web service will be proposed and applied within intra-cloud ... Private cloud: The cloud infrastructure is .... selects the best efficient service using a proposed.
Intra-cloud and inter-cloud Load balancing based on interaction between mobile agent and web service 1
Abir KHALDI1, Kamel KAROUI1, Henda BEN GHEZALA1 RIADI Laboratory ENSI, University of Manouba, Manouba, Tunisia
Abstract- Cloud computing is becoming the most important model to provide services to clients through internet. So to attract more customers, cloud providers should ensure a high quality service essentially highly available and efficient. Load balancing is one of the most relevant techniques used to increase service availability. This technique can be used in cloud environment to prove its added value. In this paper, a load balancing metric is defined to select a cloud service. So, we will propose a framework based on the triangulation of mobile agents, web service and load balancing. Keywords: cloud, availability, load balancing, mobile agent, web service, security
1.
Introduction .
In clouds, the availability is one of the most critical requirements that cloud providers should ensure. As a technique, load balancing is used across different data centers to ensure network and service availability. Thus, computer hardware and software failures are kept to a minimum. In this work, we will focus on cloud service high availability using load balancing. A dynamic load balancing algorithm based on interaction between mobile agents and web service will be proposed and applied within intra-cloud and inter-clouds. This paper is organized as follows: section 2 introduces a literature review. Section 3 presents the related work. In section 4, we propose a load balancing framework to increase the cloud service high availability. Section 5, load balancing will be expanded to cover inter-clouds architecture. Section 6 is a case study. The proposed framework is evaluated in section 7. Finally, section 8 concludes and recommends future trends.
2. 2.1
Literature view Cloud computing
NIST [1] defines Cloud computing as a “model for enabling ubiquitous, convenient, on demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and delivered with minimal managerial effort or service provider interaction” .
The essential characteristics of cloud computing are [1]: On-demand self-service , Broad network access, Resource Pooling, Rapid elasticity, Measured service. The service models of cloud computing are [1]: Software as a Service (SaaS) : The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. Platform as a Service (PaaS) : The capability provided to the consumer is to deploy onto the cloud infrastructure consumer - created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. Infrastructure as a Service (IaaS) :The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The deployment models of cloud computing are [1]: Public cloud : The cloud infrastructure is provisioned for open use by the general public. Private cloud: The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers. Hybrid cloud: The cloud infrastructure is a composition of two or more distinct cloud infrastructures (public, private, or community). Community cloud : The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns.
2.2
Mobile agent
Mobile Agent (MA) is a programming paradigm used in distributed applications [2]. It makes the implementation of applications dynamically adaptable easier and facilitates the development of distributed applications on large networks. This covers many domains such as e-commerce; telecommunications, workflow applications, remote maintenance and park administration [3]. Mobile agents are execution programs that can migrate from one host in a network to another in order to satisfy requests made by their clients. The state of the running
program is saved, transported to the new host and restored, allowing the program to continue where it left off.
2.3
Web service
A Web Service is a method of communication between two electronic devices over a network. It is a software function provided at a network address over the web with the service always on, as in the concept of utility computing. The W3C defines a Web service generally as a software system designed to support interoperable machine-to-machine interaction over a network. The W3C Web Services Architecture Working Group defined a Web Services Architecture, requiring a specific implementation of a "web service." In this: “a web service has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP (Simple Object Access Protocol) messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards”[4].
