This document discusses developing a taxonomy to map relationships between applications, virtual machines, hosts, and clients when performing upgrades and patches. It proposes creating a taxonomy based on analyzing errors that occur during application execution to understand dependencies. The taxonomy would classify applications based on their libraries, operating systems, and browsers to provide a troubleshooting guideline for upgrades. An experiment upgrading an application called Crawling encountered errors due to dependencies on older software versions. Mapping the application criteria and relationships in a taxonomy could help identify the root cause of issues and the steps to resolve them.
Abstraction and Automation: A Software Design Approach for Developing Secure ...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
ON FAULT TOLERANCE OF RESOURCES IN COMPUTATIONAL GRIDSijgca
Grid computing or computational grid is always a vast research field in academic, as well as in industry also. Computational grid provides resource sharing through multi-institutional virtual organizations for dynamic problem solving. Various heterogeneous resources of different administrative domain are virtually distributed through different network in computational grids. Thus any type of failure can occur at any point of time and job running in grid environment might fail. Hence fault tolerance is an important and challenging issue in grid computing as the dependability of individual grid resources may not be guaranteed. In order to make computational grids more effective and reliable fault tolerant system is necessary. The objective of this paper is to review different existing fault tolerance techniques applicable in grid computing. This paper presents state of the art of various fault tolerance technique and comparative study of the existing algorithms.
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
Cloud computing is a model for enabling convenient, on-demand network access
to a shared pool of configurable computing resources. Reliability in compute cloud is an
important aspect in Quality of Service which needs to be addressed in order to foster the
adoption of compute cloud. In today’s integrated environment the distributed systems is
employed to carry out computational intensive task at a faster rate without much
investment. The Cloud is a multitenant architecture which allows faster computation with
high scalability at a lower cost thereby the users can share the same physical infrastructure.
Individual customers deploy their applications in such environment will occupy the virtual
partitions on the platform. This paper describes a straightforward procedure to analyze the
reliability of the application from the view point of the resource provider. A trust
component is implemented to provide preventive control and to mitigate the occurrence of
any non-permissible action by using the detective mechanism. Such mechanisms are used to
identify the privacy risk and it further prevents from utilization. Hence, in this paper trust
assessment is performed before the user is allowed to share the multitenant infrastructure.
The cloud can provide scalable and reliable service for the legitimate users. The proposed
work is tested using tools Aneka and Globus Toolkit.
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Editor IJCATR
Network Intrusion detection and Countermeasure Election in virtual network systems (NICE) are used to establish a
defense-in-depth intrusion detection framework. For better attack detection, NICE incorporates attack graph analytical procedures into
the intrusion detection processes. We must note that the design of NICE does not intend to improve any of the existing intrusion
detection algorithms; indeed, NICE employs a reconfigurable virtual networking approach to detect and counter the attempts to
compromise VMs, thus preventing zombie VMs. NICE includes two main phases: deploy a lightweight mirroring-based network
intrusion detection agent (NICE-A) on each cloud server to capture and analyze cloud traffic. A NICE-A periodically scans the virtual
system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified
vulnerability toward the collaborative attack goals, NICE will decide whether or not to put a VM in network inspection state. Once a
VM enters inspection state, Deep Packet Inspection (DPI) is applied, and/or virtual network reconfigurations can be deployed to the
inspecting VM to make the potential attack behaviors prominent.
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
Cloud computing is an important transition that makes change in service oriented computing
technology. Cloud service provider follows pay-as-you-go pricing approach which means consumer uses as
many resources as he need and billed by the provider based on the resource consumed. CSP give a quality of
service in the form of a service level agreement. For transparent billing, each billing transaction should be
protected against forgery and false modifications. Although CSPs provide service billing records, they cannot
provide trustworthiness. It is due to user or CSP can modify the billing records. In this case even a third party
cannot confirm that the user’s record is correct or CSPs record is correct. To overcome these limitations we
introduced a secure billing system called THEMIS. For secure billing system THEMIS introduces a concept of
cloud notary authority (CNA). CNA generates mutually verifiable binding information that can be used to
resolve future disputes between user and CSP. This project will produce the secure billing through monitoring
the service level agreement (SLA) by using the SMon module. CNA can get a service logs from SMon and stored
it in a local repository for further reference. Even administrator of a cloud system cannot modify or falsify the
data.
