Business processes oriented heterogeneous systems integration platform for networked enterprises

Supply chains, dynamic alliances, e-business, extended enterprises, and virtual organizations are typical networked enterprises which are formed based on partner companies’ core competencies. Different partners have different infrastructures; the interoperability among heterogeneous systems is the solid foundation for the networked enterprise to work seamlessly and effectively. Due to the distributed and heterogeneous characteristics of different partner companies, it is a big challenge to implement a satisfying and cost effective solution in the networked enterprise.Aiming at the problems of system integration and cross-system interoperability, Service-Oriented Architecture (SOA) provides a new integration pattern and relative system infrastructure. The key for the development and implementation of SOA is services encapsulation and orchestration of applications through certain mechanism to operate a complex business. However, cross infrastructures services access protection and relative services orchestration are still the bottleneck for the SOA implementation.This paper develops a business processes oriented heterogeneous systems integration platform with relative methodology for networked enterprises integration. The platform is a space distributed and management centralized platform for networked enterprises. The service access agent (SAA) mechanism is developed to realize cross-domains identity authentication, service authorization, and information transmission security. Every Web service or SAA in the platform has a unique ID. The interoperating process only relies on IDs, which endows the platform with a loose coupling feature. Aiming at service orchestration, a graphic service process modelling method is developed, with which the developed process model can link atom Web services and form a complex service. The Java based service orchestration tool provides an ESB (Enterprise Service Bus) independent service orchestration and deployment. Those services that are results of orchestration can be orchestrated as an atom service in another orchestrating process. Thus, the platform can support orchestration decomposition. The structure approach of the business process modelling based platform implementation is developed, which provides a guideline for platform installation, services modelling, service encapsulation, service orchestration, and service deployment. Two cases are provided to illustrate the usage of the platform in industries. The development of this platform is an open source project.     

VNET6: IPv6 virtual network for the collaboration between applications and networks

The scarcity of IPv4 makes IPv6 deployment critical for all network-based applications. However, the big issue of IPv6 is that we lack real applications that are based on IPv6. The application demands for flexibility, availability and management are hard to be met by the current network. Hence, it has become extremely urgent how IPv6 network can be tailored to meet the application specified requirements. In order to address the need, we propose IPv6 virtual network architecture (VNET6) to help to accelerate the momentum of IPv6 deployment. VNET6 differs from other proposed architectures. It supports incremental network evolution with the virtual collaboration environment, which has distinct features including flexible service provision, reliable service entity, end-to-end flow management and ubiquitous access. The collaboration mode provides the bidirectional interaction between applications and networks via intent-based interfaces. IPv6 provides feasibility for the deployment of the virtual environment and the IPv6 critical protocols are employed in VNET6. Our initial prototype study and comparative analysis demonstrate that VNET6 can be adapted to meet the specific application requirements.     

The Virtual Service Grid: an architecture for delivering high‐end network services

This paper presents the design of a new system architecture, Virtual Service Grid (VSG), for delivering high‐performance network services. The VSG is based on the concept of the virtual service which provides location, replication, and fault transparency to clients accessing remotely deployed high‐end services. One of the novel features of the virtual service is the ability to self‐scale in response to client demand. The VSG exploits network and service information to make adaptive dynamic replica selection, creation, and deletion decisions. We describe the VSG architecture, middleware, and replica management policies. We have deployed the VSG on a wide‐area Internet testbed to evaluate its performance. The results indicate that the VSG can deliver efficient performance for a wide range of client workloads, both in terms of reduced response time and in the utilization of system resources. Copyright © 2002 John Wiley & Sons, Ltd.     

基于服务部署的高可用模型及其可用性分配算法

传统高可用系统存在可扩展性较差的问题.文中提出基于服务部署的高可用系统模型,利用对计算资源与存储资源的分离管理实现虚拟高可用服务节点,通过不同服务间共享冗余资源提高资源利用率,有效解决可扩展性问题.基于服务部署高可用系统的关键问题为如何根据服务可用性期望值和使用模式等合理分配资源.针对本系统可用性分配特点,文中提出了最适合冗余优先分配算法,基于结合费用与惩罚值的目标函数得到满足需求的相对最优解,实验证明此算法能较好地达到系统的实时服务部署要求.     

