Professional Documents
Culture Documents
16
NOVEMBER/DECEMBER 2016
www.computer.org/cloudcomputing
Contents | Zoom in | Zoom out For navigation instructions please click here Search Issue | Next Page
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
http://mycs.computer.org
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Contents | Zoom in | Zoom out For navigation instructions please click here Search Issue | Next Page
16
NOVEMBER/DECEMBER 2016
www.computer.org/cloudcomputing
Contents | Zoom in | Zoom out For navigation instructions please click here Search Issue | Next Page
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
FUTURE
TECHNOLOGIES,
TRENDS,
TECH GURUS
Featuring
Learn the latest trends and best practices, Steve Wozniak &
and hear case studies from thirty-three of Grady Booch
todays top technology gurus as they dispel Also, Googles Head of Quantum-
the myths about disruptive technologies Hardware Team, CTO Homeland
and demonstrate actionable problem solving Security, and Ubers Machine
techniques you can apply today. Learning & AI Guru
www.computer.org/TechIgnite
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
EDITOR IN CHIEF
Mazin Yousif, T-Systems International, mazin@computer.org
_____________
EDITORIAL BOARD
Pascal Bouvry, University of Luxembourg David Linthicum, Cloud Technology Partners
Ivona Brandic, Vienna University of Technology Christine Miyachi, Xerox Corporation
Christopher Crin, University of Paris 13 Omer Rana, Cardiff University
Kim-Kwang Raymond Choo, University Rajiv Ranjan, Newcastle University
of Texas at San Antonio Lutz Schubert, Ulm University
Beniamino Di Martino, Second University of Naples Alan Sill, Texas Tech University
Mianxiong Dong, Muroran Institute of Technology Zahir Tari, RMIT University
Keith G. Jeffery, Keith G. Jeffery Consultants Joe Weinman
and Cardiff University Yongwei Wu, Tsinghua University
STEERING COMMITTEE
Sherman Shen, University of Waterloo (chair, Hui Lei, IBM
Communications Society liaison) V.O.K. Li, University of Hong Kong
Kirsten Ferguson-Boucher, Aberystwyth University (Communications Society liaison)
Raouf Boutaba, University of Waterloo Rolf Oppliger, eSecurity Technologies
(Communications Society Liaison) Manish Parashar, Rutgers, the State University of New Jersey
Carl Landwehr, NSF, IARPA (EIC Emeritus IEEE S&P)
IEEE Cloud Computing (ISSN 2325-6095) is published bimonthly by the IEEE Subscription rates: IEEE Computer Society members get the lowest rate of US$39
Computer Society. IEEE headquarters: Three Park Ave., 17th Floor, New York, NY per year. Go to www.computer.org/subscribe to order and for more information on
10016-5997. IEEE Computer Society Publications Office: 10662 Los Vaqueros Cir., Los other subscription prices.
Alamitos, CA 90720; +1 714 821 8380; fax +1 714 821 4010. IEEE Computer Society
headquarters: 2001 L St., Ste. 700, Washington, DC 20036.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
24
CONTENT
What will the future of cloud computing look like? What are some of the issues
professionals, practitioners, and researchers need to address when utilizing cloud
services? IEEE Cloud Computing magazine serves as a forum for the constantly
shifting cloud landscape, bringing you original research, best practices, in-depth
analysis, and timely columns from luminaries in the eld.
THEME ARTICLES
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
54 64
November/December 2016
Volume 3, Issue 6
www.computer.org/cloudcomputing
COLUMNS
Reuse Rights and Reprint Permissions: Educational or personal use of this material is permitted without fee, provided such use: 1) is not made for profit; 2)
includes this notice and a full citation to the original work on the first page of the copy; and 3) does not imply IEEE endorsement of any third-party products
or services. Authors and their companies are permitted to post the accepted version of their IEEE-copyrighted material on their own Web servers without
permission, provided that the IEEE copyright notice and a full citation to the origin al work appear on the first screen of the posted copy. An accepted manu-
script is a version which has been revised by the author to incorporate review suggestions, but not the published version with copyediting, proofreading and
formatting added by IEEE. For more information, please go to: http://www.ieee.org/publications_standards/publications/rights/paperversionpolicy.html.
Permission to reprint/republish this material for commercial, advertising, or promotional purposes or for creating new collective works for resale or redistribu-
tion must be obtained from the IEEE by writing to the IEEE Intellectual Property Rights Office, 445 Hoes Lane, Piscataway, NJ 08854-4141 or ________
pubs-permissions
@ieee.org.
____ Copyright 2016 IEEE. All rights reserved.
Abstracting and Library Use: Abstracting is permitted with credit to the source. Libraries are permitted to photocopy for private use of patrons, provided the
per-copy fee indicated in the code at the bottom of the first page is paid through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923.
IEEE prohibits discrimination, harassment, and bullying. For more information, visit www.ieee.org/web/aboutus/whatis/policies/p9-26.html.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
.computer.org/cloud-computing/editorial-board). The
magazine also has a steering committee with mem-
bership from the two IEEE societies that sponsor
the magazine: the IEEE Computer Society and the
IEEE Communications Society. Additionally, Ive
established an advisory board for each column, led
by the column lead editor. All columns are reviewed
MAZIN YOUSIF by their respective advisory board before being sub-
mitted to the magazines editorial board for further
T-Systems International review. The advisory boards have proved to be very
mazin@computer.org
______________ effective in ensuring the quality of the columns we
publish in every issue.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Interest in the magazine has been healthy, with MAZIN YOUSIF is the editor in chief of IEEE
subscriptions consistently increasing. Weve also Cloud Computing. Hes the chief technology offi -
heard from many that the magazine is a must-read cer and vice president of architecture for the Royal
for cloud professionals and researchers because it Dutch Shell Global account at T-Systems, Interna-
not only covers research topics, but it also describes tional. Yousif has a PhD in computer engineering
actual on-the-ground cloud experiences. Many fac- from Pennsylvania State University. Contact him at
tors have contributed to the magazines success, in- mazin@computer.org.
______________
cluding the diversity of cloud topics we cover, the
quality and ease of reading the articles, the value
readers draw from the articles, and the timeliness Read your subscriptions through
of the articles we publish. I can also imagine that the myCS publications portal at
http://mycs.computer.org.
the composition and international stature of the
magazines editorial board have a role in attracting
subscriptions.
The magazine has embarked on several out-
reach undertakings to help increase readership and
subscriptions. One such activity is the collabora-
tion with the IEEE Cloud Computing Community,
which includes a plan to develop podcasts, blogs,
and an extensive social networking presence. To
smooth this collaboration, Ive agreed to serve on
the IEEE Cloud Computing Communitys steering
committee; similarly, the lead of the IEEE Cloud
Computing Community will serve on the maga-
zines editorial board. The IEEE Cloud Community 2017 B. Ramakrishna Rau Award
has doubled in size since 2015 and is now around
12,000 strong, so we expect this to be a strong and
Call for Nominations
fruitful partnership. +RQRULQJFRQWULEXWLRQVWRWKHFRPSXWHUPLFURDUFKLWHFWXUHHOG
Another outreach activity involves cloud com-
puting conferences. For this, we are looking at New Deadline: 1 May 2017
possibly publishing manuscripts judged as the con-
Established in memory of Dr. B. (Bob) Ramakrishna
ferences best paper after they meet IEEE require- Rau, the award recognizes his distinguished career in
promoting and expanding the use of innovative comput-
ments for publications. er microarchitecture techniques, including his innovation
in complier technology, his leadership in academic and
industrial computer architecture, and his extremely high
personal and ethical standards.
GOING FORWARD, WELL CONTINUE ALONG WHO IS ELIGIBLE?: The candidate will have made an
THE SAME PATH WEVE CHARTED FOR THE outstanding innovative contribution or contributions to microarchitecture,
use of novel microarchitectural techniques or compiler/architecture
MAGAZINE. Were planning four special issues interfacing. It is hoped, but not required, that the winner will have also
contributed to the computer microarchitecture community through
for 2017 covering topics such as mobile cloud, teaching, mentoring, or community service.
cloud-native applications, and middleware for cloud AWARD:&HUWLFDWHDQGDKRQRUDULXP
computing. If there are any specific cloud topics or PRESENTATION: Annually presented at the ACM/IEEE International
burning issues youd like us to covereither as a Symposium on Microarchitecture
special issue or in our columnsI urge you to con- NOMINATION SUBMISSION: This award requires 3 endorsements.
Nominations are being accepted electronically: www.computer.org/web
tact us and make your requests known. /awards/rau
______
Finally, Id like to take this opportunity to thank CONTACT US: Send any award-related questions to awards@computer.org
__________
the staff for helping us deliver an outstanding maga- www.computer.org/awards
zine. They are instrumental in every step of the pub-
lication process.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD TIDBITS
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD TIDBITS
of cloud platforms, including those that provide the noted in an email, portability of container cluster-
most cost and performance efficiencies, and therefore ing and orchestration is likely to quickly become the
applications can be distributed and optimized as to bottleneck.
their use of the platform from within the container.
For example, an I/O-intensive portion of the applica- Making the Business Case
tion could run on a bare metal cloud that provides The problem with technical assertions is that they
the best performance, while a compute-intensive por- need to define a business benefit to be accepted by
tion of the application runs on a public cloud that the industry as a best practice. The technical benefits
provides the proper scaling and load balancing. Per- Ive defined need to be translated into direct business
haps even a portion of the application could run on benefits that provide a quick return on investment.
traditional hardware and software. They all work One business benefit is the ability to automati-
together to form the application, and the application cally find least-cost cloud providers. Part of the ben-
is separated into components that can be optimized. efit of moving from cloud to cloud is that you can
Finally, theres the ability to provide automation leverage this portability to find the least-cost pro-
services that offer policy-based optimization and vider. Assuming most things are equal, the applica-
self-configuration. None of this works without pro- tions within a set of containers can live migrate to a
viding an automation layer that can automagically cloud that offers price advantages for similar types
find the best place to run the container, as well as of cloud services, such as storage.
For example, an inventory control
application that exists within a doz-
en or so containers might have some
storage-intensive components that cost
$100,000 a month on AWS. However,
The problem with technical Google charges $50,000 a month for
assertions is that they need to define the same types of resources. Under-
a business benefit to be accepted by standing this configuration possibility
within the orchestration layer, the con-
the industry as a best practice.
tainers can automigrate/live migrate to
the new cloud where theres a 50 per-
cent savings. If Google raises its pric-
es and AWS lowers theirs, the reverse
could occur.
deal with the changes in the configurations, and These automation concepts also support better
other things specific to the cloud platforms where reliability. Weve all done business cases around up-
the containers reside. time and down-time. In some instances, businesses
However, weve learned that n-tier applications can lose as much as $1 million an hour when sys-
have inherent limitations. They are designed to tems arent operating. Even if the performance issue
scale up with very little focus paid on scaling down lasts for only an hour or two, the lost productivity
and no attention paid to scaling out or in. They typi- can move costs well into thousands of dollars per
cally are rife with single points of failure and tend to minute.
manage their own state via the use of cluster-style This architecture shown in Figure 1 can help
computing. Each tier of the n-tiered architecture avoid outages and related performance issues by
must be scaled independently of the other tiers.3 opening other cloud platforms where the container
Also, keep in mind that the automation/orches- workloads can relocate if issues occur on the pri-
tration required will not always be portable. Indeed, mary clouds. For example, if AWS suffers an out-
thats likely the new lock-in layer; once youve built age, the containers can be relocated to Google in
out the operational side, how easy is it to migrate a matter of minutes, where they can operate once
from cloud to cloud? As Lori MacVittie of F5.com again until the problem is resolved. You might
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
choose to run redundant versions of the containers time, moving from a true platform to good contain-
on both clouds, supporting an active/active type of er hosts. It will be interesting to see if the larger
recovery platform. providers want to take on that role. Considering
provider interest in Docker, that indeed could be
Facing Realities their direction.
Containers might sound like distributed application The core question now: if this is the destination
nirvana. They certainly offer a better way to utilize of this technology and application hosting on cloud-
emerging cloud-based platforms. However, there are based platforms, should I redirect resources toward
many roadblocks in front of us and a lot of work to this new vision? I suspect that most enterprises
be done. already have their hands full with the great cloud
We need to consider the fact that current tech- migration. However, as we get better at cloud ap-
nology cant provide this type of automation. Al- plication architectures using approaches that better
though it can certainly manage machine instances, account for both automation and portability, well
even containers, using basic policy and scripting eventually land on containers.
approaches, automatically moving containers from
cloud to cloud using policy-driven automation, in- Acknowledgments
cluding autoconfiguration and autolocalization, isnt Part of this article was derived from research Ive
there yet. done at Gigaom Pro, which is now out of business.
Also, weve only just begun our Docker con-
tainer journey. We still have a lot to learn about the References
technologys potential as well as its limitations. As 1. Rightscale, State of the Cloud Report, 2016;
we learned from the use of containers and distrib- https://w w w.r ightscale.com / lp/state-of-the
________________________________
uted objects from years ago, the only way this tech- -cloud?campaign=701700000015euX.
________________________
nology can provide value is through coordinating 2. D. Linthicum, Fad? No, Containers Are Here to
clouds that support containers. Although having a Stay, InfoWorld, 12 Feb. 2016; www.infoworld
standard here is great, history shows that vendors .com/article/3032164/cloud-computing/fad-no
and providers tend to march off in their own propri- -containers-are-here-to-stay.html.
______________________
etary directions for the sake of market share. If that 3. D. Linthicum, Containers Are Designed for an An-
occurs, all is lost. tiquated Application Architecture, Container J.,
The final issue is complexity. It only seems like 5 June 2015; http://containerjournal.com/2015/
were making things less complex. Over time, the 06/05/containers-are-designed-for-an-antiquated
________________________________
use of containers as the means of platform abstrac- -application-architecture.
________________
tion will result in applications that morph toward
architectures that are much more complex and dis-
tributed. Moving forward, it might not be unusual DAVID S. LINTHICUM is senior vice president of
to find applications that exist in hundreds of con- Cloud Technology Partners. He also frequently writes
tainers, running on dozens of different models and for InfoWorld on deep technology subjects. His re-
brands of cloud computing. The more complex these search interests include complex distributed systems,
things become, the more vulnerable they are to op- including cloud computing, data integration, service-
erational issues. oriented architecture, Internet of Things, and big data
systems. Contact him at __________________
david@davidlinthicum.com.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
<<has>>
Dependency
Aggregation Physician Patient Pathologist
Communication ow
<<treated by>> <<examined by>>
second communication flow between primary and scenario, however, complicates the design and imple-
secondary healthcare providers. Such a communica- mentation of the underlying information and com-
tion flow is also of interest to the administration of munications technology (ICT) infrastructure, which
the secondary healthcare structures and providers. can comprise systems that arent interoperable. For
Healthcare providers have been shifting from example, integrating all existing local (including
paper-based record systems2 to electronic medical legacy) systems to satisfy the following requirements
record (EMR)3 and electronic health record (EHR)4 remains a research and operational challenge:
systems to improve patient care quality.5,6 Internal
and external patient mobility has also been increas- having a decentralized and distributed design,
ing, for example, due to inter- and cross-country mi- allowing asynchronous interactions,
gration and the availability of cheaper treatment in providing flexible data and service integration,
other countries. In Europe, for example, the 1985 and
Schengen Agreement and the central principle with- supporting security mechanisms with respect to
in the European Union (EU) of freedom of move- privacy regulations.
ment for people, goods, and services (see Directive
2011/24/EU on patient rights in cross-border health- Currently, theres an ongoing debate on the util-
care; http://eur-lex.europa.eu/eli/dir/2011/24/oj) also ities and challenges of hosting and sharing of medi-
played a role in increasing external patient mobility. cal data in a cloud platform, despite the potential
Thus, we need an efficient and secure way to benefits of outsourcing health-related data to the
share medical data between various healthcare cloud for storage, processing, and sharing (including
providers and other key stakeholders (including pa- cost optimization, ease of data management, flex-
tients), regardless of geographical locations. Such a ibility, maintainability, and scalability).
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Healthcare Healthcare
provider provider
Hospital General
physicians practitioners
Clinical Health
documents records
Cloud Identities
platform Billing Patients
reports and
consent
Laboratory Hospital
pathologists physicians
General
practitioners
Figure 2 illustrates how cloud computing can As with all technologies, cloud deployments in
be adopted within the healthcare domain for medi- the healthcare industry are vulnerable to threats
cal data management. Each healthcare provider posed by both external attackers and employees
has access to or hosts a cloud platform, which can or vendors associated with the cloud service pro-
be used to store, process, and share data among vider (that is, insider threats). Security research-
patients, healthcare personnel, and other relevant ers have attempted to solve such challenges, for
stakeholders (such as centers for disease control example, by using cryptographic solutions such
and prevention if an outbreak is detected). Such a as privacy-preserving cloud solutions.8 In recent
platform can also host services for managing the work, for example, a team of computer security
identities of all registered users, patient consent, researchers presented a framework for handshake
and patient health records and reports. The cloud schemes in mobile healthcare social networks.9
platform can also support the healthcare providers They constructed an efficient cross-domain hand-
administrative processes, such as generating and shake scheme that allows symptoms matching with-
updating billing reports and disbursing funds. To in mobile healthcare social networks. This allows
meet patients mobility needs, public and private patients who have matching symptoms and are
cloud platforms used by different healthcare pro- registered with one or more healthcare providers
viders can be federated using an intercloud in- to mutually authenticate each other and establish
frastructure to share patient data, generate billing a secure communication session. The authors im-
records, and so on.7 plemented a prototype of the scheme using an An-
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
droid app.9 Another work presents a cryptographic tomate the provisioning process even in a multicloud
scheme designed to provide fine-grained database environment to avoid vendor lock-in, and continu-
field search on healthcare clouds.10 The scheme ously monitor the delivered services to enforce the
lets an authorized user (such as a healthcare pro- security SLAs.
vider or medical researcher) securely and efficient- EU projects, such as Secure Provisioning of
ly search for values in the fields of the table of the Cloud Services based on SLA management (SPECS,
12
relevant EHRs. www.specs-project.eu),
______________ Multicloud Secure Appli-
13
Lack of control over the outsourced data is cations (MUSA, www.musa-project.eu),
______________ and SLA-
another key concern.11 Various data privacy and Ready (www.sla-ready.eu), are actively researching
healthcare-related legislation regulate sensitive the definition of security SLA models that can be
data, such as medical records. For example, the up- easily used by customers to express their security re-
coming EU Data Protection Directive states that any quirements and by providers to manage the security
personal data generated within the EU is subject to services and policies granted to their users. Existing
the European law and data can only be shared with security SLA models primarily provide standard se-
a third party if its owner is notified. Again, personal curity controls and have innovative security metrics
data cant leave the EU, unless its sent to a country that enable cloud service providers to realistically
that provides an adequate level of protection (for ex- measure and guarantee security. However, its still
ample, by participating in potential new EU-US data early and both researchers and standardization bod-
sharing agreements). ies are still studying the effectiveness of such secu-
Moreover, restrictions on personal data stor- rity SLA models.14
age and access differ even among states within the
same country or region. Within the EU, for exam-
ple, some countries, like France and Denmark, have THIS IS A FIRST STEP TOWARD THE ADOP-
broad restrictions, whereas others, like Italy and TION OF PER-SERVICE SECURITY SLAS, IN-
Germany, have no or limited restrictions for certain CLUDING IN THE HEALTHCARE INDUSTRY.
types of data. Furthermore, regulations in different Research opportunities include the design of ef-
countries can conflict, such as the regulation con- fective security SLA models that will fulfill specific
cerning data owners and the regulation concerning user requirements, such as data geolocation, and
datacenter locations. In the United States, the 2001 compliance with the relevant legislation (for exam-
Patriot Act allows US intelligence agencies to access ple, the Health Insurance Portability and Account-
personal data managed by US companies, without ability Act of 1996 for US healthcare providers) and
notifying data owners. This is in clear violation of international standards.
the EU directive, should cloud service providers or
healthcare providers decide to abide by the US Pa- References
triot Act. In theory, a solution could be to restrict 1. C. Esposito, M. Ciampi, and G. De Pietro, An
EU datacenters to be located in a European country, Event-Based Notification Approach for the Deliv-
but in practice, such a requirement (or restriction) is ery of Patient Medical Information, Information
seldom part of the service-level agreements (SLAs) Systems, vol. 39, Jan. 2014, pp. 2244.
offered by (major) cloud service providers. 2. T. Schabetsberger et al., From a Paper-Based
Introducing security-related SLAs is another Transmission of Discharge Summaries to Elec-
promising approach to the provisioning of innovative tronic Communication in Healthcare Regions,
and secure cloud services, including in the health- Intl J. Medical Informatics, vol. 75, nos. 34,
care domain. There are, however, several challenges 2006, pp. 209215.
associated with the provision of cloud services based 3. M. Steward, Electronic Medical Records, J. Le-
on security SLAs. For example, how do we represent gal Medicine, vol. 26, no. 4, 2005, pp. 491506.
security in such a way that its understandable by 4. K. Hyrinena, K. Sarantoa, and P. Nyknenb,
both users and providers, as well as quantifiable and Definition, Structure, Content, Use and Im-
measurable? We also need to ensure that we can au- pacts of Electronic Health Records: A Review of
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
the Research Literature, Intl J. Medical Infor- odologies to design and evaluate distributed systems,
matics, vol. 77, no. 5, 2008, pp. 291304. including cyberphysical infrastructures, cloud sys-
5. R. Hillestad et al., Can Electronic Medical Re- tems, and Web services. Casola has a PhD in electron-
cord Systems Transform Health Care? Potential ic engineering from the Second University of Naples.
