Policy based Cloud Services on a VCL platform

1
Policy based Cloud Services on a VCL platform

• Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam
  Joshi
• University of Maryland, Baltimore County

2
Cloud Computing The present

• New paradigm for IT services delivery
• IaaS, PaaS, SaaS, , XaaS
• Focus is on virtualizing resources
• Great progress in dynamic provisioning at
  hardware resource level
• Software/Service is still relatively statically
  provisioned
• Gaps in current work
• Lack of Cloud service engineering
• Managing the entire lifecycle automatically

3
Future Vision for Cloud

• Virtualized Services on the Cloud
• Service dynamically composed - On Demand
  composition
• Service structure/components not pre-determined
• Multiple provisioning.
• Moving from totally manual to mostly automatic
• needed if we truly want to leverage the cloud and
  service virtualization capabilities and
  efficiencies

4
Key Open Research Issues

• Current cloud research focused on
• Improving cloud infrastructure Virtual
  machines, Cloud OS etc.
• Semantic description of services, and even some
  composition work
• Limited research on how to use the cloud services
  efficiently
• Most steps in service negotiation, acquisition,
  and consumption/monitoring still require
  significant human intervention
• Difficult to manage service quality especially of
  composed services created by different providers

5
Key Contributions of Our Research

• A semantically rich, policy-based framework can
  be used to automate the lifecycle of virtualized
  services on the cloud
• Use semantic web languages/technologies
• Developed an integrated lifecycle of virtualized
  services on the Cloud
• Negotiation for cloud service acquisition by
  constraint relaxation
• Service quality framework

6
Service Lifecycle Methodology

• Our methodology divides Service processes
  Lifecycle on the Cloud into Five Phases
• Requirements, Discovery, Negotiation, Composition
  and Consumption
• This Methodology is applicable on any cloud
  deployment.
• We have developed high level ontologies for the
  five phases that enables automation.
• available in OWL at http//ebiq.org/o/itse/1.0/its
  o.owl

7
Phases of IT Services Lifecycle
Service specified
Provider(s) identified
New Service needed
Contract signed
Service delivered
8
Service Requirements

• Requirements for a service will include
• Functional specifications (tasks to be automated)
• Budgetary policies/Cost constraints
• Technical Policy specifications
• Human Agent Policy
• Security Policy
• Data Quality Policy
• Service Compliance Policy

9
Service Discovery

• Cloud Broker used to search available services
  that match the specifications
• Identify gaps that exist in services discovered
• Cloud Auditor or centralized registry, similar to
  UDDI, will certify the service provided.

10
Service Negotiation

• Discussion and agreement that the Service
  provider and consumer have regarding the Service.
• Service Level Agreements (SLA) finalized between
  consumer and provider
• Quality of Service (QoS) decided between primary
  provider and component providers.

11
Service Composition Phase

• One or more services provided by one or more
  providers are combined and delivered as a single
  Service
• SLA and QoS finalized in the negotiation phase
  used for determining service components and its
  orchestration (the sequence of execution)
• We reuse the OWL-S ontology to model and reason
  about compositions

12
Service Consumption Phase

• Composed Service is consumed and monitored in
  this phase
• Key measures like Service Performance and
  reliability are monitored using automated tools.
• SLA, QoS determine performance of the service
• Phase includes Service Delivery, Service payment
• Customer Satisfaction is tracked in this phase

13
Cloud Broker Architecture
Cloud User
User Interface
Translate to machine processable format
Final SLA for approval
1
9
4
Service
Cloud Service Broker agent
Service Discovery federated SPARQL query
2
5
SLA negotiation
Service URI
Final SLA
8
3
Service endpoint (provider agent)
6
Service URI
Final configuration
7
Virtual Service Instance (Eucalyptus/VCL)
Cloud Provider
14
Collaboration with NIST

• US government agency NIST working on
  standardizing cloud computing
• Member of Reference architecture and Taxonomy
  groups
• Member of Cloud Security group
• Prototype for NIST
• Automation of Cloud Storage Service acquisition,
  consumption /monitoring.
• Using Service lifecycle Ontologies developed by
  us.
• Platform using SPARQL, RDF, Web technologies
  Perl, HTML.
• NIST Cloud Computing workshop, Nov 2-4 2011.

15
Some Policies/Constraints

• Cloud security would like to mandate policies
  at the Cloud hardware level
• Data security policies
• US government compliance policies
• User authentication policy FIPS 140-2 is a
  standard used to accredit cryptographic modules.
• Trusted Internet Connection mandated to optimize
  individual external connections.
• Want to be interoperable across Cloud platforms

16
Storage Service Architecture
Cloud user
User Interface
ltrdfgt Rfs description lt/rdfgt
Cloud Service Procurer module
Cloud
ltrdfgt SLA description lt/rdfgt
Cloud Provider 3
Joseki SPARQL endpoint
Virtual Service Instance (Eucalyptus/Bluegrit)
17
NIST prototype demo
18
Request for Service RDF file

• lt?xml version"1.0"?gtltrdfRDF xmlns"http//www.
  w3.org/2002/07/owl" xmlnsxsd"http//www.w3.org
  /2001/XMLSchema" xmlnsdc"http//purl.org/dc/el
  ements/1.1/" xmlnsrdfs"http//www.w3.org/2000/0
  1/rdf-schema" xmlnsitso"http//ebiquity.umbc.e
  du/ontologies/itso/1.0/itso.owl"
  xmlnsstg"http//www.cs.umbc.edu/kjoshi1/storag
  e_ontology.owl" xmlnsrdf"http//www.w3.org/1999
  /02/22-rdf-syntax-ns"gt ltrdfDescription
  rdfabout"http//localhost/RFS"gtltitsoRFS_Respon
  d_By_Dategt Fri Apr 27 115349 2012
  lt/itsoRFS_Respond_By_DategtltitsoExpected_Begin_D
  ate_of_Servicegt 1-1-2012 lt/itsoExpected_Begin_Dat
  e_of_ServicegtltitsoService_Cost_Constraintgt 0
  lt/itsoService_Cost_ConstraintgtltitsoService_Loca
  tion_constraintgt global lt/itsoService_Location_co
  nstraintgtltstgstoragegt 2GB lt/stgstoragegtltstgba
  ckupgt Weekly lt/stgbackupgtltstgavailabilitygt 95
  lt/stgavailabilitygtltstgdatadeletiongt data
  archived lt/stgdatadeletiongtltstgEncryptiongt
  Data Encrypted lt/stgEncryptiongtltstgauthenticati
  ongt FIPS 140 2 supported lt/stgauthenticationgtltst
  gVMseparationgt VM separation lt/stgVMseparationgt
  ltstgstorage_interfacegt SOAP WSDL
  lt/stgstorage_interfacegtltstgTIC_connectiongt TIC
  Compliant lt/stgTIC_connectiongtltstgCC_EALgt 3
  lt/stgCC_EALgtltstgcloud_instance_sizegt 1GB
  lt/stgcloud_instance_sizegtltstgcloud_instance_spe
  edgt 1GHz lt/stgcloud_instance_speedgtltstgcloud_in
  stance_coresgt 10 lt/stgcloud_instance_coresgtlt/rdf
  Descriptiongtlt/rdfRDFgt

19
Storage Service Broker URL

• http//cs.umbc.edu/kjoshi1/nist_demo/

20
Summary

• For broader adoption of cloud computing, we need
  to automate cloud service processes
• Developed an integrated methodology to acquire,
  consume and monitor services on the cloud.
• Future work improving upon the cloud broker
  integration with VCL
• Ontologies in public domain.
• Publications available at http//ebiq.org/j/93