architectural transformations in network services and distributed systems

Architectural Transformations in Network Services and Distributed Systems

Andriy LuntovskyyJosef Spillner

Architectural Transformations in NetworkServices and Distributed Systems

Andriy Luntovskyy bull Josef Spillner

ArchitecturalTransformations in NetworkServices and DistributedSystems

Andriy LuntovskyyBerufsakademie SachsenDresden Germany

Josef SpillnerService Prototyping LabZuumlrcher Hochschule fuumlr AngewandteWissenschaftenWinterthur Switzerland

ISBN 978-3-658-14840-9 ISBN 978-3-658-14842-3 (eBook)DOI 101007978-3-658-14842-3

Library of Congress Control Number 2016957988

Springer Viewegcopy Springer Fachmedien Wiesbaden Gmb 2017This work is subject to copyright All rights are reserved by the Publisher whether the whole or part ofthe material is concerned specifically the rights of translation reprinting reuse of illustrations recitationbroadcasting reproduction on microfilms or in any other physical way and transmission or information storageand retrieval electronic adaptation computer software or by similar or dissimilar methodology now known orhereafter developedThe use of general descriptive names registered names trademarks service marks etc in this publication doesnot imply even in the absence of a specific statement that such names are exempt from the relevant protectivelaws and regulations and therefore free for general useThe publisher the authors and the editors are safe to assume that the advice and information in this book arebelieved to be true and accurate at the date of publication Neither the publisher nor the authors or the editorsgive a warranty express or implied with respect to the material contained herein or for any errors or omissionsthat may have been made

Printed on acid-free paper

This Springer Vieweg imprint is published by Springer NatureThe registered company is Springer Fachmedien Wiesbaden GmbHThe registered company address is Abraham-Lincoln-Str 46 65189 Wiesbaden Germany

H

To our caring wives

Preface

About the Book

Book objectives You are reading a book which aims to cover the broad field of recentinnovations in network services and distributed systems The target group of the bookencompasses students of universities and technical high schools graduated engineers aswell as teaching staff If you are somebody else do not worry the covered subjects maystill be of interest to you This book offers its readers a dual functionality

As a monograph With the given work we decided to help not only the readersand students but also ourselves as the professionals who are actively involved inthe networking telecommunications and systems communities by understanding thetrends which have developed in the recent decade in distributed systems and networkingapplications Important architectural transformations of modern distributed systems areexamined and presented in survey style Examples of new architectural solutions fornetwork (mobile) services and applications are discussed Among them are the Internetof Services Clouds Smart Grids Parallel and Distributed Computing Fog Computingand the Internet of Things to mention a couple of popular concepts

As a handbook Current technologies standards and research results for advanced(mobile) networks connected devices and provisioned services as well as for higher-level network functions and software applications are focused within this book from apractical angle The authors highlight how these technical underpinnings to our digitalcommunication and collaboration infrastructure are being transformed to reflect societyrequirements Efficient architectures principles and systems for mobile and wirelesscommunication criteria for optimisation of networks and distributed systems as well ascentral ideas to new system concepts are widely discussed herein Use case presentationsand studies with in-depth technical descriptions along with a test exam strengthen thenature of this book as handbook to use for courses and projects

vii

viii Preface

Learning objectives The learning objectives targeted by the book are as follows

1 Readersstudents should be able to combine integrate analyse and manage thesolutions to the above-mentioned technologies (Clouds Smart Grids Parallel andDistributed Computing Fog Computing Internet of Services Internet of Things) Theyshould also be able to implement custom systems on the basis of an adequate conceptualgrounding in practical projects

2 As a result readersstudents become skilled to create and evaluate well-performingreliable and secure access aspects to data and network applications distributed systemsand mobile apps The systems and services should be usable in a data protection-compliant manner and aligned with user preferences

3 Readersstudents become educated to develop custom architectures of network servicesand distributed systems as well as to comment critically on the associated problems

Numerous examples in the chapters comparison tables excursions into technologicalstacks figures with structures and demonstrations are highlights of this book Everychapter has a list of keywords complemented by actual system examples a summaryand continuing bibliographic records Furthermore at the end there is a whole chapterdedicated to repetition and self-controlling by offering questions and answers to many ofthe discussed topics along with further insight into the research behind the covered systemsand services

Motivation Despite the existence of a broad range of scientific and practical literatureon the topics of distributed computing cloud computing privacy-preserving systemsgreen IT Internet of Things and so forth from our perspective as researchers andlecturers there is a distinct lack of combined monographshandbooks with a pretenceto be useful to education In particular most of the literature describes technologicalsnapshots as points in time Instead we want to explicitly include historical backgroundinformation and focus on the ongoing evolution and trends which are similar in manyareas Furthermore we were not satisfied with literature which merely lists positions andstandards instead of allowing the reader to dive right into the technology by offeringconcrete implementation and use case links Especially for students in co-education (forinstance BerufsakademieDuale Hochschule Fachhochschule and (houmlhere) Fachschule inGermany and Switzerland vocational and community colleges in the US) the practicallinks are essential to decide whether or not a certain technology should indeed be evaluatedfor upcoming projects

The book partially continues the educational approach of a previous book calledPlanning and Optimisation of Computer Networks Methods Models Tools for DesignDiagnosis and Management in the Lifecycle of Wired and Wireless Computer Networksby Luntovskyy Guetter and Melnyk which appeared by Springer Vieweg in Germanlanguage in 2011 The original title is Andriy Luntovskyy Dietbert Guetter IgorMelnyk Planung und Optimierung von Rechnernetzen Methoden Modelle Tools fuumlr

Preface ix

Entwurf Diagnose und Management im Lebenszyklus von drahtgebundenen und draht-losen Rechnernetzen Springer Fachmedien Wiesbaden GmbH 2011 435 pages (ISBN978-3-8348-1458-6) 1st edition 2011 with 245 figures und 64 tables The present bookcomplements and extends the range of topics It addresses the evolved development fromcomputer networks to network-integrated and network-connected services in particularcloud and fog services as well as modern architectures of distributed (mobile) applicationssuch as 5G and low-energy radio links The new book therefore presents a holistic view ontransformation processes which are nowadays often less technically motivated but ratherby the needs of the society which is subject to a higher degree of pervasive services Thebenefits for society are about ecology (green networks) privacy (secure clouds) comfort(always on) and economy (pay as you go)

Structure of the Book

This book is divided into seven chapters The first chapter offers a birdrsquos perspective onthe history and present development of networking and service topics The second chapterpresents state-of-the-art distributed systems and uses them to explain the architecturaltransformations which most of todayrsquos systems are subject to In the chapters three to sixdifferent architectures and systems will be presented including clusters clouds fogs andmobile applications The seventh chapter offers a holistic view on security in networkedservices Finally five appendices and one more auxiliar digital appendix complete thebook

bull Chapter 1 ndash Periodisation of Network Service Development The evolution of hardwareand infrastructure on one hand and of services on the other hand is divided into fourphases each

bull Chapter 2 ndash Architectural Transformation in Distributed Systems Clusters and cloudspeer-to-peer architectures and distributed databases will be presented and reflected onin the context of the evolution and transformation of systems

bull Chapter 3 ndash Evolution of Clustering and Parallel Computing Clusters grids andparallel computing will be introduced Their benefits concerning the performance ofcomputing but also the necessary trade-offs with energy consumption and price willbe highlighted The management of resources and applications in these environmentswill also be explained

bull Chapter 4 ndash Cloud Computing Virtualisation RAICs and SDN This chapter willintroduce contemporary cloud stacks and services including programmable networksvirtual teleconferences and safe data backups

bull Chapter 5 ndash Smart Grid Internet of Things and Fog Computing Beyond the softwareside small connected hardware devices and the connection between computer networksand energy distribution networks will be covered in this chapter

x Preface

bull Chapter 6 ndash Future Mobile Communications From 4G to 5G 5G Enabling TechniquesMobile communication protocols for global (phones) and local distances will bepresented A special focus is on the upcoming 5G connectivity

bull Chapter 7 ndash Security in Distributed Systems This chapter will give a holistic view onwhat is commonly called security by introducing into concrete protection goals andmatching security layers It will also include a discussion of privacy and legal aspectswith a focus on how users can protect their activities and communication in todayrsquos andtomorrowrsquos distributed systems

bull Appendices First selected originators and designers of distributed systems will bebriefly presented Then specific research projects with recent results which contributeto the evolution and transformation will be introduced The further parts containexplanations to common acronyms in mobile and wireless technologies a repetitionand control part to track the learning progress when reading the book and finally anexample of a written exam to the discussed subjects The solutions to the exam areavailable as auxiliar digital appendix

Dresden Germany Andriy LuntovskyyWinterthur Switzerland Josef Spillner

Acknowledgement

All our graceful heartrsquos acknowledgements to Prof Dr rer nat habil Dr h c AlexanderSchill (encouragements and challenges) Dr rer nat Dietbert Guumltter (proofreading) ProfDr Andreas Westfeld Prof Dr Thomas Horn Dr Reiner Keil (inspiration in absentia)and many other colleagues students and reviewers for their helpful and friendly supportthe inspirations and co-operation while completing this work

Our special acknowledgment goes to Dr-Ing habil Igor Melnyk for his altruisticcontribution to the modelling of the waste heat and cooling process in ldquogreenrdquo data centersand clouds

xi

About the Authors

The book contents have been primarily provided by Andriy Luntovskyy Some sectionsand editorial guidance were provided by Josef Spillner Most of the material is publishedfor the first time although some is based on previous research papers including jointpapers by the authors and material kindly added by fellow academics

Andriy Luntovskyy Prof Dr habil

Andriy Luntovskyy is with BA Dresden University of Cooperative Education DresdenGermanyOffice Room 2105 Hans-Grundig-Strasse 25 01307 Dresden (Johannstadt) GermanyPhone +49 (0)351-44722-703Fax +49 (0)351-44722-9520Email AndriyLuntovskyyba-dresdendeWWW httpwwwba-dresdendeWWW (EN) httpsitesgooglecomsiteluntovskyyWWW (UA) httpsitesgooglecomsiteandriyluntovskyyWWW (DE) httpwwwba-dresdendedestudiumstudienangebotitansprechpartnerhtml

xiii

xiv About the Authors

Andriy Luntovskyy is member of the Academy of Sciences for High School of Ukraine(ANVSUorgua) and member of the Academy of Telecommunications of Ukraine andInternational IT Academy

Teaching and Classes Computer Networks Mobile Communication and TelematicsBasics of Programming and Software Technology Distributed Systems Operating Sys-tems Web-Applications and Office Communication Data Security and IT Legacy Basicsof Computer Science and Business Informatics Guest lectures in Ukraine and Polandclasses for bachelor master and PhD students

Research CANDY ndash Computer-Aided Network Design utility Design of WiredWireless and Mobile Networks Clouds Clustering and Mobile Computing Web ServicesSOA and Virtualisation Methods Mobile and Wireless Networks Energy Efficiencyin Networks Wireless Sensor Networks Smart Grid and IoT Multiservice MobilePlatforms

Attendance and co-chairman at multiple conferences and forums (CEBIT 2007 20082011) Publications two books are published in Germany (2008 2011) other 12 booksin mother tongue in Ukraine more than 130 papers to conferences and magazines amongthem multiple IEEE Xplore publications

Josef Spillner Dozent Dr-Ing habil

Josef Spillner is with Zurich University of Applied Sciences (ZHAW) School of Engi-neering Winterthur SwitzerlandOffice Room O317 Obere Kirchgasse 2 8400 Winterthur SwitzerlandPhone +41 (0) 58 934 45 82Fax +41 (0) 58 935 45 82Email josefspillnerzhawchWWW httpwwwzhawch=spioWWW httpwwwserviceplatformorg

Josef Spillner performs research on service and cloud ecosystems is the initiator ofthe Open Source Service Platform Research Initiative founder of the Cloud Storage

About the Authors xv

Lab at Technische Universitaumlt Dresden in Germany (TUD) and the head of the ServicePrototyping Lab at ZHAW

Teaching and classes Introduction into Research Areas of Computer Science Devel-opment of Distributed Sysstems on the Basis of SOA Complex Internship for Service andCloud Computing OS and Computer Networks Basics of Programming and SoftwareTechnology Distributed Systems Python Programming Classes for bachelor and masterstudents as well as non-IT students in particular media informatics and industrialengineers

Research THESEUSTEXO ndash New Technologies for the Internet of Services fundedby the German Ministry of Economics (BMWi) FlexCloud ndash Flexible Service Archi-tectures for Cloud Computing funded by the European Social Fund (ESF) DaaMobndash Service-oriented Platform Concepts for Cross-System Third-Party Applications withMobile Components in the Internet of Things funded by the German Research Council(DFG) Further research on XML Schema Web Service GUIs Cloud Controllers CloudCockpits and Energy Efficiency Stealth Computing

Attendance and involvement with multiple conferences and workshops Publicationsbooks co-authorship more than 50 papers and journal articles technical reports with HPIFuture SOC Lab IEEE and ACM conference chairing

List of Abbreviations

2PC Two-Phase Commit Protocol 26ndash28 35ndash37 40 422PL Two-Phase Lock 37 42

ACID Atomicity Consistency Isolation Durability 26 28 30 35 38 40AEF Advanced Evasion Firewall 247 272AES Advanced Encryption Standard 255 257 258 265 276 277 283API Application Programming Interface 46 69 81

B2B Business-to-Business 23BOINC Berkeley Open Infrastructure for Network Computing 45 47 61 62 66ndash70

C-S Client-Server 13 19 20 22ndash24 43CAD Computer-Aided Design 23 135 177 178CDB Central Database 13 30ndash33CIDN Collaborative Intrusion Detection Network 247 268 271 273ndash276

DB Database 29 30 32 34 38DDB Distributed Database 13 19 30ndash38 42 43DDoS Distributed Denial of Service 2DIDO Distributed Input Distributed Output 211 225 230 241ndash244DNS Domain Name System 15DSL Digital Subscriber Line 2 3

EAI Enterprise Application Integration 81 82 84 98EM Electro-Magnetic 138 139 141 168 174 208ERE Energy Reuse Efficiency 136ESB Enterprise Service Bus 16

xvii

xviii List of Abbreviations

FLOPS Floating-Point Operations Per Second 46ndash50 54 59ndash61 67FUSE File System in Userspace 124

GSM Global System for Mobile Communications 211 212

HPC High-Performance Computing 45 59 66HSDPA High Speed Download Packet Access 211 213 217HTTP Hyper-Text Transport Protocol 80 82ndash84 90HVAC Heating Ventilating and Air Conditioning 8 9

IaaS Infrastructure-as-a-Service 9 77 79 81 85ICMP Internet Control Message Protocol 8 140IDS Intrusion Detection System 247 270 271 273 274 276IETF Internet Engineering Task Force 6IMS IP Multimedia Subsystem 213ndash216 225 241IoS Internet of Services 1 3 4 18 77 79 81 85 113 135 183 184 187 188IoT Internet of Things 1 4 5 9 10 135 159 168 184 185 187ndash194 196 203

207 208IP Internet Protocol 5 8 140 160 178 180 192 213 214 217 225 227 235

244 259 260 264ndash272 276 277 281 283 297IPS Intrusion Prevention System 247 270ndash273 276ISDN Integrated Services Digital Network 1 6

KNX KNX Home and Building Control Standard 7 9 140

LAN Local Area Network 8 19 140 159 174 176 178 195 198 201LEACH Low-Energy Adaptive Clustering Hierarchy 166LON Local Operating Network 7 9 140LTE Long-Term Evolution 211 213 214 223 225 226 237 244

MAC Media Access Control 144 161 163 164 168 170 172ndash174 187 189MCM Majority-Consensus-Method 37MIMO Multiple Input ndash Multiple Output 213 225 234 237 240 241MIPS Million Instructions Per Second 48 49

NAS Network-Attached Storage 113NIST National Institute of Standards and Technology USA 18 79 80 85 114 145NTP Network Time Protocol 15

OFDM Orthogonal Frequency-Division Multiplexing 159 213 239 240OFDMA Orthogonal Frequency Division Multiple Access 239

List of Abbreviations xix

OS Operating System 25 26 190 195 196 198 200 208OSGi Open Services Gateway Initiative 15OSI Open Systems Interconnect 144 145 259 261 272

P2P Peer-to-Peer 13 19ndash23 43PaaS Platform-as-a-Service 9 77 81 85 86 89PCS Primary-Copy-Schema 37PEV Plug-in (Hybrid) Electric Vehicles 138 140 141 149PGP Pretty Good Privacy 247 260 262 276 277 289PLC Power Line Communication 135 148 158 159 189PoE Power over Ethernet 9PUE Power Usage Effectiveness 3 9 136 150 151 153ndash155 157 158

QoE Quality of Experience 85 86QoS Quality of Service 1ndash4 17 77 79 82 85 86 110 113 114 138 154 161

166 197 208

RAIC Redundant Array of Independent Clouds 77 91 111 113 119ndash123 125ndash131RAID Redundant Array of Independent Disks 112 113 119ndash122REST Representational State Transfer 82ndash85 89RFC Requests for Comments 6 213 214RSA Rivest Shamir Adleman Cryptosystem 255 257 258 265 276 282 283

SaaS Software-as-a-Service 9 77 79 81 85 89 92SAN Storage-Area Network 81 112 113SDN Software-Defined Networking 77 92 105ndash110 225 230 232SET Secure Electronic Transaction 279 281 283 284 287 288SIF Stateful Inspection Firewall 247 270ndash272SIP Session Initiation Protocol 213 214SLA Service Level Agreement 2 81 82 85 91SME Small and Medium Enterprise 7 139SMLIF Stateful Multi-Layer Inspection Firewall 247 272 276SMP Symmetric Multi-Processing 60 61SMTP Simple Mail Transmission Protocol 6SNMP Simple Network Management Protocol 8 140 192SOA Service-Oriented Architecture 79 82ndash84 88 89 98 113SOAP Simple Object Access Protocol 83 85 90SQL Structured Query Language 30 35 36 39 40SSL Secure Sockets Layer 264ndash266

xx List of Abbreviations

TLS Transport-Layer Security 247 256 258 260 264 265 267 268 279 281ndash283 287 288 303

UMTS Univeral Mobile Telecommunications System 211 213 214UPnP Universal Plug and Play 15

VM Virtual Machine 85 92ndash95 98 100 105ndash108 114VoIP Voice over IP 214 215VPN Virtual Private Network 247 265ndash268 270 271 281 283 302VTEO Virtual Telecommunication Engineering Offices 77 84 85 88ndash91

W3C World Wide Web Consortium 6WAF Web Application Firewall 247 270 276WAN Wireless Area Network 145 159WiMAX Worldwide Interoperability for Microwave Access 139 149 159ndash161 178

188WLAN Wireless Local Area Network 8 19 140 159 161 171 178 180 187 195

202 211 212 214 224 225 234 240 241 243 244WPAN Wireless Personal Area Network 19 135 158 168WSN Wireless Sensor Networks 139 141 161ndash166 173 174 189

XaaS Everything-as-a-Service 79XMPP Extensible Messaging and Presence Protocol 70 73 74 85

Contents

1 Periodisation of Network Service Development 1References 10

2 Architectural Transformations in Distributed Systems 1321 Software Architectures and Communication Patterns 1322 Distributed Service Systems Clustering Grids and Clouds 1723 Architectures Peer-to-Peer 1924 Performance Optimisation 2325 Distributed Transactions 2626 Distributed Databases 3027 System Examples Google Spanner a Global DDB 3828 Conclusions 43References 44

3 Evolution of Clustering and Parallel Computing 4531 Clustering and Grids Performance Parameters and Basic Models 4832 Performance-Energy-Price Trade-Offs in Clusters and Grids 6233 Resource Management in Clusters 6434 Application Management in Clusters 6535 Application Management in Grids 6636 Distributed Applications 7137 Conclusions 74References 75

4 Cloud Computing Virtualisation Storage and Networking 7741 Clouds Technology Stack Basic Models and Services 7842 Virtualisation of Services and Resources 9243 SDN ndash Software-Defined Networking 10544 Backup Services within Clouds as Advanced Cloud Backup

Technology 110441 Backup as Important Component of Informational Safety 111

xxi

xxii Contents

442 RAIC Storage Service Integration 11745 RAIC Integration for Network Storages on Mobile Devices 125

451 Efficient Access to Storage Services from Mobile Devices 126452 A New Must-Have App RAIC Integrator for Smartphones 128

46 Conclusions 131References 131

5 Smart Grid Internet of Things and Fog Computing 13551 Smart Grid as Integration Technology for the Networks of

Energy Supply and Telecommunication 136511 Services Architectures and Multi-level Models 144512 Smart Grid Enabling Network Technologies 158513 Case Study A CAD Toolset for the Design of

Energy-Efficient Combined Networks 17752 From Internet of Services to Internet of Things Fog Computing 184

521 Enabling Technologies for IoT 188522 Case Studies on IoT with On-Board Micro-controller

Raspberry Pi 194523 The Future Industry 40 Vision 203524 Fog Computing 204


6 Future Mobile Communication From 4G To 5G 5G EnablingTechniques 21161 Conventional Techniques 211

611 LTE Networks 213612 Satellite-Based Radio Systems 215

62 A New Generation of Mobile Communication 222621 Visions and Requirements 224622 5G Inter-Operability 233623 Future Standard IMT 2020 Deployment Scenarios 235624 Resource Allocation Method for Future WLAN 241


7 Security in Distributed Systems 24771 Security and Protection Goals 24872 Protection Techniques 253

721 Checksum and Digest 254722 Encryption 255723 Steganography 258

Contents xxiii

724 Orchestration Parallelisation and Multiplexing 258725 Anonymisation 258726 Trusted Computing and Physical Protection 259

73 Security Layers 259731 Network Encryption IPsec 259732 Transport Encryption TLS 260733 Content Encryption SMIME and PGP 260734 Authorisation Kerberos and OAuth2 261735 Further Secure Services DNS-SEC VPNs and Proxies 261

74 Security Protocols and Network Concepts 26175 Firewalls 26876 Security in Web Applications Legal and Technological Aspects 279

761 Technological Aspects of Data Security GuaranteeingWeb Systems 281

762 Legal Aspects of Data Security Guaranteeing Web Systems 28377 Steganography in Distributed Systems 288

771 Steganography in Development 290772 Steganography Main Concepts 294773 Watermarks and Steganography 298

78 Anonymity and MIX Networks 30179 Conclusions 306References 307

Appendix A Selected Originators and Designers of Distributed Systems 309A1 Edgar Frank ldquoTedrdquo Codd 309A2 Tom De Marco 310A3 Grady Booch 310A4 James Gosling 311A5 Sir Timothy John Berners-Lee 311A6 Tim OlsquoReilly 312A7 Roy Thomas Fielding 313A8 Sergey Brin 313A9 Philip R Zimmermann 314A10 Remembering the Pioneers 314

Appendix B Research Focus 317B1 CANDY Network Planning 317B2 FlexCloud Flexible Architectures for Cloud Computing 319B3 DaaMob Service Platform Data Service Management 319

Appendix C Acronyms for Mobile and Wireless 323

Appendix D Repetition and Control of Learning Progress 327D1 New Generation (Mobile) Networks 327

xxiv Contents

D2 Periodisation of Computer Networks Phases I to IV SmartGrid IoT and Fog Computing 328

D3 Architectural Transformation in Distributed Systems 328D4 Cloud Computing 329D5 Virtualisation Concepts 330D6 Performance Characteristics of Digital Computers

Performance Optimisation in Distributed Systems 331D7 Distributed Computing Parallel Computing and Acceleration Models 331D8 Towards 5G 332D9 Security Aspects in NGN 332D10 PGP and Steganography 334

Appendix E Example of a Written Exam to the Discussed Subjects 337

Index 343

1Periodisation of Network Service Development

Keywords

Networks bull Services bull Quality of Service (QoS) bull Internet of Services (IoS) bullClouds bull Smart grid bull Internet of Things (IoT) bull Fog computing

Information and communication technology is moving fast What are grids for nowadaysIs anybody still using Integrated Services Digital Network (ISDN) connections Willthe lsquodigital fogrsquo be around all of our devices and for how long when on batteries Whatis the cost of safely storing one digital photo taken on the mobile phone for the rest ofour lifetime Readers who have immediate answers to such questions are asked to putthis book aside and spend their time with more pleasure All other readers are howeverinvited to follow us briefly through the history of network services and distributed systemsthrough the past transformations and current trends in order to learn about the rathercomplex landscape of distributed service systems in the future These digital physicaland combined (cyber-physical) systems affect our daily lives as we interact with themthrough screens and devices software applications processes and ambient sensors

Technology development in four phases Network services and distributed systems aretwo pillars of the same trend To make application functionality provided from singlecomputers or millions of connected devices available to billions of people Internet andweb applications including online social networks and digital telephony already todayneed to scale to billions of users which would be impossible on a single machineInstead many computers are clustered and many clusters are geographically dispersedand connected so that users perceive them as single service The perception is trained forhigh performance high reliability high privacy and security low cost low effort and lowenergy consumption among other factors Services not offering all of these benefits will

copy Springer Fachmedien Wiesbaden GmbH 2017A Luntovskyy J Spillner Architectural Transformations in Network Services andDistributed Systems DOI 101007978-3-658-14842-3_1

1

2 1 Periodisation of Network Service Development

have decreasing chances to compete for users and will ultimately fail to be sustainableTrust and reputation would in such cases be hard to recover

It took computer scientists and the IT industry many years to achieve the breakthroughtowards this vision In the course of development of networked applications and servicesincluding telecommunication web and cloud services offered on-demand in any situationfour distinct phases in the technological foundation can be identified

The first phase starting with the roll-out of networks and the Internet (about 1970ndash2000)had the purpose of offering the functionality and of ensuring improvements to the QoSThe QoS considerations were mostly confined to strict technical network characteristicswithout taking end-to-end user experience into account Bandwidth increased and latencydecreased To put the bandwidth development into perspective In 1999 a 56 kbits modemconnected to copper telephony networks was the norm for private users and just about tobe replaced by faster Digital Subscriber Line (DSL) connections with about 768 kbitsdownstream bandwidth Consumers could only rely on such numbers as upper bounds ina best-effort service market and could not easily translate these numbers into applicationbenefits for instance video quality or file transfer performance

In the enterprise market large computing centers were economically effective dueto using broadband Internet connections which enabled the consolidation of a lot ofcompute and storage resources behind a single data pipe They helped also in mitigation ofDistributed Denial of Service (DDoS) attacks due to load distribution between severalservers and links The system reliability was improved due to better availability of spareparts (hard drives power units switches etc) the employment of redundant units whereverpossible and emergency power generators in large centers where they were feasibleSimilarly the application availability and scalability was increased with replicated setupsin high-availabilityfailover and load-balancer setups respectively

Ultimately the phase has been about connecting people to the Internet in other wordsan Internet of People A simple formula characterises the first phase

GoalPhase1 WD MaxQoS (11)

