Cover Page

Scrivener Publishing
100 Cummings Center, Suite 541J
Beverly, MA 01915-6106

Publishers at Scrivener
Martin Scrivener (
Phillip Carmical (

Cloud Computing and Virtualization

Dac-Nhuong Le

Faculty of Information Technology, Haiphong University, Haiphong, Vietnam

Raghvendra Kumar

Department of Computer Science and Engineering, LNCT, Jabalpur, India

Gia Nhu Nguyen

Graduate School, Duy Tan University, Da Nang, Vietnam

Jyotir Moy Chatterjee

Department of Computer Science and Engineering at GD-RCET, Bhilai, India.





Wiley Logo

List of Figures

1.1   Pre-copy method for live migration

1.2   Pre- vs. Postcopy migration sequence

1.3   Bin packing in VM context

1.4   Nodes connected in a network

1.5   Learning automata

2.1   Simple representation of a virtualized system

2.2   Types of virtual machines

2.3   Virtual machine applications

2.4   Xen live migration

2.5   Type-1 and type-2 hypervisor

2.6   Simplified architecture of para-and full virtualization

2.7   Types of virtualization

2.8   Xen architecture

2.9   Architecture of KVM

2.10   OpenStack architecture

2.11   Virtual machine migration

2.12   QEMU and KVM

2.13   Libvirt architecture

3.1   Fake certificate injection

3.2   Cross-site scripting

3.3   SQL injection

3.4   Layer-2 attacks

3.5   Double encapsulation attacks

3.6   Multicast brute force attacks

3.7   Spanning tree attacks

3.8   Random frame attacks

3.9   DNS attacks

3.10   Layer 3 attacks

3.11   Man-in-the-middle attack

4.1   Software-defined networking architecture

4.2   Authentication in cloud

4.3   Data transfer after authentication in cloud

5.1   Virtualization vs. Containers

5.2   Security as a service

6.1   Types of load balancing approaches

6.2   Relationship between policy engine and the Xen hosts

6.3   For our prototype, the policy engine runs inside of a VM separate from everything else

6.4   The prototype policy engine communicates with all hosts to decide when VMs should be migrated and to initiate migration when necessary

6.5   Distribution of nodes in groups based on load thresholds

6.6   OpenNebula architecture

7.1   Data center architecture

7.2   Server power model based on CPU utilization

8.1   Trusted computing standards

9.1   VM Checkpointing

11.1  Hardware-assisted virtualization

11.2  Pre-copy live migration

11.3  Post-copy live migration

11.4  Hybrid live migration

List of Tables

1.1   Variables used in formulas in the VM buddies system

2.1   Types of virtual machines

2.2   Virtual machine applications

2.3   Advantages associated with virtualization

2.4   Kernel-based virtual machine features

3.1   Popular layer 2 attacks

4.1   Cloud computing security risks

5.1   Virtualizationrelated security issues


The idea of cloud computing isn’t new, or overly complicated from a technology resources and Internet perspective. What’s new is the growth and maturity of cloud computing methods, and strategies that enable business agility goals. Looking back, the phrase “utility computing” didn’t captivate or create the stir in the information industry as the term “cloud computing” has in recent years. Nevertheless, appreciation of readily available resources has arrived and the utilitarian or servicing features are what are at the heart of outsourcing the access of information technology resources and services. In this light, cloud computing represents a flexible, cost-effective and proven delivery platform for business and consumer information services over the Internet. Cloud computing has become an industry game changer as businesses and information technology leaders realize the potential in combining and sharing computing resources as opposed to building and maintaining them.

There’s seemingly no shortage of views regarding the benefits of cloud computing nor is there a shortage of vendors willing to offer services in either open source or promising commercial solutions. Beyond the hype, there are many aspects of the Cloud that have earned new consideration due to their increased service capability and potential efficiencies. The ability to demonstrate transforming results in cloud computing to resolve traditional business problems using information technology management’s best practices now exists. In the case of economic impacts, the principles of pay-as-you-go and computer agnostic services are concepts ready for prime time. Performances can be well measured by calculating the economic and environmental effects of cloud computing today.

In Cloud Computing and Virtualization, Dac Nhuong Le et al. take the industry beyond mere definitions of cloud computing and virtualization, grid and sustainment strategies to contrasting them in day-to-day operations. Dac-Nhuong Le and his team of co-authors take the reader from beginning to end with the essential elements of cloud computing, its history, innovation, and demands. Through case studies and architectural models they articulate service requirements, infrastructure, security, and outsourcing of salient computing resources.

