Management,	  Security	  and	          Sustainability	  for	  Cloud	  Compu8ng	                                           ...
MANAGEMENT	  FOR	  CLOUD	                          COMPUTING	                                               	             ...
Outline	  1.  ABSTRACT	  2.  INDROTUCTION	  	  3.  BACKGROUND	  3.1.	  Cloud	  Compu8ng	  Service	  Models	  3.2.	  Cloud	...
Outline	  4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  4.1.	  Architecture	  4.2.	  Implemanta8on	  5.	  CASE	  STUDY	 ...
Outline	  7.	  KEY	  LESSONS	  LEARNED	  7.1.	  Related	  to	  Test-­‐Bed	  Prepara8on	  7.2.	  Design	  and	  Implementa8...
1.	  ABSTRACT	  This	  presenta8on	  describes:	  	  -­‐	  our	  experience	  with	  a	  private	  cloud;	  	  -­‐  the	  ...
2.	  INTRODUCTION	  -­‐  Cloud	   compu8ng	   provides	   several	   technical	       benefits	   including	   flexible	   h...
2.	  INTRODUCTION	  The	  intent	  of	  this	  presenta8on	  is	  to:	  -­‐  Provide	   insight	   into	   how	   tradi8on...
2.	  INTRODUCTION	  -­‐  Help	   future	   adopters	   of	   could	   compu8ng	       make	   good	   decisions	   on	   b...
3.	  BACKGROUND	  	  3.1.	  Cloud	  Compu8ng	  Service	  Models	  -­‐  Sodware-­‐as-­‐a-­‐Service	   (SaaS):	   The	   con...
3.	  BACKGROUND	  	  3.1.	  Cloud	  Compu8ng	  Service	  Models	  -­‐  Infrastructure-­‐as-­‐a-­‐Service	   (IaaS):	   Con...
3.	  BACKGROUND	  	  3.2.	  Cloud	  Compu8ng	  Deployment	  Models	  -­‐  Public:	  Resources	  are	  available	  to	  the...
3.	  BACKGROUND	  	  3.2.	  Cloud	  Compu8ng	  Deployment	  Models	  -­‐  Community:	   Resources	   on	   this	   model	 ...
3.	  BACKGROUND	  	  3.3.	  Cloud	  Compu8ng	  Standards	  -­‐  Open	   Cloud	   Compu8ng	   Interface:	   This	   Open	  ...
3.	  BACKGROUND	  	  3.3.	  Cloud	  Compu8ng	  Standards	  -­‐  Open	   Cloud	   Standards	   Incubator:	   This	       in...
4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  	  OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	     16	  
4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  	  4.1.	  Architecture	  -­‐	  Three	  layers	  address	  the	  monitoring...
4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  	  4.1.	  Architecture	  -­‐  Integra8on	  layer:	  -­‐  The	  monitoring	...
4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  	  4.1.	  Architecture	  -­‐  View	  layer:	  -­‐  This	  layer	  presents...
4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  	  4.2.	  Implementa8on	  	  -­‐  The	   current	   PCMONS	   version	   a...
A	  typical	  deployment	  scenario	  for	  PCMONS	  	  OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	    ...
4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  	  	  4.2	  Implementa8on	  -­‐  Node	   Informa8on	   Gatherer:	   This	 ...
4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  	  	  4.2	  Implementa8on	  -­‐  Monitoring	   Data	   Integrator:	   Gath...
4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  	  	  4.2	  Implementa8on	  -­‐  C o n fi g u r a 8 o n	   G e n e r a t o ...
4.	  MONITORING	  ARCHITECTURE	  AND	  PCMONS	  	  	  4.2	  Implementa8on	  -­‐  User	   Interface:	   Most	   monitoring	...
5.	  CASE	  STUDY	  	  -­‐  We	  built	  an	  environment	  where	  VM	  images	       are	  available	  for	  users	  tha...
Testbed	  environment	  	  OCTOBER	  -­‐	  FLORIANÓPOLIS	         SECCOM	  2012	  -­‐	  UFSC	     27	  
5.	  CASE	  STUDY	  	  	  -­‐  Open	   SUSE	   was	   chosen	   as	   the	   opera8ng	       system	   of	   the	   physic...
Representa8ve	  Nagios	  interface	  	                       of	  the	  monitored	  cloud	  services	  	  OCTOBER	  -­‐	  ...
5.	  CASE	  STUDY	  	  	  -­‐  First	  column	  shows	  object	  names	  (VM,	  PM,	       ROUTERS...).	  VM	  names	  are...
6.	  RELATED	  WORK	  	  	  6.1.	  Grid	  Monitoring	  -­‐  Reference	  [7]	  introduces	  the	   	  three-­‐layer	  Grid	...
6.	  RELATED	  WORK	  	  	  6.1.	  Grid	  Monitoring	  -­‐  Reference	   [9]	   iden8fies	   some	   differences	       b e ...
6.	  RELATED	  WORK	  	  	  6.2.	  Cloud	  Monitoring	  -­‐  Reference	   [11]	   defines	   general	   requirements	      ...
7.	  KEY	  LESSONS	  LEARNED	  	  	  7.1.	  Related	  to	  Test-­‐Bed	  Prepara8on	  -­‐  Sodware	  plagorms	  for	  cloud...
7.	  KEY	  LESSONS	  LEARNED	  	  	  7.2.	  Design	  and	  Implementa8on	  -­‐  We	  opted	  for	  solu8ons	  well	  estab...
7.	  KEY	  LESSONS	  LEARNED	  	  	  7.3.	  Standardiza8on	  and	  Available	  Implementa-­‐     8ons	  -­‐  Before	   cho...
8.	  CONCLUSION	  AND	  	  FUTURE	  WORK	  	  -­‐  This	   presenta8on	   summarizes	   some	   cloud	       compu8ng	   c...
8.	  CONCLUSION	  AND	  	  FUTURE	  WORK	  	  -­‐  To	   monitor	   specific	   metrics,	   especially	   in	   an	        ...
9.	  REFERENCES	  	  References	  indicated	  in	  this	  presenta8on:	  -­‐  [7]	   W.	   Chung	   and	   R.	   Chang,	  ...
9.	  REFERENCES	  	  References	  indicated	  in	  this	  presenta8on:	  -­‐  [10]	   M.	   Brock	   and	   A.	   Goscinsk...
SECURITY	  FOR	  CLOUD	                                  COMPUTING	                                          	  OCTOBER	  ...
Content	  at	  a	  Glance	  •  Introduc8on	  and	  Related	  Works	  •  Cloud	  Compu8ng	  •  Iden8ty	  Management	  •  Sh...
Introduc8on	  •  Cloud	  compu8ng	  systems:	  reduced	  upfront	     investment,	   expected	   performance,	   high	    ...
Introduc8on	  •  IAM	   systems	   need	   to	   be	   protected	   by	     federa8ons.	  •  Some	   technologies	   imple...
Related	  Work	  •  R. Ranchal et al. 2010 - an	  approach	  for	  IDM	  is	     proposed,	   which	   is	   independent	 ...
This	  Work	  •  Provide	   iden8ty	   management	   and	   access	   control	   and	       aims	   to:	   (1)	   be	   an...
The	  NIST	  Cloud	  Defini8on	  Framework	                                                                        Hybrid	 ...
Iden8ty	  Management	  •  Digital	   iden8ty	   is	   the	   representa8on	   of	   an	     en8ty	  in	  the	  form	  of	 ...
Iden8ty	  Management	  •  Iden8ty	  Management	  (IdM)	  is	  a	  set	  of	  func8ons	  and	     capabili8es	   used	   to...
IMS	  •  Provisioning:	   addresses	   the	   provisioning	   and	     deprovisioning	  of	  several	  types	  of	  user	 ...
•  The	   OASIS	   SAML	   standard	   defines	   precise	     syntax	   and	   rules	   for	   reques8ng,	   crea8ng,	    ...