In the second phase of development of Internet services (about 2000ndash2010) theimprovement of QoS was accompanied by explicit cost optimisation among otherreasons due to hardware consolidation and server virtualisation in combination with QoSguarantees codified in a Service Level Agreement (SLA) These mandated a minimumcost by strictly given QoS constraints But also the large size of computing centers still ledindirectly to less cost on the side of customers due to the economy of scale when buyinglarge charges of spare parts and electricity The maintenance cost in the large computingcenters is also less than in smaller ones because the servers are updated centrally withsecurity patches upgrades can be better tested before deploying and the maintenanceactions are mostly the same at homogeneous servers To give an example The e-commerceseller Amazon had a revenue of about seven billion US$ in 2004 The capacity needed tooperate this business at that time is nowadays added daily to their computing infrastructure

1 Periodisation of Network Service Development 3

It is not yet clear how to compare the technical characteristics of data centres but justlooking at their dimensions demonstrates the trend towards consolidation The LakesideTechnology Center in Chicago one of the largest multi-tenant centres has a usable surfaceof more than 100000 m2 across several floors of a historic printing house MicrosoftrsquosDublin data centre is roughly half this size [10] Major service operators have expandedvastly during the second phase and now operate multiple of such large data centres

On the network side in 2009 16 Mbpss ADSL connection were widely availablein many urban areas in developed countries and even 55 Mbpss VDSL2 connectionswere available in selected areas whereas in 2014 vectoring-based VDSL brought upto 100 Mbpss downstream and 40 Mbpss upstream bandwidth to consumers A slow-down in connection speed growth becomes evident Furthermore the promise of manygovernments during this time to achieve 100 broadband coverage had (and still has)not been achieved anywhere Enhancing the role of hosted applications (in so-calledclouds) as integration path and cost reduction driver for applications and computing powercharacterises this second development phase Consequently an Internet of Services (IoS)in particular cloud services characterises the second phase

GoalPhase2 WD MaxQoS^

Cost Constraints (12)

The third phase (after 2010) was triggered by the trend of ldquogreenrdquo IT and increasingenergy demand and prices The computing centers were built more often in colder regionsof the earth More energy-efficient hardware was installed and software was written withenergy efficiency in mind Processors gained dynamic voltage and frequency settingsamong other techniques which helps shrinking the power consumption over all idleperiods The metric Power Usage Effectiveness (PUE) has gained prominence andconsumers are increasingly aware and demanding of sustainable IT The use of mobilephones to host applications and even mobile services strengthens the awareness due tolimited handset battery capacity Smart grids installations are on the rise and lead to greaterenergy autonomy by turning consumers into providers Therefore to characterise the thirdphase in a formula

GoalPhase3 WD MaxPUE^

QoS QoSmin

^Costs Costsmax (13)

As a by-product of the awareness similar to transportation companies which can alsobe viewed as a public utility the first data centre and hosting businesses have announcedto have met a 100 renewable energy goal [3] This has led to a voluntary green energymarket which in the USA alone has around five million customers who have purchaseddirectly or indirectly approximately 74 million MWh of power generated from renewablesources [6] In Switzerland around 10 of all power consumption is linked to the variousforms of IT an equivalent of 400000 cars in terms of fossil fuel and an increasing numberof providers advertise their decision to contract 100 renewables [2]


Fig 11 Periodisation of network service development

Finally the fourth and last phase which has already started but will cause a high impacton computing in the near future needs to be discussed Therefore this book is dedicated tothis phase without dismissing the earlier ones Figure 11 puts all three already identifiedphases with the not yet covered last one into context

The fourth phase the next development vector is about to happen now This phaseis oriented not just at networking services and distributed software applications but to atruly user-focused IoS in many domains It happens across clouds in the frame of the IoTwith many connected small (sometimes wearable) devices cyber-physical systems androbots next-generation mobile networks and ultimately fog and wearable computing Thiscombination expands the always-on always-available pay-as-you-go utility and cloudcomputing paradigm with intelligent network nodes (eg radio network edges smartrouters or even smart watches) and enables via this extension a set of new applicationsand services The features of such an interpretation of fourth-phase computing are asfollows

bull low-latency location-aware energy-efficient use of heterogeneous hardware fromlarge-scale computing centres to tiny nodes

bull very big number of hardware nodes and their mobility based on IPv6 connectivitybull wide geographical distribution of miniaturised hardware self-updating software and

large volumes of databull leading role of wireless access to connect nodes and users even over longer distancesbull service interfaces streaming and real-time applications with guaranteed QoS proper-

ties


Fig 12 Fog computing vision (background photo Claudia Jacquemin JOTT Fotografie Dresdenthe depicted place CADCAM system at BA Dresden ndash University of Cooperative Education)

A wider interpretation of fog computing offers the appropriate platforms for IoT cloudsand the smart grid (Fig 12)

According to Eric Schmidt at that time CEO at Google at the World EconomicForum in Davos Switzerland in 2015 ldquoI will answer very simply that the Internet willdisappear There will be so many Internet Protocol (IP) addresses so many devicessensors things that you are wearing things that you are interacting with that you wonrsquoteven sense it It will be part of your presence all the time Imagine you walk into a roomand the room is dynamic And with your permission and all of that you are interacting withthe things going on in the room A highly personalised highly interactive and very veryinteresting world emergesrdquo [7]

This industrial development is bound to happen as so far the miniaturisation ofhardware is still advancing rapidly On the other hand researchers also look into waysto keep the user in the loop and ultimately also in control something typically neglectedby industrial development Therefore new methods for informational self-determinationand manageability of personal devices and services need to be found A typical exampleis a safe networking kill-switch to prevent any communication from a device something


found only occasionally on devices despite its usefulness along with a definite off-switchBefore going into the details about the future development the same four phases shall beanalysed from a service perspective

Network services in four phases Along with the technical improvements in serversdevices and connectivity the offered services themselves have evolved over time Onedifference when compared to the hardware technology is the fact that new services almostalways complement existing ones instead of replacing them While it would be hardto order an ISDN connection or a Fiber Distributed Data Interface (FDDI) connectionnowadays we still communicate via decades-old e-mail protocols and locate services viaanother decades-old domain naming protocol

In the first phase (1970ndash2000) basic network services and early web applications werecreated Many network services were and indeed still are defined by an internationalcommunity called the Internet Engineering Task Force (IETF) in public and well-editedRequests for Comments (RFC) [9] An example would be an e-mail sending service(Simple Mail Transmission Protocol (SMTP)) first defined in RFC 821 by Jonathan BPostel in 1982 and subsequently updated to RFC 2821 in 2001 and finally RFC 5321 in2008 Other examples include real-time messaging file transfer and authentication Earlyweb applications include e-commerce shops along with search engines and online news-papers for instance bookscom in 1992 yahoocom and spiegelde in 1994 amazoncomand nytimescom in 1995 and googlecom in 19971998 Their growth in popularity wasmainly driven by the first web browsers as client applications including Mosaic (1992)Netscape Navigator Microsoft Internet Explorer and Opera (all around 1994)

The first phase also contained the first monopolisation tendencies Whereas previouslynetwork protocols were defined and then implemented by multiple vendors especiallyweb applications emerged whose interaction was neither well-known nor easily reim-plementable Web pages as interaction part of web applications were standardised byanother entity the World Wide Web Consortium (W3C) but filled with vendor-specificextensions which even today still cause trouble and processing overhead

In the second phase (2000ndash2010) due to faster home connection speeds peer-to-peerfilesharing applications became popular between consumers An early example has beennapstercom which ceased to exist in the year 2000 only to be replaced by open proto-cols including Bittorrent from 2001 on Other peer-to-peer applications quickly gainedpopularity including video conferences and in the year 2009 the cryptocurrency BitcoinInterestingly some applications such as permanent file storage have mostly remained withcentralised data centres despite peer-to-peer applications being available [1]

Web applications were further growing by faster and more powerful web browserswhich emerged after a perceived innovation poise The browsers were Apple Safari (2002)Mozilla Firefox (2004) and Google Chrome (2008) which turned increasingly into aplatform with all of the associated lock-in and vulnerability issues

In the third phase (since 2010) commercial global-scale services have been competingfor marketshare Online social networking services like facebookcom and twittercom


Fig 13 Scheme of services and supporting hardware technology for a single distributed application

claim hundreds of millions of active users which are handled by a global network ofdistributed data centres Millions of devices and sensors are connected to enable moreservices And computing infrastructure services with compute storage and networkingservices have emerged in multiple forms and concentrate applications and services inshared data centres During this time consumers have become increasingly aware of whereservices are hosted and how they are delivered In particular privacy issues have emergedand are not solved yet [5] Figure 13 contains a scheme of todayrsquos distributed networksand services and how consumers interact through and with them

Now we can only speculate which novel services will be enabled by the current waveof technological development This will depend in large part on the knowledge skills andfacilities to enact new services by individual developers and businesses The followingthree fictive scenarios illustrate the hypothesis about the advancement of technologicaltrends in the fourth phase of the chosen periodisation They will be picked up in the nextchapters and illustrated with concrete examples

Scenario 1 Smart grid in an SME What will be a middle-class network connectionfor an Small and Medium Enterprise (SME) in 2020 Only one cable or wirelesslink will provide the utility services such as electricity telephony Internet digital high-definition television and cloud services Room heating will be realised via derivation andrecycling of redundant energy from multiple (virtual) servers The wired and wirelessautomation of local-area as well as piconets like Local Operating Network (LON)KNX Home and Building Control Standard (KNX) ZigBee EnOcean will be used to


serve and control the in-door climate Management of such integrated networks can beperformed through Ethernet Local Area Network (LAN)Wireless Local Area Network(WLAN) links as well as convenient protocols like IP Internet Control Message Protocol(ICMP) Simple Network Management Protocol (SNMP) The program supportconfiguration and tuning of the intelligent network is realised with the use of mobiledevices (smartphones and tablets) mobile applications and through offered web servicesrunning in a cloud environment This leads to a smart environment in which all companydevice capabilities are used in combination to their full extent to ensure autarky with highsecurity and privacy but still on-demand scalability beyond the companyrsquos realm and highenergy efficiency with inclusion of all local energy sources and joint brokering of powerand computing supplies We name the outcome of this scenario a smart grid environment

Scenario 2 Energy recycling in data centers Due to use of todayrsquos powerful high-end servers within the contemporary data centers with the installed broadband opticallinks (eg Fibre Channel) a significant amount of heat stands out as a harmful by-product Some companies occupy themselves already with the mentioned problem andare developing their own solutions for the disposal of heat excesses for domestic heatingand air-conditioning facilities the so-called HVAC Among them are hybrid cloud andheat product providers [8] These companies have a portfolio of several correspondingproducts and solutions (Fig 14) inter alia there are cloud infrastructure and platform

Fig 14 Hybrid cloudheat providers combination of smart grid clouds and HVAC


services and heat products representing an own smart grid with inter-connected servicesThe clients use the in-door located services of virtual computing centers standardisedcloud services like Infrastructure-as-a-Service (IaaS) Software-as-a-Service (SaaS)and Platform-as-a-Service (PaaS) Among them there are popular applications causinga significant amount of heat from computing services powered by cloud stacks virtualisedoperating systems and add-on services like databases and cron jobs Redundant heat as aldquoby-product of processingrdquo is withdrawn via servers in 1900-racks in the energy storagewhich provides circulation of hot water in the pipes within a building and heating ofpotable water The central system for HVAC facilities is supported via use of Power overEthernet (PoE) as well as wired and wireless automation local-area and piconets likeLON KNX ZigBee EnOcean The mentioned technical solution provides a lower PUEvalue down to 105 or correspondingly an efficiency 1PUE up to 95 compared withthe conventional gridcloud-solutions where it is necessary to remove the excess heat asby-product to install more air-conditioning devices and provide them with power supply

Similarly a growing number of data centres world-wide are inter-connected withmunicipal utility providers to funnel their excess heat into pipes which lead to centralheating systems of housing areas Interesting installations exist in Helsinki Finland whereservers located beneath the Uspenski cathedral in the AcademicaTelecity Group servercentre heat 500 homes as by-product More servers located in a shielded building insideanother building a former electricity station now hosting the Suvilahti data centre evenoffer heat and warm water for 4500 households

Scenario 3 Low-cost and energy-efficient on-board microcontrollers for pico-services But none of the above-mentioned computing systems is energy-efficient enoughto meet the ambitious goals set by environmentalists and to some degree even politicalagendas Switzerland for instance is committed to reduce the emissions in 2030 to just50 of those in 1990 Germany intends to reduce emissions until 2020 to 60 Theelectricity consumption in data centres is in the MWh area and even for tiny computationsa power-hungry large machinery of hardware and support processes is needed Energy-efficient solutions can be provided via small low-cost and low-energy on-board processorson which pico-services such as lambda services are executed on demand The electricityconsumption gets reduced to the kWh area or even less Low-energy home intelligentnodes (3ndash10 W) for private cloud solutions file servers web servers multimedia homecentres etc can be placed on the low-cost energy-efficient on-board microcontrollerslike Arduino Raspberry Pi or Intel Edison as a trade-off solution They offer a cheapalternative and symbolise a step-by-step shift to the IoT But in order to maximise theirpotential an appropriate service and application platform will be needed

An appropriate solution will be the Raspberry Pi on-board-microcontroller (firstdeployed in 2011 in Cambridge UK) with only credit card dimensions in a pod likea matchbox and with the following characteristics [4] A 700 MHz processor a modestamount of main memory up to 1 GB external storage on an SD card an Ethernet connec-tion or a wireless link through a USB dongle and around 35ndash5 W power consumption


Naturally there are a lot of scenarios on economical network nodes For instance fora so-called Multimedia Home Centre with the following characteristics a cheap and low-energy Raspberry Pi can be typically used

bull SD-Card as a hard drive with 32 GByte capacity and Raspbian loaded as operatingsystem

bull Multimedia environment XBMC Media Centerbull Multiple audio and video formats (codecs) as well as low power

The newest Raspberry Pi 2 Model B acts as a mini-PC with 6 times the CPUperformance due to a tact frequency of 900 MHz and a quad-core architecture beingoriented to the Windows Developer Program for IoT But even more energy-efficientboards are upcoming including the Genuino with the Intel Curie chip and the Pine A64which even runs on a 37 V Lithium battery

How to read on This was a quick chapter The next ones will have more depth asthey convey the actual knowledge about the mentioned areas In the second chapter thedevelopment of network systems will be summarised and presented with historical andcontemporary systems In the third chapter clusters and parallel computing will be focusedon Virtualised systems and clouds will follow in the fourth chapter Chapter number fivewill step into the physical world and contains information about smart grids smart thingsand smart fog While the sixth chapter will present mobile communication trends the finalseventh chapter talks about security aspects in a broad meaning With such a spectrum oftopics the reader should then be able to understand both old and new large-scale systems

References

1 Bence Bakondi Peacuteter Burcsi Peacuteter Gyoumlrgyi Daacutevid Herskovics Peacuteter Ligeti Laacuteszloacute MeacuteraiDaacuteniel A Nagy and Viktoacuteria Villaacutenyi A P2P Based Storage System with Reputation Pointsand Simulation Results In Central European Conference on Cryptology (CECC) BudapestHungary May 2014

2 Markus Bloesch netrics uumlbernimmt Umweltverantwortung Cloud Computing und Hosting ausDatacenter mit Oumlkostrom aus dem Wasserkraftwerk Hagneck online httpswwwnetricsch20151203cloud-computing-hosting-mit-oekostrom 2015

3 Alisa Davis Equinix Goes 100 Renewable with 225-MW Wind Energy Purchase onlinehttpapps3eereenergygovgreenpowernewsnews_templateshtmlid=2082 2015

4 Raspberry Pi Foundation Raspberry Pi Hardware online httpswwwraspberrypiorgdocumentationhardwareraspberrypiREADMEmd 2015

5 Thomas Loruenser Charles Bastos Rodriguez Denise Demirel Simone Fischer-HuebnerThomas Gross Thomas Langer Mathieu des Noes Henrich C Poehls Boris Rozenberg andDaniel Slamanig Towards a New Paradigm for Privacy and Security in Cloud Services 2015

6 Eric OrsquoShaughnessy Jenny Heeter Chang Liu and Erin Nobler Status and Trends in the USVoluntary Green Power Market Technical Report NRELTP-6A20-65252 National RenewableEnergy Laboratory 2015

References 11

7 Eric Schmidt The Internet Will Disappear World Economic Forum via CNBC TechBet onlinevideo httpswwwyoutubecomwatchv=Tf49T45GNd0 2015

8 Rene Marcel Schretzmann Jens Struckmeier and Christof Fetzer CloudampHeat Technologiesonline httpswwwcloudandheatcom 20112014

9 Internet Society RFC Editor online httpwwwrfc-editororg 199810 Yevgeniy Sverdlik and Karen Riccio Special Report The Worldrsquos Largest Data Centers online

httpwwwdatacenterknowledgecomspecial-report-the-worlds-largest-data-centers 2010

2Architectural Transformations inDistributed Systems

Keywords

Client-Server (C-S) bull Peer-to-Peer (P2P) bull Central Database (CDB) vs Dis-tributed Database (DDB) bull Transactions

The timeline given in the first chapter embodies the perspective of humans using andbenefiting from services In this chapter we now dive under the hood of this developmentand take a look at the service software implementations with a special focus on basicprinciples of complex distributed services which fulfil the requirements for modern cloudand fog applications Over the last two decades we have been able to observe significantarchitectural changes in distributed systems and networking applications which will bereflected in the text There are also mostly orthogonal shifts towards higher reliabilityefficiency scalability and information security as well as other benefitial non-functionalcharacteristics The chapter covers general software and system architectures discussescluster and cloud systems as well as peer-to-peer topologies along with concrete systemexamples and highlights the topics of performance optimisation and transactions as wellas distributed databases

21 Software Architectures and Communication Patterns

Among the most well-known conventional service architectures for software applicationsare the client-server model and the n-tier model In the client-server model a clientconnects to a server to exchange messages with it in order to achieve a certain goal Inthe n-tier model multiple client-server connections exist in a chain Let us consider anintegrated example


13

14 2 Architectural Transformations in Distributed Systems

Fig 21 Example system e-commerce (Source [5])

Example 21 A distributed software application for e-commerce has frequently a rathercomplex hierarchical structure called n-tier which is created with the aim of performanceoptimisation and includes programmatic interfaces linked with network protocols Anexample of a system for e-commerce is depicted in Fig 21 The application 1 for apurchaser (client) interacts with the virtual shop ie application 2 (online shop) via aweb server with the attached application server which provides data preprocessing forpurchase orders The application server for the purchase order preprocessing is connectedto the next two application servers One of them is aimed at store management withmaintainance of store tables the other one at administration of customer data Theapplication 3 supports the communication of the online shop with the suppliers via adedicated communication channel which is connected to an application server as well asthe supplier database Communication between the applications 2 and 3 ie online shop-to-suppliers is performed with use of a corresponding channel provided by the platformThus we see the advancement of typical application architectures to distributed systemswith client-server and n-tier architectures [5 7 8]

As it was shown in [5 8] multi-tier architectures nowadays are widely deployed indistributed applications

bull 3-tier structure is more complex leading to higher scalability preferred for complexapplications

bull 2-tier two-tier structure (user interface and host) is simpler but less flexible (Fig 22)

21 Software Architectures and Communication Patterns 15

Fig 22 Architectures client-server n-tier [8]

Software services Applications or software components which offer service interfacesbeyond their own scope are called software services A typical three-way distinction helpsin distinguishing between services The first kind of service interaction happens betweenlocal service interfaces within a programming language and a corresponding runtimeframework (eg Open Services Gateway Initiative (OSGi) services for Java and othercomponent frameworks) The second kind happens over uniform service interfaces acrossprogramming languages with network transparency (eg web services in service-orientedarchitectures) The third kind happens over non-uniform protocols without obvious siblingor parent protocols and with certain requirements on the topology or infrastructure (egDomain Name System (DNS) Network Time Protocol (NTP) Universal Plug andPlay (UPnP))

Service-oriented architectures have become increasingly popular due to their character-istics They offer a uniform and well-defined interface with the description uniformlycaptured in a machine-processable service description document and accept uniformprotocols with service-specific content Therefore many n-tier applications are nowadaysimplemented within service-oriented systems More recently service designers use thenotion of stateless micro-services which can be replicated easily with coordination througha group communication system What is common to all service-oriented architectures isthe strong reliance on a directory of services called registry through which new servicescan be discovered Sometimes a service broker is available on top of the registry so thatbrokering auctioning and negotiation between service providers and consumers can be


automated in a marketplace style This functionality is important when considering theuser-defined selection of power and computing services covered in the previous chapter

Remote methods and message exchange The interaction between clients and servicesoften follows the request-reply pattern where the client sends a request message blocksto wait for an answer and receives a response message This message exchange styleis similar to local method invocations in programming languages and is therefore alsoknown as remote method invocation Related to this are remote method calls withoutresponse message Complementary to service-oriented architectures there are message-oriented architectures in which software components subscribe to messages of a certaintype arriving from a source to a specific destination or as broadcast message to anydestination In such architectures messages are supposed to traverse message brokerswhich apply filters and transformations An Enterprise Service Bus (ESB) is such abroker which combines service-oriented and message-oriented architectures and facilitatesthe connection of any client to any service with message format adapters

Figure 23 shows a combined service-orientedmessage-oriented architecture Such anabstract architecture will be the basis of many of the systems presented in this chapterwith customisations and refinements whenever necessary

Fig 23 Architectures service-oriented and message-oriented

22 Distributed Service Systems Clustering Grids and Clouds 17

22 Distributed Service Systems Clustering Grids and Clouds

Clusters Significant new features are provided via the clustering architecture in whicheach service is made available in multiple instances (Fig 24) Let us compare it withthe representations which are considered in Figs 21 and 22 The clustering architectureenables the optimisation of the Quality of Service (QoS) for a distributed applicationcaused via functionality replication between multiple servers The functionality forprocessing (application logics) as well as for data persistence is provided via multipleservers simultaneously or parallelised Aimed at replication a preliminary analysis of dataconsistency is required The replication of the functionality optimises the following clus-tering features load distribution fault tolerance behaviour and parallelism in processing(refer to Fig 24)

Server replication in the cluster architecture is characterised via significant gain inthe processing time as pro-argument but also via increasing complexity as con-argumentdue to the conflict management and synchronisation necessity [7] Qualitatively otheropportunities are established by modern architectures of distributed applications forexample applications hosted online or in the clouds (Fig 25)

Fig 24 MPI ndash Message Passing Interface RAID ndash Redundant Array of Independent Disks SANndash Storage Area Network NAS ndash Network Attached Storage Architectures clustering [3 5 8]


Fig 25 Architectures IoS grids and clouds

Clouds The clouds as architectural type provide the deployment and use of ldquocomputingpowerrdquo in a similar manner as by delivering of water or electric current in modern supplynetworks (in so-called ldquoutility gridsrdquo) transparent operation in a ldquocloudrdquo is enabled andpossible The important advantages of the architecture are as follows

bull Sometime the organisations possess insufficient resources for data backup and compu-tational intensive problems then infrastructure outsourcing

bull Aggregation of computing resources of multiple organisations done by the reliable andfavorable providers

bull Companies and authorities obtain a so-called ldquoon-demandrdquo resource access as an idealsolution for fluctuating needs

bull The savings in processing time and hardware costs outweigh the definitely noticeablegrowth in the coordination and synchronisation complexity

The disadvantages are as follows Cloud computing fosters heterogeneity vendor lock-in through attraction by vendor-specific cloud services as well as an unclearness ofdata security protection aspects when the data processing crosses organisational or evenjuridical boundaries

There is no single definition of what a cloud system is A commonly used definitionis given by National Institute of Standards and Technology USA (NIST) 2011 ldquoCloudComputing is a model for enabling ubiquitous convenient on-demand network access

23 Architectures Peer-to-Peer 19

to a shared pool of configurable computing resources (eg networks servers storageapplications and services) that can be rapidly provisioned and released with minimalmanagement effort or service provider interaction This cloud model is composed of fiveessential characteristics three service models and four deployment modelsrdquo [4]

There are scientific community and voluntary cloud systems accessible to everybodyat no or low cost but also no strict service-level guarantees Examples include Guifi andOwncloud instances On the other hand there are commercial cloud providers who offerrapid provisioning and elasticity of resources at large scale Examples include AmazonEC2 IBM Softlayer and Bluemix T-Systems Enterprise Cloud and the Google CloudPlatform

Grids One of the most important parts of cloud technology are the grids The termldquoGRID (Global Resource Information Database)rdquo was founded in 1985 as part of a UNOprogram for environmental protection on the other hand ldquoGRID=SUPPLY NETWORKrdquoIn this way grid is the traditional technology in comparison to clouds Grid Computingis a form of distributed computing in which a ldquovirtual supercomputerrdquo from a cluster ofloosely coupled computers is generated The grids were developed with the aim to solvethe computational-intensive scientific and in particular logical-mathematical problemsThe following types of grids are distinguished regularily [5]

bull Computer grid a combination of computing power and allows the access to distributedresources

bull Data grid enables sharing of data contained in the requests of one or more DDBbull Service grid represents diversity of components all of them belong to different

resource providers and are provided as a utilitybull Application grid provides improved load balancing and utilisation of grid provider as

well as wide spectrum of functions via a cross-organisational sharing of resourcesbull Resource grid has to be defined via a rolesrsquo model deployment ie the roles

between grid users -providers and the resource providers which have to be clearlydifferentiated [1]

A basic understanding of clusters grids and clouds should now be achieved The twoformer system types will be elaborated on in much greater detail in the next chapter andthe latter one in the subsequent one

23 Architectures Peer-to-Peer

In the contemporary fixed-mobile converged networks with almost-always-on connectivityover Local Area Network (LAN) Wireless Local Area Network (WLAN) as well asWireless Personal Area Network (WPAN) routes the role of peer-to-peer architecture


Fig 26 Examples of peer-to-peer systems

with equal partners (P2P) has been significantly increased Let us compare the architecturewith the already presented one titled ldquoclient-serverrdquo (C-S) P2P offers

bull Direct communication between the equal partners ie the peersbull Practically no centralisation within the server part only as an option in the combined

(hierarchical) structures involving peers + C-Sbull The peers are simultaneously the service providers as well the users or consumers of

the servicebull A distributed discovery mechanism for service providers as peers is required

As it is depicted in the representation (Fig 26) the peer-to-peer model (P2P) enhancesthe client-server model (C-S) towards a multi-participant fully-connected bi-directionalone In the C-S model a server provides a service and a client uses this service In P2Pnetworks this role for distribution is without meaning Each participant is a peer becausethey can use a service as well as offer the service by themselves The basic requirementto the architectures with equal partners providing P2P communication is the creation of aspecial mechanism to search for service provider peers The following types A B C andD of the P2P-systems are distinguished [6]

bull Type A called centralised P2P model which uses the server core for co-ordination andsearch Example Napster

bull Type B called pure P2P model provides no centralised co-ordination ExampleGnutella

bull Type C called hybrid P2P model The dynamic centre contains the entities some peersact but as the coordinators The examples are Gnutella2 BitTorrent Skype


bull Type D called distributed P2P model with the DHT Distributed Hash Table Thetable manages the access IDs ie the keys are placed on a carouselcircle The modeluses overlapping of fixed connections (Fixed Connection Overlay) The system issimilar to the well-known routing protocols for distributed (RIP) or hierarchical routing(OSPF+BGP) The examples are as follows Chord CAN Pastry Tapestry

