Showing papers on "Temporal isolation among virtual machines published in 2014"

Method and System for Identity-Based Authentication of Virtual Machines

Abstract: A cloud computing system configured to run virtual machine instances is disclosed. The cloud computing system assigns an identity to each virtual machine instance. When the virtual machine instance accesses initial configuration resources, it provides this identity to the resources to authenticate itself. This allows for flexible and extensible initial configuration of virtual machine instances.

Multi-Interface, Multi-Layer State-full Load Balancer For RAN-Analytics Deployments In Multi-Chassis, Cloud And Virtual Server Environments

Abstract: An apparatus and method for steering and load-balancing mobile network traffic with user session awareness from multiple control and user plane protocols while understanding the load on the corresponding physical or virtual servers in cloud and virtual deployments is disclosed. This traffic could be monitored traffic, such as from optical taps, or network probes of mobile network interfaces, or port mirrors from network devices, or inline traffic when the load-balancer is logically placed inline in the network before the Virtual Network Functions, such as Virtual SGW (vSGW), Virtual SGSN (vSGSN), Virtual PGW (vPGW), Virtual MME (vMME), or Virtual Performance Enhancing proxy(vPEP). The apparatus and methods identified herein allow additional capabilities, such as ensuring that both directions of a protocol flow target the same physical or virtual server, or both control plane and user plane protocols of a flow are forwarded to the same server.

End-to-end performance isolation through virtual datacenters

Abstract: The lack of performance isolation in multi-tenant datacenters at appliances like middleboxes and storage servers results in volatile application performance. To insulate tenants, we propose giving them the abstraction of a dedicated virtual datacenter (VDC). VDCs encapsulate end-to-end throughput guarantees--specified in a new metric based on virtual request cost--that hold across distributed appliances and the intervening network.We present Pulsar, a system that offers tenants their own VDCs. Pulsar comprises a logically centralized controller that uses new mechanisms to estimate tenants' demands and appliance capacities, and allocates datacenter resources based on flexible policies. These allocations are enforced at end-host hypervisors through multi-resource token buckets that ensure tenants with changing workloads cannot affect others. Pulsar's design does not require changes to applications, guest OSes, or appliances. Through a prototype deployed across 113 VMs, three appliances, and a 40 Gbps network, we show that Pulsar enforces tenants' VDCs while imposing overheads of less than 2% at the data and control plane.

A Performance Comparison of Container-Based Virtualization Systems for MapReduce Clusters

Abstract: Virtualization as a platform for resource-intensive applications, such as MapReduce (MR), has been the subject of many studies in the last years, as it has brought benefits such as better manageability, overall resource utilization, security and scalability. Nevertheless, because of the performance overheads, virtualization has traditionally been avoided in computing environments where performance is a critical factor. In this context, container-based virtualization can be considered a lightweight alternative to the traditional hypervisor-based virtualization systems. In fact, there is a trend towards using containers in MR clusters in order to provide resource sharing and performance isolation (e.g., Mesos and YARN). However, there are still no studies evaluating the performance overhead of the current container-based systems and their ability to provide performance isolation when running MR applications. In this work, we conducted experiments to effectively compare and contrast the current container-based systems (Linux VServer, OpenVZ and Linux Containers (LXC)) in terms of performance and manageability when running on MR clusters. Our results showed that although all container-based systems reach a near-native performance for MapReduce workloads, LXC is the one that offers the best relationship between performance and management capabilities (specially regarding to performance isolation).

Performance characteristics of virtual switching

Abstract: Virtual switches, like Open vSwitch, have emerged as an important part of cloud networking architectures. They connect interfaces of virtual machines and establish the connection to the outer network via physical network interface cards. Today, all important cloud frameworks support Open vSwitch as the default virtual switch. However, general understanding about the performance implications of Open vSwitch in different usage scenarios is missing. In this work we provide insights into the performance properties by systematically conducting measurements in virtual switching setups. We present quantitative and qualitative performance results of Open vSwitch in scenarios involving physical and virtual network interfaces.

