Classification of hardware resources

The backbone of cloud infrastructures is the hosting sites (i.e., data centres) providing the required hardware resources to operate and provide cloud services.

A hosting site is usually located in a building specifically designed for operating hardware resources. It contains IT facilities representing the hardware resources that can be classified by network (i.e., communication infrastructure), services (of the communication infrastructure), computation (i.e., server), storage, and management (cf. CiscoVMDCLayers [44]). Beside the hardware resources, there are support facilities (e.g., cooling, UPS, power supply, and racks) that are necessary for operating the hardware resources. Additionally, there are building facilities (e.g., alarm devices, physical access control, and fire protection) that are necessary for the operation, maintenance, and protection of the building itself.

To gain a better view of hardware resources, it is necessary to understand how they are structured and operated in practice. Here, the design guide forVirtualized Multiservice Data Center (VMDC)[44] and theCommon Information Model (CIM)of theDistributed Manage- ment Task Force (DMTF) [57] provide representative and comprehensive information. The design guide forVMDCprovides detailed information on state of the art data centre infrastruc- ture set-up and operation as recommended by CISCO,1which are one of the leading companies for the wired and wireless LAN access infrastructures [200]. TheCIMis a standard for man- agement information for IT systems and covers a systematic description of IT systems and their interaction. Both references are used in the following to derive a classification of hardware re- sources provided by hosting sites in the context of cloud computing.

4.1.3.1 Hosting siteHS

Summarising the previous observations, the class hosting siteHS is defined as a set of sup-

port facilities, building facilities, and IT facilities. Figure4.7 depicts the components of the class hosting site. The hardware resources are represented by the IT facilities (highlighted in Figure4.7) and are classified by management infrastructure, compute server, data storage, and communication infrastructure. Each of these classes is specified in the following.

Figure 4.7: Classification of hosting sites with a focus on the IT facility.

Hosting Site

Support Facility Building Facility IT Facility

Cooling UPS Power Supply Rack

...

Alarm Device Physical Access Control Fire Protection

...

Management Infrastructure Compute Server Data Storage Communication Infrastructure Focus of this thesis Is associated

4.1.3.2 Management infrastructureMI

The class management infrastructureMI:= {mi1, ..., min} is a set of management infrastructure

instances mii with n ∈ N and i ∈ {1, ..., n}. The components ofMIare depicted in Figure4.8.

A management infrastructure instance miiis an automated management function classified

by fault management, configuration management, accounting management, performance man-

agement, and security management (cf. CCITT recommendation on management functions [197]). The management function classes are specified as follows.

Figure 4.8: Classification of the management infrastructure.

Management Infrastructure Fault Management Configuration Management Accounting Management Perfomance Management Security Management Is associated

• Fault managementFMF: The classFMFis a set of functions for detecting, isolating

and correcting abnormal operation of the IT facilities (cf. [197], pp. 15 et. seqq.). In particular, this includes the functions for backup f m f_Bak, replication f m f_Repl, and recovery f m f_Recoverof IT facilities.

• Configuration managementCM: The classCM is a set of functions for controlling,

identifying, collecting data from, and providing data to IT facilities (cf. [197], pp. 37 et. seqq.).

• Accounting management AMF: The class AMF is a set of functions for measuring

usage and determining costs of IT facilities, and charging customers, i.e., cloud providers (cf. [197], pp. 53 et. seqq.).1

• Performance managementPMF: The classPMFis a set of functions for evaluating

and reporting on the behaviour and effectiveness of IT facilities (cf. [197], pp. 5 et. seqq.).

• Security managementSMF: The classSMFis a set of functions for preventing and de-

tecting security incidents, containment and recovery of IT facilities after the occurrence of security incidents, and security administration (cf. [197], pp. 62 et. seqq.).

4.1.3.3 Compute serverCS

The class compute serverCS:= {cs1, ..., csn} is a set of compute server instances csiwith n ∈ N

and i ∈ {1, ..., n}. The components ofCSare depicted in Figure4.9.

A compute server instance csi is a physical server (organised in racks or as stand-alone)

consisting of hardware components and of hosted applications, which are specified as follows. 1_{From the point of view of a hosting site, the cloud provider is a customer who requests hardware resources for} operating a cloud infrastructure. Usually, there is no direct contact between a hosting site and a cloud customer.

• Hardware componentHW: The classHWis a set of different types of hardware com-

ponent (e.g., CPU, GPU, data storage, memory, and interfaces) a physical server is built of. Each hardware component can be used to provide a specific amount of computation resource (e.g., CPU cycles and memory size).

