More Related Content
Similar to 50120140501014
Similar to 50120140501014 (20)
More from IAEME Publication
More from IAEME Publication (20)
50120140501014
- 1. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
6367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
TECHNOLOGY (IJCET)
ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)
Volume 5, Issue 1, January (2014), pp. 118-127
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2013): 6.1302 (Calculated by GISI)
www.jifactor.com
IJCET
©IAEME
AN ENHANCED MONITORING MECHANISM FOR IAAS PLATFORMS
Mohammed Jameel Sadeeq Barwary
Assistant Lecturer, Department of Statistics, Faculty of Adminstration and Economics,
University of Duhok(UoD), Kurdistan Region - Iraq
ABSTRACT
The monitoring mechanisms of open-source IaaS software OpenNebula and monitoring
system Ganglia were analyzed. Reduce overload of retrieving resource usage information by
deploying the Ganglia monitoring agent. And for improving the robustness of monitoring subsystem,
we take measures on the privileged domain of virtualization nodes to hide the agent to prevent
regular or malicious users checking, modifying, unloading or killing it intentionally or
unintentionally. The mechanism is very helpful to enhance the effectiveness, reliability and
sturdiness of the monitoring system of IaaS platforms.
KEYWORDS: IaaS, Monitoring, Consolidation, Agent.
I. INTRODUCTION
With the outstanding advantages of elasticity, economics and etc., cloud computing is
embraced by many IT companies, universities and research institutes. According to the NIST
(National Institute of Standards and Technology) definition of cloud computing, the cloud model
contains five essential characteristics, on-demand self-service, broad network access, resource
pooling, rapid elasticity and measured service [1]. Importantly, most of the attractive characteristics
rely on the effectiveness and reliability of resources monitoring system. Currently, for IaaS
(Infrastructure as a Service), there are many different monitoring systems for commercial or open
source IaaS platforms, which have different merits and demerits about overload or robustness [2],
many researchers have proposed different solutions to solve performance or robustness problems. For
example, G. Katsaros et al designed a multi-level monitoring framework, which is more effective and
scalable [3]. Javier Povedano-Molina et al design a high adaptable and scalable monitoring
architecture for cloud, which ensures an accurate measurement of resources in cloud keeping a low
overhead [4]. And D. Zou et al designed a trusted monitoring framework to ensure the integrity of
monitoring environment through trusted computing technology [5].
118
- 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
Most of the previous works focused on the efficiency or monitoring environment security, but
lacking the protection mechanism of monitoring system components. With the development of cloud
computing and datacenter expansion, the monitoring system should consider both of the above two
aspects.
In this paper, we present an enhanced monitoring mechanism for IaaS platform based on
OpenNebula, detailing the monitoring agent as the alternative of native monitoring probes and the
consolidation measures to protect the monitoring component of monitoring infrastructure.
II. MONITORING MECHANISM OF OPENNEBULA AND GANGLIA
OpenNebula is an enterprise-ready open-source platform to manager cloud data centers and
to build IaaS platform. The architecture of Ganglia is shown as figure 1.
CLI
Cloud Servers
GUI
Scheduler
OCA(Ruby java)
、
XML-RPC API
Opennebula Core
Monitoring
Storage
Network
Virtualization
Images
Auth
DB
Figure 1. The architecture of OpenNebula
A. The monitoring mechanism of OpenNebula
The native built-in monitoring subsystem of OpenNebula relies on the Xen hypervisor tools
and OpenNebula-defined probes. The architecture of monitoring subsystem of OpenNebula as shown
in figure 2.
dne tno rF a lubeNnepO
reh tO
me tsysbuS gn i ro t inoM
sebo rp gn i ro t ino HSS sse l -d rowssaP
M
U oD
m
U oD
m
0 oD
m
edoN
NEX
U oD
m
0 oD
m
U oD
m
edoN
NEX
U oD
m
U oD
m
0 oD
m
edoN
NEX
Figure 2. OpenNebula Monitoring Subsystem
To retrieve the resource information successfully, the OpenNebula Frontend needs to do the
following works:
119
- 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
1) Every Node need to have an identical unix account that will be used by the Frontend to connect
and execute commands remotely, such as the monitoring probes and virtual machines
management procedures. By default, the account is named ‘oneadmin’.