2.4
Load balancing
Load balancing is a relatively new technique that facilitates networks and resources by providing a maximum throughput with minimum response time [5]. Dividing the traffic between servers, data can be sent and received without major delay. Different kinds of algorithms are available to help traffic getting loaded between available servers. A basic example of load balancing in our daily life can be related to websites. Without load balancing, users could experience delays, timeouts and possible long system responses. Load balancing solutions usually apply redundant servers which help a better distribution of the communication traffic so that the website availability is conclusively settled. There are many different kinds of load balancing algorithms available, which can be categorized mainly into two groups. The following section will discuss these two main categories of load balancing algorithms: Static algorithms divide the traffic equivalently between servers. By this approach, the traffic on the servers will be disdained easily and consequently it will make the situation more imperfect. This algorithm, which divides the traffic equally, is announced as round robin algorithm. However, there were lots of problems reported within this algorithm. Therefore, weighted round robin was defined to improve the critical challenges associated with round robin. In this algorithm each server has been assigned a weight, accordingly, the highest weight will receive more connections. In the situation that all the weights are equal, servers will receive balanced traffic [5]. Dynamic algorithms will attribute proper weights to servers and by searching through the whole network, the server with the minimum weight will be chosen in order to balance the traffic on. However, selecting the most adequate server will
need real time communication with the network, which will lead to an extra added traffic on the system. Comparing the two algorithms [5], dynamic algorithm could predict queries that can be made frequently on servers, but sometimes prevailed traffic will prevent these queries to be answered, and correspondingly more added overhead can be distinguished on network.
Related Work
3.
Availability is a critical requirement in cloud computing services. Many studies attempt to balance high availability (HA), based on cloud system performance and cost. Jung [6] studied a replication technique to guarantee HA while maximizing performance on a certain number of resources. Replication of software components is used to provide HA. In case of hardware failure, they used component redundancy and regenerated the software components into the remaining resources to achieve HA and optimize performance. It is based on a queuing model with different “mean time between failure” (MTBF) and “mean time to repair” (MTTR). In [7], Thanakornworakij and al proposed a HA-OSCAR open source framework to increase availability.it aims to improve HA of any Linux-based cloud computing platform. they enhance the load balancing between just two servers. In [8], Chaczko and al use Message oriented architecture to ensure load balancing in distributed networks. Based on messaging techniques XMPP allowed resources to be monitored and provide availability of cloud resources. In [9], Hemant and al proposed a prototype system based on a governance body which will handle all the transactions from the user to the actual server from which the user is requesting. They introduced routing table at each end server and middle server (Governance server). In the table bellow, we discuss the different works in load balancing in the cloud based on 5 criterion: cloud architecture, load balancing algorithm, using a middleware, service type, hypervisor metric and security metric. TABLE 1. COMPARING PROPERTIES OF PREVIOUS RELATED WORK Related
Cloud
Load
Using a
Service
Hypervisor’s
Security’s
work
Architecture
balancing
middelware
type
metric
metric
algorithm
[6]
Public/ Private
Dynamic
NO
Any
No
No
[7]
Public/ Private
Static
Yes
Any
No
No
[8]
Distributed
Dynamic
Yes
Data base
No
No
[9]
Public
Dynamic
Yes
Any
No
No
In our proposed framework, we will try to apply a dynamic, operating system independent and secure load balancing algorithm to cover all clouds models.
4.
Proposed framework for load balancing intra-cloud
In this section, we will describe our framework aiming to improve the cloud service performance. As follow, we will divide the framework description into 4 parts :
4.1 Global Framework architecture In [10], we proposed a secure cloud architecture design based on 4 zones and we specified a DMZ zone to deploy different cloud servers. In fact, we didn’t implemented in this previous work [10] a method to ensure the high availability. We will continue in this work to increase the availability of each server in the DMZ zone. So, we will propose a cloud DMZ zone managed by a master virtual machine named DMZManager. The DMZManager will be a middleware between cloud customer and cloud service. So, the DMZManager as a cloud middleware will receive the customer requests and automatically forward them to the appropriate server in order to fulfill the request (figure 1).
