Florian Haupt

OpenTOSCA --- A Runtime for TOSCA-Based Cloud Applications

TOSCA is a new standard facilitating platform independent description of Cloud applications. OpenTOSCA is a runtime for TOSCA-based Cloud applications. The runtime enables fully automated plan-based deployment and management of applications defined in the OASIS TOSCA packaging format CSAR. This paper outlines the core concepts of TOSCA and provides a system overview on OpenTOSCA by describing its modular and extensible architecture, as well as presenting our prototypical implementation. We demonstrate the use of OpenTOSCA by deploying and instantiating the school management and learning application Moodle.

Policy4TOSCA: A Policy-Aware Cloud Service Provisioning Approach to Enable Secure Cloud Computing

With the growing adoption of Cloud Computing, automated deployment and provisioning systems for Cloud applications are becoming more prevalent. They help to reduce the onboarding costs for new customers as well as the financial impact of managing Cloud Services by automating these previously manual tasks. With the widespread use of such systems, the adoption of a common standard for describing Cloud applications will provide a crucial advantage by enabling reusable and portable applications. TOSCA, a newly published standard by OASIS with broad industry participation provides this opportunity. Besides the technical requirements of running and managing applications in the cloud, non-functional requirements, like cost, security, and environmental issues, are of special importance when moving towards the automated provisioning and management of Cloud applications. In this paper we demonstrate how non-functional requirements are defined in TOSCA using policies. We propose a mechanism for automatic processing of these formal policy definitions in a TOSCA runtime environment that we have developed based on the proposed architecture of the TOSCA primer. In order to evaluate our approach, we present prototypical implementations of security policies for encrypting databases and for limiting the geographical location of the Cloud servers. We demonstrate how our runtime environment is ensuring these policies and show how they affect the deployment of the application.

A Model-Driven Approach for REST Compliant Services

The design of applications that comply to the REST architectural style requires observing a given set of architectural constraints. Following these constraints and therefore designing REST compliant applications is a non-trivial task often not fulfilled properly. There exist several approaches for the modeling and formal description of REST applications, but most of them do not pay any attention to how these approaches can support or even force REST compliance. In this paper we propose a model-driven approach for modeling REST services. We introduce a multi layered model which enables (partially) enforcing REST compliance by separating different concerns through separate models. We contribute a multi layered meta-model for REST applications, discuss the connection to REST compliance and show an implementation of our approach based on the proposed meta-model and method. As a result our approach provides a holistic method for the design and realization of REST applications exhibiting the desired level of compliance to the constraints of the REST architectural style.

A Conversation Based Approach for Modeling REST APIs

Conversations are a well-known concept in service design to describe complex interactions between a client and one or multiple services. The REST architectural style constrains the characteristics of clients, servers and their interactions in REST architectures which consequently has an impact on conversations in such systems. The relation between conversations and REST architectures and how such Restful conversations can be characterized has not been studied in detail yet. In this paper we discuss the characteristics of conversations in REST architectures and introduce an initial set of commonly used conversation types. Based on this, we propose to use conversations as a modeling tool for the design of REST APIs at a higher level of abstraction. We also introduce a corresponding interaction centric metamodel for REST APIs. The characterization of Restful conversations enables a new interaction centric viewpoint on REST architectures which can be also applied for modeling REST APIs on an abstraction level that enables users to focus on the essential functionality of their REST API.

Service Selection for On-Demand Provisioned Services

Service selection is an important concept in service oriented architectures that enables the dynamic binding of services based on functional and non-functional requirements. The introduction of the concept of on-demand provisioned services significantly changes the nature of services and as a consequence the traditional service selection process does not fit anymore. Existing approaches for service selection rely on the always on semantic of services, an assumption that is not valid for on-demand provisioned services. We tackle this problem by adapting the traditional service selection process and by defining an additional step covering the changes introduced by the concept of on-demand provisioning. Our solution comprises an extended architecture for on-demand provisioning, a metamodel for a service registry, and a detailed definition and discussion of the adapted and extended service selection process. The work presented in this paper allows keeping the advantages of dynamic service binding at runtime and combining them with the advantages of Cloud computing exploited through the concept of on-demand provisioning.