Health Benefits, Savings, and Costs, Health Af- Contact her at ___________
casolav@unina.it.
fairs, vol. 24, no. 5, 2005, pp. 11031117.
6. R. Hauxe, Health Information SystemsPast,
Present, Future, Intl J. Medical Informatics, vol. ANIELLO CASTIGLIONE is an adjunct professor of
75, nos. 34, 2006, pp. 268281. computer science at the University of Salerno, Italy,
7. C. Esposito et al., Interconnecting Federated and the University of Naples Federico II, Italy. His
Clouds by Using Publish-Subscribe Service, Clus- research interests include security, communication
ter Computing, vol. 16, no. 4, 2013, pp. 887903. networks, information forensics and security, and ap-
8. C. Esposito, A. Castiglione, and K.-K. R. Choo, plied cryptography. Castiglione has a PhD in comput-
Encryption-Based Solution for Data Sovereignty er science from the University of Salerno, Italy. Hes a
in Federated Clouds, IEEE Cloud Computing, member of several associations, including IEEE and
vol. 3, no. 1, 2016, pp. 1217. ACM. Contact him at castiglione@ieee.org.
_____________
9. D. He et al., A Provably-Secure Cross-Domain
Handshake Scheme with Symptoms-Matching
for Mobile Healthcare Social Network, IEEE KIM-KWANG RAYMOND CHOO holds the
Trans. Dependable and Secure Computing, in Cloud Technology Endowed Professorship at the Uni-
press, doi: 10.1109/TDSC.2016.2596286. versity of Texas at San Antonio. His research interests
10. C. Guo et al., Fine-Grained Database Field include cyber and information security and digital
Search Using Attribute-Based Encryption for forensics. Choo has a PhD in information security
E-Healthcare Clouds, J. Medical Systems, vol. from Queensland University of Technology, Australia.
40, 2016, article 235. Hes a fellow of the Australian Computer Society and
11. Cloud Computing Risk Assessment, European a senior member of IEEE. Contact him at raymond
______
Union Agency for Network and Information Se- .choo@fulbrightmail.org.
________________
curity (ENISA), 2009; www.enisa.europa.eu/
publications/cloud-computing-risk-assessment.
______________________________
12.M. Rak et al., Security as a Service Using an CHRISTIAN ESPOSITO is an adjunct professor of
SLA-based Approach via SPECS, Proc. IEEE computer programming at the University of Naples
Intl Conf. Cloud Computing Technology and Sci- Federico II, Italy, and the University of Salerno,
ence (CloudCom), 2013, pp. 749755. Italy, where hes also a research fellow. His research
13. E. Rios et al., Towards Self-Protective Multi- interests include information security and reliability,
Cloud Applications: MUSA-A Holistic Frame- middleware, and distributed systems. Esposito has a
work to Support the Security-Intelligent Life- PhD in computer engineering from the University of
cycle Management of Multi-Cloud Applications, Naples Federico II, Italy. Contact him at _____
esposito
Proc. 5th Intl Conf. Cloud Computing and Ser- @unisa.it.
______
vices Science, 2015, pp. 551558.
14. V. Casola et al., Providing Security SLA in Next
Generation Data Centers with SPECS: The EMC
Case Study, Proc. 6th Intl Conf. Cloud Comput-
ing and Services Science, 2016, pp. 138145.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Special Issue on
Multicloud
Submission deadline: 2 January 2017 Publication date: July/August 2017
A
s Cloud Computing evolved to a widely used cloud federations,
computing as a service model, limitations and intrinsic scheduling and load balancing,
characteristics of monolithic cloud provider offerings hybrid clouds,
emerged. Moreover, specialized computing power such as
autonomic management,
clusters, GPUs, solid state storage, and specific applications
multicloud and the Internet of Things,
at different service levels can now be acquired as services
from different providers. The use of a combination of cloud QoS and QoE,
services from various providers can be performed to contour economic and business models,
limitations of a single provider and enhance application cross-service-level management (IaaS, PaaS, SaaS,
execution by gathering together the necessary specific, on and XaaS),
demand resources for a wide range of applications. incentive mechanisms, and
multiclouds and green computing.
This IEEE Cloud Computing Magazine Special Issue on
Multicloud aims to cover all aspects of connecting multiple
clouds to allow automatic, transparent, and on demand Guest Editors
application execution that takes advantage from the synergy
Dr. Luiz F. Bittencourt, University of Campinas
among resources of different providers. For this synergy to
Dr. Rodrigo N. Calheiros, University of Melbourne
become effective and efficient, connecting different providers
across their boundaries brings new, challenging efforts. Dr. Craig A. Lee, Aerospace Corporation
Multicloud deployment must solve challenges that include
resource management and scheduling, identity management, Submission Information
trust and security issues, business models, and incentive
mechanisms in multicloud environments. We invite authors to Submissions should be 3,000 to 5,000 words long, with a
submit outstanding and original manuscripts on the following maximum of 15 references, and should follow the magazines
topics within the context of multiclouds: guidelines on style and presentation (see ______________
https://www.computer
.org/web/peer-review/magazines for full author guidelines). All
brokering mechanisms, submissions will be subject to single-blind, anonymous review
resource discovery and management, in accordance with normal practice for scientific publications.
security and privacy, For more information, contact the guest editors at _______
ccm4-2017
authentication and authorization, @computer.org.
__________
applications and case studies, Authors should not assume that the audience will have
auditing and accounting, specialized experience in a particular subfield. All accepted
multicloud APIs, articles will be edited according to the IEEE Computer Society
monitoring, style guide (www.computer.org/web/publications/styleguide).
data management, Submit your papers through Manuscript Central at ____
https://
performance modeling and evaluation, mc.manuscriptcentral.com/ccm-cs.
www.computer.org/cloudcomputing
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD ECONOMICS
The Economics will leave websites that are too slow. Slow internal ap-
plications can reduce labor productivity and impact
customer experience. Consider a call center where
a customers problem is exacerbated because our
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
completion times are made to run in parallel, the 0.82764544 0.80097638 0.693801038 0.650112619
variability in task completion times means that if 0.430864605 0.87435936 0.350607113 0.763772409
one task takes too long, the job can miss its dead- 0.786577071 0.503210069 0.720215722 0.757302994
line or response time objective. Think of it this 0.089915818 0.336404981 0.611928688 0.529278606
way: in a relay race (where runners tasks are se- 0.591014395 0.37038561 0.840855984 0.318257232
rial), a slow runner on the first lap can be balanced 0.264674834 0.691100195 0.274698212 0.977968702
out by a fast runner on the next lap. But in a three- 0.740197593 0.647566387 0.119356939 0.710573222
legged (parallel) sack race, it doesnt matter how 0.606517915 0.833672637 0.624303139 0.662939496
fast the faster runner in a pair is, only how slow the 0.962940316 0.093809678 0.200159041 0.352320135
0.542603115 0.199602319 0.738504371 0.299977249
slower runner is. To put it differently, the speed of
a family hiking through the woods doesnt depend
(a)
on the track-star parent, but on the four-year old
with a sprained ankle.
At its core, the issue has to do with the behav-
ior of two simple equationsthe sum of random
variables X1 + X2 + + Xn versus the maximum of
random variables max(X1, X2, , Xn). As n increas-
es, the coefficient of variation of the sumthat is,
the standard deviation relative to the meantends
to decrease.3 As a result, the ability to predict the
completion time of the job made up of time-varying
tasks, and therefore reliably meet a deadline, tends
to increase.
In other words, whereas parallel processing in
an elastic, pay-per-use cloud can generate numerous
benefits, theres a hidden downside due to the fun-
damental statistics and interrelationships of tasks 0 0.2 0.4 0.6 0.8 1.0
whose completion times are stochastic.
(b)
Statistics of the Maximum FIGURE 1. (a) Forty sample values of independent, identically distributed
Suppose that X1, X2, , Xn are uniformly distributed random variables uniformly distributed on the [0, 1] interval. (b) Graphical
on the range [0, 1]. Using a spreadsheet program, we view of the distribution.
can let n = 40, and generate samples for X1, X2, ,
X40 using a built-in function like RAND(), as Figure
1a shows. values is E(max(X1, X 2, , Xn)) = k/(n + 1). There-
Some quick calculations show that the mean fore, the nth value (that is, the maximum) has an
of these 40 experimental values is 0.559774, a expected value of n/(n + 1). Its easy to seeboth
little more than the theoretical expected value mathematically and intuitivelythat as n gets larg-
of 0.5. Weve highlighted the maximum value: er, the expected value of the maximum approaches
0.977968702. 1. This is true for the uniform distribution, which
As n gets larger and larger, we expect the ex- is bounded. For the Bernoulli distribution (where
perimental mean to get closer to the theoretical 0.5, the outcome is 1 with probability p, otherwise 0),
and the max to get closer to 1.0 (when the random the maximum also approaches 1 when p is nonzero.
variables are independent and identically distrib- For other distributions, as n increases, it might be
uted according to a uniform distribution). Specifi- the case that the expected value of the maximum
cally, for the uniform distribution, the theory of increases without bound.
order statistics tells us that the expected value of However, as n increases in the parallel case,
the kth value out of n such uniformly distributed Murphys Law (if anything can go wrong, it will)
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD ECONOMICS
10 ure shows, none vary too far from the expected value
9 of the sum
8 E ( n
i=1 )
Xi =
n
i=1
E( X i ) .
7
In this case, since each Xi is uniformly distributed
6
on [0, 1] and n = 40, this is simply 40 0.5, or 20.
5 The sums dont differ all that much from the ex-
pected value of 20. We use the coefficient of varia-
4
tion, which is the ratio of the standard deviation to
3 the mean, to characterize this. Three basic facts ex-
2 plain this phenomenon: the sum of the means is the
mean of the sum; the sum of the variances is the
1
variance of the sum; and the standard deviation is
0 5 10 15 20 25 the square root of the variance. These facts imply
that for a given random variable with mean and
FIGURE 2. Ten example sums of 40 samples taken from a uniform variance 2, its coefficient of variation is /. But
distribution on [0, 1]. the coefficient of variation of a sum of n such vari-
ables is only (1 n ) ( ). In other words, no mat-
VM-A ter how big the coefficient of variation is for each
T1 task, as n grows, the coefficient of variation of the
T4 T2 T3 T4
sum drops to 0 in the limit.
T2
Switching paradigms from math to compute
VM-B jobs, as we run more and more compute tasks se-
T5
quentially, even though each task has an uncertain
T1 T5
T3 runtime, the runtime of the total becomes more
and more predictable. There are many more combi-
(a) (b) nations where tasks running long cancel out tasks
FIGURE 3. Representation of (a) a job consisting of two completing early than there are where almost all run
tasks with precedence constraints and (b) mapping of long or almost all complete early.
the tasks on two VMs. For MapReduce jobs, where mapping tasks are
done in parallel, and then are (sequentially) fol-
lowed by reduce tasks done in parallel, a combina-
tends to hold. Even if most tasks meet almost every tion of the reduction in variability from sequential
deadline, one task running well over can cause the tasks and the increase in variability from parallel
overall job to run over. Another way to look at it is tasks occurs. In general, there are even more com-
this: Suppose each task is equally as likely to finish on plex types of formulations possible in real-world
time as to run over. If any task runs over the deadline, tasks, where a complete job comprises various tasks
the entire job does, so the only way for the entire job with precedence constraints, which must be mapped
to finish on time is if all n tasks finish on time, but onto limited resources, as Figure 3 shows. This is
the chances of that happening are 1/2n. With only 20 like a MapReduce job, where mapping must pre-
tasks, the chances of the overall job meeting its dead- cede reduction. However, in real-world applications,
line are literally less than one in a million. such as cyberphysical systems, things can get even
trickier, say, a video stream coming from an indus-
Statistics of Sums trial robot must be processed before an object can
Unlike the wide variation in Figure 1, Figure 2 be grasped, but the ability of the robot arm to move
shows 10 example sums of uniformindependent and depends on the state of a different arm thats in mo-
identically distributed random variables. As the fig- tion, and so forth.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
0.4
Such tasks face multiple challenges: selecting VMA (large)
VMB (medium)
VMs or hardware resources in a public or private VMC (small)
cloud, assigning and scheduling tasks to resources, 0.3
Probability density
determining the likelihood that the tasks will meet
a given deadline, and minimizing the jobs overall
cost. In addition, provisioning and scheduling poli- 0.2
cies need to cope with uncertainty and the variable
performance typical of cloud environments. 0.1
The tasks of which a job consists can be pro-
cessed sequentially in parallel, or in a mixed fashion.
For example, consider a simple job with five poten- 0.0
tially concurrent tasks (that is, there are no prece- 0 25 50 75 100
dence constraints) that are scheduled on two VMs Runtime of single task [min]
such that two tasks are processed in sequence on
one VM, while the remaining three tasks are also FIGURE 4. Probability density functions of a task
processed sequentially on the other VM. To evalu- runtime on three different VMs.
ate this scheduling plan at provisioning time with
respect to the job deadline, we need to estimate the
task runtimes Xi and compute the job completion responsibility. However, to mitigate these effects on
time T as a composition of these estimations; that is, mission-critical scenarios, public cloud providers
T = max((X1 + X2), (X3 + X4 + X5)). today might offer more expensive VMs with higher
If runtimes were deterministic, this would be isolation levels and more stable performance, but
simple math. However, in reality, this evaluation is even these environments arent totally determinis-
quite difficult in heterogeneous virtualized cloud tic. After all, even a VM such as this might reside
environments characterized by fluctuating perfor- in a datacenter that suffers a smoking-hole disaster.
mance and varying behaviors. These effects emerge The latest technologies, such as so-called server-
from various causes.4 One key driver is that while less computing, whereby a function doesnt con-
algorithms might perform deterministically (that sume resources until invoked, can reintroduce such
is, predictably based on their inputs) in practice they variability.
perform stochastically because their runtime is a
function of what are, for all intents and purposes, Models for Uncertainty
randomly varying inputs. Consider a big data analyt- We must consider uncertainty in evaluating job
ics algorithm such as k-means clustering. The time completion time. We can do this by modeling the job
it takes to run depends on factors such as the num- and cloud characteristics (such as task length, data
ber of observations, the position of those observa- transfer, VM speed, and network bandwidth) using
tions in a multidimensional space, and the number random variables to derive the probability distribu-
of desired clusters. Making things worse, when such tions of the task runtimes. Alternatively, we can
algorithms are moved to the cloud, additional fac- model these runtimes directly as random variables
tors such as VM colocation, noisy-neighbor prob- with their own empirical probability distributions.
lems, differing physical infrastructure environments The choice of modeling approach depends on the
such as different generations of processors or differ- knowledge of the cloud workloads and infrastruc-
ent memory configurations, VM consolidation, and ture as well as the availability of measurements ob-
migration can degrade or otherwise cause variable tained by monitoring and profiling.5 Figure 4 is an
VM performance. Similarly, network traffic, mul- example of the probability distributions of the run-
titenant resource sharing, and physical location of times of a task scheduled on three types of VM. The
communicating VMs affect the performance of the runtimes follow normal distributions with the same
network infrastructure. Performance variability and degree of variability (that is, coefficient of variation)
uncertainty are often out of cloud users control and although with different means.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD ECONOMICS
Sequential on a single VMA instance depend only on the VM type. However, although
Parallel on ve VMB instances
the overestimated completion time is the same,
as Figure 5 shows, the actual probability distribu-
tions of the job completion time are quite different.
0.15
Moreover, as previously discussed for uniform ran-
Probability density
Overestimated
completion time dom variables, as the number of tasks increases, the
0.10 coefficient of variation of these distributions tends
to decrease. Therefore, as a general result, we can
conclude that it isnt sufficient to consider only the
0.05 overestimated expected values of task runtimes
for the provisioning and scheduling of deadline-
constrained jobs.
0.00
0 25 50 75 100
Probability to Cope with Uncertainty
Job completion time A more natural and effective way to deal with uncer-
tainty is to reformulate the optimal provisioning and
FIGURE 5. Probability density functions of job scheduling problem as follows:
completion time for two scheduling plans.
minimize Expected total cost
subject to Task precedence constraints
Overestimation to Cope with Uncertainty Probability of job deadline
To cope with uncertainty, the traditional approach violation p (2)
aims to improve the likelihood of meeting the job
deadline by overestimating the task runtimes by in- The advantage of such cost-aware probabilistic for-
creasing their expected values by a given factor and mulation is to ensure with probability (1 p) that
provisioning VMs accordingly. Provisioning and the job deadline will be satisfied. This formula-
scheduling can therefore be formulated as an opti- tionjust an example of a wider class of probabilis-
mization problem as follows: tic problemstakes explicitly into account the job
completion times stochastic nature. Additional ex-
minimize Total cost amples refer to the minimization of other statistical
subject to Task precedence constraints metrics, such as the median or higher percentiles.
Overestimated completion time Moreover, the optimization problem might also in-
Job deadline (1) clude lateness penalties as additional costs.
The core of this probabilistic approach is the
For example, assuming the same cost/performance computation of the algebraic combination of ran-
ratio for the various VM types considered in Figure dom variables in accordance with the possible
4 and an overestimation factor of 20 percent, we scheduling plans. The goal is to estimate the prob-
evaluate two scheduling plans that lead to the same ability distribution of the job completion time and
overestimated completion time and cost for a job compute the expected cost and the probability of
consisting of five concurrent tasks. One schedul- deadline violation. For example, for sequential task
ing plan requires processing the tasks in parallel on processing, we obtain the probability distribution
five instances of VM-B, whereas the other requires of the job completion time as a sum of the random
sequential task processing on a single instance of variables describing the task runtimes. This re-
VM-A. Consequently, we obtain the overestimated quires computing the convolution product of their
job completion time by computing the maximum probability density functions. In general, these
or the sum of the task runtimes overestimated by computations are seldom analytically tractable, so
20 percent on each VM, respectively. Because the we must exploit numerical techniques based on
tasks have the same characteristics, their runtimes spectral methods.6
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD ECONOMICS
of FFT, J. Statistical Software, vol. 59, no. 4, Sacred Heart at Brescia, Italy. His research interests
2014, pp. 125. include cloud computing, scheduling, real-time phys-
7. M.R. Garey and D.S. Johnson, Computers and ical systems, and robotics. Della Vedova has a PhD in
Intractability: A Guide to the Theory of NP- computer engineering from the University of Pavia.
