The idea of cloud computing isn’t new, or overly complicated from a technology resources and Internet perspective. What’s new is the growth and maturity of cloud computing methods, and strategies that enable business agility goals. Looking back, the phrase “utility computing” didn’t captivate or create the stir in the information industry as the term “cloud computing” has in recent years. Nevertheless, appreciation of readily available resources has arrived and the utilitarian or servicing features are what are at the heart of outsourcing the access of information technology resources and services. In this light, cloud computing represents a flexible, cost-effective and proven delivery platform for business and consumer information services over the Internet. Cloud computing has become an industry game changer as businesses and information technology leaders realize the potential in combining and sharing computing resources as opposed to building and maintaining them.

There’s seemingly no shortage of views regarding the benefits of cloud computing nor is there a shortage of vendors willing to offer services in either open source or promising commercial solutions. Beyond the hype, there are many aspects of the Cloud that have earned new consideration due to their increased service capability and potential efficiencies. The ability to demonstrate transforming results in cloud computing to resolve traditional business problems using information technology management’s best practices now exists. In the case of economic impacts, the principles of pay-as-you-go and computer agnostic services are concepts ready for prime time. Performances can be well measured by calculating the economic and environmental effects of cloud computing today.

In Cloud Computing and Virtualization, Dac Nhuong Le et al. take the industry beyond mere definitions of cloud computing and virtualization, grid and sustainment strategies to contrasting them in day-to-day operations. Dac-Nhuong Le and his team of co-authors take the reader from beginning to end with the essential elements of cloud computing, its history, innovation, and demands. Through case studies and architectural models they articulate service requirements, infrastructure, security, and outsourcing of salient computing resources.

The adoption of virtualization in data centers creates the need for a new class of networks designed to support elasticity of resource allocation, increasing mobile workloads and the shift to production of virtual workloads, requiring maximum availability. Building a network that spans both physical servers and virtual machines with consistent capabilities demands a new architectural approach to designing and building the IT infrastructure. Performance, elasticity, and logical addressing structures must be considered as well as the management of the physical and virtual networking infrastructure. Once deployed, a network that is virtualization-ready can offer many revolutionary services over a common shared infrastructure. Virtualization technologies from VMware, Citrix and Microsoft encapsulate existing applications and extract them from the physical hardware. Unlike physical machines, virtual machines are represented by a portable software image, which can be instantiated on physical hardware at a moment’s notice. With virtualization, comes elasticity where computer capacity can be scaled up or down on demand by adjusting the number of virtual machines actively executing on a given physical server. Additionally, virtual machines can be migrated while in service from one physical server to another. Extending this further, virtualization creates “location freedom” enabling virtual machines to become portable across an ever-increasing geographical distance. As cloud architectures and multi-tenancy capabilities continue to develop and mature, there is an economy of scale that can be realized by aggregating resources across applications, business units, and separate corporations to a common shared, yet segmented, infrastructure.

Elasticity, mobility, automation, and density of virtual machines demand new network architectures focusing on high performance, addressing portability, and the innate understanding of the virtual machine as the new building block of the data center. Consistent network-supported and virtualization-driven policy and controls are necessary for visibility to virtual machines’ state and location as they are created and moved across a virtualized infrastructure.

Dac-Nhuong Le again enlightens the industry with sharp analysis and reliable architecture-driven practices and principles. No matter the level of interest or experience, the reader will find clear value in this in-depth, vendor-neutral study of cloud computing and virtualization.

This book is organized into thirteen chapters. Chapter 1, “Live Migration Concept in Cloud Environment,” discusses the technique of moving a VM from one physical host to another while the VM is still executing. It is a powerful and handy tool for administrators to maintain SLAs while performing optimization tasks and maintenance on the cloud infrastructure. Live migration ideally requires the transfer of the CPU state, memory state, network state and disk state. Transfer of the disk state can be circumvented by having a shared storage between the hosts participating in the live migration process. This chapter gives the brief introductory concept of live migration and the different techniques related to live migration such as issues with live migration, research on live migration, learning automata partitioning and, finally, different advantages of live migration over WAN.

Chapter 2, “Live Virtual Machine Migration in Cloud,” shows how the most well known and generally sent VMM-VMware is defenseless against reasonable assaults, focusing on their live migration’s usefulness. This chapter also discusses the different challenges of virtual machine migration in cloud computing environments along with their advantages and disadvantages and also the different case studies.

Chapter 3, “Attacks and Policies in Cloud Computing and Live Migration,” presents the cloud computing model based on the concept of pay-per-use, as the user is required to pay for the amount of cloud services used. Cloud computing is defined by different layer architecture (IAAS, PAAS and SAAS), and models (Private, Public, Hybrid and Community), in which the usability depends on different models. Chapter 4, “Live Migration Security in Cloud,” gives different security paradigm concepts that are very useful at the time of data accessing from the cloud environment. In this chapter different cloud service providers that are available in the market are listed along with security risks, cloud security challenges, cloud economics, cloud computing technologies and, finally, common types of attacks and policies in cloud and live migration.

Chapter 5, “Solutions for Secure Live Migration,” analyzes approaches for secure data transfer, focusing mainly on the authentication parameter. These approaches have been categorized according to single- and multi-tier authentication. This authentication may use digital certificate, HMAC or OTP on registered devices. This chapter gives an overview of Cloud security applications, VM migration in clouds and security concerns, software-defined networking, firewalls in cloud and SDN, SDN and Floodlight controllers, distributed messaging system, customized testbed for testing migration security in cloud. A case study is also presented along with other use cases: Firewall rule migration and verification, existing security scenario in cloud, authentication in cloud, hybrid approaches to security in cloud computing and data transfer, and architecture in cloud computing.