Shibboleth	  •  The	   IdP	   is	   the	   element	   responsible	   for	     authen8ca8ng	  users:	   Handle	  Service	  ...
OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	     53	  
In	   Step	   1,	   the	   user	   navigates	   to	   the	   SP	   to	   access	   a	   protected	  resource.	   In	   Ste...
Federated	  Mul8-­‐Tenancy	                  Authoriza8on	  System	  on	  Cloud	  •  IdM	   can	   be	   implemented	   in...
Configura8ons	  of	  IDM	  systems	  on	             cloud	  compu8ng	  environments	  OCTOBER	  -­‐	  FLORIANÓPOLIS	     S...
Federated	  Mul8-­‐Tenancy	                  Authoriza8on	  System	  on	  Cloud	  •  This	   work	   presents	   an	   aut...
Scenario	  •  A	   service	   is	   provided	   by	   an	   academic	   ins8tu8on	     in	   a	   CSP,	   and	   shared	  ...
Scenario	  -­‐	  Academic	  Federa8on	                   sharing	  services	  in	  the	  cloud	  OCTOBER	  -­‐	  FLORIANÓP...
Implementa8on	  of	  the	  Proposed	                         Scenario	  •  A	  SP	  was	  primarily	  implemented	  in	  t...
Implementa8on	  of	  the	  Proposed	             Scenario	  –	  Cloud	  Service	  Provider	  OCTOBER	  -­‐	  FLORIANÓPOLIS...
Implementa8on	  of	  the	  Proposed	                    Scenario	  –	  cloud	  IdP	  OCTOBER	  -­‐	  FLORIANÓPOLIS	     SE...
Implementa8on	  of	  the	  Proposed	                         Scenario	  •  The	   JASIG	   CAS	   Server	   was	   used	  ...
Analysis	  and	  Test	  Results	  within	                               Scenario	  •  In	  this	  resul8ng	  structure,	  ...
Conclusions	  •  The	  use	  of	  federa8ons	  in	  IdM	  plays	  a	  vital	  role.	  •  This	   work	   was	   aimed	   a...
Conclusions	  •  This	   paper	   highlights	   the	   use	   of	   a	   specific	   tool,	     Shibboleth,	   which	   pro...
Future	  Work	  •  We	  propose	  an	  alterna8ve	  authoriza8on	  method,	     where	   the	   user,	   once	   authen8ca...
References	  1.  E. Bertino, and K. Takahashi, Identity Management - Concepts, Technologies, and Systems.    ARTECH HOUSE,...
                 SUSTAINABILITY	  FOR	  CLOUD	                             	                                        COMPUT...
Summary	  1	  -­‐	  Introduc8on	  2	  -­‐	  Mo8va8on	  3	  -­‐	  Proposals	  and	  Solu8ons	  4	  -­‐	  Case	  Studies	  5...
OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	     71	  
1	  Introduc8on	  •  We	   propose	   an	   integrated	   solu8on	   for	     e n v i r o n m e n t ,	   s e r v i c e s	 ...
1	  Introduc8on	  •  We	   extended	   CloudSim	   to	   simulate	   the	   organiza8on	                    model	   appro...
2	  Mo8va8on	  •  Our	  research	  was	  mo8vated	  by	  a	  prac8cal	     scenario	  at	  our	  university’s	  data	  cen...
OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	     75	  
2	  Mo8va8on	  •  (ii)	   coordina8ng	   control	   over	   the	   mul8ple	     elements,	   reducing	   the	   infrastruc...
OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	     77	  
2	  Mo8va8on	  (Concepts	  &	  Analysis)	                           Cloud	  compu8ng	  	  •  This	   structure	   describe...
The	  NIST	  Cloud	  Defini8on	  Framework	                                                                        Hybrid	 ...
2	  Mo8va8on	  (Concepts	  &	  Analysis)	                           Green	  cloud	  	  •  The	   green	   cloud	   is	   n...
2	  Mo8va8on	  (Concepts	  &	  Analysis)	                               Analysis	  	  •  Table	   I	   relates	   (1)	   t...
2	  Mo8va8on	  (Concepts	  &	  Analysis)	  PM	  State	              VM	  State	         Time	                        Risks...
2	  Mo8va8on	  (Related	  Works)	  •  E.	   Pinheiro,	   et	   al.	   “Load	   balancing	   and	     unbalancing	   for	  ...
2	  Mo8va8on	  (Related	  Works)	  •  The	   main	   technique	   to	   minimize	   power	     consump8on	   is	   to	   a...
2	  Mo8va8on	  (Related	  Works)	  •  R.	   N.	   Calheiros,	   et	   al.	   “Cloudsim:	   A	   toolkit	   for	     modeli...
2	  Mo8va8on	  (Related	  Works)	  •  (i)	   it	   allows	   for	   modeling	   and	   instan8a8on	   of	     major	  clou...
2	  Mo8va8on	  (Related	  Works)	  •  (iv)	   it	   is	   capable	   of	   choosing	   the	   scheduling	     strategies	 ...
2	  Mo8va8on	  (Related	  Works)	  •  Buyya	   et	   al.	   suggested	   crea8ng	   federated	     clouds,	  called	  Inte...
2	  Mo8va8on	  (Related	  Works)	  •  It	   is	   shown	   that	   a	   significant	   benefit	   for	   the	     applica8on...
2	  Mo8va8on	  (Related	  Works)	  •  Buyya	  et	  al.	  aimed	  to	  create	  architecture	  of	  green	     cloud.	   In...
2	  Mo8va8on	  (Related	  Works)	  •  L.	   Liu,	   et	   al.	   “Greencloud:	   a	   new	   architecture	     for	   gree...
2	  Mo8va8on	  (Related	  Works)	  •  	  P.	  Mahavadevan,	  et	  al.	  “On	  Energy	  Efficiency	     for	   Enterprise	   ...
2	  Mo8va8on	  (Problem	  Scenario)	  •  To	   understand	   the	   problem	   scenario,	   we	     introduce	   the	   el...
2	  Mo8va8on	  (Problem	  Scenario)	  •  (i)	   there	   are	   mul8ple	   applica8ons	   genera8ng	     different	  load	 ...
2	  Mo8va8on	  (Problem	  Scenario)	  •  (iv)	   the	   management	   system	   can	   turn	   on/off	     machines	   over...
3	  Proposals	  and	  Solu8ons	  	  OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	     96	  
3	  Proposals	  and	  Solu8ons	  	  •  The	  four	  roles	  that	  opera8ons	  system	  may	  be	     classified	  as	  are...
4	  Case	  Studies	  	  •  We	   modeled	   the	   system	   using	   Norms	   (NM),	     Beliefs	  (BL)	  and	  Plan	  Ru...
5	  Results	  	  The	   main	   components	   implemented	   in	   the	   improved	  version	  at	  CloudSim	  are	  as	  ...
5	  Results	  	  OCTOBER	  -­‐	  FLORIANÓPOLIS	        SECCOM	  2012	  -­‐	  UFSC	     100	  
5	  Results	  	  OCTOBER	  -­‐	  FLORIANÓPOLIS	        SECCOM	  2012	  -­‐	  UFSC	     101	  
5	  Results	  	  	                  Parameter	                                              Value	                      VM...
5	  Results	  (consump/on)	  OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	     103	  
5	  Results	  (SLA	  viola/ons)	  OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	     104	  
5	  Results	  (Hybrid	  strategy)	  	  OCTOBER	  -­‐	  FLORIANÓPOLIS	     SECCOM	  2012	  -­‐	  UFSC	     105	  
5	  Results	  (Hybrid	  strategy)	                      Strategy	              Cost	                                      ...
6	  Conclusions	  	  •  Tests	  were	  realized	  to	  prove	  the	  validity	  of	  the	     system	   by	   u8lizing	   ...