2) According to the password-less SSH login principle, making the ‘oneadmin’ account in Frontend
can password-less login every node.
The above two steps is critical to monitoring subsystem of Frontend. Because any node was
added to IaaS platform, the Frontend needs to copy monitoring probes into it remotely.
3) After above operations were performed successfully, the ‘oneadmin’ account in Frontend will
remote password-less login every node and execute the probes to gather the resources information
periodically.
B. The monitoring mechanism of Ganglia
Analyzing the principle of the monitoring mechanism, there is a fact that the monitoring
subsystem overhead is relate to the number of nodes, it will increase along with the increase nodes. To
avoid the above problem, we adopt open source distributed cluster monitoring system Ganglia as the
alternative, which is developed by Berkeley and with the advantages of scalability, overload lowly.
The architecture of Ganglia [6] as shown in figure 3.
client
connect
data
gmetad
Poll
Poll
XML over TCP
gmetad
Poll
failover
gmond
gmond
Node
Node
gmetad
XDR over UDP
...
Poll
failover
gmond
gmond
gmond
Node
Node
Node
Cluster
...
Cluster
Figure 3. Ganglia architecture
The Ganglia monitoring system contains three main components, monitor daemon (gmond),
metadata daemon (gmetad) and PHP web frontend. Especially, the gmond run in the nodes which we
wish to monitor, which collects monitoring data of own, announces its presence on the local network
and receive the state of other gmond nodes through muticast or unicast systems.
III. ENHANCED MONITORING MECHANISM IMPLEMENTATION
C. Integrating gmond of Ganglia
According to the principle of Ganglia, we employ gmond as the alternatives of the probes to
retrieve the resource information [7][8]. Then the monitoring subsystem can retrieve the whole
resource information of IaaS platforms through accessing any one gmond in the multicast systems.
The architecture of new monitoring subsystem after integrating gmond as shown in figure 4.
120
- 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
reh tO
dno g
m
me tsysbus ro t ino
M
dne tno rF
a lubeNnepO
lennahc tsac i t lu
M
U oD
m
0 oD
m
dno g
m
neX
edoN
U oD
m
0 oD
m
dno g
m
neX
edoN
U oD
m
dno g
m
0 oD
m
neX
edoN
Figure 4. Integrating Ganglia gmond
Adopt the new monitoring mechanism, not only reducing the monitoring overhead in a large
deployment as the monitor system don’t rely on the SSH connections to the nodes, but also easily
extending the user-defined monitoring metrics, such as monitoring current running services or the
overload information of specific process.
D. Consolidation monitoring mechanism
As the matter of fact that most of the attractive characteristics of cloud computing rely on the
effectiveness and reliability of resources monitoring system, for improving the robustness of
monitoring agent, we take measures on Linux guest operating system to hide the agent in privileged
domain (which is the Dom0 operating system in Xen [9][10] virtualization environment as shown in
Figure 4) to prevent regular or malicious users checking, modifying, unloading or killing it
intentionally or unintentionally.
The consolidation basic principles as follow.
1) when user executes commands or call APIs to view information of system processes, the unit for
hiding monitor agent will judge the identity of who performs the above operations, whether it is
the authorized user or not;
2) If the user is authorized, the request information containing monitoring agent process will be
return successfully.
It is need to emphasis that the authorized user is not the administrator or ‘root’ account in
Linux operating system, which is a custom defined user account in privileged domain operating
system (Dom0). The purpose of setting the account is to modify or configure the monitoring agent as
needed to satisfy the different resource management and schedule requirements of IaaS platforms.
The implementation is detailed below.
According to the principle of process view of Linux operating system as shown in figure 5, it
contains the following steps:
1) When an application launch a process view request, the application tools (Such as ps, pstree, top,
etc.) will launch a system call ‘sys_open’ function to open the ‘/proc’ directory. If successful, it
will return the file descriptors;
2) According to the descriptors, the application will continue calling ‘sys_getdents’ function to
traverse the directory entry of ‘/proc’ directory and return the process directory entry set;
3) Finally, according to the process directory entry set, the application will get the process
information.
