基于虚拟机的自适应网格运行环境

网格应用必须适应动态变化的运行环境。该文探讨动态且自适应的资源管理模式,设计并实现一种面向服务的分布式虚拟机——Abacus虚拟机。根据资源管理策略与运行时的可用资源情况,Abacus虚拟机自适应地在分布式环境中为应用程序分配资源。实验结果显示,该自适应的资源管理方式是可行有效的。     

A survey of methods and approaches for reliable dynamic service compositions

An increasing amount of today’s software systems is developed by dynamically composing available atomic services to form a single service that responds to consumers’ demand. These composite services are distributed across the network, adapted dynamically during run-time, and still required to work correctly and be available on demand. The development of these kinds of modern services requires new modeling and analysis methods and techniques to enable service reliability during run-time. In this paper, we define the required phases of the composite service design and execution to achieve reliable composite service. These phases are described in the form of a framework. We perform a literature survey of existing methods and approaches for reliable composite services to find out how they match with the criteria of our framework. The contribution of the work is to reveal the current status in the research field of reliable composite service engineering.     

CyberGuarder: A virtualization security assurance architecture for green cloud computing

As the sizes of IT infrastructure continue to grow, cloud computing is a natural extension of virtualisation technologies that enable scalable management of virtual machines over a plethora of physically connected systems. The so-called virtualisation-based cloud computing paradigm offers a practical approach to green IT/clouds, which emphasise the construction and deployment of scalable, energy-efficient network software applications (NetApp) by virtue of improved utilisation of the underlying resources. The latter is typically achieved through increased sharing of hardware and data in a multi-tenant cloud architecture/environment and, as such, accentuates the critical requirement for enhanced security services as an integrated component of the virtual infrastructure management strategy. This paper analyses the key security challenges faced by contemporary green cloud computing environments, and proposes a virtualisation security assurance architecture, CyberGuarder, which is designed to address several key security problems within the ‘green’ cloud computing context. In particular, CyberGuarder provides three different kinds of services; namely, a virtual machine security service, a virtual network security service and a policy based trust management service. Specifically, the proposed virtual machine security service incorporates a number of new techniques which include (1) a VMM-based integrity measurement approach for NetApp trusted loading, (2) a multi-granularity NetApp isolation mechanism to enable OS user isolation, and (3) a dynamic approach to virtual machine and network isolation for multiple NetApp’s based on energy-efficiency and security requirements. Secondly, a virtual network security service has been developed successfully to provide an adaptive virtual security appliance deployment in a NetApp execution environment, whereby traditional security services such as IDS and firewalls can be encapsulated as VM images and deployed over a virtual security network in accordance with the practical configuration of the virtualised infrastructure. Thirdly, a security service providing policy based trust management is proposed to facilitate access control to the resources pool and a trust federation mechanism to support/optimise task privacy and cost requirements across multiple resource pools. Preliminary studies of these services have been carried out on our iVIC platform, with promising results. As part of our ongoing research in large-scale, energy-efficient/green cloud computing, we are currently developing a virtual laboratory for our campus courses using the virtualisation infrastructure of iVIC, which incorporates the important results and experience of CyberGuarder in a practical context.     

Design, implementation, and evaluation of differentiated caching services

With the dramatic explosion of online information, the Internet is undergoing a transition from a data communication infrastructure to a global information utility. PDAs, wireless phones, Web-enabled vehicles, modem PCs, and high-end workstations can be viewed as appliances that "plug-in" to this utility for information. The increasing diversity of such appliances calls for an architecture for performance differentiation of information access. The key performance accelerator on the Internet is the caching and content distribution infrastructure. While many research efforts addressed performance differentiation in the network and on Web servers, providing multiple levels of service in the caching system has received much less attention. It has two main contributions. First, we describe, implement, and evaluate an architecture for differentiated content caching services as a key element of the Internet content distribution architecture. Second, we describe a control-theoretical approach that lays well-understood theoretical foundations for resource management to achieve performance differentiation in proxy caches. An experimental study using the Squid proxy cache shows that differentiated caching services provide significantly better performance to the premium content classes.     

