The purpose of this book is first to study cloud computing concepts, security concern in clouds and data centers, live migration and its importance for cloud computing, the role of firewalls in domains with particular focus on virtual machine (VM) migration and its security concerns. The book then tackles design, implementation of the frameworks and prepares test-beds for testing and evaluating VM migration procedures as well as firewall rule migration. The book demonstrates how cloud computing can produce an effective way of network management, especially from a security perspective.
Table of Contents
List of Figures xii
List of Tables xv
Preface xvii
Acknowledgments xxiii
Acronyms xxv
Introduction xxvii
1 Live Virtual Concept in Cloud Environment 1
1.1 Live Migration 2
1.1.1 Definition of Live Migration 2
1.1.2 Techniques for Live Migration 2
1.2 Issues with Migration 4
1.2.1 Application Performance Degradation 4
1.2.2 Network Congestion 4
1.2.3 Migration Time 5
1.3 Research on Live Migration 5
1.3.1 Sequencer (CQNCR) 5
1.3.2 The COMMA System 5
1.3.3 Clique Migration 6
1.3.4 Time-Bound Migration 6
1.3.5 Measuring Migration Impact 7
1.4 Total Migration Time 7
1.4.1 VM Traffic Impact 7
1.4.2 Bin Packing 8
1.5 Graph Partitioning 8
1.5.1 Learning Automata Partitioning 9
1.5.2 Advantages of Live Migration over WAN 11
1.6 Conclusion 12
References 12
2 Live Virtual Machine Migration in Cloud 15
2.1 Introduction 16
2.1.1 Virtualization 16
2.1.2 Types of Virtual Machines 18
2.1.3 Virtual Machine Applications 18
2.2 Business Challenge 19
2.2.1 Dynamic Load Balancing 19
2.2.2 No VM Downtime During Maintenance 20
2.3 Virtual Machine Migration 20
2.3.1 Advantages of Virtualization 22
2.3.2 Components of Virtualization 22
2.3.3 Types of Virtualization 23
2.4 Virtualization System 26
2.4.1 Xen Hypervisor 26
2.4.2 KVM Hypervisor 27
2.4.3 OpenStack 30
2.4.4 Storage 31
2.4.5 Server Virtualization 33
2.5 Live Virtual Machine Migration 33
2.5.1 QEMU and KVM 34
2.5.2 Libvirt 35
2.6 Conclusion 36
References 37
3 Attacks and Policies in Cloud Computing and Live Migration 39
3.1 Introduction to Cloud Computing 40
3.2 Common Types of Attacks and Policies 42
3.2.1 Buffer Overflows 42
3.2.2 Heap Overflows 42
3.2.3 Web-Based Attacks 43
3.2.4 DNS Attacks 47
3.2.5 Layer 3 Routing Attacks 48
3.2.6 ManintheMiddle Attack (MITM)
3.3 Conclusion 50 References 50 49
4 Live Migration Security in Cloud 53
4.1 Cloud Security and Security Appliances 54
4.2 VMM in Clouds and Security Concerns 54
4.3 Software-Defined Networking 56
4.3.1 Firewall in Cloud and SDN 57
4.3.2 SDN and Floodlight Controllers 61
4.4 Distributed Messaging System 62
4.4.1 Approach 63
4.4.2 MigApp Design 63
4.5 Customized Testbed for Testing Migration Security in Cloud 63
4.5.1 Preliminaries 65
4.5.2 Testbed Description 66
4.6 A Case Study and Other Use Cases 67
4.6.1 Case Study: Firewall Rule Migration and Verification 68
4.6.2 Existing Security Issues in Cloud Scenarios 68
4.6.3 Authentication in Cloud 69
4.6.4 Hybrid Approaches for Security in Cloud Computing 71
4.6.5 Data Transfer Architecture in Cloud Computing 71
4.7 Conclusion 72
References 72
5 Solution for Secure Live Migration 75
5.1 Detecting and Preventing Data Migrations to the Cloud 76
5.1.1 Internal Data Migrations 76
5.1.2 Movement to the Cloud 76
5.2 Protecting Data Moving to the Cloud 76
5.3 Application Security 77
5.4 Virtualization 78
5.5 Virtual Machine Guest Hardening 79
5.6 Security as a Service 82
5.6.1 Ubiquity of Security as a Service 83
5.6.2 Advantages of Implementing Security as a Service 85
5.6.3 Identity, Entitlement, and Access Management Services 87
5.7 Conclusion 93
References 94
6 Dynamic Load Balancing Based on Live Migration 95
6.1 Introduction 96
6.2 Classification of Load Balancing Techniques 96
6.2.1 Static and Dynamic Scheduling 97
6.2.2 Load Rebalancing 97
6.3 Policy Engine 98
6.4 Load Balancing Algorithm 100
6.5 Resource Load Balancing 101
6.5.1 Server Load Metric 102
6.5.2 System Imbalance Metric 102
6.5.3 Other Key Parameters 102
6.6 Load Balancers in Virtual Infrastructure Management Software 103
6.7 VMware Distributed Resource Scheduler 103
6.7.1 OpenNebula 104
6.7.2 Scheduling Policies 105
6.8 Conclusion 105
References 105
7 Live Migration in Cloud Data Center 107
7.1 Definition of Data Center 108
7.2 Data Center Traffic Characteristics 110
