CrownLabs—A Collaborative Environment to Deliver Remote Computing Laboratories

n/

Computing Without Borders: The Way Towards Liquid Computing

Despite the de-facto technological uniformity fostered by the cloud and edge computing paradigms, resource fragmentation across isolated clusters hinders the dynamism in application placement, leading to suboptimal performance and operational complexity. Building upon and extending these paradigms, we propose a novel approach envisioning a transparent continuum of resources and services on top of the underlying fragmented infrastructure, called liquid computing. Fully decentralized, multi-ownership-oriented and intent-driven, it enables an overarching abstraction for improved applications execution, while at the same time opening up for new scenarios, including resource sharing and brokering. Following the above vision, we present liqo, an open-source project that materializes this approach through the creation of dynamic and seamless Kubernetes multi-cluster topologies. Extensive experimental evaluations have shown its effectiveness in different contexts, both in terms of Kubernetes overhead and compared to other open-source alternatives

Déploiement et supervision de la sécurité pour architectures multi-cloud

Le Cloud Computing représente une des plus importantes avancées numériques de ces dix dernières années. Le modèle de service offert par le cloud computing est basé sur une allocation élastique et à la demande des ressources et une facturation au plus juste de leur utilisation. Plusieurs catégories d’application sont en train de migrer vers le cloud (par exemple : les NFV et les applications du Big Data). D’autres domaines applicatifs, soumis à une législation plus stricte, sont plus frileux. Leurs exigences sont souvent liées à des problématiques de sécurité et/ou à la non satisfaction par les ressources proposées par un cloud unique, peuvent trouver des réponses dans l’utilisation conjointe de plusieurs fournisseurs de cloud computing (CSPs). L’exploitation simultanée, flexible, efficace et simplifiée de plusieurs clouds requiert des propriétés qui assurent sa viabilité et son acceptation tout d’abord par les fournisseurs de clouds qui proposent des offres hétérogènes et non interopérables et qui souvent pour des raisons commerciales, ne sont pas disposés à coopérer pour faciliter le multi-cloud « à la carte » ; mais aussi du point de vue du consommateur de services cloud dont les contraintes sont le temps de mise en service et le besoin d’exprimer les besoins en services et leur configuration de manière simple et transparente et de permettre la définition de configurations de déploiement adaptées aux besoins de chaque consommateur, comparables à celles offertes par les clouds privés et optimisées pour tirer profit des spécificités de chaque fournisseur de cloud. Dans cette thèse, nous proposons un framework permettant d’exprimer indépendamment de toute solution sous-jacente les besoins en services et en fournisseurs de cloud et de générer efficacement des infrastructures de déploiement extensibles, adaptatives et contrôlables par le consommateur. Cette solution est composée de MANTUS, un outil permettant l’expression des besoins et la génération automatique d’instances, d’ORBITS, des infrastructures de déploiement multi-cloud adaptables dynamiquement grâce aux mécanismes autonomiques offerts par MANTUS.La solution proposée se décline en plusieurs contributions : tout d’abord l’extension d’un framework IaC (Infrastructure as a Code) existant, dédié à la construction de solutions multi-cloud par des mécanismes de tissage, caractéristiques de la programmation par aspects (AOP), permettant ainsi d’injecter et d’extraire des ressources à la demande. Cette extension, expérimentée sur le framework TOSCA a nécessité la proposition du langage TML (Tosca Manipulation Language) permettant de formaliser et de manipuler ces extensions. Les expérimentations effectuées montrent une surcharge acceptable induite par le mécanisme de tissage. La seconde contribution a été de doter le framework IaC TOSCA d’un outil d’expression des besoins et d’un algorithme de matching en terme, d’une part, de nombre et de caractéristiques de fournisseur de cloud -notamment la