Database Reference
In-Depth Information
makes this possible via a virtualization intermediary known as the hypervisor or the
virtual machine monitor (VMM). Examples of leading hypervisors are Xen [9,47]
and VMware ESX [59]. Amazon EC2 uses Xen for provisioning user VMs.
16.1.2 e
lastiCity
A major property of the cloud is
elasticity or
the ability to respond quickly to user demands
by including or excluding resources for SaaS, PaaS, and/or IaaS, either manually or auto-
matically. As shown in Figure 16.1, virtualization enhances elasticity by allowing provid-
ers/users to expand or contract services on the cloud. For instance, Google App Engine
automatically expands servers during demand spikes, and contracts them during demand
lulls. On the other hand, Amazon EC2 allows users to expand and contract their own vir-
tual clusters either manually (by default) or automatically (using Amazon Auto Scaling
[2]). In short, virtualization is a key technology for attaining elasticity on the cloud.
16.1.3 r
esourCe
s
anDboXing
A system VM provides a sandbox that can isolate one environment from others, ensuring
a level of security that may not be applicable with conventional operating systems (OSs).
First, a user running an application on a private machine might be reluctant to move
her/his applications to the cloud; unless guarantees are provided that her/his applica-
tions and activities cannot be accessed and monitored by any other user on the cloud.
Virtualization can greatly serve in offering a safe environment for every user, through
which, it is not possible for one user to observe or alter another's data and/or activity.
Second, as the cloud can also execute user applications concurrently, a software failure
of one application cannot generally propagate to others, if all are running on different
VMs. Such a property is usually referred to as
fault containment
. Clearly, this increases
the robustness of the system. In a nonvirtualized environment, however, erratic behavior
of one application can bring down the whole system.
Sandboxing as provided by virtualization opens up interesting possibilities as
well. As illustrated in Figure 16.2, a specific VM can be used as a sandbox whereby
security attacks (e.g., denial-of-service attacks or inserting a malicious packet into a
legitimate IP communication stream) can be safely permitted and monitored. This
can allow inspecting the effects of such attacks, gathering information on their spe-
cific behaviors, and replaying them if necessary so as to design a defense against
future attacks (by learning how to detect and quarantine them before they can cause
any harm). Furthermore, suspicious network packets or input can be sent to a clone
(a specific VM) before it is forwarded to the intended VM so as to preclude any
potential ill effect. A VM can be thrown away after it has served its purpose.
16.1.4 i
mProveD
s
ystem
u
tilization
anD
r
eDuCeD
C
osts
anD
e
nergy
C
onsumPtion
It was observed very early that computer hardware resources are typically under-
utilized. The concept of resource sharing has been successfully applied in multipro-
gramming OSs to improve system utilization. Resource sharing in multiprogramming
Search WWH ::
Custom Search