7.3 Traffic Engineering for Data Centers 111
7.4 Energy Efficiency in Cloud Data Centers 113
7.5 Major Cause of Energy Waste 113
7.5.1 Lack of a Standardized Metric of
Server Energy Efficiency
7.5.2 Energy Efficient Solutions Are Still Not 113
Widely Adopted 114
7.6 Power Measurement and Modeling in Cloud 114
7.7 Power Measurement Techniques 114
7.7.1 Power Measurement for Servers 114
7.7.2 Power Measurement for VMS 115
7.7.3 Power and Energy Estimation Models 115
7.7.4 Power and Energy Modeling for Servers 115
7.7.5 Power Modeling for VMs 116
7.7.6 Power Modeling for VM Migration 116
7.7.7 Energy Efficiency Metrics 117
7.8 Power Saving Policies in Cloud 117
7.8.1 Dynamic Frequency and Voltage Scaling 118
7.8.2 Powering Down 118
7.8.3 EnergyAware Consolidation 118
7.9 Conclusion 118
References 119
8 Trusted VM-vTPM Live Migration Protocol in Clouds 121
8.1 Trusted Computing 122
8.2 TPM Operations 122
8.3 TPM Applications and Extensions 123
8.4 TPM Use Cases 124
8.5 State of the Art in Public Cloud Computing Security 125
8.5.1 Cloud Management Interface 125
8.5.2 Challenges in Securing the Virtualized Environment 126
8.5.3 The Trust in TPM 127
8.5.4 Challenges 129
8.6 Launch and Migration of Virtual Machines 130
8.6.1 Trusted Virtual Machines and Virtual
Machine Managers 130
8.6.2 Seeding Clouds with Trust Anchors 131
8.6.3 Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud 131
8.7 Trusted VM Launch and Migration Protocol 132
8.8 Conclusion 134
References 134
9 Lightweight Live Migration 137
9.1 Introduction 138
9.2 VM Checkpointing 138
9.2.1 Checkpointing Virtual Cluster 139
9.2.2 VM Resumption 140
9.2.3 Migration without Hypervisor 140
9.2.4 Adaptive Live Migration to Improve Load Balancing 141
9.2.5 VM Disk Migrations 142
9.3 Enhanced VM Live Migration 143
9.4 VM Checkpointing Mechanisms 144
9.5 Lightweight Live Migration for Solo VM 145
9.5.1 Block Sharing and Hybrid Compression Support 145
9.5.2 Architecture 146
9.5.3 FGBI Execution Flow 147
9.6 Lightweight Checkpointing 148
9.6.1 High-Frequency Checkpointing Mechanism 150
9.6.2 Distributed Checkpoint Algorithm in VPC 150
9.7 StorageAdaptive Live Migration 152
9.8 Conclusion 154
References 154
10 Virtual Machine Mobility with SelfMigration 157
10.1 Checkpoints and Mobility 158
10.2 Manual and Seamless Mobility 158
10.3 Fine-and Coarse-Grained Mobility Models 159
10.3.1 Data and Object Mobility 159
10.3.2 Process Migration 160
10.4 Migration Freeze Time 160
10.5 Device Drivers 161
10.5.1 Design Space 162
10.5.2 In-Kernel Device Drivers 162
10.5.3 Use of VMs for Driver Isolation 164
10.5.4 Context Switching Overhead 164
10.5.5 Restarting Device Drivers 165
10.5.6 External Device State 165
10.5.7 Type Safe Languages 166
10.5.8 Software Fault Isolation 166
10.6 Self-Migration 167
10.6.1 Hosted Migration 167
10.6.2 Self-Migration Prerequisites 169
10.7 Conclusion 170
References 170
11 Different Approaches for Live Migration 173
11.1 Virtualization 174
11.1.1 Hardware-Assisted Virtualization 174
11.1.2 Horizontal Scaling 175
11.1.3 Vertical Scaling 175
11.2 Types of Live Migration 176
11.2.1 Cold Migration 176
11.2.2 Suspend/Resume Migration 176
11.2.3 Live VM Migration 176
11.3 Live VM Migration Types 177
11.3.1 Pre-Copy Live Migration 177
11.3.2 Post-copy Live Migration 178
11.3.3 Hybrid Live Migration 178
11.4 Hybrid Live Migration 179
11.4.1 Hybrid Approach for Live Migration 179
11.4.2 Basic Hybrid Migration Algorithm 180
11.5 Reliable Hybrid Live Migration 180
11.5.1 Push Phase 181
11.5.2 Stop-and-Copy Phase 181
11.5.3 Pull Phase 181
11.5.4 Network Buffering 181
11.6 Conclusion 181
References 182
12 Migrating Security Policies in Cloud 183
12.1 Cloud Computing 184
12.2 Firewalls in Cloud and SDN 187
12.3 Distributed Messaging System 191
12.4 Migration Security in Cloud 192
12.5 Conclusion 194
References 194
13 Case Study 195
13.1 Kernel-Based Virtual Machine 196
13.2 Xen 196
13.3 Secure Data Analysis in GIS 196
13.3.1 Database 197
13.3.2 Data Mining and Techniques 197
13.3.3 Distributed Database 197
13.3.4 Spatial Data Mining 198
13.3.5 Secure Multi-Party Computation 198
13.3.6 Association Rule Mining Problem 198
13.3.7 Distributed Association Ruling 199
13.3.8 Data Analysis in GIS System
13.4 Emergence of Green Computing in Modern Computing Environment 200
13.5 Green Computing 203
13.6 Conclusion 204
References 205
