cloudlet - readthedocs.org

103
cloudlet Aug 11, 2018

Upload: others

Post on 12-Jan-2022

11 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: cloudlet - readthedocs.org

cloudlet

Aug 11, 2018

Page 2: cloudlet - readthedocs.org
Page 3: cloudlet - readthedocs.org

Introduction

1 Cloudlet Overview 11.1 High Level Use Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.3 Logical Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.4 Process Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.5 Deployment model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.6 Trusted Cloudlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51.7 Physical Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Implementations 72.1 Solution Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3 Services 133.1 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

4 Sub Systems 254.1 Cloudlet Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254.2 Data Coordinator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314.3 Federated Orchestrated Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354.4 Identity Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394.5 Telemetry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434.6 Trust Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5 Actors 575.1 Application Developer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575.2 Actor Operations Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605.3 Actor Stack Developer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

6 Use Cases 676.1 Manage Cloudlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676.2 Manage Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736.3 Manage Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 816.4 Manage Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896.5 Use Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

i

Page 4: cloudlet - readthedocs.org

ii

Page 5: cloudlet - readthedocs.org

CHAPTER 1

Cloudlet Overview

The Cloudlet Architecture enables the connection of multiple data centers, devices, remote locations or edge devicesto be managed and utilized as one cloud ecosystem. The architecture describes the Use Cases, Actors, and subsystemsthat define the cloudlet architecture. The C3 architecture is used as the base to the Cloudlet architecture.

1.1 High Level Use Case

• Manage Cloudlet - Manage Cloudlets to Cloud helps setup the federation of clouds.

• Manage Policies - Manage policies that apply to the federation and to specific clouds or data centers

• Manage Services - Register a service in the cloud federation.

• Use Service - Use a service in the federation. This could use a service in the local or one of the remote clouds.

1

Page 6: cloudlet - readthedocs.org

cloudlet

1.2 Users

• Application Developer

• Actor Operations Manager

• Actor Stack Developer

2 Chapter 1. Cloudlet Overview

Page 7: cloudlet - readthedocs.org

cloudlet

1.3 Logical Architecture

The Cloudlet Architecture contains a small set of services that establishes a federation of cloud by standardizing ona common CMP layer from the Hybrid Cloud architecture. Each cloud has a Cloudlet Manager Service running thatwill help establish the federations between the clouds. Coordination between the Clouds in the Federation will behandled by a set of services that give the federation connectivity, security and manageability. This same architecturehas been extended to Edge and Cloud connectivity in the cases that an edge device includes the minimal “micro” cloudarchitecture. The C3 architecture is the base to this architecture.

• Trust Manager - Manages Securee keys in TPMs across multiple data centers.

• Cloudlet Manager - Each Cloud Has a Cloudlet manager that becomes part of the Federation

• Data Coordinator - Coordinates data between Clouds

• Federated Orchestrated Cloud - Federated Orchestrated to schedule service requests acrosss multiple clouds

• Identity Manager - Manages Identity across multiple clouds

• Telemetry - Aggregates Telemetry before sharing the telemetry to the other cloudlets.

• C3 - This is a common hybrid cloud architecture that must be present in each cloud. The key elements that mustbe there are a Cloud management platform, an automation framework, and a platform as a service framework.This a requirement of the architecture not part of the architecture.

1.4 Process Architecture

There are several activities that an Operations Manager performs with the Cloudlet Architecture including: Settingup the federation of clouds to form cloudlets, Establishing Local and Global (Federated Policies), Creating Securegeo-fenced domains, and updating and patching infrastructure across the cloudlets.

1.3. Logical Architecture 3

Page 8: cloudlet - readthedocs.org

cloudlet

1.5 Deployment model

The Cloudlet architecture should be as light weight as possible and should integrate existing infrastructure and systemswith minimal impact on the current system. Existing cloud installations are used to handle the heavy lifting in thesystem. The cloudlet architecture requires a hybrid cloud architecture that includes Cloud Management Platform,Automation Framework & Platform as a Service, or the functions defined in those sets of tools.

The Cloudlet Architecture has a Cloudlet Manager is that placed as a connectivity layer between the hybrid cloudand the Federated Connectivity. The connectivity gives all of the functionality that is needed to federate the different

4 Chapter 1. Cloudlet Overview

Page 9: cloudlet - readthedocs.org

cloudlet

clouds systems together. This let’slets the cloud operate independently from other cloud(s). Allowing for them tooperate in a disconnected or semi-connected state.

1.6 Trusted Cloudlets

Setting up a cloudlet architecture does not mean they are secure or trusted. Trusted Cloudlets give the ability to setup a trusted federation of cloud and to segment that federation with geo fencing technology using Intel CIT, TXTand TPMs. Intel TXT and CIT technologies provide the trusted launch and attestation of the cloud workloads andinfrastructure. Overall trust and security in a cloud computing infrastructure must begin with the servers and basecompute systems. The basic elements of this trusted platform span hardware, firmware, and software to provide thebest balance of tamper-resistance and functionality.

In this example Each cloud has a geo fenced data set that can be shared with other clouds but not all of the clouds.

