An interoperable and self-adaptive approach for SLA-based service virtualization in heterogeneous Cloud environments

Cloud computing is a newly emerged computing infrastructure that builds on the latest achievements of diverse research areas, such as Grid computing, Service-oriented computing, business process management and virtualization. An important characteristic of Cloud-based services is the provision of non-functional guarantees in the form of Service Level Agreements (SLAs), such as guarantees on execution time or price. However, due to system malfunctions, changing workload conditions, hard- and software failures, established SLAs can be violated. In order to avoid costly SLA violations, flexible and adaptive SLA attainment strategies are needed. In this paper we present a self-manageable architecture for SLA-based service virtualization that provides a way to ease interoperable service executions in a diverse, heterogeneous, distributed and virtualized world of services. We demonstrate in this paper that the combination of negotiation, brokering and deployment using SLA-aware extensions and autonomic computing principles are required for achieving reliable and efficient service operation in distributed environments.     

SLA-based admission control for a Software-as-a-Service provider in Cloud computing environments

Software as a Service (SaaS) provides access to applications to end users over the Internet without upfront investment in infrastructure and software. To serve their customers, SaaS providers utilise resources of internal data centres or rent resources from a public Infrastructure as a Service (IaaS) provider. In-house hosting can increase administration and maintenance costs whereas renting from an IaaS provider can impact the service quality due to its variable performance. To overcome these limitations, we propose innovative admission control and scheduling algorithms for SaaS providers to effectively utilise public Cloud resources to maximize profit by minimizing cost and improving customer satisfaction level. Furthermore, we conduct an extensive evaluation study to analyse which solution suits best in which scenario to maximize SaaS provider?s profit. Simulation results show that our proposed algorithms provide substantial improvement (up to 40% cost saving) over reference ones across all ranges of variation in QoS parameters.     

基于随机博弈的云代理与私有云联盟的最优收益

提高私有云联盟（Federated Private Clouds）中虚拟机利用率问题是实现云代理（Cloud Broker）和私有云联盟最优收益的关键,引入随机博弈算法可分别使双方达到最优收益。首先,分析云代理和私有云联盟任务到达的随机特性,利用随机博弈模型解决虚拟机租用数量的收益获得问题;其次,分析并确定该模型为变和随机博弈,提出了反向迭代算法实现均衡;最后;仿真实验采用亚马逊EC2的价格,与租用固定虚拟机数量的方法进行对比,结果表明采用该方法能够使博弈双方都达到较高收益。     

SLA-based complementary approach for network intrusion detection

Enhancing the intrusion detection system is essential to maintain user confidence in network services security. However, the threat of intruders on Internet services is prevalent. This paper proposes a distributed edge-to-edge complementary approach for intrusion detection in a DiffServ/MPLS domain. The QoS metrics are inspected at the edges routers to determine anomalous behavior in the network traffic. Consumed ratios of one-way delay variation (OWDV) and packet loss are computed to monitor service level agreement (SLA) violations. The bandwidth ratio is measured to differentiate abnormal from normal traffic as well as to detect multiple intrusions launched simultaneously. We employed SLA as a comparison scale to infer the deviation between the users consumed ratios and the predefined ratios in the SLA. Service violation occurs and intrusion may be launched when the predefined ratios are exceeded. The complementary services of DiffServ and MPLS techniques guarantee accurate measurements, whereas the complementary measurements of active and passive techniques immunize network performance against scalability limitation. Simulation results indicate that the proposed approach is capable of monitoring SLA violations and can filter out traffic of intruders who breach SLA without disturbing the normal traffic of legitimate users.     

Simulation of SLA-based VM-scaling algorithms for cloud-distributed applications

Cloud Computing has evolved to become an enabler for delivering access to large scale distributed applications running on managed network-connected computing systems. This makes possible hosting Distributed Enterprise Information Systems (dEISs) in cloud environments, while enforcing strict performance and quality of service requirements, defined using Service Level Agreements (SLAs). SLAs define the performance boundaries of distributed applications, and are enforced by a cloud management system (CMS) dynamically allocating the available computing resources to the cloud services. We present two novel VM-scaling algorithms focused on dEIS systems, which optimally detect most appropriate scaling conditions using performance-models of distributed applications derived from constant-workload benchmarks, together with SLA-specified performance constraints. We simulate the VM-scaling algorithms in a cloud simulator and compare against trace-based performance models of dEISs. We compare a total of three SLA-based VM-scaling algorithms (one using prediction mechanisms) based on a real-world application scenario involving a large variable number of users. Our results show that it is beneficial to use autoregressive predictive SLA-driven scaling algorithms in cloud management systems for guaranteeing performance invariants of distributed cloud applications, as opposed to using only reactive SLA-based VM-scaling algorithms.     

