Container Allocation and Deallocation Traceability using Docker Swarm with Consortium Hyperledger Blockchain (original) (raw)
Related papers
Event2Ledger: Container traceability using Docker Swarm and consortium Hyperledger blockchain
Anais Estendidos do XXII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg Estendido 2022)
Cloud computing employing container-based virtualization enables dynamic allocation of computational resources, providing scalability and fault tolerance, etc. However, this flexibility could imply a drawback: container environment monitoring is highly challenging due to the large flow of calls and (de)allocations. In this work, we present event2ledger, a blockchain-based solution that implements a distributed log with data sent by authorized and customized collectors to a permissioned consortium blockchain, responsible for ordering and storage in a distributed and auditable manner. A proof-of-concept is implemented with a Hyperledger Fabric consortium blockchain, composed and maintained by the scenario actors (i.e., Providers, Users, and Developers), which stores signed container life cycle events.
CoMA: Resource Monitoring of Docker Containers
Proceedings of the 5th International Conference on Cloud Computing and Services Science, 2015
This research paper presents CoMA, a Container Monitoring Agent, that oversees resource consumption of operating system level virtualization platforms, primarily targeting container-based platforms such as Docker. The core contribution is CoMA, together with a quantitative evaluation verifying the validity of the measurements reported by the agent for three metrics: CPU, memory and block I/O. The proof-of-concept is implemented for Docker-based systems and consists of CoMA, the Ganglia Monitoring System and the Host sFlow agent. This research is in line with the rising trend of container adoption which is due to the resource efficiency and ease of deployment. These characteristics have set containers in a position to topple virtual machines as the reigning virtualization technology in data centers.
Integrity verification of Docker containers for a lightweight cloud environment
Future Generation Computer Systems
Virtualisation techniques are growing in popularity and importance, given their application to server consolidation and to cloud computing. Remote Attestation is a well-known technique to assess the software integrity of a node. It works well with physical platforms, but not so well with virtual machines hosted in a full virtualisation environment (such as the Xen hypervisor or Kernel-based Virtual Machine) and it is simply not available for a lightweight virtualisation environment (such as Docker). On the contrary, the latter is increasingly used, especially in lightweight cloud platforms, because of its flexibility and limited overhead as compared to virtual machines. This paper presents a solution for security monitoring of a lightweight cloud infrastructure, which exploits Remote Attestation to verify the software integrity of cloud applications during their whole life-cycle. Our solution leverages mainstream tools and architectures, like the Linux Integrity Measurement Architecture, the OpenAttestation platform and the Docker container engine, making it practical and readily available in a real-world scenario. Compared to a standard Docker deployment, our solution enables run-time verification of container applications at the cost of a limited overhead.
C-Balancer: A System for Container Profiling and Scheduling
2020
Linux containers have gained high popularity in recent times. This popularity is significantly due to various advantages of containers over Virtual Machines (VM). The containers are lightweight, occupy lesser storage, have fast boot-up time, easy to deploy and have faster auto-scaling. The key reason behind the popularity of containers is that they leverage the mechanism of micro-service style software development, where applications are designed as independently deployable services. There are various container orchestration tools for deploying and managing the containers in the cluster. The prominent among them are Docker Swarm and Kubernetes. However, they do not address the effects of resource contention when multiple containers are deployed on a node. Moreover, they do not provide support for container migration in the event of an attack or increased resource contention. To address such issues, we propose C-Balancer, a scheduling framework for efficient placement of containers i...
Virtualization in Cloud Computing: Moving from Hypervisor to Containerization-A Survey
Springer Arabian Journal for Science and Engineering, SCI Indexed, 2021
Containers emerged as a lightweight alternative to virtual machines that offer better microservice architecture support. They are widely used by organizations to deploy their increasingly diverse workloads derived from modern applications such as big data, IoT, and edge/fog computing in either proprietary clusters or private, public cloud data centers. With the growing interest in container-based virtualization technologies, the requirement to explore the deployment and orchestration of clusters of containers has become a central research problem. Although progress has been made to study containerization, systematic consolidation of the existing literature with a summative evaluation is still missing. To fill this gap, in this paper, we first taxonomically classify the existing research studies on the performance comparison between hypervisor and container technology and then analyze state-of-the-art for container cluster management orchestration systems, its performance monitoring tools, and finally future research trends. This results in a better understanding of container technology with attention to provide summative analysis in terms of (i) how much performance overhead is generated by a hypervisor compared to container-based virtualization, (ii) which container technology is suited for a cloud application deployment based on the type of benchmark executing, (iii) how to provide management of containers deployed in a cluster environment, (iv) container performance monitoring tools, and (v) finally emerging concerns for future research directions.