1.6. Trusted Cloudlets 5

Page 10: cloudlet - readthedocs.org

cloudlet

1.7 Physical Architecture

The goal of the architecture is to connect multiple clouds together that are scattered across an organization. This couldbe physically as well as logically. There is the concept of a base Cloud that could offer multiple clouds and remoteclouds named cloudlets.

6 Chapter 1. Cloudlet Overview

Page 11: cloudlet - readthedocs.org

CHAPTER 2

Implementations

These are implementations of the architecture

2.1 Solution Overview

Cloudlets represent an architecture of federated cloud that have a CMP+Automation+PaaS+CloudOS bundle as de-scribed in the C3 architecture. The architecture targets cloud operations managers and should be as transparent to theend user and developer as possible.

2.1.1 High Level Use Case

• Manage Cloudlet

• Manage Policies

• Manage Services

• Use Service

7

Page 12: cloudlet - readthedocs.org

cloudlet

2.1.2 Users

• Application Developer

• Actor Operations Manager

• Actor Stack Developer

2.1.3 Logical Architecture

What is the smallest size of the data for a cloudlet to: Authenticate all users in the cloud federation All other datarequired to run any job or at least start a job remotely.

8 Chapter 2. Implementations

Page 13: cloudlet - readthedocs.org

cloudlet

This should help answer the storage requirements for the Cloudlet.

Where is data impacted: 1. Data Latency? 1. Does data Gravity have a big play 1. What VMs do you want localized1. What images are required on the Remote Clouds 1. Updates to Cloudlets.

• Cloudlet Manager - Each Cloud Has a Cloudlet manager that becomes part of the Federation

• Federated Orchestrated Cloud - Federated Orchestrated to schedule service requests acrosss multiple clouds

• Data Coordinator - Coordinates data between Clouds

• Identity Manager - Manages Identity across multiple clouds

• Trust Manager - Manages Securee keys in TPMs across multiple data centers.

• Telemetry - Aggregates Telemetry before forwarding it own to a cloudlet telemetry

• C3 - Common Cloud Core including a Cloud Management Platform

2.1.4 Process Architecture

There are several activities that an Operations Manager performs with the Cloudlet Architecture including: Settingup the federation of clouds to form cloudlets, Establishing Local and Global (Federated Policies), Creating Securegeo-fenced domains, and updating and patching infrastructure across the cloudlets.

2.1. Solution Overview 9

Page 14: cloudlet - readthedocs.org

cloudlet

2.1.5 Deployment model

The Cloudlet architecture should be as light weight as possible and should integrate existing infrastructure and systemswith minimal impact on the current system. Existing cloud installations are used to handle the heavy lifting in thesystem. The cloudlet architecture requires a hybrid cloud architecture that includes Cloud Management Platform,Automation Framework & Platform as a Service, or the functions defined in those sets of tools.

The Cloudlet Architecture has a Cloudlet Manager is that placed as a connectivity layer between the hybrid cloudand the Federated Connectivity. The connectivity gives all of the functionality that is needed to federate the differentclouds systems together. This let’slets the cloud operate independently from other cloud(s). Allowing for them to

10 Chapter 2. Implementations

Page 15: cloudlet - readthedocs.org

cloudlet

operate in a disconnected or semi-connected state.

2.1.6 Physical Architecture

The goal of the architecture is to connect multiple clouds together that are scattered across an organization. This couldbe physically as well as logically. There is the concept of a base Cloud that could offer multiple clouds and remoteclouds named cloudlets.

2.1. Solution Overview 11

Page 16: cloudlet - readthedocs.org

cloudlet

12 Chapter 2. Implementations

Page 17: cloudlet - readthedocs.org

CHAPTER 3

Services

These are the micro-services of the cloudlet Solution that are used to implement the solutions.

3.1 Services

The system is implemented using micro-services that are deployed across a cloudified architecture.

3.1.1 cloudlet-manager

cloudlet-manager is a micro-service of cloudlet . . .

Use Cases

Users

• Actor Operations Manager

13

Page 18: cloudlet - readthedocs.org

cloudlet

Uses

• cloudlet-manager

Interface

• CLI - Command Line Interface

• REST-API -

• Portal - Web Portal

Logical Artifacts

14 Chapter 3. Services

Page 19: cloudlet - readthedocs.org

cloudlet

3.1. Services 15

Page 20: cloudlet - readthedocs.org

cloudlet

Activities and Flows

Deployment Architecture

This is the deployment of the micro-service. The micro-service is deployed when trigger and should scale from #to # based on condition. The micro-service is deployed with the imagename image. The ports exposed are 5000 forexternal and 3000 for internal.

16 Chapter 3. Services

Page 21: cloudlet - readthedocs.org

cloudlet

Physical Architecture

The micro-services are physically deployed on to a hybrid cloud infrastructure.

3.1. Services 17

Page 22: cloudlet - readthedocs.org

cloudlet

3.1.2 telemetry

telemetry is a micro-service of cloudlet . . .

