The proliferation of services and service interactions within microservices and cloud-native applications, makes it harder to detect failures and to identify their possible root causes, which is, on ...the other hand crucial to promptly recover and fix applications. Various techniques have been proposed to promptly detect failures based on their symptoms, viz., observing anomalous behaviour in one or more application services, as well as to analyse logs or monitored performance of such services to determine the possible root causes for observed anomalies. The objective of this survey is to provide a structured overview and qualitative analysis of currently available techniques for anomaly detection and root cause analysis in modern multi-service applications. Some open challenges and research directions stemming out from the analysis are also discussed.
Trans-cloud applications consist of multiple interacting components deployed across different cloud providers and at different service layers (IaaS and PaaS). In such complex deployment scenarios, ...fault handling and recovery need to deal with heterogeneous cloud offerings and to take into account inter-component dependencies. We propose a methodology for self-healing trans-cloud applications from failures occurring in application components or in the cloud services hosting them, both during deployment and while they are being operated. The proposed methodology enables reducing the time application components rely on faulted services, hence residing in “unstable” states where they can suddenly fail in cascade or exhibit erroneous behaviour. We also present an open-source prototype illustrating the feasibility of our proposal, which we have exploited to carry out an extensive evaluation based on controlled experiments and monkey testing.
The management of modern enterprise applications is automated by coordinating the deployment, configuration, enactment, and termination of their components. Choosing among different candidate ...implementations for a specified application component requires such implementations to conform to the specified management behaviour. This holds especially if we wish to ensure that the overall application management can continue as planned, or that no additional (potentially undesired) management activity gets enabled. To this end, we introduce a formal framework for testing “management conformance”, i.e., to test whether a candidate implementation can be managed according to the management protocol specifying the allowed management for a component. We also illustrate how our framework enables to run four different conformance tests, each providing a different trade-off between implementation freedom and guarantees on the overall application management. We formally prove that testing management conformance with constraints reducing implementation freedom results in preserving all already allowed management activities when implementing a specification by choosing a conforming implementation and that no additional (potentially undesired) management activity gets enabled. Finally, we assess our framework by means of a prototype implementation and its use in an experimental evaluation.
As microservice-based architectures are increasingly adopted, microservices security has become a crucial aspect to consider for IT businesses. Starting from a set of “security smells” for ...microservice applications that were recently proposed in the literature, we enable the automatic detection of such smells in microservice applications deployed with Kubernetes. We first introduce possible analysis techniques to automatically detect security smells in Kubernetes-deployed microservices. We then demonstrate the practical applicability of the proposed techniques by introducing KubeHound, an extensible prototype tool for automatically detecting security smells in microservice applications, and which already features a selected subset of the discussed analyses. We finally show that KubeHound can effectively detect instances of security smells in microservice applications by means of controlled experiments and by applying it to existing, third-party applications.
Estimating the cost of a multi-component application (e.g., its resource or energy consumption) is fundamental in nowadays enterprise IT, especially if we consider that current pricing models are ...mainly pay per-use. While this is still manageable on small applications, it is really hard to manually estimate the cost of large-scale enterprise applications involving hundreds of interdependent application components. In this article, we formalise the problem of estimating costs of multi-component applications, by representing the structure of an application as a typed directed graph, and by allowing to associate different types of costs with different application components. We show that costs can be fully customised, and that associating different costs with the same application leads to different cost estimation problems defined on that application.We then present an approach for solving cost estimation problems on multi-component applications, which is based on terminating and confluent graph transformations. We also present a prototype implemenation of our approach, which we use to run a case study based on a third-party application.
Microservices gained momentum in enterprise IT, as they enable building cloud-native applications. At the same time, they come with new security challenges, including security smells, viz., symptoms ...of bad (though often unintentional) design decisions that might affect application security. This study aims to explore the impacts of microservice security smells –and of the refactorings known to mitigate their effects– beyond security. In particular, we systematically elicit possible impacts of smells and refactorings on applications’ maintainability, performance efficiency, and adherence to microservices’ key design principles. We then validate the elicited impacts through an online survey targeting experienced practitioners and researchers. Our main contributions include 35 validated impacts and a discussion of the survey results geared towards analyzing the (mis)alignment between practitioners and researchers. Finally, we also provide a holistic view of these impacts, through Softgoal Interdependency Graphs (SIGs).
Containers as a lightweight technology to virtualise applications have recently been successful, particularly to manage applications in the cloud. Often, the management of clusters of containers ...becomes essential and the orchestration of the construction and deployment becomes a central problem. This emerging topic has been taken up by researchers, but there is currently no secondary study to consolidate this research. We aim to identify, taxonomically classify and systematically compare the existing research body on containers and their orchestration and specifically the application of this technology in the cloud. We have conducted a systematic mapping study of 46 selected studies. We classified and compared the selected studies based on a characterisation framework. This results in a discussion of agreed and emerging concerns in the container orchestration space, positioning it within the cloud context, but also moving it closer to current concerns in cloud platforms, microservices and continuous development.
•We first present our approach to systematically analyse grey literature on microservices.•We identify, analyse and compare the technical/operational pains of microservices.•We identify, analyse and ...compare the technical/operational gains of microservices.•We conclude by discussing the research directions stemming out from our analysis.
The design, development, and operation of microservices are picking up more and more momentum in the IT industry. At the same time, academic work on the topic is at an early stage, and still on the way to distilling the actual “Pains & Gains” of microservices as an architectural style. Having witnessed this gap, we set forth to systematically analyze the industrial grey literature on microservices, to identify the technical/operational pains and gains of the microservice-based architectural style. We conclude by discussing research directions stemming out from our analysis.
Summary
How to flexibly manage complex applications across heterogeneous cloud platforms is one of the main concerns in today's IT enterprise. The OASIS standard TOSCA (Topology and Orchestration ...Specification for Cloud Applications) and the Docker ecosystem are two emerging solutions trying to address this problem from different perspectives. In this paper, we propose a solution that tries to synergically combine the pros of both TOSCA and of Docker. More precisely, we propose a TOSCA‐based representation for specifying the software components and the Docker containers forming an application. We also present TosKer, an engine for orchestrating the management of multicomponent applications based on the proposed TOSCA representation and on Docker. Finally, we illustrate how TosKer was fruitfully exploited in a concrete case study based on a third‐party application.