Christoph Reich

Private cloud for collaboration and e-Learning services: from IaaS to SaaS

The idea behind cloud computing is to deliver Infrastructure-, Platform- and Software-as-a-Service (IaaS, PaaS and SaaS) over the Internet on an easy pay-per-use business model. The Hochschule Furtwangen University (HFU) is running their own private cloud infrastructure, called Cloud Infrastructure and Application CloudIA. The targeted users of the CloudIA project are HFU staff and students running e-Learning applications, and external people for collaboration purposes. Therefore, in this paper, we introduce our work in building a private cloud. More specifically, this paper shows how our cloud offerings in each of the cloud service models, i.e. IaaS, PaaS and SaaS, address the requirements and needs of e-Learning and collaboration in an university environment.

ViteraaS: Virtual Cluster as a Service

The idea behind cloud computing is to deliver Infrastructure-, Platform- and Software-as-a-Service (IaaS, PaaS and SaaS) over the network on an easy pay-per-use business model. In this paper, we present our work, Virtual Cluster as a Service (ViteraaS), that provides on-demand high performance computing for research projects, and e-Learning and teaching purposes in a private cloud. Moreover, ViteraaS can be extended to use Amazons public cloud infrastructure as needed. ViteraaS can be categorized as PaaS that leverages Open Nebula, a virtual infrastructure manager, to dynamically create a cluster of virtual machines (VMs) on idle resources or dedicated servers. In addition, ViteraaS is integrated within the universitys existing IT infrastructure like Single Sign-On for seamless authentication and authorization. Finally, a Quality of Service monitoring module is used by ViteraaS to monitor the performance and status of these VMs.

An agent based business aware incident detection system for cloud environments

AbstractClassic intrusion detection mechanisms are not flexible enough to cope with cloud specific characteristics such as frequent infrastructure changes. This makes them unable to address new cloud specific security issues. In this paper we introduce the cloud incident detection system Security Audit as a Service (SAaaS). It is built upon intelligent autonomous agents, which are aware of underlying business driven intercommunication of cloud services. This enables the presented SAaaS architecture to be flexible and to supported cross customer event monitoring within a cloud infrastructure. A contribution of this paper it to provide a high-level design of the SAaaS architecture, an introduction into the proposed Security Business Flow Language (SBFL), a first prototype of an autonomous agent and an evaluation about, which cloud specific security problems are addressed by the presented architecture. It is shown that autonomous agents and behaviour analysis are fertile approaches to detect cloud specific security problems and can create a cloud audit system.

Accountability for cloud and other future Internet services

Cloud and IT service providers should act as responsible stewards for the data of their customers and users. However, the current absence of accountability frameworks for distributed IT services makes it difficult for users to understand, influence and determine how their service providers honour their obligations. The A4Cloud project will create solutions to support users in deciding and tracking how their data is used by cloud service providers. By combining methods of risk analysis, policy enforcement, monitoring and compliance auditing with tailored IT mechanisms for security, assurance and redress, A4Cloud aims to extend accountability across entire cloud service value chains, covering personal and business sensitive information in the cloud.

Designing Cloud Services Adhering to Government Privacy Laws

Cloud computing delivers on-demand services with ???exibility and scalability on a simple pay-per-use basis. However, major concerns regarding to security and privacy hinder a broad adoption by users, especially small- and medium-sized enterprises (SMEs). This is because existing guidelines, IT standards and laws on security and privacy do not take virtual environments into account. Thus, they present a significant challenge for cloud providers to comply with. As a result, the cloud providers are unable to provide SMEs with an assurance. In order to address these privacy and security issues, this paper presents the Cloud Data Security (CloudDataSec) project that aims to design cloud services adhering to government privacy laws. In particular, this paper introduces a six-layer security model for cloud computing and three level of security assurance for SMEs to take advantage of. Finally, Security Management as a Service (SMaaS) modules, as proposed in this paper, enable users to apply necessary security and privacy operations, based on the sensitivity of their data.

