Publicação
Secure and Dependable Multi-Cloud Network Virtualization
| datacite.subject.fos | Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática | pt_PT |
| dc.contributor.advisor | Ramos, Fernando Manuel Valente | |
| dc.contributor.author | Alaluna, Max | |
| dc.date.accessioned | 2020-03-20T17:30:41Z | |
| dc.date.available | 2020-03-20T17:30:41Z | |
| dc.date.issued | 2019-07 | |
| dc.date.submitted | 2019-06 | |
| dc.description.abstract | Virtualization is a consolidated technology in modern computers, enabling distinct virtual machines to share the same hardware resources. This technology underpinned cloud computing, enabling infrastructure providers to extend their services with elastic computing and storage services. Today, the number of virtual servers already surpasses the number of physical servers, in a clear demonstration of the success of this technology. Unfortunately, networking has lagged behind. Traditional network primitives (e.g., VLANs) do not present the scalability and flexibility that is necessary for the“as-a-service” model of cloud computing. As a result, existing cloud services do not offer network guarantees, hindering their adoption by a large class of applications. This situation has started changing with Software-defined networking (SDN), a new paradigm that proposes the logical centralization of network control. Advanced network virtualization platforms use SDN to give cloud users the freedom to specify their virtual network topologies and addressing schemes, for the first time enabling complete network virtualization. These solutions were a huge step forward, but they still have limitations. First, they target a single datacenter of a cloud provider. This limits their scalability and is effectively a single point of failure for the tenant’s virtual networks. Second, the virtual network services offered are restricted to traditional services, such as L2 switching, L3 routing, or Access Control List (ACL) filtering. This establishes them as insufficient to support (critical) applications that need to be deployed across multiple trust domains for resiliency while enforcing diverse security requirements. In addition, most solutions that are efficient in mapping the tenant’s virtual network requests to the substrate typically do not scale to large networks. Finally, they also fail to provide the elasticity required in cloud computing, not allowing virtual networks to scale out or scale in. In this thesis, we address these limitations by proposing Sirius: the first multicloud network virtualization platform. Sirius allows virtual networks to seamlessly span across a substrate composed of multiple cloud infrastructures, including public clouds and private data centers. By replicating elements across different clouds, tenants avoid any single point of failure, thus addressing the first challenge. Besides enhancing the substrate, Sirius also enhances the virtual networks with security and dependability. For this purpose, in this thesis we propose novel network embedding algorithms to find efficient mappingsof virtual network requests onto the substrate network that consider security and availability of virtual resources. Specifically, we propose an optimal solution based on Mixed-Integer Linear Programming (MILP), and also heuristics that scale to very large networks, while achieving results close to optimal. These solutions enable us to address challenges two and three. Finally, to address the last challenge we propose new algorithms that allow virtual networks to scale out and scale in,enabling elasticity to tenant’s environments. We implemented a prototype of Sirius, and evaluated all solutions using both large scale simulations and a real testbed environment running our prototype. The latter consists of a substrate composed of a private data center and two public clouds (Amazon and Google). Our evaluations demonstrate that the system scales well for networks of thousands of switches employing diverse topologies and improves on the virtual network acceptance ratio and provider profit when compared to the state-of-the-art. In particular, the acceptance ratios are less than 1% from the optimal, and the system can provision a 10 thousand container virtual network in approximately 2 minutes. Overall, the evaluations demonstrate the feasibility of our proposal in achieving good trade-offs concerning security and performance, and are therefore a step forward in the enrichment of cloud computing services. | pt_PT |
| dc.description.sponsorship | Financiado pelo CNPQ e pelo Exército Brasileiro | pt_PT |
| dc.identifier.tid | 101507518 | pt_PT |
| dc.identifier.uri | http://hdl.handle.net/10451/42534 | |
| dc.language.iso | eng | pt_PT |
| dc.subject | Network Virtualization | pt_PT |
| dc.subject | Cloud Computing | pt_PT |
| dc.subject | Multi-cloud | pt_PT |
| dc.subject | Virtual | pt_PT |
| dc.subject | Network Embedding | pt_PT |
| dc.title | Secure and Dependable Multi-Cloud Network Virtualization | pt_PT |
| dc.type | doctoral thesis | |
| dspace.entity.type | Publication | |
| person.familyName | Alaluna | |
| person.givenName | Max | |
| person.identifier.orcid | 0000-0002-3967-7225 | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | doctoralThesis | pt_PT |
| relation.isAuthorOfPublication | 7038c264-ed5e-43bf-8226-cf2b4eb66bf8 | |
| relation.isAuthorOfPublication.latestForDiscovery | 7038c264-ed5e-43bf-8226-cf2b4eb66bf8 | |
| thesis.degree.name | Tese de doutoramento, Informática (Ciência da Computação), Universidade de Lisboa, Faculdade de Ciências, 2019 | pt_PT |