6	  Conclusions	  	  We	   achieved	   the	   following	   results	   in	   the	   test	  environment:	  -­‐	   Dynamic	  ...
7	  Future	  Works	  	  •  As	   future	   work	   we	   intend	   to	   simulate	   other	     strategies	  to	  get	  a	...
Upcoming SlideShare
Loading in …5
×

Segurança, gestão e sustentabilidade para cloud computing

971 views

Published on

Esta apresentação descreve a nossa experiência com uma nuvem privada, e discute o projeto e a implementação de um Private Cloud Monitoring System (PCMONS) e sua aplicação através de um estudo de caso para a arquitetura proposta. O objetivo desta apresentação é também fornecer gerenciamento de identidade, com base na federação digital de identidade, com autenticação e autorização de mecanismos de acesso a controle em ambientes de computação em nuvem. Green cloud computing visa uma transformação infra-estrutura que combina flexibilidade, qualidade dos serviços e energia reduzida utilização. Esta apresentação também introduz o modelo de gestão do sistema, análises de comportamento do sistema, descreve os princípios de operação e apresenta um caso de estudo de cenário e alguns resultados de nuvens verdes.

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
971
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Segurança, gestão e sustentabilidade para cloud computing

  1. 1. Management,  Security  and   Sustainability  for  Cloud  Compu8ng         Carlos  Becker  Westphall  and  Carla  Merkle  Westphall     Networks  and  Management  Laboratory   Federal  University  of  Santa  Catarina  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   1  
  2. 2. MANAGEMENT  FOR  CLOUD   COMPUTING      OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   2  
  3. 3. Outline  1.  ABSTRACT  2.  INDROTUCTION    3.  BACKGROUND  3.1.  Cloud  Compu8ng  Service  Models  3.2.  Cloud  Compu8ng  Deployment  Models  3.3.  Cloud  Compu8ng  Standards        OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   3  
  4. 4. Outline  4.  MONITORING  ARCHITECTURE  AND  PCMONS  4.1.  Architecture  4.2.  Implemanta8on  5.  CASE  STUDY  6.  RELATED  WORK  6.1.  Grid  Monitoring  6.2.  Cloud  Monitoring  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   4  
  5. 5. Outline  7.  KEY  LESSONS  LEARNED  7.1.  Related  to  Test-­‐Bed  Prepara8on  7.2.  Design  and  Implementa8on  7.3.  Standardiza8on  and  Available  Implementa-­‐ 8ons  8.  CONCLUSIONS  AND  FUTURE  WORKS  9.  REFERENCES  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   5  
  6. 6. 1.  ABSTRACT  This  presenta8on  describes:    -­‐  our  experience  with  a  private  cloud;    -­‐  the   design   and   implementa8on   of   a   Private   Cloud  MONitoring  System  (PCMONS);  and  -­‐  its   applica8on   via   a   case     study   for   the   proposed   architecture,   using   open   source   solu8ons  and  integra8ng  with  tradi8onal  tools   like  Nagios.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   6  
  7. 7. 2.  INTRODUCTION  -­‐  Cloud   compu8ng   provides   several   technical   benefits   including   flexible   hardware   and   s o d w a r e   a l l o c a 8 o n ,   e l a s 8 c i t y ,   a n d   performance  isola8on.  -­‐  Cloud   management   may   be   viewed   as   a   specializa8on   of   distributed   compu8ng   management,   inheri8ng   techniques   from   tradi8onal  computer  network  management.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   7  
  8. 8. 2.  INTRODUCTION  The  intent  of  this  presenta8on  is  to:  -­‐  Provide   insight   into   how   tradi8onal   tools   and   methods   for   managing   network   and   distributed   systems   can   be   reused   in   cloud   compu8ng  management.  -­‐  Introduce  a  Private  Cloud  MONitoring  System   (PCMONS)   we   developed   to   validate   this   architecture,  which  we  intend  to  open  source.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   8  
  9. 9. 2.  INTRODUCTION  -­‐  Help   future   adopters   of   could   compu8ng   make   good   decisions   on   building   their   monitoring  system  in  the  cloud.  -­‐  We   chose   to   address   private   clouds   because   they   enable   enterprises   to   reap   cloud   benefits   while   keeping   their   mission-­‐cri8cal   data   and   sodware   under   their   control   and   under   the   governance  of  their  security  policies.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   9  
  10. 10. 3.  BACKGROUND    3.1.  Cloud  Compu8ng  Service  Models  -­‐  Sodware-­‐as-­‐a-­‐Service   (SaaS):   The   consumer   uses   the   provider’s   applica8ons,   which   are   hosted  in  the  cloud.  -­‐  Plagorm-­‐as-­‐a-­‐Service   (PaaS):   Consumers   deploy   their   own   applica8ons   into   the   cloud   infrastructure.   Programming   languages   and   applica8ons   development   tools   used   must   be   supported  by  the  provider.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   10  
  11. 11. 3.  BACKGROUND    3.1.  Cloud  Compu8ng  Service  Models  -­‐  Infrastructure-­‐as-­‐a-­‐Service   (IaaS):   Consumers   are   able   to   provision   storage,   network,   processing,   and   other   resources,   and   deploy   and  operate  arbritrary  sodware,  ranging  from   applica8ons  to  opera8ng  systems.  -­‐  This  preseta8on  focuses  on  IaaS  model.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   11  
  12. 12. 3.  BACKGROUND    3.2.  Cloud  Compu8ng  Deployment  Models  -­‐  Public:  Resources  are  available  to  the  general   public  over  the  Internet.  In  this  case,  “public”   characterizes   the   scope   of   interface   accessibility.  -­‐  Private:   Resources   are   accessible   within   a   private   organiza8on.   This   environment   emphasizes   the   benefits   of   hardware   investments.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   12  
  13. 13. 3.  BACKGROUND    3.2.  Cloud  Compu8ng  Deployment  Models  -­‐  Community:   Resources   on   this   model   are   shared   by   several   organiza8ons   with   a   common  mission.    -­‐  Hybrid:  This  model  mixes  the  techniques  from   public  and  orivate  clouds.  A  private  cloud  can   have   its   local   infrastructure   supplemented   by   computer  capacity  from  public  cloud.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   13  
  14. 14. 3.  BACKGROUND    3.3.  Cloud  Compu8ng  Standards  -­‐  Open   Cloud   Compu8ng   Interface:   This   Open   G r i d   F o r u m   g r o u p   h a s   a   f o c u s   o n   specifica8ons   for   interfacing   “*aaS”   cloud   compu8ng  facili8es.  -­‐   OCCI  in  Eucalyptus,  OCCI  in  OpenStack,  OCCI   in  OpenNebula...  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   14  
  15. 15. 3.  BACKGROUND    3.3.  Cloud  Compu8ng  Standards  -­‐  Open   Cloud   Standards   Incubator:   This   ini8a8ve,   from   Distributed   Management   Task   Force   (DMTF),   focuses   on   interac8ons   b e t w e e n   c l o u d   e n v i r o n m e n t s ,   t h e i r   consumers,  and  developers.  -­‐  Example   of   document:   “Use   cases   and   Interac8ons  for  Managing  Clouds”.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   15  
  16. 16. 4.  MONITORING  ARCHITECTURE  AND  PCMONS    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   16  
  17. 17. 4.  MONITORING  ARCHITECTURE  AND  PCMONS    4.1.  Architecture  -­‐  Three  layers  address  the  monitoring  needs  of  a   private  cloud.    -­‐  Infrastructure  layer:  -­‐  Basic  facili8es,  services,  and  installa8ons,  such   as  hardware  and  networks;  -­‐  Available  sodware:  opera8ng  system,   applica8ons,  licenses,  hypervisors,  and  so  on...  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   17  
  18. 18. 4.  MONITORING  ARCHITECTURE  AND  PCMONS    4.1.  Architecture  -­‐  Integra8on  layer:  -­‐  The  monitoring  ac8ons  to  be  performed  in  the   infrastructure   layer   must   be   systema8zed   before   passed   to   the   appropriate   service   running  in  the  integra8on  layer.  -­‐  The   integra8on   layer   is   responsible   for   abstrac8ng  any  infrastructure  details.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   18  