Use Cases

Users

• Federated Orchestrated Cloud

18 Chapter 3. Services

Page 23: cloudlet - readthedocs.org

cloudlet

Uses

• telemetry

Interface

• CLI - Command Line Interface

• REST-API -

• Portal - Web Portal

Logical Artifacts

3.1. Services 19

Page 24: cloudlet - readthedocs.org

cloudlet

20 Chapter 3. Services

Page 25: cloudlet - readthedocs.org

cloudlet

Activities and Flows

Deployment Architecture

This is the deployment of the micro-service. The micro-service is deployed when trigger and should scale from #to # based on condition. The micro-service is deployed with the imagename image. The ports exposed are 5000 forexternal and 3000 for internal.

3.1. Services 21

Page 26: cloudlet - readthedocs.org

cloudlet

Physical Architecture

The micro-services are physically deployed on to a hybrid cloud infrastructure.

22 Chapter 3. Services

Page 27: cloudlet - readthedocs.org

cloudlet

3.1. Services 23

Page 28: cloudlet - readthedocs.org

cloudlet

24 Chapter 3. Services

Page 29: cloudlet - readthedocs.org

CHAPTER 4

Sub Systems

• Trust Manager

• Cloudlet Manager

• Data Coordinator

• Federated Orchestrated Cloud

• Identity Manager

These are the high level Subsystems of the cloudlet Solution

4.1 Cloudlet Manager

The Cloudlet Manager is responsible for connecting a “Cloud” into the Cloud Federation. Once the Cloud is connectedto th Cloud Federation it will be known as a Cloudlet in that federation.

25

Page 30: cloudlet - readthedocs.org

cloudlet

4.1.1 Use Cases

• Manage Cloudlet

• Add Cloudlet

4.1.2 Users

• Actor Operations Manager

4.1.3 Uses

• Cloudlet Manager

• Federated Orchestrated Cloud

26 Chapter 4. Sub Systems

Page 31: cloudlet - readthedocs.org

cloudlet

4.1.4 Interface

• CLI - Command Line Interface

• REST-API -

• Portal - Web Portal

4.1.5 Logical Artifacts

4.1. Cloudlet Manager 27

Page 32: cloudlet - readthedocs.org

cloudlet

4.1.6 Activities and Flows

28 Chapter 4. Sub Systems

Page 33: cloudlet - readthedocs.org

cloudlet

4.1. Cloudlet Manager 29

Page 34: cloudlet - readthedocs.org

cloudlet

4.1.7 Deployment Architecture

30 Chapter 4. Sub Systems

Page 35: cloudlet - readthedocs.org

cloudlet

4.1.8 Physical Architecture

4.2 Data Coordinator

Data Coordinator is a subsystem of Cloudlet architecture and is responsible for coordinating data between the clouds.This is for data that can be moved between data centers based on policies and bandwidth capabilities.

Typical data that should be shared between Data Centers are

• Service Images

• Service Templates

• Application Templates

• Shared Policy Data

• Shared Registries

• Application Data

The Data Coordinator is responsible for creating secure domains between the multiple Cloudlets and moving dataor applications between the Cloudlets. It will work with the Trust Manager to establish geofenced federated securedomains that the data can freely move.

There are three modes that the Data Coordinator can use to move data or applications. 1. Data Movement - Move databetween the Cloudlets 1. Data Exchange - Split and application into multiple services and distribute the services onthe different cloudlets. 1. App Movement - Move an application to the Data.

4.2.1 Use Cases

• Move Data

• Move Application

4.2. Data Coordinator 31

Page 36: cloudlet - readthedocs.org

cloudlet

• Exchange Data

4.2.2 Users

• Actor Operations Manager

32 Chapter 4. Sub Systems

Page 37: cloudlet - readthedocs.org

cloudlet

4.2.3 Uses

• Data Coordinator

• Cloudlet

4.2.4 Interface

• CLI - Command Line Interface

• REST-API -

• Portal - Web Portal

4.2.5 Logical Artifacts

• Data Mover - Moves data between trusted geofenced secure domains between the Cloudlets.

• Application Mover - Find the data required for the application and moves the application to the proper Cloudlet.

• Data Exchange - Create a results Agregator and sets up the Data Exchange Source micro-services in eachCloudlet.

4.2. Data Coordinator 33

Page 38: cloudlet - readthedocs.org

cloudlet

4.2.6 Activities and Flows

34 Chapter 4. Sub Systems

Page 39: cloudlet - readthedocs.org

cloudlet

4.2.7 Deployment Architecture

4.2.8 Physical Architecture

4.3 Federated Orchestrated Cloud

Federated Orchestrated Cloud is a subsystem of the Cloudlet Architecture. The Federated Orchestrated Cloud (FOC)is responsible for coordinating service requests between the clouds. It has three major components. SNAP, Analyticsand and Orchestrator. The FOC should be the majority of the added integration required for the federation.

