Objectives
The objective of this proposal is to design and develop a dynamic reasoning environment for a scalable virtualization platform. Simplification of the management of complex and dynamic environments provide control for an adaptive and resilient computing infrastructure.
In our approach we propose using an advanced object model to provide an abstracted interface for establishing a reasoning methodology that allows various behaviors to be associated using multiple inheritance techniques. The approach targets security management and resource and availability controls to create a scalable and adaptive computing infrastructure with graphical work space tools to simplify policy management.
Adaptability is achieved by establishing policies which take into consideration new and changing elements combined with a rich testing structure to assess and categorize the behavior of new elements.
Combined with policies that describe allowed behavioral structures an environment can be provided where new systems and applications can be added to existing virtualized environments without disruption or security issues being introduced into the system.
Policies can define ranges and thresholds for maintaining integrity of their mandates and can trigger events when policy violations have occurred. Supervisory policies can then be applied to take correct action of the environment to accommodate the policy’s mandates.
The initial phase of this project will be to complete the design approach to achieving these objectives. Subsequent phases will test the design within the infrastructure of what will become a product designed to provide a rich and adaptive virtualized computing environment.
Background
As computing environments consolidate hardware resources utilizing virtualization the issue of managing these resources becomes complex. In order to provide a reliable, secure and flexible scalable architecture a method of establishing the policies and interactions between the various operations must be devised. Advanced methods of managing these complex environments with simplified graphical representation and policy management is the focus of the target product.
Existing approaches have been devised that are based upon various rule systems. Such systems are difficult to control as new applications and virtual machines are introduced. What is needed are series of testing components combined with an adaptive reasoning framework to ensure
Contained within this complexity there must be assurances that the data and procedural integrity and security of the mechanism be maintained.
Network Layer 2 Meshing
Employing a meshing capability in layer 2 of the network stack provides several advantages to the architecture:
-
Ability to find and locate virtual network interfaces within the hypervisor without identifying and managing complex router rules.
-
Eliminating layer 3 addresses from hypervisor reduces the hackers ‘landing’ resulting in a more secure system.
Work Flow Management
The WFM system is comprised of a series of queues that represent a category of work. The queue categories are: Action queues, Process queues, Wait queues, Event queues, Decision queues, and External queues. Action queues represent a discrete process or set of processes and are defined by assembling groups of other types of queues. Action queues can contain and make use of other Action queues thereby providing the ability to subdivide work within a given Action queue. This has the added benefit of simplifying development and maintenance by allowing for individual workflows to be defined and tested individually on a micro level, thus insuring that they will work properly when added to larger work flow processes at the macro level. Comparison/completion criteria can be represented within the Decision queues by using an approach as simple as a criteria comparison or by as complex a set of criteria as must be evaluated by the integrated Rules Based Expert System.
The employment of the Linux kernel with a middleware framework known as Cyvergix performs the abstractions required to implement the objectives. KVM provides the components to implement an effective virtualization platform.
Much has been written on the security and merits of the virtualization of the entire machine state as it relates to security. The focus of this
A virtual machine (VM) is abstracted with an interface to allow it to participate within the object model.
Using Multiple Abstractions in an Object Model to Perform Reasoning
Object oriented architectures provide an abstraction of various entities and their related functions. Using multiple inheritance style techniques, we can create a complex association of various policy objects to create an interaction of reasoning
Object abstractions include the development of:
-
Resource utilization policies – establishing usage parameters and limitations of various resources including network bandwidth, memory and processor guidelines.
-
Security and integrity policies – establishing methods of verifying the purity of various environments and subsystems including virus control, root kits, access control verification, etc.
-
Reliability and criticality policies – establishing mechanisms to ensure backup strategy, availability methods and redundancy management.
Policy Based Dynamic State Management
Objects incorporate methods. Methods provide the procedural elements of interaction within an object system. The approach outlined here is a variation from standard object oriented paradigms but retains many of the features of multiple inheritance and the benefits of abstraction as an object.
Implementing these object abstractions and incorporating them for use in an adaptive system involves attaching state procedures or work flow methods (WFM) to the various policy objects. The WFM procedures are constructed from basic functional elements that help to maintain a method of sending event messages to the various system objects abstracted by the object model herein described.
Computing resources, policies and VMs are abstracted as objects within this environment. The object model provides events into the supervisory and policy objects and the policy objects respond with events to the resources requiring action. In this manner, a behavioral system can be devised to administer the complexity of the environment and ensure integrity of all the components.
The object model also allows these abstractions to contain methods for facilitating the particular actions required in activating the required responses to these message paths. The use of inheritance and polymorphism afford the actual implementations to be borrowed from policies and then implemented by actual instances by the instances themselves.
Using the object oriented methodology of inheritance, policy objects are attached to various resource objects by inheriting the policy objects methods. The policy objects methods evoke response handlers on the resource objects directly using polymorphism. This affords policies to not have to be concerned too much with actual implementations of the required actions but leaves this to the abstracted objects employing the policy.
The employment of multiple inheritance concepts provides complex interactions and capabilities from several simpler inherited policy objects. Rules for arbitrating ambiguities in inherited methods are accomplished within the structure of the policy objects themselves. Policies can control the employment of other policy objects creating an extremely responsive and dynamic environment where just about every sort of response and adaptive capability can be devised.
Share with your friends: |