localisation- et d’autre part en terme de caractéristiques des services proposés par ceux-ci, permettant de trouver la configuration multi-cloud la plus adaptée. La troisième contribution est la définition d’une architecture « template » multi-couche, ORBITS, offrant des mécanismes d’interopérabilité inter-cloud et une vision haut niveau indépendante des clouds sous jacents. Enfin la dernière contribution proposée est la pile de virtualisation U-cloud et les protocoles liée à son déploiement qui permettent de délimiter les zones contrôlables par le consommateur des zones contrôlées par le provider. Cette proposition est basée sur l’utilisation conjointe de la virtualisation imbriquée (Nested Virtualization) et des micro-hyperviseurs réduisant la zone d’attaque (TCB).Cloud Computing represents one of the most important changes in information and communications technology (ICT) of the latest ten years. However, after a decade since its commercial debut, there are still several applications that cloud computing is not able to fully serve. These are the applications that, due to their particularly stringent requirements, must rely simultaneously on multiple Cloud Service Providers (CSPs), rather than only one. Multiple CSPs can in fact offer a better availability, improve QoS, and break the business dependence w.r.t. a single CSP. A cloud infrastructure based on multiple CSPs is called multi-cloud.Despite the benefits of multi-clouds, organisations (i.e developers and operators of IT services) seldom accept the challenge of building applications and crossing multiple CSP domains. In fact, multi-CSP architectures come at the cost of more complex applications and the logic to in terms of architecture and performance optimization.Recently, Multi-cloud client-oriented architectures emerged as important approach to construct multi-cloud applications. It provides cloud consumers a mechanism to allocate resources over multiple CSPs without requiring any cooperation among the CSPs themselves.In particular, Infrastructure as Code-based (IaC-based) represent the reference paradigm when building multi-cloud applications.However, the adoption of IaC in the multi-cloud context us limited by the fact that the cloud consumer cannot easily reuse the infrastructure code across different applications. This is due to two major problems, which we investigate in this manuscript.First, infrastructure are composed of functional (e.g. resources for applications) and non-functional services (e.g. monitoring). Non-functional related code should be shared at most across different applications and cloud consumers. However, this separation between functional and non-functional code is often blurred and, therefore, non-functional code is hard to be shared across them. This enables the possibility of code re-using across different cloud consumers (e.g., their different multi-cloud infrastructures) and static analysis of infrastructure templates. Furthermore, we present a TML (TOSCA Manipulation Language) aspect specification language to dynamically inject “non-functional” services to the virtual multi-cloud infrastructure. Secondly, the multi-cloud paradigm is limited by the “least common denominator” barrier. The cloud consumer can hardly obtain an optimized usage of resources and services through existing IaC frameworks. Despite compatible with different CSPs, those frameworks do not specialize the output according to deployment context.To tackle the “under-specialization” of multi-cloud templates, we introduce a “context-based matching” scheduling algorithm to select the most compelling set of CSPs according to the cloud consumer needs.To validate such contributions, we defined an end-to-end workflow to optimize a multi-cloud infrastructure definition. More precisely, in our model, the cloud consumer initially models the IaC code as an high-level graph of services, leveraging the combination of TML and context-based matching adoption. The output of this workflow is the instantation of such optimized and fully-featured multi-cloud on most suitable CSPs. We implemented Mantus, a multi-cloud compiler, which encapsulates this workflow and we benchmarked this implementation according to different perspectives as scalability and performance