4.3. Federated Orchestrated Cloud 35

Page 40: cloudlet - readthedocs.org

cloudlet

4.3.1 Use Cases

4.3.2 Users

• Actor Operations Manager

4.3.3 Uses

• Federated Orchestrated Cloud

4.3.4 Interface

• CLI - Command Line Interface

• REST-API -

• Portal - Web Portal

36 Chapter 4. Sub Systems

Page 41: cloudlet - readthedocs.org

cloudlet

4.3.5 Logical Artifacts

Information from the analytics. Would be used to determine what services should be on the cloud. It willalso determine what pre-staged Images or VMs would be best on the Cloud. This information is dynamic.

A cloud is responsible for itself. Other clouds cannot push jobs or services to a cloud. A Cloud pullsservices/data/ etc.. From other clouds and makes the services available

Policy will determine how often a Service will be removed from the Cloudlet and force other Cloudlets touse the Cloud.

4.3. Federated Orchestrated Cloud 37

Page 42: cloudlet - readthedocs.org

cloudlet

4.3.6 Activities and Flows

38 Chapter 4. Sub Systems

Page 43: cloudlet - readthedocs.org

cloudlet

4.3.7 Deployment Architecture

4.3.8 Physical Architecture

4.4 Identity Manager

The Identity Manager handles identity across multiple clouds.

4.4. Identity Manager 39

Page 44: cloudlet - readthedocs.org

cloudlet

4.4.1 Use Cases

4.4.2 Users

• Actor Operations Manager

4.4.3 Uses

• Identity Manager

4.4.4 Interface

• CLI - Command Line Interface

• REST-API -

• Portal - Web Portal

40 Chapter 4. Sub Systems

Page 45: cloudlet - readthedocs.org

cloudlet

4.4.5 Logical Artifacts

4.4. Identity Manager 41

Page 46: cloudlet - readthedocs.org

cloudlet

4.4.6 Activities and Flows

42 Chapter 4. Sub Systems

Page 47: cloudlet - readthedocs.org

cloudlet

4.4.7 Deployment Architecture

4.4.8 Physical Architecture

4.5 Telemetry

Telemetry is a subsystem of cloudlet . . .

4.5. Telemetry 43

Page 48: cloudlet - readthedocs.org

cloudlet

4.5.1 Use Cases

4.5.2 Users

• Actor Operations Manager

4.5.3 Uses

• Telemetry

4.5.4 Interface

• CLI - Command Line Interface

• REST-API -

44 Chapter 4. Sub Systems

Page 49: cloudlet - readthedocs.org

cloudlet

• Portal - Web Portal

4.5.5 Logical Artifacts

4.5.6 Activities and Flows

The Telemetry subsystem provides the following activities and flows.

4.5. Telemetry 45

Page 50: cloudlet - readthedocs.org

cloudlet

4.5.7 Deployment Architecture

This subsystem is deployed using micro-services as shown in the diagram below. The ‘micro’ module is used toimplement the micro-services in the system. The subsystem also has an CLI, REST and Web Interface exposedthrough a sailajs application. The sailsjs application will interface with the micro-services and can monitor and drivework-flows through the mesh of micro-services.

46 Chapter 4. Sub Systems

Page 51: cloudlet - readthedocs.org

cloudlet

4.5.8 Physical Architecture

The Telemetry subsystem is is physically laid out on a hybrid cloud infrastructure. Each microservice is shown howthey connect to each other. All of the micro-services communicate to each other and the main app through a RESTinterface. A CLI, REST or Web interface for the app is how other subsystems or actors interact. Requests are forwardedto micro-services through the REST interface of each micro-service.

4.5. Telemetry 47

Page 52: cloudlet - readthedocs.org

cloudlet

4.5.9 Micro-Services

• telemetry

4.6 Trust Manager

Setting up a cloudlet architecture does not mean they are secure or trusted. Trusted Cloudlets give the ability to setup a trusted federation of cloud and to segment that federation with geo fencing technology using Intel CIT, TXT

48 Chapter 4. Sub Systems

Page 53: cloudlet - readthedocs.org

cloudlet

and TPMs. Intel TXT and CIT technologies provide the trusted launch and attestation of the cloud workloads andinfrastructure. Overall trust and security in a cloud computing infrastructure must begin with the servers and basecompute systems. The basic elements of this trusted platform span hardware, firmware, and software to provide thebest balance of tamper-resistance and functionality.

Intel Trusted Execution Technology (TXT) is available with servers featuring the Intel® Xeon® processor E3, E5,and E7 families. Platform-level enhancements provide the building blocks to enable visibility, trust, and control in thecloud.

Intel TXT is a combination of hardware and software aimed at securing the execution of sensitive workloads. Incontrast to solutions that protect the Operating System, Intel TXT builds a chain of trust from the system firmwareall the way to the server or hypervisor to prevent attacks on system firmware or BIOS, MBR, boot loader, OS andhypervisor. Every component in this chain is verified against known good states and, depending on the result, markedeither trusted or untrusted.

4.6. Trust Manager 49

Page 54: cloudlet - readthedocs.org

cloudlet

This approach allows detection of not only threats to the OS itself, such as viruses, but also attacks on the configurationand even manipulation of the server’s boot firmware and hardware. When a breach is detected, workloads that requiresecure execution cannot be executed on this server.

