Toward Next-generation Data Centers : Principles of Software-Defined “Hardware” Infrastructures and Resource Disaggregation

Roozbeh, Amir

January 2019

The cloud is evolving due to additional demands introduced by new technological advancements and the wide movement toward digitalization. Therefore, next-generation data centers (DCs) and clouds are expected (and need) to become cheaper, more efficient, and capable of offering more predictable services. Aligned with this, we examine the concept of software-defined “hardware” infrastructures (SDHI) based on hardware resource disaggregation as one possible way of realizing next-generation DCs. We start with an overview of the functional architecture of a cloud based on SDHI. Following this, we discuss a series of use-cases and deployment scenarios enabled by SDHI and explore the role of each functional block of SDHI’s architecture, i.e., cloud infrastructure, cloud platforms, cloud execution environments, and applications. Next, we propose a framework to evaluate the impact of SDHI on techno-economic efficiency of DCs, specifically focusing on application profiling, hardware dimensioning, and total cost of ownership (TCO). Our study shows that combining resource disaggregation and software-defined capabilities makes DCs less expensive and easier to expand; hence they can rapidly follow the exponential demand growth. Additionally, we elaborate on technologies behind SDHI, its challenges, and its potential future directions. Finally, to identify a suitable memory management scheme for SDHI and show its advantages, we focus on the management of Last Level Cache (LLC) in currently available Intel processors. Aligned with this, we investigate how better management of LLC can provide higher performance, more predictable response time, and improved isolation between threads. More specifically, we take advantage of LLC’s non-uniform cache architecture (NUCA) in which the LLC is divided into “slices,” where access by the core to which it closer is faster than access to other slices. Based upon this, we introduce a new memory management scheme, called slice-aware memory management, which carefully maps the allocated memory to LLC slices based on their access time latency rather than the de facto scheme that maps them uniformly. Many applications can benefit from our memory management scheme with relatively small changes. As an example, we show the potential benefits that Key-Value Store (KVS) applications gain by utilizing our memory management scheme. Moreover, we discuss how this scheme could be used to provide explicit CPU slicing – which is one of the expectations of SDHI  and hardware resource disaggregation. / <p>QC 20190415</p>

cloud computing

next-generation data centers

resource disaggregation

TCO

last level cache

Communication Systems

Kommunikationssystem

Achieving Data Privacy and Security in Cloud

Huang, Xueli

January 2016

The growing concerns in term of the privacy of data stored in public cloud have restrained the widespread adoption of cloud computing. The traditional method to protect the data privacy is to encrypt data before they are sent to public cloud, but heavy computation is always introduced by this approach, especially for the image and video data, which has much more amount of data than text data. Another way is to take advantage of hybrid cloud by separating the sensitive data from non-sensitive data and storing them in trusted private cloud and un-trusted public cloud respectively. But if we adopt the method directly, all the images and videos containing sensitive data have to be stored in private cloud, which makes this method meaningless. Moreover, the emergence of the Software-Defined Networking (SDN) paradigm, which decouples the control logic from the closed and proprietary implementations of traditional network devices, enables researchers and practitioners to design new innovative network functions and protocols in a much easier, flexible, and more powerful way. The data plane will ask the control plane to update flow rules when the data plane gets new network packets with which it does not know how to deal with, and the control plane will then dynamically deploy and configure flow rules according to the data plane's requests, which makes the whole network could be managed and controlled efficiently. However, this kind of reactive control model could be used by hackers launching Distributed Denial-of-Service (DDoS) attacks by sending large amount of new requests from the data plane to the control plane. For image data, we divide the image is into pieces with equal size to speed up the encryption process, and propose two kinds of method to cut the relationship between the edges. One is to add random noise in each piece, the other is to design a one-to-one mapping function for each piece to map different pixel value into different another one, which cuts off the relationship between pixels as well the edges. Our mapping function is given with a random parameter as inputs to make each piece could randomly choose different mapping. Finally, we shuffle the pieces with another random parameter, which makes the problems recovering the shuffled image to be NP-complete. For video data, we propose two different methods separately for intra frame, I-frame, and inter frame, P-frame, based on their different characteristic. A hybrid selective video encryption scheme for H.264/AVC based on Advanced Encryption Standard (AES) and video data themselves is proposed for I-frame. For each P-slice of P-frame, we only abstract small part of them in private cloud based on the characteristic of intra prediction mode, which efficiently prevents P-frame being decoded. For cloud running with SDN, we propose a framework to keep the controller away from DDoS attack. We first predict the amount of new requests for each switch periodically based on its previous information, and the new requests will be sent to controller if the predicted total amount of new requests is less than the threshold. Otherwise these requests will be directed to the security gate way to check if there is a attack among them. The requests that caused the dramatic decrease of entropy will be filter out by our algorithm, and the rules of these request will be made and sent to controller. The controller will send the rules to each switch to make them direct the flows matching with the rules to honey pot. / Computer and Information Science

