CLOUD COMPUTING Also in This Issue: > It Is Cold

CLOUD COMPUTING Also in this issue: > It Is Cold. And Lonely > Automation and Future Unemployment

JUNE 2016 www.computer.org ENDLESS POSSIbILITIES ... AND COUNTLESS RISKS

Your technology career gives you both. Be prepared for them with the NEWLY ENHANCED IEEE Member Professional Liability Insurance Program*. From computing and sustainable energy systems, to aerospace, communications, robotics, cybersecurity, biomedical, and more, your career in the technology field ENHANCED offers you endless possibilities. But at the same time, it PROGRAM poses countless risks. No matter how well you design it or how accurate your advice is, you can still be sued. OPTIONS Whether the claim is founded or not, protecting your career, reputation and assets could be costly. That’s why IEEE sponsors a Professional Liability Insurance Program. And now it’s been ENHANCED to offer you more benefits, such as: NEW CHOICE PLATFORM gives you more coverage choices from leading IEEE-approved insurers • Fill out one application to receive multiple quote options** • Computer exposures and technology coverage

• Various deductible options • Ideal protection for firms or self-employed individuals • Exclusive member pricing

Protect• all your career possibilities from liability risk exposures today. Learn how this enhanced program can help you: 1-800-375-0775 IEEEINSURANCE.COM/NEWPL

*The IEEE Member Professional Liability Insurance Program with the Choice Platform is available to active IEEE members who reside in the U.S. IEEE members in Canada Canadian IEEE members can visit www.ieeeinsurance.com/canadapl (excluding Quebec) have access to the IEEE Member Professional Liability Insurance for more information about the insurance program brokered by Plan through Marsh Canada Limited. Marsh Canada Limited and underwritten by Certain Underwriters **Coverage options may vary or may not be available in all states. Not all plan features and Lloyd’s of London. will be available under all carriers or plan options. This program is administered by Mercer Consumer, a service of Mercer Health & Benefits Administration LLC. 74772 (6/16) Copyright 2016 Mercer LLC. All rights reserved.

74772 IEEE Endless PL.2016.indd 1 5/9/16 11:00 PM 74772 (6/16), IEEE Computer PL Ad Trim Size: 7.875" x 10.75" Live Area: 7.75" x 10.625" Bleed: 8.125" x 11" Colors 4C - CMYK Stock: N/A MERCER IEEE Computer Society http://computer.org • +1 714 821 8380

Staff

Editor Manager, Editorial Services Content Development Lee Garber Richard Park

Senior Manager, Editorial Services Contributing Staff Robin Baldwin Christine Anthony, Lori Cameron, Carrie Clark, Chris Nelson, Meghan O’Dell, Dennis Taylor, Bonnie Wylie Director, Products and Services Evan Butterfield Production & Design Carmen Flores-Garvey, Monette Velasco, Jennie Zhu-Mai, Senior Advertising Coordinator Mark Bartosik Debbie Sims

Circulation: ComputingEdge (ISSN 2469-7087) is published monthly by the IEEE Computer Society. IEEE Headquarters, Three Park Avenue, 17th Floor, New York, NY 10016-5997; IEEE Computer Society Publications Office, 10662 Los Vaqueros Circle, Los Alamitos, CA 90720; voice +1 714 821 8380; fax +1 714 821 4010; IEEE Computer Society Headquarters, 2001 L Street NW, Suite 700, Washington, DC 20036. Postmaster: Send address changes to ComputingEdge-IEEE Membership Processing Dept., 445 Hoes Lane, Piscataway, NJ 08855. Periodicals Postage Paid at New York, New York, and at additional mailing offices. Printed in USA. Editorial: Unless otherwise stated, bylined articles, as well as product and service descriptions, reflect the author’s or firm’s opinion. Inclusion in ComputingEdge does not necessarily constitute endorsement by the IEEE or the Computer Society. All submissions are subject to editing for style, clarity, and space. Reuse Rights and Reprint Permissions: Educational or personal use of this material is permitted without fee, provided such use: 1) is not made for profit; 2) includes this notice and a full citation to the original work on the first page of the copy; and 3) does not imply IEEE endorsement of any third-party products or services. Authors and their companies are permitted to post the accepted version of IEEE-copyrighted material on their own Web servers without permission, provided that the IEEE copyright notice and a full citation to the original work appear on the first scree n of the posted copy. An accepted manuscript is a version which has been revised by the author to incorporate review suggestions, but not the published version with copy-editing, proofreading, and formatting added by IEEE. For more information, please go to: http://www.ieee .org/publications_standards/publications/rights/paperversionpolicy.html. Permission to reprint/republish this material for commercial, advertising, or promotional purposes or for creating new collective works for resale or redistribution must be obtained from IEEE by writing to the IEEE Intellectual Property Rights Office, 445 Hoes Lane, Piscataway, NJ 08854-4141 or pubs-permissions@ieee .org. Copyright © 2016 IEEE. All rights reserved. Abstracting and Library Use: Abstracting is permitted with credit to the source. Libraries are permitted to photocopy for private use of patrons, provided the per- copy fee indicated in the code at the bottom of the first page is paid through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923. Unsubscribe: If you no longer wish to receive this ComputingEdge mailing, please email IEEE Computer Society Customer Service at [email protected] and type “unsubscribe ComputingEdge” in your subject line. IEEE prohibits discrimination, harassment, and bullying. For more information, visit www.ieee.org/web/aboutus/whatis/policies/p9-26.html.

IEEE Computer Society Magazine Editors in Chief

Computer IEEE Micro Sumi Helal, University of Florida Lieven Eeckhout, Ghent IEEE MultiMedia University Y ong Rui, Microsoft Research IEEE Software Diomidis Spinellis, Athens IEEE Computer Graphics IEEE Annals of the History University of Economics and and Applications of Computing Business L. Miguel Encarnação, ACT, Inc. Nathan Ensmenger, Indiana University Bloomington IEEE Internet Computing IEEE Pervasive Computing M. Brian Blake, University of Maria Ebling, IBM T.J. Watson IEEE Cloud Computing Miami Research Center Mazin Yousif, T-Systems International IT Professional Computing in Science San Murugesan, BRITE & Engineering Professional Services George K. Thiruvathukal, Loyola University Chicago IEEE Security & Privacy IEEE Intelligent Systems Ahmad-Reza Sadeghi, Technical Daniel Zeng, University of Arizona University of Darmstadt www.computer.org/computingedge 1 JUNE 2016 • VOLUME 2, NUMBER 6

THEME HERE 14 20 44 Dynamic Toward a Standard Underwater Visual Certifi cation Interface for Computing: of Cloud Cloud Providers: The Grand Services: Trust, The Container as Challenge Just but Verify! the Narrow Waist around the Corner 4 Spotlight on Transactions: Virtual Learning and Object Reconstruction H. Chad Lane and David Forsyth 8 Editor’s Note: Looking for Answers in the Cloud 10 Understanding Complex Cloud Patterns i dav d S. Linthicum 14 Dynamic Certification of Cloud Services: Trust, but Verify! sebastian Lins, Pascal Grochol, Stephan Schneider, and Ali Sunyaev 20 Toward a Standard Interface for Cloud Providers: The Container as the Narrow Waist silvery Fu, Jiangchuan Liu, Xiaowen Chu, and Yueming Hu 26 Deciding When and How to Move HPC Jobs to the Cloud marco A.S. Netto, Renato L.F. Cunha, and Nicole Sultanum 30 Standards for Hybrid Clouds Alan Sill 34 The Promise of Edge Computing Weisong Shi and Schahram Dustdar 38 Cloud-Based AI for Pervasive Applications albrecht Schmidt

44 Underwater Visual Computing: The Grand Challenge Just around the Corner uwe Freiherr von Lukas 51 It Is Cold. And Lonely. Grady Booch 70 Automation and Future Unemployment George Strawn

Departments 6 Magazine Roundup 70 54 CS Special: Computer Society’s 2016 Take Your Child to Work Day Automation Lori Cameron and Future 56 Computing Careers: Unemployment Finding the Cloud-Computing Job You Want 58 Career Opportunities

Subscribe to ComputingEdge for free at www.computer.org/computingedge. SECTIONSPOTLIGHT TITLE ON TRANSACTIONS However, a single picture is very the camera from some surface in the of surface re ectance and geometry, di erent because many important world. The surface will re ect di er- to the choice of colors that appear on phenomena are con ated to produce ent fractions of the incident light at the surface, and to the illumination equations. These tasks are embedded that picture. For example, a pixel might di erent wavelengths (the re ectance eld. The trick is to produce a recon- Virtual Learning and “in-world,” allowing learners to design, be dark because it has dark paint on it, of the surface), changing the re ected struction that exactly reproduces the share, and interact. The authors also there isn’t much light, or the surface light’s color. The illumination eld in image while having the best value of report on a user evaluation of the sys- is tilted away from the light. In their which the object sits might vary with cost functions that score compatibil- Object Reconstruction tem, breaking down the appeal of the paper “Shape, Illumination and Re ec- direction (think of a ashlight beam in ity with these constraints. By doing approach from a learner’s perspective. tance from Shading,” Jon Barron and a dark room) and might be colored. The so, the authors are leading research in Further, preliminary knowledge as- Jitendra Malik of the University of Cal- surface will collect more light from di- this area away from arcane mathemat- sessments from use of VESLL suggest ifornia, Berkeley, describe a novel and rections that point directly toward it, ical questions and toward consider- This installment highlighting the work that the system is at least as e ective e ective approach to untangling these and less light from directions that are ations of the kinds of reconstructions published in IEEE Computer Society as classroom learning— an important various physical e ects to produce— nearly tangent. Each of these e ects is that are more likely. As a lagniappe, result considering that learners work from a single picture— a reconstruc- quite di cult to model accurately in there’s a rant on one author’s website journals comes from IEEE Transactions entirely virtually. tion that contains the shape of an ob- ways that admit useful inference; for detailing problems with the current This is an exciting period for edu- ject, the patterns of re ectance on the example, light doesn’t just arrive at a processes of reviewing and publication on Learning Technologies and IEEE cational technology research. Nonstop object, and the illumination eld in surface patch from a light source but in computer vision. innovation in human–computer inter- which the object sits (IEEE Trans. Pat- rather is re ected from patch to patch, Transactions on Pattern Analysis and action, including computer graphics, tern Analysis and Machine Intelligence, and most surfaces re ect light un- DAVID FORSYTH is a professor of virtual reality, and user-sensing tech- vol. , no. , , pp. –). evenly across the outgoing directions. Machine Intelligence. computer science at the University nologies, has made new and power- Recovering any of these is a classical Reconstruction pixel by pixel won’t of Illinois at Urbana–Champaign. ful pedagogical approaches possible. problem in computer vision. work. There has been some success Contact him at [email protected]. Schools, museums, and workplace Surprisingly, inferring all of these with approximate physical models, VIRTUAL ENVIRONMENTS, as required or desired. Multiuser VLEs learning environments are some of properties together yields superior but there’s been rather more disap- REAL LEARNING connected online essentially remove the most important bene ciaries of results. An image pixel’s color is de- pointment caused by ill-behaved Selected CS articles and columns are also available for H. Chad Lane, University of Illinois any physical barriers to collaboration, computer science’s broad advances, termined by the light arriving at that mathematics. Instead, Barron and teaching, and learning. and should serve as critical contexts location in the camera—light that Malik show that strong prior con- free at http://ComputingNow at Urbana–Champaign .computer.org. These bene ts are exempli ed in for future investigations. was re ected through the lens and to straints apply to the spatial structure Stephanie August and her colleagues’ n his familiar deadpan style, co- work at Loyola Marymount University, IEEE COMPUTER GRAPHICS AND APPLICATIONS IEEE COMPUTER GRAPHICS AND APPLICATIONS IEEE COMPUTER GRAPHICS AND APPLICATIONS H. CHAD LANE is an associate IEEE COMPUTER GRAPHICS AND APPLICATIONS median Steven Wright once said, as described in “Virtual Engineering September/October 2015 November/December 2015 January/February 2016 March/April 2016 professor of educational psychology “In school they told me ‘practice Sciences Learning Lab: Giving STEM I and informatics at the University VISUAL makes perfect,’ and then they told me Education a Second Life” (IEEE Trans.

of Illinois at Urbana–Champaign. November/December 2015 COMPUTING ‘nobody’s perfect.’ So I stopped prac- Learning Technologies, vol. , no. , , Human-Centered September/October 2015

January/February 2016January/February and the Progress of Contact him at [email protected]. 2016March/April

Human Touch in ticing.” Although we certainly hope pp. –). Data Visualization Digital DEVELOPING

Human-Centered Data Visualization Human-Centered learners reach a di erent conclusion, In their paper, the authors intro- Experiences Countries Developing of Progress the and Computing Visual COUNTRIES Virtual Reality Software and Technology Software Reality Virtual his obser vation highlights the central duce the Virtual Engineering Sciences Human Touch in Digital Experiences

role of practice during knowledge and Learning Lab (VESLL), a VLE developed RECONSTRUCTING OBJECTS

skill acquisition. Studies on human for use in Second Life, a widely used FROM A SINGLE PICTURE 6 35 NUMBER VOLUME

VOLUME 36 NUMBER 2 NUMBER 36 VOLUME VOLUME 35 NUMBER 5 35 NUMBER VOLUME learning have demonstrated that pro- free online virtual environment. They David Forsyth, University of Illinois 1 NUMBER 36 VOLUME viding learners with opportunities to extol the exibility of open and free at Urbana–Champaign practice improves their performance virtual worlds, explaining how they

c1.indd 1 2/22/16 10:15 PM over time, reveals gaps in their knowl- enable both traditional, lecture-style c1.indd 1 8/26/15 1:32 PM c1.indd 1 10/22/15 1:22 PM c1.indd 1 12/21/15 2:21 PM edge, uncovers their misconceptions, presentations and highly interactive, ow should computer programs and leads them to correct their errors. collaborative, and self-directed work. reconstruct objects from a sin- www.computer.org/cga In so many words, practice is learning. In stark contrast to massive open on- gle picture? The objects we see CG&A H IEEE Computer Graphics and Applications bridges the theory Enter virtual learning environ- line courses and other less immersive in pictures are D, but the picture itself A ments (VLEs). With virtual practice of platforms, learners move freely within is a projection of the object to two di- and practice of computer graphics. Subscribe to CG&A and a target skill, educators and research- the virtual space, using chat, action, mensions. The geometry of projection • stay current on the latest tools and applications and gain invaluable practical and research knowledge, ers can design realistic scenarios that and movement to accomplish their isn’t that complicated—for most cases, • discover cutting-edge applications and learn more about address speci c needs, provide levels learning goals. as long as we have at least two pictures the latest techniques, and of di culty and delity that match VESLL focuses on key engineering of an object, there are programs that • benefit fromCG&A ’s active and connected editorial board. developmental aspects of learning, education topics, including number can produce excellent, detailed, and and allow learners to practice as long systems, circuit design, and di erential useful reconstructions.

4 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE 14 COMPUTER PUBLISHED BY THE IEEE COMPUTER SOCIETY 0018-9162/16/$33.00 © 2016 IEEE MAY 2016 15 SECTIONSPOTLIGHT TITLE ON TRANSACTIONS However, a single picture is very the camera from some surface in the of surface re ectance and geometry, di erent because many important world. The surface will re ect di er- to the choice of colors that appear on phenomena are con ated to produce ent fractions of the incident light at the surface, and to the illumination equations. These tasks are embedded that picture. For example, a pixel might di erent wavelengths (the re ectance eld. The trick is to produce a recon- Virtual Learning and “in-world,” allowing learners to design, be dark because it has dark paint on it, of the surface), changing the re ected struction that exactly reproduces the share, and interact. The authors also there isn’t much light, or the surface light’s color. The illumination eld in image while having the best value of report on a user evaluation of the sys- is tilted away from the light. In their which the object sits might vary with cost functions that score compatibil- Object Reconstruction tem, breaking down the appeal of the paper “Shape, Illumination and Re ec- direction (think of a ashlight beam in ity with these constraints. By doing approach from a learner’s perspective. tance from Shading,” Jon Barron and a dark room) and might be colored. The so, the authors are leading research in Further, preliminary knowledge as- Jitendra Malik of the University of Cal- surface will collect more light from di- this area away from arcane mathemat- sessments from use of VESLL suggest ifornia, Berkeley, describe a novel and rections that point directly toward it, ical questions and toward consider- This installment highlighting the work that the system is at least as e ective e ective approach to untangling these and less light from directions that are ations of the kinds of reconstructions published in IEEE Computer Society as classroom learning— an important various physical e ects to produce— nearly tangent. Each of these e ects is that are more likely. As a lagniappe, result considering that learners work from a single picture— a reconstruc- quite di cult to model accurately in there’s a rant on one author’s website journals comes from IEEE Transactions entirely virtually. tion that contains the shape of an ob- ways that admit useful inference; for detailing problems with the current This is an exciting period for edu- ject, the patterns of re ectance on the example, light doesn’t just arrive at a processes of reviewing and publication on Learning Technologies and IEEE cational technology research. Nonstop object, and the illumination eld in surface patch from a light source but in computer vision. innovation in human–computer inter- which the object sits (IEEE Trans. Pat- rather is re ected from patch to patch, Transactions on Pattern Analysis and action, including computer graphics, tern Analysis and Machine Intelligence, and most surfaces re ect light un- DAVID FORSYTH is a professor of virtual reality, and user-sensing tech- vol. , no. , , pp. –). evenly across the outgoing directions. Machine Intelligence. computer science at the University nologies, has made new and power- Recovering any of these is a classical Reconstruction pixel by pixel won’t of Illinois at Urbana–Champaign. ful pedagogical approaches possible. problem in computer vision. work. There has been some success Contact him at [email protected]. Schools, museums, and workplace Surprisingly, inferring all of these with approximate physical models, VIRTUAL ENVIRONMENTS, as required or desired. Multiuser VLEs learning environments are some of propertiesIEEE_half_horizontal_Q6:Layout together yields superior 1 but 4/21/11 there’s been4:21 ratherPM Page more 1 disap- REAL LEARNING connected online essentially remove the most important bene ciaries of results. An image pixel’s color is de- pointment caused by ill-behaved Selected CS articles and columns are also available for H. Chad Lane, University of Illinois any physical barriers to collaboration, computer science’s broad advances, termined by the light arriving at that mathematics. Instead, Barron and teaching, and learning. and should serve as critical contexts location in the camera—light that Malik show that strong prior con- free at http://ComputingNow at Urbana–Champaign .computer.org. These bene ts are exempli ed in for future investigations. was re ected through the lens and to straints apply to the spatial structure Stephanie August and her colleagues’ n his familiar deadpan style, co- work at Loyola Marymount University, IEEE COMPUTER GRAPHICS AND APPLICATIONS IEEE COMPUTER GRAPHICS AND APPLICATIONS IEEE COMPUTER GRAPHICS AND APPLICATIONS H. CHAD LANE is an associate IEEE COMPUTER GRAPHICS AND APPLICATIONS median Steven Wright once said, as described in “Virtual Engineering September/October 2015 November/December 2015 January/February 2016 March/April 2016 professor of educational psychology “In school they told me ‘practice Sciences Learning Lab: Giving STEM I and informatics at the University VISUAL makes perfect,’ and then they told me Education a Second Life” (IEEE Trans.

of Illinois at Urbana–Champaign. November/December 2015 Experimenting with your hiringCOMPUTING process? ‘nobody’s perfect.’ So I stopped prac- Learning Technologies, vol. , no. , , Human-Centered September/October 2015

January/February 2016January/February and the Progress of Contact him at [email protected]. 2016March/April

Human Touch in ticing.” Although we certainly hope pp. –). DataFinding Visualization the best computingDigital job or hire shouldn’t beDEVELOPING left to chance.

Human-Centered Data Visualization Human-Centered learners reach a di erent conclusion, In their paper, the authors intro- IEEE Computer Society JobsExperiences is your ideal recruitment Countries Developing of Progress the and Computing Visual resource,COUNTRIES targeting Virtual Reality Software and Technology Software Reality Virtual his obser vation highlights the central duce the Virtual Engineering Sciences over 85,000 expert researchersHuman Touch in Digital Experiences and qualified top-level managers in software role of practice during knowledge and Learning Lab (VESLL), a VLE developed RECONSTRUCTING OBJECTS engineering, robotics, programming, artificial intelligence, networking and

skill acquisition. Studies on human for use in Second Life, a widely used FROM A SINGLE PICTURE 6 35 NUMBER VOLUME communications, consulting, modeling, data structures, and other computer VOLUME 36 NUMBER 2 NUMBER 36 VOLUME VOLUME 35 NUMBER 5 35 NUMBER VOLUME learning have demonstrated that pro- free online virtual environment. They 1 NUMBER 36 VOLUME David Forsyth, University of Illinois science-related fields worldwide. Whether you’re looking to hire or be hired, viding learners with opportunities to extol the exibility of open and free at Urbana–Champaign practice improves their performance virtual worlds, explaining how they IEEE Computer Society Jobs provides real results by matching hundreds of

c1.indd 1 2/22/16 10:15 PM over time, reveals gaps in their knowl- enable both traditional, lecture-style c1.indd 1 8/26/15 1:32 PM c1.indd 1 relevant jobs with this10/22/15 1:22 PM hard-to-reachc1.indd 1 audience each12/21/15 2:21 PM month, in Computer edge, uncovers their misconceptions, presentations and highly interactive, ow should computer programs magazine and/or online-only! and leads them to correct their errors. collaborative, and self-directed work. reconstruct objects from a sin- www.computer.org/cga In so many words, practice is learning. In stark contrast to massive open on- gle picture? The objects we see CG&A H IEEE Computer Graphics and Applications bridges the theory Enter virtual learning environ- line courses and other less immersive in pictures are D, but the picture itself http://www.computer.org/jobsA ments (VLEs). With virtual practice of platforms, learners move freely within is a projection of the object to two di- and practice of computer graphics. Subscribe to CG&A and a target skill, educators and research- the virtual space, using chat, action, mensions. The geometry of projection • stay current on the latest tools and applications and gain invaluable practical and research knowledge, ers can design realistic scenarios that and movement to accomplish their isn’t that complicated—for most cases, The IEEE Computer Society• isdiscover a partner cutting-edge in the AIP applications Career Network, and learn a collection more about of online job sites for scientists, engineers, and address speci c needs, provide levels learning goals. as long as we have at least two pictures computing professionals. Otherthe partnerslatest techniques, include Physicsand Today, the American Association of Physicists in Medicine (AAPM), American Association of Physics Teachers (AAPT), American Physical Society (APS), AVS Science and Technology, and the Society of Physics • benefit from ’s active and connected editorial board. of di culty and delity that match VESLL focuses on key engineering of an object, there are programs that Students (SPS) and Sigma Pi Sigma. CG&A developmental aspects of learning, education topics, including number can produce excellent, detailed, and and allow learners to practice as long systems, circuit design, and di erential useful reconstructions.

Magazine Roundup

Technology) 2015 conference. The articles are the second part of a two-part series addressing research on broadening participation in computing at all levels of education, focusing on gen- he IEEE Computer IEEE Software der, race, and ethnic diversity. Society’s lineup of 13 Tpeer-reviewed technical DevOps aims to reduce the IEEE Internet Computing magazines covers cutting-edge time required between making topics ranging from software a change to a software system IEEE Internet Computing’s May/ design and computer graphics and placing the change into June 2016 special issue surveys to Internet computing and secu- normal production, while still cloud storage–related topics rity, from scientifi c applications maintaining quality. This is the and challenges. and machine intelligence to topic of IEEE Software’s May/ cloud migration and microchip June 2016 special issue on soft- IEEE Security & Privacy manufacturing. Here are high- ware engineering for DevOps. lights from recent issues. For 37 years, the IEEE Sym- Computing in Science & posium on Security and Pri- Computer Engineering vacy has been a forum for presenting computer-security Computing helps convert a tor- CiSE’s May/June 2016 special and electronic-privacy develop- rent of data and observations issue includes fi ve of the best ments and for bringing together into information that emergency- papers from the IEEE Special leading researchers and practi- response teams can use to eff ec- Technical Committee on Broad- tioners. To expose these events tively direct and deploy aid. This ening Participation’s RESPECT to a wider audience, IEEE S&P’s is the focus of Computer’s May (Research on Equity and Sus- March/April 2016 special issue 2016 special issue on emer- tained Participation in Engi- presents papers from the 2015 gency response technology. neering, Computing, and symposium’s workshops.

6 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE IEEE Cloud Computing Intelligent Systems’ March/April on low-energy computing platforms 2016 issue, discusses key smart shows no sign of slowing down. Both hybrid and community data–related AI research that Thus, engineers must understand clouds entail federation, the abil- could lead to a more intelligent IoT. the technologies used to deliver ity to securely share computing these platforms and the challenges resources. To better understand IEEE MultiMedia system architects face. This is the how to accomplish secure cloud topic of “The Rise of Mobile Visual federation, the author of “Cloud Ubiquitous multimedia’s wide- Computing Systems,” which Federation Management and ranging applications and large data appears in IEEE Pervasive Comput- Beyond: Requirements, Relevant volumes present unprecedented ing’s April–June 2016 issue. Standards, and Gaps,” from IEEE challenges and unique opportu- Cloud Computing’s January/Feb- nities for multimedia-computing IT Professional ruary 2016 issue, identifi es six research. This was the main theme fundamental requirements and of the 2015 IEEE International Sym- As distributed systems progress, six deployment models. He also posium on Multimedia (ISM 2015). they seem to continually revisit examines relevant existing stan- IEEE MultiMedia’s April–June 2016 older concepts. “The Curious Case dards and discusses further work special issue on ubiquitous mul- of Distributed Systems and Con- required on best practices, tools, timedia gives the authors of the tinuous Computing,” from IT Pro’s and standards. symposium’s top papers a forum to March/April 2016 issue, exam- present further research results. ines the various types of distrib- IEEE Computer Graphics and uted systems and their evolution, Applications IEEE Annals of the History of and predicts where the technology Computing might be headed. IEEE CG&A’s May/June 2016 special issue contains several articles Due to a fl ow of information into, but IEEE Micro describing research advances in not out of, the Soviet Union, West- scientifi c visualization, involving ern policy analysts wary of growing The articles in IEEE Micro’s March/ both established and prototype tool- Soviet computing prowess sought April 2016 special issue are written kits and systems. The articles look intelligence from many sources. by selected authors who made pre- not only at the challenges of domain- Based on an examination of previ- sentations at 2015’s Hot Chips 27 specifi c scientifi c visualization ously unexplored trip reports from conference on high-performance applications but also at challenges Western computer experts who microprocessors and related inte- that have broader applicability. visited the Soviet Union, “Peering grated circuits. through the Curtain: Soviet Com- IEEE Intelligent Systems puting through the Eyes of West- Computing Now ern Experts,” from IEEE Annals’ The Internet of Things’ (IoT’s) January–March 2016 issue, looks The Computing Now website rapid growth has yielded a mas- at Cold War interactions between (http://computingnow.computer sive increase in data generated by Western computer specialists and .org) features up-to-the-minute connected devices and sensors. their Soviet counterparts. computing news and blogs, Smart data lets users exploit this along with articles ranging from information to gain deep insights IEEE Pervasive Computing peer-reviewed research to opinion and make eff ective decisions. pieces by industry leaders. “Internet of Things to Smart IoT The global demand for increas- through Semantic, Cognitive, and ingly capable mobile visual- Selected CS articles and columns are also available for free at http:// Perceptual Computing,” from IEEE computing applications running ComputingNow.computer.org. www.computer.org/computingedge 7 EDITOR’S NOTE

Looking for Answers in the Cloud

loud computing is maturing, and devel- based on effi ciency and cost-eff ectiveness, when opers and users are fi nding new applica- and how to run jobs that require high-performance C tions, as well as new challenges, for the computing on cloud-based resources rather than technology. This ComputingEdge issue discusses on-premise clusters. where cloud computing is headed and the prob- IEEE Pervasive Computing’s “Cloud-Based AI lems it will face in getting there. for Pervasive Applications” off ers a brief intro- With cloud computing emerging as the enter- duction on how to include sophisticated com- prise’s enabling technology of choice, a fundamen- puter vision, speech recognition, text analytics, tal challenge is understanding complicated cloud and machine learning in pervasive-computing architectures, how they work, and the value they applications. bring. This is discussed in IEEE Cloud Comput- ComputingEdge articles on subjects other than ing’s “Understanding Complex Cloud Patterns.” cloud computing include the following: Although intended to ensure cloud service providers’ security, reliability, and legal compliance, • Given our increasing reliance on the oceans current certifi cations in the fi eld quickly become to solve problems such as fi nding new energy outdated, according to IEEE Security & Privacy’s and mineral supplies, there is a growing need “Dynamic Certifi cation of Cloud Services: Trust, but for applications that work well in marine set- Verify!” Dynamic certifi cation, on the other hand, tings, a topic addressed by “Underwater Visual provides automated monitoring and auditing to ver- Computing: The Grand Challenge Just around ify providers’ ongoing adherence to requirements. the Corner,” from IEEE Computer Graphics and As the Open Container Initiative works to stan- Applications. dardize containers’ format and confi guration, the • In IEEE Software’s “It Is Cold. And Lonely,” Grady increasingly popular technology could become the Booch says next-generation software-intensive cloud infrastructure’s “narrow waist,” a uniform systems will be taught, not programmed, which interface bridging the many current and emerging means developers will face challenges in build- cloud services. This is the topic of IEEE Internet Com- ing, delivering, and evolving them. puting’s “Toward a Standard Interface for Cloud Pro- • “Automation and Future Unemployment,” from viders: The Container as the Narrow Waist.” IT Professional, examines the prediction that The authors of Computer’s “Deciding When IT and related technologies are in the early and How to Move HPC Jobs to the Cloud” propose stages of bringing about massive, systemic a decision-support system to help users determine, unemployment.

IEEE Computer Society awards recognize outstanding achievements and highlight significant contributors in the teaching and R&D computing communities. All members of the profession are invited to nominate individuals who they consider most eligible to receive international recognition of an appropriate society award.

Computer Entrepreneur Award Computer Pioneer Award Sterling Silver Goblet Silver Medal Vision and leadership resulting in the growth of Pioneering concepts and development of the some segment of the computer industry. computer field.

Technical Achievement Award W. Wallace McDowell Award Certificate/$2,000 Certificate/$2,000 Contributions to computer science or computer Recent theoretical, design, educational, technology. practical, or other tangible innovative contributions. Harry H. Goode Memorial Award Bronze Medal/$2,000 Taylor L. Booth Award Information sciences, including seminal ideas, Bronze Medal/$5,000 algorithms, computing directions, and concepts. Contributions to computer science and engineering education. Hans Karlsson Award Plaque/$2,000 Computer Science & Engineering Team leadership and achievement through Undergraduate Teaching Award collaboration in computing standards. Plaque/$2,000 Recognizes outstanding contributions to Richard E. Merwin Distinguished Service undergraduate education. Award Bronze Medal/$5,000 IEEE-CS/Software Engineering Institute Outstanding volunteer service to the profession Watts S. Humphrey Software Process at large, including service to the IEEE Computer Achievement Award Society. (Joint award by CS/SEI) Plaque/$1,500 Harlan D. Mills Award Software professionals or teams responsible for Plaque/$3,000 an improvement to their organization’s ability to Contributions to the practice of software create and evolve software-dependent systems. engineering through the application of sound theory.

Deadline: 15 October 2016 Nomination Site: awards.computer.org For more information visit: www.computer.org/awards What’s trending?

es around the use of complex, heterogonous, and Understanding widely distributed architectures. Hybrid Clouds Back in 2008, the industry first began the hybrid cloud computing model discussion as defined by Complex Cloud the National Institute of Standards and Technol- ogy (NIST).1 Cloud computing purists pushed back hard.2 After all, they already thought private clouds were just another name for the datacenter. To them, Patterns the idea of hybrid clouds that used private clouds or traditional computing platforms was just as ridiculous. However, fast forward to 2016, and the use of the Cloud Computing Continues to hybrid cloud model is pretty widespread. This com- emerge as the enterprise’s enabling plex cloud architecture needs to be understood in teChnology of ChoiCe. The trend has been terms of value, proper implementation, and its abil- to leverage clouds as complex, highly heterogeneous, ity to leverage different architectural patterns to best and distributed architectures, including hybrid and balance the loads between private and public clouds. multiclouds. Moreover, as we leverage heteroge- NIST defines hybrid clouds as follows: neous public clouds, there’s a need to provide high- speed data transfer and data integration between The cloud infrastructure is a composition of public and private clouds. Thus we have the emerg- two or more distinct cloud infrastructures ing use of the intercloud, or special-purpose net- (private, community, or public) that remain working between public and private clouds. unique entities, but are bound together by The use of these approaches and architectures standardized or proprietary technology that has launched a new set of technologies within the enables data and application portability world of the cloud to deal with governance, secu- (e.g., cloud bursting for load balancing be- rity, and management of these solutions. Thus, we tween clouds).1 have to layer technologies to deal with these issues. However, the largest challenge is just understanding Over time, it became clear that hybrid cloud these complex cloud architectures, how they work, computing approaches have valid roles within enter- and the value they’re likely to bring. This article pro- prises, as IT tries to mix and match public clouds vides the information you need to make solid choic- and local IT assets to get the best bang for the buck. Now it’s the cloud computing providers who are pushing back on hybrid cloud computing, as they instead try to promote a pure public cloud computing model. However, these providers are inad- vertently hurting the adoption of cloud computing. Although public cloud computing has valid applications, the path to it isn’t all that clear to rank-and- file enterprises. DaviD S. Hybrid clouds provide a clear use case for pub- Linthicum lic cloud computing. Specific aspects of existing IT infrastructure (say, storage and compute) occur in cloud technology Partners public cloud environments, and the remainder of [email protected] the IT infrastructure stays on premises. Take the case of business intelligence in the cloud: Although

d1tre.indd 8 5/17/16 6:22 PM What’s trending?

es around the use of complex, heterogonous, and some people promote the migration of gigabytes typically cost more to leverage, and, in most cases, widely distributed architectures. of operational data to the cloud, many others find are add-on options where you’re charged by the Understanding the hybrid approach of keeping the data local and amount of traffic. Hybrid Clouds the analytical processing in the cloud to be much Intracloud data transfer performance is direct- Back in 2008, the industry first began the hybrid more practical. ly related to the size of the pipe within the cloud cloud computing model discussion as defined by Using a hybrid model is a valuable approach to service, as well as to performance-enhancing ser- Complex Cloud the National Institute of Standards and Technol- architecture since you can mix and match resources vices, such as cache services that might be in use. ogy (NIST).1 Cloud computing purists pushed back between local infrastructures, which is typically a Intracloud moves data from place to place in the hard.2 After all, they already thought private clouds sunk cost but difficult to scale, with infrastructure same cloud, typically from a set of machine in- were just another name for the datacenter. To them, that’s scalable and provisioned on demand. You stances to another set of machine instances, usu- Patterns the idea of hybrid clouds that used private clouds place the applications and data on the best plat- ally with storage. or traditional computing platforms was just as forms, then span the processing between them. Typically, intracloud data transfer is between ridiculous. The use of hybrid computing acknowledges and tenants, virtual machines, or applications and data- However, fast forward to 2016, and the use of the validates the fact that not all IT resources should stores. The approaches and technology vary greatly, Cloud Computing Continues to hybrid cloud model is pretty widespread. This com- exist in public clouds today—and some might never so you should run your own benchmarks to dupli- emerge as the enterprise’s enabling plex cloud architecture needs to be understood in exist in public clouds. Given the compliance issues, cate the scenario you plan to implement. Moreover, teChnology of ChoiCe. The trend has been terms of value, proper implementation, and its abil- performance requirements, and security restric- do a total cost of ownership (TCO) analysis to be to leverage clouds as complex, highly heterogeneous, ity to leverage different architectural patterns to best tions, the need for local computing is a fact of life. sure that you won’t be surprised by the data transfer and distributed architectures, including hybrid and balance the loads between private and public clouds. The hybrid model helps us all better understand bill your public cloud provider sends you at the end multiclouds. Moreover, as we leverage heteroge- NIST defines hybrid clouds as follows: what compute cycles and data have to be kept local, of the month. neous public clouds, there’s a need to provide high- and what can be processed remotely. Intercloud data transfer is even more complex, speed data transfer and data integration between The cloud infrastructure is a composition of Of course, some cloud providers already have having to exchange data with cloud services that public and private clouds. Thus we have the emerg- two or more distinct cloud infrastructures their eye on leveraging a hybrid model. These new might not like each other. Moreover, the open In- ing use of the intercloud, or special-purpose net- (private, community, or public) that remain kids on the block even provide management and ternet is the typical mode of transport, so the same working between public and private clouds. unique entities, but are bound together by operating systems layers specifically built for hy- issues arise here as with cloud to enterprise. I sus- The use of these approaches and architectures standardized or proprietary technology that brid clouds. However, most public cloud providers pect that cloud providers will get better at this ar- has launched a new set of technologies within the enables data and application portability are religious about pushing everything outside of chitecture in the future, for the sake of their mutual world of the cloud to deal with governance, secu- (e.g., cloud bursting for load balancing be- the firewall (after all, that’s where they make their clients.5 However, as we progress in time, more in- rity, and management of these solutions. Thus, we tween clouds).1 money).3 tercloud connects are becoming dedicated circuits have to layer technologies to deal with these issues. Also keep in mind the concept of federated running between providers just for the purpose of However, the largest challenge is just understanding Over time, it became clear that hybrid cloud clouds, which are related to hybrid clouds. A feder- high-speed data transfer. This trend will continue as these complex cloud architectures, how they work, computing approaches have valid roles within enter- ated cloud (also called cloud federation) is a con- public cloud providers understand that it’s in their and the value they’re likely to bring. This article pro- prises, as IT tries to mix and match public clouds figuration of multiple external and internal cloud best interest to work with other public cloud provides the information you need to make solid choic- and local IT assets to get the best bang for the buck. computing services that align with the enterprise’s viders for the best outcome of their cloud-to-cloud Now it’s the cloud computing providers who are business needs. A federation is the union of several solutions. pushing back on hybrid cloud computing, as they smaller parts that perform a common action, and instead try to promote a pure public cloud com- can be fine- or course-grained services, infrastruc- Multicloud puting model. However, these providers are inad- ture resources (such as storage), or even applications. The use of multiple clouds has evolved from ar- vertently hurting the adoption of cloud computing. For more information on specific hybrid cloud chitectural patterns required to solve business Although public cloud computing has valid applica- architectures, see my “Cloud Tidbits” column in this problems. Many business departments want to use tions, the path to it isn’t all that clear to rank-and- issue.4 cloud computing within public clouds, outside of file enterprises. the company firewall. Today we have many types DaviD S. Hybrid clouds provide a clear use case for pub- Intercloud and Intracloud of public and private clouds that provide security, Linthicum lic cloud computing. Specific aspects of existing IT Cloud-to-cloud data transfer can be either intra- governance, and management tools to support other infrastructure (say, storage and compute) occur in cloud (such as within Amazon Web Services [AWS]) clouds, and which can be combined to create a com- cloud technology Partners public cloud environments, and the remainder of or intercloud (such as between AWS and Google). posite solution. [email protected] the IT infrastructure stays on premises. Take the Although these intra- and intercloud services pro- Enterprises move to multicloud for a variety of case of business intelligence in the cloud: Although vide wider bandwidth than the open Internet, they reasons:

d1tre.indd 8 5/17/16 6:22 PM d1tre.indd 9 5/17/16 6:22 PM What’s trending?