50 Chapter 4. Sub Systems

Page 55: cloudlet - readthedocs.org

cloudlet

Designed to measure the execution environment and protect sensitive information from attacks, it operates with TrustedPlatform Module (TPM), an industry-standard device that can securely store artifacts used to verify integrity of theplatform Hardware-based root of trust—when coupled with an enabled operating system, hypervisor, and solutions—isthe foundation for a more secure computing platform that can ensure hypervisor and VMM integrity at boot fromrootkits or other low-level attacks. It establishes the trust-worthiness of the server and host platforms. The hardware-based root of trust uses open industry standards developed by Trusted Computing Group (TCG) to establish and ensureplatform trust and store measurements in a TPM.

The solution works by providing a root of trust—a processor-based, tamper-resistant environment that comparesfirmware, BIOS, and operating system or hypervisor code to known good configurations to establish a measured,trusted environment prior to launch. If integrity and trust are not verified in the launch process, Intel TXT identifiesthat the code has been compromised, which lets you protect the system and remediate the problem. Because IntelTXT can evaluate and report on platform integrity using attestation mechanisms, it can provide valuable insights andcontrols when used in the context of cloud computing models. This allows other key software—virtualization, cloudorchestration and management, and security policy applications—to understand and use platform integrity attributesto control workloads and data and better address security risks by keeping sensitive or regulated workloads separatefrom platforms with unknown integrity status. This is a concept that Intel and like-minded solution companies callTrusted Compute Pools.

Trustable pools created using Intel® Trusted Execution Technology (Intel® TXT)-enabled platforms help ensure safemigration between hosts.

4.6. Trust Manager 51

Page 56: cloudlet - readthedocs.org

cloudlet

Intel OpenCIT provides ‘Trust’ visibility of the cloud infrastructure and enables compliance in cloud datacenters. Thesolution leverages Intel processors with Intel® Trusted Execution Technology (Intel® TXT) to establish HW root oftrust and builds the chain of trust across hardware, OS, hypervisor, vm and docker container and including asset taggingfor Location and boundary control. The Platform trust and asset tag attestation information is used by Orchestratorsand/or Policy Compliance management to ensure workloads are launched on trusted and location/boundary compliantplatforms, and they provide the needed visibility and Auditability of your infrastructure in both public and privatecloud environments.

In this example each cloud has a geo fenced data set that can be shared with other clouds but not all of the clouds. Thisgives an example of “virtual” air-gapping classifications of data in the same datacenter and even across the multipleclouds and tactical edges.

In this example data can only be moved and unencrypted in the geoB geo-fence between the Cloud, Cloudlet1 andCloudlet2. This also prevents man in the middle attacks because the cloudlets are attested and trusted between them-selves. Since the trusted keys are stored in secure TPMs on physical machines in each “cloudlet”, only the physicalmachines with the appropriate keys can encrypt and decrypt the data, vms, or containers moving between the physicalmachines, using Intel’s TXT and CIT technologies.

4.6.1 Use Cases

52 Chapter 4. Sub Systems

Page 57: cloudlet - readthedocs.org

cloudlet

4.6.2 Users

• Actor Operations Manager

4.6.3 Uses

• Trust Manager

4.6.4 Interface

• CLI - Command Line Interface

• REST-API -

• Portal - Web Portal

4.6.5 Logical Artifacts

4.6. Trust Manager 53

Page 58: cloudlet - readthedocs.org

cloudlet

54 Chapter 4. Sub Systems

Page 59: cloudlet - readthedocs.org

cloudlet

4.6.6 Activities and Flows

4.6. Trust Manager 55

Page 60: cloudlet - readthedocs.org

cloudlet

4.6.7 Deployment Architecture

4.6.8 Physical Architecture

56 Chapter 4. Sub Systems

Page 61: cloudlet - readthedocs.org

CHAPTER 5

Actors

These are the Actors of the System.

5.1 Application Developer

The Application Developer develops cloud aware applications. This is the same actor as in the C3 architecture whichcan be found in the architect C3-App-Dev .

5.1.1 Use Cases

• Use Service

• Manage Services

57

Page 62: cloudlet - readthedocs.org

cloudlet

5.1.2 Activities

Application Developer will typically use existing services as well as develop new services. In order to use existingservices they can look up the services or service stacks in the Cloudlet service registry either locally or globally. Onethe service or service stacks is selected. It can be used by the Application Developer to developer their application.

If the service or service stack cannot be found then the Application Developer can create a new service in the cloudletfederation. They first need to request infrastructure to build the new service. Then they build the service and then addit to the cloudlet federation. The service could be local or global in the federation.

5.1.3 Workflow

Propagation of activities to the underlying C3 architecture is normal mode of operation.