Computer Science

Big Data

Cloud Computing

Data Security

Network Security

Sdn

Modelling Cities as a collection of TeraSystems - Computational challenges in Multi-Agent Approach

Kiran, Mariam

03 June 2015

Yes / Agent-based modeling techniques are ideal for modeling massive complex systems such as insect colonies or biological cellular systems and even cities. However these models themselves are extremely complex to code, test, simulate and analyze. This paper discusses the challenges in using agent-based models to model complete cities as a complex system. In this paper we argue that Cities are actually a collection of various complex models which are themselves massive multiple systems, each of millions of agents, working together to form one system consisting of an order of a billion agents of different types - such as people, communities and technologies interacting together. Because of the agent numbers and complexity challenges, the present day hardware architectures are unable to cope with the simulations and processing of these models. To accommodate these issues, this paper proposes a Tera (to denote the order of millions)-modeling framework, which utilizes current technologies of Cloud computing and Big data processing, for modeling a city, by allowing infinite resources and complex interactions. This paper also lays the case for bringing together research communities for interdisciplinary research to build a complete reliable model of a city.

Interdisciplinary resarch

; Socio-economic

; Cloud computing

; Big data

; Agent-based models

; City modelling

Analyzing the Impact of Cloud Infrastructure on VPN Performance: A Comparison of Microsoft Azure and Amazon Web Services

Wallin, Filip, Putrus, Marwin

January 2024

In recent years, the interest and utilization of VPNs and cloud computing have surged, which has led to the development of Cloud VPNs. Cloud VPNs are often used to give employers access to company resources over a secured and trusted network, but individuals can also use them. Cloud computing offers numerous advantages, including cost efficiency, scalability, security, and reliability. Companies and individuals widely use it to streamline operations, reduce expenditures, and leverage technologies without the need to maintain on-premise infrastructure. Cloud-based solutions impose specific requirements on technologies designed to operate in the cloud, which include security, efficient resource management, and high network availability and performance. In this thesis, we will analyze and evaluate the network performance impact that Amazon Web Services (AWS) and Microsoft Azure, two of the market-leading cloud platforms, have on the VPN services OpenVPN and WireGuard while considering associated operational costs and user complexity. The network performance impact is evaluated through measuring the throughput, latency, jitter, and packet loss. We have performed experiments divided into three setups, each simulating different traffic patterns, and VPN usage scenarios. Throughout these experiments, we observed and documented the user complexity related to setup, installation, and configuration processes. Our findings indicate that Azure has the best overall network throughput across all setups, fewer retransmissions, and fewer packet losses. Conversely, AWS exhibits lower latency and jitter. Additionally, our assessment of operational costs and user complexity reveals that Azure offers lower associated costs but a higher user complexity. Furthermore, our experiments identified that WireGuard, when paired with Azure, offers the best VPN solution.

