Toward the automation of a QoS-driven SLA establishment in the Cloud

Composite software as a service (SaaS)-based SOA offers opportunities for enterprises to offer value-added services. The cornerstone for such a business is service level agreements between Cloud customers and Cloud providers. In spite of the hype surrounding composite SaaS, standardized methods that enable a reliable management of service level agreements starting from the SLA derivation from the customer requirements to the SLA establishment between the two stockholders are still missing. To overcome such a drawback, we propose a method for SLA establishment guided by QoS for composite SaaS. Our method provides: (1) a requirement specification language for the Cloud customer to define the composition schemas of the requested services along with its QoS constraints; (2) a Cloud provider offer specification language and method to help in identifying the services and resources that satisfy the customer requirements; and (3) an SLA document definition language and method to specify a deployable composite SaaS on the Cloud. Our approach for SLA establishment embraces model-driven architecture principles to automate the SLA document generation from the customer requirements document. The automation is handled through model transformations along with enrichment algorithms to ensure the generation of complete SLA documents.     

Architectural Requirements for Cloud Computing Systems: An Enterprise Cloud Approach

Cloud Computing is a model of service delivery and access where dynamically scalable and virtualized resources are provided as a service over the Internet. This model creates a new horizon of opportunity for enterprises. It introduces new operating and business models that allow customers to pay for the resources they effectively use, instead of making heavy upfront investments. The biggest challenge in Cloud Computing is the lack of a de facto standard or single architectural method, which can meet the requirements of an enterprise cloud approach. In this paper, we explore the architectural features of Cloud Computing and classify them according to the requirements of end-users, enterprises that use the cloud as a platform, and cloud providers themselves. We show that several architectural features will play a major role in the adoption of the Cloud Computing paradigm as a mainstream commodity in the enterprise world. This paper also provides key guidelines to software architects and Cloud Computing application developers for creating future architectures.     

DRM cloud framework to support heterogeneous digital rights management systems

The DRM(digital rights management) techniques have been rapidly developed to protect the digital media contents. The growth of smart device and cloud computing makes the environment in which various services can be provided anywhere and anytime, so the DRM technologies have to react to such changes. From this aspect, we previously proposed the architecture of DRM-as-a-Service that provides various functionalities of DRM as some services on the cloud environment, and we referred to it as the DRM Cloud. In this paper, we define a reference model of DRM Cloud to represent some DRM functions that are provided by the DRM Cloud, and several service scenarios are proposed on the DRM Cloud. Also we simulate the DRM Cloud on the testbed and then discuss some security issues and how to handle the interoperability in the DRM Cloud. We conclude that the DRM Cloud allows the content consumers to use many contents with various smart devices, also let the DRM developers and the content service providers reduce the costs of development and business.     

Toward Cloud Computing QoS Architecture: Analysis of Cloud Systems and Cloud Services

Cloud can be defined as a new computing paradigm that provides scalable, on-demand, and virtualized resources for users. In this style of computing, users can access a shared pool of computing resources which are provisioned with minimal management efforts of users. Yet there are some obstacles and concerns about the use of clouds. Guaranteeing quality of service (QoS) by service providers can be regarded as one of the main concerns for companies tending to use it. Service provisioning in clouds is based on service level agreements representing a contract negotiated between users and providers. According to this contract, if a provider cannot satisfy its agreed application requirements, it should pay penalties as compensation. In this paper, we intend to carry out a comprehensive survey on the models proposed in literature with respect to the implementation principles to address the QoS guarantee issue.      

An interoperable solution for Cloud manufacturing

Cloud manufacturing is a new concept extending and adopting the concept of Cloud computing for manufacturing. The aim is to transform manufacturing businesses to a new paradigm in that manufacturing capabilities and resources are componentized, integrated and optimized globally. This study presents an interoperable manufacturing perspective based on Cloud manufacturing. A literature search has been undertaken regarding Cloud architecture and technologies that can assist Cloud manufacturing. Manufacturing resources and capabilities are discussed in terms of Cloud service. A service-oriented, interoperable Cloud manufacturing system is proposed. Service methodologies are developed to support two types of Cloud users, i.e., customer user and enterprise user, along with standardized data models describing Cloud service and relevant features. Two case studies are undertaken to evaluate the proposed system. Cloud technology brings into manufacturing industry with a number of benefits such as openness, cost-efficiency, resource sharing and production scalability.     

