50120140501014

299 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
299
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

50120140501014

  1. 1. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & 6367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 5, Issue 1, January (2014), pp. 118-127 © IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2013): 6.1302 (Calculated by GISI) www.jifactor.com IJCET ©IAEME AN ENHANCED MONITORING MECHANISM FOR IAAS PLATFORMS Mohammed Jameel Sadeeq Barwary Assistant Lecturer, Department of Statistics, Faculty of Adminstration and Economics, University of Duhok(UoD), Kurdistan Region - Iraq ABSTRACT The monitoring mechanisms of open-source IaaS software OpenNebula and monitoring system Ganglia were analyzed. Reduce overload of retrieving resource usage information by deploying the Ganglia monitoring agent. And for improving the robustness of monitoring subsystem, we take measures on the privileged domain of virtualization nodes to hide the agent to prevent regular or malicious users checking, modifying, unloading or killing it intentionally or unintentionally. The mechanism is very helpful to enhance the effectiveness, reliability and sturdiness of the monitoring system of IaaS platforms. KEYWORDS: IaaS, Monitoring, Consolidation, Agent. I. INTRODUCTION With the outstanding advantages of elasticity, economics and etc., cloud computing is embraced by many IT companies, universities and research institutes. According to the NIST (National Institute of Standards and Technology) definition of cloud computing, the cloud model contains five essential characteristics, on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service [1]. Importantly, most of the attractive characteristics rely on the effectiveness and reliability of resources monitoring system. Currently, for IaaS (Infrastructure as a Service), there are many different monitoring systems for commercial or open source IaaS platforms, which have different merits and demerits about overload or robustness [2], many researchers have proposed different solutions to solve performance or robustness problems. For example, G. Katsaros et al designed a multi-level monitoring framework, which is more effective and scalable [3]. Javier Povedano-Molina et al design a high adaptable and scalable monitoring architecture for cloud, which ensures an accurate measurement of resources in cloud keeping a low overhead [4]. And D. Zou et al designed a trusted monitoring framework to ensure the integrity of monitoring environment through trusted computing technology [5]. 118
  2. 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME Most of the previous works focused on the efficiency or monitoring environment security, but lacking the protection mechanism of monitoring system components. With the development of cloud computing and datacenter expansion, the monitoring system should consider both of the above two aspects. In this paper, we present an enhanced monitoring mechanism for IaaS platform based on OpenNebula, detailing the monitoring agent as the alternative of native monitoring probes and the consolidation measures to protect the monitoring component of monitoring infrastructure. II. MONITORING MECHANISM OF OPENNEBULA AND GANGLIA OpenNebula is an enterprise-ready open-source platform to manager cloud data centers and to build IaaS platform. The architecture of Ganglia is shown as figure 1. CLI Cloud Servers GUI Scheduler OCA(Ruby java) 、 XML-RPC API Opennebula Core Monitoring Storage Network Virtualization Images Auth DB Figure 1. The architecture of OpenNebula A. The monitoring mechanism of OpenNebula The native built-in monitoring subsystem of OpenNebula relies on the Xen hypervisor tools and OpenNebula-defined probes. The architecture of monitoring subsystem of OpenNebula as shown in figure 2. dne tno rF a lubeNnepO reh tO me tsysbuS gn i ro t inoM sebo rp gn i ro t ino HSS sse l -d rowssaP M U oD m U oD m 0 oD m edoN NEX U oD m 0 oD m U oD m edoN NEX U oD m U oD m 0 oD m edoN NEX Figure 2. OpenNebula Monitoring Subsystem To retrieve the resource information successfully, the OpenNebula Frontend needs to do the following works: 119