121
- 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
~~~~~~~~~~~~
~~~~~~~~~~~~
~~~~~~~~~~~~
ts iL sseco rP
↑
ps
ls /proc
₧
User
space
←
co rp /
ro tp i rcseD
e l iF
tes
y r tne y ro tce r id
sseco rP
Kernel
space
pstree
top
System Call sys_call_table ia32_sys_call_table
,
:
sys_getdents
sys_open
Figure 5. The native process of process view
Through intercepting and filtering the above native traverse process, we can hide the specific
process. To perform it, we introduce a unit for hiding monitoring agent. The new process of the
process view in Linux as shown in figure 6.
ls /proc
co rp /
User
space
₧
↑
ro tp i rcseD
e l iF
↓
tes
y r tne y ro tce r id
sseco rP
←
:
System Call
,
sys_call_table ia32_sys_call_table
sys_getdents
sys_open
→
tnega gn i ro t ino
m gn id ih
ro f
Authorized
user?
N
Filter operation
Y
t in
U
Kernel
space
pstree
top
~~~~~~~~~~~~
~~~~~~~~~~~~
ts iL sseco rP
↔
ps
Non-Filter
VFS Kernel Service
Figure 6. The new process of process view
122
- 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
For the ‘sys_getdents’ function as shown in figure 7, we modify the ‘readdir’ function to add user
identity inspection mechanism. Only return the whole directory entry set to authorized user,
otherwise, return the information excluding the monitor agent related information to regular user.
sys_getdents
vfs_readdir
file->f_op->readdir
Figure 7. ‘sys_getdents’ function
The flowchart of the whole above process as shown in figure 8.
Start
Launch process view
request
Open /proc
Retrieve process info.
Application Tools
File Descriptor
‘
sys_getdents
Process
directory entry
set
Authorized
user
?
N
Fliter
operation
Traverse
directory
Y
VFS Function
APIs
Process1 directory
entry
The function of /proc file
system
Process Info.
Process list
~~~~~~~~~~~
~~~~~~~~~~~
~~~~~~~~~~~
ProcessN directory
entry
……
‘
Call
FD
’
sys_open
’
Call
Process Info.
Output process list
End
Figure 8. The flowchart of consolidation
123
- 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
After adding the consolidation mechanism, the enhanced monitoring architecture as shown in
figure 9.
dno g
m
me tsysbus
ro t ino
M
dne tno rF
a lubeNnepO
reh tO
t inu
gn id ih
lennahc tsac i t lu
M
U oD
m
dno g
m
0 oD
m
t inu
gn id ih
neX
edoN
U oD
m
dno g
m
0 oD
m
t inu
gn id ih
neX
edoN
U oD
m
dno g
m
0 oD
m
t inu
gn id ih
neX
edoN
Figure 9. The enhanced monitoring architecture
IV.
EXPERIMENTAL RESULTS
Based on the enhanced monitoring mechanism detailed in this paper, we take experiments in
our IaaS testing platform.
Considering the factors of copyright, effectiveness and performance, we choose the opensource software OpenNebula [11], Xen [12] and CentOS operating system [13] to build our IaaS
platform. Xen is an open-source hypervisor, which makes it possible to run many instances of
operating systems on a single machine.
The platform architecture as shown in figure 10.
ten re tn I
e ludo gn id H
m
i
dno g
m
a lubeNnepO
dne tno rF
e ludo gn id H
m
i
dno g
m
neX
。。。
sedoN
Figure 10. Minimal IaaS platform architecture
The related software parameters of the IaaS testing environment are shown in Table I and the
physical CPU should be 64-bit capable.
TABLE I. RELEATED SOFTWARE PARAMETERS
Name
Version
CentOS
5.8, x86_64
Xen
3.4.4
Ganglia
3.2.0
124
- 8. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
Utilizing the new monitoring system, we can also get the resource usage information of hosts
and virtual machines. The memory usage information of one virtual machine in our IaaS environment
as shown in figure 11.
Figure 11. Memory monitoring information
For the overload and effectiveness of the monitoring system, based on our environment, we
assume the number of Nodes is NTotal. And according to the principle of the native monitoring
subsystem of OpenNebula which needs to remote password-less login every node and execute the
probes to gather the resources information periodically, we also assume that every remote login
operation consumes REvery unit’s resource, the number of hosts monitored in each interval is NInterval,
the consume time of each interval operation is TInterval ( and assume that every node of one interval
finishes data acquisition operations within time of TInterval by parallel mechanism), the total time and
resource consummation of one traverse are TTotal and RTotal. Thereinto, N, R, and T are positive
integers. We can deduce the following equations:
RTotal= NTotal*REvery
TTotal=(NTotal/NInterval)* TInterval
2
First, according to “(1)”, the total resource consummation of one traverse is increase linearly
along with the increase nodes. And the whole overload of data acquisition is bore by Frontend, while
according to Fig.4 the alternative mechanism lets nodes and Frontend to share the overload of data
acquisition. A period of time of the overload of gmond agent on Frontend as shown in figure 12.