Highly reliable architecture using the 80/20 rule in cloud computing datacenters

Cloud datacenters host hundreds of thousands of physical servers that offer computing resources for executing customer jobs. While the failures of these physical machines are considered normal rather than exceptional, in large-scale distributed systems and cloud datacenters evaluation of availability in a datacenter is essential for both cloud providers and customers. Although providing a highly available and reliable computing infrastructure is essential to maintaining customer confidence, cloud providers desire to have highly utilized datacenters to increase the profit level of delivered services. Cloud computing architectural solutions should thus take into consideration both high availability for customers and highly utilized resources to make delivering services more profitable for cloud providers. This paper presents a highly reliable cloud architecture by leveraging the 80/20 rule. This architecture uses the 80/20 rule (80% of cluster failures come from 20% of physical machines) to identify failure-prone physical machines by dividing each cluster into reliable and risky sub-clusters. Furthermore, customer jobs are divided into latency-sensitive and latency-insensitive types. The results showed that only about 1% of all requested jobs are extreme latency-sensitive and require availability of 99.999%. By offering services to revenue-generating jobs, which are less than 50% of all requested jobs, within the reliable subcluster of physical machines, cloud providers can make their businesses more profitable by preventing service level agreement violation penalties and improving their reputations.     

EMUSIM: an integrated emulation and simulation environment for modeling,evaluation, and validation of performance of Cloud computing applications

Cloud computing allows the deployment and delivery of application services for users worldwide. Software as a Service providers with limited upfront budget can take advantage of Cloud computing and lease the required capacity in a pay‐as‐you‐go basis, which also enables flexible and dynamic resource allocation according to service demand. One key challenge potential Cloud customers have before renting resources is to know how their services will behave in a set of resources and the costs involved when growing and shrinking their resource pool. Most of the studies in this area rely on simulation‐based experiments, which consider simplified modeling of applications and computing environment. In order to better predict service's behavior on Cloud platforms, we developed an integrated architecture that is based on both simulation and emulation. The proposed architecture, named EMUSIM, automatically extracts information from application behavior via emulation and then uses this information to generate the corresponding simulation model. We performed experiments using an image processing application as a case study and found that EMUSIM was able to accurately model such application via emulation and use the model to supply information about its potential performance in a Cloud provider. We also discuss our experience using EMUSIM for deploying applications in a real public Cloud provider. EMUSIM is based on an open source software stack and therefore it can be extended for analysis behavior of several other applications. Copyright © 2012 John Wiley & Sons, Ltd.     

Development of a Hybrid Manufacturing Cloud

Cloud manufacturing is emerging as a novel business paradigm for the manufacturing industry, in which dynamically scalable and virtualised resources are provided as consumable services over the Internet. A handful of cloud manufacturing systems are proposed for different business scenarios, most of which fall into one of three deployment modes, i.e. private cloud, community cloud, and public cloud. One of the challenges in the existing solutions is that few of them are capable of adapting to changes in the business environment. In fact, different companies may have different cloud requirements in different business situations; even a company at different business stages may need different cloud modes. Nevertheless, there is limited support on migrating to different cloud modes in existing solutions. This paper proposes a Hybrid Manufacturing Cloud that allows companies to deploy different cloud modes for their periodic business goals. Three typical cloud modes, i.e. private cloud, community cloud and public cloud are supported in the system. Furthermore, it enables companies to set self-defined access rules for each resource so that unauthorised companies will not have access to the resource. This self-managed mechanism gives companies full control of their businesses and boosts their trust with enhanced privacy protection. A unified ontology is developed to enhance semantic interoperability throughout the whole process of service provision in the clouds. A Cloud Management Engine is developed to manage all the user-defined clouds, in which Semantic Web technologies are used as the main toolkit. The feasibility of this approach is verified through a group of companies, each of which has complex access requirements for their resources. In addition, a use case is carried out between customers and service providers. This way, optimal service is delivered through the proposed system.     