  3. 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME 1) Every Node need to have an identical unix account that will be used by the Frontend to connect and execute commands remotely, such as the monitoring probes and virtual machines management procedures. By default, the account is named ‘oneadmin’. 2) According to the password-less SSH login principle, making the ‘oneadmin’ account in Frontend can password-less login every node. The above two steps is critical to monitoring subsystem of Frontend. Because any node was added to IaaS platform, the Frontend needs to copy monitoring probes into it remotely. 3) After above operations were performed successfully, the ‘oneadmin’ account in Frontend will remote password-less login every node and execute the probes to gather the resources information periodically. B. The monitoring mechanism of Ganglia Analyzing the principle of the monitoring mechanism, there is a fact that the monitoring subsystem overhead is relate to the number of nodes, it will increase along with the increase nodes. To avoid the above problem, we adopt open source distributed cluster monitoring system Ganglia as the alternative, which is developed by Berkeley and with the advantages of scalability, overload lowly. The architecture of Ganglia [6] as shown in figure 3. client connect data gmetad Poll Poll XML over TCP gmetad Poll failover gmond gmond Node Node gmetad XDR over UDP ... Poll failover gmond gmond gmond Node Node Node Cluster ... Cluster Figure 3. Ganglia architecture The Ganglia monitoring system contains three main components, monitor daemon (gmond), metadata daemon (gmetad) and PHP web frontend. Especially, the gmond run in the nodes which we wish to monitor, which collects monitoring data of own, announces its presence on the local network and receive the state of other gmond nodes through muticast or unicast systems. III. ENHANCED MONITORING MECHANISM IMPLEMENTATION C. Integrating gmond of Ganglia According to the principle of Ganglia, we employ gmond as the alternatives of the probes to retrieve the resource information [7][8]. Then the monitoring subsystem can retrieve the whole resource information of IaaS platforms through accessing any one gmond in the multicast systems. The architecture of new monitoring subsystem after integrating gmond as shown in figure 4. 120
  4. 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME reh tO dno g m me tsysbus ro t ino M dne tno rF a lubeNnepO lennahc tsac i t lu M U oD m 0 oD m dno g m neX edoN U oD m 0 oD m dno g m neX edoN U oD m dno g m 0 oD m neX edoN Figure 4. Integrating Ganglia gmond Adopt the new monitoring mechanism, not only reducing the monitoring overhead in a large deployment as the monitor system don’t rely on the SSH connections to the nodes, but also easily extending the user-defined monitoring metrics, such as monitoring current running services or the overload information of specific process. D. Consolidation monitoring mechanism As the matter of fact that most of the attractive characteristics of cloud computing rely on the effectiveness and reliability of resources monitoring system, for improving the robustness of monitoring agent, we take measures on Linux guest operating system to hide the agent in privileged domain (which is the Dom0 operating system in Xen [9][10] virtualization environment as shown in Figure 4) to prevent regular or malicious users checking, modifying, unloading or killing it intentionally or unintentionally. The consolidation basic principles as follow. 1) when user executes commands or call APIs to view information of system processes, the unit for hiding monitor agent will judge the identity of who performs the above operations, whether it is the authorized user or not; 2) If the user is authorized, the request information containing monitoring agent process will be return successfully. It is need to emphasis that the authorized user is not the administrator or ‘root’ account in Linux operating system, which is a custom defined user account in privileged domain operating system (Dom0). The purpose of setting the account is to modify or configure the monitoring agent as needed to satisfy the different resource management and schedule requirements of IaaS platforms. The implementation is detailed below. According to the principle of process view of Linux operating system as shown in figure 5, it contains the following steps: 1) When an application launch a process view request, the application tools (Such as ps, pstree, top, etc.) will launch a system call ‘sys_open’ function to open the ‘/proc’ directory. If successful, it will return the file descriptors; 2) According to the descriptors, the application will continue calling ‘sys_getdents’ function to traverse the directory entry of ‘/proc’ directory and return the process directory entry set; 3) Finally, according to the process directory entry set, the application will get the process information. 121