Completeness, W.H. Freeman, 1979. Contact him at ___________________
marco.dellavedova@unicatt.it.
8. J. Weinman, Cloud Computing Is NP-Complete,
working paper, 21 Feb. 2011; www.joeweinman
.com/Resources/Joe_Weinman_Cloud_Computing DANIELE TESSERA is an associate professor of com-
_Is_NP-Complete.pdf.
_______________ puter science in the Department of Mathematics and
9. Z.-H. Zhan et al., Cloud Computing Resource Physics at the Catholic University of the Sacred Heart
Scheduling and a Survey of Its Evolutionary Ap- at Brescia, Italy. His research interests include perfor-
proaches, ACM Computing Surveys, vol. 47, no. mance analysis and debugging of parallel/distributed
4, 2015, article 63. applications, performance evaluation, and workload
characterization of complex systems and services, cloud
computing, and benchmarking. Tessera has a PhD in
MARCO L. DELLA VEDOVA is an assistant profes- computer engineering from the University of Pavia.
sor of computer science in the Department of Math- Contact him at ________________
daniele.tessera@unicatt.it.
ematics and Physics at the Catholic University of the
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
I
EEE Cloud Computing magazine seeks accessible, useful Comparing applications one cloud-native and the
papers for a special issue on Cloud-Native Applications other not in terms of performance, security, reliability,
and Architecture. Many applications in enterprises are maintainability, scalability, etc.;
not able to leverage the advantages of cloud computing Cloud-native applications for various industry sectors
without a great deal of refactoring a process that is costly, (engineering, financial, scientific, health);
time consuming and often producing disappointing results. Cloud-native operating systems and databases; and
However, over the last five years we have seen cloud
New models for capacity planning and pricing inspired by
software architectures evolve that promote the design of
cloud-native architecture paradigms.
applications that, from conception to deployment, are
envisioned, prototyped and built with cloud tools and
cloud resources. These cloud-native applications are born Special Issue Guest Editors
and run in the cloud and follow new classes of design and Roger Barga, Amazon AWS
maintenance patterns. Dennis Gannon, Indiana University
Neel Sundaresan, Microsoft Corporation
The purpose of the special issue is to urge the research
community to better define and document the cloud-native
movement. Topics of interest include but are not limited to: Submission Information
Submissions should be 3,000 to 5,000 words long, with a
Frameworks to make it easier for industry to build cloud- maximum of 15 references, and should follow the magazines
native applications; guidelines on style and presentation (see https://www
________
Educational approaches and community based .computer.org/web/peer-review/magazines for full author
organizations that can promote cloud-native design guidelines). All submissions will be subject to single-blind,
concepts; anonymous review in accordance with normal practice for
The tooling to develop cloud-native applications; scientific publications. For more information, contact the guest
The role of open source for building cloud-native editors at ccm5-2017@computer.org.
_________________
applications; Authors should not assume that the audience will have
VM and container orchestration systems for managing specialized experience in a particular subfield. All accepted
cloud-native designs; articles will be edited according to the IEEE Computer Society
Cloud-native applications running in hybrid cloud or style guide (www.computer.org/web/publications/styleguide).
migrated from one cloud to another; Submit your papers through Manuscript Central at ____
https://
Efficient mechanisms to make legacy applications mc.manuscriptcentral.com/ccm-cs.Guest
______________________ Editors
cloud-native;
www.computer.org/cloudcomputing
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
nhanced living environments (ELEs) and exploitations, which can lead to life-threatening
support the seamless integration of scenarios such as incorrect medical diagnoses.4
information and communication tech- Effective ELE solutions require appropriate
nologies (ICT) within context-aware ICT algorithms, architectures, and platforms, with
homes and residences. ELE research a view toward the advancement of science in this
aims to create smart and safe envi- area and the development of new and innovative
ronments around people needing assistance, such as connected solutions (particularly in pervasive and
the elderly and people with disabilities, to help them mobile systems). Mobile platforms can now bring
maintain an independent lifestyle, reduce health the computation power made available by highly
and social care costs, and achieve improved quality advanced datacenters closer to the user. In addi-
of life and advanced autonomy, mobility, social tion, the actual interconnection between mobile
interaction, self-confidence, independence, and so- and cloud systems is possible by combining the ca-
cial inclusion. pabilities of individuals, as they interact with each
Efforts in this area are supported by optimized other, through a well-designed ubiquitous technol-
algorithms, dependable architectures, and efficient ogy. Platforms of tomorrow will benefit from this
platforms, converging to the realization of ambient combination through the help of new models for
assisted living (AAL) systems. AAL systems utilize understanding the environment (such as participa-
pervasive devices and ambient intelligence to con- tory and opportunistic mobile sensing), performing
struct smart and safe ELEs.1 Important issues relate computation (for example, mobile cloud comput-
to the missing interaction of multiple stakeholders ing), or even exchanging data via mobile ad hoc
needing to collaborate for ELEs, supporting a multi- networks. These issues are supported by intercloud
tude of AAL services. architectures and progressive integration of sparse,
Many fundamental technical issues in the ELE geodistributed resources into big datacenters,
area remain open. Starting with the infrastructure where energy-efficient message-exchanging models
used for data harvesting, a major concern for ELEs are already developed.5
is the efficient use of sensors for daily data collection, Many ELE applications are used by people with
storage, and mining. Adding human society as an- special needs (such as the elderly and people with
other dimension lets us define a new type of system, disabilities), with 24/7 continuous monitoring and
cyber-physical-social systems, where ICT (cyber), intel- control of the environment, and access to care ser-
ligent devices (physical), and human society (social) vices when needed. One important problem is the
come together to provide high-quality AAL servic- expectation and acceptance of new technologies by
es to improve users quality of life. Even if this ap- these populations. The solution is to provide trans-
proach is successfully applied at large scale in smart parent and noninvasive platforms with minimal in-
cities,2 most current efforts still dont fully take into teraction between the ICT platform and the user.
account the power of human beings and the impor- Moreover, ELE applications should be strongly user-
tance of social connections and societal activities. oriented, involve users at all stages, collect the nec-
A strong approach in building ELEs utilizes im- essary information anytime, anywhere, and provide
plantable and wearable sensors, and wireless sensor feedback to improve quality of service (QoS).
networks (WSNs) that are supported by cloud com-
puting.3 For people with disabilities or for elderly Overview of the Special Issue
people requiring constant care, the emergence of We organized this special issue in the context of the
ubiquitous computing paradigms, empowered by 5G Architectures, Algorithms, and Platforms for En-
wireless communications, plays an essential role in hanced Living Environments (AAPELE) European
providing better living environments. Cloud com- cooperation in the field of scientific and technical re-
puting has been an empowering force for this en- search (COST) Action, a wide and powerful research
deavor, albeit raising several ethical, security, and network oriented on ELE (www.cost.eu/COST_Ac-
________________
user experience issues. However, the ELE technol- tions/ict/Actions/IC1303).
________________ The goal was to bring to-
ogy and data could be vulnerable to cyberattacks gether state-of-the-art research efforts addressing
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
GUEST EDITORS INTRODUCTION
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Internet of Things
Architecture for
Enhanced Living
Environments
Stylianos Balampanis, Stelios Sotiriadis, and Euripides G.M. Petrakis
Technical University of Crete
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
resources, remote data management, easy access, services reusability, improved fault tolerance, easy
and economic benefits.1 Over the years, modular distribution of newer versions, and decoupling
servicesalso referred as future Internet2 and of services (and thus easy management). Our
IBM microservices3 have been widely used as a expectation is that decoupling the system components
component of large, complex applications to make from the application logic will offer more flexibility;
them easier to configure, monitor, and update. for example, integrating a new system will not require
Such services are available through different changes to the services internal procedures.
cloud platform providers, including IBM,4 Amazon
EC2 (https://aws.amazon.com/ec2),
__________________ and Fiware Cloud Systems
(https://account.lab.fiware.org).
___________________ Here, we focused Cloud computing systems include infrastructure and
on Fiware, which provides cloud services to build software that can be delivered in the form of remote
novel future Internet applications that use generic services on a pay-as-you-go pricing model; these
services, known also as generic enablers. Fiware cloud systems have been defined as the next step of
offers open specification for services that could be the Internets evolution. Today, another promising
used across different geographically locations and technology is edge computing, which pushes
hosted in various Fiware Lab nodes available over clouds away from their logical network, creating
the Internet.5 These services use a service-oriented fog computing.12 Fog computing expands cloud
architecture (SOA) that allows communication functionality, allowing business logic and process
based on Representational State Transfer (REST).6 management to be executed as near as possible to the
In parallel with these developments, the Internet actual data source (that is, the laptop or smartphone).
of Things (IoT) has emerged, with sensors embedded This alternative view of clouds extends services
in everyday devices to facilitate automatic monitoring to user premises and is utilized directly in users
of data produced by humans or their environment.7 personal devices. Fog computing could offer cloud
Cloud computing and IoT together offer new technology know-how for remote data storage and
opportunities for wide usage of this data, enabling management, while local data processing facilitates
the development of new applications that can impact a self-adaptive environment for data extraction
our daily lives.1,8,9 The development of applications and analysis, such as in mobile devices. In such a
using cloud resources becomes easier when we use solution, traditional legacy systems must be imported
scalable storage, which can increase capacity and to the cloud infrastructure and interoperate in both
performance by dynamically adding new storage local and remote clouds. To achieve this, users
nodes; the high bandwidth data transmission speed software and APIs must communicate successfully
and real-time analysis makes it even more attractive. and understand the new system constraints.
Here, we propose a generic IoT architecture and The SOA offers a paradigm to develop cloud-
present a motion-sensing cloud service to monitor based software modules to meet these Internet cli-
patients movement. The fundamental idea is that, by ent needs.13 Using an SOA, developers could achieve
placing such sensors in enhanced living environments a high level of system granularity by supporting the
(ELEs), we can offer patients protection from exchange of information among services.14 How-
accidents (such as falls) and let caregivers monitor ever, existing services generated from traditional
patients remotely. In particular, the caregivers can systems are monolithic and difficult to interoper-
monitor patients as well as create and monitor ate with because they sometimes use heterogeneous
predefined movements for patients in rehabilitation. APIs, hypervisors, and communication protocols.
Our work was motivated by an existing motion It therefore becomes essential to focus on integrat-
sensor data collection system,10,11 which collects data ing solutions that serve as interoperation strategies
according to an event-based architecture that includes for allowing service communicationespecially for
constant updates for patients who might need help. services that have already been defined in business
To implement the service, we use the RESTFul processes. This effort includes evolving SOA Web
architecture deployed on the open source OpenStack services, simplifying heterogeneous services so they
cloud system. Our systems advantages include can be more easily reused.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
IoT Complex
connectivity event processing
Sensor Protocol
adapter
Publish/subscribe Users/developers
Application logic context broker
User
Sensor data
collector
FIGURE 1. The reference architecture for a generic service-oriented architecture (SOA) system that includes data collection from
Internet of Things (IoT) devices. The services are divided over four main domains: producers, front end, back end, and consumers.
Proposed Solution tients can be billed for the time periods in which
In this article, we focus on the remote monitoring of the application is in use.
two types of patients: those who are hospitalized and
those who are in rehabilitation at home. Our proposed We expect that the proposed architecture will
solution intends to facilitate the work of caregiving enhance personalization of care management based
personnel by allowing remote monitoring, while on the specific characteristics of patient profiles.
improving the quality of life and daily life of patients. It will provide a flexible architecture for analyzing
Continuous monitoring of an ELEthat is, the various data from multiple sources and actors, and
patients home or hospital roomwill offer significant allow risk stratification for specific patients and their
advantages, such as enhancing patient security and conditions. We further expect that it will facilitate
helping staff members perform their tasks more comprehensive and improved therapy treatment
efficiently. Also, it can reduce hospitalization costs as coordinated by informal caregivers based in the
fewer staff members are required. home environment. Such systems can increase
Our cloud monitoring system uses a motion patients autonomy and confidence in complying
sensor device (Microsoft Kinect; https://developer
___________ with therapy, improve self-management of their
.microsoft.com/en-us/windows/kinect) that can be condition with the help of informal caregivers, and
placed in the patient area and interpret patient reduce patients dependency on therapy. As a result,
movements. The solution has several advantages: our system will reduce the need for patients to
organize and attend face-to-face appointments with
It can increase profits for the ELE (that is, for doctors and could reduce the amount of medication
hospitals or physicians) by minimizing the need and the number of sick days.
to constantly monitor patients, thus serving
more patients in an automated way. Conceptual Model
Patients feel safe, as the monitoring is continu- The SOA-based conceptual model involves different
ous and real-time data is collected and evaluated cloud service providers that develop modules, each
by the system, which notifies physicians in case following its own development principles and tools
of emergency. (such as operating system, programming languages,
Doctors can receive periodic updates on and natural resources). Figure 1 shows a generic SOA
patients progress and choose which patients for collecting IoT data and forwarding it to the cloud
and features require dynamic monitoring. system.10 The reference architecture represents a
It reduces costs for the hospital, personnel, and model of groups of services that are divided over four
cloud infrastructure maintenance; it can also main domains: the producers, front-end, back-end,
offer additional economic benefits, in that pa- and consumers.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
As the figure shows, the producers are sensor The complex event processing and publish/subscribe
owners that generate data in intervals. The front- context broker modules are based on Fiware
end is a gateway that acts as a mediator between the services (http://catalogue.fiware.org/enablers). The
producers and the back-end for data exchange. The identity management module uses Fiwares KeyRock
back-end system includes general services for user authentication service for application users and
authentication, data context subscription, storage, event developers who access services through REST APIs.
and system management, using standards, controls, and
conditions to transfer information on individual services Motion Sensors in ELE Using Cloud
and orchestrate the services business intelligence. Computing
Finally, the system consumers are either users or other The service-centric architecture is based on the
applications that subscribe to the data. The architecture idea that any complex problem can be solved
is based on software modules that operate on the cloud. optimally and effectively if its divided into smaller
The architecture includes eight modules: parts. Our architecture comprises a flexible set of
design principles and services that communicate
IoT connectivity/protocol adapter. The IoT with each other and can be used in multiple
connectivity software module is responsible for systems from several business areas. Its advantages
connecting the sensor with the future Internet include reusable services, faster and more efficient
application components. It uses the protocol debugging, quicker distribution of new products,
adapter to adapt the connection to the specific and applications and services that arent bound by
connectivity protocol (such as Bluetooth).15 the system, but can be modular. As discussed earlier,
Sensor data collector. This module collects the the proposed system involves information producers,
sensor data and forwards it to the cloud. It also including the sensors that produce data and users
converts data into the desired form (that is, who interact with the producers and the user
JavaScript Object Notation). interface (front-end) where data collection occurs.
Connectivity service. This module establishes a The system is implemented using Microsoft
connection between the front- and back-ends, so Kinect, which lets us determine the position and
data collected by the sensor data collector can movements of users. Specifically, the data is provided
be transferred to the application logic module as a set of points that comprise the human skeleton.
for processing. This lets us record 20 joints of the human body
Complex event processing. This module analyzes (the wrist, knee, and so on) while the overall frame
complex conditional events to aid decision indicates the users attitude and position. For each
making. It processes custom event patterns and of our points, the coordinates are given in 3D form.
then, based on specific user-defined conditions, In particular, the variable X represents the position
decides the datas flow. or displacement of the user on the horizontal x-axis;
Cloud storage. This module is responsible for Y indicates the users position on the vertical y-axis;
storing and retrieving data from a database. and Z represents the users distance from the sensor.
Its main functionalities are offered as a REST
API to make storing and retrieving data easy for System Description
developers and others stakeholders. The system includes three main sections: the user in-
Application logic. This module is application terface (front-end), system management (back-end),
specific and encapsulates the business logic of and the users. The user interface includes the Mi-
the future Internet application as it handles and crosoft Kinect sensor and the device thats connected
processes sensor data. It uses the complex event to the Internet for collecting and decoding the sen-
processing module for decision making and the sor data. The interface allows data forwarding to the
cloud storage module for storing and retrieving cloud in real time. A system administrator can insert
sensor data; it then sends its results to the and remove sensors from the system and save patient
publish/subscribe broker. information.
Publish/subscribe context broker. The publish/ The back-send system management section con-
subscribe context broker receives the results of sists of general-purpose services for processing and
the application logics sensor data processing storing data transported from the Kinect sensor to
and publishes them. The context brokers role is the cloud. More specifically, the services include
to publish context to subscribers. Orions publish/subscribe context broker generic
Identity management. This module handles user enabler and JSONs storage generic enabler, which
authentication and access authorization. include rules for managing user subscriptions and
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
Back-end
Store
Application
logic
Retrive
Context
updates
KeyRock identity
management
generic enabler
Users
Application
FIGURE 2. The proposed system architecture. The service-oriented system uses the Microsoft Kinect sensor to
collect data from Internet of Things devices in the enhanced living environment (ELE).
storing information and data, respectively. In addition, The users have access to the application with
this section contains the authentication mechanism their personal details. The KeyRock service
for the user entering the applicationthat is, the identity management generic enabler is
KeyRock identity management generic enabler. Final- responsible for user registration and access.
ly, in the user section, medical personnel can use the The user in the application environment can
system logic (application logic) to set conditions and request assistance from the context broker
rules of the result produced by the application. generic enabler or request his or her patient
Figure 2 shows the system architecture. The user history and data collected from the JSON
interface allows sensor installation. System manage- storage generic enabler.
ment is responsible for managing and processing data After each request for assistance, the context
in the cloud, as well as for communication between broker generic enabler service returns a
modules and the application logic; and the users set unique identifier (subscribe ID) so the system
conditions on the application. recognizes the room being monitored.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Hospitalized Patient Scenario acceptable) and registers the values in the system.
