300 likes | 474 Views
Usage Control in Action: Controlling Resource Usage in a Grid-Based Supply Chain. Lorenzo Blasi HP Italy Innovation Center February 2009. Agenda. Business context / Grid proposal Solving the Vehicle Routing Problem Security issues / GridTrust solution Architecture Future evolution.
E N D
Usage Control in Action: Controlling Resource Usage in a Grid-Based Supply Chain Lorenzo Blasi HP Italy Innovation Center February 2009 Trust and Security for Next Generation Grids, www.gridtrust.eu
Agenda • Business context / Grid proposal • Solving the Vehicle Routing Problem • Security issues / GridTrust solution • Architecture • Future evolution Trust and Security for Next Generation Grids, www.gridtrust.eu
Agenda • Business context / Grid proposal • Solving the Vehicle Routing Problem • Security issues / GridTrust solution • Architecture • Future evolution Trust and Security for Next Generation Grids, www.gridtrust.eu
Business Context / Producers • Competitiveness in the Pharmaceuticals market has increased • appearance of "generic" pharma products • pressure from public institutions • pharma products can now be sold in large retailers • Producers' and Distributors' margins decrease • Transportation costs have big influence on final product price • To reduce costs and maintain profit margins big industries have created their own e-procurement auctioning system for transportation services • This leverages competition by searching the lowest possible price on each single transportation task Trust and Security for Next Generation Grids, www.gridtrust.eu
Business Context / Transporters • Small transporters, to avoid being crushed between raising prices and competitive pressure • must increase the optimization level of their business • The Transporters' Association proposes to its members a common Grid system that can optimize both routes and scheduling of their whole vehicles' fleets • Daily optimization is already a big leap forward for most transporters, but a Grid allows more than that: • to re-optimize the allocation of transportation tasks to vehicles every time that a quotation for a new one has to be produced, thus calculating the lowest possible price for each offer Trust and Security for Next Generation Grids, www.gridtrust.eu
The Transporters’ Association Grid • Users • Transporters • Service Providers • 3rd parties, e.g. Utility computing vendors • Managing Application • TAportal, used by Transporters’ Association • Computing Application • TAportal used by Transporters to submit computational jobs • Supporting software • An implementation of Operational Research optimization algorithms (VrpSolve library) • A standard format for representing the problem’s input/output data • Example optimizer application Trust and Security for Next Generation Grids, www.gridtrust.eu
Agenda • Business context / Grid proposal • Solving the Vehicle Routing Problem • Security issues / GridTrust solution • Architecture • Future evolution Trust and Security for Next Generation Grids, www.gridtrust.eu
The Vehicle Routing Problem (VRPTW) input data • A fleet of M vehicles of capacity C • A central depot with coordinates (x0, y0) • A list of N transportation tasks, where each task Ti is defined by: • Destination vertex vi with coordinates (xi, yi) • Quantity qi of goods to be delivered • Time window (ri, di) within which the node should be served • ri defines the ready time or start time • di defines the due date or end time • Service time si for unloading goods Trust and Security for Next Generation Grids, www.gridtrust.eu
VRPTW problem and goal • Can be formulated as a mathematical programming problem: objective function + constraints • Problem: find a set of NV vehicle routes, originating from and terminating at the depot, such that • Each vehicle services one route • Each vertex vi i=1..N is visited only once • Quantity of goods on each vehicle never exceeds its capacity C • Start time of each route is >= r0 • End time of each route is <= d0 • Time of beginning of service at vertex i is >= ri • If arrival time ti at vertex i is < ri then the vehicle waits for a waiting time wi= (ri - ti) • Time of ending of service at vertex i is <= di • Goal: minimize NV and then the total distance TD • Complexity: NP-hard (for optimal solution) • Benchmark problems of size up to 100 customers have been proposed [Solomon 1987] Trust and Security for Next Generation Grids, www.gridtrust.eu