58 Chapter 5. Actors

Page 63: cloudlet - readthedocs.org

cloudlet

5.1.4 User Interface

TBD

5.1.5 Command Line Interface

TBD

5.1. Application Developer 59

Page 64: cloudlet - readthedocs.org

cloudlet

5.2 Actor Operations Manager

The Operation Manager is responsible for managing the operations of the system. This includes the creation andmanagement of environments, users, and connectivity to the Clouds.

This is the same Operations Manager as defined in the CAADE Architecture. Click here to see the base OperationManager Specification.

5.2.1 Use Cases

• Manage Cloudlet

• Manage Policies

5.2.2 Activities

The Operations Manager focuses on the management of the cloudlet federation and the establishment of the federationthrough adding cloudlets to the federation, adding policies to the federation, managing infrastructure and managingthe cloudlets.

60 Chapter 5. Actors

Page 65: cloudlet - readthedocs.org

cloudlet

5.2.3 Workflow

Before the Cloudlet can be used the Cloudlet service needs to be installed for the C3 instance. Once it has beeninstalled the cloudlet is registered with other cloudlets to form the federation. Once the federation has been formedthe Operations Managaer can perform day to day operations, such as managing infrastructure and policies.

5.2. Actor Operations Manager 61

Page 66: cloudlet - readthedocs.org

cloudlet

5.2.4 User Interface

TBD

5.2.5 Command Line Interface

TBD

62 Chapter 5. Actors

Page 67: cloudlet - readthedocs.org

cloudlet

5.3 Actor Stack Developer

The Stack Developer is responsible for developing Application Stacks and Service Templates This includes developingthe configurations of services and applications for multiple environments and clouds.

This is the same Operations Manager as defined in the CAADE Architecture. Click here to see the base OperationManager Specification.

5.3.1 Use Cases

• Manage Services

• Use Service

5.3.2 Activities

All activities by the stack developer are proxies to the C3 Architecture. The Stack Developer is not a primary user ofthe Cloudlet. It is basically a passthru layer that allows the connection and then propigation of services and stacks toall of the Clouds in the cloudlet.

5.3. Actor Stack Developer 63

Page 68: cloudlet - readthedocs.org

cloudlet

5.3.3 Workflow

As the stack developer makes changes to services and application stacks those changes are propagated to remotecloudlets or to a centralized repository that all remote cloudlets can access.

64 Chapter 5. Actors

Page 69: cloudlet - readthedocs.org

cloudlet

5.3.4 User Interface

TBD

5.3.5 Command Line Interface

TBD

5.3. Actor Stack Developer 65

Page 70: cloudlet - readthedocs.org

cloudlet

66 Chapter 5. Actors

Page 71: cloudlet - readthedocs.org

CHAPTER 6

Use Cases

6.1 Manage Cloudlet

Add Description

6.1.1 Actors

• Actor Operations Manager

67

Page 72: cloudlet - readthedocs.org

cloudlet

6.1.2 Activities

• Activity from the diagram

6.1.3 Systems Involved

• Cloudlet Manager

6.1.4 Detail Scenarios

Add Cloudlet

Add Cloudlet using CLI and Web Interface with . . . <parameters>

68 Chapter 6. Use Cases

Page 73: cloudlet - readthedocs.org

cloudlet

CLI

This is the command line interface for the Add Cloudlet Scenario.

# cloudlet cloudlet add <parameters># cloudlet cloudlet add exmaple

Web Interface

This is a mock up of the Web Interface for the Add Cloudlet Scenario.

REST

This is the RESTful interface for the scenario.

cloudlet/add

Name Value Descriptionparameter1 value1 Description1

6.1. Manage Cloudlet 69

Page 74: cloudlet - readthedocs.org

cloudlet

List Cloudlet

List Cloudlet using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the List Cloudlet Scenario.

# cloudlet cloudlet list <parameters># cloudlet cloudlet list exmaple

Web Interface

This is a mock up of the Web Interface for the List Cloudlet Scenario.

REST

This is the RESTful interface for the scenario.

cloudlet/list

70 Chapter 6. Use Cases

Page 75: cloudlet - readthedocs.org

cloudlet

Name Value Descriptionparameter1 value1 Description1

Monitor Cloudlet

Monitor Cloudlet using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Monitor Cloudlet Scenario.

# cloudlet cloudlet monitor <parameters># cloudlet cloudlet monitor exmaple

Web Interface

This is a mock up of the Web Interface for the Monitor Cloudlet Scenario.

6.1. Manage Cloudlet 71

Page 76: cloudlet - readthedocs.org

cloudlet

REST

This is the RESTful interface for the scenario.

cloudlet/monitor

Name Value Descriptionparameter1 value1 Description1

Remove Cloudlet

Remove Cloudlet using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Remove Cloudlet Scenario.

# cloudlet cloudlet remove <parameters># cloudlet cloudlet remove exmaple

Web Interface

This is a mock up of the Web Interface for the Remove Cloudlet Scenario.