Mobile Agent (MA): The SMA dispatches a MA to each server in order to apply the proposed load balancing technique (section 4.3). The SSA receives the MA to do its job if it is authenticated. Web service: when invocated by the MA, it responds by the requested information. It is the middleware between the MA and the local VM server resources (CPU, RAM, database,etc). Data base : it is located in the DMZManager containing those attributes : o ServerType: It is the service type offered by the server (web, ftp, voip, etc). o Ip_address: The ip address of the VM server. o LB(Si).: the calculated load balancing metric of the service i. Intrusion detection system : It is a host intrusion detection system (HIDS) used to measure the number of intrusions detected in a second. Those components will intercommunicate to ensure load balancing within the proposed technique following some specific metrics. o
4.3 Load balancing technique proposed We propose applying a dynamic load balancing technique based on an indicator for each service named LB(Si). The LB(Si) is calculated using those following metrics related to each service in a VM server: • CPU: The CPU usage for a specific service in a VM server. Figure 1. Global Load balancing Framework
4.2 Framework components The proposed framework ensures the communication between 6 principal components which are responsible of load balancing through a dynamic algorithm. These components are as follows: DMZManager : It is a virtual machine (VM) located in the DMZ Zone as a middleware between cloud customer and cloud service. It selects the best efficient service using a proposed dynamic load balancing technique (section 4.3). VM servers : VM deploying public or private service such as web server, FTP server, Voip server, etc. Mobile agent platform : It is a platform based on intercommunication between 3 agents : o Static Manager Agent (SMA) : is located on the DMZManager to select the efficient service for the customer. o Static Server Agent (SSA) : is located on the VM server to receive mobile agent and to ensure secure communication.
•
RAM : The memory usage for a specific service in a VM server.
•
Number of incoming requests per second (NRIn): It is the number of requests for a specific service received by a VM server per second .
•
Number of outgoing requests per second (NROut) : It is the number of request issued from a specific service in a VM server per second.
•
Number of intrusions per second (NIntru): It is the number of intrusions aiming a specific service detected per second in a VM server. It is considered as a security metric to choose a secure service.
The proposed dynamic load balancing algorithm is based on 3 steps: • Step1 : Transforming metric value into a binary metric Metric values are so heterogeneous which complicates the calculation of the LB(Si). Our idea is to transform each metric value into a binary value composed of 2 bits. This binary value will be reflecting the metric value importance. Each metric belongs to one of the 4 metric’s classes.
-
Low class: it represents the class of the very high metric value. For example, when the value of one of those metrics (CPU percentage, RAM percentage, NRIn, NROut, NIntru) is very high so it belongs to the low class. The low class is represented by a word composed of 2 bits equals to 11.
-
Medium class: It represents the class of the medium metric value. For example, when the value of one of those metrics (CPU percentage, RAM percentage, NRIn, NROut, NIntru) is medium so it belongs to the medium class. The medium class is represented by a word of 2 bits equals to 10.
-
Good class: it represents the class of the medium metric value. For example, when the value of one of those metrics (CPU percentage, RAM percentage, NRIn, NROut, NIntru) is low so it belongs to the good class. The good class is represented by a word of 2 bits equals to 01.
-
Excellent class: it represents the class of the very low metric value. For example, when the value of one of those metrics (CPU percentage, RAM percentage, NRIn, NROut, Nintru) is very low so it belongs to the excellent class. The excellent class is represented by a binary word equal to 00.
Figure 2. LB(Si) calculated using metric’s priority
The LB(Si) is composed of 10 bits. It reveals the importance of all the metrics value due to their priority. So LB(Si) value is in [0,1024]. For example : In VM server, for a specific service (Si) , we have CPU=00, RAM=01, NRIn = 01 , NROut = 01 and NRIntru=10. So according to their priority (figure 3), we get LB(Si)=0010010101
We resume the transforming of a metric value in a binary word in table 2 using CPU metric as an example. TABLE 1. CPU METRIC VALUE TRANSFORMATION AND CLASSIFICATION Low class Medium Good class Excellent CPU Class class (%) Metric value Binary word
•
[100%,50%]
[49%,30%]
[29%,10%]
[9%,1%]
11
10
01
00
Step2: Calculating LB(Si)
The LB(Si) is calculated by using concatenation based on priority. This method consists to gather all metrics binary words in a unique sequence. The sequence is composed on its first part of the metric of the strongest priority (figure 1). We propose that every metric has a priority Pi which helps to constitute the LB(Si). In our case, we have 5 metrics (CPU percentage, RAM percentage, NRIn, NROut, Nintru) so we define 5 priority level from 0 to 4 when 4 is the lowest priority value and 0 is the highest. Metric’s priority is set by the cloud provider based on cloud environment and its variables. Sometimes the most efficient VMserver for the cloud provider is the server using the minimum percentage of CPU so the lowest priority value (P=0) is for CPU metric. For that, we sort the metrics according to their priority to get the LB(Si) (figure 2).
