which is the virtual computing environment for HaaS and SaaS applications. The aim of this approach is to provide the software as a service from a cloud.
A Virtualization-based SaaS Enabling Architecture for Cloud Computing Liang Zhong, Tianyu Wo, Jianxin Li, Bo Li Beihang University, Beijing, China {zhongl, woty, lijx, libo}@act.buaa.edu.cn Abstract -With the increasing prevalence of large scale cloud computing environment, researchers has draw more attention about how to provide software as a service through the internet. In this paper, a novel approach named vSaaS is proposed in iVIC platform, which is the virtual computing environment for HaaS and SaaS applications. The aim of this approach is to provide the software as a service from a cloud computing environment over the Internet; users are able to access different software transparently with no limitation on the client operation system or device capability. OS-level virtualization and remote display technologies are employed in the vSaaS system. Benefit from above technologies, massive exist legacy software could be easily adopted without any recompilation and redevelopment work. Software can be dynamic streaming deployed in the back-end resource pool in a dynamic streaming way. Finally, comprehensive experiments are conducted to demonstrate the feasibility and performance of the vSaaS implementation. Keyword - SaaS, Virtualization, Cloud, iVIC
1. Introduction In the personal computing times, users can customize their personal computing environment by installing certain software on their own computers. Software should be authorized by license. However, some other issues are involved by doing so. For example, users must concern to many difficult management and maintenance tasks while using software. Besides, user shall also consider about the various version of OS and other compatibility problems. Generally speaking, most users are not professional with computers. Moreover, the cost of using software is very high. These difficulties prevent them from using software. In recent years, the Software as a Service (SaaS) [21], largely enabled by the Internet, has become an innovative software delivery model for enterprise and individuals to complete some business related tasks or personal tasks. Using the SaaS delivery model,
software access has been simplified. However, there still exist three kinds of problems: First, the various legacy software is designed and developed for the desktop computer environment. If we want to make software web-accessible by multiple users, the redevelopment, even the redesign work, could turn out to be a massive work. Second, most current SaaS systems provide the software in the form of Web-based applications [6][8][10]. The user experience and interaction is generally limited due to the presentation capability of Web-based software. In order to improve the interaction capability, extensions have been made to the HTTP and web protocols by some browsers. However these extensions will bring other compatibility problems between Web-based applications and browsers. Third, user data are stored and processed on the Internet even on the same server. Moreover, the security of the user data as well as the user’s privacy comes to be a new challenge. In this paper, a virtualization-based SaaS enabling architecture for cloud computing, named vSaaS, is proposed. Cloud computing is a newly developed computing model, which could use resources over Internet to finish the task by enterprise and personal. Compared with existing approaches, vSaaS can be beneficial in several ways. With the introduction of the virtual execution layer, the existing legacy software can be adopted without redevelopment or redesign work. The deployment work in the backend resource pool is dynamically conducted in an on-demand way without pre-installation. Moreover, we have a virtual display layer to separate the execution from the presentation of the software. Users can use different clients to access the software without consider the compatibility and performance problems. The rest of this paper is structured as follows. A virtualization-based system for SaaS, named vSaaS, is proposed in Section 2 with layered architecture and modules. Then, in Section 3, we describe the implementation experiences of vSaaS. An initial deployment and experiment to evaluate the performance of the system is presented in Section 4. Related work is detailed in Section 5. Finally, we
conclude the paper and introduce the future work of vSaaS in Section 6.
2. vSaaS Architecture iVIC [18] is a virtual computing environment for both HaaS and SaaS application. The SaaS part is denoted as vSaaS in this paper. The goal of vSaaS is to provide the software as a service over Internet; clients can transparently access the software. Figure 1 illustrates the architecture of the vSaaS. A six–layer structure has been applied: virtual resource layer, virtual resource management layer, virtual execution layer, virtual display layer, schedule layer and user agent layer. Besides these six layers, we also provide security a mechanism to protect the whole system and development utilities to manage virtual software. = User Agent Layer Schedule Layer Virtual Display Layer(vSpace)
Dev& Utility (vSeq., etc..)