  19. 19. 4.  MONITORING  ARCHITECTURE  AND  PCMONS    4.1.  Architecture  -­‐  View  layer:  -­‐  This  layer  presents  as  the  monitoring  interface   through   which   informa8on,   such   as   the   fulfillment   of   organiza8onal   policies   and   service  level  agreements,  can  be  analyzed.  -­‐  Users   of   this   layer   are   mainly   interested   in   checking   VM   images   and   available   service   levels.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   19  
  20. 20. 4.  MONITORING  ARCHITECTURE  AND  PCMONS    4.2.  Implementa8on    -­‐  The   current   PCMONS   version   acts   principaly   on   the   integra8on   layer,   by   retrieving,   gathering,  and  preparing  relevant  informa8on   for  the  visualiza8on  layer.  -­‐  The   system   is   divided   into   the   modules   presented   in   the   next   figure   and   described   below.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   20  
  21. 21. A  typical  deployment  scenario  for  PCMONS    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   21  
  22. 22. 4.  MONITORING  ARCHITECTURE  AND  PCMONS      4.2  Implementa8on  -­‐  Node   Informa8on   Gatherer:   This   module   is   responsible  for  gathering  local  informa8on  on   a   cloud   node.   It   gathers   informa8on   about   local   VMs   and   sends   it   to   the   Cluster   Data   Integrator.  -­‐  Cluster   Data   Integrator:   It   is   a   specific   agent     that   gethers   and   prepares   the   data   for   the   next  level.            OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   22  
  23. 23. 4.  MONITORING  ARCHITECTURE  AND  PCMONS      4.2  Implementa8on  -­‐  Monitoring   Data   Integrator:   Gathers   and   stores  cloud  data  in  the  database  for  historical   purposes,   and   provides   such   data   to   the   Configura8on  Generator.  -­‐  VM   Monitor:   This   module   injects   scripts   into   the  VMs  that  send  useful  data  from  the  VM  to   the  monitoring  system.            OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   23  
  24. 24. 4.  MONITORING  ARCHITECTURE  AND  PCMONS      4.2  Implementa8on  -­‐  C o n fi g u r a 8 o n   G e n e r a t o r :   R e t r i e v e s   informa8on   from   the   database   to   generate   configura8on  files  for  visualiza8on  tools.  -­‐  Monitoring   Tool   Server:   Its   purpose   is   to   receive   monitoring   informa8on   and   take   ac8ons   such   as   storing   it   in   the   database   module  for  his8rical  purposes.            OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   24  
  25. 25. 4.  MONITORING  ARCHITECTURE  AND  PCMONS      4.2  Implementa8on  -­‐  User   Interface:   Most   monitoring   tools   have   their  own  user  interface.  Specific  ones  can  be   developed   depending   on   needs,   but   in   our   case  the  Nagios  interface  is  sufficient.  -­‐  D a t a b a s e :   S t o r e s   d a t a   n e e d e d   b y   Configura8on   Generator   and   the   Monitoring   Data  Integrator.            OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   25  
  26. 26. 5.  CASE  STUDY    -­‐  We  built  an  environment  where  VM  images   are  available  for  users  that  instan8ate  a  web   server,  thus  simula8ng  web  hos8ng  service   provision.  -­‐  Instan8ated  VMs  are  Linux  servers  providing  a   basic  set  of  tools,  ac8ng  as  web  hos8ng   servers.  -­‐  Apache  Web  Server,  PHP  language,  SQLite.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   26  
  27. 27. Testbed  environment    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   27  
  28. 28. 5.  CASE  STUDY      -­‐  Open   SUSE   was   chosen   as   the   opera8ng   system   of   the   physical   machines   (Xen   and   YaST).  -­‐  Eucalyptus   (interface   compa8ble   with   Amazon’s  EC2).  VM  images  were  downloaded   from  the  Eucalyptus  website.  -­‐  VM   Monitor   module   is   injectec   into   the   VM   during  boot,  allowing  data  monitoring.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   28  
  29. 29. Representa8ve  Nagios  interface     of  the  monitored  cloud  services    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   29  
  30. 30. 5.  CASE  STUDY      -­‐  First  column  shows  object  names  (VM,  PM,   ROUTERS...).  VM  names  are  an  aggrega8on  of   user  name,  VM  ID,  and  name  of  PM  where  the   VM  is  running.  -­‐  The  other  two  columns  show  service  names   and  their  status  (OK,  Warning,  Cri8cal).  -­‐  It  shows  host  group  created  by  PCMONS  and   VM/VP  mapping.      OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   30  
  31. 31. 6.  RELATED  WORK      6.1.  Grid  Monitoring  -­‐  Reference  [7]  introduces  the    three-­‐layer  Grid   Resource  Informa8on  Monitoring  (GRIM).  -­‐  Several   design   issues   that   should   be   considered   when   construc8ng   a   Grid   Monitoring  System  (GMS)  are  preented  in  [8].   We   have   selected   some   and   correlated   then   with  PCMOMS.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   31  
  32. 32. 6.  RELATED  WORK      6.1.  Grid  Monitoring  -­‐  Reference   [9]   iden8fies   some   differences   b e t w e e n   c l o u d   m o n i t o r i n g   a n d   g r i d   monitoring,   especially   in   termes   of   interfaces   and  service  provisioning.  -­‐  Another  diference  is  that  clouds  are  managed   by  single  en88es  [10],  whereas  grids  may  not   have  any  central  management  en8ty.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   32  
  33. 33. 6.  RELATED  WORK      6.2.  Cloud  Monitoring  -­‐  Reference   [11]   defines   general   requirements   for   cloud   monitoring   and   proposes   a   cloud   monitoring  framework.  -­‐  PCMONS    supports  two  approches,  agents  and   central   monitoring,   and   is   highly   adaptable,   making   the   migra8on   to   a   privite   cloud   straighforward.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   33  
  34. 34. 7.  KEY  LESSONS  LEARNED      7.1.  Related  to  Test-­‐Bed  Prepara8on  -­‐  Sodware  plagorms  for  cloud  compu8ng,  such   as   Eucalyptus   and   OpenNebula,   support   a   number  of  different  hypervisors,  each  with  its   own  characteris8cs.  -­‐  An  example  is  the  KVM  hypervisor:  it  has  great   p e r f o r m a n c e   b u t   r e q u i r e s   h a r d w a r e   virtualiza8on  that  not  all  processors  provide.      OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   34  
  35. 35. 7.  KEY  LESSONS  LEARNED      7.2.  Design  and  Implementa8on  -­‐  We  opted  for  solu8ons  well  established  in  the   market  to  facilatate  the  use  of  PCMONS  in  the   running   structures   with   litle   effort   and   priori8zed   an   adaptable   and   extensible   solu8on.  -­‐  We   planned   to   define   some   basic   common   metrics  for  private  clouds,  but  later  found  that   metrics  are  oden  specific  to  each  case.      OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   35  
  36. 36. 7.  KEY  LESSONS  LEARNED      7.3.  Standardiza8on  and  Available  Implementa-­‐ 8ons  -­‐  Before   choosing   a   specific   tool   for   private   clouds,   it   is   important   to   verify   to   what   extent   cloud  standards  are  implemented  by  the  tool.  -­‐  Some  tools,  such  as  OpenNebula,  have  begun   implemen8ng   standardiza8on   efforts,   including  the  OCCI  API.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   36  
  37. 37. 8.  CONCLUSION  AND    FUTURE  WORK    -­‐  This   presenta8on   summarizes   some   cloud   compu8ng   concepts   and   our   personal   experience  with  this  new  paradigm.  -­‐  The  current  porgolio  of  open  tools  lacks  open   source,   interoperable   management   and   monitoring   tools.   To   address   this   cri8cal   gap,   we   designed   a   monitoring   architecture,   and   validade   the   architecture   by   developing   PCMONS.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   37  