Figure 3. Example of LB(Si) calculation
The MA takes charge of step 1 and step 2 of the proposed dynamic load balancing technique. •
Step3: Classifying LB(Si)
After calculating LB(Si), the SMA can classify LB(Si) into 4 class (see table 3): - When 0 ≤ LB(Si) ≤ 255 , it belongs to the Excellent class due to its low value. In this case the VM service is highly available. -
When 256 ≤ LB(Si) ≤ 511 it belongs to the good class and the VM service is well available.
-
When 512 ≤ LB(Si) ≤767, it belongs to the medium class and the VM service is moderately available.
-
When 768≤ LB(Si) ≤1024, it belongs to the low class and the VM service is not enough available. TABLE 2. LB(Si) CLASSIFICATION OF METRIC’S VALUES
LB(Si) value
Low class
Medium Class
Good class
Excellent class
[768,1024]
[512,767]
[256,511]
[0,255]
•
Step4:
SMA to gives it the LB(Si) calculated. The SMA SM saves in the he database the LB(Si) for the appropriate service using its ip address. Step8: The SMA compares the different appropriate LB(Si) in the data base and selects the ip address for the server having the best LB(Si). LB(Si) Step9: The SMA forward the th customer request to the service selected and gives him the response.
Choosing LB(Si)
The LB(Si) classification helps SMA to make the best decision for choosing the most available VM service. This method is very useful mainly when applying load balancing balancin between more than two service.. It is important to forward the customer er request to the most available VMserver having the lowest LB(Si) value.
-
4.4 Framework function We will describe the different steps followed to apply the cloud high availability load balancing algorithm (Figure 4): Step1 : The cloud customer request a service from the DMZManager. The SMA receives the request and searches in its data base the different ip addresses of the appropriate servers which can offer the service. Step2: The SMA dispatches a MA to each server using its ts ip address. The MA migrates to the server through the cloud network. Step3: The SSA receives the MA. The SSA asked the MA a password in order to accept it. If the MA is correctly authenticated it can continue its work. Step4: The MA invokes the web se service to collect the following metrics : NRIn, NROut, NIntru, CPU. Step5: The web service analyses the HIDS log to determine NRIn, NROut, NIntru and demands to the system the CPU used.
In fact, the MA migration ation to calculate different LB(Si) isn’t happening each time the customer requests a service because it will consume much more time to response. So, dispatch is done periodically to fulfill the data base in the DMZManager. Thus, when a customer requests a service, service the SMA consults its data base bas to select the efficient service at that time.
5.
Proposed framework for load balancing inter--cloud
In the previous section, we have proposed propos a framework for intra-cloud cloud load balancing whether it is a public cloud or a private cloud. In the following section we’re w going to explain how our load balancing solution get expanded to ensure ens inter-clouds load balancing. The solution is to ensure an intercommunication between different SMA in DMZManager in each cloud. Every cloud has a metric related to the performance of its hypervisor. For that, it is important to introduce the metric of the cloud hypervisor (Cj) named H(Cj). We propose an hypervisor’s hypervi metric H(Cj) based on those metrics: • CPU:: The usage of CPU by the Cj hypervisor. •
RAM : The usage of RAM by the Cj hypervisor.
•
Number of intrusion/second(NIntru): It is the number of intrusions aiming a specific hypervisor detected per second.