Chapter 6, “Dynamic Load Balancing Based on Live Migration,” concentrates on ancient data security controls (like access controls or encryption). There are two other steps to help operate unapproved data moving to cloud services: Monitor for large internal data migrations with file activity monitoring (FAM) and database activity monitoring (DAM) and monitor for data moving to the cloud with universal resource locater (URL) filters and data loss prevention. This chapter gives an overview of detecting and preventing data migrations to the cloud, protecting data moving to the cloud, application security, virtualization, VM guest hardening, security as a service, identity as service requirements, web services SecaaS requirements, email SECaaS requirements, security.

Chapter 7, “Live Migration in Cloud Data Center,” introduces the use of load balancing is to improve the throughput of the system. This chapter gives an overview of different techniques of load balancing, load rebalancing, and a policy engine to implement dynamic load balancing algorithm, some load balancing algorithms and VMware distributed resource scheduler.

In Chapter 8, “Trusted VMv-TPM,” data center network architectures and various network control mechanisms are introduced. Discussed in the chapter is how resource virtualization, through VM migration, is now commonplace in data centers, and how VM migration can be used to improve system-side performance for VMs, or how load can be better balanced across the network through strategic VM migration. However, all the VM migration works in this chapter have not addressed the fundamental problem of actively targeting and removing congestion from oversubscribed core links within data center networks. The TPM can be utilized to enable outside parties to guarantee that a specific host bearing the TPM is booted into a confided in state. That is performed by checking the arrangement of summaries (called estimations) of the stacked programming, progressively delivered all throughout the boot procedure of the gadget. The estimations are put away in a secured stockpiling incorporated within the TPM chip and are in this way impervious to programming assaults, albeit powerless against equipment altering. This chapter presents a stage skeptic trusted dispatch convention for a generic virtual machine image (GVMI). GVMIs are virtual machine pictures that don’t vary from the merchant-provided VM pictures (conversationally known as vanilla programming). They are made accessible by the IaaS suppliers for customers that plan to utilize a case of a VM picture that was not subject to any adjustments, such fixes or infused programming. The convention portrayed in this chapter permits a customer that demands a GVMI to guarantee that it is kept running on a confided stage.

Chapter 9, “Lightweight Live Migration,” presents a set of techniques that provide high availability through VM live migration, their implementation in the Xen hypervisor and the Linux operating system kernel, and experimental studies conducted using a variety of benchmarks and production applications. The techniques include: a novel fine-grained block identification mechanism called FGBI; a lightweight, globally consistent checkpointing mechanism called VPC (virtual predict checkpointing); a fast VM resumption mechanism called VM resume; a guest OS kernel-based live migration technique that does not involve the hypervisor for VM migration called HSG-LM; an efficient live migration-based load balancing strategy called DC balance; and a fast and storage-adaptive migration mechanism called FDM.

Chapter 10, “Virtual Machine Mobility with Self Migration” discusses many open issues identified with gadget drivers. Existing frameworks exchange driver protection for execution and simplicity of advancement, and gadget drivers are a noteworthy protection of framework insecurity. Endeavors have been made to enhance the circumstance, equipment security methods, e.g., smaller scale bits and Nooks, and through programming authorized seclusion. Product frameworks don’t uphold tending to confinements on gadget DMA, constraining the viability of the portrayed systems. Lastly, if applications are to survive a driver crash, the OS or driver security instrument must have a method for reproducing lost hardware state on driver reinitialization.

Chapter 11, “Different Approaches for Live Migration,” studies the implementation of two kinds of live migration techniques for hardware-assisted virtual machines (HVMs). The first contribution of this chapter is the design and implementation of the post-copy approach. This approach consists of the last two stages of the processmigration phases, the stop-and-copy phase and pull phase. Due to the introduction of the pull phase, this approach becomes non-deterministic in terms of the completion of the migration. This is because of the only on-demand fetching of the data from the source.

Chapter 12, “Migrating Security Policies in Cloud,” presents the concepts of cloud computing, which is a fast-developing area that relies on sharing of resources over a network. While more companies are adapting to cloud computing and data centers are growing rapidly, data and network security is gaining more importance and firewalls are still the most common means to safeguard networks of any size. Whereas today data centers are distributed around the world, VM migration within and between data centers is inevitable for an elastic cloud. In order to keep the VM and data centers secure after migration, the VM specific security policies should move along with the VM as well.

Finally, Chapter 13, “Case Study,” gives different case studies that are very useful for real-life applications, like KVM, Xen, emergence of green computing in cloud and ends with a case study that is very useful for data analysis in distributed environments. There are lots of algorithms for either transactional or geographic databases proposed to prune the frequent item sets and association rules, among which is an algorithm to find the global spatial association rule mining, which exclusively represent in GIS database schemas and geo-ontologies by relationships with cardinalities that are one-to-one and one-to-many. This chapter presents an algorithm to improve the spatial association rule mining. The proposed algorithm is categorized into three main steps: First, it automates the geographic data pre-processing tasks developed for a GIS module. The second contribution is discarding all well-known GIS dependencies that calculate the relationship between different numbers of attributes. And finally, an algorithm is proposed which provides the greatest degree of privacy when the number of regions is more than two, with each one finding the association rule between them with zero percentage of data leakage.

Dac-Nhuong Le
Raghvendra Kumar
Nguyen Gia Nhu
Jyotir Moy Chetterjee
January 2018