Policy based Cloud Policy based Cloud Services on a VCL platformServices on a VCL platform

Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi

University of Maryland, Baltimore County

Cloud Computing : The present

• New paradigm for IT services delivery▫ IaaS, PaaS, SaaS, …… , XaaS

• Focus is on “virtualizing” resources▫Great progress in dynamic provisioning at

hardware resource level▫Software/Service is still relatively statically

provisioned

• Gaps in current work▫Lack of Cloud “service engineering”▫Managing the entire lifecycle automatically

Future Vision for Cloud

•Virtualized Services on the Cloud▫Service dynamically composed - On Demand

composition▫Service structure/components not pre-

determined▫Multiple provisioning.

•Moving from totally manual to mostly automatic ▫needed if we truly want to leverage the cloud

and service virtualization capabilities and efficiencies

Key Open Research Issues

• Current cloud research focused on ▫ Improving cloud infrastructure – Virtual machines,

Cloud OS etc.▫ Semantic description of services, and even some

composition work

• Limited research on how to use the cloud services efficiently ▫ Most steps in service negotiation, acquisition, and

consumption/monitoring still require significant human intervention

• Difficult to manage service quality especially of composed services created by different providers

Key Contributions of Our ResearchA semantically rich, policy-based framework can be used to automate the lifecycle of virtualized services on the cloud

▫Use semantic web languages/technologies

1.Developed an integrated lifecycle of virtualized services on the Cloud2.Negotiation for cloud service acquisition by constraint relaxation 3.Service quality framework

Service Lifecycle Methodology

• Our methodology divides Service processes Lifecycle on the Cloud into Five Phases▫Requirements, Discovery, Negotiation,

Composition and Consumption

• This Methodology is applicable on any cloud deployment.

•We have developed high level ontologies for the five phases that enables automation. ▫ available in OWL at http://ebiq.org/o/itse/1.0/itso.owl

Phases of IT Services Lifecycle

Service Requirements Service

Discovery

Service Negotiation

Service Composition

Service Consumption

SERVICE CLOUD

CONSUMER

Service delivered

Contract signed

Provider(s) identified

Service specified

New Service needed

Service Requirements

Requirements for a service will include

•Functional specifications (tasks to be automated)

▫Budgetary policies/Cost constraints

•Technical Policy specifications

•Human Agent Policy

•Security Policy

•Data Quality Policy

•Service Compliance Policy

Service Discovery

•Cloud Broker used to search available services that match the specifications

•Identify gaps that exist in services discovered

•Cloud Auditor or centralized registry, similar to UDDI, will certify the service provided.

Service Negotiation

•Discussion and agreement that the Service provider and consumer have regarding the Service.

•Service Level Agreements (SLA) finalized between consumer and provider

•Quality of Service (QoS) decided between primary provider and component providers.

Service Composition Phase

• One or more services provided by one or more providers are combined and delivered as a single Service

• SLA and QoS finalized in the negotiation phase used for determining service components and its orchestration (the sequence of execution)

• We reuse the OWL-S ontology to model and reason about compositions

Service Consumption Phase

•Composed Service is consumed and monitored in this phase

•Key measures like Service Performance and reliability are monitored using automated tools.▫SLA, QoS determine performance of the service

•Phase includes Service Delivery, Service payment

•Customer Satisfaction is tracked in this phase

Cloud Broker Architecture

User InterfaceUser Interface

Cloud Service Broker agentCloud Service Broker agent

Translate to machine processable format

Cloud Provider

SLA negotiation

Final SLA for approval

Virtual Service Instance (Eucalyptus/VCL)

Service endpoint (provider agent)

Service URI

Service

Cloud User

ServiceDiscovery federated SPARQL query

Final configuration

4

8

9

3

1

2

6 Service URI7

Final SLA

5

13

Collaboration with NIST• US government agency NIST working on

standardizing cloud computing ▫ Member of Reference architecture and Taxonomy

groups▫ Member of Cloud Security group

•Prototype for NIST▫Automation of Cloud Storage Service acquisition,

consumption /monitoring.▫Using Service lifecycle Ontologies developed by

us. ▫Platform: using SPARQL, RDF, Web technologies –

Perl, HTML. ▫NIST Cloud Computing workshop, Nov 2-4 2011.

Some Policies/Constraints …

•Cloud security – would like to mandate policies at the Cloud hardware level

•Data security policies•US government compliance policies

▫User authentication policy : FIPS 140-2 is a standard used to accredit cryptographic modules.

▫Trusted Internet Connection mandated to optimize individual external connections.

•Want to be interoperable across Cloud platforms

Cloud Provider 3

Storage Service Architecture

User Interface

Cloud Service Procurer module

Translate to machine process able format

Cloud

SLA negotiation

Final SLA

Virtual Service Instance

(Eucalyptus/Bluegrit)

Virtual Service Instance

(Eucalyptus/Bluegrit)

Joseki SPARQL endpoint

Cloud Provider 2

Joseki SPARQL endpoint

Virtual Service Instance

(Eucalyptus/Bluegrit)

Virtual Service Instance

(Eucalyptus/Bluegrit)

Respond

Service URI

Service

Cloud Provider 1

Joseki SPARQL endpoint

Virtual Service Instance

(Eucalyptus/Bluegrit)

Virtual Service Instance

(Eucalyptus/Bluegrit)

Discover service

<rdf> Rfs description </rdf>

<rdf> SLA description </rdf>

<rdf> SLA description </rdf>

Cloud user

NIST prototype demo

Request for Service : RDF file<?xml version="1.0"?><rdf:RDF xmlns="http://www.w3.org/2002/07/owl#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:itso="http://ebiquity.umbc.edu/ontologies/itso/1.0/itso.owl" xmlns:stg="http://www.cs.umbc.edu/~kjoshi1/storage_ontology.owl" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="http://localhost/RFS"><itso:RFS_Respond_By_Date> Fri Apr 27 11:53:49 2012 </itso:RFS_Respond_By_Date><itso:Expected_Begin_Date_of_Service> 1-1-2012 </itso:Expected_Begin_Date_of_Service><itso:Service_Cost_Constraint> 0 </itso:Service_Cost_Constraint><itso:Service_Location_constraint> global </itso:Service_Location_constraint><stg:storage> 2GB </stg:storage><stg:backup> Weekly </stg:backup><stg:availability> 95 </stg:availability><stg:datadeletion> data archived </stg:datadeletion><stg:Encryption> Data Encrypted </stg:Encryption><stg:authentication> FIPS 140 2 supported </stg:authentication><stg:VMseparation> VM separation </stg:VMseparation><stg:storage_interface> SOAP WSDL </stg:storage_interface><stg:TIC_connection> TIC Compliant </stg:TIC_connection><stg:CC_EAL> 3 </stg:CC_EAL><stg:cloud_instance_size> 1GB </stg:cloud_instance_size><stg:cloud_instance_speed> 1GHz </stg:cloud_instance_speed><stg:cloud_instance_cores> 10 </stg:cloud_instance_cores></rdf:Description></rdf:RDF>

Storage Service Broker URL

http://cs.umbc.edu/~kjoshi1/nist_demo/

Summary

•For broader adoption of cloud computing, we need to automate cloud service processes

•Developed an integrated methodology to acquire, consume and monitor services on the cloud.

•Future work: improving upon the cloud broker integration with VCL

•Ontologies in public domain.•Publications available at http://ebiq.org/j/93