Figure 27 contains a visual representation of all four types of P2P systemsThere is a trade-off in enabling a P2P architecture for a distributed application On the

one hand it puts an obligation on all participants to offer a share of their resources to otherparticipants as only through a fair distribution such a network will work well As withall service interfaces open to the world over a network there is a risk of being attackedthrough the interface On the other hand once a sudden allocation of resources is neededthe scalability of such a network especially on a global level with high availability andresilience is very high and cannot easily be reached with other architectures Thereforeespecially for applications which involve humans including all personal communicationpersonal information management and personal cloud activities P2P architectures areeffective

Example 22 Modern mobile client platforms provide many attractive mobile applica-tions and transmission services in addition to the standard voice SMS MMS and E-mailA number of these services include for example the popular Google Suggest GoogleTranslate Google Maps cloud services Amazon AWSEC2 social networks Facebook

Fig 27 Types of P2P architectures [5 8]


Fig 28 Skype network structures and diverse clients

Twitter Xing video hosting service YouTube as well as multiple VoIP services like Skypeand Viber The designated service Skype is now a leader by a wide margin among the manyVoIP services The service is generally available for free and supports the following built-in services VoIP televideoconferencing instant messaging transfer of files images andscreenshots Surely Skype is the worthy rival to many VoIP services with use of commonprotocols like SIPRTP and SIPUDP But a lot of them are only available with costlycommercial plans In contrast Skype is aimed at the private sector and offers the followingfeatures (Fig 28)

bull wide availability despite of proprietary (not published) protocol (cp SIPRTP)bull optimised hybrid architecture P2P + C-S with central servers core run by Skypersquos parent

company Microsoftbull data compression and proven security via AES with 256-bit key RSA with 2048-bit

key as well as X509 PKIbull IPv6 as well as IPv4-based and transparent for NAT therefore suitable for home usersbull data compression with the codecs SVOPC (16 kHz) AMR-WB (16 kHz) G729 (8

kHz) G711 since 2009 an own audio codec SILK is usedbull compatibility to conventional telephony gateways to conventional telephone networks

(PSTN ISDN GSM)bull integration with SIP-based VoIP

24 Performance Optimisation 23

Herewith a short but worthy history of Skype service The Skype core software wasdeveloped by Ahti Heinla Priit Kasesalu and Jaan Tallinn (Estonia 2003) The companyfounded by Niklas Zennstroumlm and Janus Friis in 2003 in Luxembourg but since 2005 wasowned by eBay and in 2011 was transferred to Microsoft

The following archictectural transformations are to be watched via its history Theoriginal Skype network (2003ndash2010) was characterised via primary P2P organisation likea lot of multimedia sharing systems with so called nodes and super-nodes The systemoffered voluntary reallocation on own private computers but suffered due to very busy(overloaded) super-nodes The private client machines required especially IP without NATwith direct addresses As an upshot increasing criticism from private users as well asnumerous failures due to overloading of peers were noted After the takeover by Microsoft(2011) the following architectural changes were applied

bull cleaned structures steady Skype network restructuration since 2012bull Skype network was transferred from the client computers to its own Linux servers (ie

partially from P2P to C-S)bull currently P2P with a centralised C-S constructionbull server clusters are placed at secure data centers (PaaS delivered through clouds)bull enhanced security of Skype servers is guaranteedbull software development under Skype is available Skype API allows use of the Skype

network for delivery of messages and call management

24 Performance Optimisation

Methods for performance optimisation As you have seen from the introductionmodern distributed network systems are used in the areas of Business-to-Business(B2B) Computer-Aided Design (CAD) Grids and Cloud Computing They aredeveloped to solve complex mathematical tasks actual problems of modern pharmacologyto simulate physical phenomena and in genetics to administrate and manage task supportThese systems process and transmit via networks significant amounts of structureddocuments and multimedia data which for extreme volumes has recently gained the termBig Data In general the following performance optimisation methods [56] can be appliedwithin the classical C-S as well as new architectures of distributed systems like clusters andclouds (Fig 29)

bull Cachingbull Replicationbull Parallelisation


Fig 29 Performance optimisation [5]

Frequently used addresses and names should be cached Caching can be deployed onthe site of the server as well on the site of the client or is present within the networkinfrastructure typically outside of the scope of application deployment The client-sidecaching is often very efficient Another method is the data and services redundancy viareplication Server replication can be efficiently used for load balancing in highly-availablemulti-server systems as well as to provide a certain level of fault tolerance through failovermechanisms Parallel processing within a server application follows frequently under useof multiple execution processes or threads Process parallelisation and multi-threadingmode provide significant performance increase All three methods are quite generic andcan be found in most scalable applications to overcome performance bottlenecks

The following empiric rules are known which are required when optimising perfor-mance in distributed systems particularly in systems of the type C-S [5]

bull The CPU speed is often more important than the network performance and can becomea bottle-neck

bull Reducing delays in processing of application protocols (software overhead) throughaggregation packets has a measurable effect

bull Minimising context changes between the processes (in multi-threading) makes applica-tions faster


bull Minimising the backup and copy processes within the system for example due to useof shared memory devices

bull The important requirements to increase the data rate are not so critical as delay eveninsignificant

bull System overload is easier to prevent than to overcomebull Preventing timeouts and pauses within the system reduces unnecessary slowdowns

Threads A thread is a so called ldquolight-weightrdquo independent subprocess running inparallel to other (sub)processes which can be considered as a part of a complexapplication The thread is operated without or with minimal context sharing to other (sub-)processes and threads but with its own program counter and existing stack (Fig 210)

Typically the application processes that are performed in a certain Operating System(OS) (as programming environment) are ldquoheavy-weightrdquo due to the large amount of thecontext (process parameters) to be transferred

A well-known example for such ldquoheavy-weightrdquo processes are the ones that areperformed in the operating system UNIX and derived systems such as Linux as usedin GNULinux and Android among others BSD and Darwin the kernel of Mac OS X Toprovide some additional flexibility and parallelism within them each complex process isdivided into so-called ldquolight-weightrdquo sub-processes that are specifically called threads Athread is de-facto a bearer of certain activity within an OS or programming environment

Fig 210 Px or P123 ndash complex processes or applications Txy ndash thread a ldquolight-weightrdquoparallelised sub-process without dependencies but with own program counter and stack Anapplication as a combined process Px with several threads Txy


This action is performed via a set of consecutive operations and is characterisedby a minimal context consisting of only stack and registers In practice most of thecomplex applications and system processes are suitable for implementation in the formof parallelised threads Each of these flexibly distributed ldquoheavy-weightrdquo processes has atleast one initial thread as ldquolight-weightrdquo sub-process All such threads which are merely apart of some greater processes are used within the same common address space as otherresources of the complex process

Example 23 There is the following simple example With the mentioned methods a wordprocessor application (eg MS Word) can be divided onto several parallel threads whichcarry out over one and the same data (text) within a file a set of various operations forinstance (1) text splitting (2) text formatting and (3) spell checking

Example 24 In addition the applications that performs a large number of independentasynchronous requests (ie database applications server-side web applications) alloweffective implementation with deployment via several parallel threads as multithreadedappplications Generally there are the following two types of threads

1 The user-level threads which are realised from the scope of view of an applicationprocess via a programmer

2 The kernel-level threads or kernel threads which are used for representation ofan OS for example MS Windows and its programming environment with the aim toperform them at a certain processor

25 Distributed Transactions

Using transactions several actions can be combined with the aim to form an indivisibleexecution unit T

T D A1 A2 A3 (21)

These can be also called atomic (trans-)actions ie with use of the slogan ldquocompleteor nothingrdquo An example of a transaction monitor is given in Fig 211 The monitorcoordinates the booking workflow between C and S1 S2 The finalising phase is veryimportant and has to be involved with the aim to support the consistency of data

The 2PC protocol must be used to ensure consistency in this way ldquoCommitrdquo inthis context means consensus agreed to meet requirements or to depute The diagramdepicts a successfully executed transaction with a reliable storage device which guaranteespersistency such as a disk external storage medium or reliable storage service (Fig 212)

Beyond consistency and persistency the transactions have to satisfy the so-calledAtomicity Consistency Isolation Durability (ACID) criteria The deployment of the

25 Distributed Transactions 27

Fig 211 Transaction monitor

Fig 212 Sequence diagram for the 2PC protocol


Fig 213 Distributed transactions deployment of 2PC [5]

distributed transactions is also based on considering common methods for performanceoptimisation These criteria called ACID describe the desirable properties of all types ofthe transactions The transactions have to ensure the ACID criteria

bull Atomicity Either full execution or completely without effectbull Consistency Transformation only between consistent statesbull Isolation No overlap of parallel transaction executionsbull Durability Survival of system failures

An example of the use of 2PC is depicted in Fig 213 The example illustrates providingatomic actions under the slogan ldquocomplete or nothingrdquo The appropriate realisation with2PC ensures atomicity as one of the ACID criteria The user has to be provided via a travelagency two flights (eg with Lufthansa and United) as well as with a rented car at thedestination site If the booking is impossible the consistent rollback cancels all actionswithout financial disadvantages for the user or the agent

The protocol uses the following messages C-Refuse from the participants if one ormore rejections then send C-Rollback if necessary then repeat The realisation can bedone via ODBC or JDBC (ObjectJava Database Connectivity) when run in a databasecontext Performance increases are available with the deployment of parallel transactionsobeying to the isolation criteria

bull Optimisation by redundant reservation of server processes (separate servers)bull Parallel execution via multi-threading


bull Replication of servers (replication)bull Heuristic load balancing and reliability

The appropriate example is depicted below (Fig 214) In the offered parallel transactioninstead of one three servers and a replicated DB are used

Figure 215 depicts a nested transaction in a travel booking scenario It starts witha successful booking of an appropriate room but then mandates a rebooking activity of

Fig 214 Parallel transaction instead of one three servers and a replicated DB are used [5]

Fig 215 MSP ndash main synchronisation point coordinated by careful Commit AffSP ndash affiliatedsynchronisation point the action Activity allows partial rollback FSP ndash final synchronisation pointterminates the instances Nested transaction involving multiple independent partners in a travelscenario


two necessary flights to Incheon International Airport in Seoul from Dresden (DRS) viaFrankfurt-am-Main (FRA) airport or Munich (MUC) airport due to no longer availableseats Due to a changed meeting request the travel is finally substituted via another tripfrom Dresden central station to Zurich with the night train (CNL) with a successful finali-sation (FSP final synchronisation point) the instances are terminated To ensure the ACIDcriteria within the nested transaction the MSP (main primary synchronisation point)coordinated by careful commit as well as AffSP (affiliated secondary synchronisationpoint) are used The action Activity allows a partial rollback

Thus depending on the application scenario and requirements transactions may bedistributed parallel and nested

26 Distributed Databases

Motivation for DDB The deployment of the distributed DB takes into account the abovementioned common methods for performance optimisation Let us give the definition ofa DDB We consider it in contrast to the centralised DB (CDB) A distributed database(DDB) possesses the following features (Fig 216)

1 DDB forms a logical unit2 DDB is physically stored on separately located computers (homogeneous or heteroge-

neous)3 DDB requires a communication network4 DDB has no shared memory5 DDB appears to users and applications as a CDB

But it is important to note that not each distributed system needs a DDB A central (globalDB) can be also used as an efficient solution for instance in an n-tier-architecture Ineach case it has to be individually decided which type of DB is the most appropriatewhile taking into account the performance optimisation methods There are the followingarguments for comparison of both kinds (CDB vs DDB) Which arguments are thesatisfying motivations for distributed databases which advantages are available

bull higher performance and faster accessbull higher availabilitybull more security in the sense of confidentialitybull reduced communication costsbull faster query processing in the Structured Query Language (SQL)bull increased extensibility and scalabilitybull adaptive scalability by fluctuations within the user number node quantity quantity of

the records of rows within the DDB number of the queries to process etc is offered

26 Distributed Databases 31

Fig 216 Decision making CDB vs DDB

To the disadvantages list of DDB the following restrictions can be assigned as follows

bull increasing complexity of the systembull overhead by commit operationsbull data integrity problemsbull increased memory requirements

Up-to-date solutions for databases nowadays generally possess the 3-tier-architecture TheCDB consists of

bull internal schema (logical layer) which determines the physical structure of the data onthe disks

bull external views which define the data visualisationbull conceptual layer as an interface between internal and external (Fig 217)

Decomposition methods A characteristic unique to DDB is that specifically the concep-tual scheme is divided into a global and many local schemes (Fig 218) With the goal ofdecomposition of the conceptual scheme of a DDB into many local schemes the followingmethods are available replication or fragmentation as follows

bull by replications (full copies regular backup)


Fig 217 Classical DB three layers

bull horizontal (line-wise) decomposition (fragmentation by tuples)bull vertical (column-wise) decomposition (fragmentation by attribute subsets)

Generally the description of the mentioned access levels to the DDB via the followingspecial languages can be used

bull DDL ndash Data Definition Languagebull DML ndash Data Management Languagebull QL ndash Query Languagebull DSDL ndash Data Storage Definition Language

DDB fragmentation Fragmentation of DDB within distributed applications can offer thefollowing advantages

bull efficiency data are located where they are really neededbull local optimisationbull increased availability and security better DB view demarcationbull no data losses simple recovery of DDB is available via ldquounionsrdquo and ldquojoinsrdquo from E

Codd


Fig 218 Layered architecture within DDB

As disadvantage acts the risk of inconsistency by access runtimesAn example of the DB fragmentation is given in Fig 219 The relation table titled

ldquoEmployees by departmentsrdquo is a CDB which is situated locally (referring to (a)) Withthe aim of performance optimisation this CDB is decomposed via a fragmentation methodRefer to the cases (b) and (c) for horizontal and vertical decomposition correspondently

bull Horizontal (line-wise) decomposition with use of fragmentation by tuplesbull Vertical (column-wise) decomposition with use of fragmentation by attribute subsets

Replication of DDB The advantages of DDB replication are as follows

bull increased availabilitybull reliability easier backupbull increased access performance

A resulting problem is that replicas may be out of date when they are accessed while themaster data has just been modified Furthermore more problems occur when attempting tosynchronise the data when changes may occur not just in one master node but in multiple


Fig

21

9(a

)R

elat

ions

tabl

eldquoe

mpl

oyee

sby

depa

rtm

ents

rdquo(l

ocal

DB

)(b

)H

oriz

onta

l(lin

e-w

ise)

deco

mpo

sitio

n(f

ragm

enta

tion

bytu

ples

)(c

)Ve

rtic

al(c

olum

n-w

ise)

deco

mpo

sitio

n(f

ragm

enta

tion

byat

trib

ute

subs

ets)

DD

Bde

com

posi

tion

via

frag

men

tatio

n


nodes concurrently This multi-master replication compared to master-slave is howevermuch more scalable for write operations while the scalability for read operations remainsunchanged

Therefore when planning the deployment of a distributed database the followingreplication-related questions need to be answered carefully

bull How many copies are required in order to achieve either a high scalability or a highavailability

bull Where do the copies have to be storedbull What will be the dominant access pattern read or write access

Efficient updates in DDB are possible

bull Requirementndash replication of DDBndash full copiesndash regular (automated) backup

bull UPDATE mechanismsndash Primary copy-scheme (asynchronous method)ndash Majority consensus scheme (synchronous method)ndash locking tablesndash logic time stamps

bull Requests and concurrencyparallelismndash local and global transactionsndash requests in standardised SQL dialectndash actual data structure for users or applications is unknown or not definedndash communication overhead times are significantly higher in comparison with comput-

ing timebull As a solution

ndash local pre-processing (so much as possible)ndash exchange with partial results (so called ldquosemijoinsrdquo)ndash ACID and 2PC-protocol

bull Steps

1 decomposition of the requests into simple partial requests2 locating the required data decision which copy is used transforming into the partial

requests depending on a network node3 optimisation of the global request (order processing)

A 2PC example for DDB is given in Fig 220 The example is about the coordinationbetween the parts in four geographically separated cities eg Berlin (DDB0) Dresden


Fig 220 2PC example for DDB

Cologne and Hamburg (DDB123) For the consistency of SQL requests from thecoordinator or the main part DDB0 the messages Commit 123 or Rollback 123 areused

The following variants of commitment by SQL requests processing are possible withinuse of DDB via the 2PC

bull Succesful variantndash SQL requestndash A local transaction is finalised as OKndash Preparation to COMMITndash Prepare COMMITndash Ready 1 2 3ndash Commit 1 2 3ndash Commit ACK 1 2 3

bull A failure variant the replication 3 offers no commitndash SQL requestndash A local transaction is finalised as OKndash Preparation to COMMIT


ndash Prepare COMMITndash Ready 1 2 Abort 3ndash Rollback 1 2 3ndash Rollback ACK 1 2 3

The following synchronisation (also voting co-ordination) methods within theDDB are available for implementing the instruction ldquoUPDATErdquo for the availablereplicas [8]

bull Primary-Copy-Schema (PCS) (asynchronous)bull Majority-Consensus-Method (MCM) (synchronous)bull Locking tablesbull Logical timestampsbull Protocols like two-phase-commit and two-phase-lock (2PC Two-Phase Lock

(2PL))

The asynchronous PCS is a process for the synchronisation [2] of replicated data In thismethod the change is performed only on the primary copy and then synchronised withthe replica The primary copy will prevail The advantage of the method is that if thereare several changes they can be bundled to be synchronised with the other copies Thedisadvantage is that the method does not ensure a stable consistency for the distributedcopies [2]

This is in contrast to the MCM which is a synchronous method The main principle forMCM is as follows The update on a copy will be carried out only if the correspondingtransaction is able to win a majority of copies (eg is relevant to lock) In principle thereare multiple possible MCM variants The MCM differ from each other with the followingaspects First whether all copies of this voting can be treated equally (unweighted voting)or not (weighted voting) and second whether the number of the votes which are requiredfor reaching the majority is fixed (static quorum) or this number can be computed only atrun-time (dynamic quorum)

Note For the read access (read quorum) and for the write access (write quorum) adifferent number of votes have to be defined [2]

Among further synchronisation methods the locking tables logical timestamps as wellas 2PC2PL or their combinations should be briefly mentioned These methods (usuallycombined) are distinguished by the following characteristics

bull Locking tables ie blocking of unwanted changes in certain replicates (like PCS +MCM)

bull Logical timestamps ie monitoring by the timestamps then like PCS


27 System Examples Google Spanner a Global DDB

Some of the more sophisticated DDB systems are offered by the commercial serviceprovider Google Among them are

bull Google Bigtable (2008)bull Google MegaStore (2011)bull Google Spanner (2012)

There are also the further known relational and non-relational DDB from commercial ven-dors (IBM Sybase Oracle Microsoft) and open source projects (Cassandra CouchbasePostgres-XC Postgres-R) Many of the following explanations also apply to these systemson an abstract level

Spanner was developed to resolve the disadvantages of Googlersquos Bigtable and MegaS-tore [3]DB Bigtable (2008)

bull difficult deployment for complex and self-evolving schemasbull no strict consistency guarantees for geo-replicated sites (partitions)

DB MegaStore (2011)

bull synchronous replication and semi-relational data modelbull full ACID semantics in the partitions but only small consistency guarantees on

partitionsbull low write throughput

A typical world-wide deployment scenario for Spanner is shown in Fig 221 On eachcontinent a number of data centres are running instances of the database This guaranteesa low-latency access from nearby users and avoids overloading a single instance

The internal architecture of a distributed Spanner installation is explained in Fig 222Each site is called a zone and coordinated by a zone master All zone masters are in turncoordinated by a universe master Furthermore location proxies take the requests fromdatabase clients and forward them flexibly to span servers

The following terms and quantities are of relevance when looking at the architecture

bull Universe the overall deployment areabull Zones deployment area for servers in one site physically isolated units placement and

distribution driverbull 1 Universe masterbull 1 Zonemasterbull 1000 Spanservers

27 System Examples Google Spanner a Global DDB 39

Fig 221 Deployment scenario online social networks

Fig 222 Spanner architecture [3]

For the realisation of Spanner a specific software stack modelled around the Paxosalgorithm has been designed Fig 223 offers a look inside the stack

Building on Spanner there is the newer system Google F1 SQL called the ldquoFault-Tolerant Distributed RDBMSrdquo As a replacement for basic relational systems like MySQLor PostgreSQL it offers the following features

bull NewSQL platformbull Each Span-Server is responsible for 100 up to 1000 Tablet instancesbull Data and log files are stored on Colossus a successor of the Google File System


Fig 223 Spanner software stack [3]

bull Paxos is used for commits (consensus) for all participants a common value matchesbull Paxos is used for consistent replicationsbull A Transaction Manager for distributed transaction support 2PCbull True Time Architecture

Paxos is a traditional algorithm named after the Greek isle of Paxos next to Corfualthough originally by the author of the algorithm erroneously placed into the AegeanSea It works as follows

bull Server can act simultaneously as proposer acceptor and learnerbull During normal operation the leader receives a clientrsquos command assigns it a new

command number i runs i-th instance of the consensus algorithmbull Paxos group all machines involved in an instance of Paxosbull Within Paxos the group leader may fail and may need re-election but the safety

properties are always guaranteed

The workflow of Paxos is shown in Fig 224

Apart from implementing Paxos Spanner offers the following architectural properties

bull scalable multi-versioned global-distributed synchronously replicated databasendash distributed transactions (with 2PCACID)ndash SQL-driven schematic tablesndash but semi-relational data model


Fig 224 Paxos algorithm

ndash reconfiguration of replications is very fine-grainedndash dynamic reconfiguration per application

bull Applications can define the parameters and constraintsndash such as the number location and distance of replications

bull Dynamic data migrationndash data can be transparent moved at a global level even during operationndash consistent read and write access

bull Aims and focusndash management of cross-replication of datadata centersndash global consistent writes via Google Spanner

bull Deployment examples up-to-date productsndash Google Ad Data (Advertisers)

bull 50 Paxos groups 2500 directories read- and write access of 4 KBytendash commit within ca 5 msndash latency generally under 9 ms

bull True Time several thousands Span servers at a distance of max 2200 km (withoutlatencies due to distance)ndash 90 no deviationndash 9 deviation up to 2 msndash 1 deviation up to 10 ms (still far too much)

This architecture allows for creating complex applications Picking up the previousexample of a social network installation again a Spanner-based application may look likeshown in Fig 225

To synchronise the distributed database Spanner a protocol of real time is used calledTrue Time (Fig 226) In order to implement the controlled access not only time stamps


Fig 225 (a) Single machine (b) Multiple machines Sample application of DDB with Spanner [3]

Fig 226 True Time message exchange

are used but full time intervals The replica synchronisation is performed every 30 s Tocorrect the time GPS and atomic clock usage is foreseen The quasi-parallelism of theaccess is provided for two access modes

bull The ldquoread-onlyrdquo access proceeds in the ldquosnapshotrdquo modebull The ldquoread-writerdquo access proceeds via the 2PC and 2PL protocols [3]

28 Conclusions 43

Table 21 True Time methods True Time API method Time output

TTNow() TTinterval [earliest latest]

Boolean TTAfter(t) True if t has definitely passed

Boolean TTBefore(t) True if t has definitely not arrived

For programmers True Time offers three convenient methods to deal with relative andcausal times They are explained in Table 21

Therefore the examined DDB Spanner system possesses the following metrics andperformance parameters [3]

bull 50 Paxos groups and 2500 access directories are createdbull The read and write access proceeds for the data portions (called chunks) with minimum

size of 4 Kbytesbull A middle commit can be reached within approx 5 msbull The summarised request latency is no more than 9 ms

The True Time protocol provides the ability to use thousands of so-called Span serverslocated at a considerable distance from each other They work without significant delaydespite considerable distance to a maximum of 2200 km The following access statisticshave been observed

bull In 90 of the cases there is no deviationbull In 9 of the cases the deviation reaches up to 2 msbull Nevertheless only in 1 of the cases the deviation obtains a significant latency of

10 ms or more

Further system examples for DDB are associated with the databases which belong to well-known manufacturers like IBM Sybase Oracle or Microsoft

28 Conclusions

The architectural solutions for modern distributed systems and networking applicationshave been subject to significant changes in recent years Modern architectural transforma-tions contribute to the development of new attractive for users (mobile) services searchengines content management systems custom video hosting services cloud servicesVoIP tools social networks There is no possibility to specify a complete list Dependingon the needs of the application and ultimately its users a concrete software architectureand communication pattern (C-S P2P) needs to be chosen Assuming performancematters performance optimisation methods should be evaluated and applied For higher


reliability data processing tasks should run in transactions Distributed databases suchas Spanner are already optimised for global high-performance deployments and thereforefree the application engineer from labor-intensive and error-prone custom methods

References

1 C Baun M Kunze J Nimis and S Tai Cloud computing ndash Web-based dynamic IT-ServicesSpringer-Verlag 2010 in German

2 P Dadam Verteilte Datenbanken und ClientServer-Systeme online httpwwwinformatikuni-ulmdedbispapersvdb-buchvdb99_09pdf 1999

3 J C Corbett et al Global Distributed Database Google Spanner Berlinbuzzwords 20124 P Mell and T Grance The NIST definition of cloud computing whitepaper NIST Special

Publication 800-145 September 20115 Alexander Schill and Thomas Springer Verteilte Systeme - Grundlagen und Basistechnologien

Springer-Verlag second edition 2012 433 p in German6 R Steinmetz and K Wehrle Peer-to-Peer Systems and Applications Springer 20057 Andrew S Tanenbaum and Maarten Van Steen DISTRIBUTED SYSTEMS Principles and

Paradigms Pearson 2013 633 p8 Andrew S Tanenbaum and David J Wetherall Computernetzwerke Pearson Studium fifth

edition 2012 1040 p in German

3Evolution of Clustering and Parallel Computing

Keywords

Clusters bull Grids bull Performance parameters bull High-Performance Computing(HPC) bull Speedup models bull Amdahl model bull Barsis-Gustafson model bull Karp-Flattmetric bull Berkeley Open Infrastructure for Network Computing (BOINC)

Demarcation between parallel and distributed computing clusters and grids Theparallel execution of code within applications is a standard feature for higher performanceresponsiveness or both Parallel code the building block for parallel computing isachieved by multiple processes multiple threads co-routines and similar programmingtechniques Typically parallel code is assisted by hardware such as multiple processorsper node or multiple processor cores per processor (virtual processors) and otherwise bythe operating systemrsquos process scheduler (pseudo-parallelism)

The effects of parallelism on the execution time of an application are shown in Fig 31When the hardware support extends to multiple connected nodes with appropri-

ate messaging techniques the extended paradigm of distributed parallel computing isachieved The connected set of nodes is then often called a cluster Of course applicationscan also be parallelised without hardware support but there will be only gains whenthe computing resources (processor memory disk or network) are not yet exhaustedThe terms high-performance computing (HPC) and high-throughput computing (HTC)express respectively focus on a subset of these resources and attempt to maximise theirusage This claim is not essential to distributed computing per se

Another perspective at parallel code execution and clustered nodes is the approach ofhow to use the system When a large set of nodes is connected and offers the submissionand computation of jobs from a bag of tasks the resulting system is called a gridIn recent times with the on-demand provisioning and elastic scaling of resources as


45

46 3 Evolution of Clustering and Parallel Computing

Fig 31 Effects on parallelism (a) no parallelisation (b) hardware parallelisation (c) pseudo-parallelisation by a scheduler

well as usage-based billing of computing resources (utility computing) the dominatingterm instead of grid is rather cloud leading to the more recent paradigm of cloudcomputing although volunteers around the world still connect their personal computersin desktop-based grids called volunteer computing and meshes when the focus is moreon networking capabilities [26]

