Taming the Cloud: Safety, Certification and Compliance for Software Services



Similar documents
A Reference Architecture for Multi-Level SLA Management

SOA Governance. Stephen G. Bennett, Clive Gee, Robert Laird, Co-authored and edited by Thomas Erl. Governing

SOA CERTIFIED JAVA DEVELOPER (7 Days)

ICT 7: Advanced cloud infrastructures and services. ICT 8: Boosting public sector productivity and innovation through cloud computing services

HP SOA Systinet software

Seamless adaptive multi- cloud management of service- based applications. European Open Cloud Collaboration Workshop, May 15, 2014, Brussels

Integrated Communication Systems

Paul Brebner, Senior Researcher, NICTA,

Towards Modeling and Transformation of Security Requirements for Service-oriented Architectures

SOA CERTIFIED CONSULTANT

Introduction to Business Process Management

The Way to SOA Concept, Architectural Components and Organization

Introducing SOA Governance Suite. Magnus Wettemark, Solution Consultant Manager Software AG

SOA Success is Not a Matter of Luck

Business Process Management Enabled by SOA

Cloud Security Specialist Certification Self-Study Kit Bundle

SOA + BPM = Agile Integrated Tax Systems. Hemant Sharma CTO, State and Local Government

ICT 7: Advanced cloud infrastructures and services

Optimised Realistic Test Input Generation

SOA Architect Certification Self-Study Kit Bundle

Introduction to Track on Engineering Virtualized Services

The Need for a Choreography-aware Service Bus

SOA Revisited. When B3 comes into play. Dr. Wolfgang Martin Analyst and ibond Partner. IBM IOD EMEA, Berlin, June 2009

Using Cloud Standards for Interoperability of Cloud Frameworks

DC Proposal: Automation of Service Lifecycle on the Cloud by Using Semantic Technologies

Bastian Koller HLRS High Performance Computing Center Stuttgart, University of Stuttgart Nobelstrasse Stuttgart

SOA, Cloud Computing & Semantic Web Technology: Understanding How They Can Work Together. Thomas Erl, Arcitura Education Inc. & SOA Systems Inc.

Monitoring of Business Processes in the EGI

Essex County Council. Architecture Excellence

Roles for Maintenance and Evolution of SOA-Based Systems

A Generic Framework for Service-based Business Process Elasticity in the Cloud

Service-Oriented Architecture and its Implications for Software Life Cycle Activities

Ensuring Cost-Optimal SLA Conformance for Composite Service Providers

A Comparison of SOA Methodologies Analysis & Design Phases

Cloud 28+ Cloud of Clouds- Made in Europe, secured locally

A CLOUD SERVICE BROKER WITH LEGAL-RULE COMPLIANCE CHECKING AND QUALITY ASSURANCE CAPABILITIES

Federal Enterprise Architecture and Service-Oriented Architecture

Energy Efficient Systems

A Methodology for the Development of New Telecommunications Services

SOA GOVERNANCE MODEL

Leveraging Integrated Tools for Model-Based Analysis of Service Compositions

APPLICATION OF KNOWLEDGE MANAGEMENT AND SEMANTIC TECHNOLOGIES IN IT SERVICE MANAGEMENT

SOA: The missing link between Enterprise Architecture and Solution Architecture

Web Services Software Architecture

Processes, services and business agility

Approach to Service Management

Open Group SOA Governance. San Diego 2009

Useful Patterns for BPEL Developers

ITIL Event Management in the Cloud

WHITE PAPER Business Process Management: The Super Glue for Social Media, Mobile, Analytics and Cloud (SMAC) enabled enterprises?

Self-Aware Software and Systems Engineering: A Vision and Research Roadmap

The IBM Rational Software Development Platform..Role focused tools help simplification via Separation of Concerns

A Hierarchical Self-X SLA for Cloud Computing

Service Oriented Architecture (SOA) Architecture, Governance, Standards and Technologies

Leveraging an On-Demand Platform for Enterprise Architecture Preparing for the Change

SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS

IBM Business Process Manager

Editorial NUMBER 01 NOVEMBER Editorial. Project overview. Reference architecture

Information Security Management System for Cloud Computing

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Workload Automation Challenges and Opportunities

The DEMONS Integrated Access Control Model for Collaborative Network Monitoring

Sentinet for Windows Azure SENTINET

Monitoring Performances of Quality of Service in Cloud with System of Systems

A Review On SLA And Various Approaches For Efficient Cloud Service Provider Selection Shreyas G. Patel Student of M.E, CSE Department, PIET Limda

Business-Driven Software Engineering Lecture 3 Foundations of Processes

Business Process Driven SOA using BPMN and BPEL

Toward governance of cross-cloud application deployment

Supply Chain Platform as a Service: a Cloud Perspective on Business Collaboration

How To Monitor Hybrid It From A Hybrid Environment

BPM in Cloud Architectures: Business Process Management with SLAs and Events

A Framework for Adaptive Process Modeling and Execution (FAME)