Those metrics are represented as a word composed of 2 bits like metric’s c’s representation in section 4.3 . So the H(Cj) is calculated by the DMZAgent deployed in the DMZManager using the concatenation based on metric’s priority defined by the cloud provider (figure 5).
Figure 4.. Load balancing Framework Function
-
Step6: The web service responses response the MA. The MA calculate the LBi. Step7: The MA calculates the LB(Si) as described in step1 and step 2 in section 4.3 and returns back to the DMZManager. The MA is received by the
Figure 5. Calculating Load balancing metric inter-cloud inter
The LB(Cj,Si) is represented in 16 bits (See table 4) and can be classified into 4 class as we do for LB(Si) . - When 0 ≤ LB(Cj,Si) ≤ 16383 , it belongs to the Excellent class due to its low value. In this case the VM service is highly available. - When 16384≤ LB(Cj,Si) ≤32767 it belongs to the good class and the VM service is good available. - When 32768≤ LB(Cj,Si) ≤49151, it belongs to the medium class and the VM service is moderately available. - When 49152≤ LB(Cj,Si) ≤65536, it belongs to the low class and the VM service is not enough available. TABLE 3. LB(CJ,SI) CLASSIFICATION OF METRIC’S VALUES Low Medium Good Excellent class class class class LB(Cj,Si) value
[49152, 65536]
[32768, 49151]
[16384, 32767]
Mediation Agents support inter-application coordination by handling all communications among applications. The mediation agents move from the site of an application to another where they interact with the remote agent wrappers. For the IDS, we deployed SNORT[13] in each VM to monitor the system and the network intrusions. We configured snort to save alerts in its mysql database to deal with analyzed phase by the web service. We tested our proposed load balancing framework through two test cases (table 5): -
TABLE 5. LOAD BALANCING INTRA-CLOUD TESTCASES Initial Condition
Apache1 192.168.233.152
[0,16383] Apache2
The LB(Cj,Si) is stored in the appropriate LBdatabase’s table in each DMZManager. The DMZAgent communicates the lowest value of LB(Cj,Si) to another cloud DMZAgent for choosing the best performing VM service. The different cloud’s DMZManagers communicate through their LBDBAgents. The new metric of the cloud load balancing LB(Cj,Si) for each server is the concatenation between the H(Cj) and the LB(Si). The H(Cj) will constitute the first and the most significant part of the LB(Cj,Si) (Figure 5).
6.
Case study : Apache load balancing
In this study, we focus on load balancing intra-cloud. We‘ve chosen proxmox [11] as a cloud hypervisor because it supports Graphical User Interface (GUI) so that the installation and configuration becomes easier than other platforms using the command Line Interface (CLI). Then, we deploy 3 virtual machines on proxmox hypervisor. In each one, we deploy an Apache web server. By default the three apache web server had the same LB(Si) metrics. Bee-Gent Mobile Agent has been used for implementation. Bee-Gent technology was first released in 1999 by Toshiba [12], as a new type of pure agent development framework for the advanced network society. Its communication framework is based on the multi-agents model. The Bee-gent framework is comprised of two types of agents: agent wrappers and mediation agents: Agent Wrappers are used to ‘agentify’ existing applications. The agent wrappers manage the states of the applications, which are wrapped around, and invoke the applications when necessary.
192.168.233.153
Apache3 192.168.233.154
Selected Server
Testcase 1
Testcase 2
CPU
10%
RAM NRint
3% 1000
12% 3% 1000
12% 3% 1000
NRout
1000
1000
1000
NIntru
0
0
0
CPU RAM NRint NRout NIntru CPU RAM NRint NRout NIntru
10% 3% 1000 1000 0 10% 3% 10 10 0
10% 3% 1000 1000 0 15% 3% 1000 1000 0
10% 3% 1000 1000 1 15% 3% 1000 1000 0
Apache1
Apache 2
Apache 1
- Testcase 1: One of the three apache web server consumes less CPU than the others. So the traffic will be redirected to this server. (see figure 6).