  38. 38. 8.  CONCLUSION  AND    FUTURE  WORK    -­‐  To   monitor   specific   metrics,   especially   in   an   interface-­‐independent   manner,   a   set   of   preconfigured   monitoring   plug-­‐ins   must   be   developed.  -­‐  For   future   work,   we   intend   to   improve   PCMONS  to    monitor  other  metrics  and  suport   other   open   source   tools   like   OpenNebula,   OpenStack...        OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   38  
  39. 39. 9.  REFERENCES    References  indicated  in  this  presenta8on:  -­‐  [7]   W.   Chung   and   R.   Chang,   “A   New   Mechanism   for   Resource   Monitoring   in   Grid   Compu8ng,”   Future   Gen.  Comp.  Sys.  Jan.  2009.  -­‐  [8]   M.   Yiduo   et   al.,   “Rapid   and   Automated   Deployment   of   Monitoring   Services   in   Grid   Environments,”  APSCC,  2007.  -­‐  [9]  L.  Wang  et  al.,  “Scien8fic  Cloud  Compu8ng:  Early   Defini8on   and   Experience,”   IEEE   Int’l.   Conf.   High   Perf.  Compu8ng  and  Commun.,  2008.      OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   39  
  40. 40. 9.  REFERENCES    References  indicated  in  this  presenta8on:  -­‐  [10]   M.   Brock   and   A.   Goscinski,   “Grids   vs.   Clouds,”   IEEE  2010  5th  Int’l.  Conf.  Future  Info.  Tech.,  2010.  -­‐  [11]   P.   Hasselmeyer   and   N.   d’Heureuse,   “Towards   Holis8c   Mul8-­‐Tenant   Monitoring   for   Virtual   Data   Centers,”  IEEE/IFIP  NOMS  Wksps.,  2010.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   40  
  41. 41. SECURITY  FOR  CLOUD   COMPUTING    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   41  
  42. 42. Content  at  a  Glance  •  Introduc8on  and  Related  Works  •  Cloud  Compu8ng  •  Iden8ty  Management  •  Shibboleth  •  Federated  Mul8-­‐Tenancy  Authoriza8on  System  on   Cloud   –  Scenario   –  Implementa8on  of  the  Proposed  Scenario   –  Analysis  and  Test  Results  within  Scenario  •  Conclusions  and  Future  Works  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   42  
  43. 43. Introduc8on  •  Cloud  compu8ng  systems:  reduced  upfront   investment,   expected   performance,   high   availability,   infinite   scalability,   fault-­‐ tolerance.  •  IAM   (Iden8ty   and   Access   Management)   plays   an   important   role   in   controlling   and   billing   user   access   to   the   shared   resources   in  the  cloud.   OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   43  
  44. 44. Introduc8on  •  IAM   systems   need   to   be   protected   by   federa8ons.  •  Some   technologies   implement   federated   iden8ty,  such  as  the  SAML  (Security  Asser8on   Markup  Language)  and  Shibboleth  system.  •  The   aim   of   this   paper   is   to   propose   a   mul8-­‐ t e n a n c y   a u t h o r i z a 8 o n   s y s t e m   u s i n g   Shibboleth  for  cloud-­‐based  environments.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   44  
  45. 45. Related  Work  •  R. Ranchal et al. 2010 - an  approach  for  IDM  is   proposed,   which   is   independent   of   Trusted   Third   Party   (TTP)   and   has   the   ability   to   use   iden8ty  data  on  untrusted  hosts.  •  P. Angin et al. 2010 - an  en8ty-­‐centric  approach   for   IDM   in   the   cloud   is   proposed.   They   proposed   the   cryptographic   mechanisms   used   in   R. Ranchal et al. without   any   kind   of   implementa8on  or  valida8on.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   45  
  46. 46. This  Work  •  Provide   iden8ty   management   and   access   control   and   aims   to:   (1)   be   an   independent   third   party;   (2)   authen8cate   cloud   services   using   the   users   privacy   policies,   providing   minimal   informa8on   to   the   Service   Proveder   (SP);   (3)   ensure   mutual   protec8on   of   both   clients  and  providers.  •  This   paper   highlights   the   use   of   a   specific   tool,   Shibboleth,   which   provides   support   to   the   tasks   of   authen8ca8on,  authoriza8on  and  iden8ty  federa8on.  •  The   main   contribu8on   of   our   work   is   the   implementa8on  in  cloud  and  the  scenario  presented.     OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   46  
  47. 47. The  NIST  Cloud  Defini8on  Framework   Hybrid  Clouds  Deployment  Models   Private   Community   Public  Cloud   Cloud   Cloud  Service   Sodware  as  a   Plagorm  as  a   Infrastructure  as  a  Models   Service  (SaaS)   Service  (PaaS)   Service  (IaaS)   On  Demand  Self-­‐Service  Essen8al   Broad  Network  Access   Rapid  Elas8city  Characteris8cs   Resource  Pooling   Measured  Service   Massive  Scale   Resilient  Compu8ng  Common     Homogeneity   Geographic  Distribu8on  Characteris8cs   Virtualiza8on   Service  Orienta8on   Low  Cost  Sodware   Advanced  Security   OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   Based  upon  original  chart  created  by  Alex  Dowbor   47  
  48. 48. Iden8ty  Management  •  Digital   iden8ty   is   the   representa8on   of   an   en8ty  in  the  form  of  atributes.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   48   htp://en.wikipedia.org/wiki/Iden8ty_management  
  49. 49. Iden8ty  Management  •  Iden8ty  Management  (IdM)  is  a  set  of  func8ons  and   capabili8es   used   to   ensure   iden8ty   informa8on,   thus   assuring  security.  •  An  iden8ty  management  system  (IMS)  provides  tools   for  managing  individual  iden88es.  •  An  IMS  involves:   –  User   –  Iden8ty  Provider  (IdP)   –  Service  Provider  (SP)  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   49  
  50. 50. IMS  •  Provisioning:   addresses   the   provisioning   and   deprovisioning  of  several  types  of  user  accounts.  •  Authen/ca/on:  ensures  that  the  individual  is  who   he/she  claims  to  be.  •  Authoriza/on:   provide   different   access   levels   for   different   parts   or   opera8ons   within   a   compu8ng   system.  •  Federa/on:   it   is   a   group   of   organiza8ons   or   SPs   that  establish  a  circle  of  trust.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   50  
  51. 51. •  The   OASIS   SAML   standard   defines   precise   syntax   and   rules   for   reques8ng,   crea8ng,   communica8ng,  and  using  SAML  asser8ons.  •  The   Shibboleth   is   an   authen8ca8on   and   authoriza8on   infrastructure   based   on   SAML   that   uses   the   concept   of   federated   iden8ty.   The   Shibboleth   system   is   divided   into   two   en88es:  the  IdP  and  SP.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   51  
  52. 52. Shibboleth  •  The   IdP   is   the   element   responsible   for   authen8ca8ng  users:   Handle  Service  (HS),    Atribute   Authority   (AA),   Directory   Service,   Authen8ca8on   Mechanism.  •  The   SP   Shibboleth   is   where   the   resources   are   stored:   Asser8on   Consumer   Service   (ACS),     Atribute   Requester  (AR),  Resource  Manager  (RM).  •  The   WAYF   ("Where   Are   You   From",   also   called   the   Discovery   Service)   is   responsible   for   allowing   an  associa8on  between  a  user  and  organiza8on.   OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   52  
  53. 53. OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   53  
  54. 54. In   Step   1,   the   user   navigates   to   the   SP   to   access   a   protected  resource.   In   Steps   2   and   3,   Shibboleth   redirects   the   user   to   the  WAYF   page,   where   he   should   inform   his   IdP.   In   Step   4,   the   user  enters   his   IdP,   and   Step   5   redirects   the   user   to   the   site,   which   is   the  component   HS   of   the   IdP.   In   Steps   6   and   7,   the   user   enters   his  authen8ca8on   data   and   in   Step   8   the   HS   authen8cate   the   user.   The  HS   creates   a   handle   to   iden8fy   the   user   and   sends   it   also   to   the   AA.  Step   9   sends   that   user   authen8ca8on   handle   to   AA   and   to   ACS.   The  handle  is  checked  by  the  ACS  and  transferred  to  the  AR,  and  in  Step  10   a   session   is   established.   In   Step   11   the   AR   uses   the   handle   to  request  user  atributes  to  the  IdP.  Step  12  checks  whether  the  IdP  can  release  the  atributes  and  in  Step  13  the  AA  responds  with  the  atribute  values.  In  Step  14  the  SP  receives  the  atributes  and  passes  them  to  the  RM,  which  loads  the  resource  in  Step  15  to  present  to  the  user.   OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   54  