VPN

Cloud Computing

Amazon Web Services

Microsoft Azure

OpenVPN

WireGuard

Computer Systems

Datorsystem

Communication Systems

Kommunikationssystem

The Client Insourcing Refactoring to Facilitate the Re-engineering of Web-Based Applications

An, Kijin

19 May 2021

Developers often need to re-engineer distributed applications to address changes in requirements, made only after deployment. Much of the complexity of inspecting and evolving distributed applications lies in their distributed nature, while the majority of mature program analysis and transformation tools works only with centralized software. Inspired by business process re-engineering, in which remote operations can be insourced back in house to restructure and outsource anew, this dissertation brings an analogous approach to the re-engineering of distributed applications. Our approach introduces a novel automatic refactoring---Client Insourcing---that creates a semantically equivalent centralized version of a distributed application. This centralized version is then inspected, modified, and redistributed to meet new requirements. This dissertation demonstrates the utility of Client Insourcing in helping meet the changed requirements in performance, reliability, and security. We implemented Client Insourcing in the important domain of full-stack JavaScript applications, in which both the client and server parts are written in JavaScript, and applied our implementation to re-engineer mobile web applications. Client Insourcing reduces the complexity of inspecting and evolving distributed applications, thereby facilitating their re-engineering. This dissertation is based on 4 conference papers and 2 doctoral symposium papers, presented at ICWE 2019, SANER 2020, WWW 2020, and ICWE 2021. / Doctor of Philosophy / Modern web applications are distributed across a browser-based client and a remote server. Software developers need to optimize the performance of web applications as well as correct and modify their functionality. However, the vast majority of mature development tools, used for optimizing, correcting, and modifying applications work only with non-distributed software, written to run on a single machine. To facilitate the maintenance and evolution of web applications, this dissertation research contributes new automated software transformation techniques. These contributions can be incorporated into the design of software development tools, thereby advancing the engineering of web applications.

Software Engineering

Reengineering

Web Apps

JavaScript

Mobile Apps

Program Analysis

Middleware

Cloud Computing

Edge Computing

Aufbau und Bewertung eines mobilen Messwerterfassungssystems

Häberlein, Tim

18 April 2024

Durch die große Anzahl moderner Fahrzeugfunktionen entsteht ein hohes internes Datenaufkommen. Um die im Fahrzeug anfallende Datenmengen filtern und zentral verarbeiten zu können, müssen entsprechende Telemetrie-Systeme aufgebaut und erweitert werden können. Die vorliegende Arbeit beschäftigt sich mit dem Ausbau einer vorhandenen Telemetrieeinheit zu einem verteilten Regelsystem mit weicher Echtzeitanforderung bei vorgegebener Messtechnik und Messsoftware. Anhand einer MATLAB/Simulink Temperatur-Simulation werden die Auswirkungen und das Potenzial einer verteilten Regelung, für einen einfachen Anwendungsfall, aufgezeigt. Um Gütekriterien für via Mobilfunk verteilte Fahrzeugfunktionen abschätzen zu können, werden systembedingte Verzögerungszeiten für verschiedene Fahrstrecken untersucht. Das konzipierte Validierungsmodell bestätigt die Untersuchungen. / Current car and truck electronics are made up of a huge number of electronic controllers. As a result of this, a lot of data traffic needs to be managed internally. In Addition, this specific data gives the chance to interact with other cars or traffic systems. The resulting BIG DATA flow needs to be sorted and distributed via so-called “automotive telematics units”. To remodel and to extend these functions, new solutions have to be provided. Considering that measurement software and hardware are provided, this paper shows how an existing telematics system is able to create a distributed control system which fulfills soft real-time requirements. Using a simple case-study, a MATLAB/Simulink temperature-simulation presents the effects and the potential of such a control. To indicate quality criteria for distributed vehicle functions (via cellular network), system-related delay times for different routes are analyzed. Finally, the designed validation-model affirms the approach.

info:eu-repo/classification/ddc/380

ddc:380

Performance Interference Detection For Cloud-Native Applications Using Unsupervised Machine Learning Models