The foundations to the organisation of the parallel computing process based on gridsclusters and clouds are discussed in [4 8] with a practical look on grid and cloudintegration in [7] and additional research trends listed in [17] Education on these topics isdiscussed intensively in [1 10]

While the next section will introduce several counters units and scales to comparethe performance of computing systems one should already be introduced here to give arough sense of comparison between diverse computing architectures The unit of choicehere is Floating-Point Operations Per Second (FLOPS) most often used in the scale ofTFLOPS or 1012 FLOPS

Typically grids differ from clusters by geographical dispersion of and public access toits computers and are characterised via significantly heterogeneous structure In additioneach grid generally uses standardised software components for co-operation and commu-nication (standardised Application Programming Interface (API) libraries middlewareweb services) One of the prominent early examples is the first Metacomputing system bythe University of Illinois [24] On the other hand clusters are centralised and possess ahomogenous structure with powerful CPUsGPUs as well as SANNAS for data storageIncreasing efficiency and reducing heterogeneity is possible with the use of off-the-shelfcomponents open-source operating systems and resource virtualisation (networks pro-cessors memory devices applications) For high-speed data transfer between processorseither Ethernet (1 GBits) or fibre-channel technology (FC eg 16 GBits fiber channels)is used Deployment of powerful clusters as well as loosely coupled and grid-connectedprivate PCs tablets and even smartphones create virtual supercomputers which providea high performance As mentioned one measurement unit for the performance is thenumber of FLOPS Todayrsquos supercomputers achieve multiple TFLOPS or even PFLOPS(Taurus Titan Tianhe-2) These supercomputers can be aimed at parallel solving ofcomputationally-complex math-log cooperative problems More modest cluster systemsexist including the Beowulf design applicable to small-scale installations [1 14] Among

3 Evolution of Clustering and Parallel Computing 47

the international grid systems for parallel computing the BOINC grid [28] is one of themost well-known ones although newer systems such as OurGrid and the European GridInfrastructure (EGI based on federated clouds) still offer functional innovation [5]

Example 31 Many educational institutional and national grids reflect the evolutionalchanges in grids and high-performance computing during all time of its existencefrom appearance until modern trends [18] The Ukrainian National Grid together withURAN (Ukrainian Research Academic Network) and some dedicated projects is a typicalrepresentative of this observation [19 20] It offers two middleware resource types asremote service gLite and ARC Many national research laboratories universities andinstitutes offer concrete service realisations In total 27 ARC services and 2 gLite servicesare provided Among the providers is the Institute for Condensed Matter Physics whichruns an ARC site with 17 compute nodes 3 storage nodes and a coordinator nodein a cluster format This cluster achieves about 11 TFLOPS whereas the overal gridperformance is much higher

Another example is SwiNG the Swiss National Grid Its network consists of thescientific computing centres of 18 higher education institutions and research institutesThe Ukrainian National Grid intends to participate as a member grid in EGI and SwiNGis already a member grid along with more than 30 others EGI in turn intends toevolve jointly with other partners into the European Open Science Cloud for ResearchThis endeavour is built on eight fundamental elements for success among them serviceorientation and interoperability

In general there have been the following essential phases in the development towardstodayrsquos clusters and grids

1 Meta-computing pioneer grid projects like GRID and the Metacomputer based onactive involvement of the technologies from scientific areas to everyday life

2 Convergence with web technologies (eg BOINC) wide-spreading of grids throughinstitutions and volunteers

3 Efforts to solving of wider range of problems secured access interoperability resourcediscovery on the basis of deployment of standardised middleware like OGSA (OpenGrid Services Architecture)

4 Wide-spread acceptance of grid services in the same way as delivering of waterand electricity and then inset of the SOA approach (service-oriented architectures)via standardised web services deployment and workflow composition (WS-BPELBusiness Process Execution Language)

5 Wide-spreading of cloud computing as a model for enabling ubiquitous convenienton-demand network access to a shared pool of configurable computing resources withessential measured services like Everything-as-a-Service (XaaS) and rapid elasticity


6 Integration of grid services within high-available clouds (mostly PaaS) together withparallel clusters (IaaS) and capable network storages (RAIC Redundant Array ofIndependent Clouds)

7 Development of new energy-efficient grids clusters and cloud services smart gridtechnology with a link to power distribution systems to combine computing on demandwith power on demand

Recent tendencies in the usage of parallel computing for the simulation of technologicaldevices and processes including electron beams and electron guns indicate a rise ofsmall but smart low-energy clusters They are based on multicore CPUs built-in withinregular PCs such as Intel Core i7 Core i4 or AMD FX in the kWh-area or even ononboard microcontrollers like Raspberry Pi Arduino or Intel Edison with only lowWh-consumption

In the remainder of this chapter performance parameters and models will be presentedfollowed by a discussion of trade-offs and a presentation of modern frameworks to manageboth resources and applications in cluster and grid environments The discussion of cloudcomputing and smart grid concepts respectively is then following in the subsequentchapters

31 Clustering and Grids Performance Parameters andBasic Models

Performance parameters Let us first define the most important performance factorsand metrics beyond the already mentioned FLOPS The code execution performanceparameters of modern computers are as follows [23]

bull Number of CPU coresbull Tact (clock) frequency per core f unit 1

s D Hzbull Million Instructions Per Second (MIPS)bull FLOPS as defined above

The system clock signal produced by a crystal oscillator synchronises the operation ofmultiple functional blocks within a CPU The system tact is a periodical function basedon the Peirce function using the negated logical OR operator NOR Some examples ofthe performance of certain CPU models from recent production years are given below(Table 31) It is evident that the tact frequency is no longer the dominant differentiatorbetween CPUs Rather the number of cores enhanced throughput and parallelism and ahigher efficiency have become important MIPS is usually a good indicator not simplytied to a CPU core tact however it is tied to a specific task such as text search or codecompilation Figure 32 gives a timeline of how CPU frequencies cores on a CPU CPUson a node and nodes in a networked environment have scaled up in about half a century

31 Clustering and Grids Performance Parameters and Basic Models 49

Table 31 Performance of certain selected CPU models

Year CPU model Performance MIPS Tact frequency GHz

2006 AMD Athlon FX60 18938 26

2007 Intel Xeon Harpertown 9368 30

2011 ARM Cortex-A15 35000 25

2011 AMD FX-8150 108890 36

2011 Intel Core i7 2600K 128300 34

2015 AMD A12 Pro-8800B gt150000 34

Fig 32 Timeline of performance indicators in computing hardware

The principles of how CPUs are constructed and how they work have mostly remained thesame [13] but the capabilities have expanded tremendously

The context for tact frequency MIPS and FLOPS is depicted in Fig 33 The followingperformance formula can be used

P D f n1 I n2 (31)

Where P ndash performance in GFLOPS f ndash CPU tact frequency in GHz n1 ndash number ofcores within a CPU I ndash CPU instructions per tact n2 ndash number of CPUs per computingnode Let us consider the integral performance criterion FLOPS in two examples whichinvolve recent server configurations It makes the complex dependency of performancefrom multiple factors evident as the system with the faster CPU is much slower overalldue to less cores and less powerful instruction execution within the cores

Example 32 Let us consider a 2-socket-server with CPU Intel X5675 (306 GHz 6 cores4 instructionstact) P D 306 6 4 2 D 14688 GFLOPS


Fig 33 Performance parameters of computers

Example 33 We have a 2-socket-server with CPU Intel E5-2670 (26 GHz 8 cores8 instructionstact) P D 26 8 8 2 D 3328G FLOPS

For the performance parameter FLOPS the following nomenclature (K M G T P EZ Y) of the unit prefixes is used

bull KFLOPS KiloFLOPS = 103 FLOPSbull MFLOPS MegaFLOPS = 106 FLOPSbull GFLOPS GigaFLOPS = 109 FLOPSbull TFLOPS TeraFLOPS = 1012 FLOPSbull PFLOPS PetaFLOPS = 1015 FLOPSbull EFLOPS ExaFLOPS = 1018 FLOPSbull ZFLOPS ZettaFLOPS = 1021 FLOPSbull YFLOPS YottaFLOPS = 1024 FLOPS

To put these numbers into perspective The AMD Carrizo-based FX-8800P notebook CPUfrom 2015 which contains four cores and an R7 GPU which operates at a tact of up to34 GHz reaches around 839 GFLOPS An AMD Radeon R300-based R9 Fury GPU from2015 achieves about 7ndash9 TFLOPS with vectoring of operations ie the application of anoperator over multiple elements in a vector Anything in the higher TFLOPS range andabove requires parallel multi-processing or clustering architectures


Speedup and effectiveness of computing processes Factors of speedup and effective-ness in grids are computed as follows

An DT1

Tn En D 100

An

n(32)

Where T1 ndash computing time for a math-log problem with use of only one CPU Tn ndashcomputing time of the solution parallelised on n processors or threads An ndash speedup factorEn ndash effectiveness for speedup on n CPUs in

An example for a section distribution by task parallelisation and the influence ofcluster communication exchanges by message passing between the processors or threadsis depicted in Fig 34 The computation time gain is possible only due to higher p=s ndashratio within a parallelised task (a math-log problem) The time estimations are as followsrefer to Eq 33

T D s fnot showng

T D s C p fag

T D s Cp

nfbg

T D s Cp

nC k n fcg

e D 1 p

(33)

s1

s1

s1 K K

s2

s2

a) Sequential workflow

b) Paralleled workflow

c) Paralleled workflow with threads andnetwork exchanges considering

p1 p2 p3

p3

p3

p2

p1

p2

p1

s2

Fig 34 Sections distribution by a math-log problem parallelisation and the influence of clustercommunication (exchanges) by message passing


Where T ndash overall computing time s ndash sequential part of a task (percentage)p ndash potentially parallelised part of a task (a math-log problem) ie on n threads or CPUse ndash part for sequential computing time k ndash negative influence of communication bymessage passing between CPUthreads (this component can also be neglected k D 0)

Amdahlrsquos Law One of most appropriate and useful approximations for the speedupfactor is the one defined by G M Amdahl in 1967 [9]

T D 1

1 1 p C p

An D1

1 p C pn

1

1 p

Amax D1

1 p

Ank D1

1 p C pn C k n

(34)

Where p ndash potentially paralleled part of a math-log problem n ndash number of availableCPUsthreads k ndash negative influence of communication by message passing betweenCPUsthreads (this component can also be neglected k D 0)

Example 34 Let us consider a math-log problem with an overall compute time ofToverall D 20 h a serial critical compute time of Tser D 1 h (ie 5 ) and a parallelisedcompute time of Tpar D 19 h (ie 95 ) Furthermore let the maximum speedup factor beSpeedupMAX D 20 This is a typical scenario for a scientific computing problem Thenby n D 10 processors (threads) one can derive p D 095 Speedup D 1=1 095

C 095=10 D 1=005 C 0095 D 69 lt SpeedupMAX The results means that outof a theoretic maximum of ten-fold parallel execution only six-dot-nine-fold can beachieved On the other hand with n D 95 processors (threads) the speedup grows toSpeedup D 167 only meaning a reduced effectiveness of only one quarter

One can obtain the following graduated depiction of the speedup factor (Fig 35) Thereare some criticism points regarding this realistic model too pessimistic representationof the parallel computing status But other models talk a lot also about the saturationeffects especially due to communication processes within a cluster between the processors(threads) and energy losses (in form of redundant warm waste heat)

Barsis-Gustafson-Law This law of E H Barsis and J Gustafson proposed in 1988 isfrequently used as alternative compared to Amdahlrsquos law Consider the following Eq 35

1 D 1 p C p (35)


25

25

20

15

10

5

0

Threads n

Speedup A(np)

0 100 200 300 400 500

p=05

p=05 p=075 p=09 p=095 p=08

En100

2

15

1

05

00 100 200 300

Threads n

400 500

Fig 35 (a) Speedup vs effectiveness (b) Amdahlrsquos speedup by different p-values PessimisticAmdahlrsquos model for the speedup factor depending on p D 0 5 0 95 saturation effect no moreprofit due to increasing of n ndash number of threads

It decomposes an execution time T into a part which can be parallelised Tp as knowntime for parallel computing and a part which cannot for instance startup or memoryallocation Ts as known time for sequential computing Then the speedup factor iscomputed as shown in Eq 36

Ts D 1 pTp C pTpn

An p D Ts=Tp D 1 p C pn D 1 C pn 1(36)

Example 35 The following example shows how to calculate A according to the paralleli-sation method described by the Barsis-Gustafson law

p = 80 n = 11 CPUs A11 = 1 C 08 (11 1) = 9

n = 31 CPUs A31 = 1 C 08 (31 1) = 25

n = 71 CPUs A71 = 1 C 08 (71 1) = 57

n = 101 CPUs A101 = 1 C 08 (101 1) = 81

Therefore we conclude Amdahlrsquos Law is too pessimisticA typical cluster from Technical University of Chemnitz with 530 nodes called CHiC

is depicted in Fig 36 CHiC nodes run Linux are connected with Infiniband and due tonot having any disks share a Lustre filesystem which spans 160 disks On this kind of


Fig 36 Fibre glass techniques for CPU coupling (FC ndash Fibre Channel) FC ports offer approximatedata rate = 4 bis 16 GBits performance max 100 GFLOPS per CPU CHiC ndash a powerful cluster[21]

supercomputer consisting only of networked standard computers applications are placedand scheduled according to the beforementioned laws of parallel computing [21]

Karp-Flatt Metric The Karp-Flatt metric (e) is a measure of parallelisation of code inp parallel processors and was proposed in 1990 by A H Karp and H P Flatt [11] Thismetric exists in addition to Amdahlrsquos Law and the Barsis-Gustafson law as an indicationof the extent to which a particular source code for one CPU is parallelised The valueof e (the unknown partpercentage for sequential computing time) can be approximatedon the basis of the metric via known speedup values for different CPU number p andtimes estimations Tp Seven main characteristics need to be distinguished as input for thecalculation

bull A ndash measured speedupbull N gt 1 ndash number of CPUbull T1 ndash time for particular source code for one CPUbull Ts ndash sequential computing timebull Tp ndash parallelised part timebull e ndash part for sequential computingbull p ndash parallelised computing part

In order to estimate the speedup factor Eq 37 needs to be solved


T1 D Ts C Tp e DTS

T1

T1 D eT1 C 1 eT1I

TN D Ts C1

NTpI

TN D eT1 C1

NT1 eT1I

A DT1

TN Y D

1

AD

TN

T1I

1

AD Y D e C

1

N1 e

A D Œe C1

N1 e1

(37)

Then we consider responding to value e by solving Eq 38

1

AD e1

1

N C

1

NI

e1 1

N D

1

A

1

NI

e DŒ 1

A 1N

Œ1 1N

D 1 p

(38)

Example 36 We would like to define herewith the value e (refer to formula 39) ie thenormally unknown part for sequential computing time for a math-log problem on the basisof the Karp-Flatt metric Referring to Table 32 (pos 9) the following three parallelisationgrades are given

Number of CPUs n D 100 measured speedup A D 10 1=A D 01 e D 01

001=1 001 D 009=099 D 00909 e D 91 it can be for parallelised p D 91 Number of CPUs n D 100 measured speedup A D 25 1=A D 004 e D

004001=1 001 D 003=099 D 00303 e D 303 it can be parallelised forp D 97

Number of CPUs n D 100 speedup A D 66 1=A D 0 0151 e D 00151 001=

1 001 D 00051=099 D 00052 e D 052 it can be parallelised for p D 995 Considering the previous formulae and Table 32 we can obtain the next useful formula

(39) for the p criterion


An gt 1

eAn n D 1 p

D

1An

1n

1 1n

p D1 1

An

1 1n

DAn 1

An Ann

DAn 1

An En100

(39)

Example 37 Let us consider the following example The number of CPUs should ben D 100 the speedup A D 66 and the effectiveness En D 66 Then the math-logproblem can be parallelised for the p ratio p D 661=66066 D 65=6534 D 0995

(compare to Example 35)

Moorersquos Law The authorship of the law belongs to Gordon Moore (born 1929)co-founder of Intel Moorersquos Law is known since 1965 and for more than 50 years ithas been holding with no faults It means the exponential growth of the following valueswhich characterise electronics and IT branches

bull CPU chip complexity N (up to 109 transistors)bull Computer tact frequency f (up to 35 GHz)bull Computer performance P (nowadays typically gt100GFLOPs)

Moorersquos Law regarding to the chip complexity is depicted in Fig 37 The values on theY-axis are given in logarithmic scale The next integration degree will reach 10 billiontransistors

But there are some further phenomena which are not commonly associated with thislaw Moorersquos Law is also true for the extrapolation in the backwards direction into theearly days of computing In fact Moorersquos Law extrapolation can be extended down tothe year 1900 towards the former element basis in electronics electro-mechanical relayselectronic tubes transistors IC VLSI as it was depicted in Fig 38

Speedup model overview Table 32 illustrates the set of integrated models and approx-imations of speedup factors which are typically used for distributed (parallel) computingThe table includes the already presented models together with additional ones Theapproximations of the An speedup factor are given with a dependency on the criterian p k These are the mostly used models and laws including Amdahlrsquos (1967) Groschrsquos


Fig 37 Moorersquos Law chip complexity (Source it-materialde)

Fig 38 Moorersquos Law extrapolation backwards


Table 32 Overview on speedup models

SpeedupfactorAn D T1

TnSpeedup model Conventions Title of an empirical model

1 An Dp

n The type of math-log problemis not considered

Groschrsquos law (1965)

2 An D nb The type of math-log problemis not considered

Generalised Groschrsquos law(05 b 1)

3 An D n The type of math-log problemis not considered

Proportional Amdahl law forp D 1 s D 0

4 An D log2n The type of math-log problemis not considered

Logarithmic Law

5 An D 11pC

pn

05 p 0999 Amdahlrsquos Law (1967)

6 An D1

1pCpn Ckn

05 p 0999 k 104 105

Corrected AmdahlrsquosModel with inter-processorcommunication considering

7 An D 2n D 70 =r

The type of math-log problemis not considered r D 1 2 characterises inter-processorcommunication losses

Empirical law ldquo69 - 70 ndash 72rdquofor CPU-number n whichprovides double speedup ofcomputing time

8 An D

1 p C pn05 p 0999 k D 0 Barsis-Gustafson-Law (1988)

9 An gt 1eAn n D 1p

e D 1 p ndash the unknown partfor sequential computing time05 p 0999 k D 0

Karp-Flatt-Metric (1990) forAmdahlrsquos orBarsis-Gustafson-Law

Barsis-Gustafsonrsquos (1988) Moorersquos law (1965 or exponential model) and some furthersuitable models such as the 70 -law [9 11] The evaluation of the coefficient p in theequations can be realised via the Karp-Flatt metric (1990)

A generalised graphical comparison of speedup factors is depicted in Fig 39 Themost-used models are shown a trivial one (3) as well as an optimistic one by Barsis-Gustafson (8) ie more realistic and Amdahl (5) ie a pessimistic one refer to Table 32(3) (5) (8)

Simulation Scenario For the hardware basis (Fig 310a) offered at Dresden Universityof Technology [15] the following own results (Table 33) on speedup have been obtainedIt was a voluminous experiment in November 2006 aimed at the simulation of signalpower propagation of WLANWiMAX networks through complex 2D environmentswhich appeared as maps of the obstacles with given material features

The simulation has been realised with use of CANDY software and web servicesfor SSL access to MARS The following results have been obtained (Fig 311 refer toTable 33) These results can be approximated with formula (310) compare Groschrsquos law


Fig 39 Speedup models ndashdifference between optimistic(3) and pessimistic view (5)

Fig 310 (a) Hardware basis High-performance computing cluster MARS SGI Altix 4700 TUDwith 1024 cores possesses the performance 131 TFLOPS (b) Up-to-date hardware basis TAURUSBull HPC-Cluster with 137 TFLOPS Hardware basis High Performance Computing at TUD [15]

An DT1

TnD n˛ T1 D 8021s ˛ 095 (310)

Example 38 The new hardware basis in the same institution is called TAURUS Bull HPCcluster This cluster is more powerful than the formerly leading MARS placed at globalrank 66 at its inauguration and has nowadays the following features (Fig 310b)

bull Island 1 4320 cores Intel E5-2690 (Sandy Bridge) 290 GHzbull Island 2 704 cores Intel E5-2450 (Sandy Bridge) 210 GHz as well as 88 NVidia Tesla

K20x GPUs


Fig 311 Computing time and speedup factor in depending on threads number obtained on themulti-core high-performance computer MARS TU Dresden (Basis ndash CANDY Framework 2006)

Table 33 Computing time fora complex simulation task ofWLANWiMAX propagation

Number of threads Computing time s Speedup factor An D T1Tn

1 8021 10

2 4163 19

5 1749 46

10 908 88

20 471 170

30 321 250

55 181 443

70 144 557

bull Island 3 2160 cores Intel X5660 (Westmere) 280 GHzbull Symmetric Multi-Processing (SMP) nodes with 1 TB RAMbull 1 PB SAN disk storagebull Bullx Linux 63 based on Red Hat Enterprise Linux batch system Slurmbull 137 TFLOPS total peak performance (without GPUs)

Example 39 The most performant cluster of the world is depicted in Fig 312 TheTianhe-2 or ldquoHeaven Riverrdquo (Milky Way) originates from Guangzhou in the PeoplersquosRepublic of China The common costs for the cluster can be evaluated to be approximately24 109 Yuan (equal to USD 390 106) The peak performance is P D 33PFLOPSThe square size S D 720 m2 belongs to the cluster Surely the power consumption iscorrespondingly very high about 17 24 MW But also a very high PUE value is to benoted The nodes of the cluster use a specific operating system Kylin Linux which has alsoinfluenced Ubuntu Kylin to become recommended as reference system for many Chinesedeployments until 2018 The available compilers are as follows Fortran C C++ JavaOpenMP MPI 30 Tianhe-2 possesses the following architecture

bull 32000 CPUsbull 48000 GPUs as programmable co-processors


Fig 312 The most powerful compute cluster world-wide Tianhe-2 (Sources top500orghpcwirecom photo onlinezeitung24de)

Table 34 Computing system performance comparison (Status November 2015)

Cluster or gridMaximum performancePFLOPS

Multiplicity (given inldquoMARS unitsrdquo)

Tianhe-2 (a supercomputer from GuangzhouChina)

3386 2605

Titan (Tennessee USA supercomputer upgradefrom Jaguar)

1759 1353

BOINC (grid hosted at Berkeley University ofCalifornia USA)

9 692

Juqueen (FZ JuumllichIBM) 50 384

SuperMuc (Leibniz data centre in Munich) 28 215

TAURUS (hosted at TU Dresden) 103 79

MARS (TU Dresden 2006) 0013 1

bull 1375 TiB of RAM of which 1000 TiB is accessible by the CPU and 375 TiB by theco-processors

bull 124 PB hard disk capacity

The total number of cores exceeds three million and achieves a combined performanceof 3386 GFLOPS The predecessor in the global ranking top spot has been the Titansupercomputer in the USA with ldquojustrdquo 1759 GFLOPS

SMP architectures with large RAM capacities gains in its deployment nowadays moresympathisers than the NUMA (Non-Uniform Memory Access) with the offered uniqueaddress spaces as well as correspondingly the cache-coherent NUMAs A performancecomparison is given in Table 34 Herewith some worldwide known clusters from the


global top-500 list (TOP500) as well as grids are referred in correspondence to the abovementioned performance of MARS and TAURUS systems The MARS performance isgiven as canonical base unit Most of the clusters about 98 run Linux whereas gridsallow for heterogeneous operating systems in particular desktop grids such as BOINCThe performance values are measured with the LINPACK benchmark a Fortran librarywith routines to solve linear algebra equations

32 Performance-Energy-Price Trade-Offs in Clusters and Grids

Trend to low-cost and low-energy computing nodes A new trend to low-cost and low-energy computing nodes based on cheap devices in particular cheap and fanless on-boardmicroprocessors (RISCARM) should be considered nowadays as a serious alternativeto expensive computing devices within Internet of Things (IoT) a term describing avision of ubiquitous access among connected devices On top of the IoT an Internetof Services (IoS) with digital and physical services can be constructed The IoS is arelated vision which for most applications hides the hardware The deployment of low-cost and low-energy computing nodes such as those with Arduino Raspberry Pi or IntelEdison processors leads to a significant increase of energy-efficiency outcomes as well as atechnologically important new step towards a realisation of the IoT Often these connecteddevices are seen as Fog Computing backbone to an even larger IoT which also involvesstationary and mobile sensors such as mobile phones and heartbeat belts [2 27]

Trade-offs Scenarios for the so-called Fog Computing within the IoT are steadily goingto gain in importance in the mid-term Instead of using applications and services withheavy-weighted processors and VMs agile and energy-efficient on-board microprocessorsshould be operated See the view of future transfer from CloudsIoS to the Fog Comput-ingIoT (Fig 313) Surely the deployment of low-cost and low-energy computing nodesbased on on-board microprocessors can be used to build powerful clusters as well Theselead to an appropriate resource use in the frame of a given math-log problem

On-board microcontrollers But none of the above-mentioned computing systems isenergy-efficient enough The electricity consumption is measured in the MWh areaEnergy-efficient solutions can be provided via small low-cost and low-energy on-boardprocessors The electricity consumption surrounds in this case at most the kWh areaLow-energy home intelligent nodes (3ndash10 W) for private cloud solutions file serversweb servers multimedia home centres and similar use cases can be operated with suchmicrocontrollers as the trade-off solution They offer a cheap alternative and symbolise astep-by-step shift towards the IoT

Example 310 Herewith a small example addressing the discussed trade-offs A ldquosuper-computerrdquo with 64 cheap Raspberry Pirsquos und two Lego racks is depicted in Fig 314 This

32 Performance-Energy-Price Trade-Offs in Clusters and Grids 63

VM VM VM VM

VMM

- Universal Service XaaS

Cloud Computing

On-board μ-Nodes

Fog Computing

Reliable VM orlow-energy μ-Node

Trade-offs

- VM Monitor- Dedicated VM

Reliability and QoSData Security and PrivacyAnonymityEnergy ConsumptionOperating Expenses (OPEX)

Raspberry Pi

μ

μ

μ

μμ

μ

ArduinoIntel Edison

VM VM

Fig 313 Energy-efficient on-board computing nodes as a basis for distributed computing withsufficient performanceenergyprice trade-off

Fig 314 Energy-efficient Raspberry Pi cluster with 64 CPUs (Source pro-linuxde)

low-energy cluster (64 35 W maximum 025 kW) is built by using low-cost and energy-efficient on-board microcontrollers The small but smart Raspberry Pi cluster for parallelcomputing offers the following features

bull DC supply through USB 35 WCPU 700 MHzbull Energy-efficient resource provisioning


Fig 315 Data centers of Google internal view (Source Google)

bull SD card as external disk drivebull Low-power data transfer and exchange via Ethernet LANbull Raspbian as operating system