This scenario applies the system motion sensor in a The patient can then use Microsoft Kinect to
hospital ELE. Initially, medical personnelthat is, perform the exercises at home.
members of the nursing staffhave administration The doctor can monitor the rehabilitation
rights and place Kinect sensors in specific places recovery process remotely based on records of the
in front of patient beds. They configure the patient patients movement history and the time incurred. The
profile for each sensor with basic information, efficient use of the system will make the transactional
including the patients name and room number. aspects of healthcare more productive by monitoring
The sensors provide continuous information as to patient status, activity, and compliance with therapy.
whether the patient should be in the bed and whether The proposed model is expected to provide improved
they need help with basic tasks. Applying the motion therapy treatment coordinated by informal caregivers
sensor solution lets a few nurses and doctors monitor and based in the home environment.
many patients while improving efficiency and the As in the first scenario, we exploit the dynamic
quality of the patients care experience. recording of the skeleton by tracking information
The implementation of this scenario includes in- for recognizing movements. We place the sensor
stalling the sensor and characterizing the body parts at a distance of more than 1 meter away to receive
that produce the essential information being record- the most accurate results. In this case, the selected
ed. For example, we can place the motion sensor in values relate to the position of the injured ankle.
front of the patient; the sensor then starts monitor- Initially, the user must have the leg on the ground,
ing the patients movements and notifies medical and the exercise includes a check of the position
personnel accordingly. Microsoft Kinect can record translated to the leg height (which has been set by
the frame of the human skeleton and track patient the physician). According to this position, the user
actions by recognizing 20 joints in the human body. is informed as to the maximum exercise height at
The sensor placement point is decided based on the which to move the injured leg.
sensor configuration; Microsoft Kinect operates Familiarization with the system technology
most accurately when its at a distance greater than is expected to increase patient autonomy and
1 meter away from the patient and less than 2 meters confidence in complying with the therapy, improve
away. We therefore decided on the sensors position self-management of the target condition with the
in front of the patients bed. help of informal caregivers, and reduce the patients
We monitor the patients left and right shoulders dependency on therapy. We plan to design the
to identify if he or she wants to get out of the bed. system further to consider multichannel information
These two values are required for preforecasting the on the specific patients condition and thereby to
effort to get the patient from either the right or the encompass a holistic view of the patients health
left side of the bed. We set an upper limit threshold status for formal and informal caregivers.
on these values; if the limit is reached, the applica-
tion notifies the medical personnel to intervene di-
rectly. In the second case, where the patient asks for ur goal is to facilitate quality healthcare ser-
help, the system identifies the position of the wrist. vices while simultaneously helping to reduce
In particular, in cases in which a patient needs help, the costs of healthcare, with patients spending less
he or she raises a hand. The system compares the time in the hospital and yet continuing to generate
wrist position to the set limit; once that is exceeded, detailed health data. We expect that this will let
the alert appears as a request for assistance and a no- caregivers react more quickly to the medical emer-
tification is submitted to the medical personnel. gencies of elders and let all patients better self-man-
age their own health and wellness in ELE.
Rehabilitation Scenario An important part of the system proved to be
The second scenario focuses on a user rehabilitating the use of general-purpose services. As cloud tech-
from a knee injury at home and while being nology advances, adequate space and appropriate
monitored by a physiotherapy center. In this case, tools will mean that more and more applications will
the system administrator sets up the system, be developed. Our proposed system supports future
activating the sensor system with a unique code and expansion and the addition of functionalities to meet
arranging the patients furniture. The administrator peoples daily needs. As a future part of its devel-
is also responsible for providing the patient with opment, we plan to dynamically add new motion
exercises and instructions for doing them (that is, sensors, including sensors for measurements such
which movements to do and which thresholds are as heart rate and pulse to allow more sophisticated
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
patient monitoring. We also aim to explore different 12. Fog Computing and the Internet of Things:
aspects of the system performance related to network Extend the Cloud to Where the Things Are, white
delays andthe accuracy of sensor data collection with paper, Cisco Systems, 2015; www.cisco.com/c/
regard to high-bandwidth dataflows. dam/en_us/solutions/trends/iot/docs/computing
________________________________
-overview.pdf.
_________
References 13. J. Bih, Service Oriented Architecture (SOA) a
1. A. Castiglione et al., On Secure Data New Paradigm to Implement Dynamic E-Business
Management in Health-Care Environment, Solutions, Ubiquity, Aug. 2006, article 4; ____ http://
Proc. 7th Intl Conf. Innovative Mobile and ubiquity.acm.org/article.cfm?id=1159403.
Internet Services in Ubiquitous Computing 14. S. Sotiriadis et al., An Architecture for
(IMIS 13), 2013, pp. 666671. Designing Future Internet (FI) Applications
2. A. Botta et al., On the Integration of Cloud in Sensitive Somains: Expressing the Software
Computing and Internet of Things, Proc. Intl to Data Paradigm by Utilizing Hybrid Cloud
Conf. Future Internet of Things and Cloud Technology, Proc. 13th IEEE Intl Conf.
(FiCloud), 2014, pp. 2330. BioInformatics and BioEng. (BIBE 13), 2013;
3. V. Gucer and S. Narain, Creating Applications doi:10.1109/BIBE.2013.6701578.
in Bluemix Using the Microservices Approach, 15. FIWARE Architecture Description IoT Gateway
IBM, 2015; www.redbooks.ibm.com/Redbooks. Device Management, specification, Fraunhofer
nsf/RedbookAbstracts/redp5271.html.
_________________________ Institute for Open Communication Systems
4. S. Daya et al., Microservices from Theory to FOKUS, 2012; https://forge.FIWARE.org/plugins/
Practice: Creating Applications in IBM Bluemix mediawiki/wiki/FIWARE/index.php/FIWARE
________________________________
Using the Microservices Approach, IBM, 2015; . A r c h i t e c t u r e D e s c r i p t i o n . I oT. G a t e w a y
________________________________
w w w.redbooks.ibm.com/abstracts/sg248275 .DeviceManagement.
______________
.html?Open.
________
5. K. Stravoskoufos et al., IoT-A and FIWARE: STYLIANOS BALAMPANIS is an undergraduate
Bridging the Barriers between the Cloud and student in the School of Electronic and Computer
IoT Systems Design and Implementation, Proc. Engineering at the Technical University of Crete
6th Intl Conf. Cloud Computing and Services and a member of the Intelligent Systems Laboratory.
Science (CLOSER 2016), 2016, pp. 146153. His research interests include cloud computing and
6. M. Mass, REST API Design Rulebook, OReilly Internet of Things as well as Fiware systems and
Media, 2012. modeling novel future Internet applications. Contact
7. T. Lynch Koreshoff, T. Robertson, and T. Wah him at ________________
sbalampanis@gmail.com.
Leong, Internet of Things: A Review of Literature
and Products, Proc. 25th Australian Computer- STELIOS SOTIRIADIS is a research fellow in the
Human Interaction Conf.: Augmentation, Department of Electrical and Computer Engineering
Application, Innovation, Collaboration (OzCHI at the University of Toronto and a research collaborator
13), H. Shen et al., eds., pp. 335344. at the Technical University of Crete, where hes a
8. J. Gubbi et al., Internet of Things (IoT): A Vision, member of the Intelligent Systems Laboratory. His
Architectural Elements, and Future Directions, research interests include clouds, Internet of Things,
Future Generation Computer Systems, vol. 29, future Internet application development, interclouds
no. 7, 2013, pp. 16451660. and cloud federations, high-performance computing
9. A. Castiglione et al., Cloud-Based Adaptive systems, and grids. Sotiriadis has a PhD in interclouds
Compression and Secure Management Services from the University of Derby, UK. Contact him at
for 3D Healthcare Data, Future Generation s.sotiriadis@utoronto.ca.
________________
Computer Systems, vol. 43, issue C, Feb. 2015,
pp. 120134. EURIPIDES G.M. PETRAKIS is a professor
10. A. Preventis et al., Interact: Gesture Recognition and laboratory director of the Intelligent Systems
in the Cloud, Proc. IEEE/ACM 7th Intl Conf. Laboratory, which is a unit of the School of Electronic
Utility and Cloud Computing (UCC 14), 2014, and Computer Engineering at the Technical
pp. 501502. University of Crete. His research interests include
11. A. Preventis et al.,Personalized Motion Sensor clouds, Internet of Things, future Internet, semantic
Driven Gesture Recognition in the FIWARE Web, medical information systems, and multimedia
Cloud Platform, Proc.14th Intl Symp. Parallel and Web information systems. Contact him at
and Distributed Computing,2015, pp. 1926. petrakis@intelligence.tuc.gr.
__________________
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Intelligence in
the Cloud
Submission deadline: 1 May 2017 Publication date: November/December 2017
A
rtificial intelligence (AI), since its birth in 1950s, has and applications for intelligence in the cloud with special
been heralded as the key to our civilizations brightest focus on, but not limited to, the following topics:
future. To pursue the vision of AI, various machine
learning approaches (for example, deep learning, supervised new distributed architecture for machine learning;
learning, unsupervised learning, reinforcement learning, and new machine learning engines in the cloud;
so on) have been proposed and a few have actually been analytics architectures, frameworks, and models for
developed and deployed in the market. The recent hype complex intelligent systems;
around big data has enthusiastically renewed the call and intelligent cloud applications or services such as intelligent
focus for advanced machine learning technologies to extract traffic, intelligent buildings, intelligent environments,
knowledge from large data pools. With its rich resource intelligent businesses, and so on;
provisioning, cloud computing is widely regarded as an ideal cloud resource allocation and optimization through
platform to facilitate resource-intensive machine learning so as machine-learning algorithms;
to enable intelligence in the cloud. Integrating intelligence into
machine learning for cloud resource management;
the cloud is without doubt a promising development trend to
both cloud computing and AI. combining human and machine intelligence in the cloud; and
security and privacy issues for intelligent systems in the cloud.
We are still at the early stage of integrating intelligence into
the cloud. Toward this exciting future, the path still entangles
many critical challenges in different aspects.
Special Issue Guest Editors
Song Guo, The Hong Kong Polytechnic University,
At the application layer, cloud-based efficient and powerful AI Hong Kong
techniques are highly in demand that target various applications Victor Leung, University of British Columbia, Canada
such as natural language processing, stock analysis, medical
Xin Yao, University of Birmingham, UK
diagnosis, intelligent industry control, intelligent transportation,
and scientific discovery.
Submission Information
At the platform layer, while intelligence has been deployed
Submissions should be 3,000 to 5,000 words long, with a
(for example, Sparks scalable machine learning MLlib and
Googles cloud machine-learning framework TensorFlow) maximum of 15 references, and should follow the magazines
new machine learning engines are expected for emerging guidelines on style and presentation (see ________
https://www
computing frameworks (for example, the dataflow computing .computer.org/web/peer-review/magazines for full author
model HAMR). guidelines). All submissions will be subject to single-blind,
anonymous review in accordance with normal practice for
At the infrastructure layer, new cloud computing architecture scientific publications. For more information, contact the
and resource scheduling strategies are required to support guest editors at ccm6-2017@computer.org.
_________________
computation-intensive and IO-intensive machine learning Authors should not assume that the audience will have
algorithms. How to configure cloud computation, storage, and specialized experience in a particular subfield. All accepted
networking resources for fast, efficient, and scalable machine articles will be edited according to the IEEE Computer Society
learning must still be addressed.
style guide (www.computer.org/web/publications/styleguide).
The goal of this special is to seek original articles examining Submit your papers through Manuscript Central at https://
____
the state of the art, open research challenges, new solutions, mc.manuscriptcentral.com/ccm-cs.
www.computer.org/cloudcomputing
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
A Tensor-Based Big
Service Framework
for Enhanced Living
Environments
Xiaokang Wang, Laurence T. Yang, Jun Feng, and Xingyu Chen
Huazhong University of Science and Technology
M. Jamal Deen
McMaster University
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
e
ica
ac
starting point of our research. From a service per-
sp
Cloud
ls
spective, a comprehensive analysis about big data
al
pa
computing
ci
ce
So
integration, processing, and analysis in the cloud
is essential to provide predictive high-quality ser-
vices in ELEs. Figure 1 illustrates the relationships
among CPSSs/ELEs, big data, and cloud computing. FIGURE 1. Relationship among cyber-physical-social
Large-scale, multisource, heterogeneous data systems (CPSSs), big data, and cloud computing. Big
are collected in CPSSs from a diversity of devices, data are collected from these three spaces, which will
such as sensors, smartphones, and RFID tags. These be processed in the cloud.
data are high dimensional, redundant, and noisy, re-
sulting in unprecedented challenges for providing
big services in ELEs. Open questions include: decomposition (HOSVD) method (see the sidebar for
a review of work in this and other related areas).
How can we represent the relationships be- Two important functionsglobal tensor inte-
tween people and people, people and things, and gration and its processingare accomplished in the
things and things? cloud plane. We use the high-quality local tensors
How can we accurately model objects such as submitted to the cloud plane to construct a global
smartphones and cameras? tensor model, which contains the global connected-
How can we effectively analyze big data to ob- ness relationships in global CPSS. To extract high-
tain high-quality data? quality global data, we use distributed HOSVD
How can we detect community structures for (DHOSVD) and its incremental HOSVD (IHOSVD)
developing services? computation.
Practical CPSS services are provided in the ap-
To tackle these problems, we propose a tensor- plication plane. Here, we use the high-quality global
based framework for efficiently providing big ser- tensor for various applications according to the re-
vices based on big data integration, processing, and quirements of the concrete CPSS cases and sce-
analysis for ELEs. To improve processing perfor- narios.3 Existing algorithms should also be improved
mance, the framework uses distributed incremental and then used to provide high-quality services.
methods.
Data Representation and Reduction in the
Overview of the Big Service Framework Sensing Plane
Figure 2 gives an overview of the three planes In a CPSS, objects, cyberactors, and humans are
sensing, cloud, and applicationof the proposed referred to as objects.1 Accurately establishing re-
tensor-based big service framework, which forms lationships among the various types of objects is a
the basis for CPSS applications and services. challenge in these systems. In this article, we use a
Two main tasksdata representation and its ini- high dimensional tensor model to represent connec-
tial cleaningtake place in the sensing plane. We use tions between objects. We developed a three-order
Ii I i I
a local tensor model to represent the connectedness local tensor mode A i R object1 object 2 time to represent
relationships of objects in the local CPSS. To imple- the relationships of the objects in the ith local
i
ment the initial cleaning, such as noise and redun- CPSS, where the first order Iobject 1 , second order
i
dancy reduction, we use the high-order singular value Iobject2 , and third order Itime refer to the objects in
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
4. Next, the resulting unfolding matrices on every the p cores distributed system is realized using the
order of 2p subtensors are shifted a step fol- round-robin method. The same operation is carried
lowing the round-robin process and steps 2 and out on the produced matrix Vn, 1 n N. After
3 are repeated in every core until all columns the computational process converges, we obtain the
are orthogonalized once (which is also referred HOSVD of tensor A by integrating the results from
as a sweep). After each sweep, the master node every core along each order.
checks whether the computational process is
completed by the convergence condition. If not, Possibilities and Challenges in the Application
the process is returned to step 2 and repeats. Plane
5. After the computational process is finished, the In the application plane, we use the extracted high-
HOSVD of tensor A0 will be obtained by inte- quality data in various algorithms, such as cluster-
grating the results from every core along each ing, multi-aspect predication, association analysis,
order. and deep learning, to provide high-quality services
for humans in CPSSs. For example,
an application in a smart home might
monitor a child to protect him or her
To support proactive, high-quality from dangerous objects such as an elec-
trical socket or electric cooker in the
services to ELEs, we must address kitchen. If the child is monitored in the
same community structure with other
several important challenges. dangerous objects, the protective strat-
egy is carried outfor example, a warn-
ing message will be sent to the childs
parents smartphones.
Next, suppose the HOSVD of the tensor To support proactive, high-quality services to
A0 RI1I2IN , including Un0 , Vn0 , and Sn0 , where ELEs, we must address several important challeng-
1 n N, has been obtained, and a new tensor es in this planefor example, how can we perform
A+ RI1 I2 IN is updated onto the tensor A0 along
+ + +
data fusion, and how can we design efficient appli-
a certain order such as the first order, resulting in cation algorithms used in CPSSs to support practi-
tensor A. The new tensor A+ is unfolded along every cal applications?
order to obtain the unfolding matrices A(+n) , 1 n
N, and then the matrix Bn is constructed as Case Study
We use a mining application in a typical CPSSa
Bn = Un0Sn0 A(+n) , 2 n N. (3) smart hometo illustrate the proposed big service
framework for ELEs. The case study uses 10 objects
The other constructed matrix Vn is obtained as for each of three families: child, father, mother, fa-
0 thers smartphone, mothers smartphone, TV set,
Vn = n
V 0
, 2 n N (4) electric cooker, electric lamp, table, and computer
0 En (or PC). The objects are represented as ai, bi, ci, 1
In other work, En is an identity matrix with the same i 10, respectively. For example, the objects of the
number of columns as matrix A(+n) .5 Since the tensor first familychild a1, father a2, mother a3, fathers
is incremented along the first order, the produced smartphone a4, mothers smartphone a5, TV set a6,
matrices electric cooker a7, electric lamp a8, table a9, and
computer a10 belong to the physical space. The
T
( )
B1 = V10S10 A(+1)
connection between two computers or smartphones
through social networking applications (such as We-
and Chat, Facebook, or Twitter) illustrates the relation-
0 ships in the social space. These connections are also
V1 = 1
U 0
realized in cyberspace. We collected, represented,
0 E1
and initially processed the relationships in differ-
ent families, which can be considered different lo-
are different.5 For every specific order, the produced cal CPSSs, and composed the corresponding sens-
matrix Bn, 1 n N, is divided into 2p submatri- ing plane. Then, we used the data to integrate the
ces, and orthogonalization of the 2p submatrices in global tensor in the cloud plane. Finally, we used the
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
Family 1 Family 2 Family 3 relationship among these three families at times t4,
t5, and t6 (Figure 4). We represent the relationship as
+
6 5 7 3 5
1 5 A+ = RIobject1Iobject 2Itime , where Itime
+
= (t4 , t5 , t6 ) , and, as
2
t4 1 2 3 10 10 8 9 7 in the previous discussion about the first and second
1 8 3
4 7 9 10
4
order of the global tensor, the first and second
4 2 order (Iobject1, Iobject2) of the incremental tensor also
represent all the objects in the global CPSS in this
case study.
1 2 4 4 2 1 4 2 1
6 By integrating the connection condition of the
8 9
t5 3 6 3 6 5 3 following time along the time order Itime, we generated
5 10
5 a new tensor model,
10
Iobject1Iobject 2( Itime + Itime
+
)
AR ,
4 9 4
2 4
8
2 1 8
t6 8 10
10 2 where the first order Iobject1 and the second order
10 9
9 Iobject2 represent all the objects in the global CPSS,
and the third order ( Itime + Itime ) = (t1, t2 , t3 , t4 , t5 , t6 ) .
1 3 5 5 3 1 +
5 3
We then performed IHOSVD on tensor A, with
Figure 5b showing the resulting updated community
FIGURE 4. Visualization of the connection relationships structure. Using trigonometric functions, we could
among the three families at incremental times t4, t 5, find 1 > 2. Using a viewpoint proposed elsewhere,6
and t6. we explore the hidden information by comparing
Figures 5a and 5b. There, its shown that the
connection times among the three families are
increasing, a result consistent with a comparison of
S = A1 1U1T 2U2T 3U3T , Figures 3 and 4. Furthermore, the child and father
A 1 = S 1U1 2U2 3U3 , (5) in the second family always use the PC while the
table and lamp are in use. According to the explored
where U1 RI1II2I3 refers to the left singular value hidden information, several proactive high-quality
matrix of the first order unfolding matrix A1. The ar- services, such as several recommendation services
rays X = (x1, x2, , xi, , x30) and Y = (y1, y2, , yi, based on hobbies, will be provided in the global
, y30), where 1 i 30, represent the first and sec- CPSS. For example, if the corresponding hardware
ond column of the left singular value matrix U1. Ac- is available, hot water or fresh fruit can be actively
cording to the latent semantic analysis approach pro- provided to the child and father in the second
posed elsewhere,6 the ith object, where 1 i 30, is family, who are focusing on the PC screen for a
represented by (xi, yi), which is mapped to a plane in long time.
Figure 5a. The community structure of the global
CPSS, including the three families in Figure 3a, is
detected and shown in Figure 5a. The five objects n the future, well focus on improving the effi-
in the black ellipse, which are some of the objects ciency of the distributed HOSVD, related data
of the second familynamely, child (b1), father fusion methods, and related application algo-
(b2), lamp (b8), table (b9), and PC (b10)construct rithms. Well also refine the framework to make
a community structure. From Figure 3, we could sure it can be applied in more complex enhance
find that the child (b1) and father (b2) of the sec- living environments.
ond family always connect with the computer (b10)
except at dinnertime. Also, the lamp (b8), and table References
(b9) near the computer are always on when theyre 1. J. Zeng et al., A Systematic Methodology for
using the computer. Augmenting Quality of Experience in Smart
Space Design, IEEE Wireless Comm., vol. 22,
Incremental Updating of the Detected no. 4, 2015, pp. 8187.
