基于虚拟机部署策略的云平台容错即服务方法

针对如何充分利用云基础架构层资源,满足上层云应用系统租户对应用系统容错的需求多样性和高可靠性要求的问题,提出一种面向租户和云服务提供商的、基于虚拟机部署策略的云平台容错即服务方法。该方法根据租户的特定容错需求适配适合的容错方法及容错级别,据此计算并最优化云服务提供商的收益和资源使用量,在此基础上对提供容错服务的虚拟机进行优化部署,充分利用底层虚拟机资源为租户的云应用系统提供更为可靠的容错服务。实验结果表明,所提方法能够在保障云服务提供商收益的基础上,为多租户云应用系统实现更灵活且可靠性更高的容错服务。     

区块链即服务的发展现状与展望

论述区块链即服务研究现状,通过云计算和区块链技术结合方式介绍区块链即服务工作原理,根据区块链即服务面向的服务对象论述基础设计原则,以主流的区块链即服务平台分析研究基本架构。区块链即服务作为一种云服务,是区块链服务设施的云端出租网络平台,依照其租户特点使计算资源、平台资源、软件资源、硬件资源得到最大程度的共享。区块链即服务通过大容量的资源池,保障租户的业务规模可灵活弹性伸缩,租用设施可共享和独享,安全可靠运行。针对区块链即服务风险监管、技术难点、性能等问题对当前研究的不足和未来的研究方向进行分析和展望。     

DFA-VMP: An efficient and secure virtual machine placement strategy under cloud environment

The problem of Virtual Machine (VM) placement is critical to the security and efficiency of the cloud infrastructure. Nowadays most research focuses on the influences caused by the deployed VM on the data center load, energy consumption, resource loss, etc. Few works consider the security and privacy issues of the tenant data on the VM. For instance, as the application of virtualization technology, the VM from different tenants may be placed on one physical host. Hence, attackers may steal secrets from other tenants by using the side-channel attack based on the shared physical resources, which will threat the data security of the tenants in the cloud computing. To address the above issues, this paper proposes an efficient and secure VM placement strategy. Firstly, we define the related security and efficiency indices in the cloud computing system. Then, we establish a multi-objective constraint optimization model for the VM placement considering the security and performance of the system, and find resolution towards this model based on the discrete firefly algorithm. The experimental results in OpenStack cloud platform indicates that the above strategy can effectively reduce the possibility of malicious tenants and targeted tenants on the same physical node, and reduce energy consumption and resource loss at the data center.     

面向Web服务的BPEL的研究与实现

BPEL简化了将多个Web服务合成到一个新的复合服务(业务流程)中的操作过程.但如果要进一步提高BPEL流程的开发效率,还需要一个可视化的解决方案.通过一个开发实例的具体实现过程,对基于BPEL进行Web服务合成的原理和方法进行了深入的研究,并由此提出了基于Oracle BPEL流程管理器实现Web服务合成的解决方案,介绍了在该环境下部署和测试一个BPEL流程的方法.     

BPEL组合服务可信性评估方法研究

提出了一种基于数据依赖的Web服务编程语言(business process execution language for Web services,BPEL4WS,简称BPEL)的可信性评估方法。利用扩展BPEL控制流图(extensible BPEL flow graph,XBFG)对BPEL进行建模,通过建模获得组件间的直接和间接数据依赖关系,并构造依赖链用以计算组件的信任值。根据BPEL组合服务的控制结构,在XBFG上通过约减规则对BPEL组合服务可信性进行评估。实验结果表明,基于数据依赖的组合服务可信性评估方法可以有效地评估BPEL组合服务的可信性,并且这种评估方法较为稳定,不会随着组件数量的增加而影响评估结果。     

一种将业务规则与BPEL有效集成的方法

业务规则是定义和约束企业业务结构与业务行为的规定或规范，是企业业务运作和管理决策所依赖的重要资源。当前，面向服务的计算变得越来越流行，Web services已经成为集成互联网上分布和异构应用程序的通用技术。使用Web服务合成语言BPEL可以将不同服务提供者提供的服务整合成新的服务。然而，这种基于流程的合成语言缺乏在合成过程中使用由不同的业务规则引擎管理的业务规则的能力。因此提出了一种将业务规则与BPEL集成的方法。     

企业云服务体系结构的参考模型与开发方法

服务与云计算范型的融合有助于大规模分布式软件的开发和应用,同时也为面向服务的软件工程带来了新的挑战。云计算的最大挑战是缺少事实上的标准或单一的体系结构方法,以满足企业将关键产品作为Internet上的云服务发布的应用需求。首先,针对企业云计算的业务特点,提出了一种企业云服务体系结构(Enterprise Cloud Service Architecture,ECSA)风格的通用和抽象参考模型,分析了该模型中的云服务、服务模式、服务消费者、管理、流程、质量属性、服务构件模型、服务匹配和交互模式匹配9个组件及其之间的关系,并讨论了它们中的角色。然后,提出了一个四阶段的ECSA迭代改进过程,该过程把云服务视为首要的类建模元素,通过解除云服务模型和来自目标构件配置之间的耦合,可实现相同云服务集的多种不同体系结构。最后,给出了一种基于该模型的期货程序化交易的私有云服务应用实例,用以展示该方法的可行性和有效性。     