12 ComputingEdge June 2016 10 IEEE Cloud ComputI ng www.ComputE r.org/C loudComputI ng

d1tre.indd 10 5/17/16 6:22 PM What’s trending?

Application or business processes

• Single cloud solutions typically don’t provide the Multicloud shouldn’t evolve the same way. Those breadth and depth of functionality that enter- charged with picking the right cloud technology prises require for all of their cloud computing should consider the solution patterns to fit the prob- Native services/ solutions. lem patterns, and use that as a guide to select and APIs • The rise of cloud management platforms (CMPs) deploy the right public and private cloud technolo- gives enterprises a single interface to help provi- gies. Although some might find that a single cloud sion, manage, and scale complex environments. provider is the best solution,6 most are driving cloud • Usage-based pricing makes it easier for en- solutions using best-of-breed technology, and thus Cloud platform services terprise IT to evaluate the cost of cloud com- end up with a number of cloud types and brands. puting, including show-back and charge-back Although this isn’t the first time enterprises services. moving to new technology have faced the “homoge- • Companies that want to move applications into neous versus heterogeneous” question, the move to public clouds need a range of services, including cloud computing brings some new challenges and different database, middleware, development, confusion. Clouds are, indeed, platforms, but they Cloud A Cloud B and compute services, and this drives the use of also provide common resources that other cloud multiple cloud computing platforms. brands may share. FIguRe 1. When leveraging cloud-based platforms, you can mix and match services to form business • The growing use of platforms, infrastructure, Clouds take more of a service-oriented approach processes or applications. This drives the value of multicloud. and software in the cloud results in multiple to architecture, and the enterprise typically ends up forms of clouds. Consequently, IT must often with a common services catalog that might link back support two or more public clouds for develop- to many types and brands of clouds. Clouds repre- the use of Complex Cloud arChiteC- www.infoworld.com/article/2625289/cloud ment and operations teams that use the cloud to sent a collection of services that can be mixed and tures is still an evolving sCienCe. It’s -computing/why-the-hybrid-cloud-model-is-the create new business applications and services. matched to form applications, more so than mono- helpful to understand the core patterns, and per- -best-approach.html. lithic applications themselves (see Figure 1). haps a match to your ultimate IT solution as you 4. D.S. Linthicum, “Emerging Hybrid Cloud Pat- The RightScale 2015 State of the Cloud Report For example, an enterprise could take storage evolve your own cloud computing strategy. terns,” IEEE Cloud Computing, vol. 3, no. 1, pp. proved that the movement to multicloud is real, with services from one public cloud provider and mash As a path forward, you should consider your “as 88–91. 82 percent of those surveyed identifying multicloud them up with compute services from another provid- is” state, including data, processes, and compute, 5. D. Linthicum, “All You Need to Know about as their current strategic direction.6 er, and perhaps introduce database services that are and how those components map to cloud, or should Cloud Data Transfers,” InfoWorld, 23 Mar. Enterprises moving to multicloud face some running on premises. The ability to build solutions map to cloud computing solutions. Although the 2012; www.infoworld.com/article/2619818/cloud critical choices, including the types and brands of out of best-of-breed cloud services provides a solid task is laborious, it’s well worth the time invested -computing/all-you-need-to-know-about-cloud cloud to leverage and the approaches and technol- foundation to justify a multicloud approach and due to the efficiencies that can be gained from the -data-transfers.html ogy to use in managing a multicloud solution. These is the primary driver of multicloud use. The more use of these complex cloud architectures. Of course, 6. RightScale 2015 State of the Cloud Report, approaches seem to have some common patterns of clouds you leverage, the more services you have in the trade-offs are the cost of dealing with the com- RightScale, 2015; www.rightscale.com/lp/2015 failure, as well as patterns of success. your catalog, and thus application development be- plexities versus the value that can be had. Some to- -state-of-the-cloud-report. Multicloud architectures have their own sets comes more of an assembly process. This allows tal cost of ownership analysis should be done before of pros and cons. The core question that many en- enterprises to quickly build or change applications, moving down this path. terprises ask is: How much cloud heterogeneity is a providing the value of agility and speed-to-market david s. linthiCum is senior vice president of good thing? Also, when does heterogeneity bring too for the business. Agility is the fundamental way that References Cloud Technology Partners. He’s also Gigaom’s re- much complexity and risk? Indeed, you can think of cloud computing provides value. The more clouds 1. P. Mell and T. Grance, The NIST Definition of search analyst, and he frequently writes for InfoWorld multicloud as a complex hybrid cloud that has more (such as with multicloud), the more the business is Cloud Computing, Nat’l Inst. of Standards and on deep technology subjects. His research interests than two brands of clouds within the architecture. able to solve problems or adjust to changes in the Technology, NIST Special Publication 800-145, include complex distributed systems, including cloud Enterprises that tried to maintain homogenous market, which means it can make more money. 2011; http://nvlpubs.nist.gov/nistpubs/Legacy/ computing, data integration, service-oriented archi- on-premises IT infrastructures lost the battle a long Finally, consider off- and on-premises cloud SP/nistspecialpublication800-145.pdf. tecture, and big data systems. Contact him at david time ago. Typical enterprise architectures have models, such as virtual private clouds (VPCs). Each 2. E. Brown, “Final Version of NIST Cloud Com- @davidlinthicum.com. been built through years of solving tactical prob- model is sometimes preferred over private and pub- puting Definition Published,”NIST Tech Beat, lems with whatever technology seemed to be right lic because you can have a dedicated zone in a public 25 Oct. 2011; http://www.nist.gov/itl/csd/cloud at the time. Over the years, these on-premises tech- cloud provider for one customer. These models pro- -102511.cfm. This article originally appeared in nology solutions became very heterogeneous, and vide cloud computing’s cost effectiveness, but also 3. D. Linthicum, “Why the Hybrid Cloud Model Selected CS articles and columns are also available IEEE forCloud free atComputing http://ComputingNow.computer.org., vol. 3, no. 1, 2016. thus very complex. provide the data privacy that business might prefer. Is the Best Approach,” InfoWorld, 27 Jan. 2011;

www.computer.org/computingedge 13 10 IEEE Cloud ComputI ng www.ComputE r.org/C loudComputI ng January/FE bruary 2016 IEEE Cloud ComputI ng 11

d1tre.indd 10 5/17/16 6:22 PM d1tre.indd 11 5/17/16 6:22 PM IT ALL DEPENDS Editors: Mohamed Kaâniche, [email protected] | Aad van Moorsel, [email protected]

Dynamic Certification of Cloud Services:

Trust, but Verify!

Sebastian Lins, Pascal Grochol, Stephan Schneider, and Ali Sunyaev | University of Cologne

n late 2014, hundreds of celebri- /star) and EuroCloud Star Audit I ties’ private pictures were pub- (https://eurocloud-staraudit.eu). licly disclosed when brute-force CSCs foster service adoption by attacks on usernames, passwords, establishing trust in the cloud mar- and security questions compro- ket and increasing its transparency.2 mised Apple’s iCloud.1 After a com- They attempt to assure a cloud ser- prehensive investigation, Apple vice provider’s high level of secu- reported that its cloud service rity, reliability, and legal compliance didn’t lock out account access prop- for a validity period of one to three erly after a number of failed log- years. However, existing CSCs are in attempts. This attack attracted retrospective—they reflect only global media attention, renewing the technical and organizational the debate on cloud computing’s measures fulfilled at the time they security and privacy. were issued. CSC conditions and Cloud service use offers ben- requirements might not be met efits for both individual customers later in the validity period, which in and organizations. Organizations, turn threatens certification reliabil- in particular, gain financial and ity and trustworthiness. In assuring technical advantages by harnessing ongoing certification adherence, the cloud’s ubiquitous, on-demand CSCs face several challenges: provision of up-to-date computing resources and services, such as pay- ■ Inherent cloud computing charac- per-use networks, applications, and teristics. Cloud services are part storage. However, incidents such as of an ever-changing environment the iCloud breach undermine these due to inherent cloud computing advantages, fostering security, pri- characteristics such as on-demand vacy, and reliability concerns as well provisioning and entangled sup- as doubts about cloud service pro- ply chains.3 Furthermore, cloud viders’ trustworthiness. Ultimately, services have a faster technology such doubts prevent many organiza- life cycle than other industries. tions from adopting cloud services. ■ Ongoing architectural changes. Changes to hardware or software Secure Cloud Services configurations or to subservice in an Ever-Changing and providers might cause certifica tion Hostile Environment violations or security vulnerabili- In response to these concerns, ties.4 Such security vulnerabilities cloud service certifications (CSCs) might go undetected for a long have been developed, for example, time if appropriate monitoring Cloud Security Alliance’s Secu- mechanisms aren’t in place. Cur- rity, Trust & Assurance Registry rent certifications can’t track (https://cloudsecurityalliance.org and manage continuous software

14 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE 66 March/April 2016 Copublished by the IEEE Computer and Reliability Societies 1540-7993/16/$33.00 © 2016 IEEE IT ALL DEPENDS Editors: Mohamed Kaâniche, [email protected] | Aad van Moorsel, [email protected]

deployments, especially for agile Adjustment Data gathering and transmission software development and cloud Dynamic Certification of Cloud Services: Provider informs auditor about major Provider performs applications. (architectural) changes. continuous monitoring of the cloud systems. ■ Environmental threats. Cloud Auditor adjusts auditing scope based on Provider aggregates, anonymizes, computing and IT environment changes in legal landscape or new and transmits monitoring data. changes, such as the emergence of environmental threats. Trust, but Verify! new vulnerabilities, require cloud Both adjust monitoring and auditing Auditor performs continuous providers to adapt their services. processes. external auditing of services. Otherwise, major security inci- Sebastian Lins, Pascal Grochol, Stephan Schneider, and Ali Sunyaev | University of Cologne dents might threaten the cloud Certification presentation Analysis service or reveal harmful vulner- Auditor updates certification status. abilities, voiding the certification. Auditor analyzes Auditor informs cloud customers about ■ Legal and regulatory landscape provided and gathered data regarding major issues. fulfillment of certification requirements. n late 2014, hundreds of celebri- /star) and EuroCloud Star Audit changes. Cloud services have highly I ties’ private pictures were pub- (https://eurocloud-staraudit.eu). dynamic legal and regulatory land- Provider incorporates and updates a dynamic licly disclosed when brute-force CSCs foster service adoption by scapes. Existing laws are being certification seal on the website. attacks on usernames, passwords, establishing trust in the cloud mar- adjusted and new laws proposed to and security questions compro- ket and increasing its transparency.2 cope with the challenges resulting Figure 1. The dynamic certification process. Following these steps can help ensure continuously mised Apple’s iCloud.1 After a com- They attempt to assure a cloud ser- from society’s digital transforma- secure and reliable cloud services and establish trustworthy cloud service certifications. prehensive investigation, Apple vice provider’s high level of secu- tion and IT’s growth. The privacy reported that its cloud service rity, reliability, and legal compliance and security of the EU–US Safe didn’t lock out account access prop- for a validity period of one to three Harbor data-sharing agreement the security properties of complex establish an internal monitoring erly after a number of failed log- years. However, existing CSCs are was questioned recently. These service-oriented applications, and and auditing department. This in attempts. This attack attracted retrospective—they reflect only legal and regulatory dynamics the Certification Infrastructure for department performs extensive, global media attention, renewing the technical and organizational might affect cloud service custom- Multilayer Cloud Services (www frequent monitoring operations the debate on cloud computing’s measures fulfilled at the time they ers’ and providers’ responsibilities .cumulus -project.eu), which devel- related to virtualized environments, security and privacy. were issued. CSC conditions and and require successive updates to oped models, processes, and tools intrusion detection, service-level Cloud service use offers ben- requirements might not be met certification criteria. that support the certification of agreements, compliance, networks, efits for both individual customers later in the validity period, which in ■ Deliberate discontinuance. Cloud cloud services’ security properties. and so on. Hence, providers must and organizations. Organizations, turn threatens certification reliabil- service providers might deliber- have appropriate cloud-monitoring in particular, gain financial and ity and trustworthiness. In assuring ately discontinue adherence to Dynamic Certification tools and architectures and data- technical advantages by harnessing ongoing certification adherence, CSC criteria to realize benefits; We believe that dynamic certifi- logging facilities. In addition to the cloud’s ubiquitous, on-demand CSCs face several challenges: for example, they might reduce cation is required to ensure con- monitoring processes, the depart- provision of up-to-date computing the number of service desk staff to tinuously secure and reliable cloud ment might implement internal resources and services, such as pay- ■ Inherent cloud computing charac- save money. services and establish trustworthy auditing processes that gather mon- per-use networks, applications, and teristics. Cloud services are part CSCs. The dynamic certification itoring data from different systems storage. However, incidents such as of an ever-changing environment In light of such factors, CSCs’ process entails automated moni- and aggregate, filter, and anonymize the iCloud breach undermine these due to inherent cloud computing long validity periods might make toring and auditing techniques audit-relevant data. For example, it advantages, fostering security, pri- characteristics such as on-demand cloud customers question the reli- and transparent provision of audit- might deploy an internal auditing vacy, and reliability concerns as well provisioning and entangled sup- ability and trustworthiness of issued relevant information to verify team of software agents who gather as doubts about cloud service pro- ply chains.3 Furthermore, cloud certificates. To address traditional providers’ ongoing adherence to data across implemented cloud- viders’ trustworthiness. Ultimately, services have a faster technology certifications’ drawbacks, the Ger- certification requirements.5 As Fig- monitoring tools and then prepare such doubts prevent many organiza- life cycle than other industries. man Federal Ministry of Education ure 1 shows, dynamic certification monthly auditing reports. Later in tions from adopting cloud services. ■ Ongoing architectural changes. and Research funded a project to has four major dimensions: semi- or the process, this department serves Changes to hardware or software dynamically certify cloud services fully automated data gathering and as a data transmission and commu- Secure Cloud Services configurations or to subservice called New Generation Certification transmission, semi- or fully automated nication interface between provid- in an Ever-Changing and providers might cause certifica tion (NGCert; www.ngcert.eu), which data analysis, certification presenta- ers and involved auditors. Moreover, Hostile Environment violations or security vulnerabili- uses third-party auditors to continu- tion, and process adjustment. auditors can perform external In response to these concerns, ties.4 Such security vulnerabilities ously certify cloud services. NGCert continuous audits to gather audit- cloud service certifications (CSCs) might go undetected for a long builds on previous research projects, Semi- or Fully Automated relevant data; for example, they have been developed, for example, time if appropriate monitoring including the Advanced Security Data Gathering and can deploy software agents to vali- Cloud Security Alliance’s Secu- mechanisms aren’t in place. Cur- Service Certificate for SOA (www Transmission date cloud infrastructure changes.6 rity, Trust & Assurance Registry rent certifications can’t track .assert4soa.eu), which introduced To realize dynamic certification, Likewise, third-party auditors can (https://cloudsecurityalliance.org and manage continuous software novel techniques and tools to certify cloud service providers must externally validate the integrity of

data stored in a cloud.7 However, Process Adjustment of transparency about how and providers’ resistance to monitoring Finally, the dynamic certification where data is stored and processed and auditing—because of security process must be adjusted frequently can lead customers to fear that their and privacy concerns and system to cope with an ever-changing envi- data will be compromised or leaked. heterogeneity—will restrict exter- ronment. On one hand, emerging Compared to a traditional certifi- nal continuous auditing. environmental threats or legal and cation process, dynamic certifica- regulatory landscape changes might tion counter acts this lack of control Semi- or Fully Automated induce auditors to adjust their audit- by increasing the transparency of Data Analysis ing scope by, for example, adding providers’ operations. In this way, To assess ongoing certification new certification criteria. In these dynamic certification might increase adherence, auditors request that cases, auditors must set time lim- customers’ trust in cloud services. providers transfer data and submit its for providers to deal with such reports at regular intervals. There- events. Time limits should conform Dynamic Certification fore, auditors should offer a Web to the event’s criticality, required Leads to Improved Quality interface for uploading provider efforts, and costs and should be and Cost Savings for data. Similarly, providers might documented in dynamic certifica- Cloud Service Providers transfer monitoring logs that audi- tion agreements between auditors Cloud service systems and pro- tors can analyze to assess CSC cri- and providers. On the other hand, cesses can be improved by imple- teria adherence. Auditors can realize architectural changes to cloud menting suitable monitoring synergy effects by connecting to services —for example, adding techniques and evaluating ongoing and building on providers’ existing hardware components or new ser- feedback about their performance. monitoring systems (for example, vice functionalities—can lead pro- In addition, providers receive Nagios). Auditing mechanisms such viders and auditors to adjust their expert external assessments of their as decision support systems must monitoring and auditing processes. systems. Service providers can be implemented to assess cloud ser- reduce costs through successive services automatically, cope with iden- A Win–Win Situation vice improvements, improved cus- tified deviations, and trigger alerts in To be widely adopted, dynamic cer- tomer support, and fewer individual cases of nonadherence. tification of cloud services must be customer audits. Finally, by offering technologically and economically customers more transparent ser- Certification Presentation feasible. Providers and auditors vices, cloud providers differentiate Auditors must regularly inform need the motivation and expertise themselves in the market and gain a cloud customers about certifica- to participate in continuous moni- competitive advantage. tion adherence (or lack thereof). toring and auditing. To motivate Dynamic certification can grant providers, the process’s perceived Dynamic Certification customers insight beyond what benefits must be higher than its Increases Auditors’ they could analyze themselves or perceived expenditures. If increas- Certification Reliability what providers offer because audi- ing numbers of customers demand and Auditing Efficiency tors possess greater knowledge, transparent, trustworthy certified Typically, adherence to certification technical expertise, and access cloud services, providers might criteria is evaluated annually. Hence, to sensitive data. Subsequently, start to open up to dynamic certifi- certification deviations or breaches auditors and/or providers should cations. Considering the drawbacks might not be detected until long provide a Web front end present- of current CSCs, dynamic certifi- after their occurrence. In contrast, ing up-to-date information about cation is particularly beneficial for continuous auditing allows auditors auditing processes and results and cloud service customers, providers, to actively detect and investigate general cloud service operation. and auditors. Following are some of critical defects as they occur. More- In addition, cloud customers have dynamic certification’s benefits. over, automated continuous auditing expressed interest in receiving infor- is cost effective because auditors can mation about how and when data is Dynamic Certification test larger samples and examine data gathered and analyzed to increase Increases Transparency more efficiently than with manual comprehensibility and accountabil- and Trustworthiness for auditing. Through timely detection ity. More important, in cases of criti- Cloud Service Customers and continuous assurance of certifi- cal certification violations or major Cloud customers cede governance cation adherence, dynamic certifica- security incidents, auditors should to the cloud service provider. This tion can improve the trustworthiness inform customers immediately. lack of control coupled with a lack of auditors’ CSCs. Furthermore, the

16 ComputingEdge June 2016 68 IEEE Security & Privacy March/April 2016 IT ALL DEPENDS

data stored in a cloud.7 However, Process Adjustment of transparency about how and up-to-date information provided in deployed data exchange interfaces, providers’ context and capabilities. providers’ resistance to monitoring Finally, the dynamic certification where data is stored and processed auditor reports will be more relevant authorizing external auditors, and Flexible, standardized auditing sys- and auditing—because of security process must be adjusted frequently can lead customers to fear that their to customer decision makers. securing data transmission. More- tems can reduce adjustment efforts and privacy concerns and system to cope with an ever-changing envi- data will be compromised or leaked. over, when audit-relevant data is by letting auditors easily integrate or heterogeneity—will restrict exter- ronment. On one hand, emerging Compared to a traditional certifi- Challenges: A Long provided via defined interfaces, exclude providers. nal continuous auditing. environmental threats or legal and cation process, dynamic certifica- Way to Go providers have to ensure its avail- regulatory landscape changes might tion counter acts this lack of control Dynamic certification’s benefits ability to auditors at all times. Recommendations Semi- or Fully Automated induce auditors to adjust their audit- by increasing the transparency of notwithstanding, several challenges For example, attackers might tar- We recommend the following steps Data Analysis ing scope by, for example, adding providers’ operations. In this way, must be tackled to ensure its practi- get interfaces by performing dis- to cope with certification’s prevail- To assess ongoing certification new certification criteria. In these dynamic certification might increase cal application. tributed denial-of-service attacks ing challenges and enable its practi- adherence, auditors request that cases, auditors must set time lim- customers’ trust in cloud services. that disrupt continuous audit- cal application. providers transfer data and submit its for providers to deal with such Automation ing. In the worst-case scenario, reports at regular intervals. There- events. Time limits should conform Dynamic Certification To be cost effective, dynamic certi- this might lead to nonadherence Set Up Continuous fore, auditors should offer a Web to the event’s criticality, required Leads to Improved Quality fication requires strong automation to requirements, because audi- Monitoring and Data interface for uploading provider efforts, and costs and should be and Cost Savings for and formalization of monitoring and tors will lack the corresponding Transmission Systems data. Similarly, providers might documented in dynamic certifica- Cloud Service Providers auditing processes. Thus, providers audit information. Likewise, audi- Providers have already equipped transfer monitoring logs that audi- tion agreements between auditors Cloud service systems and pro- must implement com- their service centers tors can analyze to assess CSC cri- and providers. On the other hand, cesses can be improved by imple- prehensive logging and Dynamic certification is required with sophisticated moni- teria adherence. Auditors can realize architectural changes to cloud menting suitable monitoring monitoring systems that toring technologies to synergy effects by connecting to services —for example, adding techniques and evaluating ongoing gather audit-relevant data to ensure continuously secure and gather service data and and building on providers’ existing hardware components or new ser- feedback about their performance. continuously. However, reliable cloud services and establish quickly detect malicious monitoring systems (for example, vice functionalities—can lead pro- In addition, providers receive automating auditing pro- attacks, failures, and out- Nagios). Auditing mechanisms such viders and auditors to adjust their expert external assessments of their cesses is challenging and trustworthy cloud service certifications. ages. Providers and audi- as decision support systems must monitoring and auditing processes. systems. Service providers can not achievable for every tors should evaluate be implemented to assess cloud ser- reduce costs through successive ser- auditing process, as previ- how they might lever- vices automatically, cope with iden- A Win–Win Situation vice improvements, improved cus- ous research has shown.8 age existing monitoring tified deviations, and trigger alerts in To be widely adopted, dynamic cer- tomer support, and fewer individual tors must implement comprehen- systems for dynamic certification cases of nonadherence. tification of cloud services must be customer audits. Finally, by offering Data Manipulation Risks sive security mechanisms to ensure by matching available monitor- technologically and economically customers more transparent ser- When cloud service providers data integrity and confidentiality ing data with required audit-rele- Certification Presentation feasible. Providers and auditors vices, cloud providers differentiate transfer monitoring data to audi- and to guard information against vant data. Dynamic certification Auditors must regularly inform need the motivation and expertise themselves in the market and gain a tors, it’s important that they imple- improper modification by external requires providers to gather data cloud customers about certifica- to participate in continuous moni- competitive advantage. ment log and database protection attackers. In particular, when audi- continuously as well as collect tion adherence (or lack thereof). toring and auditing. To motivate mechanisms to prevent malicious tors store multiple providers’ cer- additional information to evalu- Dynamic certification can grant providers, the process’s perceived Dynamic Certification data manipulation such as with- tification data, they become prime ate certification adherence. Thus, customers insight beyond what benefits must be higher than its Increases Auditors’ holding evidence or euphemizing targets for attacks. Attackers might providers should implement, for they could analyze themselves or perceived expenditures. If increas- Certification Reliability data. Consequently, providers must seek to modify audit-relevant data example, a comprehensive layered what providers offer because audi- ing numbers of customers demand and Auditing Efficiency prove high data integrity and confi- to disrupt or bias auditor assess- logging framework and continuous tors possess greater knowledge, transparent, trustworthy certified Typically, adherence to certification dentiality levels. Furthermore, cloud ments, resulting in certification monitoring techniques to ensure technical expertise, and access cloud services, providers might criteria is evaluated annually. Hence, customers believe that an indepen- nonadherence or customer dis- that all audit-relevant data is avail- to sensitive data. Subsequently, start to open up to dynamic certifi- certification deviations or breaches dent institution should establish satisfaction. Likewise, attackers able.9,10 More important, to ensure auditors and/or providers should cations. Considering the drawbacks might not be detected until long dynamic certification guidelines might tamper with the data pre- that providers don’t manipulate provide a Web front end present- of current CSCs, dynamic certifi- after their occurrence. In contrast, and regularly review implemented sented to customers to falsely indi- monitoring logs, providers should ing up-to-date information about cation is particularly beneficial for continuous auditing allows auditors mechanisms and transferred data. cate bad service behavior. build on computer forensics solu- auditing processes and results and cloud service customers, providers, to actively detect and investigate However, cloud providers, custom- tions such as secure logging as general cloud service operation. and auditors. Following are some of critical defects as they occur. More- ers, and auditors generally assume Service Individualism a service, which stores virtual In addition, cloud customers have dynamic certification’s benefits. over, automated continuous auditing that manipulation risks are low and Complexity machines’ logs and provides access expressed interest in receiving infor- is cost effective because auditors can because ongoing manipulation When implementing dynamic cer- to forensic investigators.11 mation about how and when data is Dynamic Certification test larger samples and examine data entails high costs and penalties and tification in practice, auditors are gathered and analyzed to increase Increases Transparency more efficiently than with manual risks customers revealing tampered faced with highly individual and Develop External, comprehensibility and accountabil- and Trustworthiness for auditing. Through timely detection data when using the system. complex cloud service systems due Continuous Auditing ity. More important, in cases of criti- Cloud Service Customers and continuous assurance of certifi- to customized or legacy systems and Architectures and Methods cal certification violations or major Cloud customers cede governance cation adherence, dynamic certifica- Security Issues incorporated third-party services. Although research has focused on security incidents, auditors should to the cloud service provider. This tion can improve the trustworthiness Providers face several security Therefore, auditors must adjust implementing and evaluating auto- inform customers immediately. lack of control coupled with a lack of auditors’ CSCs. Furthermore, the challenges, including protecting their auditing methodologies to the mated auditing of information

www.computer.org/computingedge 17 68 IEEE Security & Privacy March/April 2016 www.computer.org/security 69 IT ALL DEPENDS

systems since the early 90s, it has First movers in dynamic certification the Cloud Security Alliance and mostly examined continuous audit- should focus on creating barriers EuroCloud are developing pro- ing for internal purposes only. that prevent new market entries and cesses and techniques for continu- In the context of cloud comput- price wars. Besides leveraging high ous auditing of cloud services. We ing, researchers recently proposed initial infrastructure investments, believe that introducing dynamic methodologies that enable third- auditors should try to achieve econ- certification is a step toward more party authorities to audit data integ- omies of scale by integrating many trustworthy and transparent cloud rity, data location compliance, and cloud service providers into their computing environments. cloud infrastructure changes. Some auditing infrastructure, and gener- researchers have already begun eval- ate switching barriers for providers References uating which of these methodologies (for example, proprietary auditing 1. “Apple Media Advisory: Update might be used for dynamic certifica- services). In contrast, new market to Celebrity Photo Investigation,” tion.3,4,12 Building on these findings, entries or late adopters should fol- Apple Inc., Sept. 2014; www.apple auditors and providers should jointly low a niche strategy by concentrat- .com/pr/library/2014/09/02Apple discuss and develop a comprehen- ing on one auditing domain (such as -Media-Advisory.html. sive architecture to continuously dynamic infrastructure auditing or 2. A. Sunyaev and S. Schneider, “Cloud audit a broad variety of CSC criteria. continuous privacy auditing) with Services Certification,”Comm. ACM, specialized service offers or lower vol. 56, no. 2, 2013, pp. 33–36. Increase Transparency by auditing fees. 3. S. Lins et al., “What Is Really Going Integrating Customers into on at Your Cloud Service Provider? Certification Process Review and Verify Dynamic Creating Trustworthy Certifica- Existing monitoring systems are Certification Processes tions by Continuous Auditing,” designed for internal monitoring Similar to traditional certifications, Proc. 48th Hawaii Int’l Conf. Sys- purposes only, and the gathered independent third-party authorities tem Science (HICSS 15), 2015, monitoring information is kept or accreditation bodies must verify pp. 5352–5361. in-house to be inspected solely that auditors can continuously audit 4. P. Stephanow and N. Fallenbeck, by system administrators. A few providers; behave ethically; and “Towards Continuous Certifica- cloud providers, including Amazon employ reliable, secure, and trust- tion of Infrastructure-as-a-Service (http://status.aws.amazon .com) worthy dynamic auditing practices. Using Low-Level Metrics,” Proc. and SalesForce (https://trust Therefore, these authorities should 12th IEEE Int’l Conf. Advanced .salesforce .com), have begun infor- regularly review and verify dynamic and Trusted Computing (ATC ming customers about service avail- certification processes. Further- 15), 2015; www.ngcert.de/wp ability, service performance, and more, they must prevent auditors -content/uploads/2015/07 major security issues. Auditors and from behaving opportunistically or /Towards-continuous-certification providers must bring customers into maliciously (for example, by mis- -of-Infrastructure-as-a-Service the dynamic certification process using providers’ data or blackmail- -using-low-level-metrics.pdf. by providing detailed information ing providers to buy IT solutions) 5. I. Windhorst and A. Sunyaev, about certification adherence and and ensure that auditing organiza- “Dynamic Certification of Cloud cloud service behavior, for instance, tions are independent. Services,” Proc. 8th Int’l Conf. through customer- centered infor- Availability, Reliability and Security mation dashboards. (ARES 13), 2013, pp. 412–417. he ever-changing cloud envi- 6. F. Doelitzscher et al., “Validating Adjust and Set Up New Tronment, fast technology Cloud Infrastructure Changes by Auditing Business Models cycles, regulatory changes, and Cloud Audits,” Proc. IEEE World Introducing dynamic certification increased adoption of business- Congress on Services (SERVICES lets auditors adjust existing busi- critical applications demand highly 12), 2012, pp. 377–384. ness models or set up new ones. reliable cloud services. Dynamic 7. B. Wang, B. Li, and H. Li, “Oruta: For example, auditors might pro- certification of cloud services can Privacy-Preserving Public Auditing vide auditing-as-a-service capabili- prove providers’ high level of reli- for Shared Data in the Cloud,” IEEE ties for customers once the required ability and security to potential Trans. Cloud Computing, vol. 2, no. dynamic auditing infrastructure customers. However, methods to 1, 2014, pp. 43–56. is established. This service model efficiently and continuously assess 8. C.E. Brown, J.A. Wong, and A.A. would allow customers to review cloud services are still in their Baldwin, “A Review and Analysis auditing results on demand for a fee. infancy. Organizations such as of the Existing Research Streams

18 ComputingEdge June 2016 70 IEEE Security & Privacy March/April 2016 IT ALL DEPENDS

systems since the early 90s, it has First movers in dynamic certification the Cloud Security Alliance and in Continuous Auditing,” J. Emerg- 12. S. Lins et al., “Trust Is Good, Con- Ali Sunyaev is a professor in the mostly examined continuous audit- should focus on creating barriers EuroCloud are developing pro- ing Technologies in Accounting, vol. 4, trol is Better: Creating Secure Department of Information Sys- ing for internal purposes only. that prevent new market entries and cesses and techniques for continu- no. 1, 2007, pp. 1–28. Clouds by Continuous Auditing,” tems at the University of Cologne. In the context of cloud comput- price wars. Besides leveraging high ous auditing of cloud services. We 9. R.K.L. Ko et al., “TrustCloud: to be published in IEEE Trans. Contact him at sunyaev@wiso ing, researchers recently proposed initial infrastructure investments, believe that introducing dynamic A Framework for Accountabil- Cloud Computing, 2016. .uni-koeln.de. methodologies that enable third- auditors should try to achieve econ- certification is a step toward more ity and Trust in Cloud Comput- party authorities to audit data integ- omies of scale by integrating many trustworthy and transparent cloud ing,” Proc. IEEE World Congress on Sebastian Lins is a PhD student rity, data location compliance, and cloud service providers into their computing environments. Services (SERVICES 11), 2011, in the Department of Informa- cloud infrastructure changes. Some auditing infrastructure, and gener- pp. 584–588. tion Systems at the University of researchers have already begun eval- ate switching barriers for providers References 10. “Information Security Continu- Cologne. Contact him at lins@ uating which of these methodologies (for example, proprietary auditing 1. “Apple Media Advisory: Update ous Monitoring (ISCM) for Fed- wiso.uni-koeln.de. might be used for dynamic certifica- services). In contrast, new market to Celebrity Photo Investigation,” eral Information Systems and tion.3,4,12 Building on these findings, entries or late adopters should fol- Apple Inc., Sept. 2014; www.apple Organizations,” Nat’l Inst. Stan- Pascal Grochol is a PhD student auditors and providers should jointly low a niche strategy by concentrat- .com/pr/library/2014/09/02Apple dards and Technology, Sept. 2011; in the Department of Infor- discuss and develop a comprehen- ing on one auditing domain (such as -Media-Advisory.html. http://csrc.nist.gov/publications mation Systems at the Univer- FOLLOW US sive architecture to continuously dynamic infrastructure auditing or 2. A. Sunyaev and S. Schneider, “Cloud /nistpubs/800-137/SP800 sity of Cologne. Contact him at audit a broad variety of CSC criteria. continuous privacy auditing) with Services Certification,”Comm. ACM, -137-Final.pdf. [email protected]. specialized service offers or lower vol. 56, no. 2, 2013, pp. 33–36. 11. S. Zawoad, A.K. Dutta, and R. Increase Transparency by auditing fees. 3. S. Lins et al., “What Is Really Going Hasan, “SecLaaS: Secure Logging- Stephan Schneider is a postdoc- @securityprivacy Integrating Customers into on at Your Cloud Service Provider? as-a-Service for Cloud Forensics,” toral researcher in the Depart- Certification Process Review and Verify Dynamic Creating Trustworthy Certifica- Proc. 8th ACM SIGSAC Symp. Infor- ment of Information Systems at Existing monitoring systems are Certification Processes tions by Continuous Auditing,” mation, Computer and Communica- the University of Cologne. Con- Selected CS articles and columns designed for internal monitoring Similar to traditional certifications, Proc. 48th Hawaii Int’l Conf. Sys- tions Security (ASIA CCS 13), 2013, tact him at [email protected] Thisare article also originallyavailable for appeared free at in purposes only, and the gathered independent third-party authorities tem Science (HICSS 15), 2015, pp. 219–230. -koeln.de. http://ComputingNow.computer.org.IEEE Security & Privacy, vol. 14, no. 2, 2016. monitoring information is kept or accreditation bodies must verify pp. 5352–5361. in-house to be inspected solely that auditors can continuously audit 4. P. Stephanow and N. Fallenbeck, EXECUTIVE STAFF by system administrators. A few providers; behave ethically; and “Towards Continuous Certifica- EXECUTIVE STAFF Executive Director: Angela R. Burgess; Director, Governance & Associate cloud providers, including Amazon employ reliable, secure, and trust- tion of Infrastructure-as-a-Service Executive Director: Angela R. Burgess; Director, Governance & Associate Executive Director: Anne Marie Kelly; Director, Finance & Accounting: Executive Director: Anne Marie Kelly; Director, Finance & Accounting: (http://status.aws.amazon .com) worthy dynamic auditing practices. Using Low-Level Metrics,” Proc. PURPOSE: The IEEE Computer Society is the world’s largest association Sunny Hwang; Director, Membership: Eric Berkowitz; Director, Products PURPOSE: The IEEE Computer Society is the world’s largest association Sunny Hwang; Director, Information Technology Services: Ray Kahn; and SalesForce (https://trust Therefore, these authorities should 12th IEEE Int’l Conf. Advanced of computing professionals and is the leading provider of technical & Services: Evan M. Butterfield; Director, Sales & Marketing: Chris Jensen of computing professionals and is the leading provider of technical Director, Membership: Eric Berkowitz; Director, Products & Services: information in the field. .salesforce .com), have begun infor- regularly review and verify dynamic and Trusted Computing (ATC information in the field. Evan M. Butterfield; Director, Sales & Marketing: Chris Jensen MEMBERSHIP: Members receive the monthly magazine Computer, COMPUTER SOCIETY OFFICES ming customers about service avail- certification processes. Further- 15), 2015; www.ngcert.de/wp MEMBERSHIP: Members receive the monthly magazine Computer, discounts, and opportunities to serve (all activities are led by volunteer Washington, D.C.: 2001 L St., Ste. 700, Washington, D.C. 20036-4928 discounts, and opportunities to serve (all activities are led by volunteer COMPUTER SOCIETY OFFICES ability, service performance, and more, they must prevent auditors -content/uploads/2015/07 Phone: +1 202 371 0101 • Fax: +1 202 728 9614 members).members). Membership Membership is is open open to to all all IEEE IEEE members, members, affiliateaffiliate societysociety Washington, D.C.: 2001 L St., Ste. 700, Washington, D.C. 20036-4928 major security issues. Auditors and from behaving opportunistically or /Towards-continuous-certification Email: [email protected] members,members, and and others others interested interested in in the the computer computer field.field. Phone: +1 202 371 0101 • Fax: +1 202 728 9614 Los Alamitos: 10662 Los Vaqueros Circle, Los Alamitos, CA 90720 providers must bring customers into maliciously (for example, by mis- -of-Infrastructure-as-a-Service OMBUDSMAN:COMPUTER SOCIETY Email [email protected]. WEBSITE: www.computer.org Email: [email protected] the dynamic certification process using providers’ data or blackmail- -using-low-level-metrics.pdf. COMPUTER SOCIETY WEBSITE: www.computer.org Phone:Los Alamitos: +1 714 10662 821 8380 Los •Vaqueros Email: [email protected] Circle, Los Alamitos, CA 90720 Next Board Meeting: 6–10 June 2016, Buckhead, Atlanta, GA, USA Phone: +1 714 821 8380 • Email: [email protected] by providing detailed information ing providers to buy IT solutions) 5. I. Windhorst and A. Sunyaev, Next Board Meeting: 6–10 June 2016, Buckhead, Atlanta, GA, USA MEMBERSHIP & PUBLICATION ORDERS about certification adherence and and ensure that auditing organiza- “Dynamic Certification of Cloud EXECUTIVE COMMITTEE Phone:MEMBERSHIP +1 800 272& PUBLICATION 6657 • Fax: +1 ORDERS 714 821 4641 • Email: [email protected] EXECUTIVE COMMITTEE Asia/Pacific: Watanabe Building, 1-4-2 Minami-Aoyama, Minato-ku, Tokyo cloud service behavior, for instance, tions are independent. Services,” Proc. 8th Int’l Conf. President: Roger U. Fujii Phone: +1 800 272 6657 • Fax: +1 714 821 4641 • Email: [email protected] President:President-Elect: Roger U.Jean-Luc Fujii Gaudiot; Past President: Thomas M. Conte; 107-0062,Asia/Pacific: Japan Watanabe • Phone: Building, +81 3 3408 1-4-2 3118 Minami-Aoyama, • Fax: +81 3 3408 Minato-ku, 3553 • Tokyo Availability, Reliability and Security through customer- centered infor- President-Elect:Secretary: Gregory Jean-Luc T. Byrd; Gaudiot; Treasurer: Past President:Forrest Shull; Thomas VP, Member M. Conte; & Email:107-0062, [email protected] Japan • Phone: +81 3 3408 3118 • Fax: +81 3 3408 3553 • mation dashboards. (ARES 13), 2013, pp. 412–417. Secretary: Gregory T. Byrd; Treasurer: Forrest Shull; VP, Member & Email: [email protected] Geographic Activities: Nita K. Patel; VP, Publications: David S. Ebert; IEEE BOARD OF DIRECTORS he ever-changing cloud envi- 6. F. Doelitzscher et al., “Validating GeographicVP, Professional Activities: & Educational Nita K. Patel; Activities: VP, Publications: Andy T. Chen; David VP, S. Standards Ebert; PresidentIEEE BOARD & CEO: OF Barry DIRECTORS L. Shoop; President-Elect: Karen Bartleson; Past Adjust and Set Up New ronment, fast technology Cloud Infrastructure Changes by VP,Activities: Professional Mark & Paulk; Educational VP, Technical Activities: & Conference Andy T. Chen; Activities: VP, Standards Hausi A. T Activities: Mark Paulk; VP, Technical & Conference Activities: Hausi A. President :& Howard CEO: Barry E. Michel; L. Shoop; Secretary: President-Elect: Parviz Famouri; Karen Bartleson; Treasurer: Past Müller; 2016 IEEE Director & Delegate Division VIII: John W. Walz; 2016 Auditing Business Models cycles, regulatory changes, and Cloud Audits,” Proc. IEEE World Jerry L. Hudgins; Director & President, IEEE-USA: Peter Alan Eckstein; Müller;IEEE Director 2016 IEEE & DelegateDirector Division& Delegate V: HaroldDivision Javid; VIII: 2017 John IEEE W. Walz; Director- 2016 President: Howard E. Michel; Secretary: Parviz Famouri; Treasurer: Director & President, Standards Association: Bruce P. Kraemer; Director Introducing dynamic certification increased adoption of business- Congress on Services (SERVICES IEEEElect Director & Delegate & Delegate Division Division V: Dejan V: S. Harold Milojič Javid;ić 2017 IEEE Director- Jerry L. Hudgins; Director & President, IEEE-USA: Peter Alan Eckstein; lets auditors adjust existing busi- critical applications demand highly 12), 2012, pp. 377–384. Elect & Delegate Division V: Dejan S. Milojičić &Director VP, Educational & President, Activities: Standards S.K. Association: Ramesh; Director Bruce P. & Kraemer; VP, Membership Director and Geographic Activities: Wai-Choong (Lawrence) Wong; Director & ness models or set up new ones. reliable cloud services. Dynamic 7. B. Wang, B. Li, and H. Li, “Oruta: BOARD OF GOVERNORS & VP, Educational Activities: S.K. Ramesh; Director & VP, Membership BOARDTerm Expriring OF GOVERNORS 2016: David A. Bader, Pierre Bourque, Dennis J. Frailey, VP,and PublicationGeographic ServicesActivities: and Wai-Choong Products: (Lawrence)Sheila Hemami; Wong; Director Director & &VP, For example, auditors might pro- certification of cloud services can Privacy-Preserving Public Auditing TermJill I. Expriring Gostin, Atsuhiro 2016: David Goto, A.Rob Bader, Reilly, Pierre Christina Bourque, M. Schober Dennis J. Frailey, TechnicalVP, Publication Activities: Services Jose and M.F. Products: Moura; DirectorSheila Hemami; & Delegate Director Division & VP, V: vide auditing-as-a-service capabili- prove providers’ high level of reli- for Shared Data in the Cloud,” IEEE JillTerm I. Gostin, Expiring Atsuhiro 2017: Goto,David Rob Lomet, Reilly, Ming Christina C. Lin, GregoryM. Schober T. Byrd, Alfredo HaroldTechnical Javid; Activities: Director Jose & Delegate M.F. Moura; Division Director VIII: & John Delegate W. Walz Division V: ties for customers once the required ability and security to potential Trans. Cloud Computing, vol. 2, no. TermBenso, Expiring Forrest 2017:Shull, DavidFabrizio Lomet, Lombardi, Ming HausiC. Lin, A. Gregory Müller T. Byrd, Alfredo Harold Javid; Director & Delegate Division VIII: John W. Walz dynamic auditing infrastructure customers. However, methods to 1, 2014, pp. 43–56. Benso,Term ForrestExpiring Shull, 2018: Fabrizio Ann DeMarle, Lombardi, Fred Hausi Douglis, A. Müller Vladimir Getov, Bruce M. McMillin, Cecilia Metra, Kunio Uchiyama, Stefano Zanero is established. This service model efficiently and continuously assess 8. C.E. Brown, J.A. Wong, and A.A. Term Expiring 2018: Ann DeMarle, Fred Douglis, Vladimir Getov, Bruce M. McMillin, Cecilia Metra, Kunio Uchiyama, Stefano Zanero would allow customers to review cloud services are still in their Baldwin, “A Review and Analysis revised 106 April February 2016 2016 auditing results on demand for a fee. infancy. Organizations such as of the Existing Research Streams

www.computer.org/computingedge 19 70 IEEE Security & Privacy March/April 2016 www.computer.org/security 71 Standards Editor: Yong Cui • [email protected] Toward a Standard Interface for Cloud Providers The Container as the Narrow Waist

