A Design Draft for Tenant Isolation without Tunneling in Openstack

The Problem

Cloud networking bases on tech and protocols that were not initially designed for it. This has lead to unnecessary overhead and complexity in all phases of a cloud service. Tunneling protocols generate inherent cascading and encapsulation especially in multi tenant systems. The problem increases by vendor specific configuration requirements and heterogenous architectures. This complexity leads to systems which are hard to reason about, prone to errors, energy inefficient and increases the difficulty of configuration and maintenance. Continue reading

Our Approach to Research and Innovation

The Service Engineering Research Area (ICCLab, SPLab) adopts a comprehensive and holistic approach to science. The entire approach is based on three driving principles, namely Scientific Foundation, Strategic Impact, and Knowledge Transfer. The entire scientific work of both labs is aligned and directed along these inter-linked dimensions.

Scientific Foundation
The importance of a sound foundation of expertise, in a variety of themes, by good partnerships, in a consistent and coherent project portfolio. The Scientific Foundation represents our strategic research agenda, which is driven by our core research expertise. It is defined along several strategic research themes, aligned with strategic collaborations, and implemented via a portfolio of research projects. The Scientific Foundation thus resembles the most vital element in our approach to science. It is ruled by an elaborate portfolio process that continuously evaluates internal and external feedback (see below) in order to validate and verify our strategic direction. Continue reading

Research Theme: Pervasive Services

In the early and mid-2000s, there has been a tremendous research activity around service-oriented architectures (SOA) and service-oriented computing (SOC). Many of the results remained on paper only. Meanwhile, though, the increasing use of cloud computing services and the forecast on fog computing has brought the necessity for dedicated service research and service prototyping back on the agenda. Such services should be pervasive by fulfilingl the needs of users as much as possible in any context. We envision a high degree of pervasive services in data centres, on interactive screens, and in embedded devices and robots. One example is storage from a service perspective: A user in a BYOD employment would like to just store files with the press of a single button, without trusting a single cloud. The service in this case would be composed of multiple individual services, which differ between a private and a company context. The Pervasive Services research theme of the Service Prototyping Lab therefore contributes new methods for forging, running, exploring and employing such services. The output of the theme will be tools, processes and procedures for prototyping services (e.g. following the results of Service-Based Applications).

Ultimately, a service should be of benefit to a client. With recent advances in cloud service research, clients can combine computing, storage and network resources according to specified goals. Both technical and legal protection of these goals is possible. The technical protection encompasses service bundling and multiplexing as well as guarantees given by the underlying service platform, for instance, deployment without breakage. The legal protection encompasses governance, service-level agreements, certifications and transparency through monitoring, news reports, cloud cockpits and cloud control centers.

Initiatives

Three research initiatives have been identified as helpful and in scope to drive this research theme and contribute to service prototyping.

The first one, Service Tooling, will innovate with designs for tools and engineering support in the entire lifecycle. This includes service brokers, catalogues, platforms, optimal selection, multiplexing and bundling layers, development tools, as well as add-on services such as gamification, IT support and business functions. The second one, Cloud Application Development Tooling, relates to seamless upgrades of complex services, including continuous deployment. The third one, Operations, incorporates service governance and process certification. The themes have been structured in a way that they directly contribute to knowledge transfer in education at ZHAW.

Projects

Currently, there are not yet any running projects in this research theme. We are actively identifying research opportunities and industry needs and look forward to collaborate on pervasive services and service platforms.

 People

Research Theme: Service-Based Applications

Cloud infrastructure and platform technology has matured a lot since the foundation of ICCLab. Eventually, applications and services running on top are the key concerns to users entering into an interaction. Web applications, mobile apps, interactive devices and business processes are increasingly service-based and benefit from contextual awareness about the elastic scalability, the on-demand procurement and the smart deployment of these services. In the Service Prototyping Lab’s research theme on Service-Based Applications, we explore how to increase the benefit by having suitable software design, engineering and composition approaches. New methods are proposed, evaluated and applied to existing software (for migration) as well as to new software written from scratch in prototyping efforts to find out quickly whether or not each method or approach is worth following. This covers several application domains, including SaaS, PaaS and services bound to devices.

Initiatives

There are one established and two additionally planned initiatives for this research theme on Service-Based Applications.

The Active Service Management initiative is related to fully managed services in PaaS, but adds self-awareness of services running in managing environments. Therefore, services implemented as CNA are suitable candidates. The Cloud Robotics initiative explores integrating services with devices, in particular robots, to achieve fully automated digital and real-world services.

Projects

In the following projects, topics raised by and related to the initiatives are actively being worked on.

 People

Provisioning Openstack with Foreman and Packstack

This post will describe how to set up Foreman and provision an OpenStack environment via PackStack. We demonstrate this through OpenStack installation on two Nodes. Foreman 1.8 is used to install the Host System on the Nodes and PackStack to provision OpenStack.

Installing Foreman

First thing we do is installing Foreman on the management host inside a VM and we use Vagrant to have the installation part of Foreman already automated in case of redeployment. The requirements include: Vagrant and VirtualBox installed, as well as having the “Ubuntu/Trusty64” box added to Vagrant.