Community Structure 2. P. Barnaghi et al., Physical-Cyber-Social Com-
We used the IHOSVD method in the cloud plane to puting: Looking Back, Looking Forward, IEEE
efficiently update the detected community structure Internet Computing, vol. 19, no. 3, 2015, pp.
in the CPSS. We investigated the connection 711.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Privacy: Only the people with the right creden- and wireless communications have led to a new gen-
tials can access confidential information. eration of wireless sensor networks, known as body
Integrity: The information stored in the cloud area networks (BANs).3 These networks are formed
shouldnt be altered. by lightweight, low-power, interoperable, and smart
Availability: The information must be available wearable nodes, mainly dedicated to healthcare
at the moment its required so the right deci- monitoring applications. These applications aim to
sions can be made as soon as possible. ensure continuous monitoring of vital parameters,
without constraining the wearers activities, there-
Conventional fault-tolerance and information- fore providing higher healthcare quality since exist-
security solutions cant be applied directly to man- ing health-monitoring systems lack the capability of
age ELEs because such solutions are application real-time remote diagnosis and onsite treatment,4
or domain specific and require a certain amount of and early sensing, monitoring, and diagnosis are
computational power that might not be available for essential to delivering high-precision treatments in
small wearable devices. Hence, we require a more time. The wearable nodes measure, process, and
general architecture thats open and secure and can transmit physiological signals to a hub and then to
tolerate all types of ELR threats.1 the Internet so caregivers can access the data col-
lected in a health server for real-time diagnosis to
Supporting Technologies trigger the appropriate treatment procedures.
In this section, we provide the required technologies BAN technology could potentially revolutionize
for building resilient and secure cloud services for healthcare delivery by enabling applications such as
ELEs including medical devices and the required ubiquitous health monitoring and emergency medi-
communication technologies. cal response. Because BAN applications deal with
sensitive medical information, they have significant
Medical Devices security and safety implications, such as hardware
According to the US Food and Drug Administration, failures, software errors, and cyberattacks that un-
medical devices include any component used for the dermine their trustworthiness.3 To develop and
diagnosis, cure, mitigation, treatment, or prevention implement reliable healthcare systems, we must ad-
of disease or other conditions, or to affect the struc- dress several challenges.
ture or any function of the human body or that of Because BAN sensors are constrained in terms
other animals.2 Medical devices range from simple of computing, storage, and power, communication
tongue depressors to complex programmable pace- protocols, fusion algorithms, and BAN control and
makers with microchips,2 and are classified accord- management methods must be optimized to work
ing to potential human safety risk. Low-risk devices, with them. In addition, security, privacy, and integrity
such as tongue depressors, are classified as class I; of BAN resources and information are critical since
class II includes high-risk medical devices such as attackers can maliciously stop the operations of the
wheelchairs; and class III is reserved for invasive de- sensors, change their data, and prevent them from
vices with significant risk, where neither general nor transmitting information. This can mislead caregivers
special control is enough to guarantee safety and ef- and medical staff and endanger a persons life. Finally,
fectiveness (for example, cardiac pacemakers).1,2 advances in IoT, cloud computing, and wearable tech-
Wearable technologies available in the market nologies used to deliver 24/7 remote monitoring, diag-
monitor body temperature, pulse rate, respiration nosis, and treatment also introduce insecurities.
rate, blood pressure, and so on. They send this in-
formation to a hub, usually a smartphone or other Cloud Computing
mobile device (Microsoft Band, Samsung gear, Apple The US National Institute of Standards and Tech-
watch, and so on; see http://vandrico.com/wearables). nology defines cloud computing as a model for en-
abling ubiquitous, convenient, on-demand network
Body Area Network and Healthcare Systems access to a shared pool of configurable computing
Advances in biomedical sensors, low-power circuits, resources (for example, networks, servers, storage,
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
applications, and services) that can be rapidly pro- affect their safety, money, and reputations. Counter-
visioned and released with minimal management attacks include strong authentication, encryption,
effort or service provider interaction.5 Thus, cloud packet filtering, and IDS/IPS.
computing represents a viable way for accessing Implantable and wearable medical devices
information/computation anywhere and anytime (IWMDs) are another potential point of failure.
as a utility. Cloud computing provides support for Attacks on IWMDs, which include cardiac moni-
applications, including power grids, mobile com- tors, pacemakers, drug diffusors, fall detectors,
munications, transportation, real-time and critical and blood pressure monitors, target human safety,
applications (such as medical services), and liv- money, trustworthiness of medical devices, battery,
ing environments. Even though cloud computing and so on. Solutions include authentication, en-
provides many benefits, it also entails potential cryption, runtime-anomaly detection, and behavior
threats, especially in healthcare due to the infor- analysis methods.
mations sensitivity. Finally, attacks can be launched against cloud
computing and medical application services. Attack-
Wireless Networks ers mainly target information on ELE wearable/im-
A wireless network is the most common means of plantable devices to gather money or threaten safety.
communication used by an ELE.6 The Wi-Fi protocol Encryption, authentication, session identifiers, IDS/
(IEEE 802.11) declares physical and data link layer IPS, selective disclosure, and data distortion should
specifications to use a specific set of frequency bands be applied to mitigate such security concerns.
for wireless local-area networks (WLANs). Even
though IEEE 802.11 has been revised and upgraded Proposed Architecture
over the years, it remains vulnerable since the 802.11 Weve developed an architecture to provide a secure
MAC header is sent over the network unprotected. and resilient ELE. Our architecture uses cloud ser-
Moreover, its easy accessibility and wireless nature vices to collect and analyze data about the environ-
make it difficult to prevent and/or stop attacks. ment and an individuals wellness condition.
Figure 1 shows the architectures main compo-
ELE Threat Model nents. Cloud services handle cloud-based medical
The increasing number, complexity, heterogeneity, data repositories and perform continuous monitor-
and interoperability of interconnected devices, as ing. Our architecture divides the lowest-level ele-
well as the increasingly sensitive data transmitted, ments, ELE end nodes, into two groups: elements in
make ELEs an attractive target for attackers. To the smart environment, such as sensors and actua-
better understand the cybersecurity implications of tors in the smart home, and elements that monitor
ELEs, we need a threat model to analyze the secu- the persons instant wellness condition (IWC), such
rity problem, design mitigation strategies, and evalu- as cardiac pacemakers. ELE end nodes collect the
ate solutions. The general steps for building a threat required information and transmit it to the control-
model are as follows: ler (for example, Arduino or a mobile device) over a
local network. This information is then sent to the
Identify attackers, assets, threats, and components. gateway (such as Raspberry Pi). The next level is a
Rank the threats. network layer between the end nodes and the cloud.
Choose mitigation strategies. Since the network layer is used to ubiquitously mon-
Build solutions based on the strategies. itor and control the ELE, authentication is the major
concern. Therefore, we apply multilayer authentica-
We present an ELE threat model for different tion, including biometrics and cross-domain single
ELE components to increase our understanding of sign-on (SSO), to prevent unauthorized access to
the security needs. the system. The third level corresponds to cloud ser-
ELE devices, such as sensors and actuators, can vices, which continuously store information about
impact human safety, energy, money, time, and so the person and the smart infrastructure. The system
on. Mitigation approaches include lightweight en- analyzes this data to provide comprehensive per-
cryption, sensor authentication, intrusion detection sonal healthcare and determine the current state of
and prevention services (IDS/IPS), antijamming, the ELE. Therefore, to successfully operate ELEs,
and behavior analysis. a cloud computing system must offer resiliency, pri-
Network failures include router or firewall pen- vacy, integrity, and availability. The architectures
etration. Attackers that obtain access to the network final level is the applications. A user might be inter-
can get personal information about users, which can ested in sending health information to the cloud at
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Internet
Access Secure
control gateway
Local
network
Controller Controller
Non-IP
network IP network
Devices Devices
FIGURE 1. Overall enhanced living environment (ELE) architecture on our smart home testbed. The
architecture is mapped to the actual devices on our smart home testbed showing the required components
and their integration.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
Supervisor VM
SVM
WVM1 WVM2 WVM3 WVM1 WVM2 WVM3 ... WVM1 WVM2 WVM3
(V1) (V5) (V7) (V4) (V9) (V6) (V2) (V8) (V3)
FIGURE 2. The resilient cloud services architecture. The architecture uses spatiotemporal diversity to hide
possible aws and vulnerabilities. (WVM: worker VM)
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
tograph of an authorized person. Even though the SES-1314631, and DUE-1303362; and Thomson Re-
face-detection and fingerprint can be altered, the uters through the framework of the Partner Univer-
unauthorized person couldnt present the requested sity Fund (PUF) project. PUF is a program of the
random event (such as blinking twice) and the ac- French Embassy in the United States and the FACE
cess was rejected. Weve experimented with this Foundation and is supported by American donors
case 100 times using different photos and videos and the French government.
and achieved complete detection (that is, unauthor-
ized people never obtained access). References
Distributed denial of service (DDoS) attacks 1. M. Zhang, A. Raghunathan, and N.K. Jha,
applied to cloud services are also a challenge. Our Trustworthiness of Medical Devices and Body
ELE medical cloud services are immune to DDoS Area Networks, Proc. IEEE, vol. 102, no. 8,
attacks because their execution environments 2014, pp. 11741188.
change randomly, so attackers cant identify the re- 2. US Food and Drug Administration, Classify
sources running the ELE services. To demonstrate Your Medical Device, July 2014; www.fda.gov/
the systems resiliency, we applied different attacks MedicalDevices/DeviceRegulationandGuid-
________________________________
(such as a flooding attack using Hping3, Hydra, ance/Overview/ClassifyYourDevice/default.htm.
_______________________________
Low Orbit Ion Cannon, and fork-bombing attacks) 3. L. Shi et al., BANA: Body Area Network Au-
and insider threat scenarios, and injected possible thentication Exploiting Channel Characteris-
hardware failures. Even if the resources are affected tics, IEEE J. Selected Areas in Comm., vol. 31,
(for insider threats), the use of redundant VMs al- no. 9, 2013, pp. 18031816.
lowed the service to provide correct results with an 4. A.J. Cheriyan et al., Pervasive Embedded Real
overhead of 10 to 20 percent. Similarly, the medical Time Monitoring of EEG & SpO2, Proc. 3rd
information stored on the cloud system cant be af- Intl Conf. Pervasive Computing Technologies for
fected since encryption and resources used to store Healthcare, 2009, pp. 14.
the data are continuously changed.9,10,13 5. P. Mell and T. Grance, The NIST Definition of
We also evaluated our resilience approach Cloud Computing, National Institute of Stan-
against the wireless network. Weve applied attack dards and Technology, Special Publication 800-
scenarios such as session hijacking, MAC address 145, 2011; http://nvlpubs.nist.gov/nistpubs/Legacy/
spoofing, and even DNS cache poisoning. Our ap- SP/nistspecialpublication800-145.pdf.
_________________________
proach detected malicious traffic (such as attacks) 6. L. Atzori, A. Iera, and G. Morabito, The Inter-
on the wireless communications used by wearable net of Things: A Survey, Computer Networks,
devices with a detection rate more of 99 percent. vol. 54, no. 15, 2010, pp. 27872805.
7. M. Hossain, M. Fotouhi, and R. Hasan, To-
wards an Analysis of Security Issues, Chal-
lenges, and Open Problems in the Internet of
ith current advances in wearable technolo- Things, Proc. IEEE World Congress on Services,
gies and cloud computing, theres a strong 2015, pp. 2128.
interest in developing robust and secure ELE ser- 8. W. Kenning, Open Source Identity Management
vices that can tolerate any type of attacks or exploi- Patterns and Practices Using OpenAM 10. x, Packt
tations. Our secure and resilient ELE architecture Publishing, 2013.
leverages our previous work in developing resilient 9. C. Tunc et al., Autonomic Resilient Cloud Man-
cloud services, smart homes, and anomaly behav- agement (ARCM) Design and Evaluation, Proc.
ior analysis of wireless communications networks, Intl Conf. Cloud and Autonomic Computing
especially those that will be used in BANs. Were (ICCAC), 2014, pp. 4449.
currently developing techniques to uniquely classify 10. G. Dsouza et al., Building Resilient Cloud Ser-
and characterize the normal behavior of ELE end vices Using DDDAS and Moving Target De-
devices. fense, Intl J. Cloud Computing, vol. 2, nos. 23,
2013, pp. 171190.
Acknowledgments 11. H. Alipour et al., Wireless Anomaly Detection
This work is partly supported by the US Air Force Based on IEEE 802.11 Behavior Analysis, IEEE
Office of Scientific Research (AFOSR) Dynamic Trans. Information Forensics and Security, vol.
Data-Driven Application Systems (DDDAS) award 10, no. 10, 2015, pp. 21582170.
number FA95550-12-1-0241; US National Science 12. P. Satam, An Anomaly Behavior Analysis Intru-
Foundation research projects NSF IIP-1624668, sion Detection System for Wireless Networks,
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
MSc thesis, Dept. Electrical and Computer PRATIK SATAM is a graduate student in the Elec-
Eng., University of Arizona, 2015. trical and Computer Engineering Department at the
13. H. Kurra, Y. Al-Nashif, and S. Hariri. Resilient University of Arizona. Hes a research assistant in the
Cloud Data Storage Services, Proc. 2013 ACM Autonomic Computing Laboratory. His research inter-
Cloud and Autonomic Computing Conf., 2013, est includes cybersecurity for wireless networks. Satam
pp. 1-9. has a MS in electrical and computer science from the
University of Arizona. Contact him at ________
pratiksatam
@email.arizona.edu.
_____________
JESUS PACHECO is a graduate student in the Elec-
trical and Computer Engineering Department at the SALIM HARIRI is the director of the US National
University of Arizona, where hes also a research as- Science Foundation Center for Cloud and Auto-
sistant in the Autonomic Computing Laboratory. His nomic Computing, and a professor in the Depart-
research interests include cybersecurity for critical ment of Electrical and Computer Engineering at the
infrastructures and cyberphysical systems. Pacheco University of Arizona. His research interests include
has an MS in computer science from the Technologi- autonomic computing, self-protection and self-control
cal Institute of Hermosillo, Mexico. Contact him at of network centric systems, high-performance distrib-
jpacheco@email.arizona.edu.
___________________ uted computing, cloud computing, cybersecurity, and
data analytics. Harri has a PhD in computer engi-
CIHAN TUNC is a research assistant professor in the neering from the University of Southern California.
Electrical and Computer Engineering Department at Contact him at hariri@email.arizona.edu.
________________
and a member of the Autonomic Computing Lab, at
the University of Arizona. His research interests include
autonomic power, performance, and security manage-
ment for cloud computing systems and data analytics.
Tunc has a PhD from the Electrical and Computer Read your subscriptions through
Engineering Department at the University of Arizona. the myCS publications portal at
http://mycs.computer.org.
Contact him at ___________________
cihantunc@email.arizona.edu.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
,(((&RPSXWHU6RFLHW\,V:KHUH<RX&KRRVH
WKH5HVRXUFHVWKDW)LW<RXU&DUHHU
)LQGWKHPHPEHUVKLSWKDWWV\RXEHVW,(((&RPSXWHU6RFLHW\OHWV\RXFKRRVH\RXUPHPEHUVKLS
DQGWKHEHQHWVLWSURYLGHVWRPHHW\RXUVSHFLFFDUHHUQHHGV:LWKIRXUSURIHVVLRQDOPHPEHUVKLS
FDWHJRULHVDQGRQHVWXGHQWSDFNDJH\RXFDQVHOHFWWKHSUHFLVHLQGXVWU\UHVRXUFHVRHUHGH[FOXVLYHO\
through the Computer Society, that will help you achieve your goals.
Training &
Preferred Plus Research Basic Student
Development
Select your $60 $126 $55 $115 $55 $115 $40 $99 $8
membership IEEE
Member
$OLDWH
Member
IEEE
Member
$OLDWH
Member
IEEE
Member
$OLDWH
Member
IEEE
Member
$OLDWH
Member
'RHVQRWLQFOXGH
,(((PHPEHUVKLS
Members-only discounts
on conferences and events
Members-only webinars
12 FREE 12 FREE
Computer Society Digital Library 0HPEHUSULFLQJ 0HPEHUSULFLQJ ,QFOXGHG
GRZQORDGV GRZQORDGV
3 FREE 3 FREE
Training webinars 0HPEHUSULFLQJ 0HPEHUSULFLQJ 0HPEHUSULFLQJ
ZHELQDUV ZHELQDUV
5LJKWWRYRWHDQGKROGRFH
3ULQWSXEOLFDWLRQVDUHDYDLODEOHIRUDQDGGLWLRQDOIHH6HHFDWDORJIRUGHWDLOV
www.computer.org/membership
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
A Fog-Based
Emergency System
for Smart Enhanced
Living Environments
Yannis Nikoloudakis, Spyridon Panagiotakis, Evangelos Markakis,
Evangelos Pallis, and George Mastorakis
Technological Educational Institute of Crete
Constantinos X. Mavromoustakis
University of Nicosia
Ciprian Dobre
University Politechnica of Bucharest
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
In addition to resource management, the orchestra- geographically nearest authority and possible nearby
tor is responsible for deploying virtual services that first responders by sending them an alert banner
facilitate the infrastructures intelligence. containing information from the users profile and
geographical location, customized for each actor.
Proling service. A profiling mechanism implemented
in the fog separates users into two categories: Service logic. In an emergency, first-response time
volunteers and persons of interest. The service is critical, owing to the mercurial state of mind
maintains a non-SQL database of user profiles of vulnerable populations interacting with an
stored in the fog, and containing personal, health, unknown and likely frightening environment. To
and positioning information. It also contains users inform all possible responders of a given distress
current status as safe or unsafe. User profiles are situation, the service first acquires the URI of the
dynamically updated by other services or authorities. nearest public safety answering point (PSAP) by
A user profile is a set of private information that triggering the location-to-service translation (LoST)
shouldnt be accessed publicly. Yet, diverse groups service. It then requests and retrieves the users full
of actors must obtain pieces of that information profile, along with the list of the nearest volunteers,
to be able to respond in an emergency situation as from the profiling service. After having collected all
effectively as possible. In the proposed use case this information, it sends the nearest PSAP an alert
scenario, two general actorsvolunteers and liable banner containing the users full profile and location.
authoritiesmust have access to that information. To reduce first-response time, the service also sends
The liable authority receiving the systems first distress all nearby volunteers an alert banner containing the
message must be granted access to the full personal users limited profile and location, along with a set
and medical information contained inside the users of basic instructions on how to respond and attend
profile. Volunteer responders, who will receive to the user in need. Lastly, it sends the limited user
complementary alert messages, require access only profile, along with an interface-enabling signal, back
to basic user information along with first-response to the embedded device.
instructions. To perform that task, the service creates
two different dynamic HTML5 pages containing the Location-to-service translation. The LoST service
appropriate information for each actor type. uses the LoST protocol7 to find the geographically
nearest emergency response authority. As input, the
Positioning service. A positioning service periodically service receives the users location and it returns the
obtains the users received signal strength indicator URI of the nearest PSAP.
