Miika Komu

Hypervisors vs. Lightweight Virtualization: A Performance Comparison

Virtualization of operating systems provides a common way to run different services in the cloud. Recently, the lightweight virtualization technologies claim to offer superior performance. In this paper, we present a detailed performance comparison of traditional hypervisor based virtualization and new lightweight solutions. In our measurements, we use several benchmarks tools in order to understand the strengths, weaknesses, and anomalies introduced by these different platforms in terms of processing, storage, memory and network. Our results show that containers achieve generally better performance when compared with traditional virtual machines and other recent solutions. Albeit containers offer clearly more dense deployment of virtual machines, the performance difference with other technologies is in many cases relatively small.

Capillary networks - bridging the cellular and IoT worlds

The Internet of Things (IoT) represents a new revolutionary era of computing technology that enables a wide variety of devices to interoperate through the existing Internet infrastructure. The potential of this era is boundless, bringing in new communication opportunities in which ubiquitous devices blend seamlessly with the environment and embrace every aspect of our lives. Capillary networks will be a fundamental part of the IoT development, enabling local wireless sensor networks to connect to and efficiently use the capabilities of cellular networks through gateways. As a result, a vast range of constrained devices equipped with only short-range radio can utilize the cellular network capabilities to gain global connectivity, supported with the security, management and virtualization services of the cellular network. This paper introduces a new Capillary Network Platform and describes the rich set of functionalities that this platform enables. To show their practical value, the functionalities are applied to a set of typical scenarios. The aim of this paper is to give the reader insight about the Capillary Network Platform and illustrate how this work can be used to enhance the existing IoT networks and tackle their problems.

A survey of identifier–locator split addressing architectures

Abstract The TCP/IP architecture of the Internet was originally designed around the contemporary restrictions of large computers that were difficult to move around. However, electronics followed Moore’s law, resulting in cheaper and smaller electronics for consumers, and portable devices, such as laptops and cellular phones, became pervasive. Consequently, the original restriction on static hosts was no longer true even though is still present in the design of the TCP/IP networking stack. The TCP/IP stack remains still constrained by its original design, which was effectively a design compromise to make the addressing model simpler. As TCP connections are created based on the same addresses used by the underlying network layer, the connections break when the address changes or is removed. Thus, the TCP/IP architecture is challenged in the temporal dimension of addressing as it was designed to assume stable addresses. This is not only problematic from the viewpoint of initial connectivity but also critical in sustaining of active data flows. In this paper, we first outline the challenges related to the inflexible nature of the TCP/IP architecture resulting from the fact that the same namespace is shared between the transport and network layers. We then discuss existing solutions for these challenges that arise from the transient nature of addresses in the TCP/IP architecture. Finally, we perform a qualitative analysis of the solutions discussed in the paper.

Secure Cloud Connectivity for Scientific Applications

Cloud computing improves utilization and flexibility in allocating computing resources while reducing the infrastructural costs. However, in many cases cloud technology is still proprietary and tainted by security issues rooted in the multi-user and hybrid cloud environment. A lack of secure connectivity in a hybrid cloud environment hinders the adaptation of clouds by scientific communities that require scaling-out of the local infrastructure using publicly available resources for large-scale experiments. In this article, we present a case study of the DII-HEP secure cloud infrastructure and propose an approach to securely scale-out a private cloud deployment to public clouds in order to support hybrid cloud scenarios. A challenge in such scenarios is that cloud vendors may offer varying and possibly incompatible ways to isolate and interconnect virtual machines located in different cloud networks. Our approach is tenant driven in the sense that the tenant provides its connectivity mechanism. We provide a qualitative and quantitative analysis of a number of alternatives to solve this problem. We have chosen one of the standardized alternatives, Host Identity Protocol, for further experimentation in a production system because it supports legacy applications in a topologically-independent and secure way.

SynAPTIC: Secure And Persistent connecTIvity for Containers

Cloud virtualization technology is shifting towards light-weight containers, which provide isolated environments for running cloud-based services. The emerging trends such as container-based micro-service architectures and hybrid cloud deployments result in increased traffic volumes between the micro-services, mobility of the communication endpoints, and some of the communication taking place over untrusted networks. Yet, the services are typically designed with the assumption of scalable, persistent and secure connectivity. In this paper, we present the SynAPTIC architecture, which enables secure and persistent connectivity between mobile containers, especially in the hybrid cloud and in multi-tenant cloud networks. The solution is based on the standardized Host Identity Protocol (HIP) that tenants can deploy on top of existing cloud infrastructure independently of their cloud provider. Optional cloud-provider extensions based on Software-Defined Networking (SDN) further optimize the networking architecture. Our qualitative and quantitative evaluation shows that SynAPTIC performs better than some of the existing solutions.