Monitor & Security
Virtual Execution Layer(vProcess) Virtual Resource Mgmt. Layer Virtual Machine
Virtual Storage
Virtual Network
Virtual Device
Virtual Application
Virtual Resource Layer Internet
Figure 1.
vSaaS Architecture
Desktop Merging Each user will have a virtual display instance. Virtual display instance is a virtual desktop, which can be used to merge all the presentation windows of software instances. After installing the vClient on the device, it will merge the virtual desktop together with the local desktop. Therefore, any remote running virtual software will just act like it is running locally. Mobile Device Access The software in our system is executed in the back-end resource pool, so there would not be any capability and version dependency on the client device system. Users can use their mobile devices easily to access the virtual display instance through the agent. Although a mobile client may sometime lose connection to the virtual display instance due to network problem, it will keep the status to wait until the client reconnects. 2.2. Virtual Execution Layer The core functionality of the virtual execution layer is to support the execution of virtual software. In the virtual execution environment, software can not aware of the existence of the virtual layer and will behave the same as they do in the traditional personal computer environment. The benefit of virtual execution layer is listed as follows: First, it can offer a separated and isolated execution environment for the virtual software. Second, the virtual software can be dynamically deployed without installing them on the operation system. Third, the virtual software can be launched with only part of the software package and have not to fully download it.
2.1. Highlight of the system
2.3. Virtual Display Layer
Software Dynamic Deployment In vSaaS system, software is provided as a service through the Internet. The software are deployed and executed on the backend resource pool. Since different users will have different software usage requirement, it will be a big cost to maintain the dedicate environment for each user. Besides, the software may be conflict in the same environment due to libraries lack or version conflict. Benefiting from the OS-level virtualization, the software can be dynamically deployed and executed without installing them on the running environment.
In the vSaaS system, the software is executed distributedly on different physical or virtual machines. How users do interact with the presentation windows of those distributed execution software will be a big challenge. A virtual display layer is introduced in our vSaaS system to resolve the problem. The mainly functions of this layer are: Virtual display instances management and Desktop windows merging.
Streaming Delivery of Software Another benefit bring by the OS-level virtualization technology can be seen when the software is executed on the back-end resource pool, virtualized software can be launched without a fully download process. During the launch and execution processes, the needed part of the software can be delivered to the execution environment in a streaming manner.
2.4. Schedule Layer In the vSaaS system, from the point view of users, user experience is very important. Users can not suffer a long-time latency while interacting with the virtual software. In contrast, from the point view of system, the system must have a highly output-through and load-balance in order to run smoothly. Moreover, load hot-pot should be void. Considering the above two aspects, a schedule layer is introduced into the vSaaS system. We have defined some policies, which can be
easily applied to the schedule layer. These policies focus on different aspects of system metric, such as load-balance, low latency response and so on. 2.5. User Agent Layer User agent layer contains many user agents. Every user agent will act as an intermediate among the user clients, virtual display layer and virtual execution layer. With the introduction of the user agent layer, the complexity of the user clients is definitely reduced. The user clients don’t need to concern of the instances status of the virtual display and virtual execution software. Then the user clients can have a transparent and easy access to the virtual software. Therefore there are not strict requirement on the user clients, user can use light-weight clients to access its virtual personal desktop. 2.6. Security Consideration For the software is accessed over the Internet, how to guarantee its security and trust is of great importance and some efforts should be done to deal with the attack issues. In our vSaaS system, an authentication and authorization framework based on certificate besides username/password mode is provided for the whole vSaaS six layers stack. First, a verification mechanism based on HMAC code is adopted in the vSaaS vProcess module. With this source authentication mechanism, any attempt to inject malicious codes into the binary streams can be detected. Moreover, the integrity of software is strongly protected. Second, to secure the VNC-based vSpace access, we adopted a stunnel tool, which provides SSL to secure the VNC protocol. Besides the secure communication mechanism, we also provide a VNC display sharing mechanism, in which the software owner can assign its view only or control privilege to trusted users. Third, in schedule layer, an attributeaware scheduling policy [20] has been engaged to ensure that only qualified users can be authorized to consume virtual resources.