The adoption of virtualization in data centers creates the need for a new class of networks designed to support elasticity of resource allocation, increasing mobile workloads and the shift to production of virtual workloads, requiring maximum availability. Building a network that spans both physical servers and virtual machines with consistent capabilities demands a new architectural approach to designing and building the IT infrastructure. Performance, elasticity, and logical addressing structures must be considered as well as the management of the physical and virtual networking infrastructure. Once deployed, a network that is virtualization-ready can offer many revolutionary services over a common shared infrastructure. Virtualization technologies from VMware, Citrix and Microsoft encapsulate existing applications and extract them from the physical hardware. Unlike physical machines, virtual machines are represented by a portable software image, which can be instantiated on physical hardware at a moment’s notice. With virtualization, comes elasticity where computer capacity can be scaled up or down on demand by adjusting the number of virtual machines actively executing on a given physical server. Additionally, virtual machines can be migrated while in service from one physical server to another. Extending this further, virtualization creates “location freedom” enabling virtual machines to become portable across an ever-increasing geographical distance. As cloud architectures and multi-tenancy capabilities continue to develop and mature, there is an economy of scale that can be realized by aggregating resources across applications, business units, and separate corporations to a common shared, yet segmented, infrastructure.

Elasticity, mobility, automation, and density of virtual machines demand new network architectures focusing on high performance, addressing portability, and the innate understanding of the virtual machine as the new building block of the data center. Consistent network-supported and virtualization-driven policy and controls are necessary for visibility to virtual machines’ state and location as they are created and moved across a virtualized infrastructure.

Dac-Nhuong Le again enlightens the industry with sharp analysis and reliable architecture-driven practices and principles. No matter the level of interest or experience, the reader will find clear value in this in-depth, vendor-neutral study of cloud computing and virtualization.

This book is organized into thirteen chapters. Chapter 1, “Live Migration Concept in Cloud Environment,” discusses the technique of moving a VM from one physical host to another while the VM is still executing. It is a powerful and handy tool for administrators to maintain SLAs while performing optimization tasks and maintenance on the cloud infrastructure. Live migration ideally requires the transfer of the CPU state, memory state, network state and disk state. Transfer of the disk state can be circumvented by having a shared storage between the hosts participating in the live migration process. This chapter gives the brief introductory concept of live migration and the different techniques related to live migration such as issues with live migration, research on live migration, learning automata partitioning and, finally, different advantages of live migration over WAN.

Chapter 2, “Live Virtual Machine Migration in Cloud,” shows how the most well known and generally sent VMM-VMware is defenseless against reasonable assaults, focusing on their live migration’s usefulness. This chapter also discusses the different challenges of virtual machine migration in cloud computing environments along with their advantages and disadvantages and also the different case studies.

Chapter 3, “Attacks and Policies in Cloud Computing and Live Migration,” presents the cloud computing model based on the concept of pay-per-use, as the user is required to pay for the amount of cloud services used. Cloud computing is defined by different layer architecture (IAAS, PAAS and SAAS), and models (Private, Public, Hybrid and Community), in which the usability depends on different models. Chapter 4, “Live Migration Security in Cloud,” gives different security paradigm concepts that are very useful at the time of data accessing from the cloud environment. In this chapter different cloud service providers that are available in the market are listed along with security risks, cloud security challenges, cloud economics, cloud computing technologies and, finally, common types of attacks and policies in cloud and live migration.

Chapter 5, “Solutions for Secure Live Migration,” analyzes approaches for secure data transfer, focusing mainly on the authentication parameter. These approaches have been categorized according to single- and multi-tier authentication. This authentication may use digital certificate, HMAC or OTP on registered devices. This chapter gives an overview of Cloud security applications, VM migration in clouds and security concerns, software-defined networking, firewalls in cloud and SDN, SDN and Floodlight controllers, distributed messaging system, customized testbed for testing migration security in cloud. A case study is also presented along with other use cases: Firewall rule migration and verification, existing security scenario in cloud, authentication in cloud, hybrid approaches to security in cloud computing and data transfer, and architecture in cloud computing.

Chapter 6, “Dynamic Load Balancing Based on Live Migration,” concentrates on ancient data security controls (like access controls or encryption). There are two other steps to help operate unapproved data moving to cloud services: Monitor for large internal data migrations with file activity monitoring (FAM) and database activity monitoring (DAM) and monitor for data moving to the cloud with universal resource locater (URL) filters and data loss prevention. This chapter gives an overview of detecting and preventing data migrations to the cloud, protecting data moving to the cloud, application security, virtualization, VM guest hardening, security as a service, identity as service requirements, web services SecaaS requirements, email SECaaS requirements, security.