Quality of Service Negotiation for Commercial Medical Grid Services

The GEMSS project has developed a service-oriented Grid that supports the provision of medical simulation services by service providers to clients such as hospitals. We outline the GEMSS architecture, legal framework and the security features that characterise the GEMSS infrastructure. High levels of quality of service are required and we describe a reservation-based approach to quality of service, employing a quality of service management system that iteratively finds suitable reservations and uses application specific performance models. The GEMSS Grid is a commercial environment so we support flexible pricing models and a FIPA reverse English auction protocol. Signed Web Service Level Agreement contracts are exchanged to commit parties to a quality of service agreement before job execution occurs. We run four experiments across European countries using high performance computing resources running advanced resource reservation schedulers. These experiments provide evidence for our Grid’s rational behaviour, both at the level of service provider quality of service management and at the higher level of the client choosing between competing service providers. The results lend support to our economic model and the technology we use for our medical application domain.     

Economics‐inspired decentralized control approach for adaptive grid services and applications

Grid technologies facilitate innovative applications among dynamic virtual organizations, while the ability to deploy, manage, and properly remain functioning via traditional approaches has been exceeded by the complexity of the next generation of grid systems. An important method for addressing this challenge may require nature‐inspired computing paradigms. This technique will entail construction of a bottom‐up multiagent system; however, the appropriate implementation mechanism is under consideration in order for the autonomous and distributed agents to emerge as a controlled grid service or application. A credit card management service in economic interactions is considered in this article for a decentralized control approach. This consideration is based on a preliminarily developed ecological network‐based grid middleware that has features desired for the next generation grid systems. The control scheme, design, and implementation of the credit card management service are presented in detail. The simulation results show that (1) agents are accountable for their activities such as behavior invocation, service provision, and resource utilization and (2) generated services or applications adapt well to dynamically changing environments such as agent amounts as well as partial failure of agents. The approach presented herein is beneficial for building autonomous and adaptive grid applications and services. © 2006 Wiley Periodicals, Inc. Int J Int Syst 21: 1269–1288, 2006.     

INSIGNIA: An IP-Based Quality of Service Framework for Mobile ad Hoc Networks

We present the design, implementation, and evaluation of INSIGNIA, an IP-based quality of service framework that supports adaptive services in mobile ad hoc networks. The framework is based on an in-band signaling and soft-state resource management approach that is well suited to supporting mobility and end-to-end quality of service in highly dynamic environments where the network topology, node connectivity, and end-to-end quality of service are time varying. Architecturally INSIGNIA is designed to support fast reservation, restoration, and end-to-end adaptation based on the inherent flexibility and robustness and scalability found in IP networks. We evaluate the framework, paying particular attention to the performance of the in-band signaling system, which helps counter time-varying network dynamics in support of the delivery of adaptive services. Our results show the benefit of our framework under diverse mobility, traffic, and channel conditions.     

End-to-End QoS Support for a Medical Grid Service Infrastructure

Quality of Service support is an important prerequisite for the adoption of Grid technologies for medical applications. The GEMSS Grid infrastructure addressed this issue by offering end-to-end QoS in the form of explicit timeliness guarantees for compute-intensive medical simulation services. Within GEMSS, parallel applications installed on clusters or other HPC hardware may be exposed as QoS-aware Grid services for which clients may dynamically negotiate QoS constraints with respect to response time and price using Service Level Agreements. The GEMSS infrastructure and middleware is based on standard Web services technology and relies on a reservation based approach to QoS coupled with application specific performance models. In this paper we present an overview of the GEMSS infrastructure, describe the available QoS and security mechanisms, and demonstrate the effectiveness of our methods with a Grid-enabled medical imaging service.     

Effectively deploying services on virtualization infrastructure

Virtualization technology provides an opportunity to acieve efficient usage of computing resources. However, the management of services on virtualization infrastructure is still in the preliminary stage. Contstructing user service environments quickly and efficiently remains a challenge. This paper presents a service oriented multiple-VM deployment system (SO-MVDS) for creating and configuring virtual appliances running services on-demand. The system provides a template management model where all the virtual machines are created based on the templates with the software environment pre-prepared. To improve the deployment performance, we explore some strategies for incremental mechanisms and deployment.We also design a service deployment mechanism to dynamically and automatically deploy multiple services within virtual appliances. We evaluate both the deployment time and I/O performance using the proposed incremental mechanism. The experimental results show that the incremental mechanism outperforms the clone one.     