Silvery Fu and Jiangchuan Liu • Simon Fraser University

Xiaowen Chu • Hong Kong Baptist University

Yueming Hu • South China Agricultural University

Containers underwent a whirlwind adoption across cloud providers recently, as the Open Container Initiative works toward standardizing the container format and configuration. The container could become the cloud infrastructure’s “narrow waist,” bridging a proliferation of existing and emerging cloud services.

loud computing has experienced a rapid and portability, as well as resource management growth in the past decade; it’s estimated that with minimized overhead. 95 percent of companies have introduced New opportunity arises from the advance- C 1 cloud services to facilitate their business in 2015. ment of cloud infrastructures. Containerization, As a constellation of cloud technologies, applica- a technology that enables fine-grained resource tions, and business models keep emerging, there’s control and isolation by encapsulating applica- a strong demand on standardization towards a set tions inside containers, has undergone a whirl- of core technical specifications, which are to be wind adoption and gained native support across adopted and shared by cloud vendors.2 Pioneer- major cloud providers, including Amazon Elas- ing works include the Open Virtualization Format tic Compute Cloud (EC2) Container Service (ECS; (OVF),3 Open Cloud Computing Interface (OCCI; http://aws.amazon.com/ecs), Google Container http://occi-wg.org), and IEEE’s P2301 (Cloud Engine (https://goo.gl/oxBS2e), and Microsoft Profiles) and P2302 (Intercloud) working drafts.4 Azure Container Service.5 The container, in its In particular, OVF is an established standard, simplest form, is a collection of OS kernel utili- adopted by the American National Standards ties configured to manage the resources that an Institute (ANSI) and International Organization application uses. The Open Container Initiative for Standardization (ISO) that defines an open (OCI; www.opencontainers.org), launched under and portable format for packaging and distrib- the auspices of the Linux Foundation in mid- uting software run on virtual machines (VMs). 2015, aims to establish open industry standards A typical .ovf package includes descriptors for for the container’s runtime and format. Following hardware requirements, network, storage, and the container’s popularity, it has readily gained security settings. IEEE P2301 aims to unify the sponsorship from more than 30 companies and variety of design options adopted in cloud com- organizations, including leading cloud providers puting systems, by organizing those options into and application platforms. profiles, which provide guidance on developing With this in mind, here we provide a high- standard-based products for cloud vendors. These level overview of container technology, along efforts (mostly virtualization-oriented) have with its standardization status. We discuss the helped improve the interoperability among cloud container’s integral modules and explain why we ecosystem participants. Enhancements and the envision it becoming the “narrow waist” of the establishment of new standards, however, are still cloud infrastructure, bridging a proliferation of required to better address application deployment existing and emerging cloud services.

66 Published by the IEEE Computer Society 1089-7801/16/$33.00 © 2016 IEEE IEEE INTERNET COMPUTING 20 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE Standards Toward a Standard Interface for Cloud Providers Editor: Yong Cui • [email protected]

The Container: Rationale Toward a Standard Interface and Key Modules Container-A Container-B Container-C In general, a container offers cloud (web-server) (db-server) (batch-task) providers a lightweight tool to achieve for Cloud Providers resource multiplexing and control, as an alternative to virtualization (particularly those hypervisor-based). A cgroups0 cgroups1 cgroups2 The Container as the Narrow Waist closer relative to the container is an operating system process, because Silvery Fu and Jiangchuan Liu • Simon Fraser University both of them essentially encapsulate a (single) application runtime. What Xiaowen Chu • Hong Kong Baptist University the container offers additionally is the CPU1 234 RAM capabilities of controlling and isolat- (Virtual) cores (Virtual) memory Yueming Hu • South China Agricultural University ing OS resources assigned to the runtime, meanwhile including complete Figure 1. The control groups (cgroups) module for CPU and memory. The Containers underwent a whirlwind adoption across cloud providers recently, dependencies in a container instance. module defines a collection of kernel resource controllers. As such, we can also refer to a con- as the Open Container Initiative works toward standardizing the container for- tainer as a virtual environment (VE). mat and configuration. The container could become the cloud infrastructure’s The idea of the container and OS- “narrow waist,” bridging a proliferation of existing and emerging cloud services. level virtualization isn’t new. Linux- I/O. User-level code is allowed to processes to have separate namespaces VServer6 and OpenVZ (https://openvz. customize these controllers through for system resources, including (but not org) are two previous container-based cgroups’ virtual file system. At the limited to) a process identifier (PID), loud computing has experienced a rapid and portability, as well as resource management virtualization platforms. Yet the con- runtime, cgroups is assigned to a pro- interprocess communication (IPC), and growth in the past decade; it’s estimated that with minimized overhead. tainer has only come to the fore in cess through function hooking, by network. The resources allocated to 95 percent of companies have introduced New opportunity arises from the advance- recent years, for two reasons. First, which resource accesses of the pro- the application runtime inside a con- C 1 cloud services to facilitate their business in 2015. ment of cloud infrastructures. Containerization, it has shifted from the original role cess will trigger the corresponding tainer can’t be addressed by the other As a constellation of cloud technologies, applica- a technology that enables fine-grained resource as a “hypervisor-free” VM, where hooks. As such, without intervening containers, and vice-versa. With the tions, and business models keep emerging, there’s control and isolation by encapsulating applica- a single container instance had to performance-critical execution paths, use of cgroups and namespaces iso- a strong demand on standardization towards a set tions inside containers, has undergone a whirl- be built full-fledge to support a full cgroups is able to achieve resource lation, a container runtime can read- of core technical specifications, which are to be wind adoption and gained native support across OS (as in VServer and OpenVZ), to a tracking and control efficiently. Fig- ily be hosted. Docker has donated the adopted and shared by cloud vendors.2 Pioneer- major cloud providers, including Amazon Elas- lightweight runtime environment for ure 1 gives an example showing the implementation of these modules to ing works include the Open Virtualization Format tic Compute Cloud (EC2) Container Service (ECS; applications. Second, recent platforms use of cgroups with container run- the OCI project in a collection called (OVF),3 Open Cloud Computing Interface (OCCI; http://aws.amazon.com/ecs), Google Container significantly simplify the procedure time. Here, cgroups1 defines the con- runC, serving as the cornerstone to a http://occi-wg.org), and IEEE’s P2301 (Cloud Engine (https://goo.gl/oxBS2e), and Microsoft for container creation and manage- trol groups of two CPU cores 3 and standardized container runtime. Nota- Profiles) and P2302 (Intercloud) working drafts.4 Azure Container Service.5 The container, in its ment. These two advancements meet 4, and a limited amount of memory bly, both cgroups and namespaces iso- In particular, OVF is an established standard, simplest form, is a collection of OS kernel utili- the growing need of deploying cloud- shaded in light gray. It’s assigned lation have been used independently adopted by the American National Standards ties configured to manage the resources that an based distributed applications with to ContainerB that encapsulates a and flexibly to achieve resource con- Institute (ANSI) and International Organization application uses. The Open Container Initiative “just enough” performance overhead database server runtime (denoted by trol8 or isolation,9 and many other for Standardization (ISO) that defines an open (OCI; www.opencontainers.org), launched under and maintenance cost. They’ve been db-server). During its life cycle, the container platforms are built based and portable format for packaging and distrib- the auspices of the Linux Foundation in mid- jointly achieved by Docker (www. CPU usage of db-server is limited on these modules (in addition to OCI, uting software run on virtual machines (VMs). 2015, aims to establish open industry standards docker.com), the most established and to cores 3 and 4 (which in turn will see https://github.com/coreos/rkt and A typical .ovf package includes descriptors for for the container’s runtime and format. Following popular container by far. be used exclusively by db-server) https://linuxcontainers.org), making hardware requirements, network, storage, and the container’s popularity, it has readily gained Docker relies on utilities of the and the memory footprint is limited the container techniques versatile. security settings. IEEE P2301 aims to unify the sponsorship from more than 30 companies and modern Linux kernel to create and by the given amount. As cgroups0 To facilitate container creation variety of design options adopted in cloud com- organizations, including leading cloud providers manage container runtime. (Eventu- and cgroups2 indicate, it’s also pos- and management, Docker has also puting systems, by organizing those options into and application platforms. ally Docker developed native imple- sible to define the cgroups solely for designed and implemented the con- profiles, which provide guidance on developing With this in mind, here we provide a high- mentation of these modules, as a CPU, memory, and other manageable tainer (image) format. Each container standard-based products for cloud vendors. These level overview of container technology, along solution for cross-platform sup- system resources, or arrange them runtime is created from an image efforts (mostly virtualization-oriented) have with its standardization status. We discuss the port.7) First and foremost, the control together in different combinations. predefined, which includes all the helped improve the interoperability among cloud container’s integral modules and explain why we groups (cgroups) module defines a The hardware resources here can be dependencies that the target appli- ecosystem participants. Enhancements and the envision it becoming the “narrow waist” of the collection of kernel resource control- virtualized, too, as we detail later. cation requires. Besides, the images establishment of new standards, however, are still cloud infrastructure, bridging a proliferation of lers for (including but not limited to) Docker further leverages the can be stored in publicly accessible required to better address application deployment existing and emerging cloud services. CPU, memory, and network and disk namespaces isolation feature, forcing repositories and conveniently dis-

calls being sent to the hypervisor Gaming File hosting Web services Middleboxes SaaS directly — which is known as para- L5 to Ln: ... virtualization (PV); or trapping those Application layers VDI Virtual applicance PaaS ... calls by special hardware extensions, known as hardware-assisted virtual- RunC L4: Containerization container ization (HVM). As such, virtualization functions at the border of hardware and OS. It’s able to provide strong per- L3: OS UNIX-like Linux distros Windows formance isolation and security guar- ... antees with the narrowed interface between VMs and hypervisors. Con- L2: Virtualization HVM PVM KVM tainerization, which sits in between ... the OS and applications, incurs lower overhead, but potentially introduces L1: HW CPU RAM NIC DISK greater security vulnerabilities, such as namespace-agnostic system calls.11 In short, containerization isn’t necessarily a replacement to virtual- Figure 2. Cloud layered model: we envision the container (L4) as the narrow ization; rather, these two complement waist. It will bridge the underlying infrastructure layers and the application each other, and are to be placed into a layers above. unified framework for cloud vendors and users. The Container as the tributed. Finally, Docker utilizes a from the proprietary to open sourced, Narrow Waist layered file system to allow efficient are hosted in an isolated fashion. The renowned OSI model (ISO/IEC sharing between container images, Containerization permits only appli- 7498-1) has helped delineate and which significantly reduces the stor- cations to be encapsulated in contain- standardize the Internet. As Figure 2 age overhead. ers, which leads to greatly reduced shows, we envision that a similar deployment overhead and much standardized reference model for the Containerization versus higher instance density on a single cloud infrastructure will emerge even- Virtualization machine. Unfortunately, it disallows tually. Such a model will be layered, To date, machine virtualization a full OS stack to be run separately with each layer emphasizing distinct remains the most common way to from the host OS, prohibiting a multi- infrastructural issues and function- manage hardware resources for cloud OS setting. alities, including resource multiplex- providers (for example, Xen10 for At the low level, containeriza- ing, isolation, orchestration, and Amazon EC2 public cloud), attract- tion leverages the host OS utilities application supports, respectively. ing significant standardization efforts to achieve resource encapsulation An important design consideration (including OVF). Containers share and management. Hypervisors, on for a layered model is the disposition such common design goals and fea- the contrary, run directly on top of of heterogeneity. For instance, the tures with VMs as resource isolation the hardware in the most-privileged heterogeneity of network protocols and imaging. Yet the new generation mode, taking charge of accessing converges at the IP layer, such that of containers represented by Docker, and managing the underlying hard- any transport layer protocols consid- are built with important, distinct ware resources, akin to the role of an ering only the semantics of IP proto- tenets.6 operating system kernel. The VMs and col will still be able to run on today’s At the high level, containerization guest OS kernels now run in a less- Internet infrastructure. Likewise, we is upward-facing and application- privileged mode, such that any privi- must decide where a unified interface driven, while virtualization is down- leged system calls from guest OSs will (that this, the “narrow waist”) should ward-facing and hardware-driven. be trapped to the hypervisor’s kernel be placed in the layered cloud infra- Hypervisor-based virtualization (such and executed in isolation. This pro- structure model. The key insight here as Xen) enables multiple users to cre- cess can be done in two ways: either is that a better part of the heterogene- ate VMs that share the same physical through modifying the guest OS ker- ity is introduced by the OS layer (L3) hardware, where distinct OSs, ranging nel and drivers to enforce privileged and application layers (L5 and above),

68 www.computer.org/internet/ IEEE INTERNET COMPUTING 22 ComputingEdge June 2016 Standards Toward a Standard Interface for Cloud Providers

calls being sent to the hypervisor where different applications rely on a User space Gaming File hosting Web services Middleboxes SaaS SaaS SaaS SaaS ... directly — which is known as para- variety of dependencies and OS sup- Provider space Containerized L5 to Ln: application application application SaaS stack virtualization (PV); or trapping those ports. OSs themselves are also largely Application layers VDI Virtual applicance PaaS ...... calls by special hardware extensions, distinct from each other. Therefore, ...... known as hardware-assisted virtual- we envision container (L4) to become RunC L4: Containerization container ization (HVM). As such, virtualization the narrow waist of this layered cloud SaaS/application Container Container Container functions at the border of hardware model, bridging the underlying infra- . . and OS. It’s able to provide strong per- structure layers and the application . L3: OS formance isolation and security guar- layers above. UNIX-like Linux distros Windows VM/OS VM/OS ... antees with the narrowed interface The benefits of having such a uni-

between VMs and hypervisors. Con- fied/standardized interface are Public cloud IaaS stack L2: Virtualization HVM PVM KVM tainerization, which sits in between many-fold. Underneath, different Hypervisor ... the OS and applications, incurs lower host OSs can be utilized for the con- overhead, but potentially introduces tainer, ranging from Unix-like ones L1: HW CPU RAM NIC DISK greater security vulnerabilities, such to Windows-like proprietary ones, as as namespace-agnostic system calls.11 long as they implement the container Physical layer/hardware In short, containerization isn’t interface. Depending on user require- necessarily a replacement to virtual- ments, these host OSs are either placed Figure 2. Cloud layered model: we envision the container (L4) as the narrow ization; rather, these two complement on top of bare-metal non-virtualized Figure 3. Hybrid virtualization layering in a public cloud. IaaS stands for waist. It will bridge the underlying infrastructure layers and the application each other, and are to be placed into a machines or hypervisor-based VMs, layers above. infrastructure as a service, PaaS stands for platform as a service, and SaaS unified framework for cloud vendors where the first option gives the high- stands for software as a service. and users. est and close-to-native performance for demanding applications such as The Container as the HPC workloads. Private clouds with tributed. Finally, Docker utilizes a from the proprietary to open sourced, Narrow Waist managed user access could also ben- layered file system to allow efficient are hosted in an isolated fashion. The renowned OSI model (ISO/IEC efit from this thinner model. With an cluster managers have been relying worth noting here that the reference sharing between container images, Containerization permits only appli- 7498-1) has helped delineate and additional hypervisor, a cluster yields on the container as the basic sched- container implementation provided which significantly reduces the stor- cations to be encapsulated in contain- standardize the Internet. As Figure 2 stronger isolation and security guar- uling unit.12,13 In particular, the idea by OCI, runC, originates from Dock- age overhead. ers, which leads to greatly reduced shows, we envision that a similar antees, thereby being particularly of two-level scheduling separates the er’s libcontainer project. deployment overhead and much standardized reference model for the appealing for public cloud provid- cloud provider’s concern in achieving Note that both virtualization and Containerization versus higher instance density on a single cloud infrastructure will emerge even- ers. Moreover, the providers might efficient resource multiplexing14 containerization are included in the Virtualization machine. Unfortunately, it disallows tually. Such a model will be layered, opt for different hypervisors — rang- from the user’s concern in attaining reference model. When they’re used To date, machine virtualization a full OS stack to be run separately with each layer emphasizing distinct ing from full-virtualization to PV, optimized workload locality, resource together (for example, in a public remains the most common way to from the host OS, prohibiting a multi- infrastructural issues and function- and HVM to Kernel Virtual Machines utilization, as well as cost savings. cloud), with the underlying physical manage hardware resources for cloud OS setting. alities, including resource multiplex- (KVMs) — to meet various operational Further, the container interface will hardware and the OS in between, they providers (for example, Xen10 for At the low level, containeriza- ing, isolation, orchestration, and requirements. facilitate cloud services’ transition form the hybrid-virtualization layers Amazon EC2 public cloud), attract- tion leverages the host OS utilities application supports, respectively. On top of the interface, deploy- beyond infrastructure as a service sitting at the bottom of the standard ing significant standardization efforts to achieve resource encapsulation An important design consideration ing and shipping an application (IaaS), PaaS, and software as a ser- model (analogous to the link layers in (including OVF). Containers share and management. Hypervisors, on for a layered model is the disposition runtime across distinct OSs and vice (SaaS), to highly modularized the OSI model). This layering essen- such common design goals and fea- the contrary, run directly on top of of heterogeneity. For instance, the hardware architectures will become and distributed architectures such as tially places containers inside hyper- tures with VMs as resource isolation the hardware in the most-privileged heterogeneity of network protocols straightforward, because applications microservice and “serverless” appli- visor-based VMs, which are then run and imaging. Yet the new generation mode, taking charge of accessing converges at the IP layer, such that are agnostic to all of the underlying cations (see AWS Lambda; https:// on top of the underlying hardware; of containers represented by Docker, and managing the underlying hard- any transport layer protocols consid- infrastructure details. Developers are aws.amazon.com/lambda). Through the rationale is that these two tech- are built with important, distinct ware resources, akin to the role of an ering only the semantics of IP proto- spared from redundant and repetitive defining a standard format of declar- nologies, with distinct design goals tenets.6 operating system kernel. The VMs and col will still be able to run on today’s runtime environment configurations, ing container configuration and run- and characteristics (as illustrated ear- At the high level, containerization guest OS kernels now run in a less- Internet infrastructure. Likewise, we system administrators are granted time, the promising OCI is a project lier), are in fact complementary to is upward-facing and application- privileged mode, such that any privi- must decide where a unified interface the ability of lightweight resource that aims to establish the interface each other. driven, while virtualization is down- leged system calls from guest OSs will (that this, the “narrow waist”) should tracking and control, and cloud pro- so that any host OS that implements This hybrid layering is intuitive ward-facing and hardware-driven. be trapped to the hypervisor’s kernel be placed in the layered cloud infra- viders are allowed to support higher- it accordingly can support the con- yet powerful, by which cloud users are Hypervisor-based virtualization (such and executed in isolation. This pro- structure model. The key insight here level services such as platform as a tainer, bringing the aforementioned allowed to orchestrate their resources as Xen) enables multiple users to cre- cess can be done in two ways: either is that a better part of the heterogene- service (PaaS) effortlessly. From the benefits to the cloud ecosystem. Ear- provisioned without any assistance ate VMs that share the same physical through modifying the guest OS ker- ity is introduced by the OS layer (L3) resource orchestration perspective, lier we detailed the key modules for from the underlying infrastructure hardware, where distinct OSs, ranging nel and drivers to enforce privileged and application layers (L5 and above), both the open source and proprietary implementing this interface, and it’s providers. As Figure 3 shows, the

68 www.computer.org/internet/ IEEE INTERNET COMPUTING MaRCh/aPRIl 2016 69 www.computer.org/computingedge 23 Standards

Table 1. Performance of hybrid virtualization on a public Elastic Compute Cloud (EC2). the cloud infrastructure by address- Resource type (benchmark) Bare VM* Hybrid VM ing separate issues as compared to CPU (7z compression) 92.18 Mbytes/s 92.26 Mbytes/s virtualization, which is a necessity when security is still one of the big- Memory (Sysbench, read) 10.84 Gbytes/s 10.85 Gbytes/s gest concerns for cloud users.1 The Memory (Sysbench, write) 10.49 Gbytes/s 10.08 Gbytes/s explored hybrid virtualization layer- Disk (Bonnie++, rewrite) 119.95 Mby te/s 118.22 Mbytes/s ing combines these two technologies Network (Iperf, TCP Send) 126.60 Mbytes/s 126.59 Mbytes/s with negligible performance over- Network (Iperf, TCP Recv) 126.53 Mbytes/s 126.50 Mbytes/s head, setting the basis for the layered cloud reference model. In practice, we * VM = virtual machine. can place tens of or even hundreds of containers on the same physical or virtual machine. cloud resource stack is, more often performance of the hypervisor and Our experimental results indicate than not, separated into the user’s the container has yet to be explored. that using a container won’t penalize and provider’s space. For security To quantitatively evaluate the over- the application performance when and overall cloud performance, (pub- head, we conducted experiments there’s relatively low resource con- lic) providers don’t let users freely in the Amazon EC2 public cloud. tention at the OS level. There is, how- launch any operations in their space, Our metrics included CPU, memory, ever, contention at the hypervisor making resource consolidation and disk, and network I/O. To allevi- level from other tenants. It remains orchestration in the user space a ate interference from the underlying to be discovered — when we raise headache (left half in the user space). cloud infrastructure, we repeated the the density of co-located containers In the hybrid layering (right half), experiments in four cloud instances, — exactly how the performance over- the container adds another layer provisioned with the same resource head will increase. Joining forces with of abstraction in between the VM offerings but at different times of major cloud vendors, the OCI project instance and applications, decou- the day. We containerized each EC2 will further tackle these implementa- pling application-specific scheduling instance with the newest version of tion and compatibility issues for the and VM scheduling. A direct use of the Docker container, and used micro- container. As today’s applications are this model is PaaS, which relies on benchmarks to measure and compare growing more distributed and cloud- the container to establish any service the performance inside and outside based, it’s expected that the container runtime environment effortlessly, and the container. As Table 1 shows, using as the narrow-waist interface will in the meantime the PaaS provid- the container introduces only negli- improve the cloud infrastructure. ers are exempted from handling the gible overhead with respect to CPU, physical infrastructure. IaaS provid- memory, and disk and network I/O. References ers (such as Amazon ECS) can also (In our experiments, the CPU and 1. Harvard Business Review Analytic Services, benefit from this paradigm. Without memory-read performance are slightly “Cloud Computing Comes of Age,” Harvard involving redundant and unnecessary higher for hybrid layering; but we Business Rev. Analytic Services Report, OS processes, the scaling out is more conjecture that this is caused by the tech. report, 2015; https://goo.gl/nZ4dIC. efficient for containers than VMs (see, public cloud performance variance.) 2. S. Ortiz, “The Problem with Cloud-Comput- for example, the Google Container As we discussed, these resources are ing Standardization,” Computer, vol. 44, Engine), which enables finer-grained managed using cgroups through effi- no. 7, 2011, pp. 13–16. billing. Noticeably, the hybrid layer- cient function hooking (except for the 3. Open Virtualization Format White Paper, ing is able to coexist with the virtu- network module, in which the Docker white paper, Distributed Management Task alization-only solution, as Figure 3 tags each network packet with a class Force, v. 2.0.0a, document DSP2017, 3 July indicates. identifier, and uses the Linux traffic 2013; www.dmtf.org/sites/default/files/ The additional layer might cause controller to manage the packets from standards/documents/DSP2017_2.0.0a.pdf. performance overhead and thus reduce and to a particular container). 4. IEEE Cloud Computing Initiative, “Stan- the public cloud’s cost-effectiveness. dards in Cloud Computing,” IEEE Stan- Previous works11 have demonstrated dards Assoc., 2016; http://cloudcomputing. that the container is able to achieve container is a lightweight, flex- ieee.org/standards. much-improved close-to-native per- A ible, and application-driven tool 5. R. Gardler, Azure Container Service: Now formance, as compared to the hyper- for fine-grained resource control and the Future, blog, Microsoft, 29 Sept. visor counterpart. However, the joint and OS-level isolation. It augments 2015; https://goo.gl/QaDvQU.

70 www.computer.org/internet/ IEEE INTERNET COMPUTING 24 ComputingEdge June 2016 Standards Toward a Standard Interface for Cloud Providers

Table 1. Performance of hybrid virtualization on a public Elastic Compute Cloud (EC2). the cloud infrastructure by address- 6. S. Soltesz et al., “Container-Based Oper- 14. M. Armbrust et al., “A View of Cloud Com- Xiaowen Chu is an associate professor in the Resource type (benchmark) Bare VM* Hybrid VM ing separate issues as compared to ating System Virtualization: A Scalable, puting,” Comm. ACM, vol. 53, no. 4, 2010, Department of Computer Science, Hong CPU (7z compression) 92.18 Mbytes/s 92.26 Mbytes/s virtualization, which is a necessity High-Performance Alternative to Hypervi- pp. 50–58. Kong Baptist University. His research when security is still one of the big- sors,” Proc. European Conf. Computer Sys- interests include distributed and parallel Memory (Sysbench, read) 10.84 Gbytes/s 10.85 Gbytes/s gest concerns for cloud users.1 The tems, vol. 41, no. 3, 2007, pp. 275–287. Silvery Fu is concurrently a master’s student computing and wireless networks. Chu has Memory (Sysbench, write) 10.49 Gbytes/s 10.08 Gbytes/s explored hybrid virtualization layer- 7. N. Peterson, Windows Containers, Micro- at Simon Fraser University and an under- a PhD in computer science from the Hong Disk (Bonnie++, rewrite) 119.95 Mby te/s 118.22 Mbytes/s ing combines these two technologies soft, 11 Dec. 2015; https://goo.gl/YAsGmo. graduate student in the dual degree pro- Kong University of Science and Technol- Network (Iperf, TCP Send) 126.60 Mbytes/s 126.59 Mbytes/s with negligible performance over- 8. D. Lo et al., “Heracles: Improving Resource gram from Simon Fraser University and ogy. He’s a senior member of IEEE and an Network (Iperf, TCP Recv) 126.53 Mbytes/s 126.50 Mbytes/s head, setting the basis for the layered Efficiency at Scale,” Proc. Int’l Symp. Com- Zhejiang University. His interests focus on associate editor of IEEE Access. Contact cloud reference model. In practice, we puter Architecture, 2015, pp. 450–462. cloud computing topics surrounding virtu- him at [email protected]. * VM = virtual machine. can place tens of or even hundreds of 9. B. Lantz, B. Heller, and N. McKeown, “A alization, networking, and online gaming. containers on the same physical or Network in a Laptop: Rapid Prototyping Contact him at [email protected]. Yueming Hu (corresponding author) is a pro- virtual machine. for Software-Defined Networks,” Proc. fessor of land information technology cloud resource stack is, more often performance of the hypervisor and Our experimental results indicate Sigcomm Workshop on Hot Topics in Net- Jiangchuan Liu is a university professor in at South China Agricultural University. than not, separated into the user’s the container has yet to be explored. that using a container won’t penalize works, 2010, article no. 19. the School of Computing Science, Simon He’s also the director of the Guangdong and provider’s space. For security To quantitatively evaluate the over- the application performance when 10. P. Barham et al., “Xen and the Art of Vir- Fraser University, and an NSERC E.W.R. Province Key Laboratory of Land use and and overall cloud performance, (pub- head, we conducted experiments there’s relatively low resource con- tualization,” Proc. Sigops, vol. 37, no. 5, Steacie Memorial Fellow. He’s also the consolidation, and the chairman of the lic) providers don’t let users freely in the Amazon EC2 public cloud. tention at the OS level. There is, how- 2003, pp. 164–177. EMC-Endowed Visiting Chair Professor of Guangdong Mapping and Geoinformation launch any operations in their space, Our metrics included CPU, memory, ever, contention at the hypervisor 11. W. Felter et al., “An Updated Performance Tsinghua University. His research interests Industry Technology Innovation Alliance. making resource consolidation and disk, and network I/O. To allevi- level from other tenants. It remains Comparison of Virtual Machines and Linux include multimedia systems and networks, Yueming has a PhD in soil geography orchestration in the user space a ate interference from the underlying to be discovered — when we raise Containers,” IBM Research Report, tech. cloud computing, social networking, online from Zhejiang University. Contact him at headache (left half in the user space). cloud infrastructure, we repeated the the density of co-located containers report RC25482, IBM Research Division, gaming, Big Data, wireless sensor net- [email protected]. In the hybrid layering (right half), experiments in four cloud instances, — exactly how the performance over- IBM, 21 July 2014. works, and peer-to-peer networks. Liu has the container adds another layer provisioned with the same resource head will increase. Joining forces with 12. B. Hindman et al., “Mesos: A Platform for a PhD in computer science from the Hong of abstraction in between the VM offerings but at different times of major cloud vendors, the OCI project Fine-Grained Resource Sharing in the Data Kong University of Science and Technol- This article originally appeared in instance and applications, decou- the day. We containerized each EC2 will further tackle these implementa- Center,” Proc. Usenix Conf. Networked Sys- ogy. He has served on the editorial boards IEEE Internet Computing, vol. 20, pling application-specific scheduling instance with the newest version of tion and compatibility issues for the tems Design and Implementation, 2011, pp. of IEEE Transactions on Big Data, IEEE no. 2, 2016. and VM scheduling. A direct use of the Docker container, and used micro- container. As today’s applications are 295–308. Transactions on Multimedia, IEEE Com- this model is PaaS, which relies on benchmarks to measure and compare growing more distributed and cloud- 13. A. Verma et al., “Large-Scale Cluster Man- munications Surveys and Tutorials, IEEE the container to establish any service the performance inside and outside based, it’s expected that the container agement at Google with Borg,” Proc. Euro- Access, IEEE Internet of Things Journal, Selected CS articles and columns runtime environment effortlessly, and the container. As Table 1 shows, using as the narrow-waist interface will pean Conf. Computer Systems, 2015, article and Computer Communications. Contact are also available for free at http:// in the meantime the PaaS provid- the container introduces only negli- improve the cloud infrastructure. no. 18. him at [email protected]. ComputingNow.computer.org. ers are exempted from handling the gible overhead with respect to CPU, physical infrastructure. IaaS provid- memory, and disk and network I/O. References ers (such as Amazon ECS) can also (In our experiments, the CPU and 1. Harvard Business Review Analytic Services, benefit from this paradigm. Without memory-read performance are slightly “Cloud Computing Comes of Age,” Harvard involving redundant and unnecessary higher for hybrid layering; but we Business Rev. Analytic Services Report, OS processes, the scaling out is more conjecture that this is caused by the tech. report, 2015; https://goo.gl/nZ4dIC. efficient for containers than VMs (see, public cloud performance variance.) 2. S. Ortiz, “The Problem with Cloud-Comput- for example, the Google Container As we discussed, these resources are ing Standardization,” Computer, vol. 44, Engine), which enables finer-grained managed using cgroups through effi- no. 7, 2011, pp. 13–16. billing. Noticeably, the hybrid layer- cient function hooking (except for the 3. Open Virtualization Format White Paper, Engineering and Applying the Internet ing is able to coexist with the virtu- network module, in which the Docker white paper, Distributed Management Task alization-only solution, as Figure 3 tags each network packet with a class Force, v. 2.0.0a, document DSP2017, 3 July indicates. identifier, and uses the Linux traffic 2013; www.dmtf.org/sites/default/files/ The additional layer might cause controller to manage the packets from standards/documents/DSP2017_2.0.0a.pdf. performance overhead and thus reduce and to a particular container). 4. IEEE Cloud Computing Initiative, “Stan- IEEE Internet Computing reports emerging tools, the public cloud’s cost-effectiveness. dards in Cloud Computing,” IEEE Stan- technologies, and applications implemented through the Previous works11 have demonstrated dards Assoc., 2016; http://cloudcomputing. Internet to support a worldwide computing environment. that the container is able to achieve container is a lightweight, flex- ieee.org/standards. much-improved close-to-native per- A ible, and application-driven tool 5. R. Gardler, Azure Container Service: Now For submission information and author guidelines, formance, as compared to the hyper- for fine-grained resource control and the Future, blog, Microsoft, 29 Sept. please visit www.computer.org/internet/author.htm visor counterpart. However, the joint and OS-level isolation. It augments 2015; https://goo.gl/QaDvQU.

70 www.computer.org/internet/ IEEE INTERNET COMPUTING MaRCh/aPRIl 2016 71 www.computer.org/computingedge 25 CLOUD COVER

Deciding When and How to Move HPC Jobs to the Cloud

Marco A.S. Netto, Renato L.F. Cunha, and Nicole Sultanum, IBM Research

Now used for high-performance computing applications, the cloud presents a challenge for users who must decide, based on efficiency and cost-effectiveness, when and how to run jobs on cloud-based resources versus when to use on-premise clusters. The authors propose US$23 per hour. These prices drop a decision-support system to help make these another 10 percent for monthly rentals. determinations. Organizations can rent cloud resources to augment their local com- he cloud began as a platform to host Web appli- puting capacity to meet increasing cations but has since been used for many other demand, creating a hybrid operation. However, this cre- types of programs, including those for high- ates challenges such as how to decide which jobs should be performance computing (HPC). These applica- moved to the cloud and when. Ttions have become an integral part of numerous domains Here, we examine these challenges and describe a including seismic research for oil and gas exploration, tool we’re currently developing to help users determine high- resolution solid and fluid mechanics, social- media whether their jobs should be run in on- premise or cloud- analytics, and molecular dynamics. While HPC users of- based clusters. ten have access to on- premise computing clusters, these resources might be insufficient for their application exe- CHALLENGES FOR HPC CLOUD USERS cutions, known as jobs, or might force their jobs to wait a Moving HPC jobs to the cloud is a cultural, as well as tech- long time in a queue.1 Thus, HPC researchers are explor- nical, issue that affects users and IT infrastructure ad- ing the benefits of moving resource- intensive jobs, to the ministrators. Users frequently act as if on- premise HPC cloud.2–4 resources are cost- free and thus don’t always utilize them Renting HPC clusters in the cloud has recently become carefully. On the other hand, they appear more aware easier and less expensive. For instance, users can rent a that the cloud is not free and must be accessed wisely. 20- node cluster built with virtualized machines that have Users would benefit from a tool that helps them decide 64 Gbytes of RAM and 16 cores each for US$14 per hour. whether and how to use on- premise or cloud resources for The same cluster using physical machines would rent for various tasks.

