Roland Schwarzkopf

Efficient Storage Synchronization for Live Migration in Cloud Infrastructures

Live migration of virtual machines is an important issue in Cloud computing environments: when physical hosts are overloaded, some or all virtual machines can be moved to a less loaded host. Live migration poses additional challenges when virtual machines use local persistent storage, since the complete disk state needs to be transferred to the destination host while the virtual machines are running and hence are altering the disk state. In this paper, several approaches for implementing and synchronizing persistent storage during live migration of virtual machines in Cloud infrastructures are presented. Furthermore, the approaches also enable users to migrate swap space, which is currently not possible on most virtual machine hyper visors. Finally, measurements regarding disk synchronization, migration time and possible overheads are presented.

Increasing virtual machine security in cloud environments

AbstractA common approach in Infrastructure-as-a-Service Clouds or virtualized Grid computing is to provide virtual machines to customers to execute their software on remote resources. Giving full superuser permissions to customers eases the installation and use of user software, but it may lead to security issues. The providers usually delegate the task of keeping virtual machines up to date to the customers, while the customers expect the providers to perform this task. Consequently, a large number of virtual machines (either running or dormant) are not patched against the latest software vulnerabilities. The approach presented in this article deals with these problems by helping users as well as providers to keep virtual machines up to date. Prior to the update step, it is crucial to know which software is actually outdated or affected by remote security vulnerabilities. While these tasks seem to be straightforward, developing a solution that handles multiple software repositories from different vendors and identifies the correct packages is a challenging task. The Update Checker presented in this article identifies outdated software packages in virtual machines, regardless if the virtual machine is running or dormant on disk. The proposed Online Penetration Suite performs pre-rollout scans of virtual machines for security vulnerabilities using established techniques and prevents execution of flawed virtual machines. The article presents the design, the implementation and an experimental evaluation of the two components.

DAVO: A Domain-Adaptable, Visual BPEL4WS Orchestrator

The Business Process Execution Language for Web Services (BPEL4WS) is the de facto standard for the composition of web services into complex, valued-added workflows in both industry and academia. Since the composition of web services into a workflow is challenging and error-prone, several graphical BPEL4WS workflow editors have been developed. These tools focus on the composition process and the visualization of workflows and mainly address the needs of web service experts.To increase the acceptance of BPEL4WS in new application domains, it is mandatory that non web service experts are also empowered to easily compose web services into a workflow. This paper presents the Domain-Adaptable Visual Orchestrator (DAVO), a graphical BPEL4WS workflow editor which offers a domain-adaptable data model and user interface. DAVO can be easily customized to domain needs and thus is suitable for non web service experts.

Efficient storage of virtual machine images

Allowing users to build custom virtual machines as execution environments for their tasks provides flexibility for users and providers of Infrastructure-as-a-Service Clouds or virtualized Grid computing environments. On the downside of this flexibility are the increasing storage requirements for virtual machines. This problem is further exacerbated if version histories of virtual machines are kept to facilitate reproducibility of scientific results. Additionally, the simplicity of virtual machine creation provided by corresponding tools invites users to create multiple virtual machines for different purposes, further increasing their numbers. However, the traditional way of storing virtual machines as image files does not scale well with an increasing number of virtual machines. Several approaches have been proposed to solve this problem, each with its own drawbacks. In this paper, the Marvin Image Store (MIS) is presented to efficiently store a large number of Linux virtual machine images including their version history, independent of the distribution and the type of file system. The MIS minimizes the space required to retain images by importing them into its repository using a file based deduplication technique. Layered virtual machine images are used to reduce the time to import (updated) images and to reassemble them from the compositional manifests stored in the MIS. Furthermore, the possibility to directly mount stored images can skip the reassembly process completely. Experimental results indicate that the storage requirements can be reduced by up to 94% compared to the original images. The import of layered virtual machine images is up to 78% faster than the import of regular virtual machine images, and the export is up to 84% faster.

TrustBox: A Security Architecture for Preventing Data Breaches

In this paper, a novel approach to prevent accidental or deliberate data breaches is presented. The proposed approach provides platform, network and offline security. Data is categorized as sensitive or insensitive, and the corresponding applications are isolated by using virtualization technology. Data theft or accidental loss is prevented by encrypting virtual hard disks and by introducing a multi-lane network architecture. If no connection to a corporate network is available, an offline mode handles data transfer and encryption. Authentication is managed by applying a biometric feature vector in association with a smart card setup. The approach increases security without disrupting the everyday work routines of users. An implementation based on Virtual Box and Java Card is presented. A performance evaluation of the critical components is provided.

Checking Running and Dormant Virtual Machines for the Necessity of Security Updates in Cloud Environments

A common approach in Infrastructure-as-a-Service Clouds or virtualized Grid computing is to provide virtual machines to customers to execute their software remotely. While giving full super user permissions eases the installation and use of a customers software, it may lead to security issues. Providers usually delegate the task of keeping virtual machines up to date to the customer, while the customer expects the provider to perform this task. Consequently, a large number of virtual machines (either running or dormant) are not patched against the latest software vulnerabilities. The approach presented in this paper deals with this problem by helping users as well as providers to keep virtual machines up to date. Prior to the update step, it is crucial to know which software is actually outdated. While this task seems trivial, developing a solution that takes care of multiple, different software repositories and identifies the correct packages is a challenging task. The Update Checker presented in this paper identifies outdated software packages in virtual machines, even if the virtual machines are installed with different repositories. The paper presents the design, the implementation and an experimental evaluation of the approach.

Orchestration of Time-Constrained BPEL4WS workflows

The adoption of service-oriented architectures based on Web services in industrial automation promises increased interoperability and flexibility. The orchestration of existing Web services to workflows is a challenging task which is complicated by the fact that manufacturing processes have time constraints, especially real-time constraints. This paper presents the time-constrained services (TiCS) Modeler which supports the assisted orchestration of BPEL4WS workflows with time constraints. The presented prototypical implementation is based on a formal derivation of the time constraints of a workflow.

Towards Intelligent Management of Very Large Computing Systems

The increasing complexity of current and future very large computing systems with a rapidly growing number of cores and nodes requires high human effort on administration and maintenance of these systems. Existing monitoring tools are neither scalable nor capable to reduce the overwhelming flow of information and provide only essential information of high value. Current management tools lack on scalability and capability to process a huge amount of information intelligently by relating several data and information from various sources together for making right decisions on error/fault handling. In order to solve these problems, we present a solution designed within the TIMaCS project, a hierarchical, scalable, policy based monitoring and management framework.

Composition of Time-Constrained BPEL4WS Workflows Using the TiCS Modeler

Abstract The adoption of service-oriented architectures based on web services in industrial automation promises increased interoperability and exibility. Since the development and deployment of web services requires in-depth programming knowledge, adequate tools to ease the work of automation engineers are required. In particular, the orchestration of existing web services to workflows is a challenging task that is complicated by the fact that manufacturing processes have time constraints, especially real-time constraints. This paper presents the Time-Constrained Services (TiCS) Modeler that supports the assisted orchestration of BPEL4WS workflows with time constraints.