ArXiv, 2018
Container technologies, like Docker, are becoming increasingly popular. Containers provide exceptional developer experience because containers offer lightweight isolation and ease of software distribution. Containers are also widely used in production environments, where a different set of challenges arise such as security, networking, service discovery and load balancing. Container cluster management tools, such as Kubernetes, attempt to solve these problems by introducing a new control layer with the container as the unit of deployment. However, adding a new control layer is an extra configuration step and an additional potential source of runtime errors. The virtual machine technology offered by cloud providers is more mature and proven in terms of security, networking, service discovery and load balancing. However, virtual machines are heavier than containers for local development, are less flexible for resource allocation, and suffer longer boot times. This paper presents an al...
Containers and Virtual Machines at Scale: A Comparative Study
2016
Virtualization is used in data center and cloud environments to decouple applications from the hardware they run on. Hardware virtualization and operating system level virtualization are two prominent technologies that enable this. Containers, which use OS virtualization, have recently surged in interest and deployment. In this paper, we study the differences between the two virtualization technologies. We compare containers and virtual machines in large data center environments along the dimensions of performance, manageability and software development. We evaluate the performance differences caused by the different virtualization technologies in data center environments where multiple applications are running on the same servers (multi-tenancy). Our results show that co-located applications can cause performance interference, and the degree of interference is higher in the case of containers for certain types of workloads. We also evaluate differences in the management frameworks ...
HLF-Kubed: Blockchain-Based Resource Monitoring for Edge Clusters
Ledger
In the past several years, there has been an increased usage of smart, always- connected devices at the edge of the network, which provide real-time contextual information with low overhead to optimize processes and improve how companies and individuals interact, work, and live. The efficient management of this huge pool of devices requires runtime moni- toring to identify potential performance bottlenecks and physical defects. Typical solutions, where monitoring data are aggregated in a centralized manner, soon become inefficient, as they are unable to handle the increased load and become single points of failure. In addition, the resource-constrained nature of edge devices calls for low-overhead monitoring systems. In this paper, we propose HLF-Kubed, a blockchain-based, highly available framework for monitoring edge devices, leveraging distributed ledger technology. HLF-Kubed builds upon Kubernetes container orchestrator and HyperLedger Fabric frameworks and implements a smart co...
Insight from a Containerized Kubernetes Workload Introspection
Proceedings of the Annual Hawaii International Conference on System Sciences, 2021
Developments in virtual containers, especially in the cloud infrastructure, have led to diversification of jobs that containers are used to support, particularly in the big data and machine learning spaces. The diversification has been powered by the adoption of orchestration systems that marshal fleets of containers to accomplish complex programming tasks. The additional components in the vertical technology stack, plus the continued horizontal scaling have led to questions regarding how to forensically analyze complicated technology stacks. This paper proposed a solution through the use of introspection. An exploratory case study has been conducted on a bare-metal cloud that utilizes Kubernetes, the introspection tool Prometheus, and Apache Spark. The contribution of this research is twofold. First, it provides empirical support that introspection tools can acquire forensically viable data from different levels of a technology stack. Second, it provides the ground work for comparisons between different virtual container platforms.
International Journal of Advanced Research in Computer Science , 2017
The interest on conventional technologies is declining with the increasing demand on new technologies. In the virtualization industry, container based technology has become the most powerful technologies in the last couple of years. With the arrival of Docker, implementation of containerization technology has become more simplified and efficient. Unlike other virtualization platform, Docker is an open source software container platform that provides some facilities, which are useful for developers and administrators. Docker has the traits of providing fast and lightweight virtualization on operating system-level, because of which Docker has become popular technology to serve variety of cloud platforms. Development cost and time can be brought down tremendously by simply replacing traditional ongoing virtual machine with Docker container. Also with the use of Docker, the cost of redeveloping the cloud platform can be reduced to great extent.