Example: Solomon benchmark R103 VEHICLE NUMBER CAPACITY 25 200 CUSTOMER CUST NO. XCOORD. YCOORD. DEMAND READY TIME DUE DATE SERVICE TIME 0 35 35 0 0 230 0 1 41 49 10 0 204 10 2 35 17 7 0 202 10 3 55 45 13 0 197 10 4 55 20 19 149 159 10 5 15 30 26 0 199 10 6 25 30 3 99 109 10 7 20 50 5 0 198 10 8 10 43 9 95 105 10 9 55 60 16 97 107 10 10 30 60 16 124 134 10 11 20 65 12 67 77 10 12 50 35 19 0 205 10 13 30 25 23 159 169 10 14 15 10 20 0 187 10 15 30 5 8 61 71 10 16 10 20 19 0 190 10 17 5 30 2 157 167 10 18 20 40 12 0 204 10 19 15 60 17 0 187 10 20 45 65 9 0 188 10 21 45 20 11 0 201 10 22 45 10 18 97 107 10 23 55 5 29 68 78 10 24 65 35 3 0 190 10 25 65 20 6 172 182 10 Trust and Security for Next Generation Grids, www.gridtrust.eu
MACS - Multiple Ants Colony Systems • MACS-VRPTW algorithm [Gambardella et al 1999] allows multi-objective optimization • Algorithm defines two ant colonies, ACS-TIME and ACS-VEI • Each ants colony is dedicated to optimizing a different objective function • ACS-VEI minimizes the number of vehicles • ACS-TIME minimizes the total travel time (cost) • The two ants colonies cooperate exchanging information through the update of a single pheromone matrix • Number of vehicles minimization takes precedence over travel time minimization (when comparing solutions) Trust and Security for Next Generation Grids, www.gridtrust.eu
R103 routes The strange rings / butterfly wings are due to the need to avoid or minimize waiting time in nodes where the goods are not yet ready Trust and Security for Next Generation Grids, www.gridtrust.eu
Ants Colony System algorithms • Ant Colony Algorithms are inspired by observation of real ants [Dorigo Maniezzo Colorni 1991] • Real ants are insects organized in colonies • Ants search for food by parallel exploration of the environment • Ants coordinate their activity by an indirect form of communication based on pheromone laying • Ants follow pheromone trails and lay more of it on their way Trust and Security for Next Generation Grids, www.gridtrust.eu
Agenda • Business context / Grid proposal • Solving the Vehicle Routing Problem • Security issues / GridTrust solution • Architecture • Future evolution Trust and Security for Next Generation Grids, www.gridtrust.eu
Security Issues • By default, in a business environment,Users and Service Providers • Don’t KNOW each other • Don’t TRUST each other • The Transporter Association must • Ensure that only its members use the Grid resources • Guarantee a secure environment for competing transporters using the same resources • Guarantee Service Providers that their security policies will not be violated by Grid (transporters) users A B C Trust and Security for Next Generation Grids, www.gridtrust.eu
GridTrust Solution A • Ensure that only TA members use the Grid resources • TA members form a Virtual Organization • Guarantee a secure environment for competing transporters using the same resources • Select only (Grid)Trusted SPs which have suitable security policies • Guarantee SPs that their security policies will not be violated by Grid users • Usage Control Service enforces SP policies B C Trust and Security for Next Generation Grids, www.gridtrust.eu
Non-VO user PKI VO user SP1 SP2 Secure VO Operation:granting access to services A Service1 Denied VO Service1 OK Service2 OK Trust and Security for Next Generation Grids, www.gridtrust.eu
Search SPs SRB Select SPs Register Join VO SP1 Join VO SP2 Secure VO Operation:selecting secure services B VBE Manager VO VO Manager Trust and Security for Next Generation Grids, www.gridtrust.eu
TRS SP1 VO user SP2 Secure VO Operation:usage control C Applications can open the HP libs if the user reputation is > 0.7 VO Application1 OK Application2 Denied Applications can open files only in the user home directory Trust and Security for Next Generation Grids, www.gridtrust.eu
Agenda • Business context / Grid proposal • Solving the Vehicle Routing Problem • Security issues / GridTrust solution • Scenario / Architecture • Future evolution Trust and Security for Next Generation Grids, www.gridtrust.eu