一种面向云多层应用的费用高效的资源管理方法

由于部署方便、维护简单并且不需要搭建自己的私有机房,云数据中心正成为大多数互联网公司 尤其是初创公司和中小规模公司 部署应用程序的首选。在以基础设施为服务的云环境里,互联网公司可以根据应用程序的需要动态租赁云基础设施,从而节省预算开支,并保证应用性能。然而,在现有的业界实践中,云服务提供商提供的负载均衡和资源伸缩服务只能监控虚拟机的使用状态,并不能监控应用程序的运行状态,因此无法准确根据应用程序的服务需求自适应变换资源规模。同时,现有的文献和实践中,也很少有 研究从云基础设施使用者的角度出发,为使用者节省基础设施租赁费用或高效使用已租赁基础设施。据此提出了一种面向基础设施云环境下多层应用的费用高效的资源管理方法,其在降低用户费用的同时,还能充分利用所花费用提高应用程序性能。通过仿真对所提方法业界实际使用的方法 进行比较,结果表明所提方法不仅能够提高应用程序的服务质量和服务性能,也能较大地降低公司在基础设施租赁方面的费用。     

分布式网络资源管理和业务管理集成方法的研究

基于面向业务的网络管理概念，提出了一个支持动态生成、使用和管理业务的基础结构，该基础结构由抽象表达总线、业务工作流总线、网络事务总线和相应的一些功能单元构成。对增强和扩展基本管理功能的方法以及体系结构所需数据模型进行了探讨。利用文章提出的集成方法可以实现业务和网络资源的统一管理，通过业务管理协调资源使用，通过资源管理保障业务实现。     

Adaptive versus Reservation-Based Synchronization Protocols—Analysis and Comparison

With the expansion of distributed multimedia applications, such as video-phone, video-conference, and video-on-demand, synchronization among various media (time-dependent, time-independent) becomes an integral part of various protocols, mechanisms and services in the underlying computing and communication systems. The current systems allow and provide two different resource management environments where synchronization will be considered: (1) best effort resource management, and (2) reservation-based resource management with differentiation of service classes. Under these two resource management environments, our goal is to analyze and compare the design, implementation, and performance of synchronization protocols and services. Our approach to accomplish this complex analysis is inductive, because we select a representative protocol from each group, and consider an adaptive synchronization protocol on top of the best effort resource management and a reservation-based synchronization protocol on top of the reservation-based resource management. We believe that both protocols include a rich set of known synchronization algorithms and mechanisms, hence our resulting analysis and comparison show: (1) trade-offs/difference in design complexity of the synchronization protocols (space and time), (2) trade-offs/difference in implementation complexity of the synchronization protocols (space and time), and (3) magnitude of performance changes.     

Adaptable,model-driven security engineering for SaaS cloud-based applications

Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple “tenants” of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants—i.e. multi-tenancy—increases tenants’ concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants’ needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants’ security requirements. We use abstract models to capture service provider and multiple tenants’ security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.     

Docker动态调度算法的设计与实现

Docker作为容器的实施引擎,能高效部署、执行和管理容器。然而,现有Docker容器资源管理机制基于静态配置,无法根据应用类型特征和资源需求在运行时进行高效的动态资源分配。因此,实验性地分析Docker运行不同负载时的资源使用和性能情况,设计并实现了一种基于运行时的Docker动态调度算法,优先满足实时型应用容器服务要求,同时保证批处理型应用容器的性能。另外,算法根据节点运行现状推荐创建最合适的应用容器,最大化节点的资源利用率。实验表明,动态调度机制不会引入明显的性能开销;当容器间出现资源竞争时,可以将实时型应用容器满足服务要求的时间段延长87.5%,且最多对同时运行的批处理应用容器的性能造成2.9%的开销。算法推荐机制将节点上能够运行的容器实例数增大2.3倍时,对批处理型应用容器只造成最多9.3%的性能损耗。     