System and method for on-demand cloning of virtual machines

Abstract: A system for on-demand cloning of virtual machines (VMs) includes a virtual server to host a number of VMs, the virtual server including at least one master VM. The system also includes a Web server to authenticate a user in response to a request for online access to a new VM on the virtual server. In addition, the system includes a cloning module, in communication with the Web server and the virtual server, to automatically clone the master VM to create a unique VM clone for the user on the virtual server responsive to the request.

Failure Analysis of Virtual and Physical Machines: Patterns, Causes and Characteristics

Abstract: In today's commercial data centers, the computation density grows continuously as the number of hardware components and workloads in units of virtual machines increase. The service availability guaranteed by data centers heavily depends on the reliability of the physical and virtual servers. In this study, we conduct an analysis on 10K virtual and physical machines hosted on five commercial data centers over an observation period of one year. Our objective is to establish a sound understanding of the differences and similarities between failures of physical and virtual machines. We first capture their failure patterns, i.e., the failure rates, the distributions of times between failures and of repair times, as well as, the time and space dependency of failures. Moreover, we correlate failures with the resource capacity and run-time usage to identify the characteristics of failing servers. Finally, we discuss how virtual machine management actions, i.e., consolidation and on/off frequency, impact virtual machine failures.

Storage system with virtual disks

Abstract: An administrator provisions a virtual disk in a remote storage platform and defines policies for that virtual disk. A virtual machine writes to and reads from the storage platform using any storage protocol. Virtual disk data within a failed storage pool is migrated to different storage pools while still respecting the policies of each virtual disk. Snapshot and revert commands are given for a virtual disk at a particular point in time and overhead is minimal. A virtual disk is cloned utilizing snapshot information and no data need be copied. Any number of Zookeeper clusters are executing in a coordinated fashion within the storage platform, thus increasing overall throughput. A timestamp is generated that guarantees a monotonically increasing counter, even upon a crash of a virtual machine. Any virtual disk has a “hybrid cloud aware” policy in which one replica of the virtual disk is stored in a public cloud.

Problem Statement: Overlays for Network Virtualization

Abstract: This document describes issues associated with providing multi-tenancy in large data center networks and how these issues may be addressed using an overlay-based network virtualization approach. A key multi- tenancy requirement is traffic isolation so that one tenant's traffic is not visible to any other tenant. Another requirement is address space isolation so that different tenants can use the same address space within different virtual networks. Traffic and address space isolation is achieved by assigning one or more virtual networks to each tenant, where traffic within a virtual network can only cross into another virtual network in a controlled fashion (e.g., via a configured router and/or a security gateway). Additional functionality is required to provision virtual networks, associating a virtual machine's network interface(s) with the appropriate virtual network and maintaining that association as the virtual machine is activated, migrated, and/or deactivated. Use of an overlay-based approach enables scalable deployment on large network infrastructures.

Apparatus and method for virtual desktop service

Abstract: Disclosed herein are a method and architecture capable of efficiently providing virtual desktop service. A service architecture for virtual desktop service according to the present invention includes a connection broker configured to perform authentication, manage virtual machines, and perform a server monitoring and protocol coordination function, a resource pool configured to manage software resources that are delivered to a specific virtual machine in a streaming form on a specific time in order to provide on-demand virtual desktop service and are executed on the specific virtual machine and to provide provision information about the managed software resources in response to a request from the connection broker, and a virtual machine infrastructure configured to support hardware resources, generate virtual machines in which the software of a user terminal is executed, and provide the generated virtual machine as virtual desktops.

Software deployment in a distributed virtual machine environment

Abstract: A computer implemented method for deploying, in a distributed virtual environment, a multi-component software product is disclosed. The method may include requesting and receiving product installation parameters, which may include virtual machine IDs corresponding to subsets of the product installation parameters. The method may also include copying software product installation files and parameters onto a first virtual machine, halting the first virtual machine, cloning the first virtual machine to a second virtual machine and setting virtual machine IDs on the virtual machines. The method may also include starting the virtual machines and identifying, based on virtual machine IDs, subsets of the product installation parameters. The method may also include deploying, based on subsets of the product installation parameters, the software product by installing first and second components of the software product on the first and second virtual machines, respectively.