Bakshi, Eli

01 June 2024

Contemporary cloud-native applications frequently adopt the microservice architecture, where applications are deployed within multiple containers that run on cloud virtual machines (VMs). These applications are typically hosted on public cloud platforms, where VMs from multiple cloud subscribers compete for the same physical resources on a cloud server. When a cloud subscriber application running on a VM competes for shared physical resources from other applications running on the same VM or from other VMs co-located on the same cloud server, performance interference may occur when the performance of an application degrades due to shared resource contention. Detecting such interference is crucial for maintaining the Quality-of-Service of cloud-native Web applications. However, cloud subscribers lack access to underlying host-level hardware metrics traditionally used for interference detection without needing to instrument high overhead-inducing per-request response time values. Machine learning (ML) techniques have proven effective in detecting performance interference using metrics available at the subscriber level, though these techniques have predominantly focused on supervised models with pre-existing labeled data sets that can distinguish between normal and interference conditions. In contrast, this work proposes an unsupervised clustering ML approach to identify performance interference in cloud-native applications. The proposed approach implements a lightweight method for collecting container metrics in normal and interference scenarios and applies a dimensionality reduction technique to mitigate redundancy and noise in the collected dataset. We then apply a density-based clustering approach to this unlabeled data set to classify interference in two applications running on the AWS EC2 cloud: a microbenchmark Web application called Acme Air and a large-scale production-realistic Web benchmark called DeathStarBench. Results indicate that our density-based clustering approach effectively distinguishes between normal and interference conditions and achieves an average Density-Based Clustering Validation (DBCV) index of 0.781 and a cluster homogeneity of 0.875 across both applications.

Software Performance

Interference

Microservice

Cloud Computing

Unsupervised Machine Learning

Clustering

Systems Architecture

SLA-Driven Cloud Computing Domain Representation and Management

García García, Andrés

24 March 2014

The assurance of Quality of Service (QoS) to the applications, although identified as a key feature since long ago [1], is one of the fundamental challenges that remain unsolved. In the Cloud Computing context, Quality of Service is defined as the measure of the compliance of certain user requirement in the delivery of a cloud resource, such as CPU or memory load for a virtual machine, or more abstract and higher level concepts such as response time or availability. Several research groups, both from academia and industry, have started working on describing the QoS levels that define the conditions under which the service need to be delivered, as well as on developing the necessary means to effectively manage and evaluate the state of these conditions. [2] propose Service Level Agreements (SLAs) as the vehicle for the definition of QoS guarantees, and the provision and management of resources. A Service Level Agreement (SLA) is a formal contract between providers and consumers, which defines the quality of service, the obligations and the guarantees in the delivery of a specific good. In the context of Cloud computing, SLAs are considered to be machine readable documents, which are automatically managed by the provider's platform. SLAs need to be dynamically adapted to the variable conditions of resources and applications. In a multilayer architecture, different parts of an SLA may refer to different resources. SLAs may therefore express complex relationship between entities in a changing environment, and be applied to resource selection to implement intelligent scheduling algorithms. Therefore SLAs are widely regarded as a key feature for the future development of Cloud platforms. However, the application of SLAs for Grid and Cloud systems has many open research lines. One of these challenges, the modeling of the landscape, lies at the core of the objectives of the Ph. D. Thesis. / García García, A. (2014). SLA-Driven Cloud Computing Domain Representation and Management [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/36579

