The increasing complexity of cloud computing has prompted a greater emphasis on protecting the privacy, integrity, and security of data stored and processed in the cloud. Data privacy is safeguarded ...through access control, but existing models such as Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC) rely on a centralized server. If this server is compromised, it poses significant risks to data security. To address this issue, there is a need for Distributed ABAC (DABAC) system for OpenStack services based on blockchain. The unique features of blockchain enables access control systems which ensures data integrity and privacy. Additionally, blockchain offers a level of transparency for both the resource owner and a user. In this work, we propose a smart contract based ABAC system. We implemented the proposed work using an Ethereum blockchain and OpenStack cloud. Furthermore, we evaluated two consensus algorithms for scalability analysis of DABC mechanism. The results demonstrate that DABAC performs better than ABAC in ensuring fine-grade access control with proof of stake consensus algorithm providing better scalability.
In Cloud systems, Virtual Machines (VMs) are scheduled to hosts according to their instant resource usage (e.g. to hosts with most available RAM) without considering their overall and long-term ...utilization. Also, in many cases, the scheduling and placement processes are computational expensive and affect performance of deployed VMs. In this work, we present a Cloud VM scheduling algorithm that takes into account already running VM resource usage over time by analyzing past VM utilization levels in order to schedule VMs by optimizing performance. We observe that Cloud management processes, like VM placement, affect already deployed systems (for example this could involve throughput drop in a database cluster), so we aim to minimize such performance degradation. Moreover, overloaded VMs tend to steal resources (e.g. CPU) from neighbouring VMs, so our work maximizes VMs real CPU utilization. Based on these, we provide an experimental analysis to compare our solution with traditional schedulers used in OpenStack by exploring the behaviour of different NoSQL (MongoDB, Apache Cassandra and Elasticsearch). The results show that our solution refines traditional instant-based physical machine selection as it learns the system behaviour as well as it adapts over time. The analysis is prosperous as for the selected setting we approximately minimize performance degradation by 19% and we maximize CPU real time by 2% when using real world workloads.
In recent years, Cloud computing has been emerging as the next big revolution in both computer networks and Web provisioning. Because of raised expectations, several vendors, such as Amazon and IBM, ...started designing, developing, and deploying Cloud solutions to optimize the usage of their own data centers, and some open-source solutions are also underway, such as Eucalyptus and OpenStack. Cloud architectures exploit virtualization techniques to provision multiple Virtual Machines (VMs) on the same physical host, so as to efficiently use available resources, for instance, to consolidate VMs in the minimal number of physical servers to reduce the runtime power consumption. VM consolidation has to carefully consider the aggregated resource consumption of co-located VMs, in order to avoid performance reductions and Service Level Agreement (SLA) violations. While various works have already treated the VM consolidation problem from a theoretical perspective, this paper focuses on it from a more practical viewpoint, with specific attention on the consolidation aspects related to power, CPU, and networking resource sharing. Moreover, the paper proposes a Cloud management platform to optimize VM consolidation along three main dimensions, namely power consumption, host resources, and networking. Reported experimental results point out that interferences between co-located VMs have to be carefully considered to avoid placement solutions that, although being feasible from a more theoretical viewpoint, cannot ensure VM provisioning with SLA guarantees.
► We discuss VM consolidation issues in Cloud Infrastructure as a Service (IaaS). ► We survey related works to clarify current state-of-the-art and ongoing research. ► We propose a management infrastructure for the open-source OpenStack Cloud. ► We highlight interferences due to network virtualization between co-located VMs.
This article presents a cloud computing adoption framework (CCAF) security suitable for business clouds. CCAF multilayered security is based on the development and integration of three major security ...technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This article presents the vision, related works, and views on security framework. Core technologies have been explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multilayered security. In penetration testing, CCAF multilayered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 h of continuous attack. Detection and blocking took <0.012s/trojan or virus. A full CCAF multilayered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multilayered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. The mechanism of blending of CCAF multilayered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multilayered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud.
•We demonstrate CCAF multi-layered security.•We explain the mappings between CCAF multi-layered architecture and core technologies•We performed penetration testing and SQL injection on CCAF multi-layered security.•Results and analysis by CCAF are better than those produced by the other tools.•CCAF multi-layered security blends with policy, services and business activities.
Cloud computing is a term used nowadays. Cloud computing usage is already spread all over the world and used by many companies. Because of its high usage, a need for cloud storage now emerges. Cloud ...storage not only uses resources more effectively but also makes it much easier to utilize a virtual machine. Several alternative protocols can be implemented for cloud storage, and each protocol has its advantages. This research aims to determine the most suitable alternative protocol to implement OpenStack cinder in utilizing cloud storage. Cloud computing implementation is done in a computer laboratory at Petra Christian University using the private cloud. A NAS Synology DS416J was used as the storage provider. The application built by using the OpenStack cloud framework that provides Infrastructure as a Service (IaaS). OpenStack cinder is one of the OpenStack projects that offer cloud storage with persistent storage. OpenStack Cinder itself can be implemented using fiber channel, NFS, and iSCSI protocols, but this research primarily focuses on two protocols, namely NFS and iSCSI. NFS and iSCSI have their respective advantages, so testing is needed to determine the most suitable protocol to be implemented on OpenStack cinder. After implementation, testing was carried out by measuring the performance of the NFS and iSCSI protocols when applied on OpenStack cinder using IO-zone. Based on the results, it can be seen where NFS has the advantage when writing files with a small record size, whereas iSCSI has the advantage when writing files with a large record size; however, in reading activity, there is no noticeable difference between the NFS and iSCSI protocols. By taking into account the results of testing and analysis of the systems that have been made, the conclusion is that the iSCSI protocol is better to be implemented on OpenStack cinder than NFS.
