As part of the reference architecture for Cloud Computing, we define a use-case model which describes some common functions for cloud environments. The Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) project at the NIST [114] has produced a list of use cases related to portability, interoperability, and security. Cloud Computing Use Case Discussion Group [115] defines common use case scenarios for Cloud Computing. This work describes the capabilities and requirements needed to be standardized in order to achieve interoperability, integration, and portability. This collaborative work describes seven typical scenarios in Cloud Computing such as cloud applications accessed by end users, cloud applications accessed by a company’s employees and end users, cloud applications integrated with a company’s internal
45
processes, cloud applications accessed by partners companies, private clouds, changing cloud vendors, and hybrid clouds. [116] provides a use-case model for SaaS which shows how a system behaves. Also, the authors in [117] describe a use-case model that shows functional requirements for PaaS models. Based on these previous works, we compile general functions that can be applied in all cloud services (Figure 9). However, the details from some use cases will vary from one cloud model to the other one. Thus, we produce use case models for each cloud service as well. Use cases can help to identify possible flaws in the system by analyzing their activities.
Also, use cases aims to identify actors that will interact with the system. An actor can be either a person or an institution. There are four main roles: cloud consumer, cloud provider, cloud auditor, and cloud broker.
Cloud Consumer: A cloud consumer is a person or an institution that uses a service from a cloud provider. If the cloud consumer is an institution, then there may be different sub-roles. For example, SaaS consumers can be end users who consumes directly the applications, service administrator who configures applications for end users, business manager who is responsible for the financial aspects, or IT manager who is responsible to integrate the cloud services with local processes. However, PaaS consumers can also be application developers, testers, and deployers, and IaaS consumers can be IT manager, system developers, and system administrators as well.
Cloud Provider: A cloud provider can be also a person or an institution that provides a service to the cloud consumer. The cloud administrator is a super role that can be divided into other three roles: IaaS administrator, PaaS administrator, and SaaS administrator. Each administrator can be divided into two main actors: service operations
46
administrator and service business administrator. A service operations administrator is responsible for setting up, monitoring, managing, deploying and provisioning cloud services. A service business administrator establishes business relationships with cloud consumers such as setting up accounts and signing contracts.
Cloud Auditor: A cloud auditor can be part of the cloud provider or it can be a third- party that evaluates cloud services offered by a cloud provider in terms of security, privacy, availability, performance, etc. They express an opinion whether a cloud service complies with certain standards. Many industries such as healthcare and finance, there are strong regulations such as HIPAA that dictates how data should be handled and where it should be stored. Auditors can verify if a cloud provider follows these regulations.
Cloud Broker: Multiple cloud providers offer disparate services that it may be too complex for consumers to integrate them. This is where a cloud broker appears. A cloud broker is an entity that intermediates between cloud consumers and providers, so instead of contacting a cloud provider directly, a cloud consumer contacts a cloud broker. A cloud broker can improve some functionalities or combine different services from different cloud providers.
The following use cases represent common functions for cloud services in general, where service represents IaaS, PaaS, or SaaS.
Open Account: A cloud consumer requests to open an account in order to subscribe to a service. To open an account, a consumer typically provides his email address and credit card information. The provider may verify that the provided email address and credit card information are valid.
47
Request Service: A consumer requests a service to the cloud provider who validates if the user has a valid account. The cloud provider deploys the service based on the user’s request.
Consume Service: A consumer starts using the service. Once the consumer starts consuming a service, the provider starts metering the consumer usage of the service. The collected information will be passed to the billing process in order to generate invoices for payments.
Modify Service: Consumers request to increase or decrease cloud resources or change type of service.
Request Service Removal: A consumer requests to terminate the service. The cloud provider releases the allocated resources. Also, the provider sends the final billing.
Close Account: A consumer requests to close the account. He may also request to return his data or to transfer the data to another cloud. Providers will terminate all the services where the consumer was subscribed, and issue the last bill.
Pay Bill: A consumer pay either directly to the provider or through a financial institution.
Setup Service: Cloud providers are responsible for the hardware and software installation in order to deliver their services.