Energy-efficient data centers of Google Around 2011 the trend of ldquoGreen ITrdquo wastriggered by increasing energy demand and prices and a general awareness of computingusers The data and computing centers have to be built step-by-step in colder regionsof the earth The data centres of Google achieve the Power Usage Effectiveness (PUE)of 112 due to further optimisation of hardware waste heat recycling systems andbuilding construction features like improved air circulation reuse of waste heat andother techniques [6] This means that only 12 of energy required for computingwas used not by servers but by other services like conditioning energy distributionlighting surveillance systems etc (Fig 315) Hence note that the value of Power UsageEffectiveness (PUE) of 10 is only possible in theoretic ideal cases It means that there arenot any additional energy losses or waste heat what is contradictive indeed to the classicalthermodynamic theory

33 Resource Management in Clusters

First three single-system cluster management systems which integrate with the operatingsystem will be presented Then a resource management placement and schedulingframework which runs on top of an operating system will be compared

MOSIX OpenMosix and OpenSSI cluster management While most clusters includ-ing Beowulfs only share the filesystem among nodes single-system image (SSI) clustersshare the entire operating system instance including processes virtual memory open files

34 Application Management in Clusters 65

sockets and inter-process communication In such systems applications get access to morecompute resources like in SMP or multi-core environments only with added networklatency The broad existence of multi-core processors has caused a decline in managementsystems for SSI clusters but as they can still be useful three such systems shall bepresented here MOSIX OpenMosix and OpenSSI both derive from the Linux operatingsystem kernel The active development phase of OpenSSI was from 2001 to 2010 andof OpenMosix from 2002 to 2008 following as derivative (fork) on MOSIX from 1999which is still actively maintained today in the form of MOSIX2 and MOSIX4 A referencedeployment of MOSIX runs a private production-level cloud consisting of 11 SSI clustersin particular for computer science life sciences and medical school applications Theclusters combine 205 nodes with an average of 35 active nodes and 200 processorcores

Resource management placement and scheduling with Mesos Apache Mesos imple-ments modified versions of typical application computing frameworks such as HadoopSpark Kafka or Elastic Search When the application submits tasks to be processed theyare placed close to the data without the application having to know the data locationFurthermore Mesos is fault-tolerant and safe in the sense that tasks can be executedas isolated processes using the Linux containers interface It uses ZooKeeper to ensureconsensus among all nodes in the cluster and it offers a web interface to check the clusterstatus

34 Application Management in Clusters

Once a non-SSI cluster its nodes and its resources are managed the applications runningon it need to be managed as well As opposed to an SSI cluster a failure of a node impliesthe failure of one instance of the (parallelised) application and appropriate migrationand restart techniques are required to avoid the propagation of the failure to the userIn this section three application managers for cluster environments will be comparedTheir common aim is easy deployment fault-tolerant and resilient execution of parallelisedsoftware applications

Kubernetes Fleet and Pacemaker Kubernetes is a container cluster manager developedby Google which makes the cluster appear as a single system despite not being anSSI cluster It eases the deployment maintenance and scaling of application partswhich are packaged as executable Docker containers Google uses it behind the GoogleCompute Engine (GCE) but it is also used by other hosting providers includingTecTonic

Fleet extends Systemd a daemon which initialises and supervises application pro-cesses towards multiple nodes in a cluster Again the application is supposed to bepackaged as Docker containers Fleet ensures that a minimum number of container


instances is running across all nodes in the cluster and starts new instances in case ofan application or node failure Fleet uses a configuration daemon called Etcd to ensureconsensus among all nodes and to implement discoverable nodes By placing containerinstances on different nodes and assuming a fault-tolerant load balancer the overallavailability of services offered by the applications is increased

Pacemaker is a cluster manager aiming at high availability of applications Applicationsare replicated onto two or more nodes with activepassive standby functionality oractiveactive failover and a subsequent recovery by application migration Pacemaker isdeveloped by Cluster Labs and used for instance by the German flight safety companyDeutsche Flugsicherung (DFS)

Apart from these complex systems simple tools exist to manage commands on clustersAmong these tools ClusterSSH Ansible and Puppet are popular to replicate installationand configuration instructions to all nodes in the cluster

35 Application Management in Grids

In this section two grid systems will be presented BOINC and OurGrid The criteria whichled to the selection of these two grid systems are recent or ongoing development and publicavailability Thus interested readers are welcome to download the software and connecttheir own computers to an existing grid or even open a new grid for others to join Bothgrids offer computer capacities for various applications

BOINC desktop grid BOINC is a volunteer computing project aimed at contributingcompute resources (ie spare CPU cycles) to scientific projects [28] BOINC is hence alsoa grid platform for scientific projects and HPC developed at the University of Berkeleyfor free distribution licenced under the GPL The availability is offered for the followingoperating systems Windows Linux Mac OS X Android and BSD The BOINC platformprovides an unlimited computing power of up to hundreds of thousands of computersworld-wide coupled via the Internet The cooperation is organised in the form of projectsrunning atop The architecture of BOINC is given in Fig 316 The main components arethe BOINC daemons long-running services which interact with the BOINC clients byexchanging data

Most of the scientific computing grids work to the profit of universities or otherscientific institutions BOINC is a well-known grid around the world due to its combinedstructure client-server (C-S) and peer-to-peer (P2P) The servers distribute the applicationpackages to the clients In general these ldquoclientsrdquo serve the architecture themselves in aP2P topology The client applications calculate intensively (usually 2-40 h per package)and report the solutions to a main structure (the server) Optionally another solution

35 Application Management in Grids 67

Fig 316 BOINC architecture [12] (Sources gclcisudeledu boincberkeleyedu)

for the client receives a verification According to status of 2015 the BOINC gridpossesses [28]

bull Nowadays approximately 250000 persons and 850000 computers (notebooks tabletsand other devices) are involved in a cooperation with BOINC

bull Overall performance of the grid system BOINC 9 PFLOPS (refer Table 34)

Compared to these metrics the performance of some super-computers from the bi-annualglobal top-500 list is as follows

bull Tianhe-2 (ldquoMilky Wayrdquo ldquoSky Riverrdquo China) with 3120000 cores ndash 3386 PFLOPSbull Titan (USA) with 560000 cores ndash 1759 PFLOPSbull Mira (USA) with 786000 cores ndash 858 PFLOPS [25]

Anyone can run the BOINC servers If the server is public the results must be alsopublished to prevent the abuse and misuse An interesting idea is the use of BOINC withincompanies

bull An internal BOINC server distributes in-house applications to the employeesrsquo comput-ers

bull More effectiveness because the desktop systems are usually not enough loadedunchallenged eg usage of Word Outlook CRM in the everyday workflow


Fig 317 BOINC client-server interaction (Sources gclcisudeledu boincberkeleyedu)

The interaction protocol between a client and server (ia PC notebooks tablets smart-phones and other devices) is depicted in Fig 317 The error-free interaction uses fivephases

Top-10 of the most popular projects In cooperation with BOINC a number of piggy-backed projects have been supported The top ten of the most popular projects are asfollows

1 SETIHome ndash Analysis of a series of radio telescope data from space for thepurpose of searching for extra-terrestrial civilisations (Search for Extra TerrestrialIntelligence)

2 EinsteinHome ndash Tests of the hypothesis of Albert Einstein about gravitation wavesand search for radio- and gamma ray pulsars

3 World Community Grid ndash Assistance in the search for medicaments for seriousdiseases such as cancer HIV AIDS the calculation of the 3D structure of proteinsand a lot of other projects (organiser ndash IBM)

4 RosettaHome ndash Calculation of the 3D folding structures of proteins based on theamino acid sequences for the treatment of cancer HIV AIDS Alzheimerrsquos diseaseanthrax (Siberian ulcer) etc

5 MilkyWayHome ndash development of a precise 3D model of the stellar streams in ourgalaxy (Milky Way)

6 Climate Prediction ndash Research and prediction climate on earth7 PrimeGrid ndash Search for diverse prime values8 SIMAPHome ndash Creating a database of proteins for bioinformatics9 CosmologyHome ndash Search for a model which adequately describes our universe

and is consistent with current data in astronomy and particle physics10 Collatz Conjecture ndash Studies in the math specially to test the hypothesis of Lothar

Collatz also known as ldquoproblem 3n + 1rdquo


Legend

Project Back-end

BOINC Components Project specific Components

ProjectScience

DatabaseBOINC Back-end Interface

BOINC DaemonScreen-Saver Engine

BOINC Software

BOINC Manager

ParticipantrsquosComputerScreen-Saver

BOINCDatabase

A BOINCPoweredProject

Participant

ProjectDatabase

Science Application

API

BOINC Server Complex

DataServer(s)

SchedulingServer(s)

Web Server

BOINC Web Pages

Project Web Pages

Fig 318 Advanced BOINC-II architecture [16]

In total more than 40 projects can be chosen by volunteering participants to contributespare compute resources to

Example 311 Malaria Control is a popular project which runs on top of BOINC-II thelatest generation of BOINC Its goal is to gather and analyse information about the Malariadisease

The advanced BOINC-II architecture [16] is depicted in Fig 318 A new BOINC APIseparates screensaver into a standalone program The details of the use of the science


Fig 319 An OurGrid federation with three peers

applications (eg for malariacontrolnet) the BOINC-II specific components as well as ofthe project specific components are discussed in [16]

OurGrid OurGrid developed since 2004 by the Federal University of Campina GrandeBrazil federates networks of connected computers to support the distributed parallelexecution of jobs and tasks in a grid The federation happens with a peer-to-peer topologyusing the Extensible Messaging and Presence Protocol (XMPP) Jobs are executed asJava or system-level virtual machines as sandbox in order to isolate them from each otherand from the software and data on the host computers [5] Each peer in the federation isa network of connected computers consisting of worker and broker nodes The discoverymechanism among all the nodes relies on XMPP as well Jobs are submitted along withscripts executables data and a job description file which outlines the tasks of a job Aunique feature of OurGrid is the implementation of the Network of Favours reputationmechanism to ensure fairness and to avoid freeriders who consume compute resourceswithout contributing them back at some point Figure 319 shows an example of aninstance of OurGrid across three networks of connected computers which may or may notbe clusters

Desktop computers are suitable as workers because the idleness detector prevents aconflict between interactive use and a high load from the submitted jobs Furthermore thesystem has been designed as opportunistic grid so that failures shutdowns and hibernationswill only interrupt the current task execution without affecting the job as the affected taskwill be restarted Hence OurGrid is suitable to be used to offer both opportunistic gridswith many resources and service grids with high quality of service on the same physicalinfrastructure [3] The OurGrid project is now inactive but the software is still functionalfor setting up further instances

36 Distributed Applications 71

36 Distributed Applications

Whereas in grids the infrastructure is distributed but the application itself is merelyconsisting of offloaded job and task units some applications are truly distributed in apeer-to-peer sense or decentralised in a hub-and-spokes model [22] Representatives ofthese two models will be presented in this section

Distributed blockchains hashtrees and cryptocurrencies A blockchain is a poten-tially large file which contains entries (chronologically ordered blocks) whose contentdepends on previous blocks Due to the size it is possible to distribute parts of the fileto different users With cryptographic methods it is possible to ensure consistency and toprevent forgery in older blocks When such a linear structure is not sufficient hashtreespresent similar characteristics but allow for subsuming multiple blocks under one blockand eventually a whole tree of blocks under one common root There are many interestingapplications resulting from such a globally shared data structure For instance securedblockchains are used to record virtual currency transactions leading to cryptocurrencieswith properties like anonymity and traceability of transactions To regulate the valuedistribution in such a currency the blockchain can only be extended after a compute-intensive effort with a certain difficulty The Eq 311 refers to the profitability to advancea distributed blockchain with a given difficulty referred to in Eq 312

profit D revenue costelectricity C costdifficulty (311)

costdifficulty Dmaximum difficulty

current difficulty

232

hashrate(312)

Example 312 Bitcoin is a popular example of a cryptocurrency which is mined from adistributed blockchain Similar to distributed desktop grids the participants donate CPUcycles for a cause In contrast to the grids however the cause is not directly involvinga global problem solving effort or a citizen science effort but rather the race for thequickest solution of an algorithmic problem which lets the blockchain advance At thesame time a fictive virtual currency coin is yielded The value of such a coin depends alot on perception trust and market dynamics In Bitcoin there has been a steady growthat first followed by an unpredictable development At the same time the production costfor mining has increased a lot due to the nature of the blockchain which requires morehardware resources for each subsequent solution Hence already from an energetic pointof view the effort required to advance is not compensated anymore by a potential gainfrom the virtual cryptocurrency coins Figure 320 outlines the profitability graph overtime It shows that the price (green) surged in November 2013 followed by its declineAt the same time the difficulty to mine (red) increased by several orders of magnitude


Jul1

1

Pricedifficulty1000000000Difficulty

Price

Oct

11

0k5k10k

15k

20k

25k

30k

Jan

12A

pr1

2Ju

l12

Oct

12

Jan

13A

pr1

3Ju

l13

Oct

13

Jan

14A

pr1

4Ju

l14

Oct

14

Jan

15A

pr1

5Ju

l15

Oct

15

0 U

SD

0G

200

US

D 1

G

400

US

D 2

0G

600

US

D 3

0G

800

US

D 4

0G

1000

US

D 5

0G

1200

US

D 6

0G

Fig

32

0D

evel

opm

ento

fB

itcoi

npr

ofita

bilit

yov

ertim

e(S

ourc

eco

inpl

orer

com

)


Hence the profitability as quotient of the two converged quickly against zero and whenaccounting for the energy cost is already negative

Example 313 Git is an example of a distributed version control system built atop ahashtree Each Git repository contains a directory structure with files File changes canbe performed independently from each other Once changes are committed they and theirassociated metadata records are cryptographically secured against forgery and tamperingThe Git model leads to high scalability in large collaborative file editing efforts includinglarge software development teams

Decentralised and federated social networks Social networks are one of the mainapplications on the Web and on the Internet today They incorporate communicationpatterns between their participants and add useful or convenient functionality such asvisibility management for events a timeline of events as well as add-on applications Theirappearence is either web-based or through communication protocols LinkedIn Facebookand Twitter are examples of the former category whereas ICQ and similar chat systemsare examples of the former one Their commonality is a centralised hosting so that eachmessage is relayed through a potentially distributed physical set of servers but within onelogical organisation In contrast federated social networks allow any participant to choosebetween joining an existing server or running their own server An examples is Diaspora

Example 314 Diaspora is a web-based federated social network which can be run incentralised decentralised and distributed configurations Users sign up at a server calleda pod and receive an account in the form of loginpod They can add contacts (friends)from the same or from other pods Message posts from all contacts are then aggregatedand shown in the timeline of each respective user A typical aggregated Diaspora timelineis shown in Fig 321 The aggregation function fetches the posts from all connected podsorders them chronologically and caches them to increase the scalability and to decreasethe latency for subsequent timeline retrievals

Collaborative real-time applications Whereas web-based social networks cryptocur-rencies and version control systems work inherently asynchronously so that each user candecide when to update the local state from the (potentially increasingly diverging) globalstate there is also a class of distributed applications which works synchronously in real-time Among the most prominent are scalable chat audio and video conferences

An example for a real-time chat application with extensions for audio and videoconversation is the XMPP A second example if WebRTC a web browser overlay overthe conventional Real-Time Communication (RTC) protocol

Example 315 Users of XMPP servers receive fully-qualified accounts with a login nameand a server name in the form of loginserver This way similar to e-mail the serverscan federate so that users from different servers can communicate with each other


Fig 321 Diaspora timeline with aggregated friend feeds

XMPP defines a core messaging protocol and several extensions for registration binaryattachment transmission VoIP communication and other features The chat protocol isalso known as Jabber and the VoIP protocol as Jingle

Due to the nature of being a communication protocol humans and software applicationscan equally participate in XMPP networks Software components are registered as clientsBy registering their functionality at a discovery service they can also offer servicefunctionality according to the message-oriented architecture paradigm

Example 316 WebRTC negotiates a connection between two users of web browserswith XMPP Jingle as well as the JavaScript Session Establishment Protocol (JSEP) Nocentral server is required for both the negotiation and the subsequent bidirectional datatransmission instead the communication host needs to transmit the dynamically createdendpoint (a URL) to the other participants

37 Conclusions

The scale-up from individual computers to clusters and grids in the past decades thwartsthe ongoing trend towards miniaturisation of computing hardware Nowadays a quad-core mobile phone has a lot more computing power than the original Beowulf cluster with16 nodes and consumes only a fraction of the electric power Still the need for vertical

References 75

performance scale-up remains and through parallelisation becomes a horizontal scale-outoperation into multiple nodes of a system-on-a-board cluster or multiple compute servicesin a grid or cloud With the broad availability of open source software to run private clustersand grids which can be federated with existing public ones supercomputing as well ascomfort computing is now available to every user

References

1 Joel C Adams Jacob Caswell Suzanne J Matthews Charles Peck Elizabeth Shoop and DavidToth Budget Beowulfs A Showcase of Inexpensive Clusters for Teaching PDC In Proceedingsof the 46th ACM Technical Symposium on Computer Science Education (SIGCSE) p 344ndash345Kansas City Missouri USA March 2015

2 F Bonomi R Milito J Zhu and S Addepalli Fog Computing and Its Role in the Internet ofThings CISCO whitepaper 2007

3 Francisco Brasileiro Alexandre Duarte Diego Carvalho Roberto Barbera and Diego Scar-daci An Approach for the Co-existence of Service and Opportunistic Grids The EELA-2Case In Latin-American Grid Workshop Campo Grande Mato Grosso do Sul BrazilOctoberNovember 2008

4 Mario Cannataro Clusters and Grids for Distributed and Parallel Knowledge Discovery InHigh Performance Computing and Networking 8th International Conference (HPCN) Europevolume 1823 of Lecture Notes in Computer Science p 708ndash716 Amsterdam The NetherlandsMay 2000

5 Walfredo Cirne Francisco Brasileiro Nazareno Andrade Lauro Costa Alisson AndradeReynaldo Novaes and Miranda Mowbray Labs of the World Unite Journal of GridComputing 4(3)225ndash246 2006

6 Jeff Dean Designs Lessons and Advice from Building Large Distributed Systems In 3rd ACMSIGOPS International Workshop on Large Scale Distributed Systems and Middleware (LADIS)Big Sky Montana USA October 2009

7 Javier Fabra Sergio Hernaacutendez Joaquiacuten Ezpeleta and Pedro Aacutelvarez Solving the Interoper-ability Problem by Means of a Bus An Experience on the Integration of Grid Cluster and CloudInfrastructures Journal of Grid Computing 12(1)41ndash65 March 2014

8 Bjoumlrn Gmeiner Harald Koumlstler Markus Stuumlrmer and Ulrich Ruumlde Parallel multigrid onhierarchical hybrid grids a performance study on current high performance computing clustersConcurrency and Computation Practice and Experience 26(1)217ndash240 January 2014

9 John L Gustafson Reevaluating Amdahlrsquos Law Communications of the ACM 31(5)532ndash5331988

10 Violeta Holmes and Ibad Kureshi Developing High Performance Computing Resources forTeaching Cluster and Grid Computing Courses In International Conference On ComputationalScience ICCS ndash Computational Science at the Gates of Nature volume 51 of Procedia ComputerScience p 1714ndash1723 Reykjavik Iceland June 2015

11 A H Karp and H P Flatt Measuring Parallel Processor Performance Communications of theACM 33(5)539ndash543 1990

12 Andrew Leaver-Fay Michael Tyka Steven M Lewis Oliver F Lange James ThompsonRon Jacak Kristian Kaufman P Douglas Renfrew Colin A Smith Will Sheffler Ian WDavis Seth Cooper Adrien Treuille Daniel J Mandell Florian Richter Yih-En Andrew BanSarel J Fleishman Jacob E Corn David E Kim Sergey Lyskov Monica Berrondo StuartMentzer Zoran Popovic James J Havranek John Karanicolas Rhiju Das Jens Meiler Tanja


Kortemme Jeffrey J Gray Brian Kuhlman David Baker and Philip Bradley ROSETTA3 anobject-oriented software suite for the simulation and design of macromolecules Methods inenzymology 487545ndash574 2011

13 Linkfeed Vom Sand zum Prozessor online in German httpgumzodepost171 201514 Seyedeh Leili Mirtaheri Ehsan Mousavi Khaneghah Lucio Grandinetti and Mohsen Sharifi

A mathematical model for empowerment of Beowulf clusters for exascale computing InInternational Conference on High Performance Computing amp Simulation (HPCS) p 682ndash687Helsinki Finland July 2013

15 Wolfgang Nagel and Ulf Markwardt High Performance Computing (HPC) at ZIH HPC Sys-tems Technische Universitaumlt Dresden online httptu-dresdendedie_tu_dresdenzentrale_einrichtungenzihhpchochleistungsrechner 2015

16 Christian Ulrik Soslashttrup Nicolas Maire BOINC II Niels Bohr Institute (CopenhagenDenmark)Swiss Tropical and Public Health Institute (Basel Switzerland) 2014 42p

17 Jong Hyuk Park Laurence T Yang and Jinjun Chen Research trends in cloud cluster and gridcomputing Cluster Computing 16(3)335ndash337 2013

18 A I Petrenko The application of grid technologies in science and education NTUU ldquoKPIrdquoKyiv 2008 143 p in Ukrainian

19 A I Petrenko B V Bulakh and V S Khondar Semantic grid technologies for science andeducation NTUU ldquoKPIrdquo Kyiv 2010 178 p in Ukrainian

20 A I Petrenko S Ya Svistunov and G D Kiselev Grid Technologies Practical Course NTUUldquoKPIrdquo Kyiv 2011 448 p in Ukrainian

21 Wolfgang Rehm and Arnd Meyer TU Chemnitz HPC Cluster CLiCCHiC online httpswwwtu-chemnitzdechic 2015

22 Alexander Schill and Thomas Springer Verteilte Systeme ndash Grundlagen und BasistechnologienSpringer-Verlag second edition 2012 433 p in German

23 Volkmar Sieh Performance metrics online httpwww3informatikuni-erlangendeLehreCPUSS2012multiprocessorpdf 2012

24 Larry Smarr and Charles E Catlett Metacomputing Communications of the ACM 35(6)44ndash52June 1992

25 Erich Strohmaier Jack Dongarra Horst Simon and Martin Meuer The 45th TOP500 Listonline httpwwwtop500orglists June 2015

26 Andrew S Tanenbaum and David J Wetherall Computernetzwerke Pearson Studium fifthedition 2012 1040 p in German

27 R van Kranenburg The Internet of Things A critique of ambient technology and the all-seeingnetwork of RFID Pijnacker Telstar Media 2008 62 p

28 Aacutedaacutem Visegraacutedi Joacutezsef Kovaacutecs and Peter Kacsuk Efficient extension of gLite VOs with BOINCbased desktop grids 2014

4Cloud Computing Virtualisation Storageand Networking

Keywords

Service models bull Internet of Services (IoS) bull Software-as-a-Service (SaaS) bullInfrastructure-as-a-Service (IaaS) bull Platform-as-a-Service (PaaS) bull Virtualisa-tion bull Software-Defined Networking (SDN) bull Security and availability bull Cloudbackup and backup clouds bull Redundant Array of Independent Clouds (RAIC) ndashstripes and parity based dispersion bull Virtual Telecommunication Engineering Offices(VTEO) bull Mobile cloud access bull Network and online storage integration

In recent years networking technologies obtained large success regarding to data rate(WDM MPLS 10GbE) mobility (HSDPA LTE in mid-term 5G) universality andaccessibility of computing services [8] The pervasiveness of services helped to make theIoS become reality and practically accessible for multiple users and appliances Amongthe most prominent service classes in the IoS are Cloud Computing services which aredelivered to their users on demand through desktop mobile and web applications as wellas other forms of user interfaces Modern Internet connections with high bandwidth andlow latency allow a global-scale delivery and complement with attractive (mobile) servicesin the same way and Quality of Service (QoS) the services which have been mostlythe domain of local networks such as corporate e-mail or scientific compute grids Thediscussed information technology paradigm for serving resources and applications to thinclients represented frequently via only low-performance appliances and devices is calledcloud computing [818] As one of the most important IoS forms we will discuss below thebasic cloud computing technologies in the first section The subsequent sections will thenpresent details about virtualised compute networking and storage services which togetherform the core set of resource services available through cloud infrastructure services


77

78 4 Cloud Computing Virtualisation Storage and Networking

41 Clouds Technology Stack Basic Models and Services

Floating in the clouds From a service consumer perspective cloud computing offersmany advantages Many of the offered products and services cater to the traditional desireof users to get anything (information resource and application services as well as products)with a snip of their fingers Many users would like to float in the clouds figurativelymany of them with a cellular smartphone and get anything on demand without delay andwithout cumbersome registration and payment processes (Fig 41)

There are many statistics about how prevalent cloud services a subset of these on-demand services are Certainly a large majority of users is unaware about whethera functionality is completely contained within a device or either aided or completelyprovided by external services Estimations exist about the habits of users

bull 99 of all emailsbull 25 of all notesbull 33 of appointmentsbull all images in social networksbull all online storages

Fig 41 Anything serviced on demand from the clouds

41 Clouds Technology Stack Basic Models and Services 79

Fig 42 Cloud architecture (own representation HPNW denotes High-Performance Network)

These ratios are driven by online services in particular SaaS but also ndash in particular forstorage ndash IaaS

A general architecture and overview for cloud services is given via Fig 42 This holisticarchitecture extends beyond the scope of a single service provider but also omits detailssuch as multi-site replication of services

Cloud computing can thus be defined to be the on-demand and pay-per-use applicationof virtualised IT services over the Internet or within the IoS The key features of cloudcomputing based on the National Institute of Standards and Technology USA (NIST)definitions [8 24] are as follows

bull on-demand self-service with instant delivery on requestbull broadband network access (multimodal all-in-IP)bull resource pooling and rapid elasticitybull measured and optimised service for reliable QoS guaranteesbull service-oriented Internet (Service-Oriented Architecture (SOA) IoS)bull Everything-as-a-Service (XaaS) also represented in Fig 43


Fig 43 Cloud computing as a pyramid model based on NIST

Fig 44 Difference between hybrid public and private clouds

Public cloud computing platforms are run by commercial providers and by researchorganisations and to a lesser degree by individuals for instance volunteers in self-organised communities Furthermore private and hybrid cloud environments are runwithin company and institution departments Prominent examples of commercial cloudcomputing platforms are as follows Amazon Web Services Oracle Cloud WindowsAzure IBM Softlayer and BlueMix Google Cloud Platform The common organisationtypes of clouds are given below (Fig 44)

The difference between public hybrid and private clouds is presented in greater detailin Table 41

Clouds as new information technology foundation In cloud environments access tocomputing resources (compute storage and network) is performed with the aid of basic


Table 41 Hybrid public and private clouds

Private cloud Public cloud

Customer-specific operated by the cus-tomer cloud environment

Owned by an IT service located and oper-ated by this cloud environment

Access limited (customer himself autho-rised business partners)