Towards Federated Service Discovery and Identity Management in Collaborative Data and Compute Cloud Infrastructures

This paper compares three multi-national research infrastructures, one that provides data services, one that provides compute services, and one that supports linguistics research. The aim is to jointly provide services to the user communities, and, perhaps eventually, seamlessly interoperate. To this end, we look at and compare how the infrastructures build their service federations (trust, service status, information systems), and how they manage users (identities, authentication, and authorisation).     

An External Broker Interface Based on Existing Trading Protocols

This paper presents an approach to the specification of external interfaces of an electronic broker used in the Architecture for Electronic Brokerage Systems (AEBS). The external interface specified by the AEBS architecture provides both rich functionality and backward compatibility with trading methods that are currently in use in the electronic marketplace. This is achieved by defining the interface at two levels: the external protocol interface and the external object interface. The external protocol interface has been defined in terms of traditional protocols in order to provide access to basic brokerage services for customers and suppliers that already operate in the electronic market. This facilitates the easy introduction of a broker to the market since no modifications are required on the customer or supplier side to use the new brokerage services. The advanced external object interface has been designed and defined using the CORBA model. This provides other actors that need advanced brokerage services with access to the full functionality of a broker. This paper focuses on the design of the external protocol interface of a brokerage system.     

一种面向天文网络协同观测的代理服务器

天文观测是天文学领域的最基本、最重要的科研活动。天文学网络虚拟实验室致力于通过网络集成多台隶属于不同观测基地的天文望远镜资源,为天文科学家提供基于互联网的远程协同观测环境。代理服务器是天文学网络虚拟实验室的核心模块之一,是实现望远镜资源集成与网络协同观测的基础。     

SLA-based QoS pricing in DiffServ networks

The availability of high-speed transmission media and networking equipment in contemporary networks, as well as the evolution of quality-demanding applications has focused research interest on the provision of advanced qualitative services in addition to the traditional best-effort model of the Internet. A number of alternatives for service differentiation and QoS provisioning have been proposed and standardized, but in the case of backbone, transport networks the DiffServ architecture has prevailed, due to its scalability and deployment feasibility. The provisioning of services according to the DiffServ framework has in turn raised the requirements for interdependent, controlled resource allocation and service pricing, with particular needs for pricing mechanisms that preserve the potential and flexibility of DiffServ. At the same time, such mechanisms should reflect resource usage, allocate resources efficiently, reimburse costs or maximize service provision profits and lead customers to requesting services that will maximize their revenue. In this work, after reviewing related research, the principles that a pricing scheme for DiffServ-based services should follow are presented, stressing the differences form traditional Internet pricing. Based on these principles, an analytical approach to pricing a particular class of DiffServ-based services and a methodology for applying this approach in a real network are proposed and evaluated.     

An interoperable solution for Cloud manufacturing

Cloud manufacturing is a new concept extending and adopting the concept of Cloud computing for manufacturing. The aim is to transform manufacturing businesses to a new paradigm in that manufacturing capabilities and resources are componentized, integrated and optimized globally. This study presents an interoperable manufacturing perspective based on Cloud manufacturing. A literature search has been undertaken regarding Cloud architecture and technologies that can assist Cloud manufacturing. Manufacturing resources and capabilities are discussed in terms of Cloud service. A service-oriented, interoperable Cloud manufacturing system is proposed. Service methodologies are developed to support two types of Cloud users, i.e., customer user and enterprise user, along with standardized data models describing Cloud service and relevant features. Two case studies are undertaken to evaluate the proposed system. Cloud technology brings into manufacturing industry with a number of benefits such as openness, cost-efficiency, resource sharing and production scalability.     