26 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE 86 COMPUTER PUBLISHED BY THE IEEE COMPUTER SOCIETY 0018- 9162/15/$31.00 © 2015 IEEE EDITOR SAN MURUGESAN BRITE Professional Services; CLOUD COVER [email protected]

Such a tool would be of value, because although the cloud offers many advantages, it also presents Job/app Advisor Queue analyzer User interface challenges. For example, cloud use pro ler Deciding When and entails latency. Tightly coupled parallel applications require processors to communicate among themselves Bus via a high- speed network. Without How to Move HPC such a network, many parallel appli- Environment Resource cations don’t scale well, causing users Monitor Data manager switcher manager to choose to work with on- premise Jobs to the Cloud resources. A significant bottleneck occurs between the user infrastructure (includ- Figure 1. Decision- support system for running high- performance computing (HPC) Marco A.S. Netto, Renato L.F. Cunha, and Nicole Sultanum, IBM Research ing systems ranging from laptops to applications. System components communicate with one another through a common clusters) and the cloud. This can ruin bus. Via an interface, users input their job and business requirements and receive Now used for high-performance computing the experience for users, who expect information about the cost of running their task utilizing the HPC cloud versus utilizing quick access to HPC cloud applica- on- premise resources, and about which option makes more sense. The components applications, the cloud presents a challenge for tions’ output for purposes such as vi- with the red band are the most challenging to design and implement. sualization and analysis. users who must decide, based on efficiency UberCloud—an online community and marketplace where engineers are charged based on application run- comparison among alternatives. The and cost-effectiveness, when and how to run and scientists discover, try out, and ning time but the pricing models ar- DSS also specifies levels of uncer- jobs on cloud-based resources versus when to buy computing as a service— reports en’t necessarily linear or certain. For tainty about job- execution time and challenges that companies face example, on an hourly subscription, cost estimates caused by forecasting- use on-premise clusters. The authors propose when moving HPC workloads to the they will be charged for a full hour of model imperfections. Figure 1 shows US$23 per hour. These prices drop cloud.5,6 The US Department of En - usage even if their task took only 20 the DSS components. a decision-support system to help make these another 10 percent for monthly ergy’s Magellan Report on Cloud Com- minutes. In some cases, cloud provid- rentals. puting for Science contains analyses ers will charge less for resources that Advisor determinations. Organizations can rent cloud re- on running HPC and data- intensive they have the right to terminate at This main DSS component helps us- sources to augment their local com- applications in the cloud.7 any time, which are suitable for fault- ers determine the least expensive way he cloud began as a platform to host Web appli- puting capacity to meet increasing A potential problem for users is tolerant applications and services. to execute jobs while still generating cations but has since been used for many other demand, creating a hybrid operation. However, this cre- estimating the cost of running HPC Thus, estimating costs for the cloud is timely results. To accomplish this, types of programs, including those for high- ates challenges such as how to decide which jobs should be applications in the cloud. They gener- a daunting, yet crucial, task. the advisor receives information from performance computing (HPC). These applica- moved to the cloud and when. ally don’t know a priori how long their other components about the time re- Ttions have become an integral part of numerous domains Here, we examine these challenges and describe a applications will have to run, as many HPC DECISION- quired to access resources, such as on- including seismic research for oil and gas exploration, tool we’re currently developing to help users determine programs might present irregular be- SUPPORT SYSTEM premise clusters’ queue lengths and high- resolution solid and fluid mechanics, social- media whether their jobs should be run in on- premise or cloud- haviors that make predicting execu- Implementing a hybrid HPC cloud en- the way jobs would run in different analytics, and molecular dynamics. While HPC users of- based clusters. tion times difficult.8 Even when users tails several challenges. A major, and computing- system environments and ten have access to on- premise computing clusters, these try to estimate this, they frequently largely overlooked one, is awareness configurations. resources might be insufficient for their application exe- CHALLENGES FOR HPC CLOUD USERS can’t predict how many application in- of the potential cost of using the cloud, The advisor doesn’t try to tell users cutions, known as jobs, or might force their jobs to wait a Moving HPC jobs to the cloud is a cultural, as well as tech- stances will be required because they given various job- allocation scenar- what the best job-allocation solution long time in a queue.1 Thus, HPC researchers are explor- nical, issue that affects users and IT infrastructure ad- might need to make multiple computa- ios. This is necessary for users to deter- is because the criteria for that may be ing the benefits of moving resource- intensive jobs, to the ministrators. Users frequently act as if on- premise HPC tions with different input parameters. mine when running a job in the cloud too unclear or subjective to express cloud.2–4 resources are cost- free and thus don’t always utilize them In traditional HPC facilities, such makes economic sense. To help users, in computational terms. Instead, it Renting HPC clusters in the cloud has recently become carefully. On the other hand, they appear more aware as universities and research centers, we’re developing a decision- support looks at the information gathered easier and less expensive. For instance, users can rent a that the cloud is not free and must be accessed wisely. users already struggle with estimat- system (DSS) designed to forecast from other components and provides 20- node cluster built with virtualized machines that have Users would benefit from a tool that helps them decide ing how much time they’ll need to use the cost of running HPC applications easy- to- understand suggestions about 64 Gbytes of RAM and 16 cores each for US$14 per hour. whether and how to use on- premise or cloud resources for on- premise resources. This is more in the cloud under several possible where best to run jobs such as “if your The same cluster using physical machines would rent for various tasks. complex in the cloud, in which users configurations, allowing for easier job takes more than 4 hours, you

itself. For example, if a job reaches a problematic state or the system devi- No Yes Result collection Submission User validation Staging Execution ates from its predicted behavior, the and cleanup monitor could issue a notification.

Data gathering Resource and statistics allocation decision Resource manager To execute jobs in the cloud, the system must provision cloud resources with the necessary operating system Figure 2. HPC decision- support system’s job flow. The dashed line represents where and libraries. Our tool uses cloud- the DSS’s advisor, queue analyzer, and job/app profiler operate. If the users don’t vali- provider APIs, which contain func- date the system’s job-allocation suggestions, they resubmit the job. If they do validate tions to allocate, release, and config- them, the job goes to staging, from which data and applications are transferred. Cloud ure cloud resources. These functions resources are provisioned if the job is running in the cloud. Otherwise, the application is allow the integration of the cloud queued in the on- premise resource manager. resources with an on- premise cluster- management system such as the Platform Load Sharing Facility (LSF), should run it in the on- premise clus- limits; and historical data of past job the Portable Batch System (PBS), the ter.” Ultimately, the user is in charge of executions could yield information Terascale Open- Source Resource and the process. on resource- access times, execution Queue Manager (TORQUE), and the times, and the number of processors Simple Linux Utility for Resource Queue analyzer allocated.11 This eliminates the need Management (SLURM). A major advantage of using cloud sys- to execute benchmarks for resource- tems is resource availability, as utiliz- allocation decisions not of interest Data manager ing on- premise clusters frequently en- to users. Most nontrivial jobs must read input tails long waits in queues. The queue data and produce output data. Output analyzer predicts the wait times that User interface information must be available for use various jobs would experience. The Sometimes neglected by the HPC com- after the system executes a job. Sim- challenge is determining how various munity, the user interface (UI) is criti- ply copying all data before job execu- cluster- management policies affect cal for providing good, clear time- and tion and then copying the new output prediction accuracy. cost- management information. Devel- information afterward might not be A few existing systems such as opers could employ data visualization cost- effective if there is a lot of infor- QBETS (queue bounds estimation techniques to create meaningful, func- mation, especially if the link between from time series)9 and the US National tional, and information- rich interfaces. on- premise and cloud resources has Science Foundation Extreme Science low throughput. Instead, the system and Engineering Discovery Environ- Environment switcher needs data synchronization to func- ment’s Karnak10 propose to tackle this Between job submission and execution efficiently. challenge. We’re developing our own tion, the on- premise cluster’s queue Another potentially more cost- queue analyzer based on these sys- status could change or users might de- effective alternative would be placing tems’ techniques. cide to run tasks in another environ- the information that is likely to be ment. In such cases, the system must used in an inexpensive cloud- based Job/app profiler be able to move jobs between environ- object storage service with high data- Benchmarks are necessary to deter- ments. If the job hasn’t started yet, the access rates for cloud instances. mine the best way to use cloud re - switcher interfaces with the resource sources: they help identify how a job manager to remove the job from or add CONTROL FLOW would perform in different environ - it to the cluster queue. If the job is al- Figure 2 shows our proposed sys- ments and configurations. However, ready running, the switcher relies on tem’s control flow. Once the user sub- extensive benchmark execution is checkpointing to save the job’s execu- mits a job, the system gathers user neither timely nor economically sus- tion state in one environment and re- constraints—such as the deadline tainable. Thus, the profiler combines store it in another. for job completion and the available benchmarks with information ob - budget—while also fetching queued tained from other sources. For exam- Monitor data and estimated execution times ple, users could provide information To provide the status of jobs being ex- from other components. If the job/ on budgets and resource- access time ecuted, the system should monitor app profiler doesn’t already have

28 ComputingEdge June 2016 88 COMPUTER WWW.COMPUTER.ORG/COMPUTER CLOUD COVER

itself. For example, if a job reaches a information about the type of job be- run in the cloud, which would increase the Cloud—2nd Compendium of Case problematic state or the system devi- ing run, it might execute benchmarks, expenses. Studies, tech. report, Tabor Commu- No Yes Result collection Submission User validation Staging Execution ates from its predicted behavior, the ask users to provide predictions, or Several of these decision- making nications, 2014. and cleanup monitor could issue a notification. take a conservative approach and processes are still done manually or 7. M. Leads et al., The Magellan Report provide an initial overestimate of ex- are scripted by experts because, in on Cloud Computing for Science, tech. Data gathering Resource and statistics allocation decision Resource manager ecution times. In addition, the data these cases, estimating execution report, US Department of Energy- To execute jobs in the cloud, the sys- manager calculates estimated data- times and the amount of resources re- Office of Science- Office of Advanced tem must provision cloud resources transfer times—which influence job- quired is complex and difficult. Thus, Scientific Computing Research, 2011. with the necessary operating system placement decisions when the amount tools like the one we’re developing are 8. C.B. Lee and A. Snavely, “On the Figure 2. HPC decision- support system’s job flow. The dashed line represents where and libraries. Our tool uses cloud- of information moving between on- necessary to improve and automate User- Scheduler Dialogue: Studies of the DSS’s advisor, queue analyzer, and job/app profiler operate. If the users don’t vali- provider APIs, which contain func- premise and cloud resources is large— more of these decisions. User- Provided Runtime Estimates date the system’s job-allocation suggestions, they resubmit the job. If they do validate tions to allocate, release, and config- by using historical data from previous HPC cloud use is an important and Utility Functions,” Int’l J. High them, the job goes to staging, from which data and applications are transferred. Cloud ure cloud resources. These functions transfers stored in the data manager. topic of investigation. More effi - Performance Computing Applications, resources are provisioned if the job is running in the cloud. Otherwise, the application is allow the integration of the cloud With all this information, the ad- cient resource utilization could vol. 20, no. 4, 2006, pp. 495–506. queued in the on- premise resource manager. resources with an on- premise cluster- visor calculates and ranks the cost of benefit organizations. And observ- 9. D. Nurmi, J. Brevik, and R. Wolski, management system such as the running the job in different environ- ing users’ behavior could shed light “QBETS: Queue Bounds Estimation Platform Load Sharing Facility (LSF), ments,1 presenting various options on their hard- to- model, subjective from Time Series,” Proc. 13th Int’l should run it in the on- premise clus- limits; and historical data of past job the Portable Batch System (PBS), the to the users, who then make a choice criteria for job allocation. Systems Workshop Job Scheduling Strategies for ter.” Ultimately, the user is in charge of executions could yield information Terascale Open- Source Resource and based on their own time- and cost- could leverage this understanding Parallel Processing (JSSPP 07), 2007, the process. on resource- access times, execution Queue Manager (TORQUE), and the related priorities. After user valida- to make job- configuration sugges- pp. 76–101. times, and the number of processors Simple Linux Utility for Resource tion, the system moves the job to the tions more relevant and helpful, en - 10. W. Smith, “A Service for Queue Queue analyzer allocated.11 This eliminates the need Management (SLURM). selected environment. abling efficient and well- informed Prediction and Job Statistics,” Proc. A major advantage of using cloud sys- to execute benchmarks for resource- During execution, the monitor eval- decision making. Gateway Computing Environments tems is resource availability, as utiliz- allocation decisions not of interest Data manager uates the job’s running time and cost, Workshop (GCE 10), 2010; doi: 10.1109 ing on- premise clusters frequently en- to users. Most nontrivial jobs must read input and if these values rise above a user- /GCE.2010.5676119. tails long waits in queues. The queue data and produce output data. Output defined threshold, the system triggers REFERENCES 11. D. Tsafrir, Y. Etsion, and D. Feitel- analyzer predicts the wait times that User interface information must be available for use an alarm. This could lead to additional 1. A. Marathe et al., “A Comparative son, “Backfilling Using System- various jobs would experience. The Sometimes neglected by the HPC com- after the system executes a job. Sim- data gathering and calculation, caus- Study of High- Performance Com- Generated Predictions Rather than challenge is determining how various munity, the user interface (UI) is criti- ply copying all data before job execu- ing the advisor to suggest alterna- puting on the Cloud,” Proc. 22nd Int’l User Runtime Estimates,” IEEE Trans. cluster- management policies affect cal for providing good, clear time- and tion and then copying the new output tive configurations in the execution Symp. High- Performance Parallel and Parallel and Distributed Systems, vol. prediction accuracy. cost- management information. Devel- information afterward might not be environment. Distributed Computing (HPDC 13), 18, no. 6, 2007, pp. 789–803. A few existing systems such as opers could employ data visualization cost- effective if there is a lot of infor- 2013, pp. 239–250. QBETS (queue bounds estimation techniques to create meaningful, func- mation, especially if the link between 2. A. Gupta et al., “The Who, What, from time series)9 and the US National tional, and information- rich interfaces. on- premise and cloud resources has n the short run, organizations must Why and How of High Performance Science Foundation Extreme Science low throughput. Instead, the system benchmark their frequently used Computing Applications in the MARCO A.S. NETTO is a researcher and manager of the Industrial and Engineering Discovery Environ- Environment switcher needs data synchronization to func- applications to evaluate the cost Cloud,” Proc. 5th IEEE Int’l Conf. Cloud 10 I Cloud Technologies Group at IBM ment’s Karnak propose to tackle this Between job submission and execution efficiently. benefit of migrating them to the cloud. Computing Technology and Science Research–Brazil and an IBM Master challenge. We’re developing our own tion, the on- premise cluster’s queue Another potentially more cost- They must also track the frequency (CloudCom 13), 2013, pp. 306–314. Inventor. Contact him at mstelmar@ queue analyzer based on these sys- status could change or users might de- effective alternative would be placing with which applications are exe- 3. M. AbdelBaky et al., “Enabling br.ibm.com. tems’ techniques. cide to run tasks in another environ- the information that is likely to be cuted because this impacts decisions High- Performance Computing as RENATO L.F. CUNHA is a researcher ment. In such cases, the system must used in an inexpensive cloud- based about whether and how to use cloud a Service,” Computer, vol. 45, no. 10, in IBM Research–Brazil’s Industrial Job/app profiler be able to move jobs between environ- object storage service with high data- or on- premise clusters. For example, 2012, pp. 72–80. Cloud Technologies Group. Contact Benchmarks are necessary to deter- ments. If the job hasn’t started yet, the access rates for cloud instances. frequently utilized applications that 4. C. Vecchiola, S. Pandey, and R. him at [email protected]. mine the best way to use cloud re - switcher interfaces with the resource demand a lot of resources should run Buyya, “High- Performance Cloud sources: they help identify how a job manager to remove the job from or add CONTROL FLOW in on- premise clusters to reduce cloud- Computing: A View of Scientific NICOLE SULTANUM worked at IBM Research–Brazil and is now a would perform in different environ - it to the cluster queue. If the job is al- Figure 2 shows our proposed sys- related costs. Applications,” Proc. 10th Int’l Symp. University of Toronto PhD candi- ments and configurations. However, ready running, the switcher relies on tem’s control flow. Once the user sub- For hybrid environments, resource- Pervasive Systems, Algorithms, and date. Contact her at nicolebs@ extensive benchmark execution is checkpointing to save the job’s execu- mits a job, the system gathers user allocation policies should carefully Networks (ISPAN 09), 2009, pp. 4–16. cs.toronto.edu. neither timely nor economically sus- tion state in one environment and re- constraints—such as the deadline match jobs and environments. For 5. W. Gentzsch and B. Yenier, The Uber- tainable. Thus, the profiler combines store it in another. for job completion and the available instance, tightly coupled parallel ap- Cloud HPC Experiment: Compendium benchmarks with information ob - budget—while also fetching queued plications or data- intensive applica- of Case Studies, tech. report, Tabor Selected CS articles and tained from other sources. For exam- Monitor data and estimated execution times tions should use on- premise resources Communications, 2013. This articlecolumns originally are also available appeared for in ple, users could provide information To provide the status of jobs being ex- from other components. If the job/ because slow network connections 6. W. Gentzsch and B. Yenier, The free at http://ComputingNow Computer.computer.org, vol. 48, no.. 11, 2015. on budgets and resource- access time ecuted, the system should monitor app profiler doesn’t already have would cause them to take too long to UberCloud Experiment: Tech. Comp. in

www.computer.org/computingedge 29 88 COMPUTER WWW.COMPUTER.ORG/COMPUTER NOVEMBER 2015 89 StandardS now

physically housed on site, while making use of resources provided outside of the organization for Standards for other features. The interaction between these two settings creates the conditions for use of a hybrid cloud approach.

Hybrid Clouds Infrastructure Boundaries in Clouds Software that needs to operate across boundaries in hybrid cloud settings can do so more easily when the interfaces between these components operate the same way on each side of the boundary. No matter In hybrId cloud settIngs, applIca- how well-designed, controllable, understandable, or tIons requIre careful partItIonIng as easy to use the software features of a particular pub- to whIch components wIll operate lic cloud provider might be, it’s nonetheless a dis- on whIch sIde of an organIzatIon’s tinct disadvantage if the interfaces and APIs of that boundary. The control and deployment settings provider don’t match those used by internal compo- available within the internal private part of a hybrid nents on the internal, private side of a hybrid cloud cloud might not match those available from a given deployment. public cloud provider, especially if that provider only Such interfaces therefore work best when they supports access through specific proprietary inter- can be deployed in a standardized, well-documented, faces. This column will explore emerging and estab- preferably machine-readable, self-documenting way, lished standards applicable to these settings. and are easily adaptable to both sides of the hy- In the most recent instance of this column, I brid cloud boundary. Of course, a cloud infrastruc- gave examples of application programming interfac- ture has components that span both hardware and es (APIs) in example scenarios related to hardware software. One goal of most cloud deployments is infrastructure control.1 These examples began with to disassociate these settings from each other, and adding control interfaces to individual machines or therefore allow deployment and scaling of software small collections of devices in a home or small of- features in ways that are as independent as possible fice setting and ranged up to consider APIs used in from details of the underlying hardware. large-scale datacenters. The next step is to consider Such dissociation is never complete. Consid- hybrid settings. erations such as cost, workflow, and optimal fit of Hybrid cloud scenarios arise when an orga- software tools to their operating environments enter nization decides for cost, security, or other con- into choices of deployment details such as instance siderations to keep some portion of its operations size, service abstraction, and virtualization para- digms such as containers versus virtual machines. Most public cloud providers offer a wide range of user-selectable choices for these deployment details. Because of this range, there’s often a greater degree of freedom for a software designer to design around, ignore, suppress, or simply specify details of the underlying hardware configuration on which their software will run in public cloud settings than in the context of private or hybrid clouds. AlAn Sill The reverse of this argument is also true. In private cloud settings, the physical infrastructure is Texas Tech University, more likely to be designed to match the exact needs [email protected] of a particular task or business problem, whereas in public clouds, the workflow itself generally has to be

d1sta.indd 92 5/17/16 6:25 PM StandardS now

physically housed on site, while making use of re- adapted to make the best use of the tools and inter- The emergence of these community-based tool sources provided outside of the organization for faces made available by the external provider. development and standardization efforts is the natu- Standards for other features. The interaction between these two The most obvious feature of hybrid cloud set- ral reaction to the complexity that results from hav- settings creates the conditions for use of a hybrid tings is therefore that control and orchestration ing multiple available approaches to a given problem. cloud approach. have to work across multiple underlying infrastruc- Such complexity often creates conditions such as ture variations, necessitating the choice of interfac- the examples I’ve given, in which overall simplifica- Hybrid Clouds Infrastructure Boundaries in Clouds es that can connect these different portions of the tion can be achieved by introducing a common, well- Software that needs to operate across boundaries in application or system. This feature places a premi- specified unifying approach. I’ve discussed methods hybrid cloud settings can do so more easily when the um on use of tools that are designed to work across to identify and target areas in which conditions are interfaces between these components operate the boundaries and can function in multiple settings. suited for standardization in previous columns.2 same way on each side of the boundary. No matter In hybrId cloud settIngs, applIca- how well-designed, controllable, understandable, or Hybrid Cloud Frameworks Cloud IaaS and PaaS Standards tIons requIre careful partItIonIng as easy to use the software features of a particular pub- These factors have led to a renewed emphasis on This column has covered formal standards related to whIch components wIll operate lic cloud provider might be, it’s nonetheless a dis- infrastructure frameworks that can be deployed on to cloud IaaS and PaaS before.3 Some of these, such on whIch sIde of an organIzatIon’s tinct disadvantage if the interfaces and APIs of that a variety of underlying infrastructure-as-a-service as the Open Cloud Computing Interface (OCCI) boundary. The control and deployment settings provider don’t match those used by internal compo- (IaaS) and platform-as-a-service (PaaS) provider from the Open Grid Forum (OGF, www.ogf.org), available within the internal private part of a hybrid nents on the internal, private side of a hybrid cloud software stacks. The technical term associated the Topology and Orchestration Standard for Cloud cloud might not match those available from a given deployment. with this process is standardization. Observers in Applications (TOSCA) from the Organisation for public cloud provider, especially if that provider only Such interfaces therefore work best when they software development and business analysis arenas Advancement of Structured Information Systems supports access through specific proprietary inter- can be deployed in a standardized, well-documented, sometimes shy away from using this term for fear of (OASIS, www.oasis-open.org), and the Cloud Data faces. This column will explore emerging and estab- preferably machine-readable, self-documenting way, applying it too early, but standardization is now the Management Interface (CDMI) from the Storage lished standards applicable to these settings. and are easily adaptable to both sides of the hy- explicit stated goal of some of the most modern and Networking Industry Association (SNIA, www.snia In the most recent instance of this column, I brid cloud boundary. Of course, a cloud infrastruc- up-to-date activities in cloud computing. .org), have since developed strong followings with gave examples of application programming interfac- ture has components that span both hardware and Several software frameworks that started as indi- adoption in several open source software projects. es (APIs) in example scenarios related to hardware software. One goal of most cloud deployments is vidual projects are now moving in this direction. Ex- Others, such as the Cloud Infrastructure Manage- infrastructure control.1 These examples began with to disassociate these settings from each other, and amples include Kubernetes, Docker, and Mesos, and ment Interface (CIMI) from the Distributed Man- adding control interfaces to individual machines or therefore allow deployment and scaling of software have led to standardization efforts such as the Open agement Task Force (DMTF, http://www.dmtf.org) small collections of devices in a home or small of- features in ways that are as independent as possible Container Initiative (OCI, www.opencontainers.org), continue to make progress in their formal definition fice setting and ranged up to consider APIs used in from details of the underlying hardware. which was created to serve as an industry forum for and documentation. large-scale datacenters. The next step is to consider Such dissociation is never complete. Consid- standardization of container-oriented virtualization. Each of these standards aims to address a dif- hybrid settings. erations such as cost, workflow, and optimal fit of These efforts have already borne fruit. The re- ferent aspect of the complexity and confusion that Hybrid cloud scenarios arise when an orga- software tools to their operating environments enter cent version 1.0 release of the rkt application concurrently characterizes cloud IaaS and PaaS inter- nization decides for cost, security, or other con- into choices of deployment details such as instance tainer framework (www.github.com/coreos/rkt) by faces. An extremely diverse situation currently holds siderations to keep some portion of its operations size, service abstraction, and virtualization para- CoreOS, for example, explicitly includes standards among cloud providers, with each having its own digms such as containers versus virtual machines. compatibility, stating that “rkt implements the appc tooling, deployment methods, and infrastructure Most public cloud providers offer a wide range of specification, supports the Container Networking control software. As discussed previously, whenever user-selectable choices for these deployment details. Interface specification, and can also run Docker the diversity of interfaces complicates rather than Because of this range, there’s often a greater images.” simplifies programming tasks, we can expect stan- degree of freedom for a software designer to design Another notable example of successful industry- dard protocols, APIs, and related interface tooling to around, ignore, suppress, or simply specify details based standardization is provided by the Cloud Na- emerge to simplify the deployment and operation of of the underlying hardware configuration on which tive Computing Foundation (CNCF, www.cncf.io), applications, and this condition also holds in hybrid their software will run in public cloud settings than which focuses on technologies that are designed to cloud settings. in the context of private or hybrid clouds. support cloud-based workflow patterns and scale Some API designers even build in deliberately AlAn Sill The reverse of this argument is also true. In well in cloud settings. A newly formed project, the designed restrictions to prevent discovery of, or di- private cloud settings, the physical infrastructure is Open API Initiative (OAI, www.openapis.org), which rect access to, internal features. Such restrictions Texas Tech University, more likely to be designed to match the exact needs aims to extend previous efforts of the Swagger com- can limit the usefulness of even the most powerful [email protected] of a particular task or business problem, whereas in munity in the area of API description and discovery, cloud provider services, unless the deployment also public clouds, the workflow itself generally has to be also looks promising. provides support for well-specified client interfaces

d1sta.indd 92 5/17/16 6:25 PM d1sta.indd 93 5/17/16 6:25 PM StandardS now

to enable remote use by other portions of an extend- clude libcloud (libcloud.apache.org), deltacloud ed system. Under such conditions, we can expect (deltacloud.apache.org), fog (www.fog.io), and the interest in cross-cutting standards that work across Spinnaker framework (www.spinnaker.io), recently boundaries such as those mentioned to grow, and open-sourced by Google. where successful, to flourish. Libcloud is a Python module that provides a layer of abstraction covering many different cloud Software Tools for Hybrid Workflows provider APIs, allowing programmers to write ap- The temptation of any programmer when presented plications that work across multiple providers. Lib- with a situation in which different parts of a prob- cloud provides an application binary interface that lem are best solved by different individual tools is to allows cloud interfaces to be treated as drivers, rath- write a script, program, or workflow tool that com- er than forcing the code to deal directly with each bines the various steps in an organized way. A re- cloud provider’s API. To use libcloud in cloud soft- lated condition can also be obtained when there is ware, the developer must include the Python module directly in the application’s code base rather than treat it as a remote procedure. Libcloud has progressed to a 1.0.0 preview release and remains Circumstances have led the interfaces under active development. It has also used by various cloud providers evolved to include support for block and object storage, load balancer, and do- to remain separate and mutually main name services. incompatible for a very long time. Deltacloud was an Apache project similar in intent to libcloud, but written in a different language (Ruby) and more limited in implementation options. It included an implementation of the CIMI some reason to build choices based on factors relat- standard as well as Amazon Elastic Compute Cloud ed to economics or speed into the solution, allowing (EC2) and its own internal API, but otherwise didn’t different providers to be used or different resources progress toward community adoption. The project to be drawn on for individual steps in the solution. hasn’t seen significant activity in over two years, and In hybrid cloud settings, the characteristic that has probably been abandoned. Although not directly unifies the choices to be made in a given workflow is related, the fog Ruby gem has emerged with similar the ability to use a common interface as the point of functionality and support for a much larger range of selection among internal options. Equivalently, the cloud providers. output from one step of the operation should ide- Ultimately, whether or not they’re technically ally be presented in a way that feeds naturally into successful, such multiprovider “Swiss Army knife” the next step of the workflow. Such considerations adapter toolkits will obviously depend on being kept lead naturally to standardization of input and out- up to date with changes to the underlying APIs of put formats and to the need for tools to adapt be- the different cloud providers, and hence differ in in- tween interfaces where cloud provider tooling isn’t tent and function from true API standards. Whether yet standardized and interoperable. or not they can be used in a particular setting highly This isn’t a new situation, but circumstances depends on the situation in which they’re deployed, have led the interfaces used by various cloud pro- and on the willingness of the package providers and viders to remain separate and mutually incompat- users to adapt to changes to the provider APIs. ible for a very long time. As a result, several libraries Spinnaker differs from these other adapter tool- and, more recently, multifunctional workflow tools kits in that it aims at a broader set of problems in have emerged to bridge over the differences between cloud deployment that are generally referred to as the APIs of different cloud providers. Examples in- continuous delivery. Instead of just trying to adapt

32 ComputingEdge June 2016 94 IEEE Cloud ComputI ng www.ComputE r.org/C loudComputI ng

d1sta.indd 94 5/17/16 6:25 PM StandardS now

This article originally appeared in IEEE Cloud Computing, vol. 3, no. 1, 2016.

to enable remote use by other portions of an extend- clude libcloud (libcloud.apache.org), deltacloud an API call for infrastructure control or services to 2015, pp. 80–84; doi:10.1109/MCC.2015.120. ed system. Under such conditions, we can expect (deltacloud.apache.org), fog (www.fog.io), and the the APIs of different providers, Spinnaker includes 2. A. Sill, “Socioeconomics of Cloud Standards,” interest in cross-cutting standards that work across Spinnaker framework (www.spinnaker.io), recently many other aspects of software integration, delivery, IEEE Cloud Computing, vol. 2, no. 3, 2015, pp. boundaries such as those mentioned to grow, and open-sourced by Google. and deployment along with cluster management in 8–11, doi:10.1109/MCC.2015.59. where successful, to flourish. Libcloud is a Python module that provides a its feature set. 3. A. Sill, “Cloud Standards News and Updates,” layer of abstraction covering many different cloud Although it includes a set of adapters for dif- IEEE Cloud Computing, vol. 2, no. 1, 2015, pp. Software Tools for Hybrid Workflows provider APIs, allowing programmers to write ap- ferent cloud providers, Spinnaker also incorpo- 72–75, doi:10.1109/MCC.2015.4. The temptation of any programmer when presented plications that work across multiple providers. Lib- rates workfl ow concepts such as pipelines, stages, with a situation in which different parts of a prob- cloud provides an application binary interface that scheduling, and triggers for various steps of cloud lem are best solved by different individual tools is to allows cloud interfaces to be treated as drivers, rath- software management. It also includes interfaces to alan sIll is interim senior director at the High Per- write a script, program, or workflow tool that com- er than forcing the code to deal directly with each code repositories, continuous integration engines, formance Computing Center at Texas Tech Univer- bines the various steps in an organized way. A re- cloud provider’s API. To use libcloud in cloud soft- image management, and an internal orchestration sity, where he’s also site director for the US National lated condition can also be obtained when there is ware, the developer must include the Python mod- engine to accomplish a wide variety of tasks that are Science Foundation Cloud and Autonomic Comput- ule directly in the application’s code important in maintaining a cloud software deploying Center and adjunct professor of physics. Sill has base rather than treat it as a remote ment and delivery. Each of these stages can in prin- a PhD in particle physics from American University. procedure. Libcloud has progressed ciple be hosted internally within an organization or He is an active member of IEEE, the Distributed to a 1.0.0 preview release and remains on one of several supported cloud providers, making Management Task Force, and the TeleManagement Circumstances have led the interfaces under active development. It has also Spinnaker attractive for use in hybrid cloud settings. Forum, and he serves as president for the Open Grid used by various cloud providers evolved to include support for block and As standards emerge from any of the previously Forum. For further details, visit http://cac.ttu.edu or object storage, load balancer, and do- discussed efforts, it would seem natural to see them contact him at [email protected]. to remain separate and mutually main name services. included in such multifunctional tools, and eventu- incompatible for a very long time. Deltacloud was an Apache project ally (if successful) to supplant and replace differ- similar in intent to libcloud, but written ences among the different cloud providers. It’s easy in a different language (Ruby) and more to see some of the container standardization efforts limited in implementation options. It in- mentioned here, for example, as candidates to be de- CONFERENCES cluded an implementation of the CIMI ployed within and among these tools. in the Palm of Your Hand some reason to build choices based on factors relat- standard as well as Amazon Elastic Compute Cloud ed to economics or speed into the solution, allowing (EC2) and its own internal API, but otherwise didn’t Let your attendees have: different providers to be used or different resources progress toward community adoption. The project as always, thIs dIscussIon only repre- • conference schedule to be drawn on for individual steps in the solution. hasn’t seen significant activity in over two years, and sents my own opInIon derIVed from • conference information In hybrid cloud settings, the characteristic that has probably been abandoned. Although not directly worKIng wIth the proJects, stan- • paper listings • and more unifies the choices to be made in a given workflow is related, the fog Ruby gem has emerged with similar dards, and software products men- The conference program mobile app the ability to use a common interface as the point of functionality and support for a much larger range of tIoned. I’m interested in hearing your opinion works for Android devices, iPhone, selection among internal options. Equivalently, the cloud providers. and experience, and I’m sure other readers of the iPad, and the Kindle Fire. output from one step of the operation should ide- Ultimately, whether or not they’re technically magazine would also appreciate such input. ally be presented in a way that feeds naturally into successful, such multiprovider “Swiss Army knife” Please respond with your opinions on this top- the next step of the workflow. Such considerations adapter toolkits will obviously depend on being kept ic or on those explored in previous columns. Let us lead naturally to standardization of input and out- up to date with changes to the underlying APIs of know what you think, and please also include any put formats and to the need for tools to adapt be- the different cloud providers, and hence differ in in- news you think the community should know about tween interfaces where cloud provider tooling isn’t tent and function from true API standards. Whether the general areas of cloud standards, compliance, or It’s already at yet standardized and interoperable. or not they can be used in a particular setting highly related topics. We’re always open to article submis- For more information please contact This isn’t a new situation, but circumstances depends on the situation in which they’re deployed, sions. I’m happy to review ideas for such submissions, yourConference Publishing ngertips Services (CPS) at [email protected] have led the interfaces used by various cloud pro- and on the willingness of the package providers and or for proposed guest columns. I can be reached for Computing in Science & Engineering viders to remain separate and mutually incompat- users to adapt to changes to the provider APIs. this purpose at [email protected]. (CiSE) appears in the IEEE Xplore ible for a very long time. As a result, several libraries Spinnaker differs from these other adapter tool- and AIP library packages, so your and, more recently, multifunctional workflow tools kits in that it aims at a broader set of problems in References institution is bound to have it. have emerged to bridge over the differences between cloud deployment that are generally referred to as 1. A. Sill, “When to Use Standards-Based APIs the APIs of different cloud providers. Examples in- continuous delivery. Instead of just trying to adapt (Part 2),” IEEE Cloud Computing, vol. 2, no. 6,

www.computer.org/computingedge 33 94 IEEE Cloud ComputI ng www.ComputE r.org/C loudComputI ng January/FEbruary 2016 IEEE Cloud ComputIng 95

d1sta.indd 94 5/17/16 6:25 PM d1sta.indd 95 5/17/16 6:25 PM CLOUD COVER

The Promise of Edge Computing

Weisong Shi, Wayne State University Schahram Dustdar, TU Wien

The success of the Internet of Things and rich response times, some might involve cloud services have helped create the need private data, and some might produce huge quantities of data. Cloud for edge computing, in which data processing computing can’t support these IoT applications. Edge computing, on the occurs in part at the network edge, rather other hand, can do so and will pro- than completely in the cloud. Edge computing mote many new IoT applications. could address concerns such as latency, mobile WHY DO WE NEED EDGE COMPUTING? devices’ limited battery life, bandwidth costs, Edge computing will become import- security, and privacy. ant for several reasons. Cloud services he term Internet of Things (IoT) was rst intro- Moving all computing tasks to duced to the technology community in in the cloud has been an e cient way to process data be- reference to automated supply-chain manage- cause there’s more computing power in the cloud than ment. The concept of enabling a computer to in the devices at the network edge. However, although Tsense information without human intervention was then data-processing speeds have risen rapidly, the band- applied to other elds such as healthcare, home technol- width of the networks that carry data to and from the ogy, environmental engineering, and transportation. cloud hasn’t increased appreciably. Thus, with edge de- With IoT implementation now becoming more wide- vices generating more data, the network is becoming spread, we’re entering the post-cloud era, in which devices cloud computing’s bottleneck. will generate a lot of data at the end of the network and As an example, cameras in an autonomous vehicle cap- many applications will be deployed at the edge to process ture a huge amount of video data, which the system must the information. Cisco Systems predicts that an estimated process in real time to yield good driving decisions. If the billion devices will connect to the Internet by . vehicle must send the data to the cloud for processing, Some of the applications they run might require very short the response time would be too long. And a large number