(RSSI) between the embedded device and the in-
house 5G small-cell Wi-Fi interface. As long as Software-dened networking. The SDN inside
the service receives RSSI measurements from the the virtual fog layer acts as a complementary
embedded device, the user remains classified as safe, service for the orchestrator.8 It facilitates the
since the user is considered bounded within the Wi- dynamic management and administration of the
Fi radius of the indoor small cell. If the service stops network inside the fog layer, ensuring elasticity and
receiving RSSI measurements from the embedded reliability. It provides services, such as capacity and
device, it sends an OUT message (meaning the user quality-of-servicespecific links, and connectivity
is outside the homes geographical boundaries) to management, such as creating virtual networks
the profiling service, which classifies the user as required by the system.
unsafe. Once a user is outside the small cells radius,
a cellular interface in the embedded device connects Extreme Edge
to the outdoor cellular network and sends cellular Each user carries a discrete embedded device,
information of the positioning services adjacent integrating various interfaces and providing the
serving base stations (mobile network code, mobile system with a level of context awareness and
country code, location area code, cell ID, signal geographical information. A Wi-Fi interface connects
strength, and so on). The service performs the to an in-house small cell. The device periodically
positioning task using an open geolocation API. In collects and sends the measured RSSI to the
addition, the positioning service informs the service positioning service, which determines whether
logic module, which updates the users location in the user is inside or outside the small-cell radius
the users profile by probing the profiling service. surrounding the users premises. Once the user is
Finally, the service logic module acquires the users found outside the Wi-Fi small-cell radius, a GSM
profile from the profiling service and notifies the interface connects to the outdoor cellular network.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
Small cell
radius
"cellTowers":
"cellId": 21532831, "cellTowers":
"locationAreaCode": 2862, Help "cellId": 21532840,
"mobileCountryCode": 214, "locationAreaCode": 2862,
"mobileNetworkCode": 7 "mobileCountryCode": 214,
"mobileNetworkCode": 7
"cellTowers":
"cellId": 21532950,
"locationAreaCode": 2862,
"mobileCountryCode": 214,
"mobileNetworkCode": 7
FIGURE 5. Overview of the system outside the radius of the small cell. The user is outside of the household boundaries and thus
classied as unsafe. (LoST: location-to-service translation)
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Loop
RSSI
Estimate position
User indoor
User IN User IN
Loop
Cellular info
Estimate position
User outdoor
User location
User location
User location
PSAP
Request full
user prole
Full user prole
User full prole URL and location
Request limitied
prole
Limited user
prole
FIGURE 6. Sequence diagram describing the interaction between the system entities . (BLE: Bluetooth low energy, PSAP: public
safety answering point, RSSI: received signal strength indicator)
munications and networking, Internet of Things, per- munication systems from the University of the Aegean
vasive computing, sensor networks, Web engineering, Hes a member of the IEEE Communications Society.
and informatics in education. Panagiotakis has a PhD Contact him at _______________
markakis@pasiphae.eu.
in communication systems from the Department of In-
formatics and Telecommunications at the University of EVANGELOS PALLIS is an associate professor in
Athens. Contact him at ____________
spanag@teicrete.gr. the Department of Informatics Engineering at the
Technological Educational Institute of Crete and act-
EVANGELOS MARKAKIS is a senior research as- ing director of the Research and Development of Tele-
sociate at the Technological Educational Institute of communications Systems Laboratory. His research
Crete and the technical manager of the Horizon 2020 interests include wireless broadband and mobile net-
DRS-19-2014 Emynos Project. His research interests works and network management. Pallis has a PhD in
include fog networking, P2P applications, and next- telecommunications from the University of East Lon-
generation networks. Markakis has a PhD in com- don. Contact him at pallis@pasiphae.eu.
____________
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
GEORGE MASTORAKIS is an associate professor protocol development and deployment for large-scale
in the Department of Applied Informatics and heterogeneous networks and green mobility-based
Multimedia at the Technological Educational Institute protocols. Mavromoustakis has a PhD in informat-
of Crete and a research associate in the Research ics from Aristotle University of Thessaloniki, Greece.
and Development of Telecommunications Systems Contact him at mavromoustakis.c@unic.ac.cy.
___________________
Laboratory at the Center for Technological Research of
Crete, Greece. His research interests include cognitive CIPRIAN DOBRE is a professor at the University
radio networks, mobile cloud computing, networking Politechnica of Bucharest. His research interests include
traffic analysis, radio resource management, and large-scale distributed systems concerning monitoring,
energy-efficient networks. Mastorakis has a PhD in high-speed networking, grid application development,
telecommunications from University of the Aegean, evaluation using modeling and simulation, mobile
Greece. Contact him at ___________________
gmastorakis@staff.teicrete.gr. applications, and smart technologies to reduce urban
congestion and air pollution, and context-aware
CONSTANTINOS X. MAVROMOUSTAKIS is an applications. Dobre has a PhD in computer science
associate professor in the Department of Computer from the University Politechnica of Bucharest. Contact
Science at the University of Nicosia, Cyprus, where him at ciprian.dobre@cs.pub.ro.
_______________
he also leads the Mobile Systems Lab. His research
interests include the design and implementation of
hybrid wireless testbed environments and mobile
peer-to-peer systems, Internet of Things configura-
tions and smart applications, high-performance cloud Read your subscriptions through
the myCS publications portal at
and mobile cloud computing systems, modeling and http://mycs.computer.org.
simulation of mobile computing environments, and
ADVERTISER INFORMATION
Northeast, Midwest, Europe, Middle East: Advertising Sales Representatives (Jobs Board)
Ann & David Schissler
Email: a.schissler@computer.org, d.schissler@computer.org
________________ ________________
Phone: +1 508 394 4026 Heather Buonadies
Fax: +1 508 394 1707 Email: _________________
h.buonadies@computer.org
Phone: +1 973 304 4123
Fax: +1 973 585 7071
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
A
lthough cloud technologies have been advanced and adopted at an astonishing
pace, much work remains. IEEE Cloud Computing seeks to foster the evolution of
cloud computing and provide a forum for reporting original research, exchanging
experiences, and developing best practices.
IEEE Cloud Computing magazine seeks accessible, useful papers on the latest peer-reviewed
developments in cloud computing. Topics include, but arent limited to:
All accepted articles will be edited according to the IEEE Computer Society style guide.
Submit your papers through Manuscript Central at https://mc.manuscriptcentral.com/ccm-cs.
If you have any questions, feel free to email lead editor Brian #SBOOPO at bCSBOOPO@computer.org.
www.computer.org/cloudcomputing
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
Overcoming Barriers
for Ubiquitous User-
Centric Healthcare
Services
Alex Palesandro
Orange Labs
Marc Lacoste
Orange Labs
Nadia Bennani
Universit de Lyon
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
FIGURE 1. Follow-me use case. Actors in this scenario include care delivery organizations (CDOs), private
clouds, and over-the-top cloud (OTT) providers.
loud home healthcare systems rep- ganization (CDO). Moreover, current systems dont
resent a widely investigated research support follow-me scenarios, where traveling pa-
area.1 These systems are designed tients might require treatment away from their usu-
for a wide spectrum of healthcare al residence, potentially relying on new practitioners
applications, from simple electronic and CDOs (see Figure 1).
health record (EHR) consultation to Single provider clouds cant meet these challenges.
remote monitoring and assisted surgery. Key require- First, data processing has strict requirements in terms
ments for such applications are geographical restric- of location awareness. In addition, single-provider
tions on the hosting of applications and data, usually availability guarantees might not be sufficient in
imposed by laws; stringent high-availability and QoS medical environments. Quality of service (QoS) is
constraints (99.99 or 99.999 percent of availability also impacted by latency, increasing with distance
time per year); and dependency on a homogeneous between service users (such as patients and doctors)
set of system security services from different cloud and the datacenter. Finally, cloud providers must be
public providers. In other words, applications should trustworthy given the privacy issues related to medi-
be accessible anywhere, anytime, with acceptable cal data. To overcome such limitations, healthcare
performance and security. services should rely on multiple cloud providers. A
Current home-based scenarios are limited to multiprovider approach brings both benefits, in terms
patients who might leverage the service on premise, of geolocation, availability, and QoS; and challenges,
relying on the same practitioner or care delivery or- such as the need for consistent quality of protection
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
(QoP) across providers. The multiple provider model telemedicine operations (such as remote treatment,
also adds significant complexity. The impossibility of periodic self-treatment and monitoring, and EHR ac-
simply and practically leveraging multicloud benefits cess) using mobile devices, while CDO services are
prevents many applications from relying on multipro- geographically fixed in the CDOs private clouds.
vider infrastructure-as-a-service (IaaS) models. The application orchestration logic can retrieve
Therefore, a multiprovider system must provide the actual geolocations of the services and patients
for flexible provisioning, where the application logic through the front-end application and device capa-
influences resource allocation in the multicloud; bilities (such as GPS).
and must support interoperability. The multicloud Cloud customers rely on cloud providers not
should provide infrastructure homogeneity from se- only for low-level resources (compute, network-
curity and resource abstraction standpoints across ing, and storage) but also for high-level services,
multiple sites. Infrastructure homogeneity allows such as database management systems as a service
each provider to use the same security services to (DBMSaaS) or load balancer as a service (LBaaS),
protect application execution. offloading operational complexity from developers.
The Orchestration for Beyond Intercloud Se- However, the use of these complementary services
curity (Orbits) architecture addresses these needs, creates a de facto lock-in that introduces a strict de-
providing simultaneous and flexible application pro- pendency between cloud customer and provider. In
visioning across multiple providers, as well as a ho- addition, similar services might encourage custom-
mogeneous service abstraction across multiple clouds ers to remain inside the provider realm since trans-
enforced at the IaaS level. ferring data inside the same provider region is free
or inexpensive. Therefore, interoperability at the
Orbits Multicloud Architecture IaaS level can hide the complexity of compatibility
Healthcare use cases typically embrace a wide range layers on different providers. However, the orches-
of actors (patients, pharmacists, CDO administrators, tration logic could effectively deploy multiprovider
doctors, and so on) and different classes of devices. In applications, since all requirements can be handled
addition, service developers and operators, who are with a precise knowledge of subcomponent interac-
responsible for building applications and delivering tions, which is possible at the application orchestra-
services, represent technical actors in our scenarios. tion level. Obviously, IaaS interoperability might not
Hence, we consider two classes of service. The solve incompatibility issues at the application layer,
first is applications deployed by CDOs and other in- but it could simplify interoperability by enhancing
stitutions that are typically shared across multiple the orchestration expressiveness of this layer while
actors and hosted inside private clouds or scaled hiding the underlying complexity.
out to public clouds.1,2 This class includes EHR To address these challenges, Orbits offers both
consultation for patients and prescription manage- flexible provisioning of microservices-based applica-
ment for doctors or institutions. The other class tions, handling placement, elasticity, and availabil-
of services is patient-oriented applications, which ity; and infrastructure homogeneity so customers
typically produce or analyze personal health re- can completely control their security appliances.
cords (for example, drug therapy self-assessment Orbits enables infrastructure deployment to sup-
questionnaires, periodic self-treatments, and epi- port application requirements (such as peak usage or
demiological studies). Such patient-oriented appli- CSP breach) when and where they occur.
cations might require downloading and uploading Existing approaches partially meet these require-
data to CDOs or designing complex interconnec- ments (see the related work sidebar). Indeed, overlay-
tions among services.3 Deployed services usually le- based approaches give users an important degree of
verage a three-tier application structure with SQL/ control (such as a virtualization layer and security
NoSQL databases, application servers, and front- appliances),4 but lack effective multiprovider orches-
ends on top of infrastructure abstractions (virtual tration tools. However, brokering-based approaches
machines [VMs], object/block storage, and virtual (for example, RightScale and jClouds) optimize pro-
networking) supported by the cloud provider. Given visioning of application resources without giving us-
the heterogeneity of actors and applications, each ers more control over the infrastructure.
tier is usually split into cooperating subcomponents To sum up, we model a use-case where a health-
(microservices) and services, following the service- care service is described by
oriented architecture (SOA) approach.
We consider a simpler scenario in which patients a microservice-based application with related
move among locations and thus need to perform orchestration logic,
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
orchestrator
orchestrator
controller controller controller
Local
Local
Local
Management layer
Cloud Cloud Cloud
operating operating operating
system system system
FIGURE 2. The Orbits architecture. Management and virtualization instances are replicated through different
providers, creating the overclouds.
a minimal threshold of N distinct providers and the use cases. It gives an overall view of the
M regions that they require a priori (such as for available providers and coordinates application
availability), orchestration between provider instances.
the set of security services and configurations
they want to deploy for QoP requirements, and Management and virtualization layer services
a list of static provider constraints to address geo- are deployed on each provider inside the multicloud.
location (such as legal country and per-provider We refer to those instances as overclouds, as theyre
minimum availability). overlay instances that provide a homogeneous view
of resources to the orchestration layer.
Developers and operators of the healthcare ser-
vice might consider a cloud service provider (CSP) Virtualization Layer
as trusted or untrusted, adopting an adversary mod- The Orbits virtualization layer runs microservices
el to deal with security and privacy. using a provider-agnostic approach. Virtualization
Figure 2 gives an overview of the Orbits archi- is a widely adopted approach to obtain isolated and
tectures three layered-design: transparent hardware resource sharing between
competing software or systems. Several technologies
The virtualization layer executes scheduled jobs, can be adopted to deploy and run execution environ-
with tradeoffs between performance and isola- ments that generally arent interoperable.5
tion among workloads, using security services The virtualization layer should realize interop-
specified by operators at build time. It provides a erability among isolated execution environments
homogeneous view of security services to upper across different providers, hiding provider hetero-
layers to meet the QoP requirement. geneity. Technological heterogeneity makes this
The management layer oversees resource provi- impossible at the underlay level. The virtualization
sioning on each overlay provider, managing the layer should also be customizable, allowing each op-
virtualization layer and the creation of new ex- erator to deploy its chosen security services and to
ecution environments. This layer also meets the impose minimal performance overheads.
QoP requirement, focusing not only on applica- Two main technological alternatives are avail-
tion execution, but also on access to resources. able for the virtualization layer.
The orchestration layer ensures flexible provi- Nested virtualization is a system architecture
sioning across multiple providers required by in which the guest operating system virtualizes a
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
nested guest.6 This extra level of virtualization can In both cases, microservices composing a com-
be executed through nested hardware-assisted full plex application will be run inside execution environ-
virtualization6 or paravirtualization over hardware- ments provided by the virtualization layer. Nested
assisted virtualization.5 Performance has always virtualization and containers offer different tradeoffs
been an impeding factor for massive adoption of such in terms of isolation and performance. Stateful ap-
techniques. However, some recent work shows more plications might need to be migrated without loss of
acceptable overhead.5,6 state through live migrations, which is simpler with
Containers are user-space environments on an VMs. With stateless services, a simple respawn on a
operating system providing isolation between them new infrastructure is better addressed by lightweight
and host resources.7 Resource isolation is achieved containers, which can enhance rescheduling time
using new kernel functionalities (for example, on new infrastructures when detecting that a pa-
cgroups and Linux namespaces). However, contain- tient is moving and requesting service from another
ers still suffer from major isolation concerns due to location. VMs achieve better isolation and resilience
Linux kernel sharing and achieve weaker isolation than containers, but have slower performance, and
than VMs. Recent work has also shown that overlay might be a better tradeoff for critical components in
containers dont significantly degrade performance.4 terms of service availability.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
References
(IaaS) compatibility layers.7,8 Brokering approaches
offload multiprovider orchestration, agreeing with 1. A. Abbas and S.U. Khan, A Review on the State-
a broker on the desired service-level agreements of-the-Art Privacy-Preserving Approaches in the
(SLAs) and associated costs. Compatibility layers E-Health Clouds, IEEE J. Biomedical and Health In-
typically rely on a client-controlled virtualization layer formatics, vol. 18, no. 4, 2014, pp. 14311441.
to escape vendor lock-in through an interoperable 2. E. AbuKhousa, N. Mohamed, and J. Al-Jaroodi, E-
layer. Such techniques showed fair performance and Health Cloud: Opportunities and Challenges, Fu-
consolidation improvements compared to traditional ture Internet, vol. 4, no. 3, 2012, pp. 621645.
cloud deployment. However, how theyll handle 3. H. Wu, Q. Wang, and K. Wolter, Mobile Healthcare
exible provisioning of applications is unclear. Orbits Systems with Multi-Cloud Offloading, Proc. IEEE
implements an IaaS compatibility layer-based ap- 14th Intl Conf. Mobile Data Management, vol. 2,
proach, in addition to providing multicloud exible- 2013, pp. 188193.
provisioning mechanisms. 4. T. Ermakova and B. Fabian, Secret Sharing for
Meanwhile, application architectures have Health Data in Multi-Provider Clouds, Proc. IEEE
evolved toward more modularity in deployment, 15th Conf. Business Informatics, 2013, pp. 93100.
reducing time between development and delivery. 5. N. Grozev and R. Buyya, Inter-cloud Architectures
and Application Brokering: Taxonomy and Survey,
Microservices Frameworks Software: Practice and Experience, vol. 44, no. 3,
The rise of lightweight virtualization (such as Docker 2014, pp 369390.
containers) is changing the way cloud applications 6. R. Buyya, R. Ranjan, and R. Calheiros, InterCloud:
are developed and deployed. Revisiting the service- Utility-Oriented Federation of Cloud Computing
oriented architecture (SOA) paradigm, monolithic Environments for Scaling of Application Services,
applications are componentized into cooperat- Algorithms and Architectures for Parallel Process-
ing microservices run inside lightweight contain- ing, LNCS 6081, Springer, 2010, pp. 1331.
ers (for example, Google Kubernetes and Apache 7. D. Williams et al., The Xen-Blanket: Virtualize Once,
Marathon). However, with multiple providers, such Run Everywhere, Proc. 7th ACM European Conf.
frameworks dont consider the homogeneity of Computer Systems (EuroSys12), 2012, pp. 113126.
the infrastructure services theyre leveraging (for 8. K. Razavi et al., Kangaroo: A Tenant-Centric Soft-
example, intrusion detection systems or rewall-as- ware-Dened Cloud Infrastructure, Proc. IEEE Intl
a-service for security). Conf. Cloud Eng., 2015, pp. 106115.
Thus, developers and/or operators might adapt is critical to guaranteeing QoP in our use case.
virtualization to workloads, selectively isolating or We distinguish two classes of management ser-
aggregating diverse application components. This vices for Orbits overclouds.
can be achieved through the management layer API. In local resource provisioning, the local cloud
operating system and software-defined networking
Management Layer (SDN) controller components are typically in charge
For infrastructure homogeneity, Orbits aims not of compute, storage, and networking management.
only at virtualization interoperability but also ho- In relation with orchestration logic services, the
mogeneous resource management across multiple local orchestrator, or Stratopause component, is the
clouds. This implies uniform APIs across providers. link between local resource provisioning and ap-
Indeed, complete interoperability issues arising from plication dispatching. It regularly informs the ap-
the infrastructures multiprovider nature could be plication orchestration framework about available
prevented by security services provided as a service overclouds, for example, resources and cloud at-
by cloud providers (for example, anti-DDoS and fire- tributes (provider, region, and virtualization tech-
walls). Different APIs might require per-provider ad- nologies). When the application orchestration logic
aptation; thus, homogeneous resource management schedules a job on a certain Stratopause instance,
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
the Stratopause communicates with the cloud op- text-based description of the topology and configu-
erating system service to trigger resource allocation ration of hardware resources and software compo-
to satisfy the allocation requirements demanded by nents. Some legislation, such as the General Data
the orchestration layer. The global orchestration Protection Regulation (GDPR), might require techno-
logic collects updates from Stratopause instances to logical and organizational settings to protect sensitive
reach placement decisions. This instance also col- data and its processing. The infrastructure-as-code-
lects microservices that dispatch commands to local based security enrichment approach leveraged by
overlays, which are transmitted to the local cloud Mantus reduces the effort required to provide the
operating system to provision resources according to same infrastructure security and privacy services
expressed requirements. across multiple cloud providers.