Addressing Security Issues and Challenges in Mobile Cloud ComputingEditor IJCATR
The emergence of cloud computing has brought tremendous impact on software organizations and software architecture design. With the development of cloud computing and mobile internet, mobile cloud computing is becoming a new mode of application. With the widespread development of mobile applications and advances in mobile cloud computing, some other forms of requirements and security issues have been emerged. Mobile cloud computing provides resources residing over cloud and services provided for mobile devices. These resources and services from cloud are available for mobile user over their mobile devices. It also provides benefits for developing specialized mobile applications for them. However, increased security and privacy risks exists due to data outsourcing and synchronization over the Internet. This research paper provides the review on mobile cloud computing, its security issues, challenges and suggests some solutions.
Abstraction and Automation: A Software Design Approach for Developing Secure ...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
ON FAULT TOLERANCE OF RESOURCES IN COMPUTATIONAL GRIDSijgca
Grid computing or computational grid is always a vast research field in academic, as well as in industry also. Computational grid provides resource sharing through multi-institutional virtual organizations for dynamic problem solving. Various heterogeneous resources of different administrative domain are virtually distributed through different network in computational grids. Thus any type of failure can occur at any point of time and job running in grid environment might fail. Hence fault tolerance is an important and challenging issue in grid computing as the dependability of individual grid resources may not be guaranteed. In order to make computational grids more effective and reliable fault tolerant system is necessary. The objective of this paper is to review different existing fault tolerance techniques applicable in grid computing. This paper presents state of the art of various fault tolerance technique and comparative study of the existing algorithms.
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
Cloud computing is a model for enabling convenient, on-demand network access
to a shared pool of configurable computing resources. Reliability in compute cloud is an
important aspect in Quality of Service which needs to be addressed in order to foster the
adoption of compute cloud. In today’s integrated environment the distributed systems is
employed to carry out computational intensive task at a faster rate without much
investment. The Cloud is a multitenant architecture which allows faster computation with
high scalability at a lower cost thereby the users can share the same physical infrastructure.
Individual customers deploy their applications in such environment will occupy the virtual
partitions on the platform. This paper describes a straightforward procedure to analyze the
reliability of the application from the view point of the resource provider. A trust
component is implemented to provide preventive control and to mitigate the occurrence of
any non-permissible action by using the detective mechanism. Such mechanisms are used to
identify the privacy risk and it further prevents from utilization. Hence, in this paper trust
assessment is performed before the user is allowed to share the multitenant infrastructure.
The cloud can provide scalable and reliable service for the legitimate users. The proposed
work is tested using tools Aneka and Globus Toolkit.
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Editor IJCATR
Network Intrusion detection and Countermeasure Election in virtual network systems (NICE) are used to establish a
defense-in-depth intrusion detection framework. For better attack detection, NICE incorporates attack graph analytical procedures into
the intrusion detection processes. We must note that the design of NICE does not intend to improve any of the existing intrusion
detection algorithms; indeed, NICE employs a reconfigurable virtual networking approach to detect and counter the attempts to
compromise VMs, thus preventing zombie VMs. NICE includes two main phases: deploy a lightweight mirroring-based network
intrusion detection agent (NICE-A) on each cloud server to capture and analyze cloud traffic. A NICE-A periodically scans the virtual
system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified
vulnerability toward the collaborative attack goals, NICE will decide whether or not to put a VM in network inspection state. Once a
VM enters inspection state, Deep Packet Inspection (DPI) is applied, and/or virtual network reconfigurations can be deployed to the
inspecting VM to make the potential attack behaviors prominent.