CyberGuarder: A virtualization security assurance architecture for green cloud computing

As the sizes of IT infrastructure continue to grow, cloud computing is a natural extension of virtualisation technologies that enable scalable management of virtual machines over a plethora of physically connected systems. The so-called virtualisation-based cloud computing paradigm offers a practical approach to green IT/clouds, which emphasise the construction and deployment of scalable, energy-efficient network software applications (NetApp) by virtue of improved utilisation of the underlying resources. The latter is typically achieved through increased sharing of hardware and data in a multi-tenant cloud architecture/environment and, as such, accentuates the critical requirement for enhanced security services as an integrated component of the virtual infrastructure management strategy. This paper analyses the key security challenges faced by contemporary green cloud computing environments, and proposes a virtualisation security assurance architecture, CyberGuarder, which is designed to address several key security problems within the ‘green’ cloud computing context. In particular, CyberGuarder provides three different kinds of services; namely, a virtual machine security service, a virtual network security service and a policy based trust management service. Specifically, the proposed virtual machine security service incorporates a number of new techniques which include (1) a VMM-based integrity measurement approach for NetApp trusted loading, (2) a multi-granularity NetApp isolation mechanism to enable OS user isolation, and (3) a dynamic approach to virtual machine and network isolation for multiple NetApp’s based on energy-efficiency and security requirements. Secondly, a virtual network security service has been developed successfully to provide an adaptive virtual security appliance deployment in a NetApp execution environment, whereby traditional security services such as IDS and firewalls can be encapsulated as VM images and deployed over a virtual security network in accordance with the practical configuration of the virtualised infrastructure. Thirdly, a security service providing policy based trust management is proposed to facilitate access control to the resources pool and a trust federation mechanism to support/optimise task privacy and cost requirements across multiple resource pools. Preliminary studies of these services have been carried out on our iVIC platform, with promising results. As part of our ongoing research in large-scale, energy-efficient/green cloud computing, we are currently developing a virtual laboratory for our campus courses using the virtualisation infrastructure of iVIC, which incorporates the important results and experience of CyberGuarder in a practical context.     

Clustering support and replication management for scalable network services

The ubiquity of the Internet and various intranets has brought about widespread availability of online services and applications accessible through the network. Cluster-based network services have been rapidly emerging due to their cost-effectiveness in achieving high availability and incremental scalability. We present the design and implementation of the Neptune middleware system that provides clustering support and replication management for scalable network services. Neptune employs a loosely connected and functionally symmetric clustering architecture to achieve high scalability and robustness. It shields the clustering complexities from application developers through simple programming interfaces. In addition, Neptune provides replication management with flexible replication consistency support at the clustering middleware level. Such support can be easily applied to a large number of applications with different underlying data management mechanisms or service semantics. The system has been implemented on Linux and Solaris clusters, where a number of applications have been successfully deployed. Our evaluations demonstrate the system performance and smooth failure recovery achieved by proposed techniques.     

基于订阅/发布服务的广域信息管理系统应急响应机制

广域信息管理系统(SWIM)是一个分布式的大型网络系统,它实时地向空中交通管理部门、航空机场和航空公司等提供不间断的航空信息数据共享和传输服务。为了保障SWIM服务的连续性,研究了基于订阅/发布服务的SWIM系统应急响应机制。首先,根据实时监测SWIM网络的各性能指标,提出了基于改进的模糊层次分析的网络可生存性评估方法;其次,当SWIM网络生存性指标下降到低于参量的边界值时,发布相应信息到订阅者,由订阅者确定是否进行服务漂移;最后,分别针对自然灾害和分布式拒绝服务(DDoS)攻击两种情况,提出了基于订阅/发布服务的SWIM应急响应模型(ERMSP),该模型以订阅发布和信任管理机制为基础。仿真实验结果表明,通过对网络性能各指标的实时监测和部署ERMSP,可抵抗性提高了8.9%,业务连续性提高了18.2%,可以实现SWIM的应急响应。     