  55. 55. Federated  Mul8-­‐Tenancy   Authoriza8on  System  on  Cloud  •  IdM   can   be   implemented   in   several   different   types  of  configura8on:   –  IdM  can  be  implemented  in-­‐house;   –  IdM   itself   can   be   delivered   as   an   outsourced   service.  This  is  called  Iden8ty  as  a  Service  (IDaaS);   –  Each  cloud  SP  may  independently  implement  a  set   of  IdM  func8ons.    •  In   this   work,   it   was   decided   to   use   the   first   case  configura8on:  in-­‐house.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   55  
  56. 56. Configura8ons  of  IDM  systems  on   cloud  compu8ng  environments  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   56  
  57. 57. Federated  Mul8-­‐Tenancy   Authoriza8on  System  on  Cloud  •  This   work   presents   an   authoriza8on   mechanism   to   be   used   by   an   academic   ins8tu8on   to   offer   and   use   the   services   offered   in   the   cloud.  •  The   part   of   the   management   system   responsible   for   the   authen8ca8on  of  iden8ty  will  be  located  in  the  client  organiza8on.  •  The   communica8on   with   the   SP   in   the   cloud   (Cloud   Service   Provider,  CSP)  will  be  made  through  iden8ty  federa8on.  •  The  access  system  performs  authoriza8on  or  access  control  in  the   environment.    •  The  ins8tu8on  has  a  responsibility  to  provide  the  user  atributes  for   the  deployed  applica8on  SP  in  the  cloud.  •  The  authoriza8on  system  should  be  able  to  accept  mul8ple  clients,   such  as  a  mul8-­‐tenancy.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   57  
  58. 58. Scenario  •  A   service   is   provided   by   an   academic   ins8tu8on   in   a   CSP,   and   shared   with   other   ins8tu8ons.   In   order   to   share   services   is   necessary   that   an   ins8tu8on  is  affiliated  to  the  federa8on.  •  For   an   ins8tu8on   to   join   the   federa8on   it   must   have   configured   an   IdP   that   meets   the   requirements  imposed  by  the  federa8on.    •  Once   affiliated   with   the   federa8on,   the   ins8tu8on   will   be   able   to   authen8cate   its   own   users,   since   authoriza8on   is   the   responsibility   of   the  SP.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   58  
  59. 59. Scenario  -­‐  Academic  Federa8on   sharing  services  in  the  cloud  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   59  
  60. 60. Implementa8on  of  the  Proposed   Scenario  •  A  SP  was  primarily  implemented  in  the  cloud:   –  an   Apache   server   on   a   virtual   machine   hired   by   the  Amazon  Web  Services  cloud.   –  Installa8on  of  the  Shibboleth  SP.   –  Installa8on   of     DokuWiki,   which   is   an   applica8on   that   allows   the   collabora8ve   edi8ng   of   documents.   –  The   SP   was   configured   with   authoriza8on   via   applica8on,   to   differen8ate   between   common   users  and  administrators  of  Dokuwiki.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   60  
  61. 61. Implementa8on  of  the  Proposed   Scenario  –  Cloud  Service  Provider  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   61  
  62. 62. Implementa8on  of  the  Proposed   Scenario  –  cloud  IdP  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   62  
  63. 63. Implementa8on  of  the  Proposed   Scenario  •  The   JASIG   CAS   Server   was   used   to   perform   user   authen8ca8on   through   login   and   password,   and   then   passes  the  authen8cated  users  to  Shibboleth.  •  The   CAS   has   been   configured   to   search   for   users   in   a   Lightweight   Directory   Access   Protocol   (LDAP).   To   use   this   directory   OpenLDAP   was   installed   in   another   virtual  machine,  also  running  on  Amazons  cloud.  •  To  demonstrate  the  use  of  SP  for  more  than  one  client,   another  IdP  was  implemented,  also  in  cloud,  similar  to   the   first.   To   support   this   task   Shibboleth   provides   a   WAYF  component.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   63  
  64. 64. Analysis  and  Test  Results  within   Scenario  •  In  this  resul8ng  structure,  each  IdP  is  represented   in  a  private  cloud,  and  the  SP  is  in  a  public  cloud.  The  results  highlighted  two  main  use  cases:  •  Read  access  to  documents  •  Access  for  edi/ng  documents  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   64  
  65. 65. Conclusions  •  The  use  of  federa8ons  in  IdM  plays  a  vital  role.  •  This   work   was   aimed   at   an   alterna8ve   solu8on   to   a  IDaaS.  IDaaS  is  controlled  and  maintained  by  a   third  party.  •  The   infrastructure   obtained   aims   to:   (1)   be   an   independent   third   party,   (2)   authen8cate   cloud   services   using   the   users   privacy   policies,   providing   minimal   informa8on   to   the   SP,   (3)   ensure   mutual   protec8on   of   both   clients   and   providers.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   65  
  66. 66. Conclusions  •  This   paper   highlights   the   use   of   a   specific   tool,   Shibboleth,   which   provides   support   to   the   tasks   of   authen8ca8on,   authoriza8on   and   iden8ty   federa8on.  •  Shibboleth   was   very   flexible   and   it   is   compa8ble   with  interna8onal  standards.  •  It   was   possible   to   offer   a   service   allowing   public   access   in   the   case   of   read-­‐only   access,   while   at   the   same   8me   requiring   creden8als   where   the   user   must   be   logged   in   order   to   change   documents.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   66  
  67. 67. Future  Work  •  We  propose  an  alterna8ve  authoriza8on  method,   where   the   user,   once   authen8cated,   carries   the   access   policy,   and   the   SP   should   be   able   to   interpret  these  rules.  •  The   authoriza8on   process   will   no   longer   be   performed  at  the  applica8on  level.  •  Expanding   the   scenario   to   represent   new   forms   of  communica8on  •  Create  new  use  cases  for  tes8ng.    •  Use  pseudonyms  in  the  CSP  domain.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   67  
  68. 68. References  1.  E. Bertino, and K. Takahashi, Identity Management - Concepts, Technologies, and Systems. ARTECH HOUSE, 2011.2.  “Security Guidance for Critical Areas of Focus in Cloud Computing,” CSA. Online at: http:// www.cloudsecurityalliance.org.3.  “Domain 12: Guidance for Identity and Access Management V2.1.,” Cloud Security Alliance. - CSA. Online at: https://cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf.4.  D. W. Chadwick, Federated identity management. Foundations of Security Analysis and D e s i g n V, S p r i n g e r- Ve r l a g : B e r l i n , H e i d e l b e rg 2 0 0 9 p p . 9 6 – 1 2 0 , d o i : 10.1007/978-3-642-03829-7_3.5.  A. Albeshri, and W. Caelli, “Mutual Protection in a Cloud Computing environment,” Proc. 12th IEEE Intl. Conf. on High Performance Computing and Communications (HPCC 10), pp. 641-646, doi:10.1109/HPCC.2010.87.6.  R. Ranchal, B. Bhargava, A. Kim, M. Kang, L. B. Othmane, L. Lilien, and M. Linderman, “Protection of Identity Information in Cloud Computing without Trusted Third Party,” Proc. 29th IEEE Intl. Symp. on Reliable Distributed Systems (SRDS 10), pp. 368–372, doi: 10.1109/SRDS.2010.57.7.  P. Angin, B. Bhargava, R. Ranchal, N. Singh, L. B. Othmane, L. Lilien, and M. Linderman, “An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing,” Proc. 29th IEEE Intl. Symp. on Reliable Distributed Systems (SRDS 10), pp. 177–183, doi: 10.1109/SRDS.2010.28.OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   68  