二维多层次的云服务可靠性评估方法研究

针对云服务业务流程管理的特点, 给出了云服务的组合实现框架; 依据随机Petri网的建模理论, 探讨了组合云服务流程网模型的细粒度建模方法; 根据动态多变的用户需求, 设计了二维多层次的云服务组合可靠性动态评估框架, 并给出了马尔可夫过程和等值约简的两种可靠性计算方法。应用示例分析结果表明, 该方法具有较好的动态适应性和灵活性, 能有效满足云服务的可靠性评估需求。     

一种基于CPN的运行时监控服务交互行为的方法

BPEL对Web服务组合的描述特性使得它很难表达和分析服务组合中的交互行为属性.这些行为属性需要遵循一定的交互协议.然而良定义的交互协议还是容易受到侵犯,这将导致服务组合进程产生状态不一致的问题.为了解决这类实际交互行为与其服务组合描述之间的不一致性问题,提出了一种由BPEL描述自动构造运行时监控器的方法.首先提出了一种基于有色Petri网(CPN)的形式化表示模型以及服务组合规约到模型的映射方法,用于精确表达从BPEL流程描述中提取的服务交互行为规约.然后,描述了由CPN形式化表示模型生成运行时监控器的方法.该运行时监控器能够捕获所有进出服务组合进程的交互消息,并且检测是否存在违背交互协议的行为.     

SDSN@RT: A middleware environment for single-instance multitenant cloud applications

With the single-instance multitenancy (SIMT) model for composite Software-as-a-Service (SaaS) applications, a single composite application instance can host multiple tenants, yielding the benefits of better service and resource utilization and reduced operational cost for the SaaS provider. An SIMT application needs to share services and their aggregation (the application) among its tenants while supporting variations in the functional and performance requirements of the tenants. The SaaS provider requires a middleware environment that can deploy, enact, and manage a designed SIMT application, to achieve the varied requirements of the different tenants in a controlled manner. This paper presents the SDSN@RT (software-defined service networks at runtime) middleware environment that can meet the aforementioned requirements. SDSN@RT represents an SIMT composite cloud application as a multitenant service network, where the same service network simultaneously hosts a set of virtual service networks, one for each tenant. A service network connects a set of services and coordinates the interactions between them. A virtual service network realizes the requirements for a specific tenant and can be deployed, configured, and logically isolated in the service network at runtime. SDSN@RT also supports the monitoring and runtime changes of the deployed multitenant service networks. We show the feasibility of SDSN@RT with a prototype implementation and demonstrate its capabilities to host SIMT applications and support their changes with a case study. The performance study of the prototype implementation shows that the runtime capabilities of our middleware incur little overhead.     

LTSS: Load-Adaptive Traffic Steering and Forwarding for Security Services in Multi-Tenant Cloud Datacenters

Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network (SDN) based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.     

一种自适应的BPEL流程控制策略及其实现

传统的BPEL语言,只是静态地描述业务流程与所需Web服务之间的绑定关系,并不能很快适应动态变化的SOA环境;针对这一问题,该文提出一种白适应的BPEL流程编排和执行机制,通过推迟业务过程与所需服务之间的绑定时间,加入动态服务选择机制,从而使得BPEL流程的执行过程具有一定程度的自适应特征,不仅提高了BPEL流程编排和...     

基于状态方面的Web服务动态替换

随着面向服务计算技术的成熟,服务复合已成为Internet上开发企业间业务协作的一种新模式,WS-BPEL是服务复合事实上的标准.但是由于复合服务所依赖的第三方伙伴服务的分布、自治和松散耦合等特性,在执行过程中易受到伙伴服务失效的影响,可靠性无法得到保证,因此需要支持在运行时对伙伴服务进行动态替换.目前的BPEL规范只提供有限的服务替换功能,当与伙伴服务的交互涉及到一系列有状态的会话操作时,服务替换就更加复杂.通过对面向方面的研究,提出面向BPEL语言的状态方面扩展.通过状态方面,记录与伙伴服务交互过程中的会话信息.在伙伴服务失效时,通过透明地替换伙伴服务,使得与当前伙伴服务的会话信息传播到功能等价的另一个伙伴服务上,以保证流程的正常执行.通过该方法,使得BPEL流程具有一定的自愈能力,增强了流程执行的可靠性.     

基于代理和BPEL4WS的Web服务合成与实现

Web服务的交互和实现被推荐通过软件代理来实现.Web服务目前还不能很好地支持动态、自适应的服务组合和分布式业务流程.软件代理在建模、知识表达和交互等技术上的优势,能够强化Web服务的交互和动态应用能力.基于代理和面向流程建模的BPEL4WS,可以实现Web服务面向业务应用的合成与执行,支持多个协同的业务流程及其动态配置.系统分析了代理、BPEL4WS和Web服务整合的技术与实现方案,利用JADE平台开发了相关的测试模型,并且以网上拍卖为案例,验证了所提方案及实现.     