面向服务网格的虚拟环境部署运行管理系统

虚拟技术的最新进展为网格计算提供了封装资源的新方式,其封装性、隔离性和安全性能够有效屏蔽底层资源的异构性,根据用户应用需求定制执行环境,更好地适应于网格环境的复杂性和应用的多样性。为了满足当前服务网格的需求发展,基于新的虚拟机技术,研究适合于服务网格的虚拟环境部署运行管理系统,该系统为用户提供可视化、易操作的远程虚拟环境部署和运行管理功能;并实现一个标准的网格服务,结合服务网格平台CROWN,该服务可根据用户应用的特定需求动态透明地部署虚拟执行环境,并根据资源状态自适配调度执行用户任务。并对系统进行了实验分析,实验结果验证了系统的良好可用性和运行性能。     

The architecture of an event correlation service for adaptive middleware-based applications

Loosely coupled component communication driven by events is a key mechanism for building middleware-based applications that must achieve reliable qualities of service in an adaptive manner. In such a system, events that encapsulate state snapshots of a running system are generated by monitoring components. Hence, an event correlation service is necessary for correlating monitored events from multiple sources. The requirements for the event correlation raise two challenges: to seamlessly integrate event correlation services with other services and applications; and to provide reliable event management with minimal delay. This paper describes our experience in the design and implementation of an event correlation service. The design encompasses an event correlator and an event proxy that are integrated with an architecture for adaptive middleware components. The implementation utilizes the common-based event (CBE) specification and stateful Web service technologies to support the deployment of the event correlation service in a distributed architecture. We evaluate the performance of the overall solution in a test bed and present the results in terms of the trade-off between the flexibility and the performance overhead of the architecture.     

Ceph分布式存储系统性能优化技术研究综述

Ceph是一个统一的分布式存储系统,可同时提供块、文件和对象3种接口的存储服务。与传统的分布式存储系统不同,它采用了无中心节点的元数据管理方式,因此具有良好的扩展性和线性增长的性能。经过十余年的发展,Ceph已被广泛地应用于云计算和大数据存储系统。作为云计算的底层平台,Ceph除了提供虚拟机的存储服务外,还可以直接提供对象存储服务和NAS文件服务。Ceph支撑着云计算系统中多种操作系统和应用的存储需求,它的性能对其上的虚拟机和应用有较大的影响,因此Ceph存储系统的性能优化一直是学术界和工业界的研究热点。文中首先介绍了Ceph的架构和特性;然后针对现有的性能优化技术,从对内部机制进行改进、面向新型硬件和基于应用的优化这3个方面进行了归纳和总结,综述了近年来Ceph存储和优化的相关研究;最后对该领域未来的工作进行了展望,以期为分布式存储系统性能优化的研究者提供有价值的参考。     

OSGi框架下基于LDAP的异构遥感服务调用机制研究

针对异构遥感算法服务集成方法在元数据和生命周期管理方面的不足,提出了在OSGi框架下基于LDAP的异构服务调用机制。该机制设计了一个异构服务代理,将异构服务封装为OSGi bundle服务,实现服务生命周期管理,并结合LDAP技术,实现异构服务元数据管理;同时引入工作流引擎技术,搭建了一个异构服务交互调用的原型系统。通过遥感NDVI产品生产实验表明,该方法不仅能灵活地调用多种异构的遥感算法服务,且能有效的管理服务元数据及其生命周期。最后性能分析表明,该方法也为遥感数据分布式处理提供了一种有效的解决方案。     

SonD系统中虚拟存储设备共享Cache方法的设计

蓝鲸服务点播系统(SonD系统)是一个基于网络存储的新型计算环境，为大规模计算环境中计算机的部署和管理提供了有效手段。SonD系统中虚拟存储设备共享cache方法，在文件一级实现了对SonD系统中虚拟存储设备间物理共享数据在内存中cache的共享，有效地避免了共享cache后带来的数据的一致性问题。实验数据表明，虚拟存储设备共享cache方法提高了SonD系统的整体性能。     

Cross‐domain authorization for federated virtual organizations using the myVocs collaboration environment

