Efficient Service Deployment on Public Cloud: A Cost, Performance, and Security Perspective
Open Access
- Author:
- Fatahi Baarzi, Ataollah
- Graduate Program:
- Computer Science and Engineering
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- October 06, 2021
- Committee Members:
- George Kesidis, Chair & Dissertation Advisor
Timothy Zhu, Major Field Member
Mahmut Kandemir, Major Field Member
Uday Shanbhag, Outside Unit & Field Member
Chitaranjan Das, Program Head/Chair - Keywords:
- Cloud Computing
Resource Management
Service Deployment - Abstract:
- As internet services are becoming more and more popular, business owners need more IT resources in order to supply the demand from their users. However, the cost of maintaining and operating the IT resources is also increasing. In order to focus on the business, rather than managing the private IT resources, businesses (a.k.a tenants) have started to move to the public cloud. The public cloud providers provide virtually unlimited amounts of resources in a variety of types including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and more recently Function as a Service (FaaS) (i.e. serverless computing). Tenants might choose one or more than one type of resource offerings to operate their services on the public cloud. The success of the tenants' business is profoundly impacted by how efficient their services are. We argue that the efficiency itself can be decoupled into three main aspects: cost, performance, and security. In this thesis, we propose, develop, and implement mechanisms and systems to achieve cost and performance efficiency while operating on the public cloud and mechanisms to develop attack-resilient cloud-deployed services which are subject to application-layer DDoS attacks. In the first part of this thesis, we describe our system BurScale. BurScale is an autoscale system that exploits the cheap price of burstable instances in order to minimize the cost of virtual machine resource (i.e. IaaS) provisioning in the public cloud. BurScale uses the results from queueing theory known as the "square root staffing rule" to decouple the cluster of virtual machines into two parts: regular VM instances and burstable VM instances. By combining burstable and regular instances, BurScale is able to save in cost by 50% for both stateless and stateful applications. In the second part of this thesis, we present SHOWAR to improve the efficiency of deploying microservices on the public cloud through right-sizing and efficient scheduling of the containers. SHOWAR consists of three major components: a vertical autoscaler, a horizontal autoscaler, and a scheduling affinity (and anti-affinity) rule generator. For vertical autoscaling, SHOWAR utilizes the empirical variance in the resource usage of containers to determine the size (e.g. number of CPUs and Memory size) of each container. SHOWAR uses results from control theory for horizontal autoscaling of microservices. Finally, using the resource usage correlation between different microservices, it generates affinity (and anti-affinity) rules for the scheduler to better schedule the microservices. SHOWAR is able to save in cost by 22% compared to the state-of-the-art autoscalers for microservices. In the third part of this thesis, we present our mechanisms and methods for detecting and defending application-layer DDoS attacks on microservices. We leverage the capabilities of Kubernetes, the state-of-the-art container orchestrator tool, to detect and defend the attacks against cloud-deployed microservices. Our experimental evaluations show that our mechanisms can efficiently detect and isolate the attacks and reduce the impact of the attack on legitimate users by 3x. Finally, in the last part, we advocate for a multi-cloud serverless model where this model aggregates multiple cloud providers' services to achieve the best cost and performance for the FaaS workloads using a virtual serverless provider (VSP). We first discuss the merits of such a model and then present the viability of a multi-cloud serverless platform that seeks for cost and performance efficiency. Our results from evaluating an initial prototype of a VSP show that VSPs can potentially save more than 50% in costs for deploying FaaS workloads.