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
Cloud computing is an important transition that makes change in service oriented computing
technology. Cloud service provider follows pay-as-you-go pricing approach which means consumer uses as
many resources as he need and billed by the provider based on the resource consumed. CSP give a quality of
service in the form of a service level agreement. For transparent billing, each billing transaction should be
protected against forgery and false modifications. Although CSPs provide service billing records, they cannot
provide trustworthiness. It is due to user or CSP can modify the billing records. In this case even a third party
cannot confirm that the user’s record is correct or CSPs record is correct. To overcome these limitations we
introduced a secure billing system called THEMIS. For secure billing system THEMIS introduces a concept of
cloud notary authority (CNA). CNA generates mutually verifiable binding information that can be used to
resolve future disputes between user and CSP. This project will produce the secure billing through monitoring
the service level agreement (SLA) by using the SMon module. CNA can get a service logs from SMon and stored
it in a local repository for further reference. Even administrator of a cloud system cannot modify or falsify the
data.
Addressing Security Issues and Challenges in Mobile Cloud ComputingEditor IJCATR
The emergence of cloud computing has brought tremendous impact on software organizations and software architecture design. With the development of cloud computing and mobile internet, mobile cloud computing is becoming a new mode of application. With the widespread development of mobile applications and advances in mobile cloud computing, some other forms of requirements and security issues have been emerged. Mobile cloud computing provides resources residing over cloud and services provided for mobile devices. These resources and services from cloud are available for mobile user over their mobile devices. It also provides benefits for developing specialized mobile applications for them. However, increased security and privacy risks exists due to data outsourcing and synchronization over the Internet. This research paper provides the review on mobile cloud computing, its security issues, challenges and suggests some solutions.
Risk Analysis and Mitigation in Virtualized EnvironmentsSiddharth Coontoor
As companies move towards hybrid cloud solution there are still many private cloud solutions still out there. Traditional risk assessment techniques cannot be applied to such virtual servers. This paper is an attempt to identify key assets and assess risks related to these critical assets.
NFV resiliency whitepaper - Ali Kafel, Stratus TechnologiesAli Kafel
This white paper makes the case for:
Why Resiliency Management Needs to be in the Software Infrastructure. It Covers:
- Fault Management and Resiliency Management
- Seamless Protection for Faster and Simpler Devl
- Multiple Levels of Availability
- Speed of Service Restoration & Redundancy Restoration
- State Management
- Higher Flexibility and Efficiency of Resiliency
- Demonstrating Carrier Grade Availability and Resiliency
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environmentsmlaij
Incredible and amazing growths in the meadow of extranet, internet, intranet and its users have developed an innovative period of great global competition and contention. Denial of service attack by several computers is accomplished of distressing the services of competitor servers. The attack can be done for various reasons. So it is a key threat for cloud environment. Distributed-Denial of Service (DDoS) is a key intimidation to network and cloud computing security. Cloud computing Network is a group of nodes that interrelate with each other for switch over the information. So security is the major issue. There are several security attacks in cloud computing. One of the major intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two different behaviours they may happen obviously or it may due to some attackers.
This paper describes the concept of implementing the network vulnerability assessment process as a web service in Eucalyptus cloud.This paper is published in one of the international conferences.I implemented the mentioned concept during my M.E. thesis.
The Indo-American Journal of Agricultural and Veterinary Sciences is an online international journal published quarterly. It is a peer-reviewed journal that focuses on disseminating high-quality original research work, reviews, and short communications of the publishable paper.