Enforcing QoS in scientific workflow systems enacted over Cloud infrastructures

The ability to support Quality of Service (QoS) constraints is an important requirement in some scientific applications. With the increasing use of Cloud computing infrastructures, where access to resources is shared, dynamic and provisioned on-demand, identifying how QoS constraints can be supported becomes an important challenge. However, access to dedicated resources is often not possible in existing Cloud deployments and limited QoS guarantees are provided by many commercial providers (often restricted to error rate and availability, rather than particular QoS metrics such as latency or access time). We propose a workflow system architecture which enforces QoS for the simultaneous execution of multiple scientific workflows over a shared infrastructure (such as a Cloud environment). Our approach involves multiple pipeline workflow instances, with each instance having its own QoS requirements. These workflows are composed of a number of stages, with each stage being mapped to one or more physical resources. A stage involves a combination of data access, computation and data transfer capability. A token bucket-based data throttling framework is embedded into the workflow system architecture. Each workflow instance stage regulates the amount of data that is injected into the shared resources, allowing for bursts of data to be injected while at the same time providing isolation of workflow streams. We demonstrate our approach by using the Montage workflow, and develop a Reference net model of the workflow.     

Accelerator Virtualization Framework Based on Inter-VM Exitless Communication

The increasing deployment of artificial intelligence has placed unprecedent requirements on the computing power of cloud computing. Cloud service providers have integrated accelerators with massive parallel computing units in the data center. These accelerators need to be combined with existing virtualization platforms to partition the computing resources. The current mainstream accelerator virtualization solution is through the PCI passthrough approach, which however does not support fine-grained resource provisioning. Some manufacturers also start to provide time-sliced multiplexing schemes and use drivers to cooperate with specific hardware to divide resources and time slices to different virtual machines, which unfortunately suffer from poor portability and flexibility. One alternative but promising approach is based on API forwarding, which forwards the virtual machine''s request to the back-end driver for processing through a separate driver model. Yet, the communication due to API forwarding can easily become the performance bottleneck. This paper proposes Wormhole, an accelerator virtualization framework based on the C/S architecture that supports rapid delegated execution across virtual machines. It aims to provide upper-level users with an efficient and transparent way to accelerate the virtualization of accelerators with API forwarding while ensuring strong isolation between multiple users. By leveraging hardware virtualization feature, the framework minimizes performance degradation through exitless inter-VM control flow switch. Experimental results show that Wormhole''s prototype system can achieve up to 5 times performance improvement over the traditional open-source virtualization solution such as GVirtuS in the training test of the classic model.     

Towards an autonomic performance management approach for a cloud broker environment using a decomposition–coordination based methodology

Efficient resource allocation of computational resources to services is one of the predominant challenges in a cloud computing environment. Furthermore, the advent of cloud brokerage and federated cloud computing systems increases the complexity of cloud resource management. Cloud brokers are considered third party organizations that work as intermediaries between the service providers and the cloud providers. Cloud brokers rent different types of cloud resources from a number of cloud providers and sublet these resources to the requesting service providers. In this paper, an autonomic performance management approach is introduced that provides dynamic resource allocation capabilities for deploying a set of services over a federated cloud computing infrastructure by considering the availability as well as the demand of the cloud computing resources. A distributed control based approach is used for providing autonomic computing features to the proposed framework via a feedback-based control loop. This distributed control based approach is developed using one of the decomposition–coordination methodologies, named interaction balance, for interactive bidding of cloud computing resources. The primary goals of the proposed approach are to maintain the service level agreements, maximize the profit, and minimize the operating cost for the service providers and the cloud broker. The application of interaction balance methodology and prioritization of profit maximization for the cloud broker and the service providers during resource allocation are novel contributions of the proposed approach.     