  5. 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME ~~~~~~~~~~~~ ~~~~~~~~~~~~ ~~~~~~~~~~~~ ts iL sseco rP ↑ ps ls /proc ₧ User space ← co rp / ro tp i rcseD e l iF tes y r tne y ro tce r id sseco rP Kernel space pstree top System Call sys_call_table ia32_sys_call_table , : sys_getdents sys_open Figure 5. The native process of process view Through intercepting and filtering the above native traverse process, we can hide the specific process. To perform it, we introduce a unit for hiding monitoring agent. The new process of the process view in Linux as shown in figure 6. ls /proc co rp / User space ₧ ↑ ro tp i rcseD e l iF ↓ tes y r tne y ro tce r id sseco rP ← : System Call , sys_call_table ia32_sys_call_table sys_getdents sys_open → tnega gn i ro t ino m gn id ih ro f Authorized user? N Filter operation Y t in U Kernel space pstree top ~~~~~~~~~~~~ ~~~~~~~~~~~~ ts iL sseco rP ↔ ps Non-Filter VFS Kernel Service Figure 6. The new process of process view 122
  6. 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME For the ‘sys_getdents’ function as shown in figure 7, we modify the ‘readdir’ function to add user identity inspection mechanism. Only return the whole directory entry set to authorized user, otherwise, return the information excluding the monitor agent related information to regular user. sys_getdents vfs_readdir file->f_op->readdir Figure 7. ‘sys_getdents’ function The flowchart of the whole above process as shown in figure 8. Start Launch process view request Open /proc Retrieve process info. Application Tools File Descriptor ‘ sys_getdents Process directory entry set Authorized user ? N Fliter operation Traverse directory Y VFS Function APIs Process1 directory entry The function of /proc file system Process Info. Process list ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~~~~~~~~ ProcessN directory entry …… ‘ Call FD ’ sys_open ’ Call Process Info. Output process list End Figure 8. The flowchart of consolidation 123
  7. 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME After adding the consolidation mechanism, the enhanced monitoring architecture as shown in figure 9. dno g m me tsysbus ro t ino M dne tno rF a lubeNnepO reh tO t inu gn id ih lennahc tsac i t lu M U oD m dno g m 0 oD m t inu gn id ih neX edoN U oD m dno g m 0 oD m t inu gn id ih neX edoN U oD m dno g m 0 oD m t inu gn id ih neX edoN Figure 9. The enhanced monitoring architecture IV. EXPERIMENTAL RESULTS Based on the enhanced monitoring mechanism detailed in this paper, we take experiments in our IaaS testing platform. Considering the factors of copyright, effectiveness and performance, we choose the opensource software OpenNebula [11], Xen [12] and CentOS operating system [13] to build our IaaS platform. Xen is an open-source hypervisor, which makes it possible to run many instances of operating systems on a single machine. The platform architecture as shown in figure 10. ten re tn I e ludo gn id H m i dno g m a lubeNnepO dne tno rF e ludo gn id H m i dno g m neX 。。。 sedoN Figure 10. Minimal IaaS platform architecture The related software parameters of the IaaS testing environment are shown in Table I and the physical CPU should be 64-bit capable. TABLE I. RELEATED SOFTWARE PARAMETERS Name Version CentOS 5.8, x86_64 Xen 3.4.4 Ganglia 3.2.0 124
  8. 8. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME Utilizing the new monitoring system, we can also get the resource usage information of hosts and virtual machines. The memory usage information of one virtual machine in our IaaS environment as shown in figure 11. Figure 11. Memory monitoring information For the overload and effectiveness of the monitoring system, based on our environment, we assume the number of Nodes is NTotal. And according to the principle of the native monitoring subsystem of OpenNebula which needs to remote password-less login every node and execute the probes to gather the resources information periodically, we also assume that every remote login operation consumes REvery unit’s resource, the number of hosts monitored in each interval is NInterval, the consume time of each interval operation