Ant colony Optimization: A Solution of Load balancing in Cloud dannyijwest
As the cloud computing is a new style of computing over internet. It has many advantages along with some
crucial issues to be resolved in order to improve reliability of cloud environment. These issues are related
with the load management, fault tolerance and different security issues in cloud environment. In this paper
the main concern is load balancing in cloud computing. The load can be CPU load, memory capacity,
delay or network load. Load balancing is the process of distributing the load among various nodes of a
distributed system to improve both resource utilization and job response time while also avoiding a
situation where some of the nodes are heavily loaded while other nodes are idle or doing very little work.
Load balancing ensures that all the processor in the system or every node in the network does
approximately the equal amount of work at any instant of time. Many methods to resolve this problem has
been came into existence like Particle Swarm Optimization, hash method, genetic algorithms and several
scheduling based algorithms are there. In this paper we are proposing a method based on Ant Colony
optimization to resolve the problem of load balancing in cloud environment.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
2. Sharipah Setapa, Shahrol Hisham Baharom, Luke Jing Yuan
Jurnal Intelek Vol 14, Issue 2 (Dec 2019)
95
existing and upcoming projects to reduce the cost for maintenance. The cost of managing the VM every
month is dependent on the type of VM being looked at. As an example, for our case, the cost to manage
four VMs can cost a hundred dollar.
Table 1: VM specification
ID NAME IP VCPU MEMORY STAT
1982 Wiki 10.1.70.147 2 1024M Running
2086 DB 10.1.70.221 2 1024M Running
2093 MBIS2 10.1.70.227 4 8G Running
2106 DB1 10.1.70.20 4 8G Running
Each activity in the host is monitored to avoid wasting resources or any inactive VM. This table shows
four VMs that are created, with their respective VCPU and memory. All the VMs are running but a
notification will be sent often as a reminder to take any necessary action if the VMs are inactive. An
email or notification is sent to the owner to review the VM applicability. There is a checklist for patching
such as (Scarfone et al., 2005):
• Preparation by standardising the configuration and providing awareness to client
• Vulnerability identification
• Identifying patch for specific vulnerability
• Patch testing before deploying to production
• Patch deployment to client if the testing is a success
Client business model, physical host patching and VM purposes are another extra checklist that need to be
included if the patching involved a virtualisation layer. Other advisory for vulnerability can be provided
by CERT Coordination Center or vendor through websites and mailing lists. Shown in Table 2 below are
some samples of patch type based on vendor severity.
Table 2: Patch type
Item Vendor severity Patch type
1 Critical Security patches
2 important Non-Security Patch
3 low Security tool
There are different criteria for a patch. A patch can be critical, important or low based on their vendor
severity. Categorisation of patch type is based on security, non-security and security tool. With this type
of properties involved it can be converted into taxonomy for deployment and execution of the application
involved. A classification of different type of application’s functionality can make the application be
executed as intended. The purpose of the second layer of application is to test the result and at the same
time to identify whether the first application is working as expected.
The virtualisation layer, which is created in the host, causes security to become complex with a new
paradigm. The new paradigm creates multi tenancy application with various users. Each user is able to
access the application that resides in the host.
The rest of this paper is organised as follows: The first section discusses the problem statement and
objectives of our proposed work. The second section discusses cloud orchestra ecosystem while the third
section discusses a methodology to backup existing configuration and relation with host and VM for
observation. Next, the fourth section discusses the related works that are relevant and providing
3. Sharipah Setapa, Shahrol Hisham Baharom, Luke Jing Yuan
Jurnal Intelek Vol 14, Issue 2 (Dec 2019)
96
background knowledge to our work. Finally, last section concludes the proposed research work and
explores the feasibility of future work.
PROBLEM STATEMENT
A routine task of upgrading and patching in certain period of time is necessary in order to provide a
service and checkup of each machines and virtualisation resources. The other reason for upgrading is to
support the application execution for specific tasks. During deployment of the application, which is
related with other applications, it does not convert into a structure for observation when the execution
occurs. This lacking can cause a problem for troubleshooting when execution face a failure for existing
library resources or operating system which not follow the standard specification. There is no guideline or
standard strategies to formulate the errors that exist, linkage properties between application and
specification and tool which involved during testing. Any update or upgrade on the multi-tenancy
application, which operated in silo or non-silo, can cause impact to the host. The virtualisation layer that
is created from a physical host can contribute to the attack of the physical host through the flexibility of
multi tenancy application under infrastructure as a service (IAAS).
