Presentation for NIST team on cloud computing

advertisement
Policy based Cloud Services
on a VCL platform
Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi
University of Maryland, Baltimore County
Cloud Computing : The present
• New paradigm for IT services delivery
▫ IaaS, PaaS, SaaS, …… , XaaS
• Focus is on “virtualizing” resources
▫ Great progress in dynamic provisioning at hardware
resource level
▫ Software/Service is still relatively statically
provisioned
• Gaps in current work
▫ Lack of Cloud “service engineering”
▫ Managing the entire lifecycle automatically
Future Vision for Cloud
• Virtualized Services on the Cloud
▫ Service dynamically composed - On Demand
composition
▫ Service structure/components not pre-determined
▫ Multiple provisioning.
• Moving from totally manual to mostly automatic
▫ needed if we truly want to leverage the cloud and
service virtualization capabilities and efficiencies
Key Open Research Issues
• Current cloud research focused on
▫ Improving cloud infrastructure – Virtual machines, Cloud OS
etc.
▫ Semantic description of services, and even some composition
work
• Limited research on how to use the cloud services
efficiently
▫ Most steps in service negotiation, acquisition, and
consumption/monitoring still require significant human
intervention
• Difficult to manage service quality especially of composed
services created by different providers
Key Contributions of Our Research
A semantically rich, policy-based framework can
be used to automate the lifecycle of virtualized
services on the cloud
▫ Use semantic web languages/technologies
1. Developed an integrated lifecycle of virtualized
services on the Cloud
2. Negotiation for cloud service acquisition by
constraint relaxation
3. Service quality framework
Service Lifecycle Methodology
• Our methodology divides Service processes Lifecycle
on the Cloud into Five Phases
▫ Requirements, Discovery, Negotiation, Composition
and Consumption
• This Methodology is applicable on any cloud
deployment.
• We have developed high level ontologies for the
five phases that enables automation.
▫ available in OWL at http://ebiq.org/o/itse/1.0/itso.owl
Phases of IT Services Lifecycle
Service
Requirements
Service specified
Service Discovery
Provider(s) identified
Service Negotiation
New Service needed
Contract signed
Service Composition
Service Consumption
CONSUMER
Service delivered
SERVICE CLOUD
Service Requirements
Requirements for a service will include
• Functional specifications (tasks to be automated)
▫ Budgetary policies/Cost constraints
• Technical Policy specifications
• Human Agent Policy
• Security Policy
• Data Quality Policy
• Service Compliance Policy
Service Discovery
• Cloud Broker used to search available
services that match the specifications
• Identify gaps that exist in services
discovered
• Cloud Auditor or centralized registry,
similar to UDDI, will certify the service
provided.
Service Negotiation
• Discussion and agreement that the Service
provider and consumer have regarding the
Service.
• Service Level Agreements (SLA) finalized
between consumer and provider
• Quality of Service (QoS) decided between
primary provider and component
providers.
Service Composition Phase
• One or more services provided by one or
more providers are combined and
delivered as a single Service
• SLA and QoS finalized in the negotiation
phase used for determining service
components and its orchestration (the
sequence of execution)
• We reuse the OWL-S ontology to model
and reason about compositions
Service Consumption Phase
• Composed Service is consumed and monitored
in this phase
• Key measures like Service Performance and
reliability are monitored using automated tools.
▫ SLA, QoS determine performance of the service
• Phase includes Service Delivery, Service
payment
• Customer Satisfaction is tracked in this phase
13
Cloud Broker Architecture
Cloud User
User Interface
1
Translate to machine
processable format
4
Final SLA for
approval
9
Service
Cloud Service Broker agent
2
Service
Discovery
federated
SPARQL
query
5
3
SLA
negotiation
8
Final
SLA
Service endpoint (provider agent)
6
Final
configuration
Virtual Service Instance
(Eucalyptus/VCL)
Cloud Provider
7
Service
URI
Service
URI
Collaboration with NIST
• US government agency NIST working on
standardizing cloud computing
▫ Member of Reference architecture and Taxonomy groups
▫ Member of Cloud Security group
• Prototype for NIST
▫ Automation of Cloud Storage Service acquisition,
consumption /monitoring.
▫ Using Service lifecycle Ontologies developed by us.
▫ Platform: using SPARQL, RDF, Web technologies –
Perl, HTML.
▫ NIST Cloud Computing workshop, Nov 2-4 2011.
Some Policies/Constraints …
• Cloud security – would like to mandate policies
at the Cloud hardware level
• Data security policies
• US government compliance policies
▫ User authentication policy : FIPS 140-2 is a standard
used to accredit cryptographic modules.
▫ Trusted Internet Connection mandated to optimize
individual external connections.
• Want to be interoperable across Cloud platforms
Storage Service Architecture
Cloud user
User Interface
<rdf>
Rfs
description
</rdf>
Final SLA
Translate to machine process able format
Service
Cloud Service Procurer module
Discover
service
Respond
SLA
negotiation
Cloud
Cloud Provider 1
Cloud Provider 2
Joseki SPARQL
endpoint
Joseki SPARQL
endpoint
Virtual Service
Instance
(Eucalyptus/Bluegrit)
Virtual Service
Instance
(Eucalyptus/Bluegrit)
<rdf>
Cloud Provider
3
SLA
description
</rdf>
Joseki SPARQL
endpoint
Virtual Service
Instance
(Eucalyptus/Bluegrit)
Service
URI
NIST prototype demo
Request for Service : RDF file
<?xml version="1.0"?>
<rdf:RDF
xmlns="http://www.w3.org/2002/07/owl#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema#"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
xmlns:itso="http://ebiquity.umbc.edu/ontologies/itso/1.0/itso.owl"
xmlns:stg="http://www.cs.umbc.edu/~kjoshi1/storage_ontology.owl"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<rdf:Description rdf:about="http://localhost/RFS">
<itso:RFS_Respond_By_Date> Fri Apr 27 11:53:49 2012 </itso:RFS_Respond_By_Date>
<itso:Expected_Begin_Date_of_Service> 1-1-2012 </itso:Expected_Begin_Date_of_Service>
<itso:Service_Cost_Constraint> 0 </itso:Service_Cost_Constraint>
<itso:Service_Location_constraint> global </itso:Service_Location_constraint>
<stg:storage> 2GB </stg:storage>
<stg:backup> Weekly </stg:backup>
<stg:availability> 95 </stg:availability>
<stg:datadeletion> data archived </stg:datadeletion>
<stg:Encryption> Data Encrypted </stg:Encryption>
<stg:authentication> FIPS 140 2 supported </stg:authentication>
<stg:VMseparation> VM separation </stg:VMseparation>
<stg:storage_interface> SOAP WSDL </stg:storage_interface>
<stg:TIC_connection> TIC Compliant </stg:TIC_connection>
<stg:CC_EAL> 3 </stg:CC_EAL>
<stg:cloud_instance_size> 1GB </stg:cloud_instance_size>
<stg:cloud_instance_speed> 1GHz </stg:cloud_instance_speed>
<stg:cloud_instance_cores> 10 </stg:cloud_instance_cores>
</rdf:Description>
</rdf:RDF>
Storage Service Broker URL
http://cs.umbc.edu/~kjoshi1/nist_demo/
Summary
• For broader adoption of cloud computing, we
need to automate cloud service processes
• Developed an integrated methodology to
acquire, consume and monitor services on the
cloud.
• Future work: improving upon the cloud broker
integration with VCL
• Ontologies in public domain.
• Publications available at http://ebiq.org/j/93
Download