Continue reading

Lidia Fernández Garcés

LidiaLidia joined ICCLab in July 2015. She is currently finishing her Bachelor’s Degree in Telecommunication Technologies and Services Engineering at UPM (Technical University of Madrid), with a specialization in Telematic. She found this opportunity through IAESTE. This is her second internship: in the first internship, she worked in a private company in Poland, also through the IAESTE exchange program.

Outside the lab, she is eager in circus art. She has been part of the organization of EUCIMA, the biggest Circus Convention in Spain. She also plays volleyball and loves to travel.

Lidia will be working in PaaS with Christof Marti.

 

Manu Perez Belmonte

ManuManu is a Computer Engineering student from Mataró, Barcelona. He is currently in his final year of studies at the Technocampus, Barcelona. He joined the ICCLab through the IAESTE internship program and is working as an intern from the 1st of July.

He is very interested in learning new things, news technologies, meeting friends, sports and learning new languages.

This is the first study-related work experience for Manu and he will be working in the Rating Charging Billing initiative team.

Active Service Management

Overview

Service hosting platforms such as IaaS and PaaS offer a lot of convenience for the service engineer. They take care of proper provisioning, scaling, healing and profiling. Yet, this platform support is limited when it comes to decisions which require insight into the application state and logic, especially considering applications or services ranging across multiple platforms with composition and orchestration.

The Active Service Management research initiative of the Service Prototoyping Lab aims at improving the state of the art by letting applications signal their states, conditions and requirements, and by letting platforms understand these signals. Emerging from the work on Cloud Native Applications (CNA), this initiative subsumes work on pro-active/predictive auto-scaling with application metric such as numbers of users and self-* properties such as self-healing by replacing crashed or unresponsive application parts with new instances.

Objectives

  • Comparative evaluation of active service management techniques.
  • Novel contributions to some of the techniques, in particular to scaling and resilience, but also service evolution.
  • Turn research results into best practices to achieve an extended CNA design and appropriate hosting platforms.

Relevance to current and future markets

The commercial landscape of service hosting infrastructures generally assumes an issue-free operation without failures and demand spikes. Due to SLAs, this becomes costly when the assumptions do not hold anymore. With active service management contributions, many of the failures and spikes can be mitigated so that business continuity remains assured.

Relevant Standards and Articles

While management of services is an established topic in industry, the specific issue of actively managing environment-aware services is a genuine research topic. We present a selection of useful reading.

Architecture

The following architecture figure describes Dynamite, a novel auto-scaling engine. This rule-based and re-usable engine has been designed in the context of CNA.

scaling

Articles and Publications

 

Presentations

MITOSIS_pitch.pdf

Open Source Software

  • Dynamite scaling engine for CNA using custom metrics for its decisions

Contact

Giovanni Toffetti Carughi: toff(at)zhaw.ch

Service Operations

Overview

From a datacenter operator or cloud provider point of view, IT services are intangible entities which must run reliably 24/7, be provisioned on demand with the right scale, and be documented and certified properly. In the Service Operations research initiative of the Service Prototyping Lab, we take a closer look at the needs of businesses which operate infrastructure, platform and application software services. There are differences in the structural appearance of services (e.g. daemon, virtual machine, container, plugin archive) and in the level of assurance against risks (technical, legal). These differences need to be accounted for when planning and scheduling the service execution.

Objectives

  • Operation of testbeds for service execution. A BladeCenter is already set up for this purpose.
  • Solving business needs regarding service-level agreements (SLAs), software and process certifications, governance, high availability, failover, as well as further technical protection schemes.

Relevance to current and future markets

IT services are the foundation of all digital processes between individuals, enterprises and organisations. Increasingly, processes are going digital, which saves paper but demands fully reliable and automated IT service delivery and governance. Therefore, this initiative serves as enabler and helps in particular companies to dry-run their services in a controlled environment before rolling them out for the target consumers.

Contact

Pietro Brossi: brpi(at)zhaw.ch

Service Tooling

Overview

Working with remote services requires appropriate and decent tooling. A service idea may take just five seconds (“I want to offer a robust note-taking service”), but its realisation may take much longer (“Which programming language and model?”, “How to describe the service?”, “Where do I find a fitting file service to store the notes on unless I want to take care of backups by myself?”, “Where do I publish my service so that it runs and generates income?”). Therefore, modelling, engineering and integration tools are primarily needed. These tools work in combination with a certain service environment, or ecosystem, consisting of more tools, dependency services, and service platforms which bring services to life.

Open source service platforms such as SPACE and FIWARE went from being architectural visions to actually usable platforms. However, in comparison to cloud stacks and commercial cloud services, their popularity is limited and they are far from being used pervasively. Therefore, the Service Tooling research initiative of the Service Prototyping Lab intends to identify tools and platform services which are straightforward to deploy, easy to use and generic enough to be re-usable in many service scenarios.

For this purpose, the initiative follows a triple structure with three topics of increasing industrial and societal interest: Function-as-a-Service (FaaS), Stealth Computing, Cloud Ecosystems.

