadas a fim de criar novas máquinas virtuais. Contudo, com o crescimento do ”Cloud
Computing” surgiram novos problemas na gestão de grandes conjuntos de imagens.
Os repositórios existentes não são capazes de gerir, armazenar e catalogar images de máquinas
virtuais de forma eficiente a partir de outras ”clouds”, mantendo um único repositório e serviço
centralizado. Esta necessidade torna-se especialmente importante quando se considera a gestão
de múltiplas ”clouds” heterogéneas. Na verdade, apesar da promoção extrema do ”Cloud Computing”, ainda existem barreiras à sua adoção generalizada. Entre elas, a interoperabilidade
entre ”clouds” é um dos constrangimentos mais notáveis. As limitações de interoperabilidade
surgem do fato de as ofertas de ”cloud” atuais possuírem interfaces proprietárias, e de os seus
serviços estarem vinculados às suas próprias necessidades. Os utilizadores enfrentam assim
problemas de compatibilidade e integração difíceis de gerir, ao lidar com ”clouds” de diferentes fornecedores. A gestão e disponibilização de imagens de máquinas virtuais entre diferentes
”clouds” é um exemplo de tais restrições de interoperabilidade.
Esta dissertação apresenta o VISOR, o qual é um repositório e serviço de gestão de imagens de máquinas virtuais genérico. O nosso trabalho em torno do VISOR visa proporcionar um
serviço que não foi concebido para lidar com uma ”cloud” específica, mas sim para superar as
limitações de interoperabilidade entre ”clouds”. Com o VISOR, a gestão da interoperabilidade
entre ”clouds” é abstraída dos detalhes subjacentes. Desta forma pretende-se proporcionar
aos utilizadores a capacidade de gerir e expor imagens entre ”clouds” heterogéneas, mantendo
um repositório e serviço de gestão centralizados. O VISOR é um software de código livre com
um processo de desenvolvimento aberto. O mesmo pode ser livremente personalizado e melhorado por qualquer pessoa. Os testes realizados para avaliar o seu desempenho e a taxa de
utilização de recursos mostraram o VISOR como sendo um serviço estável e de alto desempenho,
mesmo quando comparado com outros serviços já em utilização. Por fim, colocar as ”clouds”
como principal público-alvo não representa uma limitação para outros tipos de utilização. Na
verdade, as imagens de máquinas virtuais e a virtualização não estão exclusivamente ligadas a
ambientes de ”cloud”. Assim sendo, e tendo em conta as preocupações tidas no desenho de um
serviço genérico, também é possível adaptar o nosso serviço a outros cenários de utilização
On the Fly Orchestration of Unikernels: Tuning and Performance Evaluation of Virtual Infrastructure Managers
Network operators are facing significant challenges meeting the demand for
more bandwidth, agile infrastructures, innovative services, while keeping costs
low. Network Functions Virtualization (NFV) and Cloud Computing are emerging as
key trends of 5G network architectures, providing flexibility, fast
instantiation times, support of Commercial Off The Shelf hardware and
significant cost savings. NFV leverages Cloud Computing principles to move the
data-plane network functions from expensive, closed and proprietary hardware to
the so-called Virtual Network Functions (VNFs). In this paper we deal with the
management of virtual computing resources (Unikernels) for the execution of
VNFs. This functionality is performed by the Virtual Infrastructure Manager
(VIM) in the NFV MANagement and Orchestration (MANO) reference architecture. We
discuss the instantiation process of virtual resources and propose a generic
reference model, starting from the analysis of three open source VIMs, namely
OpenStack, Nomad and OpenVIM. We improve the aforementioned VIMs introducing
the support for special-purpose Unikernels and aiming at reducing the duration
of the instantiation process. We evaluate some performance aspects of the VIMs,
considering both stock and tuned versions. The VIM extensions and performance
evaluation tools are available under a liberal open source licence
Serverless Computing: A Security Perspective
Serverless Computing is a virtualisation-related paradigm that promises to
simplify application management and to solve one of the last architectural
challenges in the field: scale down. The implied cost reduction, coupled with a
simplified management of underlying applications, are expected to further push
the adoption of virtualisation-based solutions, including cloud-computing.
However, in this quest for efficiency, security is not ranked among the top
priorities, also because of the (misleading) belief that current solutions
developed for virtualised environments could be applied to this new paradigm.
Unfortunately, this is not the case, due to the highlighted idiosyncratic
features of serverless computing.
In this paper, we review the current serverless architectures, abstract their
founding principles, and analyse them from the point of view of security. We
show the security shortcomings of the analysed serverless architectural
paradigms, and point to possible countermeasures. We believe that our
contribution, other than being valuable on its own, also paves the way for
further research in this domain, a challenging and relevant one for both
industry and academia
Flexible Organization of Repositories for Provisioning Cloud Infrastructures
The paper proposes an architecture of a system automating the provisioning process of cloud computing infrastructures. Its structure and components are specified, based on an analysis of three types of requirements: infrastructure providers, service providers and end users. These considerations have led us to formulate a new infrastructural model, offered to end users as a collection of Virtual Machines (VM) connected by a dedicated Virtual Private Network (VPN) with QoS guarantees. The role of repositories in cloud provisioning systems is specified along with the relevant data acquisition processes. The applicability of the proposed system is illustrated by practical usage scenarios
State of The Art and Hot Aspects in Cloud Data Storage Security
Along with the evolution of cloud computing and cloud storage towards matu-
rity, researchers have analyzed an increasing range of cloud computing security
aspects, data security being an important topic in this area. In this paper, we
examine the state of the art in cloud storage security through an overview of
selected peer reviewed publications. We address the question of defining cloud
storage security and its different aspects, as well as enumerate the main vec-
tors of attack on cloud storage. The reviewed papers present techniques for key
management and controlled disclosure of encrypted data in cloud storage, while
novel ideas regarding secure operations on encrypted data and methods for pro-
tection of data in fully virtualized environments provide a glimpse of the toolbox
available for securing cloud storage. Finally, new challenges such as emergent
government regulation call for solutions to problems that did not receive enough
attention in earlier stages of cloud computing, such as for example geographical
location of data. The methods presented in the papers selected for this review
represent only a small fraction of the wide research effort within cloud storage
security. Nevertheless, they serve as an indication of the diversity of problems
that are being addressed
An Experimental Study on Virtual Machine Live Migration Impact on Services Performance
One important benefit of servers' virtualization is the reduction of the maintenance complexity of infrastructures. A key feature is servers' live migration which allows virtual servers to be exchanged between physical machines without stopping their services. However, virtualization also has some drawbacks caused by the overhead generated. Our research evaluated live migration process overhead, on real and virtual environments, noticed from the client's side regarding two different services: web and database. YCSB and ab Benchmark were adopted as workloads. Almost all tests on real environment overcame those on virtual, with both benchmarks. The impact of the live migration in the services was evident, proving to be more effective on real machines than on virtual machines. We found the DB service accommodated better to the virtual environment and to migration than Web service. We also considered an environment with multiple migrations which presented a higher degradation than when only one migration is performed
- …