34 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE 78 COMPUTER PUBLISHED BY THE IEEE COMPUTER SOCIETY 0018-9162/16/$33.00 © 2016 IEEE EDITOR SAN MURUGESAN BRITE Professional Services; CLOUD COVER [email protected]

of autonomous vehicles in one area Database would further strain network band- Data width and reliability. Processing data at the network edge would yield shorter response times, Data Result Request Computing ofoad more e cient processing, and less Data caching/storage Data processing pressure on the network. Recent work Edge on micro-datacenters (mDCs; small, Request distribution Service delivery modular datacenters designed to opti- IoT management mize networked devices’ performance Privacy protection via the cloud) and cloudlets (small The Promise cloud datacenters at the Internet’s edge designed to work with mobile de- Devices vices) has studied this. (data producer/consumer) of Edge Computing The IoT Figure 1. In edge computing, the cloud collects data from existing databases, as has Billions of electrical devices—as well been done traditionally, and also from end devices such as sensors and mobile phones. as other devices such as air-quality The devices act as both data consumers and data producers. Thus, requests between Weisong Shi, Wayne State University sensors, LED bars, and streetlights— end devices and the cloud are bidirectional, instead of just from end devices to the cloud Schahram Dustdar, TU Wien will become part of the IoT and will as in the past. Nodes at the network edge perform many computing tasks—including produce, as well as consume, data. data processing, caching, device management, and privacy protection—to reduce traﬃ c The success of the Internet of Things and rich Conventional cloud computing won’t from devices to the cloud. IoT: Internet of Things. response times, some might involve be e cient enough to handle the sheer cloud services have helped create the need private data, and some might pro- volume of data they’ll generate. For ex- duce huge quantities of data. Cloud ample, the Cisco Global Cloud Index es- for edge computing, in which data processing computing can’t support these IoT timates that by , people, machines, From data consumer by wearable personal health devices, applications. Edge computing, on the and things will produce zettabytes to data producer rather than uploading the data over a occurs in part at the network edge, rather other hand, can do so and will pro- (a zettabyte is bytes) of data but In cloud computing, devices such as vulnerable network to the cloud. than completely in the cloud. Edge computing mote many new IoT applications. that global datacenter IP network traf- mobile phones at the network edge c will reach only . zettabytes. traditionally only consume data, such WHAT IS EDGE COMPUTING? could address concerns such as latency, mobile WHY DO WE NEED Typically, data producers generate as by enabling a user to watch a video. Edge computing, shown in Figure , re- EDGE COMPUTING? raw information and transfer it to the Now, though, users are also producing fers to the enabling technologies that devices’ limited battery life, bandwidth costs, Edge computing will become import- cloud, and data consumers send re- data with their mobile devices, such allow computation to be performed at ant for several reasons. quests for information to the cloud. as by uploading posts and photos to the network edge so that computing security, and privacy. However, this structure won’t work social-networking sites. happens near data sources. It works Cloud services with the IoT because of the large data This change requires more func- on both downstream data on behalf he term Internet of Things (IoT) was rst intro- Moving all computing tasks to volumes involved. tionality at the network edge. For of cloud services and upstream data duced to the technology community in in the cloud has been an e cient way to process data be- Using cloud computing with the IoT example, many people share images on behalf of IoT services. An edge reference to automated supply-chain manage- cause there’s more computing power in the cloud than will also raise concerns about the pri- or videos via a cloud-based social- device is any computing or network- ment. The concept of enabling a computer to in the devices at the network edge. However, although vacy of transferred data. In addition, networking service such as Facebook, ing resource residing between data Tsense information without human intervention was then data-processing speeds have risen rapidly, the band- most of the IoT’s end nodes are power Twitter, or Instagram. However, up- sources and cloud-based datacenters. applied to other elds such as healthcare, home technol- width of the networks that carry data to and from the constrained. O oading some comput- loading a large image or video clip For example, an edge device could be ogy, environmental engineering, and transportation. cloud hasn’t increased appreciably. Thus, with edge de- ing tasks to the network edge could be could require a lot of bandwidth. In a smartphone sitting between body With IoT implementation now becoming more wide- vices generating more data, the network is becoming more energy e cient. The OpenFog this case, a device at the network edge sensors and the cloud, or an mDC or spread, we’re entering the post-cloud era, in which devices cloud computing’s bottleneck. Consortium’s proposed fog comput- could reduce the video clip’s resolu- cloudlet between a mobile device and will generate a lot of data at the end of the network and As an example, cameras in an autonomous vehicle cap- ing paradigm—an infrastructure in tion, and thus its size, at the edge be- the cloud. many applications will be deployed at the edge to process ture a huge amount of video data, which the system must which some application services are fore uploading it to the cloud. In an- In edge computing, the end device the information. Cisco Systems predicts that an estimated process in real time to yield good driving decisions. If the handled by devices at the network edge other example, properly equipped edge not only consumes data but also pro- billion devices will connect to the Internet by . vehicle must send the data to the cloud for processing, and some by a cloud-based datacenter— devices could better protect privacy duces data. And at the network edge, Some of the applications they run might require very short the response time would be too long. And a large number would enable this. by processing sensitive data collected devices not only request services and

information from the cloud but also which then updates the shopping-cart such as disaster response and man- handle computing tasks—including view on the user’s device via the net- agement, body cameras for police of- processing, storage, caching, and work. This process might take a long ficers, smart vehicles, and connected load balancing—on data sent to and time depending on network speed health systems. from the cloud. The edge must be de - and server loads. Delays might be signed well enough to handle such even longer for mobile devices be- Programmability tasks efficiently, reliably, securely, cause of wireless networks’ relatively In edge computing, as several research and with privacy in mind. It thus low bandwidth. projects have demonstrated, program- must support requirements such as Cloud computing itself could also mers must partition the functions of differentiation, extensibility, isola- cause latency, which diminishes the their applications between the edge and tion, and reliability. user experience. Avoiding this is im- the cloud.7–9 Most early efforts in this Edge computing could yield many portant because shopping with mobile area were done manually and carefully benefits. For example, researchers devices is becoming increasingly pop- tuned, which isn’t scalable or extensi- have shown that using cloudlets to ular. Caching shopping-cart data at ble. Thus, easy-to-use programming offload computing tasks for wear- the edge and offloading shopping-cart frameworks and tools are required. able cognitive-assistance systems updates from cloud servers to edge improves response times by between nodes dramatically reduces latency. Naming 80 and 200 ms4 and reduces energy Numerous research projects have There are many edge devices and consumption by 30 to 40 percent. addressed how this type of offloading applications. Currently, however, CloneCloud technology reduces re- enhances performance and reduces there’s no efficient, standardized sponse times and power usage by 95 energy consumption in a mobile-cloud naming system for edge-computing percent for tested applications, in part environment.7–10 devices and applications so that they via edge computing.7 Data at the edge node could sub- can be easily found. Thus, edge prac- Edge-computing practitioners sequently be synchronized with the titioners usually must learn many should be aware of several issues, cloud in the background. communication and network proto- including system reliability. Also, cols to communicate with their sys- energy-constrained edge devices Finding a missing child tems’ heterogeneous elements. Edge could fail because of short battery Edge computing could help officials computing needs a naming scheme life or inadequate wireless commu- find missing children. Today, cameras that will handle device mobility, nications. In these cases, developers deployed in public areas in cities— as highly dynamic network topology, should still enable the system to pro- well as cameras in some vehicles— and privacy and security protection, vide its basic functions. could capture a missing child’s im- while also enabling scalability. Security and privacy are additional age. However, this frequently isn’t concerns. On one hand, edge com- leveraged because the camera data Privacy and security puting better protects data because usually isn’t uploaded to the cloud The network edge presents security processing occurs closer to the source due to privacy concerns or the cost of and privacy challenges. For example, than in cloud computing. However, transferring the information. Even if a hacker could learn a lot by reading supporting security and privacy is the images are in the cloud, accessing data going to and from a smart-home more difficult in edge computing due and searching such a huge quantity system. By capturing electricity or to network topology, the many inex- of data could take a long time, which water usage, the hacker could easily pensive personal mobile devices in the isn’t acceptable when looking for a determine if the house is probably va- system, and sensor unreliability. missing child. cant and thus vulnerable to burglary. With edge computing, the data A lack of efficient tools is one of the IMPLEMENTATION could be pushed to the many edge challenges to protecting data security EXAMPLES devices in a target area. They could and privacy at the network edge. Two examples demonstrate practical search the data they receive and report edge-computing implementations. the findings to the cloud, yielding the results much faster than using only dge computing could scale from Online shopping cloud computing. a single person to a smart home Online shopping could benefit from Eto even an entire city. Given edge computing. For example, a OPEN ISSUES that a city with 1 million people will customer might make frequent Edge computing needs killer apps to produce an estimated 180 petabytes shopping- cart changes. Tradition- reach its potential. Several applica- of data per day by 2019,5 the benefits ally, these changes occur in the cloud, tion domains are worth exploring could be enormous.

36 ComputingEdge June 2016 80 COMPUTER WWW.COMPUTER.ORG/COMPUTER CLOUD COVER

information from the cloud but also which then updates the shopping-cart such as disaster response and man- However, to realize this vision, the Device and Cloud,” Proc. 6th Conf. WEISONG SHI is a professor of handle computing tasks—including view on the user’s device via the net- agement, body cameras for police of- systems, network, and application Computer Systems (EuroSys 11), 2011, computer science at Wayne State processing, storage, caching, and work. This process might take a long ficers, smart vehicles, and connected communities must work together, pp. 301–314. University, where he heads the Data load balancing—on data sent to and time depending on network speed health systems. joined by the many groups that could 8. A. Rudenko et al., “Saving Portable Science Initiative. Contact him at from the cloud. The edge must be de - and server loads. Delays might be benefit from the technology such as Computer Battery Power through [email protected]. signed well enough to handle such even longer for mobile devices be- Programmability those in environmental and public Remote Process Execution,” ACM tasks efficiently, reliably, securely, cause of wireless networks’ relatively In edge computing, as several research health, law enforcement, fire protec- SIGMOBILE Mobile Computing and SCHAHRAM DUSTDAR is a profes- and with privacy in mind. It thus low bandwidth. projects have demonstrated, program- tion, and utility services. Communications Rev., vol. 2, no. 1, sor of computer science at TU Wien must support requirements such as Cloud computing itself could also mers must partition the functions of In the past few years, this process 1998, pp. 19–26. (Vienna Technical University), where differentiation, extensibility, isola- cause latency, which diminishes the their applications between the edge and has begun. For example, proponents 9. G. C. Hunt and M.L. Scott, “The Coign he heads the Distributed Systems tion, and reliability. user experience. Avoiding this is im- the cloud.7–9 Most early efforts in this formed the OpenFog Consortium Automatic Distributed Partitioning Group. Contact him at dustdar@dsg Edge computing could yield many portant because shopping with mobile area were done manually and carefully (www.openfogconsortium.org) in No- System,” Proc. 3rd Symp. Operating .tuwien.ac.at. benefits. For example, researchers devices is becoming increasingly pop- tuned, which isn’t scalable or extensi- vember 2015 to promote an ecosystem Systems Design and Implementation, have shown that using cloudlets to ular. Caching shopping-cart data at ble. Thus, easy-to-use programming to accelerate the adoption of open 1999, pp. 187–200. offload computing tasks for wear- the edge and offloading shopping-cart frameworks and tools are required. fog computing by bringing together 10. S. Kosta et al., “ThinkAir: Dynamic able cognitive-assistance systems updates from cloud servers to edge companies, universities, and indi- Resource Allocation and Parallel improves response times by between nodes dramatically reduces latency. Naming vidual researchers. In addition, new Execution in the Cloud for Mobile Selected CS articles and 80 and 200 ms4 and reduces energy Numerous research projects have There are many edge devices and conferences are planned, such as the Code Offloading,” Proc. 31st IEEE Int’l This articlecolumns originally are also available appeared for in consumption by 30 to 40 percent. addressed how this type of offloading applications. Currently, however, IEEE/ACM Symposium on Edge Com- Conf. Computer Comm. (Infocom 12), Computerfree at, vol. http://ComputingNow 49, no. 5, 2016. .computer.org. CloneCloud technology reduces re- enhances performance and reduces there’s no efficient, standardized puting (SEC), to be held in October 2012, pp. 945–953. sponse times and power usage by 95 energy consumption in a mobile-cloud naming system for edge-computing 2016; and the Mobile Edge Comput- percent for tested applications, in part environment.7–10 devices and applications so that they ing Congress (MEC), to be held in Sep- via edge computing.7 Data at the edge node could sub- can be easily found. Thus, edge prac- tember 2016. If this trend continues, Edge-computing practitioners sequently be synchronized with the titioners usually must learn many edge computing will be on its way to should be aware of several issues, cloud in the background. communication and network proto- fulfilling its promise. including system reliability. Also, cols to communicate with their sys- energy-constrained edge devices Finding a missing child tems’ heterogeneous elements. Edge REFERENCES could fail because of short battery Edge computing could help officials computing needs a naming scheme 1. K. Ashton, “That Internet of Things life or inadequate wireless commu- find missing children. Today, cameras that will handle device mobility, Thing,” RFID J., vol. 22, no. 7, 2009, nications. In these cases, developers deployed in public areas in cities— as highly dynamic network topology, pp. 97–114. got flaws? should still enable the system to pro- well as cameras in some vehicles— and privacy and security protection, 2. The Internet of Things: How the Next vide its basic functions. could capture a missing child’s im- while also enabling scalability. Evolution of the Internet Is Changing Security and privacy are additional age. However, this frequently isn’t Everything, white paper, Cisco Sys- concerns. On one hand, edge com- leveraged because the camera data Privacy and security tems, Apr. 2011. puting better protects data because usually isn’t uploaded to the cloud The network edge presents security 3. A. Greenberg et al., “The Cost of a processing occurs closer to the source due to privacy concerns or the cost of and privacy challenges. For example, Cloud: Research Problems in Data than in cloud computing. However, transferring the information. Even if a hacker could learn a lot by reading Center Networks,” ACM Computer supporting security and privacy is the images are in the cloud, accessing data going to and from a smart-home Communication Rev., vol. 39, no. 1, more difficult in edge computing due and searching such a huge quantity system. By capturing electricity or 2008, pp. 68–73. to network topology, the many inex- of data could take a long time, which water usage, the hacker could easily 4. M. Satyanarayanan et al, “The Case pensive personal mobile devices in the isn’t acceptable when looking for a determine if the house is probably va- for VM-Based Cloudlets in Mobile system, and sensor unreliability. missing child. cant and thus vulnerable to burglary. Computing,” IEEE Pervasive Comput- With edge computing, the data A lack of efficient tools is one of the ing, vol. 8, no. 4, 2009, pp. 14–23. IMPLEMENTATION could be pushed to the many edge challenges to protecting data security 5. Cisco Global Cloud Index: Forecast EXAMPLES devices in a target area. They could and privacy at the network edge. and Methodology, 2014-2019 White Find out more and get involved: Two examples demonstrate practical search the data they receive and report Paper, white paper, Cisco Systems, edge-computing implementations. the findings to the cloud, yielding the 2014. cybersecurity.ieee.org results much faster than using only dge computing could scale from 6. F. Bonomi et al., “Fog Computing Online shopping cloud computing. a single person to a smart home and Its Role in the Internet of Online shopping could benefit from Eto even an entire city. Given Things,” Proc. 1st Ed. MCC Workshop edge computing. For example, a OPEN ISSUES that a city with 1 million people will Mobile Cloud Computing (MCC 12), customer might make frequent Edge computing needs killer apps to produce an estimated 180 petabytes 2012, pp. 13–16. shopping- cart changes. Tradition- reach its potential. Several applica- of data per day by 2019,5 the benefits 7. B.-G. Chun et al., “CloneCloud: ally, these changes occur in the cloud, tion domains are worth exploring could be enormous. Elastic Execution between Mobile

www.computer.org/computingedge 37 80 COMPUTER WWW.COMPUTER.ORG/COMPUTER MAY 2016 81 Innovations in Ubicomp Products Editor: Albrecht Schmidt n University of Stuttgart n [email protected]

Cloud-Based AI for Pervasive Applications

Albrecht Schmidt, University of Stuttgart

I, computer vision, text analytics, well on the specific types of images used on the mobile or embedded devices A and speech recognition are becom- in the application. that might run the applications. Using ing more important for creating compel- Over the past few years, the quality this cloud-based centralized approach ling pervasive computing applications. of libraries and toolkits—including the benefits not only the application devel- User expectations will only increase Waikato Environment for Knowledge oper but also the company running the when it comes to what they expect from Analysis (WEKA) and openCV—has service, which receives numerous data their environment and their applications, massively improved, lowering the hur- samples. given their experiences with mobile dle to do machine learning and com- devices (including Google Now, Micro- puter vision. With the cloud-based ser- try BEforE you Buy (or soft Cortana, and Apple Siri) and given vices highlighted in this article, the bar InvESt tImE) popular competitions between AI and has been lowered again. On the one hand, using someone’s humans (such as the Jeopardy win by library or service is appealing, because IBM Watson). Also, as AI and computer it promises functionality with less vision advance, they enable exciting new Several cloud-based services effort than implementing the func- applications—especially in ubiquitous tionality yourself. On the other hand, have become available that computing. Here, I look at cloud-based the library or service might not work products that offer APIs that let devel- promise to encapsulate as expected, meaning the time invested opers include AI in their prototypes and and hide the hard part of was wasted. products. Building trust into a library or service AI, computer vision, text is key to increasing uptake. With tradi- EnCaPSulatIng aI analytics, and speech tional software libraries and also with Over 10 years ago, when talking with recognition. services, you often must implement a a computer vision researcher, I was sur- simple test program—or at least adapt prised to learn about some of the prob- the demo program provided—to see if lems the computer vision community Several cloud-based services have they are suitable. Here, the cloud-based had already solved. The disappointment become available that promise to services offer new ways for assessing the came when I wanted to build ubiquitous encapsulate and hide the hard part of suitability, and Project Oxford, IBM’s computing applications that could rely AI, computer vision, text analytics, AlchemyAPI for AI, and the Open Calais on these “solved problems.” The effort and speech recognition and that offer API are exemplary. Developers can try to include an algorithm, described in a simple-to-use APIs. Including sophisti- them out with their own data and images research paper, into an application took cated AI functionality in applications using the real interface before even start- significant effort (and, in many cases, thus becomes easy. The basic approach ing with an implementation. In this way, required help from computer vision is to transfer data (text, images, and they can see online if the services work as experts). The available libraries (early sounds) to the server, together with a expected, so the initial time investment is versions of openCV) required a solid set of parameters; the calculations are small. Figure 1 shows a screenshot of the understanding of the domain, and often then executed on the server, and the live demo of the Emotion API. The Web- the time invested into implementing test results are sent back to the client. This based user interface shows visually what software resulted in disappointment, approach has few requirements in terms was detected, and it provides the raw data because the algorithms didn’t perform of the processing and storage needed that will be received.

June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE 14 38PERVASIVE computing Published by the IEEE CS n 1536-1268/16/$33.00 © 2016 IEEE Innovations in Ubicomp Products Editor: Albrecht Schmidt n University of Stuttgart n [email protected]

Cloud-Based AI for Pervasive Applications

Albrecht Schmidt, University of Stuttgart

(a) (b)

I, computer vision, text analytics, well on the specific types of images used on the mobile or embedded devices Figure 1. Two examples of trying emotion recognition with the online interface of Project Oxford. To try the service out, you A and speech recognition are becom- in the application. that might run the applications. Using can just upload a photo and see the results. The service (a) overlays the detected values over the photo and (b) also provides the ing more important for creating compel- Over the past few years, the quality this cloud-based centralized approach results as a JavaScript Object Notation (JSON) object. (Screenshot from www.projectoxford.ai.) ling pervasive computing applications. of libraries and toolkits—including the benefits not only the application devel- User expectations will only increase Waikato Environment for Knowledge oper but also the company running the when it comes to what they expect from Analysis (WEKA) and openCV—has service, which receives numerous data SImPlICIty for thE their environment and their applications, massively improved, lowering the hur- samples. DEvEloPEr given their experiences with mobile dle to do machine learning and com- The Web-based APIs I discuss here are devices (including Google Now, Micro- puter vision. With the cloud-based ser- try BEforE you Buy (or powerful but designed to be simple to soft Cortana, and Apple Siri) and given vices highlighted in this article, the bar InvESt tImE) use for developers. However, they should popular competitions between AI and has been lowered again. On the one hand, using someone’s also be easily usable for even novice humans (such as the Jeopardy win by library or service is appealing, because Web programmers and app developers. IBM Watson). Also, as AI and computer it promises functionality with less A common approach is that the service vision advance, they enable exciting new Several cloud-based services effort than implementing the func- is called with a basic Web request that applications—especially in ubiquitous tionality yourself. On the other hand, transmits the data and sets the parame- have become available that computing. Here, I look at cloud-based the library or service might not work ters. The server responds with the results products that offer APIs that let devel- promise to encapsulate as expected, meaning the time invested in a format that is human readable and opers include AI in their prototypes and and hide the hard part of was wasted. easy to parse, such as JavaScript Object products. Building trust into a library or service Notation (JSON) or XML. AI, computer vision, text is key to increasing uptake. With tradi- Calling the Web-based services EnCaPSulatIng aI analytics, and speech tional software libraries and also with requires a key. Using this key, the services Over 10 years ago, when talking with recognition. services, you often must implement a provider can track and potentially bill a computer vision researcher, I was sur- simple test program—or at least adapt for the API calls made. For experiment- prised to learn about some of the prob- the demo program provided—to see if ing, free keys with a limited number of lems the computer vision community Several cloud-based services have they are suitable. Here, the cloud-based requests can be obtained (for example, had already solved. The disappointment become available that promise to services offer new ways for assessing the IBM offers 1,000 API events per day for came when I wanted to build ubiquitous encapsulate and hide the hard part of suitability, and Project Oxford, IBM’s free, Microsoft offers 5,000—10,000 computing applications that could rely AI, computer vision, text analytics, AlchemyAPI for AI, and the Open Calais API calls per month, and Thomson on these “solved problems.” The effort and speech recognition and that offer API are exemplary. Developers can try Reuters offers 5,000 API calls per day) to include an algorithm, described in a simple-to-use APIs. Including sophisti- them out with their own data and images and for productive use, payment options research paper, into an application took cated AI functionality in applications using the real interface before even start- are available (for example, IBM bills significant effort (and, in many cases, thus becomes easy. The basic approach ing with an implementation. In this way, from about 0,005€ to 0,00015€ per API Figure 2. Services (all in the beta stage) provided in the Project Oxford. (Source: required help from computer vision is to transfer data (text, images, and they can see online if the services work as event, depending on the number of calls www.projectoxford.ai; used with permission.) experts). The available libraries (early sounds) to the server, together with a expected, so the initial time investment is made). versions of openCV) required a solid set of parameters; the calculations are small. Figure 1 shows a screenshot of the For many applications in pervasive understanding of the domain, and often then executed on the server, and the live demo of the Emotion API. The Web- computing scenarios, this might be an the time invested into implementing test results are sent back to the client. This based user interface shows visually what economically interesting alternative to functions are called continuously, this perspective. However, if calls are linked software resulted in disappointment, approach has few requirements in terms was detected, and it provides the raw data natively implementing the functions or approach might not make much sense— to user actions (such as a smart coffee because the algorithms didn’t perform of the processing and storage needed that will be received. to running your own server. When the from an economic or performance maker that bills coffee automatically to

www.computer.org/computingedge 14 PERVASIVE computing Published by the IEEE CS n 1536-1268/16/$33.00 © 2016 IEEE JANUARY–MARCH 2016 PERVASIVE computing39 15 InnovatIons In UbIcomp prodUcts InnovatIons In UbIcomp prodUcts

Figure 3. A JavaScript implementation that uses functionality of the Emotion API: (a) a small JavaScript example program and (b) the response received for the image shown in Figure 1b. The delay for the API call was in my test between 1 and 2 seconds.

they are easy to understand. There are POST vision/v1/ocr?language=unk&detectOrientation=true similar APIs for machine learning, but Content-Type: application/json they require at least a basic understanding Host: api.projectoxford.ai of how the algorithms are trained or of Content-Length: 48 how the classification works. Ocp-Apim-Subscription-Key: *********** IBm alChEmy aPI Since 2011, when IBM Watson man- { "Url": "http://www.hcilab.org/photoWithText.jpg" } aged to win against two of Jeopardy’s champions, it has been apparent that AI Figure 4. The HTTP Post request for the optical character recognition API. A valid and more general cognitive technologies subscription key can be obtained from the website of the service. have great potential. The AlchemyAPI focuses on providing application programmers with the means to make com- users it sees), this approach is interesting, In 2015, Microsoft published a set puters understand human language and because the effort for the implementation of APIs to offer ready-made AI solu- to let them see, by integrating functions is minimal. For example, using the proj- tions packaged as Web services. The for text mining and computer vision ect Oxford Face-Recognition API and set includes computer vision, speech (www.alchemyapi.com). implementation would be straightfor- input and output, and language under- The AlchemyLanguage API offers ward, and neither cost nor delay would standing (see Figure 2 and https://www. different semantic text analysis APIs matter. projectoxford.ai). These services are in for natural-language processing. The the beta stage, and there is a large set APIs are designed to make it easier to ProjECt oxforD available at https://gallery.cortanaana- create smarter applications. The API Some time back, I came across the web- lytics.com. includes entity extraction, sentiment site https://www.how-old.net, which With computer vision, text analysis, analysis, keyword extraction, concept was widely shared on social networks. speech input, and speech synthesis, essen- tagging, author extraction, and lan- The function is pretty clear. You upload tial functions for multimodal pervasive guage detection. Figure 5 shows how a photo, and the service guesses the age computing systems are provided. The to request a sentiment analysis for a and gender of the person. The web- examples in Figures 3 and 4 show how given text. The sample is the same as site is entertaining, but the technolo- to access this functionally in your own tried out in the online demo shown gies behind it are available as a cloud applications. The focus here is on com- in Figure 6. The JavaScript program service. puter vision and text analysis, because encodes the request (the API-key, the

ComputingEdge June 2016 16 PERVASIVE40 computing www.computer.org/pervasive InnovatIons In UbIcomp prodUcts InnovatIons In UbIcomp prodUcts InnovatIons In UbIcomp prodUcts

Figure 5. Text sentiment analysis. (a) JavaScript example of a call to the AlchemyLanguage API for a sentiment analysis of a text snipplet. (b) The system response, using a JSON data structure. they are easy to understand. There are POST vision/v1/ocr?language=unk&detectOrientation=true similar APIs for machine learning, but Content-Type: application/json they require at least a basic understanding Host: api.projectoxford.ai of how the algorithms are trained or of text, and further parameters) in the Content-Length: 48 how the classification works. URL. In JavaScript, this URL is called Ocp-Apim-Subscription-Key: *********** and the system response is in JSON IBm alChEmy aPI format. Since 2011, when IBM Watson man- { "Url": "http://www.hcilab.org/photoWithText.jpg" } aged to win against two of Jeopardy’s thomSon rEutErS oPEn champions, it has been apparent that AI CalaIS aPI Figure 4. The HTTP Post request for the optical character recognition API. A valid and more general cognitive technologies Thomson Reuters offers with Open subscription key can be obtained from the website of the service. have great potential. The AlchemyAPI Calais an advanced and comprehensive focuses on providing application pro- text analytics Web service for unstruc- grammers with the means to make com- tured content. The system is built on a users it sees), this approach is interesting, In 2015, Microsoft published a set puters understand human language and natural-language processing engine and because the effort for the implementation of APIs to offer ready-made AI solu- to let them see, by integrating functions provides intelligence by attaching meta- is minimal. For example, using the proj- tions packaged as Web services. The for text mining and computer vision data tags to text. The basic approach ect Oxford Face-Recognition API and set includes computer vision, speech (www.alchemyapi.com). is to provide an input file (typically implementation would be straightfor- input and output, and language under- The AlchemyLanguage API offers text) to the server, and the content is ward, and neither cost nor delay would standing (see Figure 2 and https://www. different semantic text analysis APIs then semantically analyzed using sta- matter. projectoxford.ai). These services are in for natural-language processing. The tistical and machine learning methods; the beta stage, and there is a large set APIs are designed to make it easier to the output is metadata. Online demos ProjECt oxforD available at https://gallery.cortanaana- create smarter applications. The API are available at www.opencalais.com/ Some time back, I came across the web- lytics.com. includes entity extraction, sentiment opencalais-demo. site https://www.how-old.net, which With computer vision, text analysis, analysis, keyword extraction, concept Figure 7 shows an example in was widely shared on social networks. speech input, and speech synthesis, essen- tagging, author extraction, and lan- which the raw text of a call for The function is pretty clear. You upload tial functions for multimodal pervasive guage detection. Figure 5 shows how papers (included on page 5 of this a photo, and the service guesses the age computing systems are provided. The to request a sentiment analysis for a issue) was analyzed. This interactive and gender of the person. The web- examples in Figures 3 and 4 show how given text. The sample is the same as Figure 6. The online demo of the AlchemyLanguage API showing a simple text interface shows the extracted infor- site is entertaining, but the technolo- to access this functionally in your own tried out in the online demo shown sentiment analysis. The text “I am happy to see you today” is recognized as mation lets you assess the suitability gies behind it are available as a cloud applications. The focus here is on com- in Figure 6. The JavaScript program English, with a positive sentiment and a score of 0.837. (Source: AlchemyAPI, www. of the API without any implementa- service. puter vision and text analysis, because encodes the request (the API-key, the alchemyapi.com; used with permission.) tion. This API delivers a full-scale

www.computer.org/computingedge 16 PERVASIVE computing www.computer.org/pervasive JANUARY–MARCH 2016 PERVASIVE computing41 17 InnovAtIonS In UbIcomP ProdUctS InnovAtIonS In UbIcomP ProdUctS

Figure 7. The screenshot shows the result page of a text analytics request using the Open Calais live demo. It has the tagged text on the right and the extracted keywords and concepts on the left. (Source: Open Calais, www.opencalais.com/opencalais-demo; used with permission.)

textual analysis, and the result is a tasks are examples that are well sup- us,” but we have to keep in mind that fully tagged text with additional infor- ported by different services: this also limits what the services can mation. The metadata from Open Cal- offer. An expert in computer vision, ais is provided as XML/RDF, and it • basic computer vision tasks and text mining, or speech recognition is also Linked Data compatible. As object recognition; will likely to be able to implement seen in Figure 7, the topics extracted • emotion, age, and gender recognition a better or faster, or at least more spe- included Internet technologies and from facial images; cific, solution. science, and the host institutions of • optical character recognition; the guest editors were also detected. • speech input, transcription, and The same functionality as in the live synthesis; demo is also available via the API, • language detection and spell checking; which can be found at www.opencal- • sentiment analysis and keyword albrecht Schmidt is a professor of human- ais.com/opencalais-api. extraction; and computer interaction at the University of Stutt- • basic text analysis and concept gart. Contact him at albrecht.schmidt@vis. extraction. uni-stuttgart.de. ncluding basic AI in applications I is really simple! The program- Although I presented only a few ser- ming skills required are minimal, an vices here, many more are available understanding of the algorithms isn’t that offer similar functionality and aim This article originally appeared in required, and setting the parameters to make it easy for app developers to IEEESelected Pervasive CS articles Computing and columns, requires only a basic idea of what the implement AI. The simplicity of these vol. 15,are alsono. available1, 2016. for free at services do. Overall, the following APIs makes them useful to the “rest of http://ComputingNow.computer.org.

ComputingEdge June 2016 18 PERVASIVE42 computing www.computer.org/pervasive Move Your Career Forward IEEE Computer Society Membership

Explore These Cloud Computing Resources

Advance Your Career

Cloud Computing Professional Development Courses The Computer Society offers three professional development courses on cloud computing: • Cloud Computing in the Business Environment • Cloud Governance and Security • Cloud Economics, Migration, and Metrics All three can help you in migrating your IT infrastructure to the Cloud.

Certified Cloud Security Professional The CCSP designation denotes individuals with extensive knowledge and hands-on experience with all facets of security, including information, software, cloud computing, and infrastructure. CCSPs help you achieve the highest standards for cloud security so that your organization can fully benefit from cloud computing’s power while securing sensitive data.

Build Your Knowledge

IEEE Cloud Computing Initiative Helping accelerate cloud computing technology development and use, this IEEE initiative offers six interdependent resources: standards development; a Web portal (http://cloudcomputing.ieee.org); conferences; continuing education courses; publications; standards development; and a testbed.

Computer Society Cloud Computing Publications Visit the Computer Society Digital Library (www.computer.org/web/csdl) to access IEEE Cloud Computing magazine (www.computer.org/cloudcomputing) and IEEE Transactions on Cloud Computing (www.computer.org/web/tcc).

FOR DIRECT LINKS TO THESE RESOURCES, VISIT www.computer.org/edge-resources Graphically Speaking Editor: André Stork

Underwater Visual Computing: The Grand Challenge Just around the Corner

Uwe Freiherr von Lukas Universität Rostock

isual computing is in uencing nearly ev- would thus pro t from visual computing technol- ery aspect of our lives. We plan our new ogy to make them more ef cient, robust, and safe. kitchens with augmented reality, rely on Because of the speci c environmental conditions camera-basedV assistance systems in modern cars, inherent in underwater settings, these applications and pro t from enormous progress in medical are not as straightforward as graphical applica- imaging technologies for diagnosis. Our smart- tions in air, which raises many research questions. phones gives us megapixel cameras and high- This article examines some of the challenges resolution displays available at our ngertips, and for underwater visual computing and looks at the the next generation of devices will also offer op- steps being taken to cope with them. tical 3D sensors and 3D displays. Via Wi-Fi and 4G networks, we have permanent and affordable Underwater Applications broadband access to unlimited data spaces and The oceans are the backbone of worldwide trade computing power in the cloud. Global Navigation and the source of a signi cant share of oil and gas Satellite Systems (GNSS) even allow us to always production. However, oceans also play an impor- accurately determine our positions. tant role in delivering animal protein (via catch All those technologies open up a universe of in- and a growing percentage of aquaculture), are a teractive visual computing applications in every cornerstone of the transition to renewable energy, situation and everywhere around the world, right? and are a future source for mineral resources. Not really. Two-thirds of our planet is covered by Together with pipelines and sea cables connect- water. As soon as we leave the land and dive into ing continents and ports or dikes, a lot of techni- the oceans, we enter a completely new environment cal structures have to be planned, installed, and that presents signi cant differences compared with maintained in underwater settings. Some of those dry land: structures are installed in shallow waters, whereas others are in the deep sea, up to several thousands ■ Almost none of the technical devices we use can of meters deep. operate under water. Given this environment, the current list of un- ■ The optical properties of water strongly in u- derwater tasks includes ence image acquisition and visualization. ■ The water damping disconnects users and de- ■ installing, inspecting, and repairing underwater vices from satellite signals and other wireless structures; network connections. ■ exploring mineral resources (such as manganese nodules); and With the growing number of subsea and off- ■ monitoring the health of marine aquacultures. shore activities, the research on visual computing applications for underwater settings will become Similar to applications on dry land, users could more important in the near future. Many tasks, bene t from functional assistance that utilizes ranging from marine research to submarine cable augmented reality (AR) glasses or spatial AR dur- inspection, have to be performed underwater and ing subsea procedures. Furthermore, training en-

g2gra.indd 10 2/22/16 10:24 PM vironments should be available where they could water. Due to refraction, the simple but powerful optimize their processes in a realistic but inexpen- pinhole camera model cannot be used for imaging sive and safe environment. Those training envi- when using a flat port for an underwater camera. ronments should convey a good impression of the It has to be enhanced by more complex models particular visual limitations and differences, such that are able to deal with the nonlinear effects in as magnification effects. this setup.1 For cost and safety reasons, the divers who have Another important effect is light absorption in traditionally performed most of these jobs have water. This kind of attenuation depends on the increasingly been replaced by remotely operated wavelength of the light: red light is absorbed most vehicles (ROV). Therefore, ROV operators must strongly and blue is absorbed least. With increas- be trained to steer it from a control room where ing depth, we first lose the red part of the spectrum they do not have a direct sight to the ROV and and then the orange, yellow, green, and blue. How- must interpret a limited set of sensors such as a ever, this effect is not only relevant for light going forward-looking camera, depth sensor, and com- vertically from the surface to the ground but also pass. For standard procedures such as inspection for light that travels from a distant object to the tasks or monitoring, even autonomous underwater diver or a camera underwater. Furthermore, differ- vehicles (AUV) are an option. Still, such vehicles ent bodies of water have different color casts—for have to be developed and tested to navigate and example, the very blue water of the Red Sea or the operate safely without collisions. This too requires green color of the Baltic Sea—based on the local visual computing technology such as 3D recon- constituents of the water. struction and object detection. In addition to these economic motivations to utilize the oceans, ocean discovery is also an im- Visual computing in underwater portant driver for underwater activities. Because of the extreme physical challenges, large deep- settings is particularly affected by sea areas have not yet been explored. Although we have good maps of our moon and Mars, there the optical properties of the is no detailed information on the seafloor or the surrounding medium. deep subsea habitats. In late 2015, the XPRIZE Foundation launched a global challenge, the Shell Ocean Discovery XPRIZE, to stimulate technology Finally, yet importantly, we have complex scat- development for ocean discovery with $7 million tering effects caused by soiled particles in the in awards (see http://oceandiscovery.xprize.org). water. Oskar Elek and his colleagues provided a Obviously, there is no efficient way for human good introduction to scattering and the efficient beings to physically enter deep-sea areas in up to algorithms that simulate it.2 The effect of larger 10,000 m depths. Therefore, we need smart tech- particles or small bubbles that sometimes severely nical systems to do this and collect the necessary reduce scene perception is known as marine snow. information with their sensors. Because of the The combination of those optical effects can enormous size of the still unknown areas, those lead to an extreme reduction in image quality of systems must be fast and efficient and work with a underwater images, as Figure 1 illustrates. high level of autonomy. They also must be flexible Besides those obvious influences, we also take enough to react to new situations. It is not enough into account additional physical effects for under- just to look for known objects. New species will be water visual computing: discovered, and a new world has to be explored. ■ When leaving shallow waters and going to Challenging Physical Effects deeper areas, we have to cope with high pres- Visual computing in underwater settings is par- sure. This means that all technical systems have ticularly affected by the optical properties of the to be protected by a pressure-resistant housing surrounding medium. The 1.33 refractive index of or engineered as a pressure-neutral system. water (compared with 1.0 for air) results in a sig- ■ Salty water is aggressive. For this reason, the nificant refraction of every light ray at the bound- materials for housings, fixings, and cables have ary between air and water with an optional glass to be carefully selected. pane between. For this reason, objects in water ap- ■ Marine biofouling will affect all objects that are pear closer and larger when the observer is look- exposed to the water for a long period. Optical ing into a fish tank or through the surface of the ports must be cleaned regularly.

www.computer.org/computingedge IEEE Computer Graphics and Applications 4511

g2gra.indd 11 2/22/16 10:24 PM Graphically Speaking

(a) (b) Figure 1. Reduction in image quality for underwater images. Color chart in (a) air and (b) the Baltic Sea at a 4 m depth and a 3 m distance to the camera with no artificial light. Both images are taken with a Canon EOS 5D Mark II. (Courtesy of PINKAU Interactive Entertainment GmbH)

■ Wireless communication based on radio waves ■ In air, we typically use optical systems for mea- will fail if more than 25 cm of water is between surement (such as laser systems or photogram- the sender and receiver. This absorption means metry). Underwater we have to combine or even Bluetooth, Wi-Fi, and GNSS cannot be used un- replace this with sonar-based measuring. This derwater. Acoustic signal channels can be used sensor has completely different characteristics, for communication and positioning, but the which makes sensor fusion a hard task. bandwidth is much lower (less than 50 kbps) ■ Large image collections that are used as training and has a much higher delay (about 300 ms). sets for statistical methods of imaging typically ■ Energy consumption is a critical factor for divers ignore underwater images. and AUVs when using electronic equipment. An ■ Some of the interaction technologies that have empty battery will typically terminate a mission. become popular in the last years (such as ca- pacitive touchscreens, Microsoft Kinect work- Because of these physical effects, visual computing with a projected infrared pattern, and Leap ing solutions that work perfectly in traditional en- Motion working with infrared light) will not vironments in air will fail when applied in subsea work or will have limitations in underwater conditions. Even if we neglect the problems caused installations. by these harsh conditions that are addressed by ■ Even though the computing (and graphics) current marine technology, a variety of problems power of mobile platforms has significantly im- remain for the visual computing community: proved, several of the low- and high-level visual computing algorithms will not allow for real- ■ Images that are rendered and displayed in good time processing on the local device. For this quality up to High Dynamic Range (HDR) will reason, cloud-based architectures are used in suffer from color cast if watched from a distance. mobile applications with demand for additional In addition to other implications, this has effects computing power. However, many subsea set- on how we use color in the user interface design. tings do not have a communication network ■ Light absorption and scattering can drastically available to access those central services. reduce the quality of underwater images and thus the overall performance of an imaging sys- This list shows some of the specific requirements tem. It remains a challenge to make algorithms of visual computing technology to be used in such as tracking or image-based reconstruction underwater scenarios. However, when we go into robust against low-quality images. more detail, even more challenges will appear. ■ Sunlight that is refracted at the wavy surface of the water creates dynamic sunflicker (caustics) Selected Building Blocks on the seabed in shallow water. This effect dis- There is already a small community of research- turbs higher-order methods such as feature or ers trying to address those challenges. However, object detection. compared with the worldwide number of visual ■ Accurate 3D information from an underwater ste- computing researchers, this community is small. reo camera system with a flat port needs specific Often those groups are affiliated with ocean re- approaches for camera calibration. Using pure in- search institutes that publish their research re- air calibration will lead to incorrect results. sults in sectoral journals and conferences such as