Chapter 7, “Live Migration in Cloud Data Center,” introduces the use of load balancing is to improve the throughput of the system. This chapter gives an overview of different techniques of load balancing, load rebalancing, and a policy engine to implement dynamic load balancing algorithm, some load balancing algorithms and VMware distributed resource scheduler.

In Chapter 8, “Trusted VMv-TPM,” data center network architectures and various network control mechanisms are introduced. Discussed in the chapter is how resource virtualization, through VM migration, is now commonplace in data centers, and how VM migration can be used to improve system-side performance for VMs, or how load can be better balanced across the network through strategic VM migration. However, all the VM migration works in this chapter have not addressed the fundamental problem of actively targeting and removing congestion from oversubscribed core links within data center networks. The TPM can be utilized to enable outside parties to guarantee that a specific host bearing the TPM is booted into a confided in state. That is performed by checking the arrangement of summaries (called estimations) of the stacked programming, progressively delivered all throughout the boot procedure of the gadget. The estimations are put away in a secured stockpiling incorporated within the TPM chip and are in this way impervious to programming assaults, albeit powerless against equipment altering. This chapter presents a stage skeptic trusted dispatch convention for a generic virtual machine image (GVMI). GVMIs are virtual machine pictures that don’t vary from the merchant-provided VM pictures (conversationally known as vanilla programming). They are made accessible by the IaaS suppliers for customers that plan to utilize a case of a VM picture that was not subject to any adjustments, such fixes or infused programming. The convention portrayed in this chapter permits a customer that demands a GVMI to guarantee that it is kept running on a confided stage.

Chapter 9, “Lightweight Live Migration,” presents a set of techniques that provide high availability through VM live migration, their implementation in the Xen hypervisor and the Linux operating system kernel, and experimental studies conducted using a variety of benchmarks and production applications. The techniques include: a novel fine-grained block identification mechanism called FGBI; a lightweight, globally consistent checkpointing mechanism called VPC (virtual predict checkpointing); a fast VM resumption mechanism called VM resume; a guest OS kernel-based live migration technique that does not involve the hypervisor for VM migration called HSG-LM; an efficient live migration-based load balancing strategy called DC balance; and a fast and storage-adaptive migration mechanism called FDM.

Chapter 10, “Virtual Machine Mobility with Self Migration” discusses many open issues identified with gadget drivers. Existing frameworks exchange driver protection for execution and simplicity of advancement, and gadget drivers are a noteworthy protection of framework insecurity. Endeavors have been made to enhance the circumstance, equipment security methods, e.g., smaller scale bits and Nooks, and through programming authorized seclusion. Product frameworks don’t uphold tending to confinements on gadget DMA, constraining the viability of the portrayed systems. Lastly, if applications are to survive a driver crash, the OS or driver security instrument must have a method for reproducing lost hardware state on driver reinitialization.

Chapter 11, “Different Approaches for Live Migration,” studies the implementation of two kinds of live migration techniques for hardware-assisted virtual machines (HVMs). The first contribution of this chapter is the design and implementation of the post-copy approach. This approach consists of the last two stages of the processmigration phases, the stop-and-copy phase and pull phase. Due to the introduction of the pull phase, this approach becomes non-deterministic in terms of the completion of the migration. This is because of the only on-demand fetching of the data from the source.

Chapter 12, “Migrating Security Policies in Cloud,” presents the concepts of cloud computing, which is a fast-developing area that relies on sharing of resources over a network. While more companies are adapting to cloud computing and data centers are growing rapidly, data and network security is gaining more importance and firewalls are still the most common means to safeguard networks of any size. Whereas today data centers are distributed around the world, VM migration within and between data centers is inevitable for an elastic cloud. In order to keep the VM and data centers secure after migration, the VM specific security policies should move along with the VM as well.

Finally, Chapter 13, “Case Study,” gives different case studies that are very useful for real-life applications, like KVM, Xen, emergence of green computing in cloud and ends with a case study that is very useful for data analysis in distributed environments. There are lots of algorithms for either transactional or geographic databases proposed to prune the frequent item sets and association rules, among which is an algorithm to find the global spatial association rule mining, which exclusively represent in GIS database schemas and geo-ontologies by relationships with cardinalities that are one-to-one and one-to-many. This chapter presents an algorithm to improve the spatial association rule mining. The proposed algorithm is categorized into three main steps: First, it automates the geographic data pre-processing tasks developed for a GIS module. The second contribution is discarding all well-known GIS dependencies that calculate the relationship between different numbers of attributes. And finally, an algorithm is proposed which provides the greatest degree of privacy when the number of regions is more than two, with each one finding the association rule between them with zero percentage of data leakage.