服务时间随机条件下服务组合质量分析

本文分析采用业务过程执行语言（BPEL2WS）描述的web服务组合的执行时间,给出在服务执行时间随机情况下,根据单个服务的执行时间概率分布密度和BPEL2WS模型的结构求解web服务组合执行时间的概率分布密度函数的算法。根据概率密度函数可以求得业务过程执行时间在任意时限内的概率,从而可以根据给定的概率条件优化组合服务,使得服务执行成本最低．最后通过一个应用实例验证了算法的有效性。     

云计算下基于CRP算法的资源提供策略

云计算资源管理系统是用于接收来自云计算用户的资源请求,并且把特定的资源封装为服务提供给资源请求者。在云计算环境下,如何为资源请求者选择合适的资源是一个值得研究的课题。文中通过对云计算下现有的资源提供策略的分析,同时根据不同云提供者提供的计算资源的成本不同的特点,综合考虑资源的计算能力、可靠性和单位成本三点因素,提出了云计算下基于CRP算法的资源提供策略。这种资源提供策略既能提供满足用户资源请求的服务,也能降低云服务提供者的运营成本,从而获得更大收益。     

Querying business processes with BP-QL

We present in this paper BP-QL, a novel query language for querying business processes. The BP-QL language is based on an intuitive model of business processes, an abstraction of the emerging BPEL (business process execution language) standard. It allows users to query business processes visually, in a manner very analogous to how such processes are typically specified, and can be employed in a distributed setting, where process components may be provided by distinct providers.     

一种透明的可信云租户隔离机制研究

租户隔离是云计算能被作为第三方服务提供给租户的重要前提,因此云租户隔离机制的安全有效性能否被租户信任对云计算服务的推广非常关键.但是在云计算这种第三方服务模式中,由于租户不能参与云服务基础设施及其安全隔离机制的建设和管理过程,因此他们难以对云租户隔离机制的安全有效性建立信心.本文将透明性要求视为可信云租户隔离机制的一部分,将云租户隔离机制和租户透明要求都转化为云服务系统中不同安全域之间的信息流, 对云租户隔离机制进行定义,并制定云计算平台中的域间信息流策略控制方式,最后基于信息流无干扰理论证明了所定义的云租户隔离机制在安全方面的有效性.     

Multi-tenant intrusion detection system for public cloud (MTIDS)

Cloud computing is an innovative paradigm technology that is known for its versatility. It provides many creative services as requested, and it is both cost efficient and reliable. More specifically, cloud computing provides an opportunity for tenants to reduce cost and raise effectiveness by offering an alternative method of service utilization. Although these services are easily provided to tenants on demand with minor infrastructure investment, they are significantly exposed to intrusion attempts since the services are offered under the administration of diverse supervision over the Internet. Moreover, the security mechanisms offered by cloud providers do not take into consideration the variation of tenants’ needs as they provide the same security mechanism for all tenants. So, meeting tenants’ security requirements are still a major challenge for cloud providers. In this paper, we concentrate on the security service offered to cloud tenants and service providers and their infrastructure to restrain intruders. We intend to provide a flexible, on-demand, scalable, and pay-as-you-go multi-tenant intrusion detection system as a service that targets the security of the public cloud. Further, it is designed to deliver appropriate and optimized security taking into consideration the tenants’ needs in terms of security service requirements and budget.     

Dynamic provisioning in multi-tenant service clouds

Cloud-based systems promise an on-demand service provisioning system along with a ??pay-as-you-use?? policy. In the case of multi-tenant systems this would mean dynamic creation of a tenant by integrating existing cloud-based services on the fly. Presently, dynamic creation of a tenant is handled by building the required components from scratch. Although multi-tenant systems help providers save cost by allocating multiple tenants to the same instance of an application, they incur huge reconfiguration costs. Cost and time spent on these reconfiguration activities can be reduced by re-constructing tenants from existing tenant configurations supported by service providers. Multi-tenant cloud-based systems also lack the facility of allowing clients to specify their requirements. Giving clients the flexibility to specify requirements helps them avoid spending an excessive amount of time and effort looking through a list of services, many of which might not be relevant to them. Moreover, dynamic provisioning in the cloud requires an integrated solution across the technology stack (software, platform and infrastructure) combining functional, non-functional and resource allocation requirements. Existing research works in the area of web service matching, although numerous, still fall short, since they usually consider each requirement type in isolation and cannot provide an integrated solution. To that end, in this paper we investigate the features needed for dynamic service provisioning on the cloud. We propose a novel User Interface-Tenant Selector-Customizer (UTC) model and approach, which enables cloud-based services to be systematically modeled and provisioned as variants of existing service tenants in the cloud. Our approach considers functional, non-functional and resource allocation requirements, which are explicitly specified by the client via the user interface component of the model. To the best of our knowledge, ours is the first such integrated approach. We illustrate our ideas using a realistic running example, and also present a proof-of-concept prototype built using IBM??s Rational Software Architect modeling tool. We also present experimental results demonstrating the applicability of our matching algorithm. Our results show significant reduction in matching time with the help of an elimination process that reduces the search space needed for performing matching.