Network-aware service placement and selection algorithms on large-scale overlay networks

Currently many service providers offer their services on a private and proprietary hard- and software infrastructure. These infrastructures often share many similarities. Hence we believe a generic service management architecture, that allows service providers to offer a large array of different services on a single infrastructure or multiple providers to offer their services cooperatively, would provide many advantages over current silo-based approaches. Additionally, by allowing the distributed service management components to cooperate in a peer-to-peer overlay network, scalability and resilience of the system could be greatly improved.In this paper we propose an optimal algorithm, based on an integer linear programming (ILP) formulation, and several heuristics to support such a generic overlay-based service management architecture. More specifically, we propose algorithms for dynamically allocating server and network resources to a set of services and selecting a suitable service instance for each client. Service instances are placed on a set of servers, taking into account server resource constraints (e.g. CPU and memory). Unlike existing algorithms for this problem, those proposed in this paper also support service level agreements (SLAs), which take the form of Quality of Service demands such as transmission latency constraints and bandwidth requirements. The optimisation goal is to maximise the percentage of satisfied demand (answered requests) and minimise the total number of required overlay servers, while satisfying the SLAs and resource constraints. Additionally, we propose an extension that allows the algorithms to find overlay routing paths to improve the transmission latency for latency-sensitive services.Extensive simulations were performed to evaluate the performance and scalability of the heuristics. They showed that in many cases the heuristics perform close to optimal and they scale well in terms of network size.     

Adaptive resource management for dynamic distributed real-time applications

The dynamic distributed real-time applications run on clusters with varying execution time, so re-allocation of resources is critical to meet the applications’s deadline. In this paper we present two adaptive recourse management techniques for dynamic real-time applications by employing the prediction of responses of real-time tasks that operate in time sharing environment and run-time analysis of scheduling policies. Prediction of response time for resource reallocation is accomplished by historical profiling of applications’ resource usage to estimate resource requirements on the target machine and a probabilistic approach is applied for calculating the queuing delay that a process will experience on distributed hosts. Results show that as compared to statistical and worst-case approaches, our technique uses system resource more efficiently.     

Towards automating overlay network management

Overlay networks are becoming widely used for content delivery because they provide effective and reliable services that are not otherwise available. However, they can negatively affect each other as well as the underlying network. A management system that controls and adapts their behavior is therefore needed. This will meet not only the specific demands of the users but also those of the network and service providers. This paper presents a novel approach to the issue of automating overlay network management. In contrast to existing management approaches which require static a priori policy configurations, policies are created dynamically. A policy layer consists of a set of policy enforcement points and policy decision points. This is used to capture the goals of users, services, and networks into network-level objectives. The behavior of the overlay network is adapted to the changing conditions in its environment. The creation, adaptation, and termination of overlays are achieved through policies. Policies are generated and enforced on the fly from the context information of the user, the network and the service provider. The new approach provides users and applications with more flexibility to dynamically change their quality-of-service requirements while maintaining smooth quality-of-service delivery. We show the advantages of our architecture and provide simulation results to verify its effectiveness.     

An integration experience of a software architecture and a monitoring infrastructure to deploy applications with non‐functional requirements in computing grids

Resource management is an important aspect to consider regarding applications that might have different non‐functional or operational requirements, when running in distributed and heterogeneous environments. In this context, it is necessary to provide the means to specify the required resource constraints and an infrastructure that can adapt the applications in light of the changes in resource availability. We adopted a contract‐based approach to describe and maintain parallel applications that have non‐functional requirements in a Computing Grid context, called ZeliGrid. To form the supporting infrastructure we have designed a software architecture that integrates some of the Globus services, the LDAP and the NWS monitoring services. Some modules that map the contract approach into software artifacts were also integrated to this architecture. This paper addresses the architecture and integration issues of our approach, as well as how we put the pieces together highlighting deployment and implementation details, which have to consider diverse aspects such as monitoring, security and dynamic reconfiguration. Copyright © 2010 John Wiley & Sons, Ltd.