Dac-Nhuong Le
Raghvendra Kumar
Nguyen Gia Nhu
Jyotir Moy Chetterjee
January 2018


The authors would like to acknowledge the most important persons of our lives, our grandfathers, grandmothers and our wives. This book has been a long-cherished dream which would not have been turned into reality without the support and love of these amazing people. They have have encouraged us despite our failing to give them the proper time and attention. We are also grateful to our best friends for their blessings, unconditional love, patience and encouragement of this work.


ACL Access Control List
ALB Adaptive Load Balancing
AMQP Advanced Message Queuing Protocol
API Application Programming Interface
ARP Address Resolution Protocol
CAM Content Addressable Memory
CCE Cloud Computing Environment
CFI Control Flow Integrity
CSLB Central Scheduler Load Balancing
CSP Cloud Service Provider
DAM Database Activity Monitoring
DCE Data Center Efficiency
DLP Data Loss Prevention
DPM Distributed Power Management
DRS Distributed Resource Scheduler
DVFS Dynamic Frequency Voltage Scaling
DHCP Dynamic Host Configuration Protocol
ECMP Equal-Cost Multi-Path
EC2 Elastic Compute Cloud
FAM File Activity Monitoring
FGBI Fine-Grained Block Identification
GVMI Generic Virtual Machine Image
GOC Green Open Cloud
HVM Hardware Assisted Virtual Machine
HPC Hardware Performance Counters
HIPS Host Intrusion Prevention System
IaaS Infrastructure as a Service
IDS/IPS Intrusion Detection System/Intrusion Prevention System
IMA Integrity Management Architecture
IRM In-Lined Reference Monitors
ISA Instruction Set Architecture
KVM Kernel-Based Virtual Machine
KBA Knowledge-Based Answers/Questions
LAN Local Area Network
LLFC Link Layer Flow Control
LLM Lightweight Live Migration
LVMM Live Virtual Machine Migration
MiTM Man-in-the-Middle Attack
MAC Media Access Control
NAC Network Access Control
NRDC Natural Resources Defense Council
NIPS Network Intrusion Prevention System
OS Operating System
ONF Open Networking Foundation
PaaS Platform as a Service
PAP Policy Access Points
PDP Policy Decision Points
PEP Policy Enforcement Points
PUE Power Usage Effectiveness
PDT Performance Degradation Time
PMC Performance Monitoring Counters
PPW Performance Per Watt
RLE Run-Length Encoding
SaaS Software as a Service
SAML Security Assertion Markup Language
SDN Software-Defined Networks
SecaaS Security as a Service
SLA Service Level Agreements
SPT Shadow Page Table
SFI Software Fault Isolation
SMC Secure Multi-Party Computation
SIEM Security Information and Event Management
STP Spanning Tree Protocol
S3 Simple Storage Service
TPM Trusted Platform Module
TTP Trusted Third Party
TCG Trusted Computing Group
VDCs Virtual Data Centers
VLB Valiant Load Balancing
VPC Virtual Predict Checkpointing
VM Virtual Machine
VMM Virtual Machine Migration
VMLM Virtual Machine Live Migration
XSS Cross-Site Scripting
WAN Wide Area Network



Deputy-Head, Faculty of Information Technology

Haiphong University, Haiphong, Vietnam

Contemporary advancements in virtualization and correspondence advances have changed the way data centers are composed and work by providing new mechanisms for better sharing and control of data center assets. Specifically, virtual machine and live migration is an effective administration strategy that gives data center administrators the capacity to adjust the situation of VMs, keeping in mind the end goal to better fulfill execution destinations, enhance asset usage and correspondence region, moderate execution hotspots, adapt to internal failure, diminish vitality utilization, and encourage framework support exercises. In spite of these potential advantages, VM movement likewise postures new prerequisites on the plan of the fundamental correspondence foundation; for example, tending to data transfer capacity necessities to help VM portability. Besides, conceiving proficient VM relocation plans is additionally a testing issue, as it not just requires measuring the advantages of VM movement, but additionally considering movement costs, including correspondence cost, benefit disturbance, and administration overhead.

This book presents profound insights into virtual machine and live movement advantages and systems and examines their related research challenges in server farms in distributed computing situations.