October / December 2015
Cloud-Link: Special Issue on Virtual Machines
Virtualization enabled by virtual machines plays an important role in cloud computing. This issue of Cloud-Link is about virtual machines, for which ten articles have been selected to cover different aspects.
We hope that this issue of Cloud-Link can provide you with useful references to further explore this important and interesting topic. Articles have been selected based on various considerations (for example, variety, relevancy, and anticipated reader interest) and unavoidably there are many other useful and insightful articles that have not been included. You are also encouraged to search through IEEE Xplore and other databases for further reading.A selection of IEEE Xplore articles are now available on a complimentary basis to members of the IEEE Cloud Computing Community:
We are looking for topics for upcoming issues. If you have any suggestions, please email them to firstname.lastname@example.org.
Henry Chan, Victor Leung, Jens Jensen, and Tomasz Wiktorski
D. Belabed, S. Secci, G. Pujolle, and D. Medhi
Published in IEEE Transactions on Network and Service Management, June 2015
The increasing adoption of server virtualization has recently favored three key technology advances in data-center networking: the emergence at the hypervisor software level of virtual bridging functions between virtual machines and the physical network; the possibility to dynamically migrate virtual machines across virtualization servers in the data-center network (DCN); a more efficient exploitation of the large path diversity by means of multipath forwarding protocols. In this paper, the authors investigate the impact of these novel features in DCN optimization by providing a comprehensive mathematical formulation and a repeated matching heuristic for its resolution. They show, in particular, how virtual bridging and multipath forwarding impact common DCN optimization goals, traffic engineering (TE) and energy efficiency (EE), and assess their utility in the various cases of four different DCN topologies. The authors show that virtual bridging brings a high performance gain when TE is the primary goal and should be deactivated when EE becomes important. Moreover, they show that multipath forwarding can bring relevant gains only when EE is the primary goal and virtual bridging is not enabled.
Credit-Based Runtime Placement of Virtual Machines on a Single NUMA System for QoS of Data Access Performance
Chulmin Kim and Kyu Ho Park
Published in IEEE Transactions on Computers, June 2015
While a NUMA system is being widely used as a target machine for virtualization, each data access request produced by a virtual machine (VM) on the NUMA system might have a different access time depending on not only remote access conditions, but also shared resource contentions. Mainly due to this, each VM running on the NUMA system will have irregular data access performance at different times. Because existing hypervisors, such as KVM, VMware, and Xen, have yet to consider this, users of VMs cannot predict their data access performance or even recognize the data access performance they have experienced. In this paper, the authors propose a novel VM placement technique to resolve this issue pertaining to irregular data access performance of VMs running on the NUMA system. The hypervisor with our technique provides the illusion of a private memory subsystem to each VM, which guarantees the data access latency required by each VM on average. To enable this feature, we periodically evaluates the average data access latency of each VM using hardware performance monitoring units. After every evaluation, the authors' Mcredit-based VM migration algorithm tries to migrate the VCPU or memory of the VM not meeting with its required data access latency to another node, giving the VM less data access latency. They implemented the prototype for KVM hypervisor on Linux 3.10.10. Experimental results show that, in the four-node NUMA system, their technique keeps the required data access performance levels of VMs running various workloads while it only consumes less than 1 percent of the cycles of a core and 0.3 percent of the system memory bandwidth.
Hua-Jun Hong, De-Yu Chen, Chun-Ying Huang, Kuan-Ta Chen, and Cheng-Hsin Hsu
Published in IEEE Transactions on Cloud Computing, January-March 2015
Optimizing cloud gaming experience is no easy task due to the complex tradeoff between gamer quality of experience (QoE) and provider net profit. This article tackles the challenge and studies an optimization problem to maximize the cloud gaming provider's total profit while achieving just-good-enough QoE. The authors conduct measurement studies to derive the QoE and performance models. They formulate and optimally solve the problem. The optimization problem has exponential running time, and the authors develop an efficient heuristic algorithm. The article also presents an alternative formulation and algorithms for closed cloud gaming services with dedicated infrastructures, where the profit is not a concern and overall gaming QoE needs to be maximized. It presents a prototype system and testbed using off-the-shelf virtualization software, to demonstrate the practicality and efficiency of the authors' algorithms. Their experience on realizing the testbed sheds some lights on how cloud gaming providers can build up their own profitable services. Last, the authors conduct extensive trace-driven simulations to evaluate their proposed algorithms. The simulation results show that the proposed heuristic algorithms: produce close-to-optimal solutions, scale to large cloud gaming services with 20,000 servers and 40,000 gamers, and outperform the state-of-the-art placement heuristic, for example, by up to 3.5 times in terms of net profits.
