Abstract
In an attempt to create a comprehensive IaaS solution, DTGOV introduces several mechanisms into the IaaS architecture. These systems are expected to ensure scalability, reliability, optimal utilization of resources, and user identity security. With these systems in place, the solution is capable of handling a wide range of tasks typical for the architecture.
Introduction
An IaaS management architecture is a complex entity. For it to comply with safety and usability requirements, several components must be assembled and configured. The following paper provides an overview of the architectures used in a solution described in the case study.
Case Summary
DTGOV is aiming to create a comprehensive architecture for managing its infrastructure-as-a-service (IaaS) solution. Due to the complexity of the system, the solution needs to incorporate several components critical for its performance. First, it is necessary to ensure the integrity of the network used by IaaS, which is achieved by implementing logical network perimeters that establish a network topology. Second, it is important to maintain resource availability, which can be done by deploying virtual server clusters managed by a combination of monitoring and workload distribution mechanisms. Third, separate systems should be able to communicate with each other. This goal is achieved by incorporating identity and access management (IAM) and single sign-on (SSO) systems to propagate the authorization data across the entire IaaS using a uniform security context. Finally, the system needs to scale in response to changing usage conditions. DTGOV solves this task by configuring automated scaling listeners and providing template configurations for virtual servers.
Architecture Description
The first key component used by DTGOV in its IaaS is a resource cluster. As a rule, clusters are established to improve performance by grouping diverse IT resources in respective groups. The scheme provided in the case study identifies two types of clusters. The first is a server cluster comprised of virtual servers. Such a cluster can be established by configuring hypervisors to implement virtual server instances optimally in terms of hardware specificities and regional location (Liu, Jin, Xu, & Liao, 2013). The architecture can be further enhanced by a reservation of resources for redundant instances, which was used in the case at hand. Clustering also allows for the migration of instances between physical servers, providing the system with additional scalability.
The second type is a database cluster, which utilizes numerous storage devices to replicate data managed by the system. The purpose of such a cluster is data integrity and safety. The cloud storage device mechanisms mentioned in the case are likely implemented using the virtualization platform. The use of a load balancer and a failover system is consistent with typical approaches to the described component.
Next, the resource management system is an important part of the IaaS at hand. The multitude of tasks set by cloud consumers and cloud providers requires effective allocation of resources that need to be automated to be executed on time. In the case of DTGOV’s system, resource management is done primarily by the virtual infrastructure manager (VIM). The VIM tasks include managing template configurations for virtual server images, deploying new virtual instances in response to the increasing demand, and coordinating information received from failover system mechanisms (Beloglazov & Buyya, 2013). In addition, the VIM is responsible for monitoring the consistency of security policies throughout the cloud environment.
The next component is the identity and access management (IAS) system. Leveraging this architecture allows managing different types of user identities, assigning access control privileges and attributes, managing user identities and groups, and issuing identity credentials. In addition, IAM provides additional security by minimizing overlapping trust boundaries and denial of service threats (Dukaric & Juric, 2013). In the case of DTGOV, IAM is used in combination with a single sign-on (SSO) system, responsible for the propagation of authentication information across different systems within the environment. The data received from IAM and SSO systems is handled by a custom-built application (e.g. a service broker) that generates universal runtime authentication credentials that can be used during the session by involved IT resources.
Finally, it is necessary to point out the use of an SLA management system. The system in question consists of several SLA monitoring agents that collect SLA data by predefined parameters and an SLA measurements database to which the data obtained by monitors is submitted. The metrics obtained from the SLA management system are gathered by the VIM and can be used to adjust the performance of the services in response to the detection of exceptional conditions.
Commercial Vendors
Several vendors offer products that could be used for the solution developed by DTGOV. The most apparent example is Amazon EC2, a computing environment capable of hosting all of the identified systems. The product in question can be adjusted by including pre-configured templates, provides necessary network configuration options, and features a flexible pricing scheme.
Conclusion
IaaS is a complex structure that requires numerous systems to function properly. The systems introduced by DTGOV at the current stage of development ensure scalability, reliability, optimal utilization of resources, and user identity security. The resulting IaaS management architecture can be considered compliant with industry safety requirements.
References
Beloglazov, A., & Buyya, R. (2013). Managing overloaded hosts for dynamic consolidation of virtual machines in cloud data centers under quality of service constraints. IEEE Transactions on Parallel and Distributed Systems, 24(7), 1366-1379.
Dukaric, R., & Juric, M. B. (2013). Towards a unified taxonomy and architecture of cloud frameworks. Future Generation Computer Systems, 29(5), 1196-1210.
Liu, H., Jin, H., Xu, C. Z., & Liao, X. (2013). Performance and energy modeling for live migration of virtual machines. Cluster Computing, 16(2), 249-264.