Register Service: Once the service is setup, cloud providers need to publish a list of available services in some sort of catalog where users can locate them.
Monitor Service: Cloud providers monitor the status of the system and its resources. In IaaS, providers monitor their underlying infrastructures (servers,
48
storage and network), and the virtual resources. In PaaS, provides monitor the virtual development and deployment environments, and SaaS providers monitor the performance of their applications.
Manage Service: Management operations include allocation of virtual and physical resources and applications configurations and provisioning. Also, it includes security management operations such as authentication, authorization, data protection, and resource isolation.
Meter Usage: Depending on the pricing model, there may be a need to meter customer usage of the service such as processing power, network bandwidth and storage space. The collected information will be passed to the billing process in order to generate invoices for payments.
Update Service: Cloud providers handle the update of their current services such as patching and upgrading current versions of software, and acquisition of new software or hardware.
Generate reports: Generate reports to provide the status of the service, resource usage, resource available, etc.
Audit Service: Cloud providers can request to audit their facilities and operations to third-party auditors to evaluate their services in terms of security, privacy, performance and others. Auditors can also certify that a cloud service is compliant with certain standards.
49
Figure 9: Common Use Cases for Cloud Computing
Figure 10 shows some typical use cases for Infrastructure-as-a-Service.
Setup Infrastructure: IaaS providers setup all underlying infrastructure: hardware (servers, storage and network) and the virtualization software.
50
Create VMI: Both users and IaaS providers can create Virtual Machine Images (VMI) from scratch. A VMI contains the initial configuration files which may include operating system, number of CPUs, amount of memory, size of disk, and pre-installed applications. VMIs are used to instantiate Virtual Machines.
Register VMI: VMIs are stored into a repository where they can be accessed by users.
Modify VMI: Users may need to modify existing VMIs to meet their requirements. Request VM: Users specify the amount of computational resources and types of
software components needed in a new VM.
Create VM: IaaS Provider allocates resources and creates a VM with the requirements specified by the user such as memory size, CPU size, storage size, and other customization information.
Consume VM: A party starts using it by installing and configuring any application. The cloud provider also starts metering the usage of the service in order to send this information to the billing process.
Modify VM: Parties request to their providers to increase/decrease computing and storage resource.
Manage VM: There are some management operations that a party can perform on their virtual machine once it is created such as: start, migrate, suspend, shutdown, resume, rollback, and restart.
Manage set of VMs: The Cloud Administrator can also perform some management operations on the virtual machines that are under his supervision due to fault tolerance, hardware maintenance, workload balancing, and elastic scaling.
51
Figure 10: Use Case Diagram for IaaS
Figure 11 shows the use case diagram for Platform-as-a-Service.
Setup Environment: The PaaS provider configures the environment that hosts development languages, databases, libraries, and other components and tools in order to develop and deploy applications. If the PaaS provider does not own the underlying infrastructure including network, servers and storage, he has to rent the infrastructure where environments will be hosted.
52
Manage Environment: The PaaS provider manages the installation, upgrading, configuration, and patching of all the development and deployment tools.
Request Environment: A user requests an environment to develop, test, or deploy his own application.
Consume Environment: Developers (users) can start coding, testing, or deploying their custom applications. Developers may have the option to work offline where they have to install a client application in their local machines. While the party uses the environment, it is metered in order to generate the bill for the service usage.
53
Figure 12 shows the use case diagram for Software-as-a-Service.
Setup Application: The SaaS provider installs the application on the cloud, so it can be accessible on demand. The SaaS provider does not necessarily own the physical infrastructure where the application is running. In this case, the SaaS provider has to rent the infrastructure or platform for hosting its applications. Manage Application: The SaaS provider is in charge of the configuration, updates
and patches of the SaaS applications.
Register Application: The SaaS provider registers applications so they can be accessible to SaaS users.
Request Application: A user requests to use an application.
Consume Application: A user starts consuming the application and the data is saved on the cloud. The user may need to download a client application on his local machine and then the data is synchronized with the data in the cloud.