Overcoming Barriers for Ubiquitous User-Centric Healthcare Services

International audienceThe cloud model is rapidly evolving, with maturing intercloud architectures and progressive integration of sparse, geodistributed resources into large datacenters. The single-provider administrative barrier is also increasingly crossed by applications, allowing new verticals to benefit from the multicloud model. For instance, in home healthcare systems, transparent usage of resources from multiple providers enables "follow-me" scenarios, where healthcare services are accessible anywhere, anytime, with quality-of-service (QoS) guarantees. However, transparency might be at odds with security and jurisdictions, imposing restrictions on where data and applications might be stored and run. Existing intercloud approaches either disrupt application deployment mechanisms or compromise infrastructure homogeneity, making enforcing a uniform QoS level more complex, notably for protection. This article introduces Orchestration for beyond Intercloud Security (Orbits), an infrastructure-as-a-service-level architecture that enables flexible and legacy intercloud application deployment for mobile remote healing, while providing a homogeneous service abstraction across multiple clouds. The authors also present a work-in-progress prototype and several benchmarks to demonstrate the viability of the approach and highlight key implementation choices

Nested Virtualization meets Micro-Hypervisors: Towards a Virtualization Architecture for User-Centric Multi-Clouds

After a cloud computing decade, the user-centric, fully interoperable, multi-provider cloud remains a mirage. In currently deployed architectures, "horizontal" multi-cloud interoperability limitations come on top of "vertical" multi-layer security concerns. In this paper, we argue that an architecture with a hybrid design could be a viable solution. Indeed, we present a new virtualization architecture combining micro-hypervisor (MH), nested virtualization (NV)and component-based hypervisor (CBH) paradigms. Leveraging NV interoperability and legacy support, the architecture provides to users a transparent federation of multiple-provider resources. We also adopt a MH including CBH-like modules as NV lower-layer hypervisor to achieve both a minimal TCB and to enable users to directly control hypervisor components managing their resources

Overcoming Barriers for Ubiquitous User-Centric Healthcare Services

International audienceThe cloud model is rapidly evolving, with maturing intercloud architectures and progressive integration of sparse, geodistributed resources into large datacenters. The single-provider administrative barrier is also increasingly crossed by applications, allowing new verticals to benefit from the multicloud model. For instance, in home healthcare systems, transparent usage of resources from multiple providers enables "follow-me" scenarios, where healthcare services are accessible anywhere, anytime, with quality-of-service (QoS) guarantees. However, transparency might be at odds with security and jurisdictions, imposing restrictions on where data and applications might be stored and run. Existing intercloud approaches either disrupt application deployment mechanisms or compromise infrastructure homogeneity, making enforcing a uniform QoS level more complex, notably for protection. This article introduces Orchestration for beyond Intercloud Security (Orbits), an infrastructure-as-a-service-level architecture that enables flexible and legacy intercloud application deployment for mobile remote healing, while providing a homogeneous service abstraction across multiple clouds. The authors also present a work-in-progress prototype and several benchmarks to demonstrate the viability of the approach and highlight key implementation choices

Mantus: Putting Aspects to Work for Flexible Multi-Cloud Deployment

International audienceCloud provider barriers still stand. After a decade of cloud computing, customers struggle to overcome the challenge of crossing multi-provider clouds to benefit from fine-grained resource distribution, business independence from CSPs and cost savings. Although increasingly popular, most adopted IaaS intercloud solutions are generally limited to specific public cloud providers or present maintainability issues. Remaining hurdles include complexity of management and operations of such infrastructures, in presence of per-customer customizations and provider configurations. The Infrastructure as Code (IaC) paradigm is emerging as key enabler for IaaS multi-clouds, to develop and manage infrastructure configurations. However, due to complexity of the infrastructure life-cycle, to heterogeneity of composing resources and to user-customizations, this approach is far from being viable. In this paper, we explore an aspect-oriented approach to IaC deployment and management. We propose Mantus, a IaC-based multi-cloud builder composed of an aspect-oriented Domain-Specific Language called TML, or TOSCA Manipulation Language, and a corresponding aspect weaver to inject flexibly non-functional services in TOSCA infrastructure templates. We show the practical feasibility of our approach, with also good results in terms of performance and scalability

Toward dynamic virtualized network services in telecom operator networks

NFV and SDN are nowadays seen as a solid opportunity by telecom operators to reduce costs while at the same time providing new and better services. Recently, the Unify project proposed a multi-layered architecture that, leveraging different levels of abstraction, can orchestrate and deploy generic network services on the physical infrastructure of the telecom operator. In this paper, we exploit such an architecture to deliver end-to-end generic services in presence of multiple concurring players (e.g. network operator, end-users), leveraging a new simple data model. Particularly, we propose a description-based approach allowing the deployment agile, implementation-independent and high-level network services over a distributed set of resources. The resulting data model can abstract generic services, including both middlebox-based (e.g., firewalls, NATs, etc.) and traditional LAN-based ones (e.g., a BitTorrent client). Finally, two distinct prototypes, originated by different design principles, are implemented in order to validate our proposal with the aim of demonstrating the adaptability of our approach to different contexts

Scalability, dynamicity and performance evaluation results of Mantus framework

<p>Datasets used for experimental results (Figure 5): (a) Compositional weaver efficiency; (b) incremental weaving efficiency; (c) relative overhead of weaving in workflow; (d) weaver efficiency vs. aspect complexity.</p> <p>Type of data: raw and processed</p> <p>Hardware/software used: Intel Xeon E5-2650 Haswell at 2.60GHz with 64 GB of RAM; Testing input for all Mantus benchmarks: OpenStack-based ORBITS template described in paper, composed of a controller node and of 3 different group instances of compute nodes (Xen, KVM, LXC), with two virtual networks and relative network resources.</p> <p>Data format: CSV</p> <p>Source: Experiments</p> <p> </p