Access via Internet

Access via Intranet Flexible and easy use by subscription

Hybrid Cloud

Combined Private and Public Cloud

web services most often based on the Hyper-Text Transport Protocol (HTTP) [19]Three general service classes are typically subsumed when talking about cloud computingSaaS is the simplest model with interfaces supporting service-oriented applications whichprovide access to functionality and data delivered through the cloud as frontend PaaSis used for offering to developers an integrated environment for development andortesting of applications as testbed The model IaaS is applied for offering virtualisedresource services in remote computing and networking structures inter alia due to use ofthe remote servers Storage-Area Network (SAN)Network-Attached Storage (NAS)virtual machines and switching equipment The set of functions available through thesecloud services are provided for thin client access to the virtualised resources and multi-tenant hosted applications with non-transparent internal structure The aims are diverseand include high performance of certain routines resources and time-consuming tasks aconsolidation andor partitioning of available physical resources as well as integration ofdesktop mobile and web applications for enterprise informational systems in scenarios ofEnterprise Application Integration (EAI) [36] Load balancing and function distributionbetween cloud computing and conventional IT management are depicted in Table 42 Theproviders of these services within the wider IoS offer to their end-users multiple attractiveservices on different hierarchical levels The table depicts the representation which hasbeen established in accepted best practices documents of important industry players

The purpose of the creation and maintenance of different service-oriented applicationsis to deliver easy-to-use standardised Application Programming Interface (API) end-points for multiple target platforms Frequently the internal structure of a cloud staysnon-transparent for the end-users [28] The users are forced to outcrop from the full-trustposition to their own cloud provider or even to multiple cloud providers [20] It requiressometimes a complicated handling of Service Level Agreement (SLA) and responsibilityprinciples of interested sites [12] because in the general case the providers have to operatein an international context with different business regulations In fact they underlay todifferent legislatures in different countries Moreover they can be hierarchically organisedand be dependent on further international providers Therefore even by careful creationdeployment and maintenance of cloud services a lot of problems of multilateral data


Table 42 Load balancing and functionality distribution between cloud computing and conven-tional IT (Representation by Microsoft)

Conventional IT IaaS PaaS SaaS

Applications + + Applications

Data + + Data

Runtime + Runtime Runtime

Middleware + Middleware Middleware

Web Services + Web Services Web Services

OS OS OS OS

Virtual Resources Virtual Resources Virtual Resources Virtual Resources

Server Server Server Server

Storage Storage Storage Storage

Network Network Network Network

+ For self-responsibility

Delivered from the cloud

security remain unsettled This factor limits in a certain kind of way the deployment rateand therefore also the advancement of the discussed new IT paradigm

Use of service technologies As cloud computing is essentially a set of service modelsmany of its issues can be understood when looking at how services are used and howcloud applications adhere to a SOA Such an architecture realised with web services inpractice (Fig 45) possesses the following benefitial advantages Web services offer loosecoupling and well-defined interfaces a good basis for EAI and application integrationacross organisational boundaries Furthermore they use open standards for protocols(eg HTTP) and content (eg XML or JSON) for which many development testing andusage tools exist so that new services can be consumed rapidly Using HTTP makes iteasy to produce and consume services according to the Representational State Transfer(REST) paradigm even though other protocols are also widespread Nevertheless thereare also weaknesses in service architectures which limit the full realisation of the cloudcomputing visions

1 Offering and consuming services dynamically asks for a service registry which servesas basis for selecting brokering and negotiating the terms of use The description ofservices within these registries is effort-intensive So far none of the effort distributions(by the broker by the providers by the crowd) has yielded a stable and completeregistry on a global scale

2 On a practical level an important complication is the configuration of security aspectsin deployed services Authentication authorisation access control and encryption arenecessary when leaving a closed trusted zone [5]


Fig 45 SOAweb services basic architecture

3 The non-functional properties of services in particular QoS attributes need to bethoroughly defined and cross-checked at runtime As these specifications for m the basisof SLA documents a high-quality specification (ie high metaquality) inside servicedescriptions and a supporting environment with monitoring and adaptation support is anecessity

Some of the outlined problems can be solved or at least reduced with elaboratedextended web service specifications so-called RESTful services fully exploiting the HTTPspecification microservices and WS- The extended WS- use the basic components(Fig 45) and allow the creation of efficient service-oriented applications in various serviceenvironments including the web and in particular the ldquoSemantic Webrdquo The followingintegrated technologies and specifications are representatives for improvements [17 37]

1 Reliability via WS-Addressing WS-Reliability WS-Message Delivery2 Messaging via WS-Eventing WS-Notification3 Security via WS-Security WS-Trust WS-Privacy WS-Federation SAML (Security

Assertion Markup Language)4 Transaction Co-ordination Context via WS-Transactions WS-CAF (Composite

Application Framework)5 Semantic Features via OWL-S (Web Ontology Language for Web Services)

The extensions and their relations and layered placement are depicted in Fig 46 Basedon the REST model (Fig 47) the performance and scalability of services can be increasedby relying on an underlying HTTP server infrastructure These servers are typicallyhighly optimised and take care of caching streaming and other convenience functionalityRESTful web services act in some measure as an antagonism regarding to Simple Object


Fig 46 Extensions WS- and alternatives

Fig 47 Representational state transfer method

Access Protocol (SOAP) and XML-RPC for which dedicated less common and lessoptimised server and client implementations need to be used

Such web services themselves and based on them further service-oriented and service-bound applications can be described according to the mentioned architectural style usingonly URIs as endpoint identifiers a contentresource model associated to each URI andHTTP in version 11 or 20 as interaction protocol The distinguishing features are asfollows asynchronous temporary character no RPC direct requests on resources anddocuments (URI) use of a generic interface standard semantics and stateless commu-nication protocol RESTful web services contain and convey the necessary context bythemselves and are operated only via simple methods (GET PUT POST DELETE) Suchsparingness leads to more consistency by the use of established standards On the otherhand a scalable a-priori analysis of the service features by description document analysisis not possible in this model Modern service description languages like Linked USDLand Swagger attempt to fill this gap Contemporary SOA concepts are mostly focused onEAI and B2B surroundings However the mapping of business processes (respectively


for VTEO) as well as service orchestration and composition (eg via BPEL4WS) is stillinelastic and associated with higher developer-side complexity Therefore elaboration ofnew concepts is an imperative The concepts have to include not only new marketableideas eg like VTEO but also the analysis of costs and benefits [21]

Delegation of network functionality to cloud providers The functionality of a cloudis to deliver services by accessing the virtualised resources whose internal structure isunknown to the users providing certain common operations resource-intensive tasksconsolidation and distribution of resources and integration of applications in IT systemsof companies [23] Providers within an IoS deliver the services at different hierarchicallevels The functionality of the computers and further interaction devices as thin clients ofend users in the cloud is limited to providing a graphical or multi-modal interface (servicefrontend) caching the data selection of and access to external network services We seea resurrection of this host-node computing model in the increased use of consumption-oriented notebooks netbooks smartphones tablets and smart watches Access to networkresources can be provided by using the standardised web service protocols ExtensibleMessaging and Presence Protocol (XMPP) and SOAP including a range of extensionsto both for permanent sessions and request-response models respectively Access tothese resources can be also ensured via RESTful methods a session-less paradigm whichtransfers state by modifying resources on the server The processing and archiving tasksdatabase querying calling and encapsulation of further internal function calls are delegatedto the cloud provider There are closed (private) public and hybrid clouds which includefile servers databases archiving backup systems high-performance computers computergrids and multi-processor clusters Peer-to-peer clouds are not yet widely used but theyare considered as a future trend in research in particular for trustworthy mutual backupmainly driven by the exploded count of personal mobile devices SLA between cloudproviders and end users guarantee a certain QoS and aim to achieve a high level ofusersrsquo satisfaction called Quality of Experience (QoE) Cloud computing provides thefollowing functionality outsourcing of IT infrastructure to the cloud provider which maybe less expensive than maintaining a private one hosting of services saving costs foradministration and maintaining the IT infrastructure outsourcing of data archives andapplications (mail servers file servers databases backup services etc) cost-saving byusing high-performance computer clustergrids as a service

The main cloud models given by the NIST and Microsoft definitions have already beenpresented in Fig 43 They should be explained in greater detail and with examples SaaSis the model which directly appeals to end user It encompasses service-oriented webmobile or desktop applications (including virtual desktops) but also purely programmaticapplication and data services providing the access to resources in the cloud via thesediverse frontends PaaS provides an integrated platform for developing and testing webapplications (testbed) and eventually running them on a service platform with dynamicfeedback for the continuous development and advancement IaaS provides services ofvirtual networks by using remote servers systems of networked hard disc drives Virtual


Machine (VM) with network management exploiting the SNMP protocol and upcomingOCCI interfaces The IaaS layer can be further subdivided into compute storage andcommunication resources

Example 41 CloudFoundry OpenShift and Bluemix are popular commercial PaaSplatforms There are very few non-commercial ones but there are a few prototypicalplatforms resulting from research projects including SPACE and FIWARE which mayinfluence future production platforms Vamp is an advanced PaaS server for complexservices whose implementation consists of orchestrated inter-dependent containers

Communication is an implicit prerequisite for compute and storage services so that theycan be used over the network For cloud backup systems the main interest is in storageresources which are accessed through network resources In practice these resources arenot universally described When creating commissioning and maintaining cloud servicesa lot of questions of IT security still remain open limiting the further spread of cloudtechnology This could be addressed by the creation of a non-profit cloud security allianceaiming to collect the best practices of effectiveness legal compliance and IT securityResearchers already started an outreach into this direction through surveys [1222] Theseabstract challenges shall now be demonstrated with examples from a selection of countrieswith a varying level of development and cloud adoption rates With regards to cloudcomputing legal acts of Ukraine regulate in general the operations in the area of IT securityand related fields (intellectual property telecommunications cyber-crime television) [6]They can be evaluated as systematic and complete regulation thanks to the considerationof existing international best practices One current scientific task is the optimisation ofthe service characteristics of these providers regarding QoS and QoE Great importanceis given to the uptake of mobile services based on LTE4G as well as future 5G networkswith access through modern mobile devices running on iOS Windows Phone 8 or AndroidOS and the newer challengers FirefoxOS Ubuntu Phone and Sailfish all equipped withweb browsers and personal data vaults The development of these technologies is widelysupported by governments of developed countries since it allows a significant resourcesaving but requires coordination of providers in areas of efficiency legal issues andIT security of clouds Hence for designing optimal cloud systems the non-functionalproperties of the physical hardware the network connections and the client integrationaround the software and services need to be considered and evaluated

Figure 48 highlights the relation between layered components of a cloud stackarchitecture and the resulting services which are offered for all of the layers

Cloud quality criteria It becomes evident that due to the high number of ofteninterchangeable services only through non-functional properties an automated distinctionbecomes possible These properties encompass primarily the quality (what do I get) andprice (what do I pay) properties The main quality criteria for cloud services are asfollows


Fig 48 Context between cloud components and cloud services

bull Measurable QoS including execution performance response time and availabilitybull Comfort in use relating to the QoEbull Control by usersbull Reliability and data securitybull Price (per unit of data and time)

In Fig 49 a comparison of comfort vs control for certain well-known systems has beendone The evaluation was realised for the following systems Yahoo Facebook AmazonEC2 Salesforcecom Dropbox Google Docs in the organisation types of clouds hybridpublic and private

Hence to summarise while the consumption of cloud services is highly attractive itbrings along its own set of difficulties disadvantages and weaknesses in addition to theones inherent to general services

1 Performance and convenience of offered clouds are questionable and require actual useto find out

2 Lock-in to single vendors and cloud providers worsened by asymmetric pricing modelie uploading data is cheaper than downloading

3 Cloud providersrsquo creditworthiness trustworthiness and reputation4 Reliability issues or even total failure of providers (a provider can disappear from

horizon eg from economic legal or political reasons)5 Risks of temporary or permanent data losses or even leaks by providers


Fig 49 Function comparison comfort vs control for certain well-known systems [11]

A concept of cloud-based virtual telecommunication office Among other trends thedevelopment of a modern VTEO based on SOA hosted in and delivered by a cloud isone of the up-to-date tasks and very profitable business niches We would like to dealwith a mentioned VTEO concept and certain significant examples and use cases [16]The world economics is widely characterised nowadays by the stable trends that thelarge and mid-range companies and authorities let in ever greater extent to outsource ownengineering services via external smaller service providers A concept for a modern virtualtelecommunication engineering office under use of SOA and cloud computing technologieshas been offered Multiple use cases for virtual telecommunication engineering office havebeen discussed As a significant example the CANDY Framework and Online Platformhave been examined The important development trends for the CAD for network planningregarding to the tool integration and effective access optimisation have been discussedThe CANDY system has been represented as an exhibit at CeBIT 2007 2008 2011 inHannover

The discussed service providers are as a rule independent highly-specialised engineer-ing offices acting with high-performance networks (VTEO) with relatively few employeesBut the mentioned VTEO systems can only survive in the long term if they provide theirservices at reasonable costs at the shortest time and on the highest quality level Letus refer to the offered services as Virtual Project Processing Examples of VirtualisedProcesses (VP) and the corresponding tasks circles can be formulated very largely Thereare inter alia the following tasks and processes electro-technical calculations chip andelectronic circuit design judiciary documents preparation statics computing for civil crafttax return bill preparation etc Accordingly the following specific requirements on suchVTEO systems have to be discussed in this section per client order (performed project)can be obtained a relatively high profit however its processing time is usually limited


simultaneous processing of multiple projects in various steps of preparedness cooperation(via discussions and document exchanges) with several groups of clients delegationif necessary of the project steps (subtasks) to the partner agencies (ie subordinatedVTEO instances) participation of several specialists at each project efficient projectmanagement necessity of the exact project documentations at each processing steppermanent improvement of company Permanent improvement of companyrsquos know-howcan be effected via problem discussions successful qualifications and renewal training ofthe staff efficient knowledge storage reuse of project results in the subsequent projectsNowadays the current situation in most usual engineering offices is contradictive andcan be formulated as follows There is a highly qualified staff but also a very expensivestaff training use of modern CAD techniques (Computer-Aided Design) for individualengineering works (projects) but some inefficient cooperation of the participants hightime extensity and labor efforts for contacts to the client and partner companies

It is therefore an important scientific-technical problem to make the discussed tech-nologies available for VTEO With SOA (web services) and cloud computing techniques(private and hybrid clouds) aimed at an implementation of available services and providingaccess means are two indispensable components of the examined VTEO concept The mostacceptable models of the inter-operability scheme VTEO-2-Clouds are SaaS and PaaSFirst the VTEO must choose which kind of engineering services can be offered for therespective types of the projects and define for each an exact workflow of the project stepswith the subordinated tasks and the associated qualification requirements (specialist roles)At least one qualified employee has to be dedicated for each role For the individual worksthe high-quality CAD tools are to be provided as well as a powerful project managementsystem additionally for the project organisation aims It is important to provide that allproject documents are concurrently available for all the participants (specialists partnersclients) and they can efficiently communicate inter alia Furthermore the retrieving andon-demand offering the inter-operability of the most important project documents is tobe supported This requires specific document formats for each step of a project thatcan be processed in the subsequent steps without any further manual transformation Thediscussed concept of a VTEO is very helpful to meet the above mentioned requirementsThe resource requirements for such virtual engineering office move can be assumed tobe in the acceptable middle ranges (quantity of project employees amount of retrievedproject data) For general communication and collaboration means classical services canbe used (e-mail SSH Skype videoconferencing) The document management must becompletely centralised and web-driven For the access WWW techniques have to be usedpreferably (document preparation and supply per standard formats like HTML and PDF)For any special project data the appropriate XML-based professional problem-orientedlanguages are to be additionally developed with the associated XSDXSL (XML SchemaDefinitioneXtensible Stylesheet Language) The project workflow management is themost important part of the discussed virtual engineering offices But the majority of thecommercially available systems are anyway too complex for direct use Leaner solutionsare therefore preferable Such workflow management solutions are usually based on Gantt


Fig 410 Project step 1 tasks 1ndash5 example execution period 1003 ndash 19032015 A typicalrepresentation of a workflow via Gantt diagram

diagrams (Fig 410) For each workflow step in a project there are the different processtypes Over and above that the following classification of process types for a VTEO canbe deployed automated with a simple communication scheme (without human assistanceand eg under support of sparing stateless protocol REST) half-automated with use ofcomplex stateful protocols with commits (under participation of specialists and dedicatedpersonal as well as under support of classical stateful SOAP over HTTP or other carrierprotocols) completely manual (expensive and very complex)

Purely human works (like eg granting of permission) have to be organised viathe WWW using web services web sites or mobile (web) applications Use of theworkflow management system is to provide the necessary download-functionality for inputdocuments and correspondingly after completion of the works (execution of businessprocess logic) the necessary upload functionality of the required resulting documents bythe responsible project employee to the centralised document management system Theworks with the CAD tools like eg ArchiCAD are to understand as defined above asthe purely manual works It is particularly efficient if the VTEO can offer a processingsupport also via a central platform This can be realised especially efficient on AJAXbased techniques The user activities are executed within the standard WWW browsersthe business logic processing follows at the server site eg via activation of certainspecialised scripts The resulting documents will be stored automatically and project-specific at the server site The specific workflow-centric management for a VTEO mustbe defined under use of the following principles and requirements to the process elementsand their synchronisation a workflow is combined from a sequence of design stepseach step consists of one process (task) or multiple parallel processes each processpossesses a status eg (ready (yn) result (+-)) each process uses andor producesinputoutput documents a process is either an atomic process or a workflow by itself


The next important aspect is a type of billing and a payment method (accounting in aVTEO) There are different possible systems between the simplest blanket (all-in-one)accounting of delivered services to differentiated complexes prices depending on dataamounts manual efforts tasks dimensions and computational complexity With the simpleVTEO accounting forms SSL method or alternatively XML security find favor SETmethod can be recommended for differentiated complexes prices schemes The discussedissues are illustrated sufficiently in the next sections of the given work on the example ofa VTEO (a fictive service provider) for a design of combined network structures

Conclusions and research fields regarding the clouds The most important tasksoriented at the elaboration of the advanced clouds that are free of the above-mentioneddisadvantages can be listed [13] They are grouped into three groups

bull Cloud adaption and optimisationbull Strategies for the compensation of SLA violationsbull Strategies for minimisation of energy consumptionbull Mechanisms for the visualisation of complex cloud monitoring databull Deployment of RAIC with cockpit features at the customer sidebull Fine-grained SLAbull Methods to determine fine-grained properties of cloud servicesbull Identification of assets and corresponding requirementsbull Deduction of monitoring targets from SLAbull Cloud surveillance and incident detectionbull Specification of monitoring targets and SLA violationsbull Models for the proactive recognition of SLA violations and the evaluation of a cloudrsquos

energy efficiencybull Mechanisms for reliable distributed monitoringbull Dynamic provider selection and cloud setupbull Flexible distribution mechanisms for cloud platformsbull Strategies for the performance optimisation of cloud applicationsbull Reputation consideration to improve reliability and trustworthiness

An example of an advanced cloud technology with transparent encryption is illustrated viaFig 411 The features of the transparent encryption are as follows

bull Safe hybrid access D public C privatebull Efficient cryptosystems AES RSA MDMACbull Analysis of structured and unstructured databull Document classification and codecs demarcationbull User authentication and key distributionbull PKI deployment with the certificates (X509Kerberos)


Fig 411 MD ndash Message Digest MAC ndash Message Identification Code AES ndash Advanced Encryp-tion Standard RSA ndash Rivest Shamir and Adleman Encryption PKI ndash Public Key Infrastructure(X509 Kerberos) Secured cloud with own controller [11]

42 Virtualisation of Services and Resources

Nowadays a virtualisation of services and resources is required due to the heterogeneoushardware and applications landscape and the increasing overcapacity in single devices(Figs 412 and 413) Virtualisation methods became wide-spread since 1990 and offernow a necessary entry or preliminary stage to the modern clouds

The statistics 2014ndash2015 demonstrated an approximated distribution for landscapediversity of applications and apps (Fig 413) Among them are regular desktop appli-cations SaaS (thin) clients within clouds mobile applictions as well as usual webapplications under a variety of operating systems

A classification system examples as well as advantages and disadvantages arediscussed below A useful classification of virtualisation methods is given in Fig 414Certain of the listed methods for the virtualisation of services and resources can be orderedto different classification criteria (hardware software applications server containernetwork) as well as the evolving SDN

The basic virtualisation unit for compute resources is the so-called VM which offersa single service a complete operating system or an application Efficient deployment andmigration of VM is controlled with different methods The most important of them are OScontainers hypervisors and VMMs (VM monitors) A layered architecture with 3ndash5 layers(HW OPS virtualisation layer etc) is a typical construct The comparison between OScontainers hypervisors and VMMs is given in Fig 415

A typical solution for UNIX-like operating systems is so-called spartan BSD jailswhich exist in similar form on Linux (chroot) and on Solaris (zones) They are practicallydedicated to a single specific application but in principle allow a complete interactive

42 Virtualisation of Services and Resources 93

Fig 412 Motivation heterogeneous hardware

Fig 413 Motivation heterogeneous applications landscape

session with sub-processes The disadvantage of the jails is located in their near-absoluteisolation Citrix-based solutions offer a mostly comfortable virtualisation concept withmonitoring of VM without host OS as additional layer of virtualisation [2] The Hypervisoracts as a meta-OS VMware products use as a rule a VMM pure to control VM which aredeployed over the host OS Hypervisors and VMMs offer a lot of advantages in comparisonto the containers except the highly-secured runtime environment An example would be asandboxing container within a mobile OS with foreclosed apps under reputation codeand antivirus control The mostly used types of hypervisors are depicted in Fig 416A frequent use case is the virtualisation of previously dedicated hardware servers for ratherlight-weight functionality (e-mail domain file storage or backup)


Fig 414 HW ndash hardware OS ndash Operating System NW ndash network VM VMM ndash VM-MonitorSDN ndash Software-Defined Networking Classification of virtualisation methods (Own review)

Fig 415 Classification of virtualisation methods


Fig 416 Certain types of hypervisors

Fig 417 An example of virtualisation

Example 42 In Fig 417 an example herewith is depicted The specified VM and VMMsenable a flexible and efficient solution for web presentation consumer portal as well aslegacy software

bull each VM is an independent isolated from other VM platform for any guest OSbull VM can behave as it would possess the host computer alone (but insignificant

slowdown)bull in the desktop area mainly tests or simulation environments were performedbull VMM concept is widely used to increase the utilisation and availability of servers and

reduce the costs (procurement maintenance personal power HVAC) as well as ROI


Fig 418 VMware layered architecture own review based on IBH Dresden Professional IT-Services (Source ibhde)

Fig 419 VMware Horizon Suite product features

The major products on the market offer a complex layered architecture like in Fig 418The depicted architecture is typical for VMware products

Many virtualisation solutions offer a central management console to orchestrate alltasks The product features for VMware Horizon Suite are given below (refer Fig 419)


Fig 420 The Citrix products on BYOD

A Citrix platform for mobile collaborators as well as flexible mobilewireless platformfor the known BYOD problematics (ldquoBring Your Own Devicerdquo) with application virtuali-sation concepts is depicted in Fig 420

Example 43 A company with a heterogeneous computing environments is about tovirtualise their IT hardware How is the data exchange between such heterogeneouscomputer systems realised In a company network with 30 computers there are 3 differentarchitectures (Fig 421)

(a) How many importexport routines must be programmed and installed for interoper-ability (understanding) between all systems is possible (b) What changes occur whenanother 31st computer with novel system architecture is integrated into the network(c) What are the advantages and disadvantages compared to (b) as a result if thevirtualisation concepts are used

Virtualisation advantages from a business perspective Virtualisation is not only atechnical method On a strategic or financial level if when and how to virtualise is animportant decision process There are the following virtualisation advantages from pointof view of a company

1 Different virtualisation techniques are used for the areas like banking e-commercecivic craft financing assurances building society savings and trust companies Theyare a preliminary stage for cloud computing

2 The significant advantage of resource virtualisation is significant for CAPEX andOPEX (cost reduction) for SMEs and large companies


Fig 421 Heterogeneous environments with virtualisation in a company

3 The large financial institutions obtained virtualisation solutions which displace allbefore processed transactions and applicationsrsquo infrastructures under use of sole serversand old mainframes

4 Virtualisation allows the operation of several available VM on a host5 Virtual servers provide virtual OS and runtime environments using VM in order to

maintain existing software (legacy systems) and allow use of mobile apps6 Virtualisation retains the heterogeneity of the network (SDN) and runtime environments

and hides from diversity of implementation details and restrictions in common OS andsoftware

7 Virtual servers can increase efficiency of operational IT infrastructure their utilisationand availability

8 Advanced EAI and B2B for corporate applications as well as for inter-company systemsby EDI and e-business (middleware SOA)

Example 44 What is VMware virtualisation today The distinguishing features of thisvirtualisation product are as follows (Fig 422)

bull Virtualised guest OS Windows Linux Mac OS X Chrome OS and othersbull Secure data access and deployment of apps and databull Work from anywhere deploy and migrate VMbull Optimise the network traffic backup and VM snapshotsbull Secure surfing within the clouds


Fig 422 VMware What is the virtualisation with VMware nowadays

More recently virtualisation of individual compute resources has evolved into an inte-grated data centre concept A software-defined data centre offers the following advan-tages

bull agilitybull controlbull efficiencybull freedom of choice

Virtualisation and cloud stacks can be run in co-operation as shown in the example withVMware RSA Security EMC2 and OpenStack

bull Public private cloudsbull United managementbull VIO concept VMware OpenStack (Fig 423)

Virtualisation with VMware implies the following

bull VMWare Data Protectionbull VMWare VSAN Architecturebull VC = VCenter Server v60 (Table 43)

The advantages are as follows

bull proactive IT availabilitybull innovation and dynamics


Fig 423 VMware architecture

Table 43 Properties ofVCenter Server v60

Structure units Windows Linux

Hosts per VC 1000 1000

VM per VC 10000 10000

Hosts per Cluster 64 64

VM per Cluster 6000 6000

bull security and mobilitybull market chances by know-how insufficiency or limited resourcesbull attractive costsbull no fragmented datacomputing centersbull growth in equipment

An example with the dedicated hardware for VMware

bull EVO RAILbull Hyper-convergedbull Infrastructurebull Appliance


Proactive IT What does it mean to manage proactive IT via VMware

bull fast developmentbull providing of all applicationsbull optimised for each end devicebull Data center virtualisation and hybrid cloud extensibilitybull Native security controls in the infrastructurebull Optimised and automated data center operationbull Automation of infrastructure and application deploymentbull High availability and stable infrastructure

Each application everywhere is one of the mantras of virtualisation product vendorsFurther mantras are open management and united platform These slogans will be outlinedbriefly now The everywhere mantra leads to the development deployment and executionof convenient and modern applications The open management refers to the flexibilityto manage cloud infrastructure and applications Finally the united platform connectsinternal and external clouds with a common software-defined data centre platform basedon virtualisation concepts In the case of VMware the vendor calls the solution a hyper-converged infrastructure

Not only compute resources but also storage resources benefit from virtuali-sation concepts The VMWare mixed backup is based on the rotatory principle(Fig 424)

bull Full Backupbull Incremental Backupbull Synthetic Backup

The VMware cloud platform thus combines the following characteristics

bull management of all public cloudsbull VMware vRealize Suite for management of multiple public and private clouds (cloud

cockpit)bull optimisation of OpenStackbull VMware Integrated OpenStack (VIO) for the flexible and reliable entrance in the

OpenStack cloud of enterprise classbull integration in container toolsbull aimed at fast development and supply of new native cloud applications

VMware vCloud Air is an add-on product for virtalised desktops which provides thefollowing vitalisation startup help