Performance Analysis of Bayesian Coalition Game-Based Energy-Aware Virtual Machine Migration in Vehicular Mobile Cloud
N. Kumar, S. Zeadally, N. Chilamkurti, and A. Vinel
Published in IEEE Network, March/April 2015
To provide computing and communication services to mobile clients, vehicular mobile cloud computing has gained lot of attention in recent times. However, one of the biggest challenges for the smooth execution of these services in this environment is the intelligent usage of VMs, which might be overloaded due to numerous requests from mobile clients such as vehicles and mobile devices to access these services. However, poor use of VMs in this environment causes a lot of energy to be wasted. To address this issue, the authors propose Bayesian coalition game as-a-service for intelligent context-switching of VMs to support the previously defined services to reduce the energy consumption, so that clients can execute their services without a performance degradation. In the proposed scheme, the authors have used the concepts of learning automata (LA) and game theory in which LA are assumed as the players such that each player has an individual payoff based upon the energy consumption and load on the VM. Players interact with the stochastic environment for taking action such as the selection of appropriate VMs, and based upon the feedback received from the environment, they update their action probability vector. The performance of the proposed scheme is evaluated by using various performance evaluation metrics such as context-switching delay, overhead generated, execution time, and energy consumption. The results obtained show that the proposed scheme performs well with respect to the aforementioned performance metrics. Specifically, using the proposed scheme there is a reduction of 10 percent in energy consumption, 12 percent in network delay, 5 percent in overhead generation, and 10 percent in execution time.
Seongwook Jin, Jeongseob Ahn, Jinho Seol, Sanghoon Cha, Jaehyuk Huh, and Seungryoul Maeng
Published in IEEE Transactions on Computers, October 2015
With increasing demands on cloud computing, protecting guest virtual machines (VMs) from malicious attackers has become critical to provide secure services. The current cloud security model with software-based virtualization relies on the invulnerability of the software hypervisor and its trustworthy administrator with the root permission. However, compromising the hypervisor with remote attacks or root permission grants the attackers with a full access capability to the memory and context of a guest VM. This paper proposes a HW-based approach to protect guest VMs even under an untrusted hypervisor. With the proposed mechanism, memory isolation is provided by the secure hardware, which is much less vulnerable than the software hypervisor. The proposed mechanism extends the current hardware support for memory virtualization based on nested paging with a small extra hardware cost. The hypervisor can still flexibly allocate physical memory pages to virtual machines for efficient resource management. In addition to the system design for secure virtualization, this paper presents a prototype implementation using system management mode. Although the current system management mode is not intended for security functions and thus limits the performance and complete protection, the prototype implementation proves the feasibility of the proposed design.
Swiper: Exploiting Virtual Machine Vulnerability in Third-Party Clouds with Competition for I/O Resources
R.C. Chiang, S. Rajasekaran, Nan Zhang, and H.H. Huang
Published in IEEE Transactions on Parallel and Distributed Systems, June 2015
The emerging paradigm of cloud computing, for example, Amazon Elastic Compute Cloud (EC2), promises a highly flexible yet robust environment for large-scale applications. Ideally, while multiple virtual machines (VM) share the same physical resources (for example, CPUs, caches, DRAM, and I/O devices), each application should be allocated to an independently managed VM and isolated from one another. Unfortunately, the absence of physical isolation inevitably opens doors to a number of security threats. In this paper, the authors demonstrate in EC2 a new type of security vulnerability caused by competition between virtual I/O workloads--that is, by leveraging the competition for shared resources, an adversary could intentionally slow down the execution of a targeted application in a VM that shares the same hardware. In particular, that authors focus on I/O resources such as hard-drive throughput and/or network bandwidth--which are critical for data-intensive applications. The authors design and implement Swiper, a framework that uses a carefully designed workload to incur significant delays on the targeted application and VM with minimum cost (that is, resource consumption). They conduct a comprehensive set of experiments in EC2, which clearly demonstrates that Swiper is capable of significantly slowing down various server applications while consuming a small amount of resources.