72 Chapter 6. Use Cases

Page 77: cloudlet - readthedocs.org

cloudlet

REST

This is the RESTful interface for the scenario.

cloudlet/remove

Name Value Descriptionparameter1 value1 Description1

6.2 Manage Infrastructure

Add Description

6.2.1 Actors

• Application Developer

• Actor Operations Manager

6.2.2 Activities

6.2. Manage Infrastructure 73

Page 78: cloudlet - readthedocs.org

cloudlet

• Activity from the diagram

6.2.3 Systems Involved

• SDI

6.2.4 Detail Scenarios

Release Compute

Release Compute using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Release Compute Scenario.

# cloudlet compute release <parameters># cloudlet compute release exmaple

Web Interface

This is a mock up of the Web Interface for the Release Compute Scenario.

74 Chapter 6. Use Cases

Page 79: cloudlet - readthedocs.org

cloudlet

REST

This is the RESTful interface for the scenario.

compute/release

Name Value Descriptionparameter1 value1 Description1

Release Network

Release Network using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Release Network Scenario.

# cloudlet network release <parameters># cloudlet network release exmaple

6.2. Manage Infrastructure 75

Page 80: cloudlet - readthedocs.org

cloudlet

Web Interface

This is a mock up of the Web Interface for the Release Network Scenario.

REST

This is the RESTful interface for the scenario.

network/release

Name Value Descriptionparameter1 value1 Description1

Release Storage

Release Storage using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Release Storage Scenario.

76 Chapter 6. Use Cases

Page 81: cloudlet - readthedocs.org

cloudlet

# cloudlet storage release <parameters># cloudlet storage release exmaple

Web Interface

This is a mock up of the Web Interface for the Release Storage Scenario.

REST

This is the RESTful interface for the scenario.

storage/release

Name Value Descriptionparameter1 value1 Description1

Request Compute

Request Compute using CLI and Web Interface with . . . <parameters>

6.2. Manage Infrastructure 77

Page 82: cloudlet - readthedocs.org

cloudlet

CLI

This is the command line interface for the Request Compute Scenario.

# cloudlet compute request <parameters># cloudlet compute request exmaple

Web Interface

This is a mock up of the Web Interface for the Request Compute Scenario.

REST

This is the RESTful interface for the scenario.

compute/request

Name Value Descriptionparameter1 value1 Description1

78 Chapter 6. Use Cases

Page 83: cloudlet - readthedocs.org

cloudlet

Request Network

Request Network using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Request Network Scenario.

# cloudlet network request <parameters># cloudlet network request exmaple

Web Interface

This is a mock up of the Web Interface for the Request Network Scenario.

REST

This is the RESTful interface for the scenario.

network/request

6.2. Manage Infrastructure 79

Page 84: cloudlet - readthedocs.org

cloudlet

Name Value Descriptionparameter1 value1 Description1

Request Storage

Request Storage using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Request Storage Scenario.

# cloudlet storage request <parameters># cloudlet storage request exmaple

Web Interface

This is a mock up of the Web Interface for the Request Storage Scenario.

80 Chapter 6. Use Cases

Page 85: cloudlet - readthedocs.org

cloudlet

REST

This is the RESTful interface for the scenario.

storage/request

Name Value Descriptionparameter1 value1 Description1

6.3 Manage Policies

Add Description

6.3.1 Actors

• Actor Operations Manager

6.3.2 Activities

• Activity from the diagram

6.3.3 Systems Involved

• Cloudlet Manager

6.3. Manage Policies 81

Page 86: cloudlet - readthedocs.org

cloudlet

6.3.4 Detail Scenarios

Create Policy

Create Policy using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Create Policy Scenario.

# cloudlet policy create <parameters># cloudlet policy create exmaple

Web Interface

This is a mock up of the Web Interface for the Create Policy Scenario.

REST

This is the RESTful interface for the scenario.

82 Chapter 6. Use Cases

Page 87: cloudlet - readthedocs.org

cloudlet

policy/create

Name Value Descriptionparameter1 value1 Description1

Destroy Policy

Destroy Policy using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Destroy Policy Scenario.

# cloudlet policy destroy <parameters># cloudlet policy destroy exmaple

Web Interface

This is a mock up of the Web Interface for the Destroy Policy Scenario.

6.3. Manage Policies 83

Page 88: cloudlet - readthedocs.org

cloudlet

REST

This is the RESTful interface for the scenario.

policy/destroy

Name Value Descriptionparameter1 value1 Description1

Evaluate Policy

Evaluate Policy using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Evaluate Policy Scenario.

# cloudlet policy evaluate <parameters># cloudlet policy evaluate exmaple

84 Chapter 6. Use Cases

Page 89: cloudlet - readthedocs.org

cloudlet

Web Interface

This is a mock up of the Web Interface for the Evaluate Policy Scenario.

REST

This is the RESTful interface for the scenario.

policy/evaluate

Name Value Descriptionparameter1 value1 Description1

List Policy

List Policy using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the List Policy Scenario.

6.3. Manage Policies 85

Page 90: cloudlet - readthedocs.org

cloudlet

# cloudlet policy list <parameters># cloudlet policy list exmaple

Web Interface

This is a mock up of the Web Interface for the List Policy Scenario.