CLOUD ORCHESTRA
Each of the entities has a different ecosystem from one another. For example, if the client is
interconnected with each other, as shown in Figure 1, then a middleman is needed to ensure that if
anything happens to client A, it will not impact client B.
Figure 1: Network client
Each client consists of a respective cloud portal to manage the virtual resources. Information must be
acquired through an audit in order to verify the resources before the process of upgrading can happen. A
detailed framework of taxonomy is not provided to show how the mapping between application, virtual
resources, client A and client B, if the system which be updated have a relation with other devices.
The compatibility and complexity task of upgrading the operating system (OS) and application in various
situation which involved virtualization will not be discussed. The interoperability or impact to other setup
after upgrading at host level to virtual machine will not be formulated into a taxonomy structure as a
reference for next upgrade. For example, the change at the host level can cause instability of the
virtualisation layer especially for connectivity of virtual machine. It is important to backup existing
configuration of network, application or database as a reference for the error impact which is caused by
the new deployment for later audit (Ishizu et al., 2008).
4. Sharipah Setapa, Shahrol Hisham Baharom, Luke Jing Yuan
Jurnal Intelek Vol 14, Issue 2 (Dec 2019)
97
In the cloud there are variants of VM that reside in it, which are active and non-active, but not to be
deleted by the owner. This can cause a degradation of optimisation of another VM. There is a
management portal which allows the user to manage virtual resources under single interface as show in
Figure 2. Cloud orchetsrator consists of:
• Front-end – provisions and operates services requested by the user. Network Virtualisation
Manager shall install in front-end
• Node – physical host that will run the virtual resources
• Secure Authentication system which allows user to sign in, using just one 'identity', to various
systems.
Figure 2: Cloud and gateway authentication
Upgrading Operating System Scenario
Each upgrading and patching effect can be different on host and VM which cause disturbance in
the ecosystem of cloud computing. In Figure 2, existing host specification is utilised but it is involved in
formatting the operating system only. The interface which is called the gateway authentication is also
involved with the upgrading at the same time by upgrade the new version to support the latest OS.
Updating Security Patches, Bug Fixes and Application Upgrades
This standard patching and upgrading are based on the operating system. For ubuntu the command
as below can support the update.
METHODOLOGY
The new deployment when upgrading or patching is tested with physical connectivity as a reference for
the condition of the environment. Then a test is carried to see whether the host-to-host connectivity is
working as expected as shown in Figure 4. In this Figure, a virtual network is created with multi tenancy.
First, the breakdown of the categories into different clusters is shown below:
• Host under different cluster communicate with VM under different cluster
• Host to VM and VM to VM in same cluster
Example for updated Commands
sudo apt update && sudo apt upgrade -y
- It will updating the package
5. Sharipah Setapa, Shahrol Hisham Baharom, Luke Jing Yuan
Jurnal Intelek Vol 14, Issue 2 (Dec 2019)
98
Figure 4: Cluster 1 and cluster 2 with virtual network
Physical and virtual device configuration is kept as a reference. Prior to that, a backup for all
configurations before any activity of upgrading or patching is done. This is done as a precaution if the
new deployment is not working as expected.
Testing Method
The connectivity is be classified between host-to-host, host-to-VM and VM-to-VM. First, test the
connectivity between different clusters and secondly, between same cluster.