Network Virtualization Policy Management System

Abstract: Concepts and technologies are disclosed herein for providing a network virtualization policy management system. An event relating to a service can be detected, and virtual machines and virtual network functions that provide the service can be identified. A first policy that defines allocation of hardware resources to host the virtual machines and the virtual network functions can be obtained, as can a second policy that defines deployment of the virtual machines and the virtual network functions to the hardware resources. The hardware resources can be allocated based upon the first policy and the virtual machines and the virtual network functions can be deployed to the hardware resources based upon the second policy.

Secure Live Virtual Machines Migration: Issues and Solutions

Abstract: In recent years, there has been a huge trend towards running network intensive applications, such as Internet servers and Cloud-based service in virtual environment, where multiple virtual machines (VMs) running on the same machine share the machine's physical and network resources. In such environment, the virtual machine monitor (VMM) virtualizes the machine's resources in terms of CPU, memory, storage, network and I/O devices to allow multiple operating systems running in different VMs to operate and access the network concurrently. A key feature of virtualization is live migration (LM) that allows transfer of virtual machine from one physical server to another without interrupting the services running in virtual machine. Live migration facilitates workload balancing, fault tolerance, online system maintenance, consolidation of virtual machines etc. However, live migration is still in an early stage of implementation and its security is yet to be evaluated. The security concern of live migration is a major factor for its adoption by the IT industry. Therefore, this paper uses the X.805 security standard to investigate attacks on live virtual machine migration. The analysis highlights the main source of threats and suggests approaches to tackle them. The paper also surveys and compares different proposals in the literature to secure the live migration.

Monitoring and dynamic configuration of virtual-machine memory-management

Abstract: The current document is directed to methods and systems for monitoring the performance of memory management in virtual machines. By accurately measuring the performance of memory management in virtual machines, a virtualization layer can dynamically reconfigure virtual machines to use more optimal memory-management methods, intelligently schedule execution of virtual machines to increase memory-management performance, and migrate virtual machines among different servers and computer systems to increase memory-management performance.

Single Core Equivalent Virtual Machines for Hard Real—Time Computing on Multicore Processors

Abstract: CNS-1302563; CNS-1219064; ONR N00014-12-1-0046; Lockheed Martin 2009-00524; Rockwell Collins RPS#645038

Dynamic forecast scheduling algorithm for virtual machine placement in cloud computing environment

Abstract: In most cloud computing platforms, the virtual machine quotas are seldom changed once initialized, although the current allocated resources are not efficiently utilized. The average utilization of cloud servers in most datacenters can be improved through virtual machine placement optimization. How to dynamically forecast the resource usage becomes a key problem. This paper proposes a scheduling algorithm called virtual machine dynamic forecast scheduling (VM-DFS) to deploy virtual machines in a cloud computing environment. In this algorithm, through analysis of historical memory consumption, the most suitable physical machine can be selected to place a virtual machine according to future consumption forecast. This paper formalizes the virtual machine placement problem as a bin-packing problem, which can be solved by the first-fit decreasing scheme. Through this method, for specific virtual machine requirements of applications, we can minimize the number of physical machines. The VM-DFS algorithm is verified through the CloudSim simulator. Our experiments are carried out on different numbers of virtual machine requests. Through analysis of the experimental results, we find that VM-DFS can save 17.08 % physical machines on the average, which outperforms most of the state-of-the-art systems.

Merlin: Application- and Platform-aware Resource Allocation in Consolidated Server Systems

Abstract: Workload consolidation, whether via use of virtualization or with lightweight, container-based methods, is critically important for current and future datacenter and cloud computing systems. Yet such consolidation challenges the ability of current systems to meet application resource needs and isolate their resource shares, particularly for high core count or 'scaleup' servers. This paper presents the 'Merlin' approach to managing the resources of multicore platforms, which satisfies an application's resource requirements efficiently -- using low cost allocations -- and improves isolation -- measured as increased predictability of application execution. Merlin (i) creates a virtual platform (VP) as a system-level resource commitment to an application's resource shares, (ii) enforces its isolation, and (iii) operates with low runtime overhead. Further, Merlin's resource (re)-allocation and isolation methods operate by constructing online models that capture the resource 'sensitivities' of the currently running applications along all of their resource dimensions. Elevating isolation into a first-class management principle, these sensitivity- and cost-based allocation and sharing methods lead to efficient methods for shared resource use on scaleup server systems. Experimental evaluations on a large core-count machine demonstrate improved performance with reduced performance variation and increased system throughput and efficiency, for a wide range of popular datacenter workloads, compared with the methods used in prior work and with the state-of-art Xen hypervisor.

