Workflow Specification and Scheduling with Security Constraints in Hybrid Clouds Daniel S. Marcon∗, Luiz F. Bittencourty, Ramide Dantasz, Miguel C. Neves∗, Edmundo R. M. Madeiray, Stenioˆ Fernandesx, Carlos A. Kamienski{, Marinho P. Barcelos∗, Luciano P. Gaspary∗, Nelson L. S. da Fonsecay ∗Institute of Informatics, Federal University of Rio Grande do Sul – Av. Bento Gonc¸alves, 9500, Porto Alegre - RS - Brazil fdaniel.stefani, mcneves, marinho, [email protected] yInstitute of Computing, University of Campinas – Av. Albert Einstein, 1251, Campinas - SP - Brazil fbit, edmundo, [email protected] zInstituto Federal de Educac¸ao,˜ Cienciaˆ e Tecnologia de Pernambuco – Av. Prof Luiz Freire, 500, CDU - Recife - PE - Brazil [email protected] xFederal University of Pernambuco – Avenida Jornalista An´ıbal Fernandes, Recife - PE - Brazil sfl[email protected] {Federal University of the ABC – Rua Catequese, 242, Santo Andre´ - SP - Brazil [email protected] Abstract—Hybrid cloud management must deal with resources requirements of services and minimizing costs [6]. In this from both public and private clouds, as well as their interaction. paper, we address such problem by proposing an integrated When workflows are executed in a hybrid cloud, dependencies solution. In the proposed approach, the scheduler decides, for among their components bring new factors to be considered dur- ing specification, scheduling, and virtual machine provisioning. In each workflow, the set of tasks that will run in which platform this paper, we describe three components, namely workflow code, (private or public), with the goal of minimizing tenant cost scheduler, and resource allocator, which enable the specification while meeting the workflow deadline. After determining the and execution of workflows in hybrid clouds in the context of amount of computing and network resources needed by the the AltoStratus middleware. We present a case study that shows workflow, the scheduler sends this information to a resource the interaction among these components, and their applicability in practice. allocation component, which will map the request onto the cloud infrastructure taking security and performance criteria I. INTRODUCTION into account. Therefore, the main contribution of this work is The use of Cloud Computing brings challenges to large to reconcile efficient scheduling and allocation of workflows enterprises, especially those that operate their own datacenters. in hybrid clouds and the fulfillment of security requirements. These organizations would like to take advantage of cloud The remainder of the paper is organized as follows. Sec- features (such as dynamic allocation of computing resources tion II briefly describes AltoStratus. Section III introduces [1]) using their previous investment on infrastructure. In this the proposed approach to schedule and allocate workflows in context, security and privacy concerns [2], [3] tend to exist a hybrid cloud infrastructure according to performance and around fewer aspects since data is kept in the organizations’ security criteria, while its evaluation is presented in Section IV. premises and not in the cloud provider machines. Such cloud Section V discusses related work, and Section VI concludes infrastructures are called private clouds. They can be seen as an the paper. alternative to public cloud providers, which consist of public II. ALTOSTRATUS MIDDLEWARE and shared on-demand pay-per-use virtualized infrastructures. Hybrid cloud solutions attempt to get the best of both In this section we describe the AltoStratus middleware, pre- worlds, public and private clouds [4]. Using a hybrid cloud, senting its components and the interactions that the resource enterprises can employ their local resources to have a cloud- allocation components, which are the focus of this paper, need like experience and still be able to use computing power from to perform. public providers to accommodate transient demand surges, for AltoStratus is a middleware platform composed of two example. However, the hybrid solution imposes its own chal- layers (see Figure 1). The application developer interacts with lenges [5]. In this context, the AltoStratus project1 aims to pro- the bottommost layer, called workflow composition. This layer pose middleware techniques and mechanisms for composing, provides a GUI for the creation and manipulation of service executing, and managing services in hybrid and heterogeneous workflows, allowing the specification of functional and non- computational cloud environments. functional requirements that need to be met. Via the GUI, Deploying a new service or business process (workflow) workflows can be created directly by choosing the set of on a hybrid cloud raises the question of how to make the best concrete services that compose them. The developer also has use of local resources while meeting performance and security the option of creating semantic workflows based on abstract tasks instead of concrete services. The set of concrete services 1http://www.dimap.ufrn.br/altostratus/english/ that implement these tasks are selected automatically at a later with the semantic workflow. Several alternative plans can exist for the same input specification; the selection module chooses the one that matches the workflow’s requirements, which is then transferred to the code generation module. c) Code Generation: This module performs the transla- tion of the execution plan created by the selection module into an executable service code. This code is packaged together with other information about the new service (and any sub- services in which it depends on) to form the Workflow Code (WC). d) Scheduler: Before the execution of the Workflow Code, the scheduler obtains information about running services from the resource monitor and chooses where the services specified in the Workflow Code should be deployed based on the workflow quality of service requirements. e) Monitor: This module checks if the established QoS for the services deployed are being served. In case a problem with a virtual machine is detected, or if the QoS level is below the specified threshold, it determines which modules (elasticity and/or adaptation) should be called to solve this Fig. 1. AltoStratus architecture. issue (according to the policy associated with the service). f) Elasticity: The elasticity module scales in or scales out the amount of resources allocated for a given service in stage, according to non-functional requirements provided by accordance with the service QoS parameters. Toward this end, the developer. it verifies if it is feasible to instantiate new VMs according The second layer (service management) consists of six to elasticity policies contained in the WC and, if so, it calls main components: service monitor, adaptation, elasticity, se- the scheduling module. This module also turns off virtual lection, scheduling (including security), and code generation. machines when they are not used (i.e., when cloud demand In addition to QoS monitoring of deployed services, these is low), to reduce costs. Note that the decision to shut down components are responsible for the composition, selection of virtual machines is controlled by service policies. services and adaptation of workflows generated by the modules g) Adaptation: When elasticity fails (if elasticity is not of the previous layer. possible), or if the policy specifies that the elasticity module The service management layer must also handle security should not be called, the adaptation module seeks alternative and resource management among different cloud platforms. services in the hybrid cloud to be used by the workflow to Security is taken into account when allocating resources in the meet the specified QoS requirements. In fact, it triggers the cloud infrastructure (more details are presented in Section III). selection module to get new execution plans for the workflow. Resource management considers the creation and manipulation While the elasticity module attempts to solve the QoS problem of VMs located in different platforms, as well as elasticity and at the infrastructure level, the adaptation module selects an load balancing among these VMs. alternative set of services to increase QoS. In general, AltoStratus has modules to enable several kinds III. WORKFLOW DEPLOYMENT AND SCHEDULING of interactions, such as high-level ones (for instance, directly with tenants) as well as low-level ones (resource allocation in For a workflow to be submitted to run in the hybrid cloud, the infrastructure). The main components of the architecture several management tasks must be performed. In this paper, are discussed next. we are concerned with the following three steps: a) AltoStratus GUI: AltoStratus graphical interface en- 1) Workflow specification: defines the necessary services ables the developer to define new service compositions (or and their dependencies; workflows) either explicitly, by informing each concrete ser- 2) Workflow scheduling: defines where (i.e., in which vir- vice, or via abstract tasks. In the latter, concrete services that tual machine instance) each service from the composi- match the desired tasks are selected based on their semantic tion will run; descriptions in the next stage. The composition can also be 3) Virtual machine allocation: defines where (i.e., in which partially defined, letting an automatic composition algorithm physical machine) each virtual machine instance speci- complete the specification. The output of this stage is a fied by the scheduler will run. semantic specification, which serves