The vSoftware component is a software repository server used to store the massive virtual software packages. It provides management and streaming interfaces to interact with utility tools and vProcess server. The vSoftware Store provides management interfaces for vSequencer to publish virtual software. The vSequencer is the utility used to virtualized and pack legacy software. Besides the management interface, vSoftware Store also provides software streaming interfaces for the vProcess instance. The vProcess instance can use different kinds of network protocol, i.e., HTTP, RTSP, to streaming deploy the virtual software packages. 3.2. vProcess Server The vProcess server can be deployed both on Linux and Windows. Thus software from both platforms can be adopted into the vSaaS system. The vProcess instance will responsible for the full life-cycle management, such as launching, running, terminating, of the virtual software execution. At the OS-level, components related to the execution of the software are virtualized. Following will give a detail description on how to virtualize these components: Virtual Filesystem Instances can be isolated from each other at filesystem. This filesystem view for each instance is combined together by a common view of the base filesystem and a dedicate view of the instance. Copy-on-Write mechanism is used to have the modification to the file been redirected to the dedicate view of the instances. Thus, the vProcess instance can not be regarded that it is running in a virtual filesystem environment.
3. Implementation Experience
Virtual Dynamic Library In the personal desktop environment, lacking of certain dynamic libraries or the version conflicting of the libraries will lead to installation or execution failure of the software. So we have to build a separated virtual dynamic library environment for each vProcess instance. Each vProcess instance will have its own virtual dynamic library, so there won’t be any version conflict exists.
In this section, we introduce our early experience with vSaaS implementation. As it has been discussed before, vSaaS presents a virtual personal environment framework for transparent software access from different kinds of clients. The vSaaS system is composed of five components and utility tools: vSoftware Store, vProcess, vSpace, vSchedule, Portal/vClient and vSquencer.
Virtual Registry & Configuration Different from Linux, Windows has the principle of registry, so we must concern to the virtualization of the registry under the Windows. Each virtual software will have its own private registry store. During the execution of the software, when a registry related activity is initialed, system will firstly try to find the related registry item in the private registry store, if it is not found, then it will go to the common public registry set to find it.
3.1. vSoftware Store
User data Different vProcess instances may need to process the same file in the user data in a sequence operation. Thus, a virtual user data space has been build for the all vProcess instances. A distributed filesystem is used to provide the user data space. The original user data files are stored in the central server. The vProcess server stores the replication of the user data files. 3.3. vSpace Server The vSpcae Servers is a hosting environment for the virtual display instances for users; we also call them vSpace instances. The vSpace instance acts as an intermediate between vAgent and vProcess instances. Through vSpace Server, vAgent and vProcess can exchange keyboard/mouse events and presentation windows of software with each other. vSpace Server also responds to merging presentation windows together. 3.4. Portal/vClient Two different kinds of clients are provided to access the iVIC virtual personal desktop. One is web-base client; another is C/S based client, which is called vClient. vClient is a enhanced version of iVIC Client. With these two kinds of clients, most of the user devices can transparently access our virtual software. Figure 2 shows a snapshot of the user desktop with vClient. In this desktop, in which gpaint and scite are from Linux, others such as mspaint and notepad are from Windows, and all software can be seamlessly integrated into one system desktop just like it is running locally.
To evaluate the functionality and performance of the vSaaS, we conduct experiments with four aspects in the real iVIC environment to explain the system behaviors. These experiments cover the major features of the vSaaS System. Besides, a comprehensive analysis based on the experiment results is presented. Our experiment environment is based on an iVIC resource pool consisting of thirty-two blade server boxes, each with 2 Intel Xeon E5405(quad-core) 2.00GHz CPU, 4GB RAM, 73GB SATA hard disk, Debian Lenny(Linux kernel 2.6.26) operation system installed. All these nodes are interconnected with a gigabit Ethernet. We have also used a laptop with Intel Duo2 Core 2.4GB, 2GB RAM as a user client to access the software. To evaluate the functions of software dynamic deployment and launch, we select 10 typical software for this experiment. All 10 software cover fields on daily-used software, such as, IM, network download tool, graphic editor, office suite and games. In this experiment, each software is dynamically deployed in a streaming way in the environment. Then, we collect the initial launch bytes percentage of all software. As shown in Figure 3, the software does not need the whole package to startup. Part of the package would be enough to launch the software. The average launch size percentage of the whole package bytes is about 10% to 20%, so our approaches have highly reduced the software deployment time to accelerate the launch of the software.
