Policy based Cloud Services

on a VCL platform
Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi

University of Maryland, Baltimore County
Cloud Computing : The present
New paradigm for IT services delivery
IaaS, PaaS, SaaS, , XaaS
Focus is on virtualizing resources
Great progress in dynamic provisioning at hardware
resource level
Software/Service is still relatively statically
provisioned
Gaps in current work
Lack of Cloud service engineering
Managing the entire lifecycle automatically


Future Vision for Cloud
Virtualized Services on the Cloud
Service dynamically composed - On Demand
composition
Service structure/components not pre-determined
Multiple provisioning.

Moving from totally manual to mostly automatic
needed if we truly want to leverage the cloud and
service virtualization capabilities and efficiencies


Key Open Research Issues
Current cloud research focused on
Improving cloud infrastructure Virtual machines, Cloud OS
etc.
Semantic description of services, and even some composition
work
Limited research on how to use the cloud services
efficiently
Most steps in service negotiation, acquisition, and
consumption/monitoring still require significant human
intervention
Difficult to manage service quality especially of composed
services created by different providers
Key Contributions of Our Research
A semantically rich, policy-based framework can
be used to automate the lifecycle of virtualized
services on the cloud
Use semantic web languages/technologies
1. Developed an integrated lifecycle of virtualized
services on the Cloud
2. Negotiation for cloud service acquisition by
constraint relaxation
3. Service quality framework
Service Lifecycle Methodology
Our methodology divides Service processes Lifecycle
on the Cloud into Five Phases
Requirements, Discovery, Negotiation, Composition
and Consumption
This Methodology is applicable on any cloud
deployment.
We have developed high level ontologies for the
five phases that enables automation.
available in OWL at http://ebiq.org/o/itse/1.0/itso.owl
Phases of IT Services Lifecycle
Service
Requirements
Service Discovery
Service Negotiation
Service Composition
Service Consumption
SERVICE CLOUD CONSUMER
Service delivered
Contract signed
Provider(s) identified
Service specified
New Service needed
Service Requirements
Requirements for a service will include
Functional specifications (tasks to be automated)
Budgetary policies/Cost constraints
Technical Policy specifications
Human Agent Policy
Security Policy
Data Quality Policy
Service Compliance Policy
Service Discovery
Cloud Broker used to search available
services that match the specifications
Identify gaps that exist in services
discovered
Cloud Auditor or centralized registry,
similar to UDDI, will certify the service
provided.
Service Negotiation
Discussion and agreement that the Service
provider and consumer have regarding the
Service.
Service Level Agreements (SLA) finalized
between consumer and provider
Quality of Service (QoS) decided between
primary provider and component
providers.
Service Composition Phase
One or more services provided by one or
more providers are combined and
delivered as a single Service
SLA and QoS finalized in the negotiation
phase used for determining service
components and its orchestration (the
sequence of execution)
We reuse the OWL-S ontology to model
and reason about compositions
Service Consumption Phase
Composed Service is consumed and monitored
in this phase
Key measures like Service Performance and
reliability are monitored using automated tools.
SLA, QoS determine performance of the service
Phase includes Service Delivery, Service
payment
Customer Satisfaction is tracked in this phase
Cloud Broker Architecture
User Interface
Cloud Service Broker agent
Translate to machine
processable format
Cloud Provider
SLA
negotiation
Final SLA for
approval
Virtual Service Instance
(Eucalyptus/VCL)
Service endpoint (provider agent)
Service
URI
Service
Cloud User
Service
Discovery
federated
SPARQL
query
Final
configuration
4
8
9
3
1
2
6
Service
URI
7
Final
SLA
5
13
Collaboration with NIST
US government agency NIST working on
standardizing cloud computing
Member of Reference architecture and Taxonomy groups
Member of Cloud Security group
Prototype for NIST
Automation of Cloud Storage Service acquisition,
consumption /monitoring.
Using Service lifecycle Ontologies developed by us.
Platform: using SPARQL, RDF, Web technologies
Perl, HTML.
NIST Cloud Computing workshop, Nov 2-4 2011.

Some Policies/Constraints
Cloud security would like to mandate policies
at the Cloud hardware level
Data security policies
US government compliance policies
User authentication policy : FIPS 140-2 is a standard
used to accredit cryptographic modules.
Trusted Internet Connection mandated to optimize
individual external connections.
Want to be interoperable across Cloud platforms
Cloud Provider 3
Storage Service Architecture
User Interface
Cloud Service Procurer module
Translate to machine process able format
Cloud
SLA
negotiation
Final SLA
Virtual Service
Instance
(Eucalyptus/Bluegrit)
Joseki SPARQL
endpoint
Cloud Provider 2
Joseki SPARQL
endpoint
Virtual Service
Instance
(Eucalyptus/Bluegrit)
Respond
Service
URI
Service
Cloud Provider 1
Joseki SPARQL
endpoint
Virtual Service
Instance
(Eucalyptus/Bluegrit)
Discover
service
<rdf>
Rfs
description
</rdf>
<rdf>
SLA
description
</rdf>
Cloud user
NIST prototype demo

Request for Service : RDF file
<?xmlversion="1.0"?>
<rdf:RDF
xmlns="http://www.w3.org/2002/07/owl#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema#"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
xmlns:itso="http://ebiquity.umbc.edu/ontologies/itso/1.0/itso.owl"
xmlns:stg="http://www.cs.umbc.edu/~kjoshi1/storage_ontology.owl"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<rdf:Descriptionrdf:about="http://localhost/RFS">
<itso:RFS_Respond_By_Date>FriApr2711:53:492012</itso:RFS_Respond_By_Date>
<itso:Expected_Begin_Date_of_Service>1-1-2012</itso:Expected_Begin_Date_of_Service>
<itso:Service_Cost_Constraint>0</itso:Service_Cost_Constraint>
<itso:Service_Location_constraint>global</itso:Service_Location_constraint>
<stg:storage>2GB</stg:storage>
<stg:backup>Weekly</stg:backup>
<stg:availability>95</stg:availability>
<stg:datadeletion>dataarchived</stg:datadeletion>
<stg:Encryption>DataEncrypted</stg:Encryption>
<stg:authentication>FIPS1402supported</stg:authentication>
<stg:VMseparation>VMseparation</stg:VMseparation>
<stg:storage_interface>SOAPWSDL</stg:storage_interface>
<stg:TIC_connection>TICCompliant</stg:TIC_connection>
<stg:CC_EAL>3</stg:CC_EAL>
<stg:cloud_instance_size>1GB</stg:cloud_instance_size>
<stg:cloud_instance_speed>1GHz</stg:cloud_instance_speed>
<stg:cloud_instance_cores>10</stg:cloud_instance_cores>
</rdf:Description>
</rdf:RDF>
Storage Service Broker URL
http://cs.umbc.edu/~kjoshi1/nist_demo/

Summary
For broader adoption of cloud computing, we
need to automate cloud service processes
Developed an integrated methodology to
acquire, consume and monitor services on the
cloud.
Future work: improving upon the cloud broker
integration with VCL
Ontologies in public domain.
Publications available at http://ebiq.org/j/93