REST

This is the RESTful interface for the scenario.

policy/list

Name Value Descriptionparameter1 value1 Description1

Manage Federated Policies

Manage Federated Policies using CLI and Web Interface with . . . <parameters>

86 Chapter 6. Use Cases

Page 91: cloudlet - readthedocs.org

cloudlet

CLI

This is the command line interface for the Manage Federated Policies Scenario.

# cloudlet federated manage <parameters># cloudlet federated manage exmaple

Web Interface

This is a mock up of the Web Interface for the Manage Federated Policies Scenario.

REST

This is the RESTful interface for the scenario.

federated/manage

Name Value Descriptionparameter1 value1 Description1

6.3. Manage Policies 87

Page 92: cloudlet - readthedocs.org

cloudlet

Manage Local Policies

Manage Local Policies using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Manage Local Policies Scenario.

# cloudlet local manage <parameters># cloudlet local manage exmaple

Web Interface

This is a mock up of the Web Interface for the Manage Local Policies Scenario.

REST

This is the RESTful interface for the scenario.

local/manage

88 Chapter 6. Use Cases

Page 93: cloudlet - readthedocs.org

cloudlet

Name Value Descriptionparameter1 value1 Description1

6.4 Manage Services

Add Description

6.4.1 Actors

• Actor Operations Manager

6.4.2 Activities

• Activity from the diagram

6.4.3 Systems Involved

• Cloudlet Manager

6.4.4 Detail Scenarios

Add Service

Add Service using CLI and Web Interface with . . . <parameters>

6.4. Manage Services 89

Page 94: cloudlet - readthedocs.org

cloudlet

CLI

This is the command line interface for the Add Service Scenario.

# cloudlet service add <parameters># cloudlet service add exmaple

Web Interface

This is a mock up of the Web Interface for the Add Service Scenario.

REST

This is the RESTful interface for the scenario.

service/add

Name Value Descriptionparameter1 value1 Description1

90 Chapter 6. Use Cases

Page 95: cloudlet - readthedocs.org

cloudlet

Create Service

Create Service using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Create Service Scenario.

# cloudlet service create <parameters># cloudlet service create exmaple

Web Interface

This is a mock up of the Web Interface for the Create Service Scenario.

REST

This is the RESTful interface for the scenario.

service/create

6.4. Manage Services 91

Page 96: cloudlet - readthedocs.org

cloudlet

Name Value Descriptionparameter1 value1 Description1

List Service

List Service using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the List Service Scenario.

# cloudlet service list <parameters># cloudlet service list exmaple

Web Interface

This is a mock up of the Web Interface for the List Service Scenario.

92 Chapter 6. Use Cases

Page 97: cloudlet - readthedocs.org

cloudlet

REST

This is the RESTful interface for the scenario.

service/list

Name Value Descriptionparameter1 value1 Description1

Remove Service

Remove Service using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Remove Service Scenario.

# cloudlet service remove <parameters># cloudlet service remove exmaple

Web Interface

This is a mock up of the Web Interface for the Remove Service Scenario.

6.4. Manage Services 93

Page 98: cloudlet - readthedocs.org

cloudlet

REST

This is the RESTful interface for the scenario.

service/remove

Name Value Descriptionparameter1 value1 Description1

6.5 Use Service

Add Description

6.5.1 Actors

• Actor Operations Manager

6.5.2 Activities

• Activity from the diagram

94 Chapter 6. Use Cases

Page 99: cloudlet - readthedocs.org

cloudlet

6.5.3 Systems Involved

• Cloudlet Manager

6.5.4 Detail Scenarios

Deploy Service

Deploy Service using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Deploy Service Scenario.

# cloudlet service deploy <parameters># cloudlet service deploy exmaple

Web Interface

This is a mock up of the Web Interface for the Deploy Service Scenario.

6.5. Use Service 95

Page 100: cloudlet - readthedocs.org

cloudlet

REST

This is the RESTful interface for the scenario.

service/deploy

Name Value Descriptionparameter1 value1 Description1

Launch Service

Launch Service using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Launch Service Scenario.

# cloudlet service launch <parameters># cloudlet service launch exmaple

96 Chapter 6. Use Cases

Page 101: cloudlet - readthedocs.org

cloudlet

Web Interface

This is a mock up of the Web Interface for the Launch Service Scenario.

REST

This is the RESTful interface for the scenario.

service/launch

Name Value Descriptionparameter1 value1 Description1

Monitor Service

Monitor Service using CLI and Web Interface with . . . <parameters>

CLI

This is the command line interface for the Monitor Service Scenario.

6.5. Use Service 97

Page 102: cloudlet - readthedocs.org

cloudlet

# cloudlet service monitor <parameters># cloudlet service monitor exmaple

Web Interface

This is a mock up of the Web Interface for the Monitor Service Scenario.

REST

This is the RESTful interface for the scenario.

service/monitor

Name Value Descriptionparameter1 value1 Description1

98 Chapter 6. Use Cases

Page 103: cloudlet - readthedocs.org

cloudlet

6.5. Use Service 99