Figure 3. Initial launch size percentage of software Figure 2. A seamless integrated desktop by vSaaS vClient
3.5. vSquencer Tools The vSquencer is an utility tool for the administrator of the system, which can be used to make legacy software virtualized to the virtual software without any re-compile and re-development work.
4. Experiments and evaluation
We also perform a further experiment on the software loading process analysis. In this part, system log recorder is used to record all the file streaming related activities during the software launch. From the Figure 4, X axis is the logarithm of elapsed time(seconds), we can see that the 4 sample software, filezilla, medit ,skype and gpaint, have different launch curved shapes, because the dynamic libraries struts and sizes of the two samples are not the instinct. We also notice that there is still certain time-span before the launch finish during this idle time-span; the percentage
of the package byes do not increase. So further, we can apply software prefetch feature to the software streaming in this idle time-span to accelerate the following execution of the software.
shows that the network delay has a highly effect on software launch time.
Figure 5. Network effect on the software launch time
5. Related Work
Figure 4. Percentage Launch style of filezilla, medit, skype and gpaint
The third experiment is about the overhead of the OS-level virtualization in our system. The introducing of virtualization of core operation system components will increase the software launch time and execution latency. We use the launch time as the metric of the overhead. As shown in Table I: the delta of virtualized launch time and original launch time are at 0.1s level. This latency time caused by the overhead is acceptable in the real user scenarios. If the package download time and installation time of original launch method is considered, the vSaaS launch method is faster than the original launch method. TABLE I.
OVERHEAD OF OS-LEVEL VIRTUALIZATION
Original Launch Time (s)
Virtualized Launch Time (s)
Delta(s)
skype
0.461
0.653
0.192
gpaint
0.191
0.358
0.167
medit
0.286
0.600
0.314
filezilla
1.139
1.535
0.396
scite
1.139
0.096
0.017
dvd95
0.181
0.356
0.175
Software
Figure 5 shows the experiment about the effect of network delay on the software launch time. In this experiment, we have varied the network delay condition in through our network device and measured the impact on the software launch. The network roundtrip delay time is set from 1ms to 10ms. The result
CA Berkeley [7] and some other industry companies such as EyeOS [8], DesktopOnDemand [9], etc. have developed their Web OS for software usage. But WebOS often has its own programming framework, how to adopt massive existence software is also another problem. Some other software vendors try to provide the web-based software focusing on certain function, such as Salesforce.com [10], which has produced a CRM online version; Google produces Google Docs & Spreadsheets [6] and so on. Another problem of the web-base software is that the interaction is not friendly enough to compare with traditional desktop software. Comparing with these solutions, the vSaaS system could easily adopt the legacy software. Another approach is to use a virtual machine to encapsulate the software. In the Collective [1][5] project, software are encapsulated in a virtual machine, which they call virtual appliance. Virtual machines provide a good encapsulated and isolated environment for the software execution, but it need strong capability to support VM running. Besides, cost of hardware virtualization is much heavier compared with the vSaaS, which using the OS-level virtualization. Obviously, this solution is also not suitable for the mobile clients who often have limited capability and function. Some works, include Microsoft’ App-V [4] system, Citrix XenApp [11], Progressive Deployment System (PDS) [2] , Zhang’s work [12], and FVM [3][19] employ OS-level virtualization technology to reduce the maintaining and management labor cost of IT as well as the execution environment isolation. The software package will be delivered to the local machine in a streaming way. Compared with the vSaaS system, both Microsoft’s and Zhang’s work are only for Windows OS and need to run the software locally, therefore the capability and environment limitation still exist.
THINC [13] project, Citrix XenDesktop [14], Microsoft Terminal Service [15], Sun Ray [16], and RealVNC [17] have proposed different remote display solutions for the client access. These solutions only focus on the separation of execution and presentation, do not involve the software deployment and execution related fields. The vSaaS system could not only provide the remote display, but also provide the virtual execution of software.
[2]
6. Conclusion and future work
[5]
In this paper, we present the vSaaS, a platform of a virtual personal desktop environment base on OS-level virtualization and remote display technologies. The design principle and the highlight features of the vSaaS are detailed and a prototype solution is introduced. We has deployed the system in the real iVIC environment and performed a set of experiments. The result shows the feasibility and effectiveness of our solution. Our on-going work is focusing on the following three aspects: First, high-availability and faulttolerance of the vProcess instance execution. Second, prediction function will be added to the virtual software execution, thus accelerating the startup and execution of software. Third, I/O device virtualization support will be added to our system. It is also very important for the software execution. Local devices can be virtualized and easily been accessed from the virtual software instances.