Architectural Requirements for Cloud Computing Systems: An Enterprise Cloud Approach

Cloud Computing is a model of service delivery and access where dynamically scalable and virtualized resources are provided as a service over the Internet. This model creates a new horizon of opportunity for enterprises. It introduces new operating and business models that allow customers to pay for the resources they effectively use, instead of making heavy upfront investments. The biggest challenge in Cloud Computing is the lack of a de facto standard or single architectural method, which can meet the requirements of an enterprise cloud approach. In this paper, we explore the architectural features of Cloud Computing and classify them according to the requirements of end-users, enterprises that use the cloud as a platform, and cloud providers themselves. We show that several architectural features will play a major role in the adoption of the Cloud Computing paradigm as a mainstream commodity in the enterprise world. This paper also provides key guidelines to software architects and Cloud Computing application developers for creating future architectures.     

Automated Power Control for Virtualized Infrastructures

Power control for virtualized enviromnents has is keeping underlying infrastructure in reasonably low power gained much attention recently. One of the major challenges states and achieving service-level objectives （SLOs） of upper applications as well. Existing solutions, however, cannot effectively tackle this problem for virtualized environments. In this paper, we propose an automated power control solution for such scenarios in hope of making some progress. The major advantage of our solution is being able to precisely control the CPU frequency levels of a physical environment and the CPU power allocations among virtual machines with respect to the SLOs of multiple applications. Based on control theory and online model estimation, our solution can adapt to the variations of application power demands. Additionally, our solution can simultaneously manage the CPU power control for all virtual machines according to their dependencies at either the application-level or the infrastructure-level. The experimental evaluation demonstrates that our solution outperforms three state-of-the-art methods in terms of achieving the application SLOs with low infrastructure power consumption.     

一种基于层次模型的企业PKI整合方案

随着PKI系统在企业中的广泛应用,企业并购活动中必然涉及原有多个PKI系统的整合问题。分析了现有的PKI系统整合方案,在此基础上结合企业并购活动特点,提出了一种新的基于层次型信任模型的整合方案。与现有方案相比,新方案在证书颁发量、整合费用等方面均具有明显优势。为描述清楚,采用形式化方法定义PKI系统的相关概念,并使用类程序语言描述方案的关键步骤。     

A Data Integration Broker for Healthcare Systems

A prototype information broker uses a software service model to collect and integrate diverse patient data from autonomous healthcare agencies, potentially solving many problems that challenge current enterprise-based file systems     

制造网格中基于SLA的资源管理模型研究

为确保制造网格平台提供的制造资源及服务能够达到使用者的功能与质量要求，建立了基于SLA的资源管理模型，并对模型中的资源调度算法进行了深入研究。该模型以制造资源的服务质量(QoS)属性为评价标准，以服务水平协议(SLA)为约束条件，通过资源调度方法和策略为消费者提供有质量保证的制造服务。最后，以快速成型制造为应用，验证了模型的实用性及资源调度算法的可行性。     

云环境下基于SLA的优化资源分配研究

针对云计算环境下如何高效分配资源,实现资源供应者利润最大化这一难题,提出了一种基于服务级别协议（SLA）的动态云资源分配策略。该策略通过将SLA中的计算力、网络带宽、数据存储等属性作为优化参数,构造了一种服务请求与资源的映射模型,同时设计相应的效用函数,并结合改进的与模拟退火算法相融合的混合粒子群算法（SA-PSO）,实现云环境下的优化资源分配。实验分析结果表明,基于SLA参数的SA-PSO算法具有更好的全局最优值,在给定虚拟资源相同情况下,调用该算法完成用户任务实现的利润更高。     

Policy-Based Management for Federation of Virtualized Infrastructures

This paper presents Policy-based Federation (PBF) architecture for interworked Future Internet Virtualized Infrastructures (VIs). Each VI is an individually managed autonomous domain. Users may request slices of virtual resources across the federation, managed and controlled via inter-domain policies that abide by agreed upon federated SLAs. The key component of our PBF architecture is a Policy Service, which provides support for intra-domain policies (Obligation, Authorization, Role-Based Access Control) and for inter-domain Delegation policies. Delegation policies reserve resources in remote domains, update the number of resources exchanged, set alien domain obligations for cross-domain resource provisioning and define the exchange of internal domain information through the execution of remote semantic queries. Key to the architecture is the PBF Policy Ontology that specifies common federation concepts within the context of a user slice and the PBF services that trigger management actions. A prototype of the proposed architecture was developed and deployed in a European Future Internet federated testbed.