210 likes | 349 Views
Cloudward Bound: Planning for Beneficial Migration of Enterprise Applications to the Cloud. B95b01023 鍾宇彥. Migrating reachability policies. Abstraction and problem formulation ACL migration algorithm Granularity of policies in R Deriving Rnew Partitioning Rnew Installing Rnew.
E N D
Cloudward Bound: Planning for Beneficial Migration ofEnterprise Applications to the Cloud B95b01023 鍾宇彥
Migrating reachability policies • Abstraction and problem formulation • ACL migration algorithm • Granularity of policies in R • Deriving Rnew • Partitioning Rnew • Installing Rnew
Abstraction and problem formulation • Correctness • Old and new must have the same result • Migrating entity • At least: a server • Reachability Matrix • Access Control List (ACL) • Avoid unwanted traffic
Reachability Matrix • Record direction, ACL must encounter • Like the directed graph presented by adjacency matrix a: access control list (ACL)
ACL migration algorithm • Filter domain (Fa) • Set of origin-destination(OD) entity communication pairs(i,j) filtered by ACL a • Scalability • w/o setting domain, setting rule between each pairs
ACL migration algorithm • Deriving Rnew • Infer Rold from LDC • Translate : • Ex: IP mapping • Partitioning Rnew • Filtered by LDC or CDC • Filter the package before remote communication • LDC: Local Data Center • CDC: Cloud Data Center
Rnew matrix Partition: Dotted: filtered in CDC Gray: filtered in LDC Two submatrices extracted from ACL a2
Installing Rnew- Submatrix extraction • For scaling: keep number of submatrices small • Greedy choice maximum subset Fa2(LDC,1) Fa2(LDC,2)
Installing Rnew • Locating placement • Place ACL at edge-cut-set • Computing minimum edge-cut-set for each submatrices BE1 fe1 ACL a2 fe2 BE2 Theoretical ACL place location for Fa2(LDC,1)
Installing Rnew- Locating placement AR CDC ACL placement i/p o/p BE1 fe1 INT BR i/p o/p fe2 BE2 i/p o/p AR o/p Red: path to fe1 Blue: path to fe2 i/p LDC ACL placement AR Fa2(LDC,1) physical deployment presented by graph
Installing Rnew- Locating placement • Edge-cut-set • Find minimum cut • Place ACL on the interface closer to source ACL a2 ACL a2 Cut: separate the src and des
Installing Rnew- Generating ACL Configuration 1.Before migration (local) 2.After migration • Old ACL configuration might fail
Installing Rnew- Generating ACL Configuration • Traffic domain D(L) : all OD pairs path by location, “L”, placed ACL • Separate legal and illegal OD pairs in D(L) • Scoped, Isolated form : different default permission
Evaluation • Deriving model parameter(linear programming) • Data flow, communication… • Migration benefit calculation • Migration strategies • Delay V.S Cost • Security policy • Ex: keep database servers in local data center
Evaluation – case 1 Internal request ~80% External request ~20%
Evaluation – case 1 CDF: Cumulative Distribution Function
Evaluation – case 2 • Policy : w/o BE migration
Evaluation - summery • The optimal migration not only consider the CPU usage and storage, but communication …etc • Delay bound consideration • Relative size of transaction between different components may determine the optimal strategy • Sensitivity to the cost of internet communication
Conclusion • Benefits of hybrid cloud deployment • Importance and feasibility of migration decision • Provide feasible reconfiguration of reachability policies method