54
Figure 12: Use Case Diagram for SaaS
4.4. Infrastructure-as-a-Service
4.4.1. Intent
Describe the infrastructure to allow the sharing of distributed virtualized computational resources such as servers, storage, and network.
4.4.2. Context
Distributed systems where we want to improve the utilization of resources and provide convenient access to all users.
55 4.4.3. Problem
Some organizations do not have the resources to invest in infrastructure, middleware, or applications needed to run their businesses. Also, they may not be able to handle higher demands, or they cannot afford to maintain and store unused resources. How can they get access to computational resources?
4.4.4. Forces
Transparency - The underlying architecture should be transparent to its users. Users should be able to use the provider’s services without understanding its infrastructure.
Flexibility - Different infrastructure configurations and amounts of resources can be demanded by users.
Elasticity - Users should be able to expand or reduce resources in order to meet the different needs of their applications.
Pay-per-use - Users should only pay for the resources they consume. On demand service – Services should be provided on demand.
Manageability - In order to manage a large amount of service requests, the cloud resources must be easy to deploy and manage.
Accessibility - Users should access resources from anywhere at anytime.
Testability - We intend to develop system programs in this environment and we need to test them conveniently.
Shared resources - Many users should be able to share resources in order to increase the amount of resource utilization and thus reduce costs.
56
Isolation - Different user execution instances should be isolated from each other. Shared Non-functional requirements provision (NFRs) – Sharing of the costs to
provide NFRs is necessary to allow providers to offer a higher level of NFRs. Security—This level is the basis for execution of the complete cloud system and
its degree of security will affect all the applications running on it. We should provide a convenient and measurable structure to define security requirements.
4.4.5. Solution
The solution to this problem is a structure that is composed of many servers, storage, and a network, which can be shared by multiple users and accessible through the Internet. These resources are provided to the users as a form of service called Infrastructure-as-a- Service (IaaS). IaaS is based on virtualization technology which creates unified resources that can be shared by different applications. This foundation layer – IaaS – can be used as a reference for non-functional requirements.
Structure
Figure 13 shows a class diagram for a cloud infrastructure. The Cloud Controller is the main component which processes requests from a Party (actor) through a Portal. A Portal is the external interface where a Party makes requests to the cloud provider. A Party can be an institution or a user (customers and administrators). A Party can have one or more Accounts. The Cloud Controller receives requests from the users. A Cloud Controller controls a set of Cluster Controllers, and the Cluster Controller is composed of Node Controllers, which consist of a pool of Hardware (Servers, Storage and Network). The Cluster Controller handles the state information of its Node Controllers,
57
and schedules incoming requests to run instances. A Node Controller controls the execution, monitoring, and termination of the VMs through a Virtual Machine Monitor (VMM) which is the one responsible to create and run Virtual Machines (VM) instances. The Cloud Controller retrieves and stores user data and Virtual Machine Images (VMI). The Virtual Machine Image Repository contains a collection of Virtual Machine Images that are used to instantiate a VM. The Dynamic Host Configuration Protocol (DHCP) server assigns a MAC/IP (Media Access Control/Internet Protocol) pair address for each VM through the Cloud Controller, and requests the Domain Name System (DNS) server to translate domain names into IP addresses in order to locate cloud resources.
58
Figure 13: Class Diagram for Infrastructure-as-a-Service architecture
Dynamics
UC1: Create a Virtual Machine (Error! Reference source not found.)
For the creation of a VM, a party can provide the location for his VM, or it can be assigned by the provider. For this use case, we assume that the party provides the location.
Summary: Create of a Virtual Machine for a party who provides the list of resources needed, virtual machine image, and the location for his VM.
Actor: Party
59 Description:
a) A party requests a set of computational resources and chooses the virtual machine image and the location where the VM is going to be located.
b) The Cloud Controller verifies whether the requester has a valid account.
c) The Cloud Controller requests to the Cluster Controller that controls the specified location to create a VM.
d) The Cluster Controller chooses the first Node Controller that can support the computational resources requirements.
e) The Cluster Controller requests the Node Controller to create a VM.
f) The Node Controller sends the requests to the VMM that is in charge to actually create the VM.
g) The VMM creates a VM with the requested resources and assigns it to the party’s account.
h) The Cloud Controller acknowledges the Party through the portal that the VM has been created.