Fig 424 VMware mixed backup

bull desktops hosted in the cloud and available on demandbull increased user productivity and optimised IT operationsbull extension of existing applicationsbull 100 compatible the same security high availabilitybull web and mobile applicationsbull faster development of web and mobile applicationsbull vCloud Air development testbull 100 compatible lower cost broad OS support high availabilitybull disaster recoverybull simple cost-effective failover and restore

Example 45 The company Veeam has been founded in 2006 in Switzerland possesses2000 collaborators and serves 170000 users The hybrid virtualisation platform of Veeamis based on the software from Citrix VMware and Microsoft Hyper-V [7] The productsfor the hybrid virtualisation platform of Veeam are as follows (Fig 425)

bull ONEbull management pack


Fig 425 Hybrid virtualisation platform with Veeam

bull backup amp replicationbull explorer for storage snapshots

The architecture of the Veeam backup storage integration is shown in Fig 426 Thefollowing storages and products can be used HP StoreOnceCatalyst Support EMCDataDomainBoost VM Backup-File Chain HP StoreVirtual 3PAR NetApp ONTAP aswell EMC The essential advantages of this platform include the ability to support analways-on business ad-hoc restores of virtual machines as well as automated verificationof the state of virtualised applications Virtual machines can be instantiated and activatedquickly from both ISO images and snapshots from previous execution runs

The procedure of efficient backup based on snapshots with Veeam is depicted inFig 427 The creation of snapshots by Veeam for the backup is up to 15 times fasterthan the pure backup The Veeam Explorer for storage snapshots provides the backup ofthe following data items either all VMs completely or only guest files or all directoriesor specific folders of applications such as Sharepoint and Exchange folders

A mixed backup (consisting of differential + incremental runs) is provided Theexperimental 3-2-1-0 rule is valid in this case It refers to 3 media types for retrieving2 diverse backups 1 always available and 0 problems with it


Fig 426 Backup storage integration with Veeam

Fig 427 Efficient backup of snapshots with Veeam

An example of backup frequencies for the following 4 years is depicted in Fig 428It differentiates weekly (4) monthly (12) and yearly (3) cartridges The standard LTO-Ultrium streamers and band cartridges can be used with Veeam in such scenarios

43 SDN ndash Software-Defined Networking 105

Fig 428 Example of backup frequencies wit Veeam

43 SDN ndash Software-Defined Networking

Virtualisation of network resources and software-defined networking Software-configured or defined networks are called SDN This term expresses a virtualised layerednetwork for data transmission in which the management plane of the network is separatedfrom the data transfer devices and has to be implemented programmatically SDN is oneof the known forms of virtualisation of computing and networking resources includingnetwork services and applications Its origins are in the backbone networks of telecomoperators but some of the mechanisms are now appearing for centralised configurationof multiple consumer devices as well The basic principles of future SDN developmentand deployment have been formulated in 2005ndash2006 by researchers from Berkeley andStanford universities even though the topic gained prominence quickly by heavy industryinvolvement

SDN motivation The main problem in the modern and very performant physicalnetworks is as follows

1 The traditional physical networks are heterogeneous too static for modern businessapplications and cloud services

2 Deployment virtualisation technologies are required3 Nowadays the applications are distributed between multiple VM that communicate

intensively With the goal to optimise workload of the servers VM instances oftenmigrate and hence change the ldquobinding pointsrdquo for the network traffic

4 Conventional addressing schemes logical dividing into VLANs and the appointmentof traffic rules in such dynamic environments become very ineffective


Fig 429 (a) No virtualisation (b) SDN general architecture Motivation to software-definednetworking

5 As networking protocols evolve the firmware on networking equipment such asswitches and routers needs dynamic updates in a controlled and consistent manner tothe extent that it must be completely implemented in software

SDN solution approach SDN can be classified as the part of the network virtualisationSDN is per definition a resource virtualisation type like OS server or applicationvirtualisation (Fig 429 refer the classification in Fig 414) Simultaneously SDN is anapproach to the construction of computer network equipment and software where thetwo main components of such equipment are abstracted from each other via (1) controlplane (2) data plane and as a rule with (3) a protocol named OpenFlow to combineand coordinate L2L3 networks via VM deployment [15] Starting around 2013 SDNwere widely deployed by multiple manufacturers inter alia VMware Juniper BrocadeCisco HP and IBM By that time it became one of the main innovation topics along withcloud computing and big data with similar confusion about the technical depth and thehype portions of the innovation Let us discuss its advantages SDN enables a networkadministrators to perform simpler low-level management of the networks by abstractioninto virtual services SDN offer (refer Fig 429)

bull emulation of MAC frames and packets (MPLS IP LAN mobile radio) on L2 and L3bull deployment of zones user demarcationsbull cloud services in multi-tenancy agreementsbull diversity of SDN architectures via the availability of multiple providers

Refer to Fig 429 just once more and compare (a) and (b)One of the driving forces for the large installation base of SDN networks is a universal

protocol called OpenFlow which is independent of the manufacturer and implements theinterfaces between the logic controller for the network and the network transport A typical


Fig 430 A typical flow chart in a network device that supports the OpenFlow protocol

traffic table within a network device that supports the universal protocol OpenFlow isshown in Fig 430 With the use of OpenFlow a more flexible and efficient physical(MAC-) and logical (IP-) addressing becomes possible as well as the reconfigurationis supported for data flows services applications and application ports The OpenFlowprotocol provides traffic identification by using the term ldquoflowrdquo A flow table acts as a keyelement of a switch that supports this protocol similar to a rule table within a softwarepacket filter The group of columns on the left side of the table creates the matchingfields where the characteristics of the flow are represented There are different parametersincluding MAC and IP-addresses of the sender and recipient VLAN identifier TCP andUDP ports and other information These data entries are recorded via the controller underuse of the OpenFlow protocol and registered into the switch table (refer Fig 430)

Example 46 Due to the inset of a new VM the reconfiguration process for all accesscontrol lists on all network devices and levels in a large network may take several daysinto account The reason is that the orientation of existing management tools to work withsome concrete devices at best purpose offer automation parameters which apply to a groupof devices which belong to the model row of one particular manufacturer eg Cisco MIBIn particular the well-known system VMWare provides (Fig 431) the following softwareand services for SDN and its virtual devices [7]

bull Network access to SDN is determinedbull Use of physical plants in the networkbull Deployment of multiple VMbull Deployment multiple Layer 2 VLANsbull Inset of so called Virtual Distributed Switches (vDS)


Fig 431 VMware-based scenario with access demarcation within SDN

bull Use of virtual network cards (vNIC)bull Use of VPN (Virtual Private Networks) and Load Balancersbull Deployment of network devices with proprietary VXLAN (Virtual Extensible LAN)

protocol that supports SDN within VMWare products as the alternative to OpenFlowbull A special system vNCS (VMware vCloud Network and Security)

The product palette of VMware is deployed VLAN SDN safety zones The networkinterfaces vNICs are coupled to dedicated virtual switches vDS that enable the distributionof VM assigned to the port groups of vDS Each vDS is not closely assigned to a servernext to each other but is configured to several servers Access demarcation within SDN isorganised with use of vSwitches

The network adapters of the servers are coupled to the vDS and allows VM on portgroups on the vDS the connection to the network This vDS is not tied to a particular serverbut is configured across multiple servers Use of vShield Zones is as follows virtual datacenter enables basic VM-protection against network threats (firewall packet filtering) Thesoftware vNCS (VMware vCloud Network and Security) is used with the aim

bull Deployment of a specialised VXLAN protocol (Virtual Extensible LAN)bull Deployment of virtual firewallsVPNs load balancing elements (load balancers refer

to the picture)


Fig 432 Deployment of vSwitches

The implementation of the principles of SDN using virtual switches of the type vSwitch isdepicted in Fig 432 The mentioned decision on virtual switches of type vSwitch level L2has many options including devices by VMWare Juniper Cisco HP and IBM for accessvia the level L3 gateway (GW) to the virtual machines with specific applications networkservices and cloud services Available data protection against malware and many possibletypes of threats on the network layers L2 L3 L4 L5ndash7 is achieved through the use offirewalls and antivirus software (see Fig 431)

SDN evaluation The features of SDN are presented in this section SDN provides theefficient separation of traffic transmission functions in few layers

Use of SDN offers evident advantages Routine network reconfiguration functionsare so simplified that the administrators do not have to separately enter hundreds ofconfiguration code lines for different switches or routers The network parameters canbe also changed quickly even in real time thanks to a rapid propagation of the parametersand rules Accordingly the timing of the introduction of new applications and serviceswill be greatly reduced The SDN technology uses expediency and efficiency in futuregeneration of mobile communication 5G by the defining IMT 2020 standard SDN willbe part of the future 5G mobile connections Together with 5G a number of terms havebeen declared which may express future innovation or further hype topics Examples arethe intelligent web of connected things real-time remote control mobile cloud trafficimmersive experience lifelike media ubiquitous connectivity and telepresence Moredetails about the aims of 5G networks are provided in chap 6 Software implementations of


a prototype for a provider core network according to 5G may be based on networks usingprotocols of SDN like OpenFlow VXLAN and virtualised operating systems based onVMWarevSwitch Citrix products and similar ones SDN are effective for the constructionof the cloud services infrastructure in conditions when by a request from users it isnecessary to create a virtual node a virtual service automatically and quickly Herewiththe virtual network has to allocate the required resources autonomously As a part of the5G mobile generation 5GIMT 2020 SDN technology becomes feasible in large datacenters allowing to reduce support costs by centralising network management as wellas by increasing the usage of network resources through their dynamic managementUse of SDN in practice will happen primarily for provider cores including 5G mobilenetworks to allow the telecommunication carriers and independent providers to obtain thenew management functions and better control via network components and services of anytype from a single centralised location which will greatly simplify their operation

44 Backup Services within Clouds as Advanced Cloud BackupTechnology

Next to virtualised compute and networking resources storage resource services are alsopopular in many cloud applications There are multiple flavours including higher-leveldatabase services file services and low-level block devices offered as service on which acustom file system can be placed The following text concentrates on file services as thisis the flavour most commonly used in consumer applications

Data crashes can cause unpredictable and even hard-out effects for an enterprise orauthority Backup strategies as antidote unify a complex of organisational and technicalmeasures that are necessary for data restoring processing and transfer as well as for datasecurity and defence against its loss crash and tampering [4] High-performance modernInternet allows delivery of backup functions and is complemented by attractive (mobile)services with a QoS comparable to that in Local Area Networks One of the most efficientbackup strategies is the delegation of this functionality to an external provider an onlineor cloud storage system This article argues for a consideration of intelligently distributedbackup over multiple storage providers in addition to the use of local resources Someexamples of cloud storage deployment in the USA the European Union as well as inUkraine and the Russian Federation are introduced to identify the benefits and challengesof distributed backup with cloud storage

Motivation Up-to-date network technologies aimed at backup and restore technologiesof critical enterpriseauthority data are discussed A comparative analysis of existingcomplex solutions and standalone tools is represented Essential advantages in restoretechnologies for critical enterprise or authority data can be offered via a newly devel-oped original cloud backup concepts in comparison with the traditional data-centricbackups But the complex constellation of international law and multilateral data safety

44 Backup Services within Clouds as Advanced Cloud BackupTechnology 111

requirements limits in some way the development of network technologies for cloudbackup One of the possible ways for solving the mentioned problems is offered byan intelligent combination of well-known commercial storage clouds with the use ofefficient cryptographic methods and stripesparity dispersal functionality for authenticatedtransparently encrypted and reliable data backups This approach has become popularrecently under the name RAIC [10 29 33] Yet from both a scientific and a practicalperspective there are shortcomings in conventional RAICs when eg dismissing the costand trust characteristics of the associated storage services

441 Backup as Important Component of Informational Safety

Disruption of critical data has unforeseen and heavy consequences for companies ororganisations It may have different reasons but the main result remains always the samea significant risk of losing data or access to it This may lead to impediments in reachingthe goals of companies or organisations errors in documents malfunctions of tools andmachines losing reputation on the side of partners Very often the risks of losing data arecaused by natural phenomena as shown in Table 44 where they are presented along withstatistical probabilities and human factors

The next problems of the company or organisation are significant costs for the recoveryof critical data and compensation of damages For these reasons backup technologies area very practical task and a relevant part of securing data and assuring information safetyof the company or organisation The purpose of data backup is the regular creation ofcopies of files databases applications and settings on external backup systems whichin most cases are storage units managed by a backup application Modern networkoff-site backup systems support this process with separation of locality for reasons of savingand recovering the data and prevent the risks of data loss in a company or organisationthat may appear because of hardware malfunction due to voltage jumps or devastating

Table 44 Causes andprobabilities of losing criticaldata due to natural and humanfactors

Cause of losing data Statistical probability

Natural phenomena

Hurricanes 1

Fire 6

Water 8

Short-circuit 16

Lightning stroke 17

Other natural phenomena 17

Human factor

Usage faults 25

Stealing 10


Fig 433 Example of backup system structure

natural disasters such as fire water attacks of malicious software like computer virusesand trojans system errors during data storage stealing the data or accidental dataleaks Backup includes organisational and technical measures for storing processing andtransferring back important data and guarantees their protection from loss destruction ordisruption The main distinctive features of modern network backup systems are the targetdevices (smartphone tablet PC rack server form factors) along with the target storagemedia (magnetic disks or tapes electronic flash memory and optical disks) delay of dataaccess (in the ms range up to several min for cold backup) maximal time of safe datastorage (months years) error rate GB costs An example of a combined backup systemfor a small or medium-sized company or organisation is shown in Fig 433

The main components of the system are an optical network (ATM 10GbE) SAN atape library and Redundant Array of Independent Disks (RAID) file server systemsAccording to Table 45 the main criteria for the choice of suitable backup media andnetworking technologies include high-speed connections (1 GBs over LAN) very largedata volumes of overall storage (from 100 Petabytes up to Exabytes) long guaranteedusage duration (months years) all when at the same time having a low probability oferrors and costs per data unit This list is not conclusive good handling of small files andbackup schemes are further factors

As it can be seen from Table 45 the streamer tools (Streamers SLR DLT DATDDSLTO VXA) guarantee a low probability of errors and costs per data unit long guaranteedduration and large data volumes as well as a good pricevalue ratio But a non-linearrestore operation from such media is a time-consuming task leading to the requirementof balanced choices The RAID mechanism is based on the creation of a redundant arrayof independent (multiple vendors) and inexpensive (consumer SATA instead of SAS) harddisc drives (HDDs) which work in one system to improve selectively both speed and


Table 45 Overview of backup media

Media for backupMax datavolume Cost per 1 GB

Guaranteedusage duration

Probability offailures

DVD 47ndash85 GB 005 Small 1 year High

USB flash 2ndash256 GB 097 Very small Medium

USB-HDD 05ndash4 TB 004 Very small Medium

Streamer LTO 02ndash3 TB 006 30 years Low

Streamer DLT 016ndash16 TB 017 30 years Low

Systems of redun-dant discs RAIC

Max 10 TB Multiple ofHDD costs

Several years Low

reliability of IO operations The array of HDDs is controlled by a special RAID controller(hardware or software array controller) which provides the functionality of storing andretrieving data in the array as well as creating and checking the checksums This allowsmaking the underlying system transparent to the external users and presenting it as onelogical IO channel Thanks to parallel runs of readwrite operations on several discs thedisc array provides a higher speed of data exchange compared to one large disc

The RAID mechanism was created first in 1988 by D A Patterson G Gibson and RH Katz researchers of University of California Berkeley For regular backups differentvariants of underlying storage types exist streamers connected via local network (method1) backup via LAN (method 2) backup via SAN (method 3) backup via NAS (method4) backup via external backup provider (data center or cloud system) (method 5) Foroccasional backups removable media such as USB sticks and portable hard drives mayalso be an option But due to the criticality of backup this is one of the processes whichreally should be automated

For choosing the right backup method for a company or organisation different methodsand factors should be considered including size of the company or organisation structureof available networks number of users (a small enterprise with 20 users or a big companywith more than 1000 users) costs of backup requirements on data safety and security aswell as administration efforts In recent years network technologies made a great progressin QoS (due to WdM 10GbE) mobility (HSDPA LTE) and easy access to computingcenters In fact the emerging IoS ensures that application based on SOA principles havebeen created which naturally integrate into service environments and can discover anduse suitable backup services without manual configuration High-speed Internet enablesproviding functionality and services with the same quality as known from local networksand hence makes the shift of formerly relatively local functions such as backup into thenetwork feasible The new IT paradigm of delegating the services to external providersis known as cloud computing and when referring to backup as cloud storage One ofthe most effective backup strategies is thus the delegation of the entire backup processto an external provider by interfacing with up-to-date cloud systems This is achieved byplacing the backup services into a public cloud offered by a capable and trustworthy cloud


provider Cloud computing is becoming more and more popular when several companiestransfer their IT infrastructure (completely or partly) into clouds This may lead to a lackof transparency of data access (who when where why and what) and cloud reliabilityand raises the risk of loss of all critical data if the cloud provider leaves the market Tomitigate these risks to some extent the deployment model of private clouds (method 6)under operational control from the client may be used Furthermore intelligent client-sidetechniques can further reduce the risks Below a very precise definition adopted from theNIST and Amazon definitions of the concept of cloud computing is given [1 24] ldquoCloudcomputing is the on-demand and pay-per-use application of virtualised IT services overthe Internet The clouds can offer on-demand self-service broadband network accessresource pooling measured and optimised service rapid elasticityrdquo The adoption ofcloud computing provides the following advantages relative reliability and security whilegiving up physical possession staying in control when demand changes the controlcan be exerted through vertical and horizontal scaling and migration to other providersavailability of attractive multi-layer services from infrastructure to software applicationsefficient platformsstacks and convenient client integration (Table 46) The broad range ofplatforms and choices in functionality leads to a discussion of the most important domain-specific criteria for cloud backup These criteria based on those for general backup andthose for general cloud computing are QoS parameters such as throughput data ratedelays and reaction time convenience (comfort suitability effectiveness) user controltrustworthiness security and privacy price per data extent and time

The next position might be the organisational reliability (trustworthiness of a cloudprovider) because a provider can disappear from the horizon unexpectedly for instancedue to own economic legal or political reasons Data security is required since therisks of data losses and compromises by provider maintenance via third parties are stillunreasonably high

Regular backup software Backup software is the basis for the realisation of any backupstrategy in a company or organisation which allows the automation of the backup tasksThe software triggers the backup process in a certain point of time provides the fullor incremental backup of the selected data and arranges for an appropriate reportingto inform the IT administrator among other goals The software may run in push modeas scheduled software application on each device or VM to be backed up or in pullmode where agents are connected to a backup service The choice of backup softwareand services may include fully extensible open source software as well as proprietarysoftware which has limited configuration and customisation options In both cases theoffer may be for free or based on a purchase or subscription contract to include supportGenerally the choice for a backup software depends on the required functionality transfereffectiveness restore performance and reliability The commercial solutions may howeverlead to a backup software and service lock-in which should be avoided similar to a storageprovider lock-in This is why in all backup planning projects a compromise should be made


Table 46 Well-known cloud platforms

Platform Provider

Amazon EC2 Amazon Web Services (AWS) for Elastic Compute Cloud(EC2)

Cloud Computing Yahoo Cloud services from Yahoo Platforms

Cloud Computing Resource Kit Cloud services from OracleSun

Eucalyptus IaaS stack which reimplements the Amazon APIs

SalesForce Cloud services from Forcecom mostly on the SaaS level

Google App Engine Google (a PaaS model)

Google Docs Google (a SaaS model)

Google Compute Engine Google (an IaaS model)

iCloud A virtual OS on a Cloud basis

Meebox Online file management in the frame of a SaaS model

MS Windows Azure Multiple Cloud Services in the frame of the Win Azure Platform(Microsoft)

Nimbula A privatehybrid cloud technology of former AWS-collaborators

OnLive An interactive Games-on-Demand-Platform with compressionmethods for computer graphics and videogames

Open Cirrus Open Cloud Computing Research Testbed from opencirrusorg

OpenStackorg Open Cloud from Rackspace Citrix NASA Dell

OpenNebula Commercialised European research project for data center vir-tualisation and service markets

OpenShift PaaS from Red Hat

T-Systems Dynamic Services A private Cloud-system for dynamic deployment of SAP-applications from SAP GmbH

Verpura Online-Cloud for Enterprise Resource Planning in SME

VMware vSphere A virtual OS on the Cloud-Basis of VMWare

between the costs and added value of the backup solution (functionality effectiveness andreliability) cf Table 47

Modern systems for cloud backup One of the most promising backup strategies is todelegate backup to an external provider eg to a cloud backup system A short overviewof cloud storage providers suitable for backup is given in Table 48 Online cloud resourcebrokers and marketplaces are updated periodically for an up-to-date view on the choicesbased on rich provider descriptions which facilitate the exchange of the informationthrough open markets A comfortable access to the cloud backup systems is possiblethrough dynamic and non-intrusive service selection even with mobile devices like tabletsor smartphones If the company or organisation does not trust the cloud provider it coulduse the technology of private clouds which limits the access to the cloud for external users


Table 47 Selected backup software

Software Description Costs

DAR (Disk Archive) Uses an own archive compression format dis-tributes the backup copies into different frag-ments and discs supports common encryptionmethods

Freeware

Rsnapshot Creates hard links between different storedroutes that requires the storage media support ofthe hard links When a file changes not only thechange difference is backed up but the wholefile

Freeware

Duplicity Creates backup copies in encrypted formatGPG (PGP) and archived in GZIP Backupcopies can be made practically for all types ofoperation systems supports upload of backupcopies over FTP systems SSG Rsync Web-DAV HSi and Amazon S3

Freeware

Acronis Backup ampRecovery AdvancedServer

Popular but expensive software for MS Win-dows allows creating image and file backupsis oriented on using HDD tape libraries cloudtechnologies

About 1100

Drive Backup Server Provide different backup functions eg storageon internal and external media CDDVDBRdiscs NAS systems FTP with support of virtualmachines VMWare

About 500

Symantec Backup Exec2012

Similar to Drive Backup Server About 900

Rsync Allows scripts for configuration of shell copy-ing files and their parts The special feature ofRsync is effective synchronisation of file treeover network

GNU GeneralPublic LicenseUnix-Distributions

Cron-Daemon System process of Unix for timer-based trig-gering of processes like backup The backuptasks can be triggered periodically accordingto ldquocrontabsrdquo tables and are called ldquocronjobsrdquoThey create backups on specified servers

Unix-Distributions

Bup A combination of Rsync and Git (version con-trol) concepts It offers Par2 redundancy

GNU LGPL v2

Bacula Client-server based network backup applicationfor individual computers up to large networks

GNU AGPL v3

Amanda Advanced Marayland Automatic Network DiscArchiver with support for tape drives disks andoptical media with native Windows client

BSD-style


Table 48 Overview of cloud backup platforms

Name of cloudbackup system

Region ofstorage

Max volumeof cost-freestorage

Max volumeof paidstorage Platform

Amazon CloudDrive

USA 5 GB No limits Win Mac Linux iOSAndroid WindowsPhone

Dropbox USA 2 GB No limits Win Mac Linux iOSAndroid Blackberry

Windows LiveSkydrive

Ireland 25 GB 100 GB Win Mac WindowsPhone iOS Android

Strato HiDrive Germany ndash 5000 GB Win Mac AndroidWP7 Chrome Synology

Google Drive USA 5 GB 16000 GB Win Mac iOS AndroidLinux

HighSecurityBackup

Germany 10 GB (upto 30 days)

No limits Win Linux Mac DBsExchange LotusVMware

Ubuntu One Isle of Man 5 GB 50 GB Win Linux AndroidiOS

SafeSync Japan 500 GB (upto 30 days)

No limits Win Mac iOS Android

F-Secure Finland ndash No limits Win Mac

Daten-Safe Austria ndash No limits Win Linux Mac DBsExchange LotusVMWare

and lets the data within the company which underlines the benefits of cloud computingHybrid clouds combine placing a part of the data into a public cloud and processing theother part of data in an own private cloud An example of a cloud backup system is theAmazon Web Services provisioning platform (AWS) which also includes the AmazonElastic Compute Cloud (Amazon EC2) and consequently follows the service-orientedarchitecture principles The Amazon Web Services platform provides access to a largenumber of different further services like application access virtual machines backupof files databases processing queues online-memory (see an overview in Fig 434 andFig 435) Other popular cloud providers with free storage plans are Google Drive [3]Azure [14] and with a focus on processing the Yahoo Cloud [31]

442 RAIC Storage Service Integration

Cloud storage is often used for backups but also for extended storage capacity andsharing of data between devices and users Up-to-date cloud technologies aimed at


Fig 434 Structure and components of Amazon Web Services

Compute amp NetworkingDirect ConnectDedicated Network Connection to AWS

Deployment amp Management

EC2Virtual Servers in the Cloud

CloudFormationTemplated AWS Resource Creation

CloudWatchResource amp Application Monitoring

Elastic BeanstalkAWS Application Container

IAMSecure AWS Access Control

CloudSearchManaged Search Service

SESEmail Sending Service

SNSPush Notification ServiceSQSMessage Queue Service

SWFWork flow Service for CoordinatingApplication Components

App Services

Elastic MapReduceManaged Hadoop Framework

Route 53Scalable Domain Name System

VPCIsolated Cloud Resources

CloudFrontGlobal Content Delivery Network

GlacierArchive Storage in the Cloud

S3Scalable Storage in the Cloud

Storage GatewayIntegrates on-premises IT environmentswith Cloud storage

Storage amp Content Delivery

Fig 435 Screenshot of the main panel of Amazon Web Services

backup and restore routines of critical enterprise or authority data are discussed in [23]A scheduled comparative analysis of existing complex solutions and standalone tools hasbeen done and represents the advantages of combined (private + public) clouds regarding


to traditional data-center backups and some known cloud backup solutions In orderto achieve full convenience and elasticity clients require an intelligent combination ofexternally maintained public storage clouds with use of efficient cryptographic methodsand stripesparity dispersal functionality for authenticated transparently encrypted low-overhead and reliable data access This approach has become popular with the nameRAIC ndash Redundant Arrays of Independent Clouds in analogy to RAID One RAIC real-isation is the deployment of the hybrid clouds as a combination of private and publicclouds in certain topologies The combined hybrid clouds with additional cryptographicprotection functionality and management layer (so called ldquocloud storage controllerrdquo) atthe client side is often an appropriate solution Taken to the extreme such setups caninclude peripheral devices such as USB sticks for a four-eye principle in access control Akey point of a hybrid cloud backup concept under the given circumstances is the flexibleconfiguration of all data encoding and decoding steps For increased confidentiality datais transparently encrypted with a symmetric key using for instance the AES cipherFor increased availability data is replicated n times or erasure-coded and subsequentlydispersed The choice and order of data coding and dispersion steps belong to the mainfunctions of an integrating storage service controller [9 25 30]

Many RAIC characteristics can be explained with corresponding RAID methods andliterature In local backup setups the most popular systems are the RAID numbered as0 1 and 5 correspondingly with two or four disks of which zero or one are redundant

The functionality of RAIDs is based on stripes and parity dispersal routines [27] InFig 436 for a RAID5 a representation is depicted The partition in the usual disks array isgiven with different colours firstly for the data (the so called ldquostripe setrdquo eg A1 or C3)and then the distribution of the parity sums (ldquoparity setrdquo eg BP or DQ) through the fivedisks Disk 0 Disk 4 In the given case the common available volume V for the databackup will be calculated with the formula (cp Fig 436c)