A low-level resource allocation in an agent-based Cloud Computing platform

The distribution of computational resources in a Cloud Computing platform is a complex process with several parameters to consider such as the demand for services, available computational resources and service level agreements with end users. Currently, the state-of-the-art presents centralized approaches derived from previous technologies related to cluster of servers. These approaches allocate computational resources by means of the addition/removal of (physical/virtual) computational nodes. However, virtualization technology currently allows for research into new techniques, which makes it possible to allocate at a lower level. In other words, not only is it possible to add/remove nodes, but also to modify the resources of each virtual machine (low level resource allocation). Thus, agent theory is a key technology in this field, allowing decentralized resource allocation. This innovative approach has undeniable improvements such us computational load distribution and reduced computation time. The evaluation was carried out through experiments in a real Cloud environment, thus proving the validity of the proposed approach.     

A method for trust management in cloud computing: Data coloring by cloud watermarking

With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dynamical, scalable and often virtualized resources are provided as services. With virtualization technology, cloud computing offers diverse services (such as virtual computing, virtual storage, virtual bandwidth, etc.) for the public by means of multi-tenancy mode. Although users are enjoying the capabilities of super-computing and mass storage supplied by cloud computing, cloud security still remains as a hot spot problem, which is in essence the trust management between data owners and storage service providers. In this paper, we propose a data coloring method based on cloud watermarking to recognize and ensure mutual reputations. The experimental results show that the robustness of reverse cloud generator can guarantee users embedded social reputation identifications. Hence, our work provides a reference solution to the critical problem of cloud security.     

Contract RBAC in cloud computing

Cloud computing is a fast growing field, which is arguably a new computing paradigm. In cloud computing, computing resources are provided as services over the Internet and users can access resources based on their payments. The issue of access control is an important security scheme in the cloud computing. In this paper, a Contract RBAC model with continuous services for user to access various source services provided by different providers is proposed. The Contract RBAC model extending from the well-known RBAC model in cloud computing is shown. The extending definitions in the model could increase the ability to meet new challenges. The Contract RBAC model can provide continuous services with more flexible management in security to meet the application requirements including Intra-cross cloud service and Inter-cross cloud service. Finally, the performance analyses between the traditional manner and the scheme are given. Therefore, the proposed Contract RBAC model can achieve more efficient management for cloud computing environments.     

Personal mobile services

Ubiquitous information access through mobile devices has become a typical practice in everyday life. The mobile service paradigm shifts the role of mobile devices from consumers to providers, opening up new opportunities for a multitude of collaborative services and applications ranging from sharing personal information to collaborative participatory sensing. Although many basic principles of the standard Web service approach continue to apply, the inherent constraints of mobile devices and broadband wireless access render the deployment of the standard architecture in mobile environments inefficient. This paper introduced personal services, a user-centric paradigm that enables service-oriented interactions among mobile devices that are controlled via user-specified authorization policies. Personal services exploit the user’s contact list (ranging from phonebook to social lists) in order to publish and discover Web services while placing users in full control of their own personal data and privacy. Experimental validation demonstrates the ability of personal services to foster a new generation of collaborative mobile services. Performance evaluation results show that the publication and discovery through contact lists are efficient and that service announcements and discovery requests can reach a huge number of users in a few seconds. Results also support a conclusion that resources-constrained devices can collaborate to carry out functionalities beyond the ability of their resources limitations.     