Objectives

  • Research and innovation in the entire service lifecycle through advanced tooling: Modelling, publishing, running, consuming and evolving services and service-based applications. This initiative will therefore contribute open source tools to build service platforms, ecosystems and individual applications.
  • Layered architectures for services and clients, including adaptive invocation and stealth data management, to benefit from service and cloud environments while overcoming their limitations.
  • In connection with CNA, identification of suitable tooling for engineering cloud-native applications, in particular aiming at extreme microservices (nanoservices) with FaaS.
  • Adaptation of applications to execution technologies in general: VMs, containers, packages, functions, unikernels. None of these should be a concern to an application engineer and therefore automated tooling is required.

Stealth Computing Architecture

In this part of the initiative, there are a number of architectures depending on the use case and the lifecycle phase of a service. The following diagram represents a typical multi-cloud service integration point with stealth properties. Software applications and services benefit from spreading their data and functions across providers in a tightly controlled, re-usable layer with standard interfaces such as files (e.g. POSIX) and data (e.g. SQL). Users are more willing to adopt cloud environments when explicit user control is made possible by stealth computing.

appendix-softwareintegration.enCloud Ecosystems Architecture

This part of the initiative explores marketplaces, brokers, dashboards, cloud migration tools, API generators, aggregators and other enablers of thriving ecosystems with service producers and consumers. The research focuses on prototyping techniques with description/implementation roundtripping, a library of utility services which aid in establishing ecosystems, and improved client-side tools such as CLI helpers.

Function-as-a-Service Architecture

In the FaaS part of the initiative, tools to bring legacy code into FaaS environments as well as tools to advance the environments themselves are investigated. There are software decomposition tools for Python (Lambada) and for Java (Podilizer, Termite). Furthermore, there is a flexible client/server tool to migrate, execute, test and deploy functions written in several languages (Snafu).

Articles and Publications

Note: Preprints are made available in a timely manner. Check preprints.

  • J. Spillner, M. Beck, A. Schill, T. M. Bohnert: Stealth Databases: Ensuring User-Controlled Queries in Untrusted Cloud Environments, 8th IEEE/ACM International Conference on Utility and Cloud Computing (UCC), Limassol, Cyprus, December 2015. (PDF author version) (Slides)
  • J. Spillner: Secure Distributed Data Stream Analytics in Stealth Applications. 3rd IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom), Constanța, Romania, May 2015.
  • J. Spillner, J. Müller: PICav: Precise, Iterative and Complement-based Cloud Storage Availability Calculation Scheme. 7th IEEE/ACM International Conference on Utility and Cloud Computing (UCC), London, UK, December 2014. (PDF)
  • J. Spillner, A. Chaichenko, A. Brito, F. Brasileiro, A. Schill: Cloud Resource Recycling: An Addition of Species to the Zoo of Virtualised, Overlaid, Federated, Multiplexed and Nested Clouds. SDPS Transactions: Journal of Integrated Design and Process Science (JIDPS), vol. 18, no. 1, pp. 5-19, April 2014.
  • J. Spillner, S. Illgen, A. Schill: Engineering Service Level Agreements: A Constrained-Domain and Transformation Approach. 3rd International Conference on Cloud Computing and Services Science (CLOSER), Aachen, Germany, May 2013.

Blog Posts

Note: Latest posts are on top.

Presentations

  • Talk of J. Spillner: The Next Service Wave: Prototyping Cloud-Native and Stealthy Applications. IBM Research Zurich, September 2015. (Slides)
  • Talk of J. Spillner: Safe File Storage and Databases. GÉANT3+ Datacenter IaaS Workshop, Helsinki, Finland, September 2014. (Slides)
  • Talk of J. Spillner: Operating the Cloud from Inside Out. HPI Operating the Cloud Symposium, Potsdam, Germany, September 2013. (Video)
  • Talk of J. Spillner: Flexible Service Ecosystems: The serviceplatform.org perspective. 8th KuVS NGSDP Expert Talk, Königswinter, Germany, April 2013. (Slides)

Open Source Software

Note: The software repositories are hosted in the Service Prototyping Lab Github account. Some of our smaller tools are operated live on a Labsite. Check labsite.

  • Podilizer: Decompose legacy Java code into functions and deploy them into an AWS Lambda environment.
  • Transducer: Service interface transducer for rapid prototyping. Creates a running service mockup from a RAML description.
  • Lambda Control Plane applications: Lambackup & LaMa. Store and process data in the AWS Lambda control plane.
  • Whatcloud: Identification of cloud provider by network location.
  • AWS-CLI-Retry: AWS-CLI tools with retry patches. A wrapper around AWS-CLI for more robustness.
  • now archived: Open Source Service Platform Research Initiative, with further links to the SPACE service platform, spotmarkets, crowdserving portal, π-box for user-controlled access to clouds, nested virtualisation etc.
  • now archived: Cloud Storage Lab, with further links to dispersed storage and computing as well as stealth computing tools, such as NubiSave and StealthDB

Contact

Josef Spillner: josef.spillner(at)zhaw.ch