In this paper the problem of creating virtual clusters in clouds for big data analysis with Apache Hadoop and Apache Spark is discussed. Existing methods for Apache Spark clusters creation are ...described in this work. Also the implemented solution for building Apache Spark clusters and Apache Spark jobs execution in Openstack environment is described. The implemented solution is a modification for OpenStack Sahara project and it was featured in Openstack Liberty release.
The complexity of providing secure access, protecting critical data and end-user privacy in cloud data centre is leading to a demand for a new approach in network and data security. Recently, ...blockchain technology is being used in claims management to provide a decentralized and secure solution. The issue of security is crucial in the Virtual machine authorization in the cloud data centers. In the traditional approach of VM authorization, SSH key and IP address is given to the user to log into virtual machines. This opens much vulnerability as it might get spoofed or sniffed from the network, leading to accesses of private data to intruder. In this work, we propose a method which intends to aid in the security of the VM authorization using claims-based authorization system in conjunction with Blockchain based decentralized storage. Furthermore, the proposed system automates the process of launching a VM in OpenStack orchestration software.
In Software-Defined Networking (SDN) enabled cloud data centers, live VM migration is a key technology to facilitate the resource management and fault tolerance. Despite many research focus on the ...network-aware live migration of VMs in cloud computing, some parameters that affect live migration performance are neglected to a large extent. Furthermore, while SDN provides more traffic routing flexibility, the latencies within the SDN directly affect the live migration performance. In this paper, we pinpoint the parameters from both system and network aspects affecting the performance of live migration in the environment with OpenStack platform, such as the static adjustment algorithm of live migration, the performance comparison between the parallel and the sequential migration, and the impact of SDN dynamic flow scheduling update rate on TCP/IP protocol. From the QoS view, we evaluate the pattern of client and server response time during the pre-copy, hybrid post-copy, and auto-convergence based migration.
•Comprehensive evaluation of block live migration in SDN-enabled data centers.•Evaluation of OpenStack downtime adjustment algorithm.•Modeling the trade-off between sequential and parallel migration.•Evaluation of the effect of flow scheduling update rate on as TCP/IP.•Response time pattern of a multi-tier application under various migration strategies.
Nowadays OpenStack platform is a leading solution in cloud computing field. Keystone, the OpenStack Identity Service is one of its major components. In this paper we demonstrate the problem of ...Keystone performance degradation during constant load. In order to find source of the problem we have tested Keystone with different backends (PostgreSQL, MariaDB), frontends (Apache2, ngnix) and keeping the database on different hardware (HDD, SSD and tmpfs on RAM). Tests were conducted with Rally. As a result, in all test cases we have seen inadequate quick degradation under relatively light load. We have also implemented a mock service which represents the simplest Keystone tasks. Our service turned out to be much faster than Keystone. The problem with Keystone might be related to either its internal logic implementation or incorrect interaction with other components; it is the subject of further research.
One of the main challenges in cloud computing is an enormous amount of energy consumed in data-centers. Several researches have been conducted on Virtual Machine(VM) consolidation to optimize energy ...consumption. Among the proposed VM consolidations, OpenStack Neat is notable for its practicality. OpenStack Neat is an open-source consolidation framework that can seamlessly integrate to OpenStack, one of the most common and widely used open-source cloud management tool. The framework has components for deciding when to migrate VMs and for selecting suitable hosts for the VMs (VM placement). The VM placement algorithm of OpenStack Neat is called Modified Best-Fit Decreasing (MBFD). MBFD is based on a heuristic that handles only minimizing the number of servers. The heuristic is not only less energy efficient but also increases Service Level Agreement (SLA) violation and consequently cause more VM migrations. To improve the energy efficiency, we propose VM placement algorithms based on both bin-packing heuristics and servers’ power efficiency. In addition, we introduce a new bin-packing heuristic called a Medium-Fit (MF) to reduce SLA violation. To evaluate performance of the proposed algorithms we have conducted experiments using CloudSim on three cloud data-center scenarios: homogeneous, heterogeneous and default. Workloads that run in the data-centers are generated from traces of PlanetLab and Bitbrains clouds. The results of the experiment show up-to 67% improvement in energy consumption and up-to 78% and 46% reduction in SLA violation and amount of VM migrations, respectively. Moreover, all improvements are statistically significant with significance level of 0.01.
PDF