  69. 69.   SUSTAINABILITY  FOR  CLOUD     COMPUTING  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   69  
  70. 70. Summary  1  -­‐  Introduc8on  2  -­‐  Mo8va8on  3  -­‐  Proposals  and  Solu8ons  4  -­‐  Case  Studies  5  -­‐  Results  6  -­‐  Conclusions  7  -­‐  Future  Works  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   70  
  71. 71. OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   71  
  72. 72. 1  Introduc8on  •  We   propose   an   integrated   solu8on   for   e n v i r o n m e n t ,   s e r v i c e s   a n d   n e t w o r k   management   based   on   organiza8on   theory   model.  •  This   work   introduces   the   system   management   model,   analyses   the   system’s   behavior,   describes   the   opera8on   principles,   and   presents  case  studies  and  some  results.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   72  
  73. 73. 1  Introduc8on  •  We   extended   CloudSim   to   simulate   the   organiza8on   model   approach   and   implemented   the   migra8on   and   realloca8on   policies   using   this   improved   version   to   validate  our  management  solu8on.    •  Organiza8on:              2  introduces  a  mo8va8ng  scenario.              3  outlines  the  system  design.              4  presents  case  studies.            5  presents  some  results.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   73  
  74. 74. 2  Mo8va8on  •  Our  research  was  mo8vated  by  a  prac8cal   scenario  at  our  university’s  data  center.  •  Organiza8on   theory   model   for   integrated   management  of  the  green  clouds  focusing   on:  •  (i)   op8mizing   resource   alloca8on   through   predic8ve  models;    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   74  
  75. 75. OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   75  
  76. 76. 2  Mo8va8on  •  (ii)   coordina8ng   control   over   the   mul8ple   elements,   reducing   the   infrastructure   u8liza8on;    •  (iii)  promo8ng  the  “balance”  between  local   and  remote  resources;  and  •  (iv)   aggrega8ng   energy   management   of   network  devices.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   76  
  77. 77. OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   77  
  78. 78. 2  Mo8va8on  (Concepts  &  Analysis)   Cloud  compu8ng    •  This   structure   describes   the   most   common   implementa8on  of  cloud;  and  •  It   is   based   on   server   virtualiza8on   func8onali8es,   where   there   is   a   layer   that   abstracts   the   physical   resources   of   the   servers   and  presents  them  as  a  set  of  resources  to  be   shared  by  VMs.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   78  
  79. 79. The  NIST  Cloud  Defini8on  Framework   Hybrid  Clouds  Deployment  Models   Private   Community   Public  Cloud   Cloud   Cloud  Service   Sodware  as  a   Plagorm  as  a   Infrastructure  as  a  Models   Service  (SaaS)   Service  (PaaS)   Service  (IaaS)   On  Demand  Self-­‐Service  Essen8al   Broad  Network  Access   Rapid  Elas8city  Characteris8cs   Resource  Pooling   Measured  Service   Massive  Scale   Resilient  Compu8ng  Common     Homogeneity   Geographic  Distribu8on  Characteris8cs   Virtualiza8on   Service  Orienta8on   Low  Cost  Sodware   Advanced  Security   OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   79   Based  upon  original  chart  created  by  Alex  Dowbor  
  80. 80. 2  Mo8va8on  (Concepts  &  Analysis)   Green  cloud    •  The   green   cloud   is   not   very   different   from   cloud   compu8ng,   but   it   infers   a   concern   over   the   structure   and   the   social   responsibility  of  energy  consump8on;  and    •  Hence   aiming   to   ensure   the   infrastructure   sustainability  without  breaking  contracts.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   80  
  81. 81. 2  Mo8va8on  (Concepts  &  Analysis)   Analysis    •  Table   I   relates   (1)   the   3   possible   combina8ons  between  VMs  and  PMs,  with   (2)  the  average  ac8va8on  delay,  and  (3)  the   chances  of  the  services  not  being  processed   (risk);    and  •  It   also   presents   the   energy   consumed   according  to  each  scenario.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   81  
  82. 82. 2  Mo8va8on  (Concepts  &  Analysis)  PM  State   VM  State   Time   Risks   Wa<s   Consump>on  Down   Down   30s   High   0Ws   None  Up   Down   10s   Medium   200Ws   Medium  Up   Up   0s   None   215Ws   High   RELATION  BETWEEN  SITUATIONS  &  RISKS  &  ACTIVATION  DELAY  &  CONSUMPTION     (ASSUNÇÃO,  M.  D.  ET  AL.  ENERGY  2010)  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   82  
  83. 83. 2  Mo8va8on  (Related  Works)  •  E.   Pinheiro,   et   al.   “Load   balancing   and   unbalancing   for   power   and   performance   in   cluster-­‐based   systems”   in   Proceedings   of   the   Workshop   on   Compilers   and   Opera8ng   Systems  for  Low  Power.  2001.  •  Pinheiro  et  al.  have  proposed  a  technique  for   managing   a   cluster   of   physical   machines   that   minimizes   power   consump8on   while   maintaining  the  QoS  level.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   83  
  84. 84. 2  Mo8va8on  (Related  Works)  •  The   main   technique   to   minimize   power   consump8on   is   to   adjust   the   load   balancing   system   to   consolidate   the   workload   in   some   resources  of  the  cluster  to  shut  down  the  idle   resources.  •  At  the  end,  besides  having  an  economy  of  20%   compared   to   full8me   online   clusters,   it   saves   less  than  6%  of  the  whole  consump8on  of  the   data  center.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   84  
  85. 85. 2  Mo8va8on  (Related  Works)  •  R.   N.   Calheiros,   et   al.   “Cloudsim:   A   toolkit   for   modeling   and   simula8on   of   cloud   compu8ng   environments   and   evalua8on   of   resource   provisioning   algorithms”   Sodware:   Prac8ce   and  Experience.  2011.  •  Calheiros   et   al.   have   developed   a   framework   for   cloud   compu8ng   simula8on.   It   has   four   main  features:  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   85  
  86. 86. 2  Mo8va8on  (Related  Works)  •  (i)   it   allows   for   modeling   and   instan8a8on   of   major  cloud  compu8ng  infrastructures,  •  (ii)   it   offers   a   plagorm   providing   flexibility   of   service   brokers,   scheduling   and   alloca8ons   policies,    •  (iii)   its   virtualiza8on   engine   can   be   customized,   thus   providing   the   capability   to   simulate  heterogeneous  clouds,  and  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   86  
  87. 87. 2  Mo8va8on  (Related  Works)  •  (iv)   it   is   capable   of   choosing   the   scheduling   strategies  for  the  resources.  •  R.   Buyya,   et   al.   “Intercloud:   U8lity-­‐oriented   federa8on   of   cloud   compu8ng   environments   f o r   s c a l i n g   o f   a p p l i c a 8 o n   s e r v i c e s ”   Proceedings   of   the   10th   Interna8onal   Conference   on   Algorithms   and   Architectures   for  Parallel  Processing.  2010.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   87  
  88. 88. 2  Mo8va8on  (Related  Works)  •  Buyya   et   al.   suggested   crea8ng   federated   clouds,  called  Interclouds,  which  form  a  cloud   compu8ng   environment   to   support   dynamic   expansion  or  contrac8on.  •  The   simula8on   results   revealed   that   the   availability   of   these   federated   clouds   reduces   the   average   turn-­‐around   8me   by   more   than   50%.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   88  