Taking back control of privacy: a novel framework for preserving cloud-based firewall policy confidentiality

As the cloud computing paradigm evolves, new types of cloud-based services have become available, including security services. Some of the most important and most commonly adopted security services are firewall services. These cannot be easily deployed in a cloud, however, because of a lack of mechanisms preserving firewall policy confidentiality. Even if they were provided, the customer traffic flowing through the Cloud Service Provider infrastructure would still be exposed to eavesdropping and information gaining by performing analysis. To bypass these issues, the following article introduces a novel framework, known as the Ladon Hybrid Cloud, for preserving cloud-based firewall policy confidentiality. It is shown that in this framework, a high level of privacy is provided thanks to leveraging an anonymized firewall approach and a hybrid cloud model. A number of optimization techniques, which help to further improve the Ladon Hybrid Cloud privacy level, are also introduced. Finally, analysis performed on the framework shows that it is possible to find a trade-off between the Ladon Hybrid Cloud privacy level, its congestion probability, and efficiency. This argument has been demonstrated through the results of conducted experiments.     

Cloud service access control system based on ontologies

Cloud service is a new and distinctive business model for service providers. Access control is an emerging and challenging issue in supporting cloud service business. This work proposes a new access control mechanism called cloud service access control (CSAC). The CSAC mechanism considers payment status and service level as the two essential characteristics of cloud service. Ontology is a theoretical foundation for the CSAC mechanism. Inconsistent access control policies are detected by a set of proposed policy conflict analysis rules. Inappropriate user accesses are inhibited by access control policies according the proposed access denying rules. System architecture is designed to support the CSAC mechanism. A case study is provided to demonstrate how CSAC works. Finally, an evaluation is conducted to measure the concept explosion issue in CSAC.     

Data storage auditing service in cloud computing: challenges,methods and opportunities

Cloud computing is a promising computing model that enables convenient and on-demand network access to a shared pool of configurable computing resources. The first offered cloud service is moving data into the cloud: data owners let cloud service providers host their data on cloud servers and data consumers can access the data from the cloud servers. This new paradigm of data storage service also introduces new security challenges, because data owners and data servers have different identities and different business interests. Therefore, an independent auditing service is required to make sure that the data is correctly hosted in the Cloud. In this paper, we investigate this kind of problem and give an extensive survey of storage auditing methods in the literature. First, we give a set of requirements of the auditing protocol for data storage in cloud computing. Then, we introduce some existing auditing schemes and analyze them in terms of security and performance. Finally, some challenging issues are introduced in the design of efficient auditing protocol for data storage in cloud computing.     

Power‐aware provisioning of virtual machines for real‐time Cloud services

Reducing power consumption has been an essential requirement for Cloud resource providers not only to decrease operating costs, but also to improve the system reliability. As Cloud computing becomes emergent for the Anything as a Service (XaaS) paradigm, modern real‐time services also become available through Cloud computing. In this work, we investigate power‐aware provisioning of virtual machines for real‐time services. Our approach is (i) to model a real‐time service as a real‐time virtual machine request; and (ii) to provision virtual machines in Cloud data centers using dynamic voltage frequency scaling schemes. We propose several schemes to reduce power consumption by hard real‐time services and power‐aware profitable provisioning of soft real‐time services. Copyright © 2011 John Wiley & Sons, Ltd.     

Multi-tenant intrusion detection system for public cloud (MTIDS)

Cloud computing is an innovative paradigm technology that is known for its versatility. It provides many creative services as requested, and it is both cost efficient and reliable. More specifically, cloud computing provides an opportunity for tenants to reduce cost and raise effectiveness by offering an alternative method of service utilization. Although these services are easily provided to tenants on demand with minor infrastructure investment, they are significantly exposed to intrusion attempts since the services are offered under the administration of diverse supervision over the Internet. Moreover, the security mechanisms offered by cloud providers do not take into consideration the variation of tenants’ needs as they provide the same security mechanism for all tenants. So, meeting tenants’ security requirements are still a major challenge for cloud providers. In this paper, we concentrate on the security service offered to cloud tenants and service providers and their infrastructure to restrain intruders. We intend to provide a flexible, on-demand, scalable, and pay-as-you-go multi-tenant intrusion detection system as a service that targets the security of the public cloud. Further, it is designed to deliver appropriate and optimized security taking into consideration the tenants’ needs in terms of security service requirements and budget.