Postcondition: A virtual machine is created and assigned to an account and to the hardware.
60 F igure 14 : S eque nc e Dia gr am for Us e C ase C re at e a Virtua l Ma chine
61 UC2: Migrate a Virtual Machine (Figure 15)
The administrator can migrate a VM to a specific Node Controller that can be located in the same or in a different Cluster Controller. The administrator can also migrate a VM to a specific location or to the first node that has the available resources. For the scenario below, we assume that the administrator will move a VM to the first available Node Controller within the same Cluster Controller.
Summary: A VM is migrated from one Node Controller to another one Actor: Administrator
Precondition: a VM resides in some Node Controller (Compute Node Source) Description:
a) The Administrator requests to the Cloud Controller to migrate a VM. However, the migration process can be automatic due to load balancing for example.
b) The Cloud Controller sends a request to the Cluster Controller to start the migration of the VM.
c) The Cluster Controller requests the Node Controller Source to stop the VM. The Node Controller Source forwards this request to the VMM Source.
d) The VMM Source stops the VM and copies the content of the VM. e) Do the same as UC1
f) The VMM Source sends the content of the VM to the VMM destination. g) The VMM destination copies the content into the new VM
62
Figure 15: Sequence Diagram for Use Case Migrate a Virtual Machine
4.4.6. Implementation
As an example, we show the implementation of one of the known uses of this pattern. There are many ways to implement our conceptual models and this is just a possible way to do it. Eucalyptus [14] is an open source software that allows to implement Infrastructure as a Service in order to run and control virtual machine instances via Xen and KVM. Eucalyptus consists of five main components that are described in Figure 16 [118].
63
Figure 16: Eucalyptus’ main components
The two higher level components are: the Cloud Controller and Walrus. The Cloud Controller is a Java program that offers EC2-compatible SOAP and web interfaces. Walrus is a data storage where users can store and access virtual machine images and their data. Walrus can be accessed through S3-compatible SOAP and REST interfaces. Top-level components can aggregate resources from several clusters. Each cluster needs a Cluster Controller which is typically deployed on the head-node of a cluster. Each node will also need a Node Controller for controlling the hypervisor. Cluster Controller and Node Controllers are deployed as web services, and communications between them takes place over SOAP with WS-Security [119].
A cloud can be setup as a single-cluster where the Cloud Controller and the Cluster Controller are located on the same machine, which are referred to front-end. All other machines running the Node Controllers are referred as back-end. However, there could be also a more advanced configuration which comprises several Cluster Controller or Walrus deployed in different machines.
64 A typical configuration includes [120]:
1 Cloud Controller (CPU-1GHz, Memory-512MB, Disk-5400rpm IDE, Disk space-40GB)
1 Walrus Controller (CPU-1GHz, Memory-512MB, Disk-5400rpm IDE, Disk space-40GB)
1 Cluster Controller + Storage Controller (CPU-1GHz, Memory-512MB, Disk- 5400rpm IDE, Disk space-40GB)
Nodes (VT extensions, Memory-1GB, Disk-5400rpm IDE, Disk space-40GB)
4.4.7. Known Uses
Eucalyptus [14] is an open source framework used for hybrid and private cloud computing.
OpenNebula [15] is an open source toolkit to build clouds.
Nimbus [121] is an open source set of tools that offers IaaS capabilities to the scientific community.
Amazon’s EC2 [13] provides compute capacity though web services.
HP Cloud Services [122] is a public cloud solution that provides scalable virtual servers on demand.
IBM SmartCloud Foundation [123] offers servers, storage and virtualization components in order to build private, public and hybrid clouds.
4.4.8. Consequences
65
Transparency – Cloud users are usually not aware where their virtual machines are running or where their data is stored. However, in some cases users can