CYCLONE Unified Deployment and Management of Federated, Multi-Cloud Applications

Various Cloud layers have to work in concert in order to manage and deploy complex multi-cloud applications, executing sophisticated workflows for Cloud resource deployment, activation, adjustment, interaction, and monitoring. While there are ample solutions for managing individual Cloud aspects (e.g. network controllers, deployment tools, and application security software), there are no well-integrated suites for managing an entire multi cloud environment with multiple providers and deployment models. This paper presents the CYCLONE architecture that integrates a number of existing solutions to create an open, unified, holistic Cloud management platform for multi-cloud applications, tailored to the needs of research organizations and SMEs. It discusses major challenges in providing a network and security infrastructure for the Intercloud and concludes with the demonstration how the architecture is implemented in a real life bioinformatics use case

Management von Cloud-Ökosystemen : Vermittlung, Bereitstellung und Nutzung

In recent years, the ever-growing proliferation of cloud services led to the creation of large cloud ecosystems. The most prominent example is the cloud ecosystem of Amazon Web Services (AWS), which now has over 8,000 partners and more than $ 18 billion in revenue in 2017. In addition to these "giants", many smaller ecosystems address more specific challenges. An example is the TRESOR cloud ecosystem, which provides secure cloud services for the German healthcare sector. Another example is the CYCLONE cloud ecosystem, which provides a well-integrated "toolbox" to easily and securely deploy and manage federated multi-cloud applications. This thesis focuses on four unique challenges of brokering, deploying, and consuming cloud ecosystem services. These challenges are analyzed in detail with the involvement of all stakeholders to identify gaps in existing approaches. Based on this analysis, several open-source software components and information systems are designed and implemented to provide solutions under real-world conditions in the two aforementioned cloud ecosystems. The dissertation's goal of general applicability should lead to concrete improvements in the management of cloud ecosystems. In addition, the extensive evaluation activities reveal many new findings that will support future research and development activities.Die kontinuierlich wachsende Verbreitung von Cloud-Diensten ließ in den vergangenen Jahren eine Reihe von großen Cloud-Ökosystemen entstehen. Prominentestes Beispiel ist das Cloud-Ökosystem der Amazon Web Services (AWS) mit mittlerweile über 8.000 Partnern und mehr als 18 Mrd. USD Umsatz in 2017. Neben diesen "Giganten" adressieren viele kleinere Ökosysteme speziellere Herausforderungen. Ein Beispiel hierfür ist das TRESOR Cloud-Ökosystem, welches sichere Cloud-Dienste für den Gesundheitssektor bereitstellt. Ein anderes Beispiel ist das CYCLONE Cloud-Ökosystem, das einen gut integrierten "Werkzeugkasten" bietet, um föderierte Multi-Cloud-Lösungen einfach und sicher bereitzustellen und zu verwalten. Diese Arbeit stellt vier besondere Herausforderungen der Vermittlung, Bereitstellung und Verwendung von Cloud-Diensten in Cloud-Ökosystemen in den Mittelpunkt. Diese Herausforderungen werden unter Einbeziehung aller Beteiligten detailliert analysiert, um Lücken in bestehenden Ansätzen zu identifizieren. Auf Basis dieser Analyse werden mehrere quelloffene Softwarekomponenten und Informationssysteme gestaltet und umgesetzt, um Lösungen unter praxisnahen Bedingungen in den beiden genannten Cloud-Ökosystemen bereitzustellen. Durch das Ziel der allgemeinen Anwendbarkeit der Ergebnisse der Dissertation sollen konkrete Verbesserungen beim Management von Cloud-Ökosystemen erreicht werden. Darüber hinaus fördert die umfangreiche Evaluierung der Entwicklungen zahlreiche neue Erkenntnisse hervor, die zukünftige Forschungs- und Entwicklungstätigkeiten unterstützen

SECURING MEDICAL SAAS SOLUTIONS USING A NOVEL END-TO-END ENCRYPTION PROTOCOL

E-Health solutions using the Internet provide many benefits for health centers; hosting such solutions in public Cloud Computing environments as Software-as-a-Service becomes increasingly popular. However, the deployment of e-health services in shared environments is restricted du to regulations prohibiting medical data access by illegitimate parties, such as cloud computing intermediaries. A pivotal requirement is therefore having security end-to-end , namely from a user agent to the server process; yet there is no viable approach for contemporary browser-based SaaS solutions. This paper outlines a bluprint for e-health solution architectures featuring an end-to-end security mechanism to prevent intermediary data access and therefore to ensure appropriate patient data privacy and security. This bluprint is instantiated based on a novel security protocol, the Trusted Cloud Transfer Protocol (TCTP) in the form of a prototype implementation. The evaluation of the prototype demonstrates its fulfilment of healthcare-specific security and privacy requirements, as well as low implementation efforts for similar architectures, and no measurable performance overhead in a practical benchmark

CYCLONE: The Multi-Cloud Middleware Stack for Application Deployment and Management

DevOps teams have to consider many technology and platform aspects when developing, deploying and operating cloud based applications: application deployments need to work everywhere on different cloud platforms, identities need to come from anywhere, and networks need to connect to anyone. The CYCLONE middleware is a holistic middleware stack that allows deploying and managing cloud based applications on multiple clouds and multiple cloud platforms. It includes a deployment manager, a practical identity federation, as well as a network manager that connects VMs independent of any specific infrastructure. This article explains the CYCLONE middleware stack, and what it can offer for application developers and operators. The paper describes in details the main bioinformatics use cases that evolve from a single VM installation for simple microbial research to multicloud infrastructure for advanced genomic resource. The paper also describes the CYCLONE federated identity management and access control infrastructure that significantly simplifies access for institutional users

CYCLONE: A Platform for Data Intensive Scientific Applications in Heterogeneous Multi-cloud/Multi-provider Environment

This paper presents results of the ongoing development of the CYCLONE as a platform for scientific applications in heterogeneous multi-cloud/multi-provider environment. The paper explains the general use case that provides a general motivation for the CYCLONE architecture and provides detailed analysis of the bioinformatics use cases that define specific requirements to the CYCLONE infrastructure components. Special attention is given to the federated access control and security infrastructure that must provide consistent security and data protection for distributed bioinformatics data processing infrastructure and distributed cross-organisations collaborating teams of scientists. The paper provides information about selected use cases implementation using SlipStream cloud automation and management platform with application recipe example. The paper also addresses requirements for providing dedicated intercloud network infrastructure which is currently not addressed by cloud providers (both public and scientific/community