  89. 89. 2  Mo8va8on  (Related  Works)  •  It   is   shown   that   a   significant   benefit   for   the   applica8on’s   performance   is   obtained   by   using   simple  load  migra8on  policies.  •  R.  Buyya,  et  al.  “Energy-­‐Efficient  Management  of   Data   Center   Resources   for   Cloud   Compu8ng:   A   Vision,   Architectural   Elements,   and   Open   Challenges”   in   Proceedings   of   the   2010   Interna8onal   Conference   on   Parallel   and   Distributed   Processing   Techniques   and   Applica8ons.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   89  
  90. 90. 2  Mo8va8on  (Related  Works)  •  Buyya  et  al.  aimed  to  create  architecture  of  green   cloud.   In   the   proposals   some   simula8ons   are   executed   comparing   the   outcomes   of   proposed   policies,   with   simula8ons   of   DVFS   (Dynamic   Voltage  and  Frequency  Scaling).  •  They   leave   other   possible   research   direc8ons   open,   such   as   op8miza8on   problems   due   to   the   virtual   network   topology,   increasing   response   8me   for   the   migra8on   of   VMs   because   of   the   delay  between  servers  or  virtual  machines  when   they  are  not  located  in  the  same  data  centers.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   90  
  91. 91. 2  Mo8va8on  (Related  Works)  •  L.   Liu,   et   al.   “Greencloud:   a   new   architecture   for   green   data   center”   in   Proceedings   of   the   6th   interna8onal   conference   industry   session   on  autonomic  compu8ng.  2009.  •  Liu   et   al.   presented   the   GreenCloud   architecture   to   reduce   data   center   power   consump8on   while   guaranteeing   the   performance  from  user  perspec8ve.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   91  
  92. 92. 2  Mo8va8on  (Related  Works)  •   P.  Mahavadevan,  et  al.  “On  Energy  Efficiency   for   Enterprise   and   Data   Center   Networks”   in   IEEE  Communica8ons  Magazine.  2011.  •  Mahadevan   et   al.   described   the   challenges   rela8ng   to   life   cycle   energy   management   of   network   devices,   present   a   sustainability   analysis   of   these   devices,   and   develop   techniques   to   significantly   reduce   network   opera8on  power.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   92  
  93. 93. 2  Mo8va8on  (Problem  Scenario)  •  To   understand   the   problem   scenario,   we   introduce   the   elements,   interac8ons,   and   opera8on  principles  in  green  clouds.  •  The   target   in   green   clouds   is:   how   to   keep   resources  turned  off  as  long  as  possible?  •  The   interac8ons   and   opera8on   principles   of   the  scenario  are:    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   93  
  94. 94. 2  Mo8va8on  (Problem  Scenario)  •  (i)   there   are   mul8ple   applica8ons   genera8ng   different  load  requirements  over  the  day;    •  (ii)   a   load   “balance”   system   distributes   the   load  to  ac8ve  servers  in  the  processing  pool;    •  (iii)  the  resources  are  grouped  in  clusters  that   include   servers   and   local   environmental   control  units;  and  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   94  
  95. 95. 2  Mo8va8on  (Problem  Scenario)  •  (iv)   the   management   system   can   turn   on/off   machines   over8me,   but   the   ques8on   is   when   to  ac8vate  resources  on-­‐demand?  •  In   other   words,   taking   too   much   delay   to   ac8vate   resources   in   response   to   a   surge   of   demand   (too   reac8ve)   may   result   in   the   shortage  of  processing  power  for  a  while.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   95  
  96. 96. 3  Proposals  and  Solu8ons    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   96  
  97. 97. 3  Proposals  and  Solu8ons    •  The  four  roles  that  opera8ons  system  may  be   classified  as  are:  VM  management;  Servers   management;  Network  management;  and   Environment  management.  •  The  three  roles  that  service  system  may  be   classified  as  are:  Monitor  element;  Service   scheduler;  and  Service  analyser.    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   97  
  98. 98. 4  Case  Studies    •  We   modeled   the   system   using   Norms   (NM),   Beliefs  (BL)  and  Plan  Rules  (PR),  inferring  that   we   would   need   (NM)   to   reduce   energy   consump8on.  •  Based   on   inferences   from   NM,   BL   and   PR   agents   would   monitor   the   system   and   determine  ac8ons  dynamically.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   98  
  99. 99. 5  Results    The   main   components   implemented   in   the   improved  version  at  CloudSim  are  as  follows:  HostMonitor:   controls   the   input   and   output   of   physical  machines;   VmMonitor:   controls   the   input   and   output   of  virtual   machines;   NewBroker:   controls   the   size   of  requests;   SensorGlobal:   controls   the   sensors;  CloudletSchedulerSpaceShareByTimeout:   controls   the  size   and   simula8on   8me;   VmAlloca8onPolicyExtended:  alloca8on   policy;   VmSchedulerExtended:   allocates   the  virtual   machines;   U8liza8onModelFunc8on:   checks   the  format  of  requests;  CloudletWai8ng:  controls  the  8me  of  the   request;   and   DatacenterExtended:   controls   the  datacenter.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   99  
  100. 100. 5  Results    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   100  
  101. 101. 5  Results    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   101  
  102. 102. 5  Results       Parameter   Value   VM  –  Image  size   1GB   VM  -­‐  RAM   256MB   PM  -­‐  Engine   Xen   PM  -­‐  RAM   8GB   PM  -­‐  Frequency   3.0GHZ     PM  -­‐  Cores   2   PROPOSED  SCENARIO  CHARACTERISTCS          OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   102  
  103. 103. 5  Results  (consump/on)  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   103  
  104. 104. 5  Results  (SLA  viola/ons)  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   104  
  105. 105. 5  Results  (Hybrid  strategy)    OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   105  
  106. 106. 5  Results  (Hybrid  strategy)   Strategy   Cost   Consump>on   On-­‐demand   -­‐  3.2  %     -­‐  23.5  %   Idle  resources     -­‐  49.0  %   -­‐  59.0  %     REDUCTION  OF  COST  AND  POWER  CONSUMPTION        OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   106  
  107. 107. 6  Conclusions    •  Tests  were  realized  to  prove  the  validity  of  the   system   by   u8lizing   the   CloudSim   simulator   from  the  University  of  Melbourne  in  Australia.  •  We   have   implemented   improvements   related   to  service-­‐based  interac8on.    •  We   implemented   migra8on   policies   and   reloca8on   of   virtual   machines   by   monitoring   and  controlling  the  system.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   107  
  108. 108. 6  Conclusions    We   achieved   the   following   results   in   the   test  environment:  -­‐   Dynamic   physical   orchestra8on   and   service  orchestra8on   led   to   87,18%   energy   savings,  when  compared  to  sta8c  approaches;  and  -­‐   Improvement   in   load   “balancing”   and   high  availability   schemas   provide   up   to   8,03%   SLA  error  decrease.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   108  
  109. 109. 7  Future  Works    •  As   future   work   we   intend   to   simulate   other   strategies  to  get  a  more  accurate  feedback  of  the   model,   using   other   simula8on   environment   and   tes8ng   different   approaches   of   beliefs   and   plan   rules.    •  Furthermore,   we   would   like   to   exploit   the   integra8on  of  other  approaches  from  the  field  of   ar8ficial   intelligence,   viz.   bayesian   networks,   advanced  strategies  of  inten8on  reconsidera8on,   and   improved   coordina8on   in   mul8-­‐agent   systems.  OCTOBER  -­‐  FLORIANÓPOLIS   SECCOM  2012  -­‐  UFSC   109  

×