Hotplug or Ballooning: A Comparative Study on Dynamic Memory Management Techniques for Virtual Machines
Haikun Liu, Hai Jin, Xiaofei Liao, Wei Deng, Bingsheng He, and Cheng-Zhong Xu
Published in IEEE Transactions on Parallel and Distributed Systems, May 2015
In virtualization environments, static memory allocation for virtual machines (VMs) can lead to severe service-level-agreement (SLA) violations or inefficient use of memory. Dynamic memory allocation mechanisms such as ballooning and memory hotplug were proposed to handle the dynamics of memory demands. However, these mechanisms so far have not been quantitatively or comparatively studied. In this paper, the authors first develop a runtime system called U-tube, which provides a framework to adopt memory hotplug or ballooning for dynamic memory allocation. They then implement fine-grained memory hotplug in Xen. They demonstrate the effectiveness of U-tube for dynamic memory management through two case studies: dynamic memory balancing and memory overcommitment. With these two case studies, the authors make a quantitative comparison between memory hotplug and ballooning. The experiments show that there is no absolute winner for different scenarios. Their findings can be useful for practitioners to choose the suitable dynamic memory management techniques in different scenarios.
S. Verboven, K. Vanmechelen, and J. Broeckhove
Published in IEEE Transactions on Services Computing, July/August 2015
Modern data centers use virtualization as a means to increase use of increasingly powerful multicore servers. Applications often require only a fraction of the resources provided by modern hardware. Multiple concurrent workloads are therefore required to achieve adequate use levels. Current virtualization solutions allow hardware to be partitioned into virtual machines with appropriate isolation on most levels. However, unmanaged consolidation of resource intensive workloads can still lead to unexpected performance variance. Measures are required to avoid or reduce performance interference and provide predictable service levels for all applications. In this paper, the authors identify and reduce network-related interference effects using performance models based on the runtime characteristics of virtualized workloads. They increase the applicability of existing training data by adding network-related performance metrics and benchmarks. Using the extended set of training data, the authors predict performance degradation with existing modeling techniques as well as combinations thereof. Application clustering is used to identify several new network-related application types with clearly defined performance profiles. Finally, the authors validate the added value of the improved models by introducing new scheduling techniques and comparing them to previous efforts. They demonstrate how the inclusion of network-related parameters in performance models can significantly increase the performance of consolidated workloads.
Sheng Di, D. Kondo, and Cho-Li Wang
Published in IEEE Transactions on Computers, June 2015
By leveraging virtual machine (VM) technology, the authors optimize cloud system performance based on refined resource allocation, in processing user requests with composite services. Their contribution is three-fold. First, they devise a VM resource allocation scheme with a minimized processing overhead for task execution. Next,they comprehensively investigate the best-suited task scheduling policy with different design parameters. Last, they explore the best-suited resource sharing scheme with adjusted divisible resource fractions on running tasks in terms of the proportional-share model (PSM), which can be split into absolute mode (called AAPSM) and relative mode (RAPSM). The authors implement a prototype system over a cluster environment deployed with 56 real VM instances, and summarized valuable experience from their evaluation. As the system runs in short supply, lightest workload first (LWF) is mostly recommended because it can minimize the overall response extension ratio (RER) for both sequential- and parallel-mode tasks. In a competitive situation with over-commitment of resources, the best approach is combining LWF with both AAPSM and RAPSM. It outperforms other solutions in the competitive situation, by 16 + % with respect to the worst-case response time and by 7.4 + % with respect to the fairness.
Chung Pan Tang, P.P.C. Lee, and Tsz Yeung Wong
Published in IEEE Transactions on Services Computing, January/February 2015
Open-source cloud platforms provide a feasible alternative of deploying cloud computing in low-cost commodity hardware and operating systems. To enhance the reliability of an open-source cloud, the authors design and implement CloudVS, a practical add-on system that enables version control for virtual machines (VMs). CloudVS targets a commodity cloud platform that has limited available resources. It exploits content similarities across different VM versions using redundancy elimination (RE), such that only nonredundant data chunks of a VM version are transmitted over the network and kept in persistent storage. Using RE as a building block, the authors propose a suite of performance adaptation mechanisms that make CloudVS amenable to different commodity settings. Specifically, they propose a tunable mechanism to balance the storage and disk seek overheads, as well as various I/O optimization techniques to minimize the interferences to other coresident processes. The authors further exploit a higher degree of content similarity by applying RE to multiple VM images simultaneously, and support the copy-on-write image format. Using real-world VM snapshots, they experiment with CloudVS in an open-source cloud testbed built on Eucalyptus. They demonstrate how CloudVS can be parameterized to balance the performance trade-offs between version control and normal VM operations.