Download - Cloudward Bound: Planning for Beneficial Migration of Enterprise Applications to the Cloud
Cloudward Bound: Planning for Beneficial Migration ofEnterprise Applications to the Cloud
B95b01023 鍾宇彥
Migrating reachability policies
• Abstraction and problem formulation• ACL migration algorithm– Granularity of policies in R– Deriving Rnew– Partitioning Rnew– Installing Rnew
Abstraction and problem formulation
• Correctness– Old and new must have the same result
• Migrating entity– At least: a server
• Reachability Matrix– Access Control List (ACL)– Avoid unwanted traffic
Reachability Matrix
a: access control list (ACL)
• Record direction, ACL must encounter– Like the directed graph presented by adjacency matrix
ACL migration algorithm• Filter domain (Fa) – Set of origin-destination(OD) entity communication
pairs(i,j) filtered by ACL a– Scalability• w/o setting domain, setting rule between each pairs
Fa2 comprise:
source destination
BE1 fe1
BE1 fe2
BE2 fe1
BE2 fe2
INT fe1
INT fe2
ACL migration algorithm
• Deriving Rnew
– Infer Rold from LDC– Translate :• Ex: IP mapping
• Partitioning Rnew
– Filtered by LDC or CDC– Filter the package before remote communication
LDC: Local Data CenterCDC: Cloud Data Center
Rnew matrix
Partition:Dotted: filtered in CDCGray: filtered in LDC
Two submatrices extracted from ACL a2
Installing Rnew - Submatrix extraction
• For scaling: keep number of submatrices small• Greedy choice maximum subset
Fa2(LDC,1)
Fa2(LDC,2)
Fa2(LDC,1)source destination
BE1 fe1
BE1 fe2
BE2 fe1
BE2 fe2
Fa2(LDC,2)
source destination
INT fe2
Installing Rnew
• Locating placement– Place ACL at edge-cut-set– Computing minimum edge-cut-set for each submatrices
Fa2(LDC,1)source destination
BE1 fe1
BE1 fe2
BE2 fe1
BE2 fe2
BE1
BE2
fe1
fe2
ACL a2
Theoretical ACL place location for Fa2(LDC,1)
Installing Rnew - Locating placementCDC ACL placement
LDC ACL placement
BE1
BE2
fe1
fe2
AR
BR
AR
AR Red: path to fe1Blue: path to fe2
Fa2(LDC,1) physical deployment presented by graph
INT
i/p
i/p
i/p
i/p
o/p
o/p
o/p
o/p
Installing Rnew - Locating placement• Edge-cut-set– Find minimum cut– Place ACL on the interface closer to source
Cut: separate the src and des
ACL a2
ACL a2
Installing Rnew - Generating ACL Configuration
• Old ACL configuration might fail1.Before migration (local) 2.After migration
Installing Rnew - Generating ACL Configuration
• Traffic domain D(L) : all OD pairs path by location, “L”, placed ACL– Separate legal and illegal OD pairs in D(L)– Scoped, Isolated form : different default permission
ACL migration algorithm
Evaluation
• Deriving model parameter(linear programming)– Data flow, communication…
• Migration benefit calculation• Migration strategies– Delay V.S Cost– Security policy • Ex: keep database servers in local data center
Evaluation – case 1
Internal request ~80%External request ~20%
Evaluation – case 1
CDF: Cumulative Distribution Function
Evaluation – case 2
Evaluation – case 2
• Policy : w/o BE migration
Evaluation - summery
• The optimal migration not only consider the CPU usage and storage, but communication …etc
• Delay bound consideration• Relative size of transaction between different
components may determine the optimal strategy• Sensitivity to the cost of internet communication
Conclusion
• Benefits of hybrid cloud deployment• Importance and feasibility of migration decision• Provide feasible reconfiguration of reachability
policies method