This is a sample chapter from A Manager's Guide to Service Management. To read more and buy, visit BSI British

How To Understand The Individual Competences Of An It Manager

Align IT Operations with Business Priorities SOLUTION WHITE PAPER

VARIABILITY MODELING FOR CUSTOMIZABLE SAAS APPLICATIONS

and Deployment Roadmap for Satellite Ground Systems

Cordys Business Operations Platform

Driving SOA Governance - Part II: Operational Considerations

An Agile Governance Method for Multi-tier Industrial Architecture

Defining Generic Architecture for Cloud Infrastructure as a Service Model

focus Software product line engineering (SPLE) is a paradigm of software reuse Combining Service Orientation with Product Line Engineering

Service-Oriented Architectures

Planning the Migration of Enterprise Applications to the Cloud

ITIL V3 Sample Questions Page 1 of 15 Sample ITIL version 3 Foundation Examination. Instructions

SOACertifiedProfessional.Braindumps.S90-03A.v by.JANET.100q. Exam Code: S90-03A. Exam Name: SOA Design & Architecture

ASCETiC Whitepaper. Motivation. ASCETiC Toolbox Business Goals. Approach

Moving Applications To Cloud

Establishing a business performance management ecosystem.

Figure 1: Illustration of service management conceptual framework

EasySOA: Service Design & Monitoring

SOA Governance and the Service Lifecycle

Self-protecting multi-cloud applications

IRMOS Newsletter. Issue N 4 / September Editorial. In this issue... Dear Reader, Editorial p.1

Service-Centric Integration Architecture for Enterprise Software Systems

1 Publishable summary

Common Capabilities for Service Oriented Infrastructures In A Grid & Cloud Computing

SOLUTION WHITE PAPER. Align Change and Incident Management with Business Priorities

Crossing the DevOps Chasm

Transcription:

Taming the Cloud: Safety, Certification and Compliance for Software Services Keynote at the Workshop on Engineering Service-Oriented Applications (WESOA) 2011 Howard Foster and George Spanoudakis Department of Computing, School of Informatics, City University London, Northampton Square, London, England, United Kingdom {howard.foster.1,g.e.spanoudakis}@city.ac.uk Abstract. The maturity of IT processes, such as software development, can be and is often certified. Current trends in the IT industry suggest that software systems in the future will be very different from their counterparts today, with an increasing adoption of the Service-Oriented Architecture (SOA) design pattern and the deployment of Software-as-a- Service (SaaS) on Cloud infrastructures. In this talk we discuss some issues surrounding engineering Software Services for Cloud infrastructures and highlight the need for enhanced control, service-level agreement and compliance mechanisms for Software Services. Cloud Infrastructures and Service Mash-ups. 1 Introduction Aligned with the WESOA workshop theme for this year, this talk discussed the areas of Software Engineering for Cloud, Service-Orientation and Mash-Ups with a focus on safety, security and compliance. Although it is individually challenging to discuss these areas, integrating these together involves further complexity and challenges. The talk specifically aims to highlight the challenges to software engineers, both in engineering discipline at design-time and run-time. We firstly highlighted an interesting case study where architectural decisions in software service design and deployment decisions caused process and resource usage safety issues. Second, we discussed certification for software services and specifically how it enhances a trust mechanism in service discovery and composition. Third, we outlined service policies and constraints, in the form of Service-Level Agreements (SLAs) and how these can be used to monitor services on cloud infrastructures. 2 Safety of Services in Cloud Deployment Safety for cloud, services and their composition can be viewed from various perspectives. Whilst it is not isolated to service compositions, service design requires some care when deployment is to be made to the cloud and potentially

dynamically changing resource providers and consumers. As an example problem, when enacting a web service orchestration defined using the Web Services Business Process Execution Language (WS-BPEL) we observed various safety property violations. This surprised us considerably as we had previously established that the orchestration was free of such property violations using existing BPEL model checking techniques. In this talk, we described the origins of these violations. They result from a combination of design and deployment decisions, which include the distribution of services across hosts, the choice of synchronisation primitives in the process and the threading configuration of resource containers. We illustrated how model checking can take execution resource constraints into account (see Figure 1). We evaluate the approach by applying it to the above application and are able to demonstrate that a change in allocation of services to hosts is indeed safe, a result that we are able to confirm experimentally in the deployed system. The approach is supported by a tool suite, known as WS-Engineer, providing automated process translation, architecture and model-checking views [2, 5, 6]. Fig. 1. Example Models for Safety Analysis in Service Deployment Whilst our focus previously was supporting design-time analysis of service deployment architectures and behavioural models, we also describe how our future work and vision is to provide this at run-time. This involves a collaborative effort between analysis and monitoring. We describe this further in section 5. Our work on analysis however, also raised some interesting points on general service engineering. How do we certify services to be compliant with quality