• ApplicationAPP: The classAPPis a set of application types (e.g., file server, database,

and hypervisor) that are hosted on the compute server. Each application type can have multiple, independent instances that can be utilised for providing cloud services (e.g., virtual network services and virtual machines).

Figure 4.9: Compute server classification.

Hypervisor Memory HW Component Application CPU Data Storage File Server Database Interface GPU

...

Compute Server

...

Extends Is associated 4.1.3.4 Data storageDS

The class data storage DS:= {ds1, ..., dsn} is a set of data storage instances dsi with n ∈ N

and i ∈ {1, ..., n}. As depicted in Figure4.10, a data storage instance dsi (i.e., physical data

storage) can be classified by type into internal storage (of the compute server), locally attached storage (of the compute server), and remote storage (provided via communication infrastruc- ture), which are specified in the following.

Internal data storageIDS The classIDSis a set of data storage instances ds ∈DSthat are

located inside a physical server chassis. IDScan be classified into different types of internal

data storage device (e.g.,hard disk drive (HDD),solid-state drive (SSD), and tape).

Locally attached data storageADS The classADSis a set of data storage instances ds ∈DS

that are locally attached to a physical server (e.g., viaUniversal Serial Bus (USB)or viaSerial Advanced Technology Attachment (SATA)forDirect Attached Storage (DAS)).ADScan be

Remote data storageRDS The classRDSis a set of data storage instances ds ∈DSthat are

available via a network connection (e.g., viaLANorStorage Area Network (SAN)).RDScan

be classified into different types of remote data storage type (e.g., network-attached storage (NAS)andSAN).

Figure 4.10: Data storage classification.

Data Storage

Internal Storage Locally attached Storage Remote Storage

HDD SSD Tape RAM Drive HDD SSD Tape

...

NAS SAN

...

...

Extends

Remark 4.1 (Fault tolerance of data storage) For reasons of fault tolerance, data storage is usually managed in multiple layers of synchronised replications. An example of a two- layer replication would be a first-level replication for storage protection, and a second-level replication for disaster recovery (cf. VMDC service tiers [44]). For a data storage instance ds∈DS, this replication is modelled as follows.

(ds, ds|f m f_Repl, ds|f m f_Repl|f m f_Repl) with f m f_Repl∈_FMF.

For the same instance, a 1-layer replication with2oo2redundancy is modelled as follows.

(ds, ds|f m f_Repl, ds|f m f_Repl0) with f m f_Repl∈FMF.

4.1.3.5 Communication infrastructureCI

The class communication infrastructureCI:= {ds1, ..., dsn} is a set of communication infras-

tructure instances dsiwith n ∈ N and i ∈ {1, ..., n}.

A communication infrastructure instance dsi consists of all elements of a network infras-

tructure that are necessary for the communication between compute system instances and data storage instances. These are communication services (e.g.,Virtual Local Area Network (VLAN)management,QoSmanagement, and routing) and service endpoints required for cre- ating end-to-end connections between compute system instances and data storage instances (cf.

CIMnetwork schema [57]).

Figure 4.11: Communication infrastructure classification.

QoS Management Communication Infrastructure

Service End-to-End Connection

DHCP Routing Range Communication topology DNS Gateway/Firewall VLAN Management

...

Communication Infrastructure Extends Is associated Is property

Communication infrastructure serviceCIS The classCISis a set of service instances and

can be classified by different types of service (e.g.,VLANmanagement, routing, andDHCP). Each service instance is an application instance (e.g.,DHCPserver) hosted on a compute server connected to the communication infrastructure.

End-to-end connection CON The classCON is a set of end-to-end connection instances

established between two or more compute server instances and/or data storage instances. For example, an end-to-end connection instance con between the compute server instances cs1and

cs₂is described as follows.

con(cs1, cs2) := con ∼ (cs1, cs2) .

An end-to-end connection instance con has the following properties.

• RangeCON|PRange: The propertyCON|PRange:= {con|PRange,In, con|PRange,Ex} describes

whether the connection endpoints of con are located within the hosting site (con|PRange,In),

or one or more connection endpoints of con are located outside of the hosting site (con|PRange,Ex).

• Communication topologyCON|PTop: The propertyCON|PTopdescribes the topology

of the communication, for example, one-to-one communication (con|PTop,1−1) or one-

to-many (con|PTop,1−∗). For example, an 1-to-n communication between the compute

server instance cs1and the group of compute server instances cs2, ..., csn(with n ∈ N) is

described as follows.

con(cs1, (cs2, ..., csn)) := con ∼ (cs1, (cs2, ..., csn))

In document Tackling cloud compliance through information flow control (Page 85-91)