• Connectivity between different clusters
Figure 5: Connectivity between different clusters of the network
6. Sharipah Setapa, Shahrol Hisham Baharom, Luke Jing Yuan
Jurnal Intelek Vol 14, Issue 2 (Dec 2019)
99
• Test the connectivity of VM which reside in the host on same cluster
Figure 6: Connectivity between the same cluster of the network
This observation can be formulated into a strategy selection for specific properties’ relationships to
identify the operation of the application, which reside on the cloud portal. In this situation, an analogical
model of the application’s properties and how it can be converted into a structure will be discussed when
the result of the testing is obtained.
RELATED WORKS
Morsy et al. (2010) analyses existing challenges and issues involving cloud computing security problem
with multi-tenancy application and elasticity. Each multi-tenancy application with different approach
technique has a risk that can impact the memory and hardware of the host. It also causes issues in
securing the VM and workload in one of the devices inside the virtualisation layer from common security
threats that affect the host such as malware and viruses. Priya Iyer et al. (2014) analyses a security issue
faced by both the cloud supplier and customers though it provides many services and has several
advantages. Basu et al. (2017) proposed a quantitative methodology to compute individual risk associated
with the assets. Chakraborty et al. (2012) studied business strategies related to parliamentary
government's departments. In addition, cluster strategies were identified which belong to respective of the
taxonomy. A classification strategy develops a tool to facilitate a role of strategy formulator for business
strategy.
EXPERIMENTAL RESULT
An application, which needs to be upgraded in the system, is studied. Then the process of how to
formulate the structure application which reside in virtual resources such as VM is also studied.
Upgrading the operating system without specific application that resides in the device is easier compared
to when the machine has an application which is related with other applications. Upgrading or updating
the library can cause imbalance to other application. It is recommended to back up the application
configuration from the perspective of the network communication or software configuration. Upgrading
the host without considering the VM can cause VM’s appliance to stop working properly.
A specific application called Crawling needs to be installed. Unfortunately, the system cannot find
certain packages, which can execute the crawling. Once the error is given, then a new technique and
solution is wasted by try and error without a proper linkage and structure to solve the issue. Breakdown of
the error into different categories show the relation with the web. It is still unclear why a combination of
Selenium with Python does not match up during execution. At the end, this study was unable to get
7. Sharipah Setapa, Shahrol Hisham Baharom, Luke Jing Yuan
Jurnal Intelek Vol 14, Issue 2 (Dec 2019)
100
Selenium with Python to execute a Firefox web browser. There is no clear guideline until a mapping
taxonomy is done to ease the situation when the error exists, as shown below:
A link and relation of the application is given as a step to analyse the chronology of the situation (Doty
et.al., 1994). This is a result of existing machine using an older version of Firefox. A dependency
happened and needed to be updated. A package named Python, an operating system with Ubuntu
14.04LTS is utilised with an older version of Firefox. A selected package is updated though a package
that includes Python, dist-package, build-essential, libpq-dev, libssl-dev opnessl libffi-dev, zlibig-dev. At
the end, the portal needed to be updated with the new version if the existing Firefox is not supported as
shown in Figure 7.
Figure 7: Update and install new portal
Application 1 is given an error as below. It shows that the first error mentioned about Selenium and
relation with the web driver. An arrangement of criteria is based on certain specifications. The criteria are
characters of structure application and functionality, which relate with the library and browser.
Application’s criteria are highlighted by the breakdown into library, operating system and browser as
shown in Figure 8.
Figure 8: Taxonomy guideline for upgrading
A prerequisite installation for the new version of Python and Geckodriver will impact the Firefox browser
due to their relationship with each other. Library 1 and library 2 on Application 1 contribute to the
browser capability. When Application 2 is installed to test whether Application 1 is working or not, it
shows a relationship between the two libraries.
8. Sharipah Setapa, Shahrol Hisham Baharom, Luke Jing Yuan
Jurnal Intelek Vol 14, Issue 2 (Dec 2019)
101
Based on the test strategy, a classification is developed between the libraries, supporting tool and multiple
applications thus identifying the taxonomy relationship. A property taxonomy of the relationship between
the first and second application can show how the linkage are arranged between the two applications. The
second application is proposed for troubleshooting of the first application.