Scenario • Transporters’ Association (TA) Administrator sets up TA Grid Portal and VO • Create VO • Select and add Computational providers • Add VO users • A good transporter • Submitting jobs to solve routing problem • A malicious transporter • Trying to steal data from competitors • Trying to steal data from providers Trust and Security for Next Generation Grids, www.gridtrust.eu
What if a bad transporter wants to steal data from competitors? • Transporters using the same Grid services are in competition between them • All transporters are interested in competitors’ data, so let’s suppose that one of them wants to play bad • The bad transporter writes an application (BadApp01) which tries to steal data of sibling applications in execution on the same Grid computational node • The starting idea is that data for all calculations on the same node are hosted in temporary directories under the same root • BadApp01 so tries to navigate in sibling directories and pack all their contents in a single jar which will be then sent back as the application output, but… • …UCON policies of the computational node don’t allow it! Trust and Security for Next Generation Grids, www.gridtrust.eu
What if a bad transporter wants to steal data from providers? • Routing optimization algorithm ideally uses a map, which has an associated DT matrix giving Distance (or Time) between any pair of locations • Solution precision depends on the quality of the DT matrix data • DT matrix (map) data is precious and local to each SP • SPs make money from DT matrix data and allow clients to access it only after payment of a fee • Reselling DT matrix data is prohibited by the license agreement • The bad transporter writes an application (BadApp02) which tries to steal DT matrix data and make it available over the net, with the idea of reselling it • BadApp02 is built as a web server, accepting connections from Internet clients and providing DT matrix data as answer to requests, but… • …UCON policies of the computational node don’t allow it! Trust and Security for Next Generation Grids, www.gridtrust.eu
Architecture • TA portal / VOM operated by VO admin • VO user • Computational providers (GRAM+UCON) • VBE Manager + CA • SRB + TRS + PPM • Graphical Reputation Monitor Trust and Security for Next Generation Grids, www.gridtrust.eu
Service Deploymentfor the Supply Chain Demo TRS SRB GridTrust CA C-UCON VO MGT PPM Trust and Security for Next Generation Grids, www.gridtrust.eu
DATA VO Admin VO User JavaAppl JoinSPToVO SearchSP TransporterAssociationPortal JoinUserToVO create VO VOM VO library JoinVBE JoinVO SearchSP SelectSP Submit job TR Monitor GUI register create VO SRB JoinUserToVO JoinSPToVO TR PPM GRAM GRAM Libraries Libraries Feedback UCON UCON GRAM SP registr GRAM SP registr register register VBEM CA Trust and Security for Next Generation Grids, www.gridtrust.eu
Agenda • Business context / Grid proposal • Solving the Vehicle Routing Problem • Security issues / GridTrust solution • Architecture • Future evolution Trust and Security for Next Generation Grids, www.gridtrust.eu
Future evolution of the scenario • Auctioning system • Transporter’s automated bidding system • Get new task from each auction • Add task to current task list • Re-route whole fleet • Calculate incremental cost • Produce bid • N transporters in parallel • To give a sample size to the scenario imagine: • 10 producers create an auction for each of their • 50 daily transportation tasks • 30 transporters that bid on every auction • it is 500 auctions per day (nearly one every minute in working hours), spawning 15.000 jobs of routing optimization every day Trust and Security for Next Generation Grids, www.gridtrust.eu
Auction based supply chain • Fist-Price Sealed-Bid reverse auction model • Producers (auction proponents) produce RfQs for transportation tasks • Transporters can recalculate routing exploiting routing computational services running on Grid resources • Auctioning system’s offers selection is based on customer requirements: best time / lowest price / transporter’s reputation / a combination of the above • Producers create a Delivery VO (auction and delivery management) • Transporters use Routing VO to compute best routes for answering the auction Trust and Security for Next Generation Grids, www.gridtrust.eu
Thanks! For more information please contact: Lorenzo Blasi - HP Italy Innovation Centerlorenzo.blasi@hp.com Trust and Security for Next Generation Grids, www.gridtrust.eu