Cloud computing

SLA

Service level agreement

QoS

Workload-aware Efficient Storage Systems

Cheng, Yue

07 August 2017

The growing disparity in data storage and retrieval needs of modern applications is driving the proliferation of a wide variety of storage systems (e.g., key-value stores, cloud storage services, distributed filesystems, and flash cache, etc.). While extant storage systems are designed and tuned for a specific set of applications targeting a range of workload characteristics, they lack the flexibility in adapting to the ever-changing workload behaviors. Moreover, the complexities in implementing modern storage systems and adapting ever-changing storage requirements present unique opportunities and engineering challenges. In this dissertation, we design and develop a series of novel data management and storage systems solutions by applying a simple yet effective rule---workload awareness. We find that simple workload-aware data management strategies are effective in improving the efficiency of modern storage systems, sometimes by an order of magnitude. The first two works tackle the data management and storage space allocation issues at distributed and cloud storage level, while the third work focuses on low-level data management problems in the local storage system, which many high-level storage/data-intensive applications rely on. In the first part of this dissertation (Chapter 3), we propose and develop MBal, a high-performance in-memory object caching framework with adaptive multi-phase load balancing, which supports not only horizontal (scale-out) but vertical (scale-up) scalability as well. MBal is able to make efficient use of available resources in the cloud through its fine-grained, partitioned, lockless design. In the second part of this dissertation (Chapter 4 and Chapter5), we design and build CAST (Chapter 4), a Cloud Analytics Storage Tiering solution that cloud tenants can use to reduce monetary cost and improve performance of analytics workloads. The approach takes the first step towards providing storage tiering support for data analytics in the cloud. Furthermore, we propose a hybrid cloud object storage system (Chapter 5) that could effectively engage both the cloud service providers and cloud tenants via a novel dynamic pricing mechanism. In the third part of this dissertation (Chapter 6), targeting local storage, we explore offline algorithms for flash caching in terms of both hit ratio and flash lifespan. We design and implement a multi-stage heuristic by synthesizing several techniques that manage data at the granularity of a flash erasure unit (which we call a container) to approximate the offline optimal algorithm. In the fourth part of this dissertation (Chapter 7), we are focused on how to enable fast prototyping of efficient distributed key-value stores targeting a proxy-based layered architecture. In this work, we design and build {con}, a framework that significantly reduce the engineering effort required to build a full-fledged distributed key-value store. Our dissertation shows that simple workload-aware data management strategies can bring huge benefit in terms of both efficiency (i.e., performance, monetary cost, etc.) and flexibility (i.e., ease-of-use, ease-of-deployment, programmability, etc.). The principles of leveraging workload dynamicity and storage heterogeneity can be used to guide next-generation storage system software design, especially when being faced with new storage hardware technologies. / Ph. D. / Modern storage systems often manage data without considering the dynamicity of user behaviors. This design approach does not consider the unique features of underlying storage medium either. To this end, this dissertation first studies how the combinational factors of random user workload dynamicity and inherent storage hardware heterogeneity impact the data management efficiency. This dissertation then presents a series of practical and efficient techniques, algorithms, and optimizations to make the storage systems workload-aware. The experimental evaluation demonstrates the effectiveness of our workload-aware design choices and strategies.

Storage Systems

Cloud Computing

Data Management

Key-Value Stores

Object Stores

Flash SSDs

Efficiency

Flexibility

Securing Cloud Containers through Intrusion Detection and Remediation

Abed, Amr Sayed Omar

29 August 2017

Linux containers are gaining increasing traction in both individual and industrial use. As these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. However, a little research has been conducted in this area. This research introduces an anomaly-based intrusion detection and remediation system for container-based clouds. The introduced system monitors system calls between the container and the host server to passively detect malfeasance against applications running in cloud containers. We started by applying a basic memory-based machine learning technique to model the container behavior. The same technique was also extended to learn the behavior of a distributed application running in a number of cloud-based containers. In addition to monitoring the behavior of each container independently, the system used prior knowledge for a more informed detection system. We then studied the feasibility and effectiveness of applying a more sophisticated deep learning technique to the same problem. We used a recurrent neural network to model the container behavior. We evaluated the system using a typical web application hosted in two containers, one for the front-end web server, and one for the back-end database server. The system has shown promising results for both of the machine learning techniques used. Finally, we describe a number of incident handling and remediation techniques to be applied upon attack detection. / Ph. D. / Cloud computing plays an important role in our daily lives today. Most of the online services and applications we use are hosted in a cloud environment. Examples include email, cloud storage, online booking systems, and many websites. Typically, a cloud environment would host many of those applications on a single host to maximize efficiency and minimize overhead. To achieve that, cloud service providers, such as Amazon Web Services and Google Cloud Platform, rely on virtual encapsulation environments, such as virtual machines and containers, to encapsulate and isolate applications from other applications running in the cloud. One major concern usually raised when discussing cloud applications is the security of the application and the privacy of the data it handles, e.g. the files stored by the end users on their cloud storage. In addition to firewalls and traditional security measures that attempt to prevent an attack from affecting the application, intrusion detection systems (IDS) are usually used to detect when an application is affected by a successful attack that managed to escape the firewall. Many intrusion detection systems have been introduced to cloud applications using virtual machines, but almost none has been introduced to applications running in containers. In this dissertation, we introduce an intrusion detection system to be deployed by cloud service providers to container-based cloud environments. The system uses machine learning techniques to learn the behavior of the application running in the container and detect when the behavior changes as an indication for a potential attack. Upon detection of the attack, the system applies one of three defense mechanisms to restore the running application to a safe state.

Security in Cloud Computing

Deep learning (Machine learning)

Intrusion Detection

Container Security

Behavior Modeling

Anomaly Detection