standards? What are the quality standards that describe this? How are certifications expressed and related between others? What are the safety and security properties we are interested in upholding? These are covered the following parts of the talk. 3 Service Certifications and Cloud Security Software certification has largely focused on certifying security mechanisms (e.g. ISO/IEC 15408) or product quality metrics (e.g. ISO/IEC 9126*). Our work in certification and assertions for services is part of the EU funded project ASSERT4SOA [8]. ASSERT4SOA aims to provide a general service certification framework, notation and architecture for supporting certificates in service discovery and composition. The ASSERT4SOA language vocabulary is split in to three certification areas: Evidence-based (ASSERT4SOA-E), Model-based (ASSERT4SOA-M) and Ontology-based (ASSERT4SOA-O). The three types of certification are used as part of a wider framework to specify and utilise certifications in a service-oriented architecture. As an example usage of this framework, a process for security certificates in service discovery and composition is illustrated in Figure 2. Fig. 2. ASSERT4SOA Framework for Service Composition with Certificates Note that one particularly challenging area is the trigger from a Service Replacement request. This highlights the dynamic life-cycle of services on the cloud and how properties of these services, and the services they rely on, will dynamically change over time and infrastructure changes. Managing these changes and constraining them on Cloud-based pay-per-usage model requires an agreement and monitoring architecture.

4 Monitoring Service SLAs in the Cloud Both Cloud business and infrastructure models emphasise a greater need for accurate levels of service and conformity. With this in mind, specifying and assuring coverage of certain service and infrastructure properties has been undertaken in the EU funded SLA@SOI project [7]. In this project we undertook providing a service monitoring infrastructure with mechanically derived configurations from service-level agreements (SLAs). The architecture for this is illustrated in Figure 3. Fig. 3. SLA Monitoring Infrastructure for SOA/Cloud SLAs are described using the SLA@SOI SLA Model. This includes a vocabulary with terms and constructs for defining complex SLA expressions and constraints. The terms cover a wide range of service and cloud properties, for example, the availability or response time of a service. Both software and infrastructure terms are described, including CPU resource thresholds and virtual machine performance. Certifications provide a way to describe how software meets certain standards. The tests carried out on particular certifications may be drawn from example vocabularies, such as those defined in the SLA@SOI SLA Model. Further details of this work may be found in [3, 4]

5 Vision of Service Compliance Providing both static and dynamic testing tools is a challenge for such techniques discussed previously however we plan to investigate novel yet practical methods for dynamically analysing, monitoring and reacting to violations in such dynamic infrastructures as the Cloud. We discussed mainly a design-time analysis previously, however there is potentially great value to combine service analysis with service monitoring and in the direction of compliance - to ensure certifications are upheld through the software engineering process. Practically, this may be realised through an architecture with checkpoints such as that described by the CBDI [1] and illustrated in Figure 4. Fig. 4. SOA Architecture with Example Compliance Checkpoints (CBDI 2006) In summary, we believe that service safety, certification and compliance checking can facilitate a safer cloud of services. As we move towards a more dynamic service-based internet of things, the need for assurance in both providing and consuming services has never been greater. Additionally, new standards of IT compliance may well be delegated to the service engineer to counter such risks as data mis-use and inappropriate service behaviour as a result of ad-hoc service compositions. Acknowledgements Our work reported in this keynote has been supported by the EU project AS- SERT4SOA - Trustworthy ICT (ICT-2009.1.4).

References 1. L.Wilkes, Policy Driven Practices for SOA, presented at the CBDI SOA Seminar, April 2006. Available from: http://www.omg.org/news/meetings/workshops. 2. H.Foster, S.Uchitel, J.Magee and J.Kramer, An Integrated Workbench for Model- Based Engineering of Service Compositions, IEEE Transactions on Services Computing, IEEE Computer Society, April 2010. 3. H.Foster and G. Spanoudakis, Dynamic Creation of Service Monitoring Infrastructures, Service Level Agreements for Cloud Computing, Wieder, P.; Butler, J.M.; Theilmann, W.; Yahyapour, R. (Eds.), Springer-Verlag Berlin and Heidelberg GmbH Co. (November 2011). 4. H.Foster and G. Spanoudakis, Model-Driven Service Configuration with Formal SLA Decomposition and Selection, in proceedings of the 26th ACM Symposium on Applied Computing (SAC), TaiChung, Taiwan, March 2011. 5. A.Argent-Katwala, A.Clark, H.Foster, S.Gilmore, P. Mayer and M.Tribastone, Safety and Response-Time Analysis of an Automotive Accident Assistance Service. Proceedings of ISoLA 2008, Chalkidiki, Greece. October 2008. 6. H.Foster, S.Uchitel, J.Magee, J.Kramer, Model-based Verification of Web Service Compositions, IEEE Automated Software Engineering (ASE) 2003, Montreal, Canada, 2003. 7. SLA@SOI, A Business-Ready Service-Oriented Infrastructure Empowering The Service Economy in a Flexible and Dependable way, EU Project ICT-2007.1.2. Available from: http://sla-at-soi.eu. 8. ASSERT4SOA, Advanced Security Service Certificate for SOA, EU Project ICT- 2009.1.4. Available from: http://assert4soa.eu/.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information