Figure 6. Traffic redirection for load balancing
- Testcase 2: One of the three apache web server used less CPU but it is attacked by a DOS attack (see figure 6). So the traffic will be redirected to the server using less CPU.
[2] Lange, D. and Oshima, M.,1999. Seven Good Reasons for Mobile Agents - Dispatch your agents; shut off your machine. Communications of the ACM Issue. [3] Guttman, R. et al., 1998. Agent-mediated electronic commerce: a survey. Knowledge Engineering Review. 13(2):143-147. Figure 7. DOS attack to Apache server
7.
Proposed Load balancing Framework Evaluation
The most important advantages of our proposed load balancing framework are : We benefit from the advantages of the mobile agent in a previous work to detect and repair intrusions in an hybrid cloud [14]. So in this work, the load balancing with Mobile Agent approach uses also less network load compared to the client/server approach, by shipping code to data instead of shipping data to code. The Bee-Gent mobile agent approach offers an important feature: it is an authenticated and encrypted agent intercommunication: Security is an integrated part of the load balancing indicator proposed which is not done in previous works. The proposed load balancing algorithm chooses the most secure service given the use of the Number of intrusion detected per second as a metric in the LB indicator. The hypervisor metric H(Cj) is a new metric proposed to select the most efficient hypervisor inter-cloud.
8.
Conclusion
The high availability is an important factor for Cloud service providers to ensure service quality. Our proposed load balancing framework using mobile agents and web service interaction aims to improve the cloud service availability intra-cloud and inter-cloud. The load balancing algorithm chooses the most efficient and secure service to fulfill customers request. This algorithm cuts down costs in terms of network load, enhances balancing execution and secures communication due to the mobile agent approach. We plan to explore additional ways to expand the cloud service availability, robustness and reliability.
[4] "Web Services Glossary". W3C. February 11, 2004. Retrieved 2015-03-22. [5] R. Shimonski. Windows 2000 & Windows Server 2003 Clustering and Load Balancing. Emeryville. McGraw-Hill Professional Publishing, CA, USA (2003), p 2, 2003. [6] Jung, G., Joshi, K.R., Hiltunen, M.A.: Performance and Availability Aware Regeneration for Cloud Based Multitier Application. In: Dependable Systems and Networks (DSN), pp. 497–506 (2010) [7] Thanakornworakij, T., Sharma, R., Scroggs, B., Greenwood, Z. D., Riteau, P., & Morin, C. (2012, January). High availability on cloud with HA-OSCAR. In Euro-Par 2011: Parallel Processing Workshops (pp. 292-301). Springer Berlin Heidelberg. [8] Chaczko, Z., Mahadevan, V., Aslanzadeh, S., & Mcdermid, C. (2011, September). Availability and load balancing in cloud computing. In International Conference on Computer and Software Modeling, Singapore (Vol. 14). [9] Hemant, P., Chawande, N. P., Sonule, A., & Wani, H. (2011, September). Development of servers in cloud computing to solve issues related to security and backup. In Cloud Computing and Intelligence Systems (CCIS), 2011 IEEE International Conference on (pp. 158-163). IEEE. [10] Khaldi Abir., Karoui, K., Tanabène, N., & Ghzala, H. B. (2014, April). A secure cloud computing architecture design. In Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2014 2nd IEEE International Conference on (pp. 289-294). IEEE. [11] Proxmox. (2015). VE. Retrieved 02 13, 2015, from Proxmox Virtual Environment: http://www.proxmox.com/products/proxmox-ve [12] Bee-Gent,Online: http://flylib.com/books/en/4.4.1.92/1/ (January 2015) [13] Snort, Online: http://www.snort.org/, (March 2015).
9.
References
[1] Mell, P. &Grance, T., 2011, “The NIST Definition of Cloud Computing”, NIST Special Publication 800-145 (Draft). Retrieved 2013-10-11)
[14] KHALDI Abir, Kamel KAROUI, and Henda BEN GHEZALA. "Framework to detect and repair distributed intrusions based on mobile agent in hybrid cloud."