7. Acknowledgement This work is partially supported by grants from China 863 High-tech Program (Project No. 2007AA01Z120, 2009AA01Z419), China 973 Fundamental R&D Program (No. 2005CB321803) and National Natural Science Foundation of China (Project No. 60703056, 60731160632, 60903149). We would also like to thank members in Network Computing Research team in Institute of Advanced Computing Technology of Beihang University for their hard work.
[3]
[4]
[6] [7]
[8] [9] [10] [11] [12]
[13]
[14]
[15] [16] [17] [18]
[19]
8. References [1]
R. Chandra, N. Zeldovich, C. Sapuntzakis, and M. S. Lam, “The Collectivce: A Cache-Based System Management Architecture,” Proceedings of the Second Symposium on Networked Systems Design and Implementation (NSDI 2005), May, 2005.
[20]
[21]
B. Alpern, J. Auerbach, V. Bala, T. Frauenhofer, T. Mummert, and M. Pigott, “PDS: A Virtual Execution Environment for Software Deployment,” Proceedings of the First ACM/USENIX International Conference on Virtual Execution Environment, March, 2005. Y. Yang, F. Guo, S. Nanda, L. Lam, and T. Chiueh, “A Feather-weight Virtual Machine for Windows Applications,” Proceddings of the Second ACM/USENIX Conference on Virtual Execution Environments(VEE’06), June, 2006. http://www.microsoft.com/systemcenter/softgrid/default.mspx [accessed: December 12, 2009] C. Sapuntzakis, D. Brumley, R. Chandra, N. Zeldovich, J. Chow, J. Norris, M. S. Lam, and M. Rosenblum, “Virtual appliances for deploying and maintaining software,” Proceedings of Seventeenth USENIX Large Installation System Administration Conference, October, 2003. http://documents.google.com/ [accessed: December 12, 2009] A. Vahdat, T. Anderson, M. Dahlin, D. Culler, E. Belani, P. Eastham, and C. Yoshikawa, “WebOS: Operating System Services For Wide Area Applications,” The Seventh IEEE Symposium on High Performance Distributed Computing, July, 1998 http://eyeos.org/ [accessed: December 12, 2009] http://www.desktopondemand.com/ [accessed: October 12, 2009] http://www.salesforce.com/ [accessed: December 12, 2009] http://www.citrix.com/english/ps2/products/product.asp?conten tid=186 [accessed: December 12, 2009] Y. Zhang, X. Wang and L. Hong, “Portable Desktop Applications Based on P2P Transportation and Virtualization,” Proceedings of the 22nd Large Installation System Administration Conference, November, 2008 R. Baratto, L. Kim, and J. Nieh, "THINC: A Virtual Display Architecture for Thin-Client Computing," Proceedings of the Twentieth ACM Symposium on Operating Systems Principles (SOSP 2005), October, 2005 http://www.citrix.com/English/ps2/products/product.asp?conte ntID=163057&ntref=hp_nav_US [accessed: December 12, 2009] http://www.microsoft.com/windowsserver2003/technologies/te rminalservices/default.mspx [accessed: December 12, 2009] http://www.sun.com/sunray/ [accessed: December 12, 2009] http://www.realvnc.com/ [accessed: December 12, 2009] J. Huai, Q. Li and C. Hu, “CIVIC: A Hypervisor Based Virtual Computing Environment,” Proceedings of the 2007 International Conference on Parallel Processing Workshops, September, 2007 Y. Yu, H.K. Govindarajan, L. Lam and T. Chiueh "Applications of Feather-Weight Virtual Machine," Proceedings of the 2008 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE08), Seattle WA., March, 2008. X. Wei. 2006. Policy-Based Distributed Access Control for Service Grid. Ph.D. dissertation, Beihang University, Beijing, China. D. Ma, “The Business Model of "Software-As-A-Service"”, Proceedings of the 2007 IEEE International Conference on Services Computing (SCC07), Chicago, July, 2007