is TInterval ( and assume that every node of one interval finishes data acquisition operations within time of TInterval by parallel mechanism), the total time and resource consummation of one traverse are TTotal and RTotal. Thereinto, N, R, and T are positive integers. We can deduce the following equations: RTotal= NTotal*REvery  TTotal=(NTotal/NInterval)* TInterval 2 First, according to “(1)”, the total resource consummation of one traverse is increase linearly along with the increase nodes. And the whole overload of data acquisition is bore by Frontend, while according to Fig.4 the alternative mechanism lets nodes and Frontend to share the overload of data acquisition. A period of time of the overload of gmond agent on Frontend as shown in figure 12. Figure 12. The overload of monitoring agent 125
  9. 9. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME Second, according to “(2)”, the waiting time of retrieving the latest resource information of one node in IaaS satisfies TTime [TInterval , (NTotal/NInterval)* TEvery].While after adopting the gmond of Ganglia, the above waiting time is a fixed value and only depends on the specific parameters of gmond, which it is more effectiveness and real-time. For the robustness of monitoring components of monitoring system, the verification process of the consolidation mechanism is detailed as below. When unauthorized user including ‘root’ account who launches a process view request, the hiding unit will filter the returning results excluding the gmond monitoring agent as shown in Figure 13. While the authorized user (Built-in ‘admin’ account) can retrieve the whole process information as shown in Figure 14. ∈ Figure 13. Unauthorized user views monitoring agent process Figure 14. Figure 15. Authorized user views monitoring agent V. CONCLUSION We have present an enhanced monitoring mechanism for IaaS platforms: 1) Adopt the ganglia monitoring agent as the alternatives of native probes to reduce overload; 2) Take measures to hide the monitoring agent to consolidate to prevent it from being killed. We construct a more efficient and robust monitoring subsystem for IaaS platforms. Actually, the mechanism also adapts to the PaaS or SaaS environments, and the regular cluster or grid environments. ACKNOWLEDGMENT This work has been supported by the project of cloud computing network security of the Research Institution of China Mobile. 126
  10. 10. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME REFERENCES [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] Peter Mell, Timothy Grance, “The NIST Definition of Cloud Computing”, NTSI Special Publication 800-145, 2011. Giuseppe Aceto, et.al., “Cloud monitoring: A survey”. Computer Networks 57 (2013), 2013, pp.2093–2115. Gregory Katsaros, et.al., “An integrated monitoring infrastructure for cloud environments”, Cloud Computing and Services Science, 2012, pp.149-164. J. Povendano-Molina, et al., “DARGOS: A highly adaptable and scalable monitoring architecture for multi-tenant Clouds”, Future Generation Computer Systems (2013), 2013. D. Zou, et al., “Design and implementation of a trusted monitoring framework for cloud platforms”, Future Generation Computer Systems (2013), doi:10.1016/j.future.2012.12. Matthew L. Massie, Brent N. Chun, David E. Culler, “The ganglia distributed monitoring system: design, implementation, and experience”, Parallel Computing, vol. 30, 2004, pp.817840. C12G Labs S.L., “Advanced Setups for your Cloud Infrastructure OpenNebula 3.8”, C12G LABS, 2012. L. M. Liorente, et.al., “OpenNebula 3 Cloud Computing”, Packet Publishing Ltd., 2012. Jeanna N. Matthews, et.al., “Running Xen: A Hands-on Guide to the Art of Virtualizaiton”, Prentice Hall, 2008. Chris Takemura and Luke S. Crawford, “The book of Xen: A Practical Guide for the System Administrator”, 2009. Barham P.Dragovic B,Fraser K et al. Xen and the Art of Virtualization. Proceedings of the 19th ACM SOSP, 2003,10. Matt Massie, et.al. “Monitoring with Ganglia”, OREILLY, 2012.12. Xiang Guo-Fu, et.al., “Virtualization Based Security Monitoring”, Journal of Software, 2012. OpenNebula.org, http://www.opennebula.org/. Xenproject.org, http://www.xenproject.org/. CentOS.org, http://www.centos.org . Vallard Benincosa, Ganglia and Nagios, IBM developerWorks, http://www.ibm.com/developerworks/library/l-ganglia-nagios-1/ . UC Berkeley Grid Report. http://monitor.millennium.berkeley.edu/ . , [1] 127

×