Figure 12. The overload of monitoring agent
125
- 9. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
Second, according to “(2)”, the waiting time of retrieving the latest resource information of
one node in IaaS satisfies TTime [TInterval , (NTotal/NInterval)* TEvery].While after adopting the gmond of
Ganglia, the above waiting time is a fixed value and only depends on the specific parameters of
gmond, which it is more effectiveness and real-time.
For the robustness of monitoring components of monitoring system, the verification process of
the consolidation mechanism is detailed as below.
When unauthorized user including ‘root’ account who launches a process view request, the
hiding unit will filter the returning results excluding the gmond monitoring agent as shown in Figure
13. While the authorized user (Built-in ‘admin’ account) can retrieve the whole process information as
shown in Figure 14.
∈
Figure 13. Unauthorized user views monitoring agent process
Figure 14.
Figure 15. Authorized user views monitoring agent
V. CONCLUSION
We have present an enhanced monitoring mechanism for IaaS platforms: 1) Adopt the ganglia
monitoring agent as the alternatives of native probes to reduce overload; 2) Take measures to hide the
monitoring agent to consolidate to prevent it from being killed. We construct a more efficient and
robust monitoring subsystem for IaaS platforms. Actually, the mechanism also adapts to the PaaS or
SaaS environments, and the regular cluster or grid environments.
ACKNOWLEDGMENT
This work has been supported by the project of cloud computing network security of the
Research Institution of China Mobile.
126
- 10. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 - 6375(Online), Volume 5, Issue 1, January (2014), © IAEME
REFERENCES
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
Peter Mell, Timothy Grance, “The NIST Definition of Cloud Computing”, NTSI Special
Publication 800-145, 2011.
Giuseppe Aceto, et.al., “Cloud monitoring: A survey”. Computer Networks 57 (2013), 2013,
pp.2093–2115.
Gregory Katsaros, et.al., “An integrated monitoring infrastructure for cloud environments”,
Cloud Computing and Services Science, 2012, pp.149-164.
J. Povendano-Molina, et al., “DARGOS: A highly adaptable and scalable monitoring
architecture for multi-tenant Clouds”, Future Generation Computer Systems (2013), 2013.
D. Zou, et al., “Design and implementation of a trusted monitoring framework for cloud
platforms”, Future Generation Computer Systems (2013), doi:10.1016/j.future.2012.12.
Matthew L. Massie, Brent N. Chun, David E. Culler, “The ganglia distributed monitoring
system: design, implementation, and experience”, Parallel Computing, vol. 30, 2004, pp.817840.
C12G Labs S.L., “Advanced Setups for your Cloud Infrastructure OpenNebula 3.8”, C12G
LABS, 2012.
L. M. Liorente, et.al., “OpenNebula 3 Cloud Computing”, Packet Publishing Ltd., 2012.
Jeanna N. Matthews, et.al., “Running Xen: A Hands-on Guide to the Art of Virtualizaiton”,
Prentice Hall, 2008.
Chris Takemura and Luke S. Crawford, “The book of Xen: A Practical Guide for the System
Administrator”, 2009.
Barham P.Dragovic B,Fraser K et al. Xen and the Art of Virtualization. Proceedings of the
19th ACM SOSP, 2003,10.
Matt Massie, et.al. “Monitoring with Ganglia”, OREILLY, 2012.12.
Xiang Guo-Fu, et.al., “Virtualization Based Security Monitoring”, Journal of Software, 2012.
OpenNebula.org, http://www.opennebula.org/.
Xenproject.org, http://www.xenproject.org/.
CentOS.org, http://www.centos.org .
Vallard
Benincosa,
Ganglia
and
Nagios,
IBM
developerWorks,
http://www.ibm.com/developerworks/library/l-ganglia-nagios-1/ .
UC Berkeley Grid Report. http://monitor.millennium.berkeley.edu/ .
,
[1]
127