Bootstrapping Complex Workflow Middleware Systems into the Cloud

The use of Cloud infrastructures together with provisioning technologies can be successfully applied in scenarios where resources are only needed rarely and irregularly, for example simulation workflows in the eScience domain. There has already been proposed a solution for the on-demand provisioning of services required by workflows, but how to automatically provision the needed workflow middleware itself is still an open issue. Although many provisioning technologies are available, it is currently not possible to use them in an integrated, flexible and automated way. The main idea presented in this paper is a multi-step bootstrapping process, starting with a minimal local software component and ending up with a complex workflow middleware running in the Cloud. This minimal software component is called bootware. We define the key requirements for the bootware, present its architecture and discuss the main design decisions and how they fulfil the requirements. The bootware enables to provision complex workflow middleware systems on-demand and automatically in the Cloud and therefore reduces resource consumption and costs.

Service Composition for REST

One of the key strengths of service oriented architectures, the concept of service composition to reuse and combine existing services in order to achieve new and superior functionality, promises similar advantages when applied to resources oriented architectures. The challenge in this context is how to realize service composition in compliance with the constraints defined by the REST architectural style and how to realize it in a way that it can be integrated to and benefit from existing service composition solutions. Existing approaches to REST service composition are mostly bound to the HTTP protocol and often lack a systematic methodology and a mature and standards based realization approach. In our work, we follow a comprehensible methodology by deriving the key requirements for REST service composition directly from the REST constraints and then mapping these requirements to a standard compliant extension of the BPEL composition language. We performed a general requirements analysis for REST service composition, defined a meta model for a corresponding BPEL extension, realized this extension prototypically and validated it based on a real world use case from the eScience domain. Our work provides a general methodology to enable REST service composition as well as a realization approach that enables the combined composition of WSDL and REST services in a mature and robust way.

A Framework for the Structural Analysis of REST APIs

Today, REST APIs have established as a means for realizing distributed systems and are supposed to gain even more importance in the context of Cloud Computing, Internet of Things, and Microservices. Nevertheless, many existing REST APIs are known to be not well-designed, resulting in the absence of desirable quality attributes that truly RESTful systems entail. Although existing analysis show, that many REST APIs are not fully REST compliant, it is still an open issue how to improve this deficit and where to start. In this work, we introduce a framework for the structural analysis of REST APIs based on their description documents, as this allows for a comprehensive, well-structured analysis approach that also includes analyzing the corresponding API description languages. A first validation builds on a set of 286 real world API descriptions available as Swagger documents, and comprises their transformation into a canonical metamodel for REST APIs as well as a metrics-based analysis and discussion of their structural characteristics with respect to compliance with the REST architectural style.

On-demand provisioning of workflow middleware and services into the cloud: an overview

One of the core principles in service oriented computing is that services are always on and available. There are however domains where running services all the time is not suitable, for example when applying simulation workflows in the eScience domain. The simulation services orchestrated by these workflows are typically used only rarely and irregularly, keeping them running all the time would result in a significant waste of resources. As a consequence, we developed the approach of on-demand provisioning of workflow middleware and services. In this paper we will give an overview about our work. We will present the motivation and main idea of our solution approach and will also provide details about some of the results of our work. The overview about our previous and current work is then complemented by a detailed discussion and comparison of the roles involved in both concepts, traditional service oriented computing as well as our newly developed on-demand provisioning approach.

A Middleware-Centric Optimization Approach for the Automated Provisioning of Services in the Cloud

The on-demand provisioning of services, a cloud-based extension for traditional service-oriented architectures, improves the handling of services in usage scenarios where they are only used rarely and irregularly. However, the standard process of service provisioning and de-provisioning shows still some shortcomings when applying it in real world. In this paper, we introduce a middleware-centric optimization approach that can be integrated in the existing on-demand provisioning middleware in a loosely coupled manner, changing the standard provisioning and de-provisioning behavior in order to improve it with respect to cost and time. We define and implement a set of optimization strategies, evaluate them based on a real world use case from the eScience domain and provide qualitative as well as quantitative decision support for effectively selecting and parametrizing a suitable strategy. Altogether, our work improves the applicability of the existing on-demand provisioning approach and system in real world, including guidance for selecting the suitable optimization strategy for specific use cases.