The management layer enables the use of equiv-
alent security services on different providers, for ex- Application-level orchestration. Whereas the role of
ample, to fulfill EHR systems security requirements. infrastructure services is building and maintaining
However, this layer doesnt have the overall vision of the Orbits multicloud, the application orchestration
all deployed overclouds. logic is responsible for flexible provisioning across
clouds, which it typically achieves by placing appli-
Orchestration Layer cation microservices across providers.
Orchestration is performed at both the infrastruc- Orchestration frameworks are usually composed
ture and application levels. of application frameworks and a resource multiplex-
er (for example, Apache Mesos). Application frame-
Infrastructure orchestration. Following the infra- works are responsible for application deployment
structure as code paradigm, a cloud template text on available resources, following developer/operator
description for the overlay infrastructure defines specifications. The resource multiplexer guarantees
which services are deployed and where. Orchestra- fair sharing between frameworks on a pool of re-
tion covers sources. In Orbits, we enhance the placement logic
of application frameworks, introducing multipro-
deploying management and virtualization layers vider awareness of overclouds deployed by Mantus.
on selected providers, The overcloud-aware placement leverages Strato-
providing on-demand interconnection between pause instances to receive updates about overcloud
providers, and instance availability and dispatch selected jobs on a
managing identity and access across overlay given provider.
instances. Essential requirements of healthcare applica-
tions, such as confidentiality, data integrity, and
Therefore, to address the deployment of overlays on anonymity, might leverage the single point of orches-
different providers, the user-centric cloud builder tration to effectively decide where to deploy different
component, Mantus, customizes the cloud template instances of services, relying on the infrastructures
according to tenant-requested security services, homogeneity.8 This runtime control could also allow
which might include network and system control, service operators to easily comply with legislation in
management services, and virtualization; selects a terms of data protection and geolocalization.
subset of cloud providers, compatible with policies
expressed by the tenant needs; and instantiates over- Experimental Results
lay clouds on multiple providers. We built a proof-of-concept prototype of the basic
Moreover, hosting cloud providers create vir- overlay template cloud based on OpenStack and Me-
tual networks inside each overlay cloud. To create sos (see Figure 3). We leveraged Xen, Linux Contain-
multiprovider connections, a network fabric builder ers (LXC), and the Kernel-based Virtual Machine
component extends local virtual networks across pro- (KVM) as basic virtualization technologies. The
vider barriers. Finally, an overall authentication and management layer is based on OpenStack, which
authorization service transparently manages identity supports those virtualization technologies Open-
and access across deployed overclouds, for example, Stack is integrated with an overlay OpenDaylight as
by coordinating different authentication services. the SDN controller. We realized a first implemen-
The Mantus orchestration component commu- tation of Mantus and Stratopause in a simpler sce-
nicates with orchestration providers APIs (such as nario, where a developer can trigger deployment of
OpenStack Heat and Amazon CloudFormation), de- Orbits on a select number of providers without con-
ploying the overclouds template, which consists of a sidering the patients location; instead, the focus is
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Keystone Keystone
Stratopause
Stratopause
Nova scheduler Nova scheduler
Glance Glance
Neutron Neutron
FIGURE 3. Orbits prototype components. Dashed borders indicates newly introduced components, among
legacy open-source.
on enriching security services and deploying a uni- In parallel to the first two steps, Mantus re-
form infrastructure layer. trieves a list of available providers and applies a
The Mantus orchestration workflow proceeds as simple filter and weight algorithm. We assume that
follows. Mantus retrieves a list of provider datacenter re-
In the first step, service definition, Mantus gions with predefined and comparable service-level
uses a code description to automate infrastructure agreements (SLAs), such as minimal availability and
resource provisioning and configuration, which location of specific regions.
provides benefits in terms of reproducibility and The next step is instantiation. When providers
maintenance. Such a description concerns services are selected, the provider-agnostic description of ser-
from management and virtualization layers (such vices is converted into the provider-specific orches-
as cloud operating system services, SDN controller, tration language3 of the selected cloud providers. In
and virtualization nodes). the Mantus workflow, provider-agnostic Topology
Next, in the service enrichment step, Mantus ex- and Orchestration Specification for Cloud Applica-
tends the abstract service description with the list tions (Tosca, www.oasis-open.org/committees/tosca)
of security services provided as input (see Figure 4). service descriptions are mapped to per-provider de-
The initial description is then enriched by the ad- scriptions, such as OpenStack Heat Orchestration
dition of selected services from providers (such as Template (HOT, http://docs.openstack.org/developer/
access control framework, hardening services, hy- heat/template_guide/ hot_guide.html) and, in
___________________________
pervisor appliances, and network middleboxes). the future, Amazon Web Services CloudFormation
Access control and hardening services could be (https://aws.amazon.com/cloudformation).
introduced as new services in the provider-agnostic Modeling the base cloud services resulted in
description. The infrastructure should have network 1,103 lines of code (601 lines of Tosca YAML (Yet
connectivity with control services. Thus, network Another Markup Language) and 502 of BASH
applications can be described as configuration files [Bourne-Again Shell] configuring scripts). The
to be deployed inside the SDN controller. Similar- translation of Tosca to OpenStack Heat plus the in-
ly, hypervisor appliances can be added to compute stantiation logic for Heat APIs required 868 lines
nodes. Finally, network middleboxes (for example, of Python, which represent the specific OpenStack
firewalls, intrusion detection services, and HTTP driver code required to port Mantus to a new pro-
accelerators) can be described as extra services, vider. Supporting OpenStack enables Orbits to sup-
chained together by traffic steering flows. port not only private clouds but also several public
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
(a)
Enriched overlay template
URL Internet
lter
Snort
OS
Moon Anti compute FW
Introspection
DDoS (LXC)
Hardening OS
service controller SDN Compute SELinux Standalone service
node controller (Xen) proles Conguration script
Integrated service
Network function forwarding graph
(b)
FIGURE 4. Mantus orchestration templates: (a) initial sample overlay template, and (b) services after enrichment process.
CSPs leveraging this open source cloud manage- clouds is guaranteed by the description-based model
ment system. elaborated by Mantus.
Table 1 summarizes how Orbits addresses To assess overhead when using nested virtualiza-
healthcare requirements. The geolocation require- tion, we evaluated our Orbits prototype in terms of
ment is addressed through Mantus, which selects both performance and scalability. To this end, net-
acceptable providers according to service SLAs re- work latency and bandwidth represent important pa-
quirements; and through Stratopause, which in- rameters to influence the execution performance of
structs the application logic with IaaS provider healthcare applications as analyzed earlier. Figures
details. For the QoS requirement, Stratopause no- 5a and 5b compare nested virtualized execution en-
tifies the application orchestration logic to satisfy vironments (VM plus containers), single-layer VMs,
desired availability through replication on different and a bare-metal system. Degradations are concen-
infrastructures. The QoP requirement over multiple trated in the nested KVM setting, where overhead
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
111.739%
200 Orbits: nested Xen
Throughput (Mbytes/second)
98.81%
20.423%
Time (us)
22.27%
120
60
100
80 40
60
40 20
20
0 0
Orbits Xen Orbits KVM Orbits LXC Guest KVM L1 Physical 1 2 4 8 16 32 64 128 256 512 1,024
(a) (b) TCP payload size (bytes)
200 150
KVM guest L1 KVM guest L1
Throughput (requests/seconds)
140
Overhead in response time (%)
FIGURE 5. We ran performance and scalability tests using an Intel Xeon E5-2650 Haswell at 2.60 GHz with 64 Gbytes of RAM and
Centos 7 as a bare-metal operating system. The base software platform is an OpenStack over Linux KVM executing Ubuntu 16.04
guests VMs, with a paravirtualized VirtIO drivers network card and disk. (a) Average TCP latency (less is better). (b) Average TCP
throughput. (c) Request service response time. (d) Request throughputs per second.
often exceeds 50 percent compared to the baseline. so supporting new providers would require adding
LXC performs quite well and can be considered a only their orchestration service to the appropriate
viable solution to introduce a user-controlled virtu- Mantus driver.
alization layer.
As Figures 5c and 5d show, we tested the scal-
ability of nested execution environments when e plan to extend the Orbits architecture
increasing load in a WordPress application. A with additional features, such as the abil-
WordPress application, like many healthcare appli- ity to model security services (Tosca) and weave
cations,3 relies on a Web front end, a server-side ap- them into the functional infrastructure, and to
plication logic, and access to a database, and could integrate SLAs. We also intend to benchmark the
be used as a generic and representative benchmark. Mantus and Stratopause components and overall
From the perspective of both throughput and elapsed Orbits framework using sample healthcare appli-
time, Xen and LXC perform well, keeping overhead cations to further validate multicloud-aware place-
below 20 percent. In addition, from a scalability ment and follow-me types of ubiquitous healthcare
viewpoint, control of a nested virtualization layer on scenarios, as well as other classes of applications
a public cloud makes physical collocalization pos- to evaluate the genericity of the architecture in a
sible,4,5 which might enable better performance re- variety of use cases. Well also address the addi-
gardless of the underlying provider, in the context of tional management complexity introduced by mul-
applications using multiple execution environments. tiple overlays, exploring existing frameworks (such
To sum up, experimental results show that the as the Virtual Environment Self-Protecting Archi-
performance and scalability loss of the Orbits archi- tecture)9 to enrich Stratopause and Mantus with
tecture due to the adoption of an extra virtualization self-management features for typical administra-
layer might be affordable. The cost to adopt a new tion tasks, or detection of and reaction to unusual
provider isnt huge in terms of code development, events such as failures.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
CLOUD 4ELE
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
PURPOSE: The IEEE Computer Society is the worlds largest EXECUTIVE COMMITTEE
association of computing professionals and is the leading President: Jean-Luc Gaudiot
provider of technical information in the field. President-Elect: Hironori Kasahara; Past President: Roger U. Fujii;
MEMBERSHIP: Members receive the monthly magazine Secretary: Forrest Shull; First VP, Treasurer: David Lomet; Second VP,
Computer, discounts, and opportunities to serve (all activities Publications: Gregory T. Byrd; VP, Member & Geographic Activities:
are led by volunteer members). Membership is open to all IEEE Cecilia Metra; VP, Professional & Educational Activities: Andy T. Chen;
members, affiliate society members, and others interested in the VP, Standards Activities: Jon Rosdahl; VP, Technical & Conference
computer field. Activities: Hausi A. Mller; 20172018 IEEE Director & Delegate Division
COMPUTER SOCIETY WEBSITE: www.computer.org VIII: Dejan S. Milojii; 20162017 IEEE Director & Delegate Division V:
OMBUDSMAN: Direct unresolved complaints to ombudsman@ Harold Javid; 2017 IEEE Director-Elect & Delegate Division V-Elect: John
computer.org. W. Walz
CHAPTERS: Regular and student chapters worldwide provide the
opportunity to interact with colleagues, hear technical experts, BOARD OF GOVERNORS
and serve the local professional community. Term Expiring 2017: Alfredo Benso, Sy-Yen Kuo, Ming C. Lin, Fabrizio
AVAILABLE INFORMATION: To check membership status, report Lombardi, Hausi A. Mller, Dimitrios Serpanos, Forrest J. Shull
an address change, or obtain more information on any of the Term Expiring 2018: Ann DeMarle, Fred Douglis, Vladimir Getov, Bruce
following, email Customer Service at help@computer.org
____________ or call
M. McMillin, Cecilia Metra, Kunio Uchiyama, Stefano Zanero
+1 714 821 8380 (international) or our toll-free number, +1 800 Term Expiring 2019: Saurabh Bagchi, Leila De Floriani, David S. Ebert,
272 6657 (US): Jill I. Gostin, William Gropp, Sumi Helal, Avi Mendelson
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
BLUE SKIES
Osmotic Computing:
A New Paradigm for Edge/
Cloud Integration
ith the promise of potentially unlimited power and
scalability, cloud computing (especially infrastruc-
Massimo Villari and ture as a service [IaaS]) supports the deployment of
Maria Fazio
reliable services across several application domains.
University of Messina
In the Internet of Things (IoT), cloud solutions can improve the
Schahram Dustdar quality of service (QoS), fostering new business opportunities in
TU Wien multiple domains, such as healthcare, finance, traffic manage-
ment, and disaster management. Available mature solutions, such
Omer Rana
Cardiff University as Amazon IoT and Google Cloud Dataflow, demonstrate the suc-
cess of cloud-centric IoT programming models and resource or-
Rajiv Ranjan chestration techniques. However, recent technological advances
Newcastle University
have disrupted the current centralized cloud computing model,
moving cloud resources close to users.
This evolution is mainly required for the adapta- es to interact more seamlessly with datacenter-based
tion of the cloud paradigm to the IoT phenomenon. services. It aims at highly distributed and federated
The increasing need for supporting interaction be- environments, and enables the automatic deploy-
tween IoT and cloud computing systems has also led ment of microservices that are composed and inter-
to the creation of the edge computing model, which connected over both edge and cloud infrastructures.
aims to provide processing and storage capacity as In chemistry, osmosis represents the seamless
an extension of available IoT devices, without need- diffusion of molecules from a higher to a lower con-
ing to move data/processing to a central cloud data- centration solution. We believe this process should
center (such as Amazon Web Services). This reduces represent how services can be migrated across data-
communication delays and the overall size of the centers to the network edge. Hence, osmotic com-
data that needs to be migrated across the Internet puting implies the dynamic management of services
and public and private datacenters. and microservices across cloud and edge datacenters,
Osmotic computing is a new paradigm thats addressing issues related to deployment, networking,
driven by the significant increase in resource capaci- and security, thus providing reliable IoT support with
ty/capability at the network edge, along with support specified levels of QoS. Osmotic computing inherits
for data transfer protocols that enable such resourc- challenges and issues related to elasticity in cloud
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
BLUE SKIES
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
at L1 and L2, we envision a distributed heteroge- and microservices for security management to sup-
neous cloud composed of different types of resources port cross-platform development of security-enabled
located at each of the two layers. Understanding how microservices.
a microservice hosted on a cloud at L1 can interact The microservice provisioning solution can bene-
and coordinate with a microservice in L2 is a key re- fit from aggregating different types of resources in the
search challenge in such systems. Each level has its L1 and L2 deployment environments. Understanding
own objective functionalities that influence the types how these systems could be aggregated to support ap-
of operations performed. For instance, L2 generally plication requirements (particularly nonfunctional
consists of resource-constrained devices (limited bat- requirements, such as latency, throughput, security,
tery power, network range, and so on) and network and budget) remains an important challenge. In par-
elements, which must perform tasks without over- ticular, the proposed solution follows an advanced
loading available resources. approach where microservices are opportunistically
Datacenters at L1 and microdatacenters at L2 deployed in virtual components, called containers.
can belong to different providers. However, in a Container-based virtualization technologies (for ex-
federated scenario, providers can establish relation- ample, Linux Containers, Docker, Preboot Execution
ships and cooperate to share resources and servic- Environment, Google Container, and Amazon Com-
es, thus increasing their business opportunities.1,2 pute Cloud Container) have emerged as a lightweight
In this scenario, an osmotic computing framework alternative to hypervisor-based approaches (such as
is application agnostic, offering user applications Xen and Microsoft Hyper-V) used in the cloud. A
with runtime environments working in a distributed container permits only well-defined software compo-
and secure way. Thus, the main types of microser- nents (such as a database server) to be encapsulated,
vices that the osmotic computing framework must which leads to significant reduction of deployment
orchestrate and deploy into cloud and edge infra- overhead and much higher instance density on a
structure are general-purpose microservices, which single device than a hypervisor. Hence, the new
are strictly related to the specific applicative goal; container-based approaches permit deployment of
microservices for network management for setting lightweight microservices on resource-constrained
up virtual networks among microservices deployed and programmable smart devices on the network
in the distributed and federated cloud/edge system; edge such as gateways (Raspberry Pi and Arduino),
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
BLUE SKIES
network switches (HP OpenFlow), and routers (such In osmotic computing, its necessary to develop
as Cisco IOx), but also increase performance in the holistic decision-making frameworks that automate
dynamic management of microservices in cloud configuration selection across microservices and
datacenters. resources in cloud and edge datacenters to meet
Osmotic computing attempts to characterize QoS constraints. To this end, novel decision-making
how composed microservices must be automati- techniques based on multicriteria optimization (for
cally adapted to the deployment sites, considering example, genetic algorithms) and multicriteria deci-
deployment location and context, since containers sion making (for example, analytic network process)
are strictly related to the physical hosts capabilities. techniques should be investigated.
In addition, a decision maker must map microser-
vices to the relevant location. Such a decision is Microservice Networking
influenced by constraints identified by the specific Osmotic computing is based on an abstraction of
application and the infrastructure provider, such as networks that spawn from cloud to edge and vice
utilization of specialist resources (such as a GPU versa for improving the performance of the commu-
cluster), improving revenue, or reducing manage- nication among microservices.
ment overheads (for example, system administration The network here represents an enabler that al-
and/or energy costs). Adaptation of microservices to lows us to dynamically adjust the overall microser-
fluctuations in the computing environment must be vices behavior according to user requirements. Both
performed over time, during the execution of mi- software-defined networking (SDN) and network
croservices. Therefore, a feedback-driven orchestra- function virtualization (NFV)5 offer useful solutions
tion is necessary to detect changes in infrastructure for supporting in-network/in-transit processing of
performance and QoS metrics. data (between edge and datacenter) and providing
network management abstraction independent of the
Research Directions underlying technology.