RECOMMENDATION
The taxonomy relationship can improve the domain functionality by adding some modification in the
middle for the query classification (Bruce Croft et al., 2010) or by adding classification optimisation. A
long keyword sometimes can give an accurate hit but the traffic is low and it will depend on the specific
application. A low traffic for a specific application which have a simple keyword is based on the
application error exist during troubleshooting.
A regular keyword for a specific application can create a heavy traffic but not significant result. For
example, when giving selenium as a keyword during troubleshooting, it will show an involvement of the
web. By using a different keyword style, if the keyword is web and selenium, used together, the amount
hit will randomly give a result without specific solution to the error that exists. A specific keyword can
cause multiple results but unfortunately, it will not give a significant hit. A long keyword sometimes can
give an accurate hit, but the traffic is low and will depend on the specific application. A low traffic for a
specific application with a simple keyword is based on the application error during trouble shooting.
Shown below in Figure 9 is the short keyword and long keyword. The significant hit can be different for
each keyword. It is categorised as low, medium and high as a threshold during searching the relevant
information for specific cases. This categorisation can optimise the process of finding a specific solution.
Figure 9: Taxonomy chronology mapping for test the application.
CONCLUSION
Although all the upgrade and update had already been done, a process to ease the troubleshooting can be
provided based on the taxonomy classification and search engine strategy. A mapping taxonomy for
upgrading is done to reduce the risk and give awareness and decision suggestion for incoming situation
when the errors still exist. In this case study, a complex situation is faced when the environment of the
application is not upgraded and updated properly for deployment. The decision can give an early warning
by identifying and analysing possible future events, which will happen if the execution is selected with a
9. Sharipah Setapa, Shahrol Hisham Baharom, Luke Jing Yuan
Jurnal Intelek Vol 14, Issue 2 (Dec 2019)
102
specific library. A test strategy provides a standardised checking through a classification of taxonomy and
searching strategy. This formulated strategy and taxonomy can be expanded to approach a complex
virtualisation layer.
REFERENCES
Zhou, W., Ning, P., Zhang, X., Ammons, G., Wang, R., & Bala, V. 2010. Always up-to-date – Scalable
offline patching of VM images in a compute cloud. Paper presented at Twenty-Sixth Annual
Computer Security Applications Conference, ACSAC 2010, Austin, Texas, USA.
Scarfone, K., Soupp, M., & Johnson, P. M. 2005. Guidance for securing Microsoft Windows XP systems
for IT professionals: A NIST Security Configuration Checklist. Recommendations of the National
Institute of Standards and Technology. NIST Special Publication 800-68.
Morsy, M. A., Grundy, J., & Müller, I. 2010. An analysis of the cloud computing security problem.
Presented at Asia Pacific Cloud Workshop, Colocated with APSEC2010, Australia.
Priya Iyer, K.B., Priya, P., & Anusha, R. 2014. Analysis on Cloud Computing Security Issues, Threats
and Solutions. Presented at International Conference on Communication, Computing and
Information Technology (ICCCMIT-2014).
Basu, S., Sengupta, A., & Mazumdar, C. 2017. A Quantitative Methodology for Cloud Security Risk
Assessment. Presented at 7th International Conference on Cloud Computing and Services Science.
Chakraborty, A., & Stewart, G. 2012. Strategy Taxonomy and Classification System Development –
Study of two State Governments. Presented at Sixth IEEE International Conference on
Management of Innovations and Technology.
Doty, D. H., & Glick, W.H., 1994. Typologies as a unique form of theory building: Toward improved
understanding and modelling. Journal Academy of Management,19, p.230.
Bruce Croft, W., Metzler, D., & Strohman, T. 2010. Search Engines: Information retrieval in practice.
Boston, Massachusetts: Pearson Education.