An SDN-based approach to enhance the end-to-end security: SSL/TLS case study

End-to-end encryption is becoming the norm for many applications and services. While this improves privacy of individuals and organizations, the phenomenon also raises new kinds of challenges. For instance, with the increase of devices using encryption, the volumes of outdated, exploitable encryption software also increases. This may create some distrust amongst the users against security unless its quality is enforced in some ways. Unfortunately, deploying new mechanisms at the end-points of the communication is challenging due to the sheer volume of devices, and modifying the existing services may not be feasible either. Hence, we propose a novel method for improving the quality of the secure sessions in a centralized way based on the SDN architecture. Instead of inspecting the encrypted traffic, our approach enhances the quality of secure sessions by analyzing the plaintext handshake messages exchanged between a client and server. We exploit the fact that many of todays security protocols negotiate the security parameters such as the protocol version, encryption algorithms or certificates in plaintext in a protocol handshake before establishing a secure session. By verifying the negotiated information in the handshake, our solution can improve the security level of SSL/TLS sessions. While the approach can be extended to many other protocols, we focus on the SSL/TLS protocol in this paper because of its wide-spread use. We present our implementation for the OpenDaylight controller and evaluate its overhead to SSL/TLS session establishment in terms of latency.

Energy Consumption Analysis of Edge Orchestrated Virtualized Wireless Multimedia Sensor Networks

Virtualization enabled by container-based technologies is a recently emerging concept in the integration of Internet of Things (IoT) and cloud computing. Due of their lightweight nature, container-based virtualization tools improve manageability of cloud-based IoT solutions by making it possible to update application software on the fly. Although different studies have demonstrated the feasibility of efficiently running container-based virtualization on low-power IoT nodes, the implication of doing so on battery-powered nodes has been overlooked. In this paper, we investigate how much energy overhead is generated by Docker-based virtualization on battery powered camera sensor nodes. In our scenario, camera nodes are most of the time in “power off” state to save energy. They are switched on for streaming video only when activity is detected by motion sensor nodes. By means of empirical measurement and subsequent analysis, we found that starting and closing of containers in the Docker platform adds-up roughly 13 percent power consumption overhead during the boot-up and shutdown of the camera nodes. Furthermore, the fixed overhead occurring from boot-up and shutdown procedures become negligible with longer video stream sessions.

Energy Efficiency in Wireless Multimedia Sensor Networking: Architecture, Management and Security

Wireless multimedia sensor network (WMSN) is a recently emerged concept of interconnected devices that are able to capture and deliver multimedia content. In contrast to traditional wireless sensor networks (WSN), the provided content may include video and audio streams and still images in addition to traditional scalar data such as temperature, humidity or light intensity. One of the core requirements for WSNs is energy efficiency: for maintenance reasons, the battery life must be long enough to provide feasible maintenance interval, rather months or years than days or weeks. The requirement is elaborated in WMSNs where video and audio capturing nodes inherently consume more energy than traditional scalar sensor nodes while the battery life requirements remain high. However, current technology base of video and audio surveillance does not enable sufficient energy-saving features to support ultra-low-energy multimedia sensor networking. In this chapter, we present a set of optimization methods to make WMSNs more energy efficient. The methods include energy-efficient hardware architectures combined with energy-optimized network topology management, lightweight virtualization and lightweight security solutions. The optimization methods are evaluated using real-life prototype implementations. The results provide an insight into effective methods for implementing energy-efficient WMSN.

Device group management in constrained networks

Internet of Things is a paradigm that defines networking of various kinds of devices that are typically constrained, e.g., by limited amount of memory. Lightweight Machine to Machine (LWM2M) is a client-server protocol for managing such constrained devices. It is based on the Constrained Application Protocol (CoAP). Group communications remain undefined in LWM2M specifications, but can be supported by, e.g., proxy-based solutions. In this paper, we describe details about group management extensions for LWM2M using such a proxy, evaluate its performance and discuss its potential benefits.

Power consumption in remote gaming: An empirical evaluation

The thin-client approach for gaming is becoming more popular. For instance, Nvidia Shield, Valve Steam and Shinra technologies have offerings based on the concept. In remote cloud gaming, the game is being executed and processed in the cloud while the user receives a video and audio stream of the game, in a very similar way as with remote desktop clients. At the same time, clouds are moving towards the end-users as “edge clouds” with different standardization bodies, such Open Mobile Edge Cloud and Open Fog Consortium, giving momentum for the efforts. Were remote gaming approaches to utilize edge clouds, the games could be played without installing any infrastructure at the homes of end-users while keeping network delays to the latency-sensitive games low. While waiting for such edge-cloud deployments to substantiate, even regional clouds could be utilized for the purpose. In such environments, remote cloud gaming can already now be utilized by game companies as an alternative to traditional download-and-install games in order to support, e.g., anti-piracy protection. While the incentives for the game companies are relatively clear, the end-user experience has been investigated mainly from the viewpoint of latency. In this paper, we fill a research gap related to energy efficiency by showing that mobile phone users can save between 12 and 32 % power by utilizing remote gaming instead of playing with a native app. Our prototype is based on GamingAnywhere open-source software for which we have also integrated a gamepad for easier controls. We show power measurements both with a 2D and 3D games, and also additional measurements with a smart TV-stick.