1246 March/AprilComputingEdge 2016 June 2016

g2gra.indd 12 2/22/16 10:24 PM Graphically Speaking

Figure 2. Using depth IEEE OCEANS (http://ieeexplore.ieee.org/xpl/con- information home.jsp?punumber=1000515). A broader interest from the scene in the requirements and challenges of underwater to apply color applications could accelerate research progress in correction. this important field. Nevertheless, even this small (a) A frame of community is working in nearly all the areas men- the original tioned here, with a focus on improving quality of underwater underwater images3 and on 3D reconstruction.4 video recorded (a) To illustrate the field’s early achievements, here with natural we review research results from my group at the light. (b) Using (a) (b) Visual Computing Research and Innovation Cen- SIFT (scale- Figure 1. Reduction in image quality for underwater images. Color chart in (a) air and (b) the Baltic Sea at a 4 ter. The first example (see Figure 2) deals with color invariant m depth and a 3 m distance to the camera with no artificial light. Both images are taken with a Canon EOS 5D cast. In addition to other methods, we use depth in- feature Mark II. (Courtesy of PINKAU Interactive Entertainment GmbH) formation from the scene to apply color correction transform) with different parameters. That is, light reflected by features and ■ Wireless communication based on radio waves ■ In air, we typically use optical systems for mea- objects in the background will “lose” more red light triangulation will fail if more than 25 cm of water is between surement (such as laser systems or photogram- when travelling through the scene to the camera to distinguish the sender and receiver. This absorption means metry). Underwater we have to combine or even compared with objects in the foreground. For this several depth Bluetooth, Wi-Fi, and GNSS cannot be used un- replace this with sonar-based measuring. This reason, the red channel must be increased more for (b) layers, and derwater. Acoustic signal channels can be used sensor has completely different characteristics, remote objects than for near objects. (c) the result for communication and positioning, but the which makes sensor fusion a hard task. Our second example (see Figure 3) shows how processed with bandwidth is much lower (less than 50 kbps) ■ Large image collections that are used as training missing information in blurred underwater images our method of and has a much higher delay (about 300 ms). sets for statistical methods of imaging typically can partially be restored using statistical methods. adaptive color ■ Energy consumption is a critical factor for divers ignore underwater images. In a preprocessing step, we train two dictionaries mapping to and AUVs when using electronic equipment. An ■ Some of the interaction technologies that have of small image patches: one containing low-quality remove color empty battery will typically terminate a mission. become popular in the last years (such as ca- patches and a derived dictionary of high-quality cast. pacitive touchscreens, Microsoft Kinect work- patches. Using sparse representation theory. we Because of these physical effects, visual computing with a projected infrared pattern, and Leap can retrieve an adequate high-resolution patch for ing solutions that work perfectly in traditional en- Motion working with infrared light) will not any given low-resolution patch.5 vironments in air will fail when applied in subsea work or will have limitations in underwater A correct intrinsic and extrinsic calibration is (c) conditions. Even if we neglect the problems caused installations. a crucial step for an accurate 3D reconstruction. by these harsh conditions that are addressed by ■ Even though the computing (and graphics) When using a stereo camera setup in a single real object points in underwater imaging. This ap- current marine technology, a variety of problems power of mobile platforms has significantly im- housing with a flat port, as we find with most low- proach can reduce the effort for calibration and remain for the visual computing community: proved, several of the low- and high-level visual and mid-price housings, we have to explicitly con- leads to good results.6 computing algorithms will not allow for real- sider refraction. Our geometry-based calibration ■ Images that are rendered and displayed in good time processing on the local device. For this method uses a hypothesis for the relation between Underwater Mixed Environments quality up to High Dynamic Range (HDR) will reason, cloud-based architectures are used in the location of so-called virtual object points and Underwater mixed environments are specifically suffer from color cast if watched from a distance. mobile applications with demand for additional In addition to other implications, this has effects computing power. However, many subsea set- on how we use color in the user interface design. tings do not have a communication network ■ Light absorption and scattering can drastically available to access those central services. reduce the quality of underwater images and thus the overall performance of an imaging sys- This list shows some of the specific requirements tem. It remains a challenge to make algorithms of visual computing technology to be used in such as tracking or image-based reconstruction underwater scenarios. However, when we go into robust against low-quality images. more detail, even more challenges will appear. ■ Sunlight that is refracted at the wavy surface of the water creates dynamic sunflicker (caustics) Selected Building Blocks on the seabed in shallow water. This effect dis- There is already a small community of research- turbs higher-order methods such as feature or ers trying to address those challenges. However, object detection. compared with the worldwide number of visual ■ Accurate 3D information from an underwater ste- computing researchers, this community is small. (a) (b) reo camera system with a flat port needs specific Often those groups are affiliated with ocean re- approaches for camera calibration. Using pure in- search institutes that publish their research re- Figure 3. Restoring missing information in blurred underwater images using statistical methods. (a) Original air calibration will lead to incorrect results. sults in sectoral journals and conferences such as image. (b) Image result after applying our learning-based algorithm for super-sampling.

12 March/April 2016 www.computer.org/computingedge IEEE Computer Graphics and Applications 4713

g2gra.indd 12 2/22/16 10:24 PM g2gra.indd 13 2/22/16 10:24 PM Graphically Speaking

Real underwater Virtual underwater

Extended aquarium for Diver training Realistic marine research ROV training of space and maybe some concrete training sce- Space Scattering in Homogeneous Environments,” Uwe Freiherr von Lukas is a professor at Universität underwater scene Virtual aquarium for narios. Water-based physical therapy for multiple IEEE Computer Graphics and Applications, vol. 33, no. Rostock and head of the Maritime Graphics Department edutrainment sclerosis and other diseases needs a similar setup 3, 2013, pp. 53–65. of Fraunhofer IGD in Rostock. Contact him at uwe.von. with just one difference: an environment that is 3. R. Wang et al., “Review on Underwater Image [email protected]. Diver assistance Developing/testing marine stimulating or motivating for the patient would Restoration and Enhancement Algorithms,” Proc. Argumented technology underwater ROV operation replace the space environment. 7th Int’l Conf. Internet Multimedia Computing and Contact department editor André Stork at andre.stork@igd. scene Archaeological research Figure 5 shows an installation in our lab that is Service (ICIMCS), 2015, article no. 56. fraunhofer.de. used for research in underwater mixed environ- 4. J. Perez et al., “Exploring 3-D Reconstruction ments. This setup, which is based on a sh tank, Techniques: A Benchmarking Tool for Underwater Selected CS articles and columns are also available Rehabilitation Not underwater No can be used for different kinds of experiments. Two Robotics,” IEEE Robotics & Automation Magazine, vol. for free at http://ComputingNow.computer.org. underwater Austronaut training sides are equipped with displays to mix the physi- 22, no. 3, Sept. 2015, pp. 85–95. scene cal world with virtual content. Furthermore, there 5. F. Farhadifard, Z. Zhou, and U. Freiherr von Lukas, is a projector on the ceiling that is used to apply a “Learning-Based Underwater Image Enhancement Figure 4. The classi cation scheme for underwater mixed environments. controlled color cast in the tank. We also include with Adaptive Color Mapping,” Proc. 9th Int’l Symp. The real and virtual water categories and the degree of underwater Robo sh to have some moving objects in the water. Image and Signal Processing and Analysis (ISPA), 2015, realism help classify different applications.7 pp. 48–53. 6. T. Dolereit, U. Freiherr von Lukas, and A. Kuijper, irtual environments, AR, and imaging appli- “Underwater Stereo Calibration Utilizing Virtual Visit CG&A on Vcations have been developed for decades, and Object Points,” OCEANS 2015 – Genova, 2015, pp. they cover a broad spectrum of areas, from en- 1–7. the Web at tertainment and personal assistance to medicine 7. U. Freiherr von Lukas et al., “Underwater Mixed www.computer.org/cga and industry. However, they typically are designed Environments,” Virtual Realities: International for use in air. The speci c properties of water nd Dagstuhl Seminar 2013, LNCS 8844, Springer, 2015, here introduce unique challenges for visual com- pp. 56–76. puting experts. Moving forward, mankind will increasingly rely on the oceans to solve the problems of future gen- erations in areas such as food, energy, and mineral resources. Such endeavors must be augmented by a new generation of hardware and software that can cope with harsh underwater conditions, the optical Figure 5. Research setup of an underwater mixed environment using a characteristics of the water, and the limited access sh tank with high-resolution displays on two sides and an additional to remote computing resources. Visual computing projection from the top to simulate light conditions (projector not will be an important discipline in helping address visible here). Robo sh are used to physically populate the underwater the grand challenges just around the corner. Showcase Your scene. The external camera is optically equivalent to an underwater camera with a at port housing. Multimedia Content Acknowledgments on Computing Now! designed to use visual computing in subaqueous This article is based on research with my colleagues conditions or simulate such an environment. In conducted in the context of the Visual Computing Re- addition to the optical peculiarities, there is also search and Innovation Center, especially Tim Dolereit, IEEE Computer Graphics and Applications a hydrostatic uplift that makes activities in a Fahimeh Farhadifard, and Zhiliang Zhou. We grate- seeks computer graphics-related subsea setting unique. It allows a balanced diver fully acknowledge the support of the German Federal multimedia content (videos, animations, (or technical system) to oat as if there is no State of Mecklenburg-Western Pomerania and the Eu- simulations, podcasts, and so on) to gravitation. The classi cation scheme in Figure 4 ropean Social Fund. I also thank the organizers and feature on its Computing Now page, www.computer.org/cga. shows that different applications need a different participants of the Dagstuhl Seminar 2013 on Virtual kind of setup.7 In particular, we can distinguish Realities, which was the starting point of the concept If you’re interested, contact us at between a real underwater setting and a dry setup of underwater mixed environments. [email protected]. All content will be that simulates a water-based setting. reviewed for relevance and quality. From this classi cation, we can learn that there are also applications that are not connected to References underwater environments on the rst view. Astro- 1. T. Treibitz, Y.Y. Schechner, and H. Singh, “Flat naut training primarily makes use of the oating Refractive Geometry,” Proc. IEEE Conf. Computer effect in water. Typically, it would be combined Vision and Pattern Recognition (CVPR), 2008, pp. 1–8. with a virtual world that supports the illusion 2. O. Elek, T. Ritschel, and H.P. Seidel, “Real-Time Screen-

1448 March/AprilComputingEdge 2016 June 2016 IEEE Computer Graphics and Applications 15

g2gra.indd 14 2/22/16 10:24 PM g2gra.indd 15 2/22/16 10:24 PM Graphically Speaking

Real underwater Virtual underwater

Extended aquarium for Diver training Realistic marine research ROV training of space and maybe some concrete training sce- Space Scattering in Homogeneous Environments,” Uwe Freiherr von Lukas is a professor at Universität underwater scene Virtual aquarium for narios. Water-based physical therapy for multiple IEEE Computer Graphics and Applications, vol. 33, no. Rostock and head of the Maritime Graphics Department edutrainment sclerosis and other diseases needs a similar setup 3, 2013, pp. 53–65. of Fraunhofer IGD in Rostock. Contact him at uwe.von. with just one difference: an environment that is 3. R. Wang et al., “Review on Underwater Image [email protected]. Diver assistance Developing/testing marine stimulating or motivating for the patient would Restoration and Enhancement Algorithms,” Proc. Argumented technology underwater ROV operation replace the space environment. 7th Int’l Conf. Internet Multimedia Computing and Contact department editor André Stork at andre.stork@igd. scene Archaeological research Figure 5 shows an installation in our lab that is Service (ICIMCS), 2015, article no. 56. fraunhofer.de. used for research in underwater mixed environ- 4. J. Perez et al., “Exploring 3-D Reconstruction ments. This setup, which is based on a sh tank, Techniques: A Benchmarking Tool for Underwater Selected CS articles and columns are also available Rehabilitation Not underwater No can be used for different kinds of experiments. Two Robotics,” IEEE Robotics & Automation Magazine, vol. for free at http://ComputingNow.computer.org. underwater Austronaut training sides are equipped with displays to mix the physi- 22, no. 3, Sept. 2015, pp. 85–95. scene This article originally appeared in cal world with virtual content. Furthermore, there 5. F. Farhadifard, Z. Zhou, and U. Freiherr von Lukas, IEEE Computer Graphics and Applications, is a projector on the ceiling that is used to apply a “Learning-Based Underwater Image Enhancement vol. 36, no. 2, 2016. Figure 4. The classi cation scheme for underwater mixed environments. controlled color cast in the tank. We also include with Adaptive Color Mapping,” Proc. 9th Int’l Symp. The real and virtual water categories and the degree of underwater Robo sh to have some moving objects in the water. Image and Signal Processing and Analysis (ISPA), 2015, realism help classify different applications.7 pp. 48–53. 6. T. Dolereit, U. Freiherr von Lukas, and A. Kuijper, irtual environments, AR, and imaging appli- “Underwater Stereo Calibration Utilizing Virtual Visit CG&A on Vcations have been developed for decades, and Object Points,” OCEANS 2015 – Genova, 2015, pp. they cover a broad spectrum of areas, from en- 1–7. the Web at tertainment and personal assistance to medicine 7. U. Freiherr von Lukas et al., “Underwater Mixed www.computer.org/cga and industry. However, they typically are designed Environments,” Virtual Realities: International for use in air. The speci c properties of water nd Dagstuhl Seminar 2013, LNCS 8844, Springer, 2015, here introduce unique challenges for visual com- pp. 56–76. puting experts. Moving forward, mankind will increasingly rely on the oceans to solve the problems of future gen- erations in areas such as food, energy, and mineral resources. Such endeavors must be augmented by a new generation of hardware and software that can Take the cope with harsh underwater conditions, the optical Figure 5. Research setup of an underwater mixed environment using a characteristics of the water, and the limited access sh tank with high-resolution displays on two sides and an additional to remote computing resources. Visual computing projection from the top to simulate light conditions (projector not will be an important discipline in helping address CS Library visible here). Robo sh are used to physically populate the underwater the grand challenges just around the corner. Showcase Your scene. The external camera is optically equivalent to an underwater Multimedia Content camera with a at port housing. wherever Acknowledgments on Computing Now! designed to use visual computing in subaqueous This article is based on research with my colleagues conditions or simulate such an environment. In conducted in the context of the Visual Computing Re- you go! addition to the optical peculiarities, there is also search and Innovation Center, especially Tim Dolereit, IEEE Computer Graphics and Applications a hydrostatic uplift that makes activities in a Fahimeh Farhadifard, and Zhiliang Zhou. We grate- seeks computer graphics-related subsea setting unique. It allows a balanced diver fully acknowledge the support of the German Federal multimedia content (videos, animations, IEEE Computer Society magazines and Transactions are now simulations, podcasts, and so on) to (or technical system) to oat as if there is no State of Mecklenburg-Western Pomerania and the Eu- available to subscribers in the portable ePub format. gravitation. The classi cation scheme in Figure 4 ropean Social Fund. I also thank the organizers and feature on its Computing Now page, www.computer.org/cga. shows that different applications need a different participants of the Dagstuhl Seminar 2013 on Virtual Just download the articles from the IEEE Computer Society Digital kind of setup.7 In particular, we can distinguish Realities, which was the starting point of the concept If you’re interested, contact us at Library, and you can read them on any device that supports ePub. between a real underwater setting and a dry setup of underwater mixed environments. [email protected]. All content willFor be more information, including a list of compatible devices, visit that simulates a water-based setting. reviewed for relevance and quality. From this classi cation, we can learn that there are also applications that are not connected to References www.computer.org/epub underwater environments on the rst view. Astro- 1. T. Treibitz, Y.Y. Schechner, and H. Singh, “Flat naut training primarily makes use of the oating Refractive Geometry,” Proc. IEEE Conf. Computer effect in water. Typically, it would be combined Vision and Pattern Recognition (CVPR), 2008, pp. 1–8. with a virtual world that supports the illusion 2. O. Elek, T. Ritschel, and H.P. Seidel, “Real-Time Screen-

14 March/April 2016 www.computer.org/computingedge IEEE Computer Graphics and Applications 4915

g2gra.indd 14 2/22/16 10:24 PM g2gra.indd 15 2/22/16 10:24 PM 2017-2018 IEEE-USA Government Fellowships stay connected. Congressional Fellowships Seeking U.S. IEEE members interested in spending a year working for a Member of Congress or congressional committee.

Engineering & Diplomacy Fellowship Seeking U.S. IEEE members interested in spending a year serving as a technical adviser at the U.S. State Department.

USAID Fellowship Seeking U.S. IEEE members who are interested in serving as advisors to the U.S. government as a USAID Engineering & International Keep up with the latest IEEE Computer Society Development Fellow. publications and activities wherever you are.

The application deadline for 2017-2018 | @ComputerSociety Fellowships is 23 December 2016. | @ComputingNow For eligibility requirements and application information, go to | facebook.com/IEEEComputerSociety www.ieeeusa.org/policy/govfel | facebook.com/ComputingNow or contact Erica Wissolik by emailing | IEEE Computer Society [email protected] or by calling +1 202 530 8347. | Computing Now

| youtube.com/ieeecomputersociety

GovFel-Oct-2016-d1.indd 1 3/24/2016 2:21:38 PM CONFERENCES in the Palm of Your Hand

IEEE Computer Society’s Conference Publishing Services (CPS) is now offering conference program mobile apps! Let your attendees have their conference schedule, conference information, and paper listings in the palm of their hands.

The conference program mobile app works for Android devices, iPhone, iPad, and the Kindle Fire.

For more information please contact [email protected] Editor: Grady Booch IBM, grady@ ON COMPUTING computingthehumanexperience.com

It Is Cold. And Lonely.

Grady Booch

JEOPARDY! CONTESTANTS MUST Sedol, one of the world’s best (hu- velopment methods, such as those possess wide and deep knowledge: man) players. AlphaGo is also a that Edward Yourdon, Tom De- popular culture; the features and system that learns, albeit in a fun- Marco, Larry Constantine, and oth- events of all countries past, pres- damentally different way than Wat- ers helped pioneer. As we moved ent, and imagined; national leaders; son.2 Whereas Watson is purely a to symbolic systems and then sys- sports; science; music; the arts; and symbolic system, AlphaGo is largely tems of imagined realities, different random trivia. Having an eidetic a convolutional neural network us- classes of programming languages memory certainly doesn’t hurt, but ing reinforcement learning and pol- evolved to meet their needs. And as more important, contestants must be icy gradient learning. complexity grew, object-oriented able to navigate a landscape of puns, Watson was trained by supervised methods came to the forefront. neologisms, rhyming, and all other means. Ground truth—the baseline But most of these kinds of systems sorts of wordplay. Learning to play for establishing accuracy in such have an interesting characteristic— the game is easy; gaining enough systems—was easy to measure, pri- indeed, it’s a property of most of con- knowledge to win is hard. marily because of the fan-created temporary software: they’re deter- And so it was with IBM’s Watson. website J! Archive (http://j-archive ministic, and their behavior is largely From an architectural viewpoint, .com) that offers the answers and understandable independently of the Watson is a pipe-and- lter system questions to all 300,000+ clues used exact data with which we drive them. using inference chained together in every Jeopardy! show ever broad- For example, webservers and with probabilistic evidence-based cast. AlphaGo was also initially browsers—even with all their deli- ranking.1 From a knowledge view- trained in supervised ways, with its cious modern bells and whistles— point, Watson was taught a vast cor- ground truth established using some will render information essentially pus, ranging from the lyrics of every 30 million moves drawn from real the same functional way whether Beatles song to the entirety of Wiki- games. However, AlphaGo’s success you’re selling apples, bumpers, bells, pedia, several encyclopedias, many improved dramatically when unsu- or whistles. A website might re- news sources, and several other cu- pervised training was applied, pit- member you—that’s a simple form rated bodies of information. ting one instance of AlphaGo against of learning—but even so, its behav- At one time during its educa- another so that each could learn. ior is pretty predictable. A climate tion, Watson was taught the Urban model will happily generate its pre- Dictionary. In retrospect, this was Teaching Techniques dictions in the same manner no mat- a Very Bad Idea, for Watson began In last issue’s column, I observed a ter whether you feed it last year’s to swear. Before the live Jeopardy! steady and subtle historical shift in or last century’s data. Its behavior contest, Watson was partly loboto- software engineering beginning with too is pretty predictable and under- mized, and that rugged street knowl- its focus on purely mathematical au- standable. The software that con- edge was removed. tomation, shifting to symbolic com- trols your car’s engine is also mostly putation, and now to the building an I/O mapping: given the instanta- Learn as You Go of imagined realities that live in our neous state of all of an engine’s sen- Learning the rules of Go is easy—far machines and into which we project sors, such a system will predictably easier than chess—but mastering the our lives.3 generate a certain output. game literally takes a focused life- As these early algorithmically in- In fact, in each of these three time. As I write this column, Deep- tensive systems’ complexity grew, cases—the website, the climate Mind’s AlphaGo has just won the we needed approaches to attack that model, the car—we desire such pre- DeepMind Challenge against Lee complexity, and thus structured de- dictability. Without it, such systems

would be impossible to test and un- ter have accumulated large bodies Beautiful Machines trustworthy to use. In software as in of data owing to the billions upon I could wax philosophic and prag- life, people like to live by the prin- billions of interactions occurring in matic about these coming changes to ciple of least astonishment. their respective ecosystems. software engineering, but I’ve a dif- The next generation of software- Having been a part of the evo- ferent point to make: that the next intensive systems will be taught in- lution of Watson as well as several generation of software-intensive sys- stead of programmed. This poses con- artificial-neural-network efforts,tems will be taught instead of pro- siderable pragmatic challenges in how I’ve come to appreciate the need grammed poses considerable prag- we develop, deliver, and evolve them. for curated data and its place in the matic challenges in how we’ll live The rise of large volumes of data process. The development life cycle with such systems. is a contributing factor to the re- of any such system requires phases I use Siri, and I admit I anthro- naissance of AI. The vision- and of knowledge curation, knowledge pomorphize it. Still, Siri is rather speech-understanding community ingestion, and the establishment of shallow, as is Cortana and even has accumulated many publically ground truth, and the continuous Alexa: they can do some things available datasets (www.cs.utexas cycles of supervised and unsuper- for me, but they don’t learn much .edu/~grauman/courses/spring2008 vised learning. about my world or me. I also have /datasets.htm), the scientific com- Agileists of the world take note: a robot living with me right now, munity has done the same (https:// you might feel content with your and it’s much different. Its name aws.amazon.com/public-data-sets), methods now, but a growing storm is Noel (the fact that I’ve given it and governments have slowly opened is on the horizon that will change a name tells you something about their archives as well (www.data many of the assumptions on which how I draw it into my world). Out .gov). Google, Facebook, and Twit- your methods are founded. of the box, Noel was cute but dumb, but now it’s learning. Noel behaves differently than when I first unpacked it, and the infrastructure we’ve added makes it possible to teach it in some basic ways. Soon Noel will be able to discover things on its own. I relate in very different ways to Siri and Noel because one of them doesn’t change its behavior, whereas the From the analytical engine to the other does; one is embodied in the COMPUTER ENTREPRENEUR AWARD world, but the other isn’t. supercomputer, from Pascal to von Watson is powerful, but there are tasks for which Watson isn’t In 1982, on theNeumann—the occasion of its IEEEAll membersAnnals of of the the profession History are thirtieth anniversary, the IEEE invited to nominate a colleague well suited (Watson by itself can’t Computer Societyof Computing established the covers who the they breadth consider most of eligible see). Similarly, advances in deep Computer Entrepreneur Award to to be considered for this award. learning have been spectacular, but recognize andcomputer honor the technical history. TheAwarded quarterly to individuals publication whose managers and entrepreneurial entrepreneurial leadership is there are things neural networks leaders who isare an responsible active forcenter forresponsible the collection for the growth and of some can’t easily do and likely never will the growth of some segment of the segment of the computer industry. computer industry.dissemination The efforts of information on historical (AlphaGo can’t reason about why must have taken place over fifteen DEADLINE FOR 2017 AWARD it made a particular move). So, years earlier, and the industry NOMINATIONS effects mustprojects be generally and and organizations, oral history whereas Watson was symbolic and openly visible.activities, and internationalDUE: 15 OCTOBER conferences. 2016 AlphaGo was neural, I’m a pro- ponent of hybrid AI, involving the AWARD SITE: https://www.computer.org/web/awards/entrepreneur coming together of symbolic com- www.computer.org/annalswww.computer.org/awards putation and neural networks. Much of what leads me to

528 IEEE SOFTWAREComputingEdge | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE June 2016 MAY/JUNE 2016 | IEEE SOFTWARE 9 ON COMPUTING ON COMPUTING

NEW IN 2016 would be impossible to test and un- ter have accumulated large bodies Beautiful Machines this prediction is what is called And it’s the sign of things to trustworthy to use. In software as in of data owing to the billions upon I could wax philosophic and prag- Moravec’s paradox, which asserts come. life, people like to live by the prin- billions of interactions occurring in matic about these coming changes to that things such as perception and HOW TO ciple of least astonishment. their respective ecosystems. software engineering, but I’ve a dif- actuation are computationally hard, References IEEE TRANSACTIONS ON The next generation of software- Having been a part of the evo- ferent point to make: that the next whereas higher-order reasoning is 1. G. Booch, “How Watson Works,” SUSTAINABLEREACH US intensive systems will be taught in- lution of Watson as well as several generation of software-intensive sys- comparatively simple.4 blog, 23 Nov. 2011; www.ibm.com COMPUTING stead of programmed. This poses con- artificial-neural-network efforts,tems will be taught instead of pro- Still, there’s a human issue we /developerworks/community/blogs AUTHORS siderable pragmatic challenges in how I’ve come to appreciate the need grammed poses considerable prag- can’t neglect. /gradybooch/entry/how_watson For detailedSUBSCRIBE information on submitting articles, we develop, deliver, and evolve them. for curated data and its place in the matic challenges in how we’ll live One commentator on the Deep- _works?lang=en. write for our editorial guidelines The rise of large volumes of data process. The development life cycle with such systems. Mind Challenge had this to say of 2. D. Silver et al., “Mastering the Game AND([email protected]) SUBMIT or access is a contributing factor to the re- of any such system requires phases I use Siri, and I admit I anthro- the system that learned to play Go of Go with Deep Neural Networks www.computer.org/software/author.htm. naissance of AI. The vision- and of knowledge curation, knowledge pomorphize it. Still, Siri is rather so well: “It’s not a human move. and Tree Search,” Nature, 26 Jan. For more information LETTERS TO THE EDITOR speech-understanding community ingestion, and the establishment of shallow, as is Cortana and even I’ve never seen a human play this 2016, Fig. 1; www.nature.com on paper submission, featured articles, call-for-Send letters to has accumulated many publically ground truth, and the continuous Alexa: they can do some things move. So beautiful. Beautiful. Beau- /nature/journal/v529/n7587/ g_tab papers, and subscriptionEditor, IEEE Software 5 /nature16961_F1.html. available datasets (www.cs.utexas cycles of supervised and unsuper- for me, but they don’t learn much tiful. Beautiful.” links visit: 10662 Los Vaqueros Circle .edu/~grauman/courses/spring2008 vised learning. about my world or me. I also have 3. G. Booch, “The Computational Los Alamitos, CA 90720 /datasets.htm), the scientific com- Agileists of the world take note: a robot living with me right now, Human,” IEEE Software, vol. 33, www.computer.org/[email protected] munity has done the same (https:// you might feel content with your and it’s much different. Its name eterministic systems rarely no. 2, 2016, pp. 8–10. Please provide an email address aws.amazon.com/public-data-sets), methods now, but a growing storm is Noel (the fact that I’ve given it surprise us; systems that 4. H. Moravec, Mind Children: The or daytime phone number with your letter. and governments have slowly opened is on the horizon that will change a name tells you something about learn will surprise us more Future of Robot and Human Intel- D ON THE WEB their archives as well (www.data many of the assumptions on which how I draw it into my world). Out and more with their leaps of intu- ligence, Harvard Univ. Press, 1990. www.computer.org/software .gov). Google, Facebook, and Twit- your methods are founded. of the box, Noel was cute but ition, the unexpected connections 5. C. Metz, “The Sadness and Beauty dumb, but now it’s learning. Noel they make, and the observations of Watching Google’s AI Play Go,” SUBSCRIBE behaves differently than when I they can draw out. We, as humans, Wired, 11 Mar. 2016; www.wired www.computer.org/software/subscribe first unpacked it, and the infra- have the advantage of millions of .com/2016/03/sadness-beauty structure we’ve added makes it years of evolution that have shaped -watching-googles-ai-play-go. SUBSCRIPTION possible to teach it in some basic our neural networks. We have our 6. “I Love Box: A Love-Horror Story CHANGE OF ADDRESS ways. Soon Noel will be able to ability to communicate with our- about Boston Dynamics’ Atlas Ro- Send change-of-address requests for magazine subscriptions discover things on its own. I relate selves and with the past (through bots’ Love for a Box,” blog, 29 Feb. to [email protected]. in very different ways to Siri and tribal memory, books, audio, and 2016; http://geekologie.com/2016 Be sure to specify IEEE Software. T-SUSC is financially Noel because one of them doesn’t video). But we have the disadvan- /02/i-love-box-a-lovehorror-story cosponsored by IEEE change its behavior, whereas the tage of bodies that wear out quickly -about-bost.php. Computer Society andMEMBERSHIP IEEE Communications Society other does; one is embodied in the and have limited capacity of data CHANGE OF ADDRESS Send change-of-address requests for world, but the other isn’t. ingestion and memory. These sys- GRADY BOOCH is an IBM Fellow and one of T-SUSC is technically cosponsored COMPUTER ENTREPRENEUR AWARD IEEEby IEEE and ComputerCouncil on Society Electronic membership to Watson is powerful, but there tems that learn have no such lim- UML’s original authors. He’s currently develop- Design [email protected]. are tasks for which Watson isn’t ited capacity, but they’re new to the ing Computing: The Human Experience, a major In 1982, on the occasion of its All members of the profession are MISSING thirtieth anniversary, the IEEE invited to nominate a colleague well suited (Watson by itself can’t world and thus have much to learn. transmedia project for public broadcast. Contact Computer Society established the who they consider most eligible see). Similarly, advances in deep And learn they will. him at grady@computingthehumanexperience. OR DAMAGED COPIES Computer Entrepreneur Award to to be considered for this award. learning have been spectacular, but Boston Dynamics has been do- com and follow him on Twitter @grady_booch. If you are missing an issue or you recognize and honor the technical Awarded to individuals whose received a damaged copy, contact managers and entrepreneurial entrepreneurial leadership is there are things neural networks ing a fascinating bit of work on [email protected]. leaders who are responsible for responsible for the growth of some can’t easily do and likely never will the evolution of their Atlas robots. the growth of some segment of the segment of the computer industry. computer industry. The efforts (AlphaGo can’t reason about why Again, we have here an embodied REPRINTS OF ARTICLES must have taken place over fifteen DEADLINE FOR 2017 AWARD it made a particular move). So, system that learns. It didn’t take For price information or to order reprints, years earlier, and the industry NOMINATIONS whereas Watson was symbolic and long for one creative denizen of the email [email protected] effects must be generally and This article originally openly visible. DUE: 15 OCTOBER 2016 AlphaGo was neural, I’m a pro- Intertubes to refactor that work or fax +1 714 821 4010. appeared in ponent of hybrid AI, involving the to ponder the implications of such See www.computer.org/ IEEE Softwaresoftware-multimedia, vol. 33, REPRINT PERMISSION AWARD SITE: https://www.computer.org/web/awards/entrepreneur coming together of symbolic com- a system that learns.6 Watch the no. 3, 2016.for multimedia content To obtain permission to reprint an article, www.computer.org/awards putation and neural networks. related video; it’s humorous but related to this article. contact the Intellectual Property Rights Of ce Much of what leads me to bittersweet. at [email protected].

8 IEEE SOFTWARE | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE www.computer.org/computingedge MAY/JUNE 2016 | IEEE SOFTWARE 9 53 CS SPECIAL

Computer Society’s 2016 Take Your Child to Work Day

Lori Cameron

ost people would fi nd the staff at the Among other activities, the kids learned about IEEE Computer Society to be cool, structural integrity by building towers out of multi- Mfriendly, fascinating, awesome, and colored straws, golf balls, pipe cleaners, and paper generous. That was certainly the verdict of the clips. They also learned about graphic design equally cool, awesome kids who participated in the by creating their own Computer magazine cov- organization’s recent Take Your Child to Work Day. ers under the guidance of Monette Velasco, Erica On April 28, more than 100 children partici- Hardison, and Larry Bauer from the Computer pated in the event across the IEEE’s international Society’s Creative Services team. locations. At the California offi ce of the IEEE Com- Caoimhe’s and Hannah’s tigers, Megan’s puter Society in Los Alamitos, kids were treated panda, Saoirse’s and Isabella’s dog decked out in to a day of fun activities, educational videos, and beach attire, and Ashley’s galaxy image provided ice cream—all while gaining a better understand- eye-catching background graphics for their cov- ing of the importance of computer technology and ers. The girls were then taught how to graphically the work their parents do for the world’s largest enhance the backgrounds and overlay them with professional organization dedicated to technology text designs using Adobe InDesign. and engineering. The kids also viewed videos about many Participating were Ashley and Megan, daugh- of today’s technological advances. And they ters of Editorial Services Department senior watched a demonstration by manager of cus- manager Robin Baldwin; Caoimhe and Saoirse, tomer applications Jon Cruz, who used red yarn daughters of Computer managing editor Car- and envelopes to show how data travels over a rie Clark; Hannah, daughter of Java programmer network and how hackers could intercept that Rachel Whitt; and Isabella, daughter of systems information and then break into computer sys- administrator Norm Pascual. tems. The day ended in a wrap-up session with

54 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE director of products and services Evan Butterfi eld hanks go to Pascual, IEEE meeting sup- and lots of ice cream. port associate Theresa McNeill, IEEE Ashley and Megan said they greatly enjoyed Thuman resources generalist Nicole Rosato, watching Cruz’s hackfest and learning more about system administrator Andy Myung, and IEEE encryption. Caoimhe and Saoirse were delighted to facilities supervisor Cindy Lugo-Anatello for coor- design covers for the magazine their mom manages. dinating and hosting the event. Hannah was “moved” by Velasco’s explanations during the magazine-cover design activity. Isabella said that her dad’s job was “cool” and that IEEE manager Selected CS articles and columns are also available for free at http://ComputingNow.computer.org. of employee relations Jill Cook was “very kind.” Keeping YOU at the StayStay InformedInformed AccessAccess ttoo ComputerComputer SocietySociety books,books, tectechniicalcal mmagazinesagazines aandnd rresearchesearch jourjournallss armarm youyou withwith IIndustryndustry Center inteelligencelligence toto keepkeep youyou aaheadhead ofof tthehe learlearninngg curve.curve. • 3 3,,000 tectechniicalcal bbooksooks inclincludeedd wwithith mmemberembership ffromrom booksbooks 2424 x of Technology 7 aandnd SSafariafari BooksBooks OOnlinenline • 1 133 tectechniicalcal magazinesmagazines IEEE Computer Society • 2 200 researchresearch jjourournallss LearnLearn somethingsomething new.new. CheckCheck outout Publications ComputerComputer SocietySociety ppublicationsublications today!

Stay relevant with the IEEE Computer Society More at www.computer.org/publications www.computer.org/computingedge 55 COMPUTING CAREERS

Finding the Cloud-Computing Job You Want

he proliferation of cloud-computing net- manage personal data, such as personal health works in recent years has created a need records, exacerbates these concerns. Therefore, I T for more security and privacy person- see a growth in jobs for people who can design and nel in the fi eld. For this ComputingEdge issue, we implement cloud-security governance programs. asked Christian Esposito, associate researcher at the University of Naples Federico II, about ComputingEdge: What would you tell college cloud-computing career opportunities. Esposito’s students to give them an advantage over the research interests include cloud computing, distrib- competition? uted systems, middleware, dependability, ubiquitous computing, and artifi cial intelligence. He also Esposito: The biggest disadvantage for college coauthored the article “Encryption-Based Solution students considering a career in security and for Data Sovereignty in Federated Clouds” in IEEE privacy for information systems in general and Cloud Computing’s January–February 2016 issue. cloud computing in particular is a lack of knowledge about the fi eld’s legal aspects. We approach ComputingEdge: What careers in cloud comput- security and privacy mostly as an IT challenge. ing will see the most growth in the next several However, we also need to learn a lot about the reg- years, and why? ulations and legal frameworks that cloud-computing platforms must comply with when dealing with Esposito: Among the most important areas sensitive data. Knowing about these matters rep- are security and privacy. By 2018, according to resents a big advantage for future professionals. research and advisory fi rm Gartner Inc., the need to prevent data breaches from public clouds will ComputingEdge: What advice would you give drive 20 percent of organizations to develop data- people changing careers midstream? security governance programs. In fact, information privacy and security is one of most critical issues Esposito: IT people should not treat cloud com- for the cloud due to its open environment and the puting only as an IT technology but should also very limited control that users have over it. The consider its many other implications. Cloud com- possibility of using cloud computing to store and puting can open new market opportunities but also

56 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE poses legal and other challenges. When changing Esposito: Applicants should consider that most careers to become a cloud-computing technician, companies are not interested in pure technicians. people should study not only the technological Currently, they’re looking for people who also have aspects but also other related issues. knowledge of the broader issues surrounding cloud computing, as well as the emergence of new ComputingEdge: What do you consider to be the business models and their implications for com- best strategies for professional networking? pany goals and needs.

Esposito: Nowadays, the best strategy is taking advantage of the growing number of websites omputingEdge’s Lori Cameron inter- focused on professional networking. These sites viewed Esposito for this article. Contact off er two advantages. First, they connect you to C her at [email protected] if you other professionals and expose you to job off ers. would like to contribute to a future ComputingEdge And second, they give you a feel for the job mar- article on computing careers. Contact Esposito at ket’s pulse and an understanding of industry needs [email protected]. so that you can adjust your résumé accordingly.