CloudVMI: Virtual Machine Introspection as a Cloud Service

Abstract: Virtual machine introspection (VMI) is a mechanism that allows indirect inspection and manipulation of the state of virtual machines. The indirection of this approach offers attractive isolation properties that has resulted in a variety of VMI-based applications dealing with security, performance, and debugging in virtual machine environments. Because it requires privileged access to the virtual machine monitor, VMI functionality is unfortunately not available to cloud users on public cloud platforms. In this paper, we present our work on the CloudVMI architecture to address this concern. CloudVMI virtualizes the VMI interface and makes it available as-a-service in a cloud environment. Because it allows introspection of users' VMs running on arbitrary physical machines in a cloud environment, our VMI-as-a-service abstraction allows a new class of cloud-centric VMI applications to be developed. We present the design and implementation of CloudVMI in the Xen hypervisor environment. We evaluate our implementation using a number of VMI applications, including a simple application that illustrates the cross-physical machine capabilities of CloudVMI.

Balanced resource allocations across multiple dynamic MapReduce clusters

Abstract: Running multiple instances of the MapReduce framework concurrently in a multicluster system or datacenter enables data, failure, and version isolation, which is attractive for many organizations. It may also provide some form of performance isolation, but in order to achieve this in the face of time-varying workloads submitted to the MapReduce instances, a mechanism for dynamic resource (re-)allocations to those instances is required. In this paper, we present such a mechanism called Fawkes that attempts to balance the allocations to MapReduce instances so that they experience similar service levels. Fawkes proposes a new abstraction for deploying MapReduce instances on physical resources, the MR-cluster, which represents a set of resources that can grow and shrink, and that has a core on which MapReduce is installed with the usual data locality assumptions but that relaxes those assumptions for nodes outside the core. Fawkes dynamically grows and shrinks the active MR-clusters based on a family of weighting policies with weights derived from monitoring their operation.We empirically evaluate Fawkes on a multicluster system and show that it can deliver good performance and balanced resource allocations, even when the workloads of the MR-clusters are very uneven and bursty, with workloads composed from both synthetic and real-world benchmarks.

High availability system allowing conditionally reserved computing resource use and reclamation upon a failover

Abstract: In one embodiment, a method determines a first set of virtual machines and a second set of virtual machines. The first set of virtual machines is associated with a first priority level and the second set of virtual machines is associated with a second priority level. A first set of computing resources and a second set of computing resources are associated with hosts. Upon determining a failure of a host, the method performs: generating a power off request for one or more of the second set of virtual machines powered on the second set of computing resources and generating a power on request for one or more virtual machines from the first set of virtual machines that were powered on the failed host, the power on request powering on the one or more virtual machines from the first set of virtual machines on the second set of computing resources.

Performant host selection for virtualization centers

Abstract: A host for a virtual machine is selected by first electronically receiving (i) a virtual-machine allocation request for resources in a cluster of servers upon which a plurality of virtual machines are executing and (ii) performance data related to the execution of the plurality of virtual machines. The effect of executing a new virtual machine associated with the request on each server using on the gathered performance data is simulated, and a server is selected based on a result of the simulation; the new virtual machine is caused to execute on the selected server.

Methods, systems, and computer readable storage devices for managing faults in a virtual machine network

Abstract: Faults are managed in a virtual machine network. Failure of operation of a virtual machine among a plurality of different types of virtual machines operating in the virtual machine network is detected. The virtual machine network operates on network elements connected by transport mechanisms. A cause of the failure of the operation of the virtual machine is determined, and recovery of the virtual machine is initiated based on the determined cause of the failure.

Systems and methods to load applications and application data into a virtual machine using hypervisor-attached volumes

Abstract: Systems, methods, and software are described herein for operating a data management system, including a virtual machine agent running within a virtual machine responding to an attach-triggering event, determining selected storage volumes to be attached to the virtual machine based on a request generated by the virtual agent in response to the attach-triggering event, and dynamically attaching the selected storage volumes to the virtual machine.