V D n 1Vmin (41)

Fig 436 The most used systems RAID 0 1 4 5 6 (RAID) Redundant Array of IndependentDisks (HDD) Hard Disk Drives (up to five disks disk 0 disk 4)


Whereas n is the number of used HDDs and Vmin the minimal available HDD volume inthe array The redundancy is self-evident preconditioned via the parity set

Example 47 Let us here consider the example with four arrays each of a capacity of500 GByte for RAID5 to find out about the RAID efficiency

V D 4 1 500 GByte

D 1500 GByte(42)

This results in 1500 GB pure for data backup as well as 500 GB for the parity control (seeFig 436c) Therefore a next constructive idea is the deployment of redundant cloud arrays(stripe and parity based dispersion) There are naturally a lot of further RAID conceptsoptimised for minimum access time minimum failure probability maximum volumesminimum costs

Practically these multiple RAID concepts can be continued and mapped to RAICsThere are already numerous subconcepts of RAICs or Redundant Arrays of IndependentClouds The possible variations to the concept are also Redundant Array of IndependentNetworked Storages (RAINS) as well as Random Array of Independent Data Centers(RAIDC) or Redundant Array of Optimal Clouds an extension to RAIC which emphasisesan enforcement of user requirements on the selection and maintenance of storage servicearrays (RAOC) The software architecture suitable for the realisation of RAIC is depictedin Fig 437 The predominant client-side software for RAICs consists of the followingthree layers with the related functionality (1) integration layer (with logical partitionand interface to the backup application) (2) pre-processing layer (with stripes and paritydispersal routine encryption and other modifications) (3) transport layer (with blocktransfer operations) The clients obtain the possibility of the reliable and efficient access toan array of HDD storage media with added organisational and spatial independence Thissoftware considers the state-of-the-art The advanced software architecture realises a newlayered RAIC concept and includes the following already known components but with theextended functionality Firstly the advanced integration layer (1) includes multiple net-work file system protocols like NFS CIFSSMB WebDAV or alternatively a local virtualfile system interface or a Web Services interface Additionally CVSSVNGit (versioncontrol subsystems) and synchronisation overlays are integrated On the other hand anadvanced pre-processing layer (2) consists of necessary codecs aimed to classification ofdocument types and its efficient coding (text files MPEG PDF) Then the policies on thedata storage subjects and paths are included here as well as the routines for stripes andparity dispersion authentication with MDRSAPKI and encryption with AESRSAPKIFinally the advanced transport layer (3) integrates the parallel and block-wise streamingcaching and local persistence procedures as well as includes the adapters for multipleprovider APIs The multi-modal cloud clients (desktops tablets and smartphones) enjoy


Fig 437 Software architecture of a RAIC

Fig 438 RAID Double Parity structure

with the reliable and efficient resource access to the set of the hybrid (private-public) cloudstorage media namely to the RAIC

RAID DP (Double Parity) is a block-level RAID system with double striping of parityinformation on separated HDDs based on both RAID4 and RAID6 structures The secondparity Q (see Fig 438) can be computed with the same formula as the first parity P butwith other data stripes


The first parity is horizontal the calculated second parity Q diagonal see formula 43

P1 D XORA1 B1 C1

P2 D XORA2 B2 C2

P3 D XORA3 B3 C3

Q1 D XORP1 A2 B3 0

Q2 D XORP2 A3 0 C1

Q3 D XORP3 0 B1 C2

Q4 D XOR0 A1 B2 C3

(43)

Since in a RAID DP any two disk failures can be compensated the availability of sucha system is increased compared to a single-parity solution The recommended RAID-DPsets consist usually of 14 + 2 HDDs The restoring via RAID DP is relatively simple Thefurther advantages of RAID DP are the simplicity of XOR-Operation for parity computingand possibility to conversion to RAID 4 via switching-off of the Q-stripes Deployment ofoptimised RAID DP offers the advantages as follows

n 5netto

brutto

n 2

nfailuresecurity D 2 (44)

in comparison to well-known RAIC5 (cp Fig 436c)All services offered over the Internet are interacted with according to certain usage

lifecycle phases Storage services are no exception they also adhere to a lifecycleFigure 439 presents the relevant phases and introduces suitable client-side integrationhandlers for each phase The first three phases (discovery and selection contracting andconfiguration) can be subsumed under the term matchmaking These phases typicallyapply once per user-service relationship The fourth phase usage is executed more thanonce and depends on the preceding phases The presented service integration concept is ageneral one For mobile clients bound to storage services in the cloud its interpretation isas follows During the service discovery a dialogue on the device screen guides the userto the right storage services for any given situation By using automation and autonomiccomputing concepts the dialogue can be kept simple or even not be shown at all at theexpense of honouring custom user preferences Then more client-side agents performthe necessary configuration of the services including account creation and registrationwithin the storage controller Finally a scheduler within the storage controller ordersthe timely transmission of data to and from the device Agent frameworks to handle thesign-up to services already exist for example OSST the Online Service Sign-up ToolThe frameworks assume access to a well-maintained service registry which not only


Fig 439 Live cycle of services

contains information about the services but also links to service-specific agent extensionsHowever the frameworks need to be implicitly parameterised according to the specificneeds of mobile users and with appropriate information already present on the mobiledevice including identities (Fig 439)

In summary the presented background information demonstrates the feasibility ofintegrating storage services on mobile devices in a partially automated process Thenext section will give detailed insight into appropriate choices of methods and theirparameterisation

Hybrid cloud backup concept Figure 440 shows how to transparently encrypt data tobe backed up in a hybrid cloud environment Both a private cloud operated in a user-controlled data centre or across the userrsquos personal devices and a public cloud offered bya commercial or institutional entity can be flexibly combined this way without worryingabout the loss or leak of data

The notion of transparent encryption for cloud backup encompasses the followingfeatures efficient cryptography methods such as AES RSA MDMAC X509Kerberospublic key certificates PKI deployment document classification and demarcation anal-ysis of structured unstructured data and context information user authentication andrespective keys granting

An example of implementation At this point an advanced example of an implemen-tation for the RAIC and RAOC concepts can be mentioned Its origins were in the


Fig 440 (MD) Message Digest (MAC) Message Identification Code (AES) Advanced Encryp-tion Standard (RSA) Rivest Shamir and Adleman Encryption (PKI) Public Key Infrastructure(X509 Kerberos) Cloud backup and transparent encryption

FlexCloud young investigator group at Technische Universitaumlt Dresden in Germany whichran from 2010 to 2013 The goals of the group were oriented towards a user-controllableand secure cloud life cycle The concrete measures were avoiding uninformed cloudprovider selections through formal descriptions of resource data and software propertiesavoiding the cloud provider lock-in effect through multi-cloud scenarios and migrationpaths towards inter-connected personal clouds under the control of the user which canbe federated into a powerful network of clouds finally means to exert the control withan appropriate management user interface representing a personal cloud cockpit Thisstrategic thinking has influenced the design and development of the file storage solutionNubisave (from Latin ldquoNubesrdquo meaning ldquoCloudrdquo) As project result with the highestpractical value it has subsequently been advanced in the Cloud Storage Lab and is stilloffered for download on this website [34 35]

Nubisave sets up an aggregated view across multiple cloud storage providers andenables higher-level storage tasks such as policy-enforcing data gateways adaptivesynchronisation between devices backup and collaborative sharing Nubisave exportsa virtual file system through the Linux interface File System in Userspace (FUSE)which can be used as an underlay target media of backup software All write accessesreceived by Nubisave are multiplexed onto the configured cloud storage providersand all read accesses reassemble the data Encryption and versioning can entirely beperformed on the client side In case of failures affected storage providers can bereplaced by others and a replication of data from the remaining ones takes placeautomatically Nubisave is available as open source software which has been demonstratedand discussed at both commercial events (trade shows) and academic events (conferencesmeetings)

45 RAIC Integration for Network Storages on Mobile Devices 125

45 RAIC Integration for Network Storages on Mobile Devices

Motivation Systems to combine multiple network and online storage targets withimplied redundancy security and fault tolerance so-called RAICs have recently seenrenewed discussion due to the growing popularity of convenient cloud storage serviceofferings For mobile device access to RAICs less research results are available Aldquosmartphone for the futurerdquo with pervasive storage availability should be intelligentlyand autonomically connected to the cloud Such a constellation allows access withoutgreat expenses to multiple applications data and further resources One necessity is thatthe requirements of the users (security privacy safety pricing and vendor selection) aswell as the functional user objectives are rewarded in the best way In addition valuablebattery capacities need to be saved by selecting appropriate algorithms and parametersand by placing parts of the RAIC integration into the infrastructure On the functionalside for distributed data storage specific resource services with versatile features such asextended storage capacity backup synchronisation and collaborative sharing of data needto be supported The result is a mobile energy-efficient and autonomic RAIC integrationapplication In other words a storage controller on a smartphone

The term Smartphone Bloodbath has been descriptively in use in mobile phone industryreports for the race to more features and lower prices at high frequency for aboutthree years Essentially a phone is technically valued by its hardware functionality andquality its software and services ecosystem and its connectivity Most smartphones offersophisticated software application distribution whereas the innovation in terms of datamanagement is relatively slow The separation between private and business activitiesreflects to some extent on data management and yet most users would need a much morepowerful data and storage feature set One idea for a user-friendly ldquosmartphone for thefuturerdquo is to bind it to online storage services through a pervasive cloud of user-controlledaccounts at registered providers The online storage area allocation would grow and shrinkon demand This binding is similar to how clouds and resource-constrained cyber-physicalsystems and robots are already connected to each other to offload tasks from the devicesinto the network infrastructure One difference between phones and robots is the self-determined nature of user actions When a user records a movie or downloads files thephonersquos media size restrictions will be defused and additional functionality includingonline access to all private data becomes possible although the user may decide to overridethe use of the online storage The binding to multiple services at once requires intelligentclient-side integration techniques with phase-of-lifecycle knowledge which additionallymatch the service properties against user requirements For secure and reliable datastorage the RAIC concept has been proposed as integration technique and successfullyimplemented for desktop computers and enterprise storage integrators [29] However froma security and convenience perspective on mobile devices the RAIC assembly and thedistribution of the data to the attached providers needs to happen directly on the deviceitself in most cases which contradicts a conservation of battery power It is therefore


important to integrate network storage services on mobile devices in a systematic way forpredictable storage characteristics even under changing networking and device conditions

In the next sections the basic concepts behind network and cloud storage RAICsand their applications including hybrid backup clouds are presented The phases of theusage lifecycle of services in general and storage services in particular are examinedin detail to derive a suitable integration design Tradeoffs between user-friendly fullautomation and control-preserving semi-automatic or guided integration are discussed inthis context Intelligent RAIC use in the mobile field further implies certain decisionson which algorithms parameters and placement strategies to use in order to preservethe battery and gracefully adapt to imperfect networking conditions The next part istherefore outlining specialised data coding techniques including encryption splittingerasure codes and all-or-nothing transformations Again tradeoffs need to be understoodcorrectly to achieve high-performance integration with low power consumption Thepeculiarities of mobile access to RAICs are shown using elaborated software architec-ture on a selected smartphone platform Finally a summary of the findings and anoutlook on further ideas to improve the connections of smartphones into the cloud isgiven

451 Efficient Access to Storage Services from Mobile Devices

Depending on the use cases the weight of comparison parameters to distinguish themost suitable RAIC integration method differs For many client systems security playsa major role and motivates distributed data storage with comparatively more storageoverhead in return for higher security As a generalisation thereof subjectively optimalparameters including storage and retrieval times and service costs can be considered andweighted by clients at configuration time yielding RAOCs [33] For mobile devices twoparameters become dominant The energy efficiency of the integration and the usabilityunder imperfect networking conditions Both have so far not been subject to analysisfor the research on RAICs but are crucial for the further acceptance of such techniquesEnergy efficiency can be broken down into the (negligible) setup service selection signupand configurationreconfiguration processes which typically donrsquot happen more than onceper device power-on session and the service usage processes for storing and retrievingdata Measuring the energy efficiency of algorithms requires specialised equipment Theelectrical power consumption is not linear to the performance but grows along with ithence a performance comparison assuming equal processor load can be used for a firstestimation The power consumption analysis in this example are made using the HAECndash Highly Adaptive Energy-Efficient Computing measurement infrastructure as shown inthe photo below (Fig 441)

Performance characteristics of RAIC integration techniques based on [32 35] aresummarised in Table 49


Fig 441 HAEC laboratory measurement equipment (own photo)

Table 49 Qualitative comparison of performance characteristics for versatile RAIC integrationtechniques

Technique Read performance Write performance

RS erasure code 0 redundancy XOR 100 100

RS erasure code 0 redundancy SIMD 270 ndash1200 270 ndash1200

RS erasure code 50 redundancy n = 3 100 67

AONT-RS n = 3 33 33

Imperfect networking usability mandates an intelligent use of caching and schedulingso that slow or broken links will show no or little effect on the user of a RAIC Thistypically differs per implementation However already on the algorithmic level someerasure codes have been more optimised for storage retrieval and repair than othersResearchers have identified suitable algorithms through experiments [26] Based on theseobservations we can assume that the use of processor-specific erasure codes is beneficialfor mobile devices Both the devicersquos energy efficiency and the imperfect networkingusability can be tremendously improved by placing the RAIC integration onto a trustedlocal network proxy So-called storage integrators can serve multiple users and enforcegroup policies On the other hand they have drawbacks concerning the trust mobilityand overall energy efficiency given that such additional devices will remain idle forlong durations Figure 442 shows both possible integration approaches in a comparisonarchitecture scheme


Fig 442 Variants for efficient placement of RAIC integrator between the clouds

452 A New Must-Have App RAIC Integrator for Smartphones

While our results are generally applicable to all mobile devices including tablets andnotebooks our realisation scenario focuses on mobile phones due to their increasingpopularity as ldquoswiss army knivesrdquo for computing tasks Today such phones ship withinternal storage media (ROM non-volatile flash memory SD cards) and otherwise rely onmanual storage service integration beyond the sometimes preconfigured vendor-specificservices Increasing amounts of data produced by mobile phone sensors and applicationspush the idea of a ldquosmartphone for the futurerdquo with ubiquitous access to elastic storage inthe cloud Such a smartphone requires inter alia an operating-system integrated library fortransparent RAIC integration across all applications which need extended storage capacityoffsite backups and other uses of storage Essential parts of the integrator are (1) a databasewith information about available services including their functional and non-functionalproperties and protocols for accessing them (2) protocol-specific access modules (3) adispersion module which splits the data according to the user-defined parameters whileconsidering energy efficiency and imperfect networking conditions and (4) autonomicsupport functions for service sign-up and repair in case of failures The binding of a mobilephone to a RAIC-DP configuration through an integrator is depicted in Fig 443 TheP-stripe is stored in the private cloud client while the Q-stripe is delegated to the publicclouds ie to the provider Arbitrary RAIC and dispersion configurations are possiblealthough certain key configurations will be preferred by mobile users RAIC-DP for highestsafety AONT for highest (information-theoretic) security and JBOCRAIC0 for the leastamount of overhead A configuration wizard would have to present these choices to theusers in a meaningful way

Suitable software architecture for the realisation of a mobile RAIC over both local andcloud storage resources is depicted via Fig 444 following the design proposed for genericcloud storage controllers The predominant client-side software for RAICs consists of thefollowing three layers with the related functionality


Fig 443 RAIC-DP A network storage model

Fig 444 Offered software architecture to realisation of a RAIC (HDD) Hard Disk Drive orother local drives including SD media (RAIC) Redundant Arrays of Independent Clouds (CVS)Concurrent Versioning System


1 Integration layer logical partition and interface to the backup application2 Pre-processing layer stripesparity dispersal routine encryption and other modifica-

tions3 Transport layer block transfer

The clients obtain the possibility of reliable and efficient access to an array of virtualisedstorage media offered as a service or as local complementary media with addedorganisational and spatial independence This software considers the state-of-the-art Theoffered software layered architecture realises a RAIC concept and includes the followingalready known components with the extended functionality

1 Advanced integration layer A local virtual file system interface available to allapplications Depending on the operating system there may be additional specificinterfaces for instance the registration as content provider on Android or the exportas RESTful web service through RestFS

2 Advanced pre-processing layer Codecs classification of document types andcoding (text files MPEG PDF) Policies on the data storage subjects and pathsStripesparity dispersion routines Authentication with MDRSAPKI Encryption withAESRSAPKI

3 Advanced transport layer Parallel and block-wise streaming Caching and localpersistence Adapters for multiple provider APIs

The proposed system can be implemented with existing academic and open sourcesoftware Nubisave [33] is a cloud storage controller which performs the functionalityof the upper layer as a Linux user-space file system (FUSE) module with 1 file inputand n fragment outputs Through the Nubisave configuration GUI the remaining twolayers can also be controlled For instance the Nubisave splitter modulersquos first outputcan be connected to an EncFS module for data encryption which is in turn connected to aFuseDAV module for placing the encrypted fragment data on a protected WebDAV folderwhich serves as standard-compliant interface to a cloud storage area

Some mobile phone operating systems run directly on Linux including Maemo and themore recent SailfishOS and FirefoxOS so that Nubisaversquos file system interface is a suitablemeans for data access across all applications For Android and similar systems withrestricted global data access a translator between files and the respective per-applicationcontent API would be required Imperfect network handling is an implementation detailof the transport modules We have previously refined fault-tolerance access to RESTfulservices (including eg WebDAV as HTTP extension) as RAFT-REST concept The JavaResUp library [38] is available to transport module authors as a convenient caching andretransmission handler Beyond the specific transport modules Nubisave also caches databy itself to some extent Hence the combination of a cloud storage controller with energy-efficient parameterisation agent-based service lifecycle handling for semi-automatic

References 131

integration and fault-tolerant service integration under imperfect networking conditionsis possible today and fulfill the requirements of mobile users

The next problems to solve are

bull Analysis of integration options for existing cloud storage services (Cloud-of-Clouds)bull RAIC Cloud backup concept elaboration (stripe and parity based dispersion)bull Development of software RAIC controllers based on web services for management and

cryptographic protection of a RAIC (combined clouds) eg RAIC5 RAIC-DPbull Deployment of proxy servers for easy mediationbull Development and securing the meta-data database for RAIC managementbull Development of easy-to-use conditions a common access scheme for the enterprises

with offering of good performance high security data control for the usersbull Further development of collaboration scenarios file sharing access by external entities

CVS and group working automatic classification of databull Improving performance eg scheduling algorithms cachingprefetching and paralleli-

sation

46 Conclusions

This chapter has given a brief systematic introduction into the challenges of operatingand integrating cloud services related to computing resources computation networkand storage It has covered recent trends including distributed storage facilities for highavailability and confidentiality integration of cloud services into mobile devices with highenergy efficiency and pervasive or ubiquitous access to multiplexed cloud services Forsmartphone makers the results show that especially storage integration is a desirablefeature which leads to outstanding devices with a functionality closer to what highlydemanding users expect

References

1 Amazon Web Services online httpawsamazoncom 20132 Citrix Systems ShareFile online httpwwwcitrixcomproductssharefileoverviewhtml

20133 Google Drive online httpsdrivegooglecom 20134 Ordinary backup technologies online httpwwwtecchanneldestoragebackup 2015 in

German5 Security Compendium online httpwwwsecurity-insiderde 2015 in German6 Ukrainian legislation regarding to data security online httpzakonradagovua 20157 VMware vSphere API for Storage Awareness online httpwwwvmwarecom 20138 C Baun M Kunze J Nimis and S Tai Cloud computing ndash Web-based dynamic IT-Services

Springer-Verlag 2010 in German


9 G R Blakley Safeguarding cryptographic keys In AFIPS Conference Proceedings volume 48p 313ndash317 1979 National Computer Conference (NCC)

10 D Decasper A Samuels and J Stone RAIC ndash Redundant Array of Independent Clouds patentUSA Reg No 12860 810 Publishing No US 20120047339 A1 2012

11 S Gross J Spillner and A Schill FlexCloudTUD Project Dresden University of TechnologyTUD online httpwwwflexcloudeu 2013

12 Sheikh M Habib and S Hauke and S Ries and Max Muumlhlhaumluser Trust as a Facilitator in CloudComputing A Survey Journal of Cloud Computing Advances Systems and Applications June2012

13 H Kim N Agrawal and C Ungureanu Revisiting Storage for Smartphones ACM Transactionson Storage 8(4) November 2012

14 H Kommalapati Windows Azure Platform for Enterprises online httpmsdnmicrosoftcomen-usmagazineee309870aspx 2013

15 Thomas A Limoncelli OpenFlow A Radical New Idea in Networking Communications of theACM 55(8)42ndash47 2012

16 A Luntovskyy and D Guumltter A Concept for a Modern Virtual Telecommunication EngineeringOffice International Research Journal of Telecommunication Sciences 3(1)15ndash21 2012

17 A Luntovskyy and M Klymash The service-oriented Internet In Proceedings of IEEE 11thTCSET 2012 Conference on Modern Problems of Radio Engineering Telecommunications andComputer Science 2012 Lviv ndash Slavsk Ukraine

18 A Luntovskyy M Klymash and A Semenko Distributed services for telecommunicationnetworks Ubiquitous computing and cloud technologies Lvivska Politechnika Lviv Ukraine2012 368 p Monograph in Ukrainian

19 A O Luntovskyy Programming Technologies of Distributed Applications DUIKT StateUniversity of Telecommunications Kyiv 2010 474p in Ukrainian

20 A O Luntovskyy M V Zakharchenko and A I Semenko Multiservice Mobile PlatformsDUIKT State University of Telecommunications Kyiv 2015 216p in Ukrainian

21 Andriy Luntovskyy Dietbert Guumltter and Igor Melnyk Planung und Optimierung von Rechner-netzen Methoden Modelle Tools fuumlr Entwurf Diagnose und Management im Lebenszyklus vondrahtgebundenen und drahtlosen Rechnernetzen SpringerVieweg + Teubner Verlag Wiesbaden2011 411 p in German

22 Andriy Luntovskyy and M Klymash Data Security in Distributed Systems LvivskaPolitechnika Lviv Ukraine 2014 464 p Monograph in Ukrainian

23 Andriy Luntovskyy Volodymyr Vasyutynskyy and Josef Spillner RAICs as Advanced CloudBackup Technology in Telecommunication Networks International Research Journal ofTelecommunication Sciences 3(2)30ndash38 December 2012

24 P Mell and T Grance The NIST definition of cloud computing whitepaper NIST SpecialPublication 800ndash145 September 2011

25 J S Plank S Simmerman and C D Schuman Jerasure A Library in CC++ FacilitatingErasure Coding for Storage Applications ndash Version 12 Technical Report CS-08-627 Universityof Tennessee 2008

26 J S Plank K M Greenan and E L Miller Screaming Fast Galois Field Arithmentic UsingIntel SIMD Instructions In Usenix FAST February 2013

27 M O Rabin Efficient Dispersal of Information for Security Load Balancing and FaultTolerance Journal of the ACM 36(2)335ndash348 1989

28 Johannes Schad Stephan Zepezauer and Josef Spillner Personal Cloud Management Cockpitwith Social or Market-Driven Asset Exchange In Networked Systems Conference (NetSysKiVS)ndash Communication Software Award Demo March 2013 Stuttgart Germany (Vorfuumlhrung)

References 133

29 Ronny Seiger Stephan Groszlig and Alexander Schill SecCSIE A Secure Cloud Storage Integratorfor Enterprises In International Workshop on Clouds for Enterprises (C4E) p 252ndash255September 2011 Luxembourg Luxembourg

30 A Shamir How to Share a Secret Communications of the ACM 22(11)612ndash613 197931 Shelton Shugar Cloud Computing at Yahoo online httpopencirrusorg 201332 C A N Soules G R Goodson J D Strunk and G R Ganger Metadata efficiency in

versioning file systems In Proceedings of the Third USENIX Conference on File and StorageTechnologies April 2003 San Francisco California USA

33 Josef Spillner Gerd Bombach Steffen Matthischke Johannes Muumlller Rico Tzschichholz andAlexander Schill Information Dispersion over Redundant Arrays of Optimal Cloud Storage forDesktop Users In 4th IEEEACM International Conference on Utility and Cloud Computing(UCC) p 1ndash8 December 2011 Melbourne Australia

34 Josef Spillner and Johannes Muumlller PICav Precise Iterative and Complement-based CloudStorage Availability Calculation Scheme In 7th IEEEACM International Conference on Utilityand Cloud Computing (UCC) p 443ndash450 December 2014 London UK

35 Josef Spillner Johannes Muumlller and Alexander Schill Creating Optimal Cloud Storage SystemsFuture Generation Computer Systems 29(4)1062ndash1072 June 2013 DOI httpdxdoiorg101016jfuture201206004

36 Josef Spillner Christian Piechnick Claas Wilke Uwe Aszligmann and Alexander SchillAutonomous Participation in Cloud Services In 2nd International Workshop on IntelligentTechniques and Architectures for Autonomic Clouds (ITAAC) p 289ndash294 November 2012Chicago Illinois USA

37 Josef Spillner and Alexander Schill A Versatile and Scalable Everything-as-a-Service Registryand Discovery In 3rd International Conference on Cloud Computing and Services Science(CLOSER) p 175ndash183 May 2013 Aachen Germany

38 Josef Spillner Anna Utlik Thomas Springer and Alexander Schill RAFT-REST ndash A Client-side Framework for Reliable Adaptive and Fault-Tolerant RESTful Service Consumption In2nd European Conference on Service-Oriented and Cloud Computing (ESOCC) volume 8135of LNCS p 104ndash118 September 2013 Maacutelaga Spain

5Smart Grid Internet of Things and Fog Computing

Keywords

Integration of networks for telecommunications and energy supply bull New servicearchitectures bull Demarcation of grid vs smart grid bull Power Line Communication(PLC) bull Green computing bull Energy-efficient communication (Bluetooth bull Zig-Bee bull EnOcean bull 6LoWPAN) bull Demarcation of Internet of Things (IoT) vsInternet of Services (IoS) bull Fog computing bull Distributed computing bull Mini-PC bull On-board -controllers (Raspberry Pi bull Arduino) bull Computer-Aided Design(CAD) bull Automation networks bull Smart home bull Smart factory bull Industry 40

In the previous chapters we have highlighted the evolution of computing environmentsfrom single systems to parallel architectures clusters grids service-oriented systems andclouds This line of evolution is a purely digital one without considering the form factorof computing From the physical perspective there is another line of evolution whichputs the form factor and communication channels into the centre Starting with mini-PCsand embedded computers nowadays distributed computing can be performed in wearablecomputers and body-area networks tiny nodes organised as fogs or smart dust connectedto the Internet of Things and in the ldquoSmart Gridrdquo using various protocols This chaptertherefore outlines physical computing paradigms and compares the computing storageand communication capabilities

The first part of the chapter examines some typical scenarios for ldquoSmart Gridrdquodeployment as a technology for integration of electric power supply networks and telecom-munication networks and gives a comparison of corresponding services architectures andmulti-level models The smart grid enabling technologies are discussed Furthermoresome case studies on smart grid are presented


135

136 5