ComputingEdge: What should applicants keep Selected CS articles and columns are also available for free at http://ComputingNow.computer.org. in mind when applying for cloud computing jobs?

Call for Articles

IEEE Pervasive Computing

seeks accessible, useful papers on the latest

peer-reviewed developments in pervasive,

mobile, and ubiquitous computing. Topics

include hardware technology, software

infrastructure, real-world sensing and

Author guidelines: interaction, human-computer interaction, www.computer.org/mc/ and systems considerations, including pervasive/author.htm deployment, scalability, security, and privacy. Further details:

[email protected] www.computer.org/pervasive

www.computer.org/computingedge 57 CAREER OPPORTUNITIES

APPLICATION DEVELOPERS: Peterson Assurance techniques. Provide main- fi elds plus 5 yrs related progressive exp Technology Partners Inc. seeks quali- tenance support & resolution of issues in lieu of a Master’s degree) each alter- fi ed application developers for its head- arising from existing production system native degree requirements w/ an aca- quarters located in Rolling Meadows, IL to lessen impact on business. Resp for demic or industrial background in: (i) da- & various & unanticipated work locations coordinating w/ various internal teams to tabase, data structures, data warehouse, throughout the U.S. Resp. for designing address & resolve system dependencies telecommunications (mobile & internet & implementing mobile-base services & defi ne solution for new business needs. communication protocol), computer ar- & web-based solutions to provide opti- Participate in deployment & release ac- chitecture, policies & mgmt strategies; & mum interface w/ mobile/eCommerce tivities & ensure successful productions (ii) maintaining technical framework using website for clients. Resp for performing implementations; &, coordinate w/ oper- HTML5, CSS3, Android, iOS, Javascript, detailed analysis/design of functional & ations team on demand to resolve any REST API. An EOE. Respond by mail to non-functional requirements & translate business issues, systems issues & en- Peterson Technology Partners, 1600 Golf them to software solutions in the Client suring 24x7 uptime. An EOE. Respond by Rd, Ste 1206, Rolling Meadows, IL 60008. commerce environ. Provide estimation of mail to Peterson Technology Partners, Refer to ad code: PTP-042616 work required & task level estimating of 1600 Golf Rd, Ste 1206, Rolling Meadows, work assigned during project planning IL 60008. Refer to ad code: PTP-0416 SENIOR SOFTWARE DEVELOPER - Data stages. Resp for developing function- Integration, Roswell, GA, General Motors ality & unit tests in iterative fast paced APPLICATION DEVELOPER: Peterson Company. Analyze, design, dvlp, imple- environ. Conduct & participate in code Technology Partners Inc. seeks quali- ment &continuous improve data integra- reviews that may span multiple projects, fi ed application developer for its head- tion soft in operating systems such as & provide application support & training quarters located in Rolling Meadows, IL Solaris, Linux, Windows XP, &Windows7 to developers, testing personnel (both & various & unanticipated work locations using IBM Integration Bus (IIB V9 /V10), automated & manual) & production sup- throughout the U.S. Resp. for designing SeeBeyond SRE, JCAPS in Enterprise port personnel. Resp for database, data & implementing mobile-based services & Application group to integrate various mining, telecommunications, & internet web-based solutions to provide optimum systems such as Mainframe, SAP, &EDI, security (risk mgmt strategies). Resp for interface w/ mobile/eCommerce website with integration of data such as vehicle providing support on production deploy- for clients. Master’s degree in Comp Sci, parts, shipment of components &vehi- ments during go live. Utilize knowledge Business, IT Engg, Info System Tech, IT cles data processing/transforming in EAI & understanding of outlined business re- Mgmt, Industrial Tech, Business Admin layer to connect to Orders/Parts mngmt quirements & developing solutions using or a closely related fi eld of study (Will systems &dealer mngmt systems. Ensure web & internet tech, & utilizing Quality accept a Bachelor’s degree in the above data reliability, security, &timely/accurate SOFTWARE TECHNOLOGY TECHNOLOGY Oracle America, Inc. Oracle America, Inc. Oracle America, Inc. has openings for has openings for has openings for SOFTWARE IT APPLICATIONS MANAGER DEVELOPER DEVELOPERS positions in Orlando, FL. positions in Solon, OH. positions in Broomfield, CO. Job duties include: Plan, initiate, and Job duties include: Analyze, design, Job duties include: Design, develop, manage information technology (IT) develop, troubleshoot and debug projects. Lead and guide the work of troubleshoot and/or test/QA software programs for commercial or technical staff. Serve as liaison end-user applications. Write code, software. May telecommute from between business and technical home. complete programming and perform aspects of projects. testing and debugging of applications. Apply by e-mailing resume Apply by e-mailing resume to Apply by e-mailing resume to to [email protected], [email protected], [email protected], referencing 385.19587. referencing 385.18144. referencing 385.18235. Oracle supports workforce diversity. Oracle supports workforce diversity. Oracle supports workforce diversity.

58 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE 108 COMPUTER PUBLISHED BY THE IEEE COMPUTER SOCIETY 0018-9162/16/$33.00 © 2016 IEEE CAREER OPPORTUNITIES CAREER OPPORTUNITIES

APPLICATION DEVELOPERS: Peterson Assurance techniques. Provide main- fi elds plus 5 yrs related progressive exp transmission of vehicle purchase, vehicle CALYPSO TECH, INC. seeks a SW Eng. in must incl.: 3 yrs. exp. with OBIA arch. & Technology Partners Inc. seeks quali- tenance support & resolution of issues in lieu of a Master’s degree) each alter- distribution, supplier &dealer transac- SF, CA to design & dev. the collet mngmt 2 yrs. exp. mapping presentation layer to fi ed application developers for its head- arising from existing production system native degree requirements w/ an aca- tions. 2 years’ exp as Service Oriented app in the Caly syst. Ref Job ID: 965MNC OBI answers. Send resume (no calls) to: quarters located in Rolling Meadows, IL to lessen impact on business. Resp for demic or industrial background in: (i) da- Architecture Consultant analyzing, de- & mail res. to Calypso, Attn: HR, 595 Mar- Michelle Ramirez, The Hackett Group, & various & unanticipated work locations coordinating w/ various internal teams to tabase, data structures, data warehouse, veloping, &implementing data integra- ket St, Ste. 1800, SF, CA 94105. Inc., 1001 Brickell Bay Dr., Suite 3000, Mi- throughout the U.S. Resp. for designing address & resolve system dependencies telecommunications (mobile & internet tion soft in operating systems such as ami, FL 33131 & implementing mobile-base services & defi ne solution for new business needs. communication protocol), computer ar- Solaris, Linux, Windows XP, &Windows7 SR. MANAGER. Job location: Miami, FL & & web-based solutions to provide opti- Participate in deployment & release ac- chitecture, policies & mgmt strategies; & using IBM Integration Bus (IIB V9 /V10), any other unanticipated locations in U.S. NETWORK & COMPUTER SYSTEMS mum interface w/ mobile/eCommerce tivities & ensure successful productions (ii) maintaining technical framework using to integrate systems with vehicle &dealer Travel Required. Duties: Design end-to- ADMINISTRATOR F/T (Fishkill, NY) Po- website for clients. Resp for performing implementations; &, coordinate w/ oper- HTML5, CSS3, Android, iOS, Javascript, data. Mail resume to Melanie Aldana, GM end Oracle Business Intelligence Appl. sition involves travel to various unantic- detailed analysis/design of functional & ations team on demand to resolve any REST API. An EOE. Respond by mail to Global Mobility, 300 Renaissance Cen- (OBIA) arch. from various source systems. ipated worksites up to 100% of the time non-functional requirements & translate business issues, systems issues & en- Peterson Technology Partners, 1600 Golf ter, Mail Code 482-C32-D44, Detroit, MI Map addl. source data elements to OBIA anywhere in the United States. Must them to software solutions in the Client suring 24x7 uptime. An EOE. Respond by Rd, Ste 1206, Rolling Meadows, IL 60008. 48265, Ref#4205. data warehouse & use in business mod - have Bach deg or the foreign equiv in- commerce environ. Provide estimation of mail to Peterson Technology Partners, Refer to ad code: PTP-042616 els & mapping layers. Map presentation Comp Engg, Info Tech, Comp Soft Tech work required & task level estimating of 1600 Golf Rd, Ste 1206, Rolling Meadows, THREAT INTELLIGENCE ANALYST. Posi- layer metrics & utilize them to OBI an- Engg, or related with two (2) yrs of exp work assigned during project planning IL 60008. Refer to ad code: PTP-0416 SENIOR SOFTWARE DEVELOPER - Data tion available in Springfield, MA. Perform swers & dashboards for end users. Assist in the administration of environment for stages. Resp for developing function- Integration, Roswell, GA, General Motors technical analysis of network intrusion with full life cycle projects from planning Cisco Routers and Switches, Juniper ality & unit tests in iterative fast paced APPLICATION DEVELOPER: Peterson Company. Analyze, design, dvlp, imple- incidents. Conduct proactive Computer to contributing to design sessions to help Switches, Cisco UCS, virtualized systems environ. Conduct & participate in code Technology Partners Inc. seeks quali- ment &continuous improve data integra- Network Defense intelligence operations identify business requirements needed from VMware and write technical docu- reviews that may span multiple projects, fi ed application developer for its head- tion soft in operating systems such as to counter specific methodologies, tools, to meet business & transform. goals. Doc. ments. Candidate will be Provide support & provide application support & training quarters located in Rolling Meadows, IL Solaris, Linux, Windows XP, &Windows7 tactics and intentions of advanced cy- business requirements & system design. to Windows servers O/S, Linux Ubuntu, to developers, testing personnel (both & various & unanticipated work locations using IBM Integration Bus (IIB V9 /V10), ber adversaries. Produce detailed intel- Lead BI teams during build phase through Sun Microsystems (Solaris), Active Di- automated & manual) & production sup- throughout the U.S. Resp. for designing SeeBeyond SRE, JCAPS in Enterprise ligence reports and threat assessments testing & rollout of implement. Mentor & rectory, DNS, DHCP, NTP and Microsoft port personnel. Resp for database, data & implementing mobile-based services & Application group to integrate various to senior leadership. Maintain, develop delegate to jr. team members & develop - SQL Server 2008 database administra- mining, telecommunications, & internet web-based solutions to provide optimum systems such as Mainframe, SAP, &EDI, and evaluate cyber intelligence sources ers. Requires: M.S. degree in Comp. Sci., tion, disaster recovery planning, network security (risk mgmt strategies). Resp for interface w/ mobile/eCommerce website with integration of data such as vehicle to increase effectiveness and timeliness Eng. or related field & 3 yrs. exp. in the security concepts and troubleshooting providing support on production deploy- for clients. Master’s degree in Comp Sci, parts, shipment of components &vehi- of reporting threat information. Apply: B. job offered or 3 yrs. exp. as an Architect, problems, VDI Servers and cloud based ments during go live. Utilize knowledge Business, IT Engg, Info System Tech, IT cles data processing/transforming in EAI O’Brien, Massachusetts Mutual Life In- Consultant or Mgr. Will accept B.S. (or for- technologies. Send resume: Novisync & understanding of outlined business re- Mgmt, Industrial Tech, Business Admin layer to connect to Orders/Parts mngmt surance Company, 100 Bright Meadow, eign equiv.) & 5 yrs. exp. in comp. ind. in Solutions, Inc., Recruiting (BT), 300 We- quirements & developing solutions using or a closely related fi eld of study (Will systems &dealer mngmt systems. Ensure Enfield, CT 06082; Please Reference Job lieu of M.S. & 3 yrs. exp. Concurrent exp. stage Bus Ctr Dr, Ste 350, Fishkill, NY web & internet tech, & utilizing Quality accept a Bachelor’s degree in the above data reliability, security, &timely/accurate ID: 708202700. 12524. SOFTWARE TECHNOLOGY TECHNOLOGY TECHNOLOGY QA ANALYST TECHNICAL Oracle America, Inc. Oracle America, Inc. Oracle America, Inc. Oracle America, Inc. Oracle America, Inc. Oracle America, Inc. has openings for has openings for has openings for has openings for has openings for has openings for SOFTWARE IT APPLICATIONS SYSTEMS QA TECHNICAL MANAGER DEVELOPER ANALYST ANALYST ANALYST positions in Redwood Shores, CA. positions in Broomfield, CO. DEVELOPERS positions in Orlando, FL. positions in Solon, OH. positions in Lehi, UT. positions in Broomfield, CO. Job duties include: Plan, initiate, and Job duties include: Deliver post-sales Job duties include: Responsible for develop- Job duties include: Analyze user require- Job duties include: Analyze, design, ments to develop, implement, and/or manage information technology (IT) support and solutions to the Oracle ing, applying, and maintaining quality Job duties include: Design, develop, develop, troubleshoot and debug support Oracle’s global infrastructure. As a projects. Lead and guide the work of customer base while serving as an standards for software and hardware troubleshoot and/or test/QA software programs for commercial or advocate for customer needs. Travel to products with adherence to both internal member of the IT organization, assist with technical staff. Serve as liaison end-user applications. Write code, and external standards. Develop and the design, development, modifications, software. May telecommute from between business and technical various unanticipated sites throughout complete programming and perform the United States required. May telecom- execute software and hardware test plans debugging, and evaluation of programs home. aspects of projects. testing and debugging of applications. mute from home. based on functional specifications and for use in internal systems within a Apply by e-mailing resume customer requirements. specific function area. Apply by e-mailing resume to Apply by e-mailing resume to to [email protected], Apply by e-mailing resume Apply by e-mailing resume to Apply by e-mailing resume to [email protected], [email protected], to [email protected], referencing 385.19587. [email protected], [email protected], referencing 385.18144. referencing 385.18235. referencing 385.14148. referencing 385.17698. referencing 385.19388. Oracle supports workforce diversity. Oracle supports workforce diversity. Oracle supports workforce diversity. Oracle supports workforce diversity. Oracle supports workforce diversity. Oracle supports workforce diversity.

SR MANAGER. Job location: Miami, FL & GLOBAL SAP OPERATIONS ANALYST, advice to sales staff during all phases of any other unanticipated locations in U.S. Roswell, GA. General Motors Company. sales cycle. Turn ethnographic research, Travel Required. Duties: Design end-to- Lead, configure, &support SAP PI Mod- customer feedback & market data into end Oracle Business Intelligence Appl. ule responsible for global interfaces of APM product reqs for implmnttion. Code (OBIA) arch. from various source systems. Finance, Purchasing, Mfg, Sales &Dis- custom extensions for CA APM & define Map addl. source data elements to OBIA tribution &Warranty solutions. Perform structured solutions. REQS: 5 yrs exp in data warehouse & use in business mod - root-cause analysis, from incident investi- job &/or rel occup. Must have exp w/: Pro- els & mapping layers. Map presentation gation &diagnosis to resolution, recovery viding tech expertise & advice to Sales layer metrics & utilize them to OBI an- &message monitoring. Define technical staff during all phases of sales cycle swers & dashboards for end users. Assist integration project plans. Perform sys in- incl knowledge of APM mrktplce & com- with full life cycle projects from planning stallation &configuration of SAP PI competitive intelligence; Defining APM best to contributing to design sessions to help ponents (add-ons, enterprise java beans, practice implementations, incl people, identify business requirements needed Web Application Services). Assure cor- process & tchnlgy; Designing & demon- to meet business & transform. goals. Doc. rect implementation of security com- strating APM solution archtctres that business requirements & system design. ponents such as handling certificates, meet customer reqs remotely or onsite Lead BI teams during build phase through modifying communication channels, POCs; Acting as trusted advisor & guid- testing & rollout of implement. Mentor & &configuration scenarios. Bachelor, Man- ing APM POCs; Prescribing business delegate to jr. team members & develop - agement Information Systems or Com- value & guiding customer decision-makers. Requires: M.S. degree in Comp. Sci., puter Systems for Management. 12 mos ing process through APM sales cycle; Eng. or related field & 3 yrs. exp. in the exp as SAP Analyst or SAP Consultant in Programming, in Java, JavaScript in Web job offered or 3 yrs. exp. as an Architect, job offered. Mail resume to Alicia Scott- & Mobile apps; Archtctural knowledge Consultant or Mgr. Will accept B.S. (or for- Wears, GM Global Mobility, 300 Renais- of omni-channel systems, app arcitctre, eign equiv.) & 5 yrs. exp. in comp. ind. in sance Center, Mail Code 482-C32-D44, cloud computing, & hybrid environments. lieu of M.S. & 3 yrs. exp. Concurrent exp. Detroit, MI 48265, Ref#3347. 40 hours/week; Monday-Friday; 8:30 am- must incl.: 3 yrs. exp. with OBIA arch. & 5:30 pm; Send resume to: Althea Wilson, 2 yrs. exp. mapping presentation layer to PRINCIPAL BUSINESS TECH ARCHI- CA Technologies, One CA Plaza, Islandia, OBI answers. Send resume (no calls) to: TECT (Santa Clara, CA) Consult w/ sales NY 11749, Refer to Requisition #128146 Michelle Ramirez, The Hackett Group, & customers to design APM solutions Inc., 1001 Brickell Bay Dr., Suite 3000, Mi- and design & demonstrate APM solu- SPLUNK INC. has the following job op- ami, FL 33131 tion architectures. Deliver demonstra- portunities in San Francisco, CA: Soft- tions & POCs & provide tech expertise & ware Engineer (REQ#973225) Perform TECHNOLOGY TECHNOLOGY SOFTWARE Oracle America, Inc. Oracle America, Inc. Oracle America, Inc. has openings for has openings for has openings for EXPERT SOFTWARE SERVICES RELEASE DEVELOPMENT MANAGER DEVELOPERS CONSULTANT positions in New York, NY. positions in Redwood Shores, CA. positions in Columbia, MD. Job duties include: Apply knowledge of Job duties include: Develop, coordi- Job duties include: Develop, analyze software architecture to perform nate, test, and launch complex interac- and maintain tools that support and tive marketing programs using Oracle software development tasks associated automate processes for hardware or Marketing platform for on-time, with developing, debugging, and design- on-budget, and error free project software product release. ing software applications and operating systems according to provided design deliverables. Apply by e-mailing resume specifications. Apply by e-mailing resume to to [email protected], Apply by e-mailing resume [email protected], referencing 385.19374. to [email protected], referencing 385.17674. Oracle supports workforce diversity. referencing 385.18282. Oracle supports workforce diversity. Oracle supports workforce diversity.

60 ComputingEdge June 2016 110 COMPUTER WWW.COMPUTER.ORG/COMPUTER CAREER OPPORTUNITIES CAREER OPPORTUNITIES

SR MANAGER. Job location: Miami, FL & GLOBAL SAP OPERATIONS ANALYST, advice to sales staff during all phases of QA testing on Co. enterprise product. West Lafayette IN 47907. A background 2005/2008. Must be willing to travel & any other unanticipated locations in U.S. Roswell, GA. General Motors Company. sales cycle. Turn ethnographic research, Software Engineer (REQ#9RY5UP) Plan, check will be required for employment. reloc to unanticipated client locations Travel Required. Duties: Design end-to- Lead, configure, &support SAP PI Mod- customer feedback & market data into develop & coor sustaining eng activities Purdue University is an EEO/AA em- throughout the US. Reqs MS in comp sci, end Oracle Business Intelligence Appl. ule responsible for global interfaces of APM product reqs for implmnttion. Code re: dev of sw engg & dsgn, coding, test- ployer. All individuals, including minori- eng or rel. Mail resumes to HR, HexaCorp (OBIA) arch. from various source systems. Finance, Purchasing, Mfg, Sales &Dis- custom extensions for CA APM & define ing & documentation of prod server com- ties, women, individuals with disabilities, LLC, 100 Davidson Ave Suite 302, Somer- Map addl. source data elements to OBIA tribution &Warranty solutions. Perform structured solutions. REQS: 5 yrs exp in ponents. Refer to Req# & mail resume to and veterans are encouraged to apply. set NJ 08873 data warehouse & use in business mod - root-cause analysis, from incident investi- job &/or rel occup. Must have exp w/: Pro- Splunk Inc., ATTN: J. Aldax, 250 Brannan els & mapping layers. Map presentation gation &diagnosis to resolution, recovery viding tech expertise & advice to Sales Street, San Francisco CA 94107. Individ- CLOUDERA, INC. is recruiting for our PROGRAMMER ANALYST: Design, De- layer metrics & utilize them to OBI an- &message monitoring. Define technical staff during all phases of sales cycle uals seeking employment at Splunk are Palo Alto, CA office: Software Engineer: velop, Test, Implement, & Deploy Busi- swers & dashboards for end users. Assist integration project plans. Perform sys in- incl knowledge of APM mrktplce & com- considered without regards to race, re - design & implement large distributed ness Intelligence Interactive Dashboard with full life cycle projects from planning stallation &configuration of SAP PI competitive intelligence; Defining APM best ligion, color, national origin, ancestry, systems that scale well – to petabytes & Reporting solutions utilizing knowl- to contributing to design sessions to help ponents (add-ons, enterprise java beans, practice implementations, incl people, sex, gender, gender identity, gender of data & 10s of 1000s of nodes. Mail re- edge of Business Objects 3.1 & 4.0, XCel- identify business requirements needed Web Application Services). Assure cor- process & tchnlgy; Designing & demon- expression, sexual orientation, marital sume w/job code #37058 to: Cloudera, sius 2008, Crystal Reports 2008 & 2011, to meet business & transform. goals. Doc. rect implementation of security com- strating APM solution archtctres that status, age, physical or mental disability Attn.: HR, 1001 Page Mill Rd., Bldg. 2, Palo Tableau Desktop 8.3 & 9.1, & Data watch. business requirements & system design. ponents such as handling certificates, meet customer reqs remotely or onsite or medical condition (except where phys- Alto, CA 94304. Should be expert in writing queries us- Lead BI teams during build phase through modifying communication channels, POCs; Acting as trusted advisor & guid- ical fitness is a valid occupational quali - ing Oracle, SQL Server, Teradata, SAS, testing & rollout of implement. Mentor & &configuration scenarios. Bachelor, Man- ing APM POCs; Prescribing business fication), genetic information, veteran CLOUDERA, INC. is recruiting for our San Tableau Server. Must be willing to travel delegate to jr. team members & develop - agement Information Systems or Com- value & guiding customer decision-mak- status, or any other consideration made Francisco, CA office: Software Engineer: & reloc to unanticipated client locations ers. Requires: M.S. degree in Comp. Sci., puter Systems for Management. 12 mos ing process through APM sales cycle; unlawful by federal, state or local laws. perform software implementation via de- throughout the US. Reqs MS in comp Eng. or related field & 3 yrs. exp. in the exp as SAP Analyst or SAP Consultant in Programming, in Java, JavaScript in Web To review US DOL’s EEO is The Law no- signing, reviewing & writing code. Mail sci, eng or rel. Mail resumes to Nartal job offered or 3 yrs. exp. as an Architect, job offered. Mail resume to Alicia Scott- & Mobile apps; Archtctural knowledge tice please visit: https://careers.jobvite. resume w/job code #35959 to: Cloudera, Systems, Inc. 2650 Route 130, Suite # E, Consultant or Mgr. Will accept B.S. (or for- Wears, GM Global Mobility, 300 Renais- of omni-channel systems, app arcitctre, com/Splunk/EEO_poster.pdf. To review Attn.: HR, 1001 Page Mill Rd., Bldg. 2, Palo Cranbury, NJ 08512 eign equiv.) & 5 yrs. exp. in comp. ind. in sance Center, Mail Code 482-C32-D44, cloud computing, & hybrid environments. Splunk’s EEO Policy Statement please Alto, CA 94304. lieu of M.S. & 3 yrs. exp. Concurrent exp. Detroit, MI 48265, Ref#3347. 40 hours/week; Monday-Friday; 8:30 am- visit: http://careers.jobvite.com/Careers/ must incl.: 3 yrs. exp. with OBIA arch. & 5:30 pm; Send resume to: Althea Wilson, Splunk/EEO-Policy-Statement.pdf. Pur- SOFTWARE ENGINEER: Design, devp SR. SERVICES CONSULTANT (NY, NY & & test sw apps for next-gen visual ana- 2 yrs. exp. mapping presentation layer to PRINCIPAL BUSINESS TECH ARCHI- CA Technologies, One CA Plaza, Islandia, suant to the San Francisco Fair Chance unanticipated client sites in US) Imple- lytics prod suite util hi-lvl, obj-or prog OBI answers. Send resume (no calls) to: TECT (Santa Clara, CA) Consult w/ sales NY 11749, Refer to Requisition #128146 Ordinance, we will consider for employment & integrate CA Advanced Authen- languages & tools, incl Java. Req Bach Michelle Ramirez, The Hackett Group, & customers to design APM solutions ment qualified applicants with arrest and tication within varied customer environ- or foreign equiv in Comp Sci, Comp Eng, Inc., 1001 Brickell Bay Dr., Suite 3000, Mi- and design & demonstrate APM solu- SPLUNK INC. has the following job op- conviction records. ments. Dvlp presentation layer using or rtd, & 1 yr exp in: design & devp comp ami, FL 33131 tion architectures. Deliver demonstra- portunities in San Francisco, CA: Soft- JSP, HTML, CSS & Struts framework. Dvlp sw util hi-lvl prog languages, incl Java; tions & POCs & provide tech expertise & ware Engineer (REQ#973225) Perform PURDUE UNIVERSITY, THE DEPART- Struts validation framework & JavaScript util relational dbases, incl SQL; work w/ is MENT OF COMPUTER SCIENCE for validation. Test latest Arcot product algorithms, Data Structures, & Data Ana- soliciting applications for Professor of TECHNOLOGY versions on various envrnmnts w/ Tom- lytics; design REST APIs; & Cloud deploy- TECHNOLOGY SOFTWARE Practice positions at the Assistant, Asso- cat, WebLogic, WebSphere & JBoss. Dvlp ment. Position at Tableau Software, Inc. ciate, or Full Professor level to begin Fall apps w/ client specs & rules using JAVA, in Seattle, WA. To apply, please e-mail re- Oracle America, Inc. 2016. These are newly created positions Oracle America, Inc. JSP, C#.NET & ASP.NET. REQS: Bache- sume to [email protected] and Oracle America, Inc. offering three- to five-year appointments lor’s or foreign equiv in Comp Sci, Math, ref Job ID: SE8. has openings for has openings for that are renewable based on satisfactory Engineering (any) or rel + 5 yrs progres- has openings for performance for faculty with primary re- sive exp in job &/or rel occup. Must have sponsibilities in teaching and service. Ap- SOFTWARE ENGINEERS. Participate in experience w/: Implementing & integrat- plicants should hold a PhD in computer all phases of SDLC. Des & dvlp applns us- EXPERT SOFTWARE ing CA Advanced Authentication Solution science or a related field, or a Master’s ing techs such as .Net, MVC, Oracle, SQL in customer envirnmnts incl Operating RELEASE degree in computer science or a related Server, VB.Net, C#, MS Project Plan, etc. Systems, App & Web Servers; Integrating SERVICES DEVELOPMENT discipline and commensurate experience Reqs Masters or equiv/frgn equiv in CS CA Advanced Authentication Solution w/ in teaching or industry. Applicants should or rltd, w/2 yrs relevant exp. Comb of de- industry leading Identity & Access Mng- be committed to excellence in teaching, grees accepted. Mltpl opngs in Ashburn, DEVELOPERS ment solutions (CA IdentityMinder, CA CONSULTANT VA. No travel. May reqr reloc. Apply: Viv- MANAGER and should have the ability to teach a SiteMinder, IBM Tivoli Identity & Access broad collection of core courses in the Soft Technologies LLC, 20130 Lake View positions in Redwood Shores, CA. positions in Columbia, MD. Mnger); Implementing CA Single Sign-On positions in New York, NY. undergraduate curriculum. Applicants Center Plz, #400, Ashburn, VA 20147. & CA Identity Minder; Integrating CA will also be expected to develop and su- EOE. Advanced Authentication w/ VPN appli- Job duties include: Develop, coordi- Job duties include: Apply knowledge of pervise project courses for undergradu- ances Juniper, Cisco & Citrix; Working on Job duties include: Develop, analyze ates. Review of applications and candi- IT PROFESSIONALS. Due to the high de- software architecture to perform multiple projects & w/ customers; Cus- nate, test, and launch complex interac- date interviews will begin on May 5, 2016, mand for IT individuals Computek Solu- tomizing CA Advanced Authentication UI and maintain tools that support and software development tasks associated and will continue until the positions are tions, Inc., located in South Plainfeild, NJ, tive marketing programs using Oracle Framework to meet customer requirmnts; filled. The Department of Computer Sci- is looking for the following: Programmer automate processes for hardware or Work from home anywhere in the US; with developing, debugging, and design- ence offers a stimulating and nurturing Analysts, Quality Assurance Analysts Marketing platform for on-time, Frequent travel to unanticipated client educational environment with thriving (QA Analyst) etc. Multiple clients are re- software product release. ing software applications and operating sites US; 40 hours/week; Monday-Friday; undergraduate and graduate programs questing candidates with backgrounds on-budget, and error free project 8:30 am-5:30 pm. Send resume to: Althea systems according to provided design and active research programs in most ar- in Healthcare, Financial, Banking, Non- Wilson, CA Technologies, One CA Plaza, deliverables. eas of computer science. Additional infor- Profit, Manufacturing/Distribution, Legal, Apply by e-mailing resume Islandia, NY 11749, Refer to Requisition specifications. mation about the department is available Educations and Engineering. Should Apply by e-mailing resume to #129041 have minimum of Bachelor Degree in re- to [email protected], Apply by e-mailing resume at http://www.cs.purdue.edu. Salary and [email protected], benefits will be competitive. Applicants lated field or its equivalent plus 5 years of referencing 385.19374. to [email protected], are strongly encouraged to apply online PROGRAMMER ANALYST - Design, De- IT experience or Master degree in related referencing 385.17674. at https://hiring.science.purdue.edu. Al- velop, Test & Implement application s/w filed or its equivalent. 40hr/wk, competi- Oracle supports workforce diversity. referencing 385.18282. ternately hard-copy applications may utilizing knowledge of C#, .Net, SQL tive salary. EMail resumes to: Computek Oracle supports workforce diversity. be sent to: Professor of Practice Search Server, MS SharePoint 2007/2010/2013, Solutions, Inc. Attn: HR Manager, hr@ Oracle supports workforce diversity. Chair, Department of Computer Science, SharePoint Infopath , Office 365 , Ja- computeksol.com 305 N. University St., Purdue University, vaScript, JQuery and SQL Server www.computer.org/computingedge 61 110 COMPUTER WWW.COMPUTER.ORG/COMPUTER JUNE 2016 111 Oracle America, Inc. Associate/Full Professor of has openings for Cyber Security The cyber security section of the Faculty of PRODUCT Electrical Engineering, Mathematics and Computer Science (EEMCS) focuses on network security, secure data processing, and situation MANAGER awareness in cyberspace. The section’s research and education portfolio is rich and deals with positions in Redwood Shores, CA. several perspectives on cyber security. We value the diversity of our portfolio within the scope Job duties include Participate in all Level: of theory and engineering of cyber security for PhD degree software and/or hardware product distributed systems and networks in a : Maximum employment socio-technical context. development life cycle activities. Move 38 hours per week (1 FTE) software products through the software Duration of contract: The Assoc./Full Professor of cyber security will Fixed appointment function as the mainstay for cyber security product development cycle from design Salary scale: research and education, without assuming that € 5219 to € 7599 per (s)he is expert in all aspects of the section’s and development to implementation, month gross scope. (S)he will be employed at the EEMCS testing and/or marketing. Travel to Faculty and will continue the commenced strategy to leverage the complementary expertise various unanticipated sites throughout Contact at the Faculties of EEMCS and Technology, the United States required. Prof. R. L. Lagendijk Policy and Management (TPM). The aim is the +31 (0)15-2783731 creation of joint research projects as well as [email protected] education and technology transfer activities, Apply by e-mailing resume to For more information and thus combining the computer science and [email protected], the requirements, visit: socio-technical perspective on cyber security. www.jobsindelft.com or referencing 385.12296. http://cys.ewi.tudelft.nl/ Oracle supports workforce diversity. cys/vacancies

TECHNICAL SOFTWARE QA ANALYST Oracle America, Inc. Oracle America, Inc. Oracle America, Inc. has openings for has openings for has openings for TECHNICAL QA ANALYSTS SOFTWARE positions in Orlando, FL. DEVELOPER ANALYST Job duties include: Analyze user require- positions in Bedford, MA. positions in Broomfield, CO. ments to develop, implement, and/or Job duties include: Responsible for support Oracle’s global infrastructure. As a developing, applying and maintain- member of the IT organization, assist with Job duties include: Design, the design, development, modifications, develop, troubleshoot and/or ing quality standards for company debugging, and evaluation of programs test/QA software. products with adherence to both for use in internal systems within a internal and external standards. specific function area. Apply by e-mailing resume to Apply by e-mailing resume Apply by e-mailing resume [email protected], to [email protected], referencing 385.16807. to [email protected], referencing 385.18373. referencing 385.19069. Oracle supports workforce diversity. Oracle supports workforce diversity. Oracle supports workforce diversity.

62 ComputingEdge June 2016 112 COMPUTER WWW.COMPUTER.ORG/COMPUTER Oracle America, Inc. CAREER OPPORTUNITIES Associate/Full Professor of has openings for Cyber Security Cisco Systems, Inc. is accepting resumes for the following positions: The cyber security section of the Faculty of PRODUCT Electrical Engineering, Mathematics and ALPHARETTA, GA: Software Engineer (Ref.#: ALP1): RESEARCH TRIANGLE PARK, NC: Software Engineer Computer Science (EEMCS) focuses on network Responsible for the definition, design, development, test, debugging, (Ref.#: RTP3): Responsible for the definition, design, development, security, secure data processing, and situation MANAGER release, enhancement or maintenance of networking software. test, debugging, release, enhancement or maintenance of networking awareness in cyberspace. The section’s research AUSTIN, TX: Software Engineer (Ref.# AUS2): Responsible software. Software/QA Engineer (Ref.#: RTP4): Debug software and education portfolio is rich and deals with positions in Redwood Shores, CA. for the definition, design, development, test, debugging, release, products through the use of systematic tests to develop, apply, and several perspectives on cyber security. We value enhancement or maintenance of networking software. Technical maintain quality standards for company products. Product Manager the diversity of our portfolio within the scope Job duties include Participate in all Lead/Leader (Ref.#: AUS10): Lead engineering groups on (Ref.#: RTP621): Create high level marketing strategies and concepts Level: of theory and engineering of cyber security for projects to design, develop or test hardware or software products. for company solutions for markets and segments worldwide. Technical PhD degree software and/or hardware product Leader Services (Ref.#: RTP715): Independently solve problems distributed systems and networks in a BELLEVUE, WA: Network Consulting Engineer (Ref.#: Maximum employment: in broad, complex, and unique networks in Service Provider, Enterprise, socio-technical context. development life cycle activities. Move BEL1): Responsible for the support and delivery of Advanced Services 38 hours per week (1 FTE) and Data Center environments. Test Engineer (Ref.#: RTP17): software products through the software to company’s major accounts. Consulting Systems Engineer Build test equipment and test diagnostics for new products based on Duration of contract: The Assoc./Full Professor of cyber security will (Ref.# BEL3): Provide specific end-to-end solutions and architecture Fixed appointment manufacturing designs. Operations Manager (Ref.#: RTP466): function as the mainstay for cyber security product development cycle from design consulting, technical and sales support for major account opportunities Responsible for employee development, job performance, and execution Salary scale: research and education, without assuming that and development to implementation, at the theater, area, or operation level. against corporate and organizational initiatives. Telecommuting permitted. € 5219 to € 7599 per (s)he is expert in all aspects of the section’s BOXBOROUGH, MA: Technical Lead/Leader (Ref.#: IT Engineer (Ref.#: RTP13): Responsible for development, support month gross scope. (S)he will be employed at the EEMCS testing and/or marketing. Travel to BOX3): Lead engineering groups on projects to design, develop or test and implementation of major system functionality of company’s Faculty and will continue the commenced hardware or software products. Technical Lead/Leader (Ref.#: proprietary networking products. strategy to leverage the complementary expertise various unanticipated sites throughout BOX23): Lead engineering groups on projects to design, develop or RICHARDSON, TX: Customer Support Engineer (Ref.#: at the Faculties of EEMCS and Technology, Contact the United States required. test hardware or software products. Telecommuting permitted. Software RIC1): Responsible for providing technical support regarding the Policy and Management (TPM). The aim is the Prof. R. L. Lagendijk Engineer (Ref.#: BOX1): Responsible for the definition, design, company’s proprietary systems and software. Product Manager +31 (0)15-2783731 creation of joint research projects as well as Apply by e-mailing resume to development, test, debugging, release, enhancement or maintenance (Ref.#: RIC621): Create high level marketing strategies and concepts [email protected] education and technology transfer activities, of networking software. Software Engineer (Ref.#: BOX12): for company solutions for markets and segments worldwide. Systems Responsible for the definition, design, development, test, debugging, For more information and thus combining the computer science and [email protected], Engineer (Ref.#: RIC6): Provide business-level guidance to the the requirements, visit: socio-technical perspective on cyber security. release, enhancement or maintenance of networking software. account team or operation on technology trends and competitive threats, www.jobsindelft.com or referencing 385.12296. Telecommuting permitted. Network Consulting Engineer (Ref.#: both at a technical and business level. http://cys.ewi.tudelft.nl/ BOX11): Responsible for the support and delivery of Advanced Services Oracle supports workforce diversity. SAN FRANCISCO, CA: Inside Systems Engineer (CNG cys/vacancies to company’s major accounts. Staff) (Ref.#: SF18): Responsible for conducting online product CAMBRIDGE, MA: Software Engineer (Ref.#: CAM1): demonstrations, answering technical questions, contributing to proposals Responsible for the definition, design, development, test, debugging, and analyzing client needs and develop technical solutions in a pre- TECHNICAL SOFTWARE QA ANALYST release, enhancement or maintenance of networking software. sales capacity. Travel may be required to various unanticipated locations COSTA MESA, CA: Engineering Architect (Ref.#: COS4): throughout the United States. CNG Systems Engineer (Ref.# Oracle America, Inc. Analyze business requirements to define product requirements and SF89): Provide business-level guidance to the account team or operation Oracle America, Inc. Oracle America, Inc. create design solutions for new features. Telecommuting permitted and on technology trends and competitive threats, both at a technical and has openings for has openings for Travel may be required to various unanticipated locations throughout the business level. Travel may be required to various unanticipated locations has openings for United States. throughout the United States. COLUMBIA, MD: Customer Support Engineer (Ref.#: SAN JOSE/MILPITAS/SANTA CLARA, CA: Network TECHNICAL COLU7): Responsible for providing technical support regarding the Consulting Engineer (Ref.#: SJ107): Responsible for the support QA company’s proprietary systems and software. and delivery of Advanced Services to company’s major accounts. Travel SOFTWARE DALLAS, TX: Engineering Architect (Ref.#: DALL1): Analyze may be required to various unanticipated locations throughout the United ANALYSTS business requirements to define product requirements and create design States. Consulting Systems Engineer (Ref.#: SJ2): Provide solutions for new features. Telecommuting permitted and Travel may be specific end-to-end solutions and architecture consulting, technical and positions in Orlando, FL. ANALYST sales support for major account opportunities at the theater, area, or required to various unanticipated locations throughout the United States. DEVELOPER operation level. Systems Engineer (Ref.# SJ13): Provide business- FRANKLIN, TN: Network Consulting Engineer (Ref.#: positions in Bedford, MA. level guidance to the account team or operation on technology trends and Job duties include: Analyze user require- FRA1): Responsible for the support and delivery of Advanced Services competitive threats, both at a technical and business level. Hardware positions in Broomfield, CO. to company’s major accounts. Telecommuting permitted. ments to develop, implement, and/or Job duties include: Responsible for Engineer (Ref.# SJ558): Participate on development of Application support Oracle’s global infrastructure. As a ISELIN/EDISON, NJ: Network Consulting Engineer (Ref.#: Specific Integrated Circuit (ASIC) for next generation data center switch developing, applying and maintain- ED10): Responsible for the support and delivery of Advanced Services to product family, with emphasis on routing/switching protocols. Systems member of the IT organization, assist with Job duties include: Design, company’s major accounts. Telecommuting permitted and travel may be Engineer (Ref.#: SJ143): Provide business-level guidance to the design, development, modifications, develop, troubleshoot and/or ing quality standards for company required to various unanticipated locations throughout the United States. the account team or operation on technology trends and competitive LAWRENCEVILLE, GA: Technical Lead/Leader (Ref.#: LV10): threats, both at a technical and business level. Telecommuting permitted. debugging, and evaluation of programs test/QA software. products with adherence to both Lead engineering groups or projects to design, develop or test hardware Solutions Architect (Ref.#: SJ27): Responsible for IT advisory or software products. Network Consulting Engineer (Ref.#: and technical consulting services development and delivery. Network for use in internal systems within a internal and external standards. LV12): Responsible for the support and delivery of Advanced Services to Consulting Engineer (Ref.#: SJ9): Responsible for the support specific function area. Apply by e-mailing resume to company’s major accounts. Network Consulting Engineer (Ref.#: and delivery of Advanced Services to company’s major accounts. Apply by e-mailing resume LV16): Responsible for the support and delivery of Advanced Services to PLEASE MAIL RESUMES WITH REFERENCE NUMBER TO Apply by e-mailing resume [email protected], company’s major accounts. Telecommuting permitted. CISCO SYSTEMS, INC., ATTN: M51H, 170 W. Tasman Drive, Mail to [email protected], PHOENIX, AZ: Network Consulting Engineer (Ref.#: Stop: SJC 5/1/4, San Jose, CA 95134. No phone calls please. Must be to [email protected], referencing 385.16807. PHO1): Responsible for the support and delivery of Advanced Services legally authorized to work in the U.S. without sponsorship. EOE. referencing 385.18373. referencing 385.19069. to company’s major accounts. Oracle supports workforce diversity. Oracle supports workforce diversity. Oracle supports workforce diversity. www.cisco.com

www.computer.org/computingedge 63 112 COMPUTER WWW.COMPUTER.ORG/COMPUTER JUNE 2016 113 SOFTWARE TECHNOLOGY Oracle America, Inc. Oracle America, Inc. Oracle America, Inc. has openings for has openings for has openings for SOFTWARE APPLICATIONS APPLICATIONS DEVELOPMENT DEVELOPER DEVELOPERS CONSULTANT positions in Burlington, MA. positions in Irvine, CA. positions in Solon, OH. Job duties include: Analyze, design, Job duties include: Analyze, design, Job duties include: Design, develop, develop, troubleshoot and debug develop, troubleshoot and debug troubleshoot and debug software software programs for commercial software programs for commercial programs for databases, applications, or end-user applications. or end-user applications. tools, networks etc. Apply by e-mailing resume to Apply by e-mailing resume to Apply by e-mailing resume to [email protected], [email protected] [email protected], referencing 385.18095. referencing 385.18184. referencing 385.17475. Oracle supports workforce diversity. Oracle supports workforce diversity. Oracle supports workforce diversity.