CIVSched: A Communication-Aware Inter-VM Scheduling Technique for Decreased Network Latency between Co-Located VMs

Abstract: Server consolidation in cloud computing environments makes it possible for multiple servers or desktops to run on a single physical server for high resource utilization, low cost, and reduced energy consumption. However, the scheduler in the virtual machine monitor (VMM), such as Xen credit scheduler, is agnostic about the communication behavior between the guest operating systems (OS). The aforementioned behavior leads to increased network communication latency in consolidated environments. In particular, the CPU resources management has a critical impact on the network latency between co-located virtual machines (VMs) when there are CPU- and I/O-intensive workloads running simultaneously. This paper presents the design and implementation of a communication-aware inter-VM scheduling (CIVSched) technique that takes into account the communication behavior betweeninter-VMs running on the same virtualization platform. The CIVSched technique inspects the network packets transmitted between local co-resident domains to identify the target VM and process that will receive the packets. Thereafter, the target VM and process are preferentially scheduled by the VMM and the guest OS. The cooperation of these two schedulers makes the network packets to be timely received by the target application. Experimental results on the Xen virtualization platform depict that the CIVSched technique can reduce the average response time of network traffic by approximately 19 percent for the highly consolidated environment, while keeping the inherent fairness of the VMM scheduler.

Selecting virtual machines to be migrated to public cloud during cloud bursting based on resource usage and scaling policies

Abstract: A method, system and computer program product for selecting virtual machines to be migrated to a public cloud. The current resource usage for virtual machine instances running in the private cloud is determined. Furthermore, any scaling policies attached to the virtual machine instances running in the private cloud are obtained. Additional resource usages for any of the virtual machine instances with a scaling policy are computed for when these virtual machine instances are scaled out. A cost of running a virtual machine instance in the public cloud is then determined using its current resource usage as well as any additional resource usage if a scaling policy is attached to the virtual machine instance based on the cost for running virtual machine instances in a public cloud. If the cost is less than a threshold cost, then the virtual machine instance is selected to be migrated to the public cloud.

Live Virtual Machine Migration Techniques in Cloud Computing: A Survey

Abstract: Cloud computing is a service where storage and computing resources accessed on subscription basis. Cloud computing is powered by virtualization technology .Live migration is the process of moving a running virtual machine or an application between different physical machines without disconnecting the client , memory, network connectivity and storage of the virtual machine are transferred from the original host machine to the destination. This capability is being increasingly utilized in today’s enterprise environments to provide efficient online system maintenance, reconfiguration, load balancing and fault tolerance. This paper presents a detailed survey on Live Migration of Virtual machines (VM) in cloud computing.

Virtual computing instance migration

Abstract: A customer submits a set of preferences including hardware specifications for instantiating a virtual machine instance. The virtual machine instance may be instantiated in a physical host computer system that does not conform to the set of preferences. The virtual computer system service may be configured to evaluate the specifications of the available physical host computer systems to determine whether any of the available physical host computer systems conform to the set of preferences. Accordingly, the virtual computer system service may further evaluate the available physical host computer systems to determine whether available physical host computer systems comprise available slots for instantiating the existing virtual machine instance. If the one or more available physical host computer systems have available slots, the virtual computer system service may migrate the existing virtual machine instance to an available physical host computer system in order to fulfill the customer request.

Virtual network prototyping environment

Abstract: A system includes a storage device to store information associated with virtual nodes that correspond to network nodes. The system also includes a server to install a virtual node that corresponds to one of the network nodes, based on the information associated with the virtual node, where installing the virtual node includes creating a logical interface via which traffic is to be sent to, or received from, other virtual nodes; start the virtual node to create an operating virtual node based on a copy of an operating system that is run on the network node, where starting the virtual node causes the operational virtual node to execute the copy of the operating system; and cause the operating virtual node to communicate with a virtual network that includes the virtual nodes, where causing the operating virtual node to communicate with the virtual network enables the operating virtual node to receive or forward traffic associated with the virtual network.