To make most effective use of the osmotic comput- Future network management advances in osmot-
ing paradigm, we propose the following research ic computing should include the development of an
directions. interoperability layer enabling interdomain, federated
networks for remote orchestration of heterogeneous
Microservice Conguration edge devices (for example, exploiting SDN and NFV
Existing work in the cloud datacenter context sup- capabilities) accessible through an API. Moreover,
ports provider evaluation methods but lacks mi- the characterization of federated networks in the do-
croservice and edge datacenter configuration support. main of cloud and edge is missing from the scientific
Multiple approaches have applied optimization3 and literature. In osmotic computing, a specific metadata
performance measurement techniques4 for select- ontology for overcoming this issue should be assessed.
ing cloud datacenter resources for deploying virtual
machine (VM) images according to QoS criteria Microservice Security
(throughput, availability, cost, reputation, and so A previous Blue Skies column outlined the security
on). While doing so, existing configuration selec- challenges and threats of integrating edge computing
tion techniques have largely ignored the need for devices (IoT devices, in transit network devices) with
VM images and a migration process with transpar- a cloud datacenter.6 An osmotic computing frame-
ent decision support and adaptability to custom work needs a coherent security policy thats supported
criteria; hence, for example, they lack flexibility in within both a cloud datacenter and an edge comput-
terms of selection constraints and objectives that ing environment to enable microservice execution
can model configurations of edge cloud resources and migration. Ensuring that the same security con-
and microservices. However, the configurations and siderations are observed for a particular microser-
QoS criteria for selecting and ranking microservices vice across both environments remains a challenge.
and datacenter resources on the network edge differ Such security features will enable self-identification
from VM deployment on cloud datacenters. processes that will make the deployment of microser-
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
vices inside cloud and edge devices easier and more Microservice Workload Contention and
secure, also facilitating the wide adoption of osmotic Interference Evaluation
computing technology. In addition, another objective Recently, research activities in cloud-based solu-
of osmotic computing is to add security capabilities tions for IoT and edge devices presented container-
to the container engine to enable the secure deploy- based virtualization as an alternative to VMs in the
ment of containers including microservices on IoT cloud.10 For example, Docker Swarm (https://docs
________
devices. More specifically, an osmotic computing .docker.com/swarm) provides a native orchestration
framework should allow developers to build chains of framework (container engine) for multiple Docker
trust involving both edge devices and cloud systems deployments, and Kubernetes (http://kubernetes
by means of a transversal security process. .io/v1.1/docs/user-guide/horizontal-pod-autoscaler
__________________________________
.html) is an open source system for automating de-
____
Edge Computing ployment, operations, and management of clusters
Recent efforts to create an open source IoTCloud of containerized microservices on edge devices and
(providing sensors-as-a-service) and middleware- cloud datacenter resources. However, codeployed,
oriented efforts in the European Open IoT project containerized microservices leads to workload con-
indicate significant interest in this area from the aca- tention. Workload (generated by containerized mi-
demic community. In the same context, HTTP/REST- croservices) resource consumption and QoS arent
based APIs, such as Xively, Open Sen.se, and Think additive, so understanding the nature of their com-
Speak, indicate strong commercial interest, in appli- position is critical to deciding which microservices
cations ranging from smart cities to intelligent homes. can be deployed together (that is, can coexist). Re-
This also aligns with the fog computing efforts involv- cent work has investigated several approaches to
ing cloudlets (from Cisco), which involve small clouds minimize the impact of workload interference on
that are geographically scattered across a network and the QoS of hosted applications on cloud datacenters.
act as small datacenters at the network edge.7 Hardware-based approaches add complexity to
The related approach of mobile offloading is the processor architecture and are difficult to man-
centered on the need to offload complex and long- age over time. SriramGovindan and his colleagues
running tasks from mobile devices to cloud-based developed a scheme to quantify the effects of cache
datacenters.8 To reduce potential battery power contention between consolidated workloads.11 How-
consumption and application delay due to intermit- ever, these techniques focus on the contention issues
tent network connectivity, tasks from mobile devices of only one hardware resource type (that is, cache)
(which generally have lower computation and stor- while ignoring others. Mohammad Nathuji and his
age capabilities than a datacenter) are executed at colleagues present a control theory-based approach
a datacenter, with periodic synchronization between to consolidation that mitigates the effects of cache,
the edge device and the datacenter. An alternative memory, and hardware prefetching contention of
approach (to achieve the same outcome) involves coexisting workloads.12 However, they consider only
creating a mobile device clone within a datacenter as CPU-bound or compute-intensive applications.
a VM. Examples include CloneCloud9 and Moitree. To the best of our knowledge, none of the exist-
Our osmotic computing approach suggests the ing academic approaches or the container engines
need to combine mobile offloading with datacenter such as Open-Shift Origin, Amazon EC2 Con-
offloadingthat is, we offload computation initially tainer Service, Docker Swarm, and Kubernetes can
carried out within a datacenter to a mobile device. automatically detect and handle resource conten-
This reverse offloading enables computation to be tions among codeployed microservices across cloud
undertaken closer to the phenomenon being mea- and edge datacenter resources. Hence, research in
sured (overcoming latency and data transfer costs). osmotic computing should focus on novel microser-
The osmotic computing approach therefore focuses vice consolidation techniques that can dynamically
on understanding the types of microservices that detect and resolve resource contention via microser-
would be more relevant to execute at the edge than vice performance characterization, workload priori-
within a datacenter environment, and vice versa. tization, and coordinated deployment.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
BLUE SKIES
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
2. A. Celesti et al., Characterizing Cloud Fed- big data analytics, and security systems. Villari has a
eration in IoT, Proc. 30th Intl Conf. Advanced PhD in computer engineering from the University of
Information Networking and Applications Work- Messina. Hes a member of IEEE and IARIA boards.
shops (WAINA), 2016, pp. 9398. Contact him at ____________
mvillari@unime.it.
3. M.K. Qureshi and Y.N. Patt, Utility-Based Cache
Partitioning: A Low-Overhead, High-Performance, MARIA FAZIO is an assistant researcher of comput-
Runtime Mechanism to Partition Shared Caches, er science at the University of Messina. Her research
Proc. 39th Ann. IEEE/ACM Intl Symp. Microarchi- interests include distributed systems and wireless com-
tecture (MICRO 06), 2006, pp. 423432. munications, especially with regard to the design and
4. Q. Zhu and T. Tung, A Performance Interference development of cloud solutions for IoT services and
Model for Managing Consolidated Workloads in applications. Fazio has a PhD in advanced technolo-
QoS-Aware Clouds, Proc. 5th IEEE Intl Conf. gies for information engineering from the University
Cloud Computing (CLOUD), 2012, pp. 170179. of Messina. Contact her at mfazio@unime.it.
___________
5. S. Jain et al., B4: Experience with a Globally-
Deployed Software Defined WAN, Proc. ACM SCHAHRAM DUSTDAR is a full professor of comput-
SIGCOMM, 2013, pp. 314. er science heading the Distributed Systems Group at TU
6. D. Puthal et al., Threats to Networking Cloud and Wien, Austria. His work focuses on Internet technolo-
Edge Datacenters in the Internet of Things, IEEE gies. Hes an IEEE Fellow, a member of the Academy Eu-
Cloud Computing, vol. 3, no. 3, 2016, pp. 6471. ropeana, and an ACM Distinguished Scientist. Contact
7. M. Satyanarayanan et al., Edge Analytics in the him at dustdar@dsg.tuwien.ac.at
________________ or __________
dsg.tuwien.ac.at.
Internet of Things, IEEE Pervasive Computing,
vol. 14, Apr. 2015, pp. 2431. OMER RANA is a full professor of performance en-
8. S. Abolfazli et al., Cloud-Based Augmentation gineering in the School of Computer Science and In-
for Mobile Devices: Motivation, Taxonomies, formatics at Cardiff University, where he also leads the
and Open Challenges, IEEE Comm. Surveys Internet of Things (IoT) laboratory. His research inter-
Tutorials, vol. 16, First 2014, pp. 337368. ests include performance modelling, simulation, and
9. B.-G. Chun et al., CloneCloud: Elastic Execu- scalable algorithms for cloud computing, IoT, and edge
tion between Mobile Device and Cloud, Proc. analytics. Contact him at _______________
o.f.rana@cs.cardiff.ac.uk.
6th Conf. Computer Systems (EuroSys 11), 2011,
pp. 301314. RAJIV RANJAN is a reader in the School of Com-
10. W. Felter et al., An Updated Performance Com- puting Science at Newcastle University, UK; chair
parison of Virtual Machines and Linux Contain- professor in the School of Computer, Chinese Uni-
ers, Proc. IEEE Intl Symp. Performance Analysis of versity of Geosciences, Wuhan, China; and a visiting
Systems and Software (ISPASS), 2015, pp. 171172. scientist at Data61, CSIRO, Australia. His research
11. S. Govindan et al., Cuanta: Quantifying Ef- interests include grid computing, peer-to-peer net-
fects of Shared On-Chip Resource Interference works, cloud computing, Internet of Things, and big
for Consolidated Virtual Machines, Proc. 2nd data analytics. Ranjan has a PhD in computer science
ACM Symp. Cloud Computing (SOCC 11), 2011, and software engineering from the University of Mel-
pp. 22:122:14. bourne (2009). Contact him at _____________
raj.ranjan@ncl.ac.uk
12. R. Nathuji and A. Kansal, Q-Clouds: Manag- or http://rajivranjan.net.
ing Performance Interference Effects for QoS-
Aware Clouds, Proc. 5th European Conf. Com-
puter Systems (EuroSys 10), 2010, pp. 237250.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
STANDARDS NOW
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
of you could probably also tell from a quick look the cation methods within a chip are generally fixed at
exact type of memory being used, whether theres a the time its designed and, except for updates that
solid-state disk integrated into the board, and the can be made by firmware changes, are usually im-
type and generation of bus used to connect periph- possible to alter once the chip is made.
erals where one is present. It would be surprising if In contrast, computer systems at the board level
anyone reading this article didnt also have a drawer often use standards that are specifically designed to
or box filled with various types and vintages of now- allow components to be put together in a variety of
obsolete cables. ways. The designer or user can make optional se-
Each of these component classes has gone lections when physically designing the board or, in
through many generations of standardization. What some cases, by swapping components in the field us-
might not be clear from a simple glance is the degree ing standard connectors.
of industry involvement that goes into the evolution Buses are generally designed to support control
of successive generations of hardware design. Each features, such as interrupt behavior and communi-
computer design represents a selection from among cation priorities, as well as the physical transmission
industry standards as to what to include based on of signals, which can take place on optical or elec-
those standards versus which design problems to trical pathways. The signal paths themselves can ei-
solve through innovation. ther be serial or parallel for single or multiple lanes
This situation is analogous to the current state of communication, and are generally divided in time
of cloud software development. The variety of cloud or by dedicated lanes to separate address and data
software layers and components and their func- information. Often, specific timing or clock signals
tions are now approaching levels of history and are included, as well as I/O controls to allow flex-
complexity that bear a lot of resemblance to the ibility and recovery from pauses or error conditions.
many generations of design that comprise your per- Taking just one set of examples, we can trace
sonal collection of computers and devices. Just as the evolution of peripheral interconnect buses from
it wouldnt make sense for the hardware industry intermediate starting points such as the Industry
to arrive at a single standard computer design, it Standard Architecture1 that emerged from the early
also doesnt make sense for all cloud problems to be PC days and the even older but more robust Unibus
addressed through a single master implementation. backplane2 designed by Digital Equipment Corpora-
Within each context, however, standards exist that tion in 1969 and used with variations for more than
are appropriate to each generation of design, and two decades of subsequent designs.
understanding these can help you to sort out, ex- These successes sequentially inspired other
plain, and make best use of each available feature. derived and independent designs, leading to the
current dominance of the Peripheral Component
Hardware Standards Examples Interconnect (PCI, www.pcisig.com) standards for
Computer bus architectures for internal and exter- internal add-in general-purpose cards, and Univer-
nal component connections provide a useful set of sal Serial Bus (USB, www.usb.org) for external con-
examples to illustrate the continuous evolution of nectivity. Specialized standards have emerged for
standards in response to technological innovation storage along the way, such as the Small Computer
and progress. Buses and physical interconnects have Serial Interconnect (SCSI) and its successor, Serial
evolved over the years through a set of changes that Attached SCSI (SAS), also known as SCSI version 4,
have mostly been driven by requirements for in- which were initially aimed at server-class usage and
creased transmission speed, less board space, and standardized by Technical Committee T10 (www.t10
smaller connectors between components where .org) of the International Committee on Information
these are needed. Technology Standards (INCITS, www.incits.org).
The idea of a communication bus is not limited Additionally, the Advanced Technology At-
to motherboards. The same needs that drive organi- tachment (ATA), derived from the Integrated Drive
zation of signaling between components exist within Electronics interface created by Western Digital
CPUs and other processing modules, but communi- Corporation, evolved into Serial ATA (SATA) and
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
STANDARDS NOW
Parallel ATA (PATA, also known as Extended IDE). that require them, although the newer implementa-
These interfaces were standardized by INCITS tions are much faster. Some standards have evolved
Technical Committee T13 and became familiar to or been adapted to fit into niche markets, such as
computer hobbyists and systems administrators. embedded systems, while others have progressed to
SATA eventually emerged to take a substantial place new versions.
in large-scale datacenter storage systems. Innovations that arent backward compatible
Specialized interconnects for massively paral- due to drastically improved performance specifica-
lel interconnection of computing equipment also tions, signal properties, or speed are equally valid,
emerged. Some of these, such as FiberChannel and generally replace their previous variants as they
(fibrechannel.org),
___________ which was also originally aimed were designed to do. Such changes are often accom-
at very high speed storage needs, made their primary panied by selection of a different form factor for the
contributions by introducing new, higher-density connector to ensure that electrically incompatible
and higher-speed connectors and switching technol- components arent inadvertently connected and/or to
ogies. These standards are now curated by INCITS adapt the interface to a smaller physical profile.
Technical Committee T11 (www.t11.org), and sup- Not surprisingly, pressure toward innovation
ported by a variety of RFPs from the Internet Engi- continues, and standards continue to evolve beyond
neering Task Force (www.ietf.org). those Ive mentioned. A group of industry partici-
More general high-speed protocols, such as In- pants designating its efforts with the name Gen-Z
finiBand (www.infinibandta.org), higher-speed ver- (http://genzconsortium.org) recently formed with
sions of Ethernet, and Intels recently introduced the specific goal of extending some of the previ-
Omni-Path3 switched fabric networks, have ad- ously mentioned interconnection standards to new
opted and extended many of the physical designs storage class memory media, new hybrid and data-
of these connectors, using them with different sig- centric computing technologies, and new memory-
naling protocols. Such networks often vary consid- centric solution architectures, and other similar
erably from the layer separations described by the groups also exist.
now-ancient OSI model, which I covered in a col-
umn earlier this year.4 Hardware Standards Lessons
Far too many types of standardized buses and This long period of development in interconnection
their corresponding connectors protocols have made standards carries several lessons for development of
their way into computing equipment to catalog here. cloud computing.
Some are designed for the convenience of a single First, we cant expect and shouldnt anticipate
vendor, whereas others target wider adoption. Speci- the emergence of a single, dominating standard to
fication development for these standards has some- cover all aspects of the cloud. However, standards
times been closed, in the sense that theyre available that support successful solutions for specific tasks
only to participating members of the organizations can be expected to emerge, and to some degree its
that create them, and others have been available for already easy to see what they are. Previous columns
free, even in cases where decision-making power is have covered many successful patterns. Some of
limited to paid participants. these design practices have already created standard
Usually, the desire to keep specification devel- specifications as part of their work, or are beginning
opment closed is driven by the need to ensure the to do so.
pedigree and intellectual property provenance of Second, its clear from the examples Ive given
contributions, combined with the desire to achieve that pioneering innovations have their longest and
a competitive advantage for the participating compa- most robust effects on the field when theyre car-
nies or industry trade groups. ried over from single-company developments into
Surprisingly, almost all of the previous-generation something that can be adopted and shared among
connection standards Ive mentioned here are still in multiple industry participants. The ATA interface,
use. You can still buy Unibus-based PDP-11 work- originally named for its use in the IBM AT series of
alike replacements for use in the specialty markets PCs, wouldnt have evolved into its widely used de-
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
rivatives if it had remained in its original implemen- tance of pursuing hardware optimization for cloud
tation context. tasks.
Third, it seems clear from the success stories The first example centers on the central role of
described here that we shouldnt be afraid of mak- the social media giant Facebook in fostering open
ing periodic incompatible changes to an existing se- standards activities that form the basis of the Open
ries of standards or more precisely, to pursue new Compute Project (http://opencompute.org). This
versions based on the same basic idea that dont in- hardware and the energy-efficient datacenters into
teroperate with previous generations while leaving which these computers are deployed play a signifi-
those previous versions in place. cant role in lowering Facebooks cost to deliver its
In cloud software terms, we can already see that content. Several of the standards originally speci-
approaches such as continuous integration and con- fied in this project might make their way into other
tinuous delivery are likely to become permanent. systems designs, just as we saw hardware standards
A recent survey by Anchore, Inc.5 shows that the emerge for general use from their original settings in
pattern of service delivery based on microservices DEC minicomputers and IBM PCs.
and often implemented using containers has taken The second example illustrates the need to pay
hold.6 Tools are evolving to fit this new work pat- attention to the business bottom line in adopting
tern. The fact that it continues to coexist with, and clouds and to be unafraid to carry lessons learned
not completely supplant, the previously dominant from cloud settings back into dedicated datacenters
monolithic software design approach shouldnt be when that makes sense. In this case, the storage
surprising in view of lessons learned from hard- powerhouse Dropbox decided to implement its own
ware development. network and datacenters rather than its previous
We can continue to expect refinement, adoption, mix of on-site and Amazon-based infrastructure.7 By
and emergence of new patterns in cloud software specializing its hardware and software to focus on
that strengthen certain focused design aspects. We tasks most applicable to its business, and using new
can also expect the emergence of industry and com- software development patterns originally developed
munity groups to push the boundaries of innovation, for highly distributed cloud settings, they were able
propose new ideas, and, in many cases, consolidate to capture many of the efficiencies of cloud-based
these ideas in the form of standards and specifica- work patterns while also achieving the efficiencies
tions at various levels of formality. In this mix, we of custom optimized hardware design.
can expect to find some efforts that are driven by Cloud standards have emerged that are specifi-
individuals or small groups of people, some that are cally applicable to service orchestration, including
pursued by industry trade groups, and others that relevant standards such as the Topology and Orches-
make sense to standardize at national and interna- tration Specification for Cloud Applications (www___
tional levels. .oasis-open.org/committees/tosca) and Cloud Appli-
cation Management for Platforms (CAMP, www.oasis
Standards Specic to Datacenter -open.org/committees/camp), and the Open Cloud
Management Computing Interface (OCCI, www.occi-wg.org) and
Id like to end this discussion by focusing on the Cloud Infrastructure Management Interface (CIMI,
interaction between cloud standards design and de- http://dmtf.org/standards/cmwg) standard sets have
ployment of cloud systems at very large scales. As I each released new versions for software deployment
mentioned at the beginning of this column, it has and organized infrastructure control.
become fashionable to dismiss the design of the Cloud-native container infrastructures and asso-
hardware that underlies cloud systems as irrelevant ciated ecosystems, such as Kubernetes, Mesos, and
in order to concentrate on elegant, easy-to-implement associated tools, also continue to move toward stan-
software designs. In this view, any machine will do dardization and broad industry adoption through ac-
for most purposes. tivities such as the Open Container Initiative (OCI,
Some specific counterexamples come immedi- www.opencontainers.org) and the Cloud Native
ately to mind. Here are two that illustrate the impor- Computing Foundation (CNCF, https://cncf.io).
_________ Such
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
STANDARDS NOW
References
1. Intel Corp., Intel ISA Bus Specification and Ap-
plication Notes, 12 Sept. 1989; https://archive
_________
.org/stream/bitsavers_intelbusSpep89_3342148/
Intel_ISA_Spec2.01_Sep89.
__________________ Read your subscriptions through
the myCS publications portal at
2. Digital Equipment Corp., PDP-11 Unibus De- http://mycs.computer.org.
sign Description, 1979; http://textfiles.com/
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
Challenge Accepted
Computer Society Global Student Challenge
The Challenge:
Create a solution, based on the IEEE Computer Society 2022 report,
that will solve a real-world issue.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND
ACM - IEEE CS
ECKERT-MAUCHLY AWARD
Call for Award Nominations
Deadline: 30 March 2017
ZZZFRPSXWHURUJZHEDZDUGVHFNHUWPDXFKO\
__________________________________________________
ACM and the IEEE Computer Society co-sponsor the Eckert-Mauchly Award, which was
initiated in 1979. The award is known as the computer architecture communitys most
prestigious award.
The award was named for John Presper Eckert and John William Mauchly, who collaborated
on the design and construction of the Electronic Numerical Integrator and Computer
(1,$&WKHUVWODUJHVFDOHHOHFWURQLFFRPSXWLQJPDFKLQHZKLFKZDVFRPSOHWHGLQ
(FNHUW0DXFKO\$ZDUG5HFLSLHQW
TO BE PRESENTED AT
Uri Weiser
,6&$ Technion IIT
7KHUG$&0,(((
International Symposium For leadership and pioneering
on Computer Architecture industry and academic work in
KWWSLVFDHFHXWRURQWRFD high performance processors and
Toronto, Canada __________________
GRNXSKS multimedia architectures.
2528 June 2017 _______
Nomination Guidelines:
Submit your Nomination by 30 March 2017
Open to all. Anyone may nominate. Visit www.computer.org/awards
Self-nominations are not accepted.
or http://awards.acm.org/
This award requires 3 endorsements.
qM
qM
qM
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM
THE WORLDS NEWSSTAND