Cloud Infrastructure & Applications --- CloudIA

The idea behind Cloud Computing is to deliver Infrastructure-as-a-Services and Software-as-a-Service over the Internet on an easy pay-per-use business model. To harness the potentials of Cloud Computing for e-Learning and research purposes, and to small- and medium-sized enterprises, the Hochschule Furtwangen University establishes a new project, called Cloud Infrastructure & Applications (CloudIA). The CloudIA project is a market-oriented cloud infrastructure that leverages different virtualization technologies, by supporting Service-Level Agreements for various service offerings. This paper describes the CloudIA project in details and mentions our early experiences in building a private cloud using an existing infrastructure.

Validating Cloud Infrastructure Changes by Cloud Audits

One characteristic of a cloud computing infrastructure are their frequently changing virtual infrastructure. New Virtual Machines (VMs) get deployed, existing VMs migrate to a different host or network segment and VMs vanish since they get deleted by their user. Classic incidence monitoring mechanisms are not flexible enough to cope with cloud specific characteristics such as frequent infrastructure changes. In this paper we present a prototype demonstration of the Security Audit as a Service (SAaaS) architecture, a cloud audit system which aims to increase trust in cloud infrastructures by introducing more transparency to user and cloud provider on what is happening in the cloud. Especially in the event of a changing infrastructure the demonstration shows, how autonomous agents detect this change, automatically reevaluate the security status of the cloud and inform the user through an audit report.

Mapping of Cloud Standards to the Taxonomy of Interoperability in IaaS

The idea behind cloud computing is to deliver Infrastructure-, Platform- and Software-as-a-Service (IaaS, PaaS and SaaS) over the Internet on an easy pay-per-use business model. However, current offerings from cloud providers are based on proprietary technologies. As a consequence, consumers run into a risk of a vendor lock-in with little flexibility in moving their services to other providers. This can hinder the advancement of cloud computing to small- and medium-sized enterprises. To address these issues, standardization efforts have to take place in order to support further developments in the clouds. Standardized exchange mechanisms and interfaces are crucial in order to facilitate interoperability. In this paper, we look at several cloud standards, such as Open Virtualization Format, Open Cloud Computing Interface, and Cloud Data Management Interface, and analyze them against a taxonomy in order to point out their role for interoperability in IaaS. The taxonomy presents important IaaS topics, such as access mechanism, virtual appliance, security, and service-level agreement.

An Autonomous Agent Based Incident Detection System for Cloud Environments

Classic intrusion detection mechanisms are not flexible enough to cope with cloud specific characteristics such as frequent infrastructure changes. This makes them unable to address new cloud specific security issues. In this paper we introduce the cloud incident detection system Security Audit as a Service (SAaaS). It is build upon intelligent autonomous agents, which are aware of underlying business flows of deployed cloud instances. Business flows are modelled in form of Security Service Level Agreements, which enable the SAaaS architecture to be flexible and to supported cross customer event monitoring of a cloud infrastructure. As contribution of this paper we provide a high-level design of the SAaaS architecture, an introduction into the concept of Security Service Level Agreements, a first prototype of an autonomous agent and an evaluation about, which cloud specific security problems are addressed by the presented architecture.

A SLA-Oriented Management of Containers for Hosting Stateful Web Services

Service-oriented architectures provide integration of interoperability for independent and loosely coupled services. Web services and the associated new standards such as WSRF are frequently used to realise such service-oriented architectures. In such systems, autonomic principles of self-configuration, self-optimisation, self-healing and self- adapting are desirable to ease management and improve robustness. In this paper we focus on the extension of the self management and autonomic behaviour of a WSRF container connected by a structured P2P overlay network to monitor and rectify its QoS to satisfy its SIAs. The SLA plays an important role during two distinct phases in the life-cycle of a WSRF container. Firstly during service deployment when services are assigned to containers in such a way as to minimise the threat of SLA violations, and secondly during maintenance when violations are detected and services are migrated to other containers to preserve QoS. In addition, as the architecture has been designed and built using standardised modern technologies and with high levels of transparency, conventional Web services can be deployed with the addition of a SLA specification.