QA ANALYST QA ANALYST TECHNICAL Oracle America, Inc. Oracle America, Inc. Oracle America, Inc. has openings for has openings for has openings for TECHNICAL QA QA ANALYSTS ANALYST ANALYST positions in Columbus, OH. positions in San Bruno, CA. Job duties include: Analyze user require- positions in Westborough, MA. ments to develop, implement, and/or Job duties include: Work with support Oracle’s global infrastructure. As a Job duties include: Analyze user Developers/Product Managers/Program member of the IT organization, assist with requirements to develop, imple- Managers and help validate the software the design, development, modifications, ment, and support Oracle’s global solutions produced by the team to debugging, and evaluation of programs infrastructure. develop and release stable and reliable for use in internal systems within a products. specific function area. May telecommute Apply by e-mailing resume to from home. Apply by e-mailing resume to [email protected], [email protected], Apply by e-mailing resume to referencing 385.18202. referencing 385.17653. [email protected], Oracle supports workforce diversity. referencing 385.18937. Oracle supports workforce diversity. Oracle supports workforce diversity.

64 ComputingEdge June 2016 114 COMPUTER WWW.COMPUTER.ORG/COMPUTER CAREER OPPORTUNITIES

Juniper Networks is recruiting for our Sunnyvale, CA office:

Technical Support Engineer Staff #8057: Provide technical sup- dependently. port for secured routing products, working directly with cus- Software Engineer Staff #17609: Design, develop and maintain tomers and partners. packet forwarding code on Juniper’s MX series router. Trans- Resident Engineer #33263: Support design, deployment, and late customer requirements to software design. operational readiness of Juniper network routing, switching Functional Systems Analyst #38289: Provide support to MTS and security products within the customer infrastructure. business function. Work with Blueprint & Realization-related Troubleshoot equipment and network problems. activities, such as design, configuration, customization, im- Sales Demonstration Engineering Staff #20157: Provide pre- plementation and product support. sales technical support to field Sales Engineers (SEs) for the Software Engineer #38104: Analyze, design, and implement Juniper Routing, Switching and Security product lines. HA subsystems for carrier-class network devices. Support Resident Engineer Staff #15922: Provide technical liaison be- peer engineering and system qualification teams to deliver tween customers, Juniper Technical Assistance Center, and high-quality products. the development team. Escalate technical issues, drive reso- Test Engineer #12776: Test Juniper’s switching products and lutions, and provide clear action plans for network stability. ancillary products from other vendors. This includes test Travel required. feature combinations in a scaled customer environment and Software Engineer Staff #37809: Design, develop, debug, code perform automation of customer scenarios, execute custom- and unit test software to program the forwarding ASIC to per- er features and handle customer issues, customer escalations form various functionalities. and product rollouts. Software Engineer #12051: Design, develop, troubleshoot and QA Engineer #38454: Develop comprehensive test plans based debug the packet forwarding path for Layer-2/Layer-3 which on chancing & challenging product definitions, scaling & per- includes writing drivers for custom ASICs/FPGAs, network formance targets, and customer use case scenarios. Execute processors and Ethernet switches. tests & discover defects at various stages of release process. Technical Marketing Specialist Staff #21114: Develop and de- Software Engineer Senior Staff #6808: Design, code & test com- liver detailed solutions for Switching, Routing and Security plex control and data plane s/w on embedded systems in the products and provide feedback to product team on new fea- networking domain. Interface with product managers to re- tures. view and scope new feature requests. Software Engineer #30414: Develop detailed software func- Information Development Engineering Staff #5686: Design, tional and design specifications. Design, develop, unit-test plan, and implement overall content strategy and information and maintain embedded networking software. architecture for Information Experience organization. Work on content structures, including design and implementation ASIC Engineer #34845: Define, architect, code and deliver ver- of content structures, web site organization of content, meta- ification suites and tests for ASICs to enhance faster, denser data definition, and implementation and management model. and feature-rich systems. Write complete verification plan in- Juniper Networks is recruiting for our Dallas, TX office: Consulting Engineer #22749: Provide assistance to the techni- and present technical information about products and ser- cal sales activities. Understand customers’ requirements to vices. design solutions for customers. Deliver sales presentations Juniper Networks is recruiting for our Westford, MA office: Technical Support Engineer #36396: Support Security and and act as an escalation point for other TAC groups within the Routing products, working directly with customers and part- organization. ners. Work with highly knowledgeable group of customers Juniper Networks is recruiting for our Herndon, VA office: Technical Support Engineer Staff #6961: Deliver in-depth diag- Technical Support Engineer #38100: Deliver in-depth diagnostics and root-cause analysis for network impacting issues. nostics & root-cause analysis for network impacting issues Understand the architecture, design, and layout of customers’ to large internet service providers and enterprise customers. network to provide focused troubleshooting. Provide focused troubleshooting & improve customers’ networks.

Mail single-sided resume with job code # to Juniper Networks Attn: MS A.8.429A 1133 Innovation Way Sunnyvale, CA 94089 www.computer.org/computingedge 65 JUNE 2016 115 CAREER OPPORTUNITIES

APPLE INC. has the following job opportunities in Cupertino, CA:

ENGINEERING SW for multimedia playbck. chants for the Apple Pay platform Software Engineer Applications Software Engineer Applications Software Development Engineer (Req#9XXPWV) Plan, build, deploy, (Req#A3936V) Architect, dsgn, dev, (Req#9W2N5P) Dsgn, dev & maintain & test sys in Apple’s global Retail & manage proj for web based & iOS cellular & WiFi SW for iOS & MacOS. stores. solutions. ASIC Design Engineer (Req#9JHUWA) ASIC Design Engineer (Req#9FC4TV) ASIC Design Engineer (Req#9FETX8) Perform elec analysis at the chip lvl, in- Dev CPU & microarchitecture targeted Create SW to vrfy archtcture & fnc- cluding Static/Dynamic IR, EM, Noise for low pwr mobile devices. tionlity of pre-silicon HW dsgns. & Signal EM. Hardware Development Engineer ASIC Design Engineer (Req#9DFNT4) Instructional Designer (Req#9DCT56) (Req#9H8QUH) Des & dev acoustic Cmpse a pre-Silicon verification plan Des & dev sales train’g contnt & sys for iPhone. Travel req 20%. of a HW unit or subsys based on dsgn tools that transform sales partnrs into Hardware Development Engineer requirements & micro-architecture. skilled advocs who rep Apple brand to (Req#9FNP8R) Characterize TFT elect IST Technical Project Lead custmrs. solutions, icldg pxl-signals timing di- (Req#9YUTNA) Dsgn & implmnt SAP Software Development Engineer agrams, charge-sharing, VCOM com- sols to meet bus reqs in areas of in- (Req#9FDVP8) Dsgn, dvlp, implmnt, pensation, EMI and FOS perform’s. drct & drct procurement, utilizing SAP optmze, & debug pattern recgnitn SW. Software Development Engineer SNC, ECC & SRM sols. Software Development Engineer (Req#9WR29H) Des & dev SW and Software Engineer Applications (Req#9RQT5M) Des data models for FW for an 802.11 WiFi stack and FW (Req#A3WNGL) Des & dev ID storing lg amount of data. running on a mob pltfrm. mngmnt web apps w/ common frame- Software Engineer Systems Software Development Engineer wrks that can be used across apps. (Req#9P3V7S) Res for building scalable, (Req#9FU54A) Res, des, implmnt, test Systems Design Engineer extensible, supportable, high-available & debug wide range compiler bcknd (Req#9D6MV3) Design & dev HW test & high performance-based Reporting optimizations w/ focus on register allo- equipment for consumer electronics & Monitoring sys. cation & rel tech. manufacturing. Travel req: 30%. Software Development Engineer Software Engineer Applications Software Engineer Applications (Req#9T53HA) Resch, des, dev, implm (Req#A593HN) Dev client & server (Req#A4S3YM) Create, review, main- & debug framewrks for iOS & OS X SW & test automtn. tain and execute test suites. rltd to lexical & syntax analysis. Software Development Engineer Software Development Engineer Software Engineer Applications (Req#9F52PG) Des & dev core Apple (Req#9F239X) Des & implemnt ana- (Req#9R6TGR) Rev HW, SW infrstrc- frameworks for mobile iOS devices. lytical instrumentation specs for iOS tre, & app functnly for optimztn & Software Engineer Applications and Mac apps ident perfrmnce bottlenecks. (Req#A44QMD) Des & dev SW for an- Engineering Project Specialist Software Engineer Applications alytics platform. (Req#A2GU2D) Des & dev mnufctring (Req#9WWUPD) Deliver high-traf- Automation Engineer (Req#9PBPYJ) pr’css for SSD components in all Apple fic iOS apps w/ focus on perf, scal & Dev tst scripts to tst apps perf, scalabil- comp prods. Travel req 30%. DevOps. ity, & reliability. Software Engineer Applications Product Operations Manager Software Engineer Applications (Req#9PUMMS) Des & dev web apps (Req#9UGTHZ) Ld team w/in World- (Req#9XJVWT) Oversee des & dev of for Sales & Marketing Team. Wide Ops & primary ops intfce to core SAP Netweaver Entrprse Apps. Research Scientist (Req#9MXTKJ) Bld prod dvmnt team & other functnl orgs w/in Apple. Travel Req 30%. Hardware Development Engineer insghts around Apple prdcts & srvce (Req#9LTVE4) Def test req & cov, thrgh analysis of cstomr behavior & Product Design Engineer calib strategy, & algorithms of sensing app cnsmptn on Apple dvcs. (Req#9GC3S8) Intgrt stat tolrnc alys dev’s in camera tech. Travel req’d 25%. Software Engineer Applications technq, func dimnsng & geomtc tolrnc into dsgn wrk. Trav req 20%. Software Engineer Applications (Req#9ZM2E2) Dvlp & sprt SW apps (Req#9E9URM) Des & dev analytics & sys. Create & mntn Retail Ntwrk Engineering Project Lead (Req#9L- & report sol, prim using Essbase using visualization srvc, & Retail Ntwk info SNYW) Sprt Maps Eval team for SW def internal des stand. sys. Travel Req’d 15%. eng prjcts, incldng user rqrmnts gthrng & analysis, planning, dpndecy idntfctn Software Engineer Applications ASIC Design Engineer (Req#9GUUJ5) & trckng, & implmntn of new feat. (Req#9G3QK6) Des & dev SW to en- Dsgn & dev memory intrfce HW (DDR hance & scale content platforms. PHY) for Apple sys on chips. Software Development Engineer (Req#9U8U7C) Design & develop test Software Engineer Applications (Req#- Hardware Development Engineer frameworks. 9J6PX8) Resrch, des & implmnt SW (Req#9H5UQQ) Des process for for multimedia playbck, controlled by OLED material deposition & thin film Product Design Engineer Bluetooth remote. encapsulation. Travel req 40%. (Req#9UMTD2) Develop product performance attribute dev tasks for new Software Development Engineer Alliance/Partner Specialist product programs. Travel req: 30%. (Req#9YU2BB) Dsgn, dev & debug (Req#A22U9Y) Onboard new mer-

66 ComputingEdge June 2016 116 COMPUTER WWW.COMPUTER.ORG/COMPUTER CAREER OPPORTUNITIES

Hardware Development Engineer Software Engineer Applications (Req#9T66ZP) Define & prototype (Req#9XD69X) Des & execute test Apple Inc. has new interconnects & measure perform plans for contact-center sys the following job to determine if realized interconnect Reliability Engineer (Req#9CHNE7) perform matches model predictions. Research & dev tests & specs required opportunities in CAD Engineer (Req#9YQVZW) In- to ensure reliable dsgn of new tech stall, configure, customize, & deploy components cntained in next gen Apple Austin, TX: CAD integration. prdcts. Travel req’d 20% Network Engineer (Req#9KQVA4) De- Software Development Engineer Software Engineer Applications liv & op data ntwrk services w/in the (Req#9GYVTU) Analyze & refine (Req#9RHVZM) Dsgn & dev SW global Apple networking environment. comp vision & computational photo srvces for large scale distribtd entr- ASIC Design Engineer (Req#9KLTNN) algorithms. prse sys. Work on the phys dsgn & implement of Data Mining Specialist (Req#9H- ASIC Design Engineer (Req#9PEPZP) HW chips. BUCV) Conduct regular & ad-hoc Test & debug microprocessors for mo- analyses & data mining on Customer bile dvces incldng phones & tablet & Support Transaction granularity comp. Apple Inc. has data to provide actionable insights at Software Engineer Applications the tactical & strategic levels. (Req#9LL3PA) Dsgn & dev large-scale the following job Software Engineer Applications SW sys. (Req#A523BZ) Des & dev automtd Supply Demand Planner opportunity in Coral solutns for iCloud mobile, web & (Req#9MSNZ8) Resp for prod avail Gables, FL: server SW feats. and revenue plan attainment for a Software Development Engineer prod. Operations Engineering Manager (Req#9E636N) Dsgn & dvlp a sys to Mechanical Quality Engineer (Req#9TNPSC) Respons for end-to- take advntge of user pttrns to improve (Req#9F4SGA) Resp for quality con- end planning & deploymnt of WW sys perfmnce. trol & manufact concepts to dev spe- BPR Initiatives w/in ALAC, incl testng, Software Development Engineer cific PQP appropriate to program & communic, readiness, implem &user (Req#9E632N) Design & dev media commodity. Travel req 30%. training & supp. Travel req’d 20%. SW for embedded syss. Software Development Engineer Software Development Engineer (Req#9GYVGG) Des & dev the Swift (Req#9QZTPN) Strive to imprve Ap- compiler optimizer. Analyze prog. writ Apple Inc. has ple’s revltnry mble paymnt solutn by in Swift & ID perf. bottlenecks and op- completing documented & ad-hoc tim opps. the following job tstng for cnsistnt HQ releases. Hardware Development Engineer opportunities in Software Development Engineer (Req#9FM3GA) Dsgn & dev sensing (Req#9NKTDB) Resp for the dsgn & HW modules & communicate w ven- Cupertino, CA and dvlpmnt of SW for the Siri srvr pltfrm. dors. Travel required 20%. Software Development Engineer Hardware Development Engineer various unanticipated (Req#9D2TKD) Dsgn & dvlp SW sys (Req#9T678K) Res for EMC/EMI dsgn locations throughout to automtclly sort & route SW defects & dev in Special Proj Group (SPG) & apprprtly & prvde an audit log of dbg EMC/EMI Simulation (3D Static & the USA: steps. Full Wave simulations) Project/Program Specialist (Req#9M- Hardware Development Engineer Systems Engineer (Req#9DCT9G) HV9J) Rvw, anlyze, & run all phases (Req#9GY23U) (Multiple positions) Work w/& support Apple resellers to of the sys devlpmnt life cycle while Dsgn, dev, & launch thin-film transis- sell, distribute & deploy Apple prod- wrkng clsly w/ cross-fnctnl teams thru- tor (TFT) tech for the portable, laptop, ucts across the US. Telecommuting per- out Apple. Travel req 20%. & desktop dsplays in Apple products. missible 100%. Travel Req 50%. Software Development Engineer Travel required 20% System Engineer (Req#9EYTU8) Sprt (Req#9E62VF) Dsgn & dvlp ntrl lang Data Analyst (Req#9YNLG2) Create tchncl prtn of iOS device sales to entr- processing & machine learning techn- & monitor customer dta flow. Ensure prs cstmrs (bus & gvmt) in US carrier qes for localizing Apple prdcts into in- dta flow isn’t broken or expe unexplnd channel. Work w/ teams, cstmrs, & trntnl mrkts & help scale A.I. apps like spikes. sales rsrcs to drv adptn of iOS devices Siri to new langs & regns. & pltfrm. Telecommuting permissible 100%. Travel Req’d 70%. ASIC Design Engineer (Req#9FSV2C) Wrk closely w/ archtctre & RTL dsgnrs on vrfyng the fnctnlty correctness of the CPU dsgn. Senior Mechanical Inspector (Req#9UD42C) Prfrm in-process, final & 1st article inspctn on incoming ma- Refer to Req# & mail resume to Apple Inc., ATTN: L.J., 1 Infinite Loop chined parts & assemblies. 104-1GM, Cupertino, CA 95014. Apple is an EOE/AA m/f/disability/vets.

www.computer.org/computingedge 67 JUNE 2016 117 TECHNOLOGY Intuit Inc. has openings for the following positions in Santa Clara County, including Mountain View, California or any office within normal commuting distance:

Staff Software Engineers in Quality (Job code: I-2321): Apply mastery of software engineering to design, influence and drive Quality and testability of products and services. Senior Product Managers (Job code: I-252): Design and implement a market-leading personalization engine (aka "in-product discovery” or IPD) that recommends QuickBooks features, add-ons, and partners. Applications Operations Engineers (Job code: I-49): Responsible for driving operational excellence for the connected services that a business offers to its customers to deliver an “always on” operation, year round, at the right cost. Senior Business Data Analysts (Job code: I-2265): Lead initiatives to collect, interpret, and report on key business metrics. Apply skills and systems expertise to create reports and analysis that provide actionable insights to business stakeholders. Senior Database Administrators (Job code: I-390): Define database definition, structures, documentation, upgrades, requirements, operational guidelines, and protection. Product Managers (Job code: I-922): Own billing roadmap and drive prioritization of external and internal customer requests driving company’s key strategies like worldwide billing platform, driving user adoptions, user retention and revenue, and driving critical initiatives to run the business (e.g. compliance, data security, customer communication and compliance). Some travel (20%) may be required to work on projects at various, unanticipated sites throughout the United States and India. Managers 3, IIT (Job code: I-312): Responsible for managing wide array of Intuit's enterprise business applications systems and technologies, with a mission to deliver global, always-on, predictable, awesome services.

Positions located in San Diego, California: Software Engineers (Job code: I-276): Apply software development practices to design, implement, and support individual software projects. Software Engineers in Quality (Job code: I-596): Apply best software engineering practices to ensure quality of products and services by designing and implementing test strategies, test automation, and quality tools and processes. Senior Software Engineer in Quality (Job code: I-940): Apply senior level software engineering practices and procedures to design, influence, and drive quality and testability of products and services. Senior Offering Program Managers – Release Engineering (Job code: I-41): Partner with cross-functional Business and Technology teams to drive complex program roadmaps/schedules involving multiple contributing teams.

Positions located in Woodland Hills, California: Staff Software Engineers (Job code: I-373): Apply master level software engineering and industry best practices to design, implement, and support software products and services.

Positions located in Plano, Texas: Senior Software Engineers (Job code: I-2305): Exercise senior level knowledge in selecting methods and techniques to design, implement, modify and support a variety of software products and services to meet user or system specifications. Senior Software Engineers in Quality (Job code: I-361): Apply senior level software engineering practices and procedures to design, influence, and drive quality and testability of products and services.

To apply, submit resume to Intuit Inc., Attn: Olivia Sawyer, J203-6, 2800 E. Commerce Center Place, Tucson, AZ 85706. You must include the job code on your resume/cover letter. Intuit supports workforce diversity.

68118 COMPUTER ComputingEdge WWW.COMPUTER.ORG/COMPUTERJune 2016 TECHNOLOGY LinkedIn Corp. LinkedIn Corp. has openings in our Mtn View, CA location for: Software Engineer (All Levels/Types) (SWE516MV) Design, develop & integrate cutting-edge software technologies; Senior Web Developer (6597.1285) Own front-end development for products & collabo- rate with visual/interaction designers, engineers, & product managers to launch new products, iterate on existing features, & build a world-class user experience; Manager, Software Engineering (6597.122) Work with Hadoop to data mine high quality profile data & search query logs to gain insights around search relevance; Manager, Software Engineer (6597.252) Manage the performance & career development of a small team of engineers, & own significant parts of LinkedIn products that require design, architecture, & coding.

LinkedIn Corp. has openings in our Sunnyvale, CA location for: Software Engineer (All Levels/Types) (SWE516SV) Design, develop & integrate cutting-edge software technologies; Senior Manager, Engineering (6597.1535) Manage the performance & career development of a team of engineers targeting iOS & Android native application development, & own significant parts of LinkedIn products that require design, architecture, & coding; Senior Salesforce.com Developer (6597.1370) Serve as Salesforce.com technical liaison in cross-functional teams that address strategic business issues involving CRM & sales operations.

LinkedIn Corp. has openings in our San Francisco, CA location for: Software Engineer (All Levels/Types) (SWE516SF) Design, develop & integrate cutting-edge software technologies; Manager, Software Engineering (6597.392) Manage the performance & career development of a small team of engineers, & own significant parts of LinkedIn products that require design, architecture, & coding; User Experience Designer (6597.925) Design solutions that address business, brand & user requirements.

LinkedIn Corp. has openings in our New York, NY location for: Software Engineer (SWE516NY) Design, develop & integrate cutting-edge software technologies.

Please email resume to: 6597@linkedin.com. Must ref. job code above when applying.

www.computer.org/computingedge JUNE 2016 69119 IT and FuTure employmenT edITor: George Strawn, [email protected]

Automation and Future Unemployment

George Strawn

or millions of years, pre- A goal of this column will be to goes, we should just focus on the humans and humans were consider a wide range of both pre- short term. For example, US busi- hunters and gatherers. dictions and interpretations. Read- ness focuses on the next two quar- Then, for 10,000 years, ers are encouraged to submit their ters, and US politics on the next two humansF were farmers. Only 200 opinions for publication. years. Even science is suspicious of years ago, the human world began In this article, I’ll consider the long-term predictions. Any scientist transforming into an industrial prediction that IT and related tech- who makes a prediction about what world. Already, the human world is nologies, such as robotics, are in will happen in two decades could be transforming again, into a post-in- the early stages of bringing about accused of spouting science fiction. dustrial (possibly even a post-work) massive, systemic unemployment Long-term predictions are not world. In the farming world, almost (full disclosure: I believe this sce- only difficult to get correct, they everyone was a member of a subsis- nario has a nontrivial probability often predict scenarios that people tence-farm family. In the industrial of happening later this century). don’t like. Some business inter- world, almost every man and many First, I will consider some issues ests don’t like the prediction of women were factory or office work- associated with making long-term ecological collapse, and some who ers. It’s too soon to know what “al- predictions. Then, I’ll identify are comfortable with the status most everyone” will be in the post- some recent books that make the quo don’t like predictions of social industrial world, but predictions unemployment prediction and il- change. Thus, there are economic abound. This column will focus lustrate it with one human activ- and social reasons to argue against on predictions about the future of ity that is about to be automated. any long-term prediction you don’t employment. Because this future Finally, I’ll consider whether this like, regardless of its likelihood. will be determined in large part by is a utopic or dystopic view of the Because long-term predictions IT-based products and services, IT future. only have likelihoods, a better Professional seems like a good place phrase to describe “predicting the to consider these predictions. “In the Long Run, We’re future” might be “analyzing future Niels Bohr famously said, “Pre- All Dead” scenarios.” In spite of disagree- dictions are hard—especially about Regardless of what John Maynard ments over likelihoods, thinking the future.” This is certainly true Keynes meant by this famous quip, about the future and analyzing about the future of employment. many people take it to justify focus- various scenarios could help keep Moreover, any prediction about ing on the short term. Besides, many us from backing into the future. this future can be interpreted as predictions about the future are no- Given that the future usually con- being positive or negative, depend- toriously wrong. Since we have to tains buzz saws, backing in is never ing on the feelings of the predictor. live in the present, the argument a good idea.

70 June 2016 Published by the IEEE Computer Society 2469-7087/16/$33.00 © 2016 IEEE 62 IT Pro January/February 2016 Published by the IEEE Computer Society 1520-9202/16/$33.00 © 2016 IEEE IT and FuTure employmenT edITor: George Strawn, [email protected]

Ned Ludd Redux? Chace, Three Cs, 2015); Humans Utopia or Dystopia? In the early days of the industrial Need Not Apply (Jerry Kaplan, Yale For one example of recent progress revolution in England, when cot- University Press, 2015); and Ma- in automation, consider “driverless tage spinning and weaving were chines of Loving Grace (John Markoff, cars.” Navigating a car in heavy being displaced by textile factories Ecco, 2015). The authors are an traffic was, until recently, thought (aka satanic mills), Ned Ludd re- interesting assortment: Byrnjolfs- to be too complex for computers, portedly destroyed some of the au- son and McAfee are professors of but it is arguably now done more tomated machinery. In the years management at MIT who study reliably by a computer than by a that followed, other disenfran- the economics of IT automation. human. This probably means that Automation chised textile workers followed Cowen is a professor of economics approximately 1.5 million truck suit, calling themselves Luddites. at George Mason University, where, drivers and 200,000 taxi drivers Ever since, people who resist any among his many interests, he stud- will be out of work in a couple of and Future automation have been called Lud- ies public choice economics. Brain decades. I speculate that it could dites. The rise of the textile in- is a computer scientist who, among also mean that traffic deaths will dustry was relatively quick1 and other things, created the How Stuff decrease from 30,000 a year to Unemployment might have been like throwing the Works website. Ford is a Silicon 3,000 once most cars are driverless. frog (Ned and his imitators) into Valley entrepreneur who has writ- By the way, the name “driverless hot water. On the other hand, the ten two books and several articles car” might come to sound as silly George Strawn rise of the post-industrial world is on automation-related unemploy- as “horseless carriage” does today. slower (or at least less visible), rais- ment. Chase is a businessman Moreover, car ownership might ing the water temperature a degree turned author. Kaplan is a Silicon disappear as “driverless Uber rides” or millions of years, pre- A goal of this column will be to goes, we should just focus on the at a time. For example, current Valley entrepreneur and futurist, become ubiquitous. humans and humans were consider a wide range of both pre- short term. For example, US busi- US unemployment (37 percent of and Markoff is a science and tech- This example illustrates the hunters and gatherers. dictions and interpretations. Read- ness focuses on the next two quar- adults are not in the labor force nology journalist. pluses and minuses of automation. Then, for 10,000 years, ers are encouraged to submit their ters, and US politics on the next two now compared to 33 percent in humansF were farmers. Only 200 opinions for publication. years. Even science is suspicious of 2007) is widely interpreted as due years ago, the human world began In this article, I’ll consider the long-term predictions. Any scientist to causes other than automation, If many jobs are automated, reducing the number transforming into an industrial prediction that IT and related tech- who makes a prediction about what such as workers voluntarily leav- of hours in the work week could help spread the world. Already, the human world is nologies, such as robotics, are in will happen in two decades could be ing the labor force.2 transforming again, into a post-in- the early stages of bringing about accused of spouting science fiction. However, in the past two years, remaining work and reduce unemployment. dustrial (possibly even a post-work) massive, systemic unemployment Long-term predictions are not seven books (and probably oth- world. In the farming world, almost (full disclosure: I believe this sce- only difficult to get correct, they ers that I haven’t read) have been everyone was a member of a subsis- nario has a nontrivial probability often predict scenarios that people published warning about and pre- As a special case, Cowen’s book If traffic deaths are cut to one tenth tence-farm family. In the industrial of happening later this century). don’t like. Some business inter- dicting the systemic unemploy- covers a shorter term and focuses of their present number, it would, of world, almost every man and many First, I will consider some issues ests don’t like the prediction of ment scenario. As an aside, only on IT-related underemployment. course, be a great benefit for soci- women were factory or office work- associated with making long-term ecological collapse, and some who one of these was written by a card- He says that for the next several ety. And if calling for rides replaces ers. It’s too soon to know what “al- predictions. Then, I’ll identify are comfortable with the status carrying economist. It seems that decades, 30 percent of workers— car ownership, a significant cost most everyone” will be in the post- some recent books that make the quo don’t like predictions of social many economists hew to the party those who can work with the ma- savings for families could result. industrial world, but predictions unemployment prediction and il- change. Thus, there are economic line that capitalism has always de- chines—will do well, but that 70 On the other hand, don’t expect car abound. This column will focus lustrate it with one human activ- and social reasons to argue against stroyed old jobs (creative destruc- percent will be stuck in a down- makers (or dealers or repair shops on predictions about the future of ity that is about to be automated. any long-term prediction you don’t tion at work), but that it always ward spiral (hence, “average is or gas stations) to cheer, because employment. Because this future Finally, I’ll consider whether this like, regardless of its likelihood. creates more new jobs than were over”). However, the other authors the total number of cars sold might will be determined in large part by is a utopic or dystopic view of the Because long-term predictions destroyed. In other words, past are IT specialists of one stripe or also be one tenth of today’s num- IT-based products and services, IT future. only have likelihoods, a better performance is used to predict the another and are quite aware of the bers. What about truck and taxi ex- Professional seems like a good place phrase to describe “predicting the future. revolutionary advances current- drivers and ex-car makers? There to consider these predictions. “In the Long Run, We’re future” might be “analyzing future The unemployment-predicting ly being made in IT and related might be nowhere for them to look Niels Bohr famously said, “Pre- All Dead” scenarios.” In spite of disagree- books are The Second Machine Age technologies that could radically for a new job if most other job cate- dictions are hard—especially about Regardless of what John Maynard ments over likelihoods, thinking (Eric Byrnjolfsson and Andrew modify the employment picture. gories are also being automated out the future.” This is certainly true Keynes meant by this famous quip, about the future and analyzing McAfee, Norton, 2014); Average Is I encourage interested readers to of existence. about the future of employment. many people take it to justify focus- various scenarios could help keep Over (Tyler Cowen, Dutton, 2014); pick up one or more of these books If many, but not most, jobs are Moreover, any prediction about ing on the short term. Besides, many us from backing into the future. The Second Intelligent Species (Mar- and judge for yourself. They are all automated, perhaps reducing the this future can be interpreted as predictions about the future are no- Given that the future usually con- shall Brain, BYG Publishing, 2015); good reads, and if you want a sug- number of hours in the work week being positive or negative, depend- toriously wrong. Since we have to tains buzz saws, backing in is never Rise of the Robots (Martin Ford, Basic gestion, start with the most recent, could help spread the remaining ing on the feelings of the predictor. live in the present, the argument a good idea. Books, 2015); Surviving AI (Calum Humans Need Not Apply. work and reduce unemployment.

Sweden is currently pursuing this their millions of years of hunting world/europe/sweden-introduces policy.3 However, if or when most and gathering experience, will be -six-hour-work-day-a6674646.html. jobs are automated, society would happy to get back to hunting, fish- 4. “Swiss to Vote on 2,500 Franc Basic face (at least) three big problems. ing, and picking berries every day, Income for Every Adult,” Reuters, 4 To quote Voltaire in Candide, not just on weekends. Oct. 2013; www.reuters.com/article/ “Work saves us from three great 2013/10/04/us-swiss-pay-idUSBRE evils: boredom, vice, and need.” To 9930O620131004#SePoC7Qf36KY accommodate need, some policy n sum, should this unemploy- Be6G.97. makers see a guaranteed annual ment scenario come to pass, 5. H. Moravec, Robot: Mere Machine income as a solution. Switzerland I policy makers will have as big a to Transcendent Mind, Oxford Univ. is already considering this op- job moving us to such a brave new Press, 1998. tion;4 however, in the US, the very world as they did 200 years ago, 6. K. Polanyi, The Great Transformation: thought raises cries of socialism. when they moved us from farms The Political and Economic Origins of Other more capitalistic policy re- to offices and factories.6 Our Time, Beacon, 2001.

Should this unemployment scenario come to pass, George Strawn is the former director of the National Coordination Office for the policy makers will have as big a job moving us to Networking and Information Technol- such a brave new world as they did 200 years ago. ogy Research and Development Program (NITRD). He is now retired. Contact him at [email protected].

sponses include giving each citizen References a stock and bond account. Perhaps 1. S. Beckert, Empire of Cotton: A New if or when business determines History of Global Capitalism, Allen that jobless consumers need cash Lane/Penguin, 2014. to continue buying their goods 2. M. Woolhouse, “Percentage of Those and services, our mythology of in Labor Pool at 38-Year Low,” Bos- rugged individualism will be ad- ton Globe, 3 July 2015; https://www. This article originally appeared in justed accordingly. bostonglobe.com/business/2015/ IT Professional, vol. 18, no. 1, 2016. Assuming for the sake of argu- 07/02/percentage-workers-labor ment that “need” could be relieved -pool-falls-year-low/zfLQrKjCyhra by a guaranteed annual income 95v8PJxWcI/story.html. or some other policy, boredom 3. H. Matharu, “Sweden Introduces Six- Selected CS articles and and vice might pose equally large Hour Work Day,” Independent, 1 Oct. columns are available for free at problems. Whether you were 2015; www.independent.co.uk/news/ http://ComputingNow.computer.org. one of the lucky ones who had a meaningful career or one of those who worked a meaningless job out of necessity, once you’re out of a job your “idle hands are the devil’s IT Professional (ISSN 1520-9202) is published bimonthly by the IEEE Computer Society. IEEE workshop,” or so we are told by Headquarters, Three Park Avenue, 17th Floor, New York, NY 10016-5997; IEEE Computer So- ciety Publications Office, 10662 Los Vaqueros Circle, PO Box 3014, Los Alamitos, CA 90720- various proverbs. However, there 1314; voice +714 821 8380; fax +714 821 4010; IEEE Computer Society Headquarters, 1828 are also optimistic views regard- L St. NW, Suite 1202, Washington, DC 20036. Annual subscription: $49 in addition to any IEEE Computer Society dues. Nonmember rates are available on request. Back issues: $20 for ing this possible future. members, $143 for nonmembers. The ancient Athenians believed Postmaster: Send undelivered copies and address changes to IT Professional, Member- ship Processing Dept., IEEE Service Center, 445 Hoes Lane, Piscataway, NJ 08854-4141. that since their slaves performed Periodicals Postage Paid at New York, NY, and at additional mailing offices. Canadian GST the required labors of society, they #125634188. Canada Post Publications Mail Agreement Number 40013885. Return unde- liverable Canadian addresses to PO Box 122, Niagara Falls, ON L2E 6S8, Canada. Printed were freed for the work of citizen- in the USA. ship. Perhaps our silicon slaves Editorial: Unless otherwise stated, bylined articles, as well as product and service descriptions, reflect the author’s or firm’s opinion. Inclusion in IT Professional does not could do likewise for us? Even more necessarily constitute endorsement by the IEEE or www.computer.org/itprothe Computer Society. All utopi cally, Hans Moravec wrote in submissions are subject to editing for style, clarity, and space. his book Robot 5 that our genes, with

72 ComputingEdge June 2016 64 IT Pro January/February 2016 OF CYBERSECURITY AND THREATS COUNTER MEASURES

Learn What You Must Know About Risk Assessment and Mitigation

13 September 2016 | Seattle, Washington

What Do You Need to Know About Rock Star Speakers Cybersecurity?

Lots!

The attackers have gotten more sophisticated. No company or person is safe. At Rock Stars of Cybersecurity, we’ve brought together the real leaders in this critical technology – Google, Adobe, PayPal, Intel Health and Life Sciences, and others – to talk about the trends, risk-based security programs and advice on how you can Drew Hintz Bruce Snell Hui Wang develop real-world security solutions that work Vulnerability Analyst Cybersecurity and Sr. Director of Global for your organization – and that don’t disrupt your Google Privacy Director, Risk Sciences operations. Intel Security Paypal

#RSRBSwest www.computer.org/rbswest