This paper describes our experiences building and working with the reference implementation of myVocs (my Virtual Organization Collaboration System). myVocs provides a flexible environment for exploring new approaches to security, application development, and access control built from Internet services without a central identity repository. The myVocs framework enables virtual organization (VO) self‐management across unrelated security domains for multiple, unrelated VOs. By leveraging the emerging distributed identity management infrastructure. myVocs provides an accessible, secure collaborative environment using standards for federated identity management and open‐source software developed through the National Science Foundation Middleware Initiative. The Shibboleth software, an early implementation of the Organization for the Advancement of Structured Information Standards Security Assertion Markup Language standard for browser single sign‐on, provides the middleware needed to assert identity and attributes across domains so that access control decisions can be determined at each resource based on local policy. The eduPerson object class for lightweight directory access protocol (LDAP) provides standardized naming, format, and semantics for a global identifier. We have found that a Shibboleth deployment supporting VOs requires the addition of a new VO service component allowing VOs to manage their own membership and control access to their distributed resources. The myVocs system can be integrated with Grid authentication and authorization using GridShib. Copyright © 2008 John Wiley & Sons, Ltd.     

Modeling a resource contention in the management of virtual organizations

A virtual organization provides a cost-efficient method allowing different autonomous entities, such as organizations, departments and individuals, to extend service offerings in a virtual marketplace. To support cost-efficient service provisioning, a suitable procedure must be applied to determine the amount of resources necessary for the operation of virtual organizations.We propose a new mathematical model for a quantitative performance evaluation of resource management in virtual organizations. We present an efficient algorithm to determine the steady state probabilities and the performance measures of the system. A comparison with a detailed simulation model and other numerical approaches shows that the proposed algorithm is fast and accurate. This algorithm can therefore be used for resource dimensioning to support the cost-efficient operation of virtual organizations.     

Flexible service consolidation with nested virtualization and library operating systems

In Infrastructure-as-a-service (IaaS) clouds, users can reduce costs by scale-in or scale-down when running services are underutilized. Since these optimizations of instance deployment require at least one minimum instance even for running an underutilized service, cost reduction is limited. For further optimization, multiple services can be consolidated into one instance. However, services have to be stopped temporarily at the consolidation time, and isolation between services becomes weaker after the consolidation. To solve these problems, this paper proposes FlexCapsule, which enables seamless and secure service consolidation in existing IaaS clouds. FlexCapsule runs each service in a lightweight virtual machine (VM) called an app VM, using a library operating system. An app VM runs inside an instance using a technique called nested virtualization. FlexCapsule can optimize instance deployment with negligible downtime by flexibly migrating app VMs. Due to strong isolation provided by app VMs, it can guarantee security between consolidated services. In addition, FlexCapsule provides multiprocess support using app VMs by emulating process fork and process pools. We have implemented FlexCapsule in Xen using both fully virtualized OS^v and paravirtualized MiniOS. Then, we examined the effectiveness of FlexCapsule using several applications. Due to the premature implementation of nested virtualization in Xen, the performance of app VMs largely degraded, but we believe that the performance could be improved using several existing optimizations.     

服务网格虚拟服务动态部署和自适应策略

以"服务"的形式包装网格资源已成为一种趋势,并得到网格界的一致认可.为了更加充分灵活的利用网格资源,提出了一个网格虚拟服务动态部署架构以及基于此架构的服务平衡调度算法,通过服务按需部署和实时监控,动态调整资源在不同任务间的分配,并在需要时进行任务迁移,保证应用的服务质量.实验结果表明此系统较其它系统在资源利用率、QoS命中率上都有一定的提高.     

Design, implementation, and evaluation of differentiated caching services

With the dramatic explosion of online information, the Internet is undergoing a transition from a data communication infrastructure to a global information utility. PDAs, wireless phones, Web-enabled vehicles, modem PCs, and high-end workstations can be viewed as appliances that "plug-in" to this utility for information. The increasing diversity of such appliances calls for an architecture for performance differentiation of information access. The key performance accelerator on the Internet is the caching and content distribution infrastructure. While many research efforts addressed performance differentiation in the network and on Web servers, providing multiple levels of service in the caching system has received much less attention. It has two main contributions. First, we describe, implement, and evaluate an architecture for differentiated content caching services as a key element of the Internet content distribution architecture. Second, we describe a control-theoretical approach that lays well-understood theoretical foundations for resource management to achieve performance differentiation in proxy caches. An experimental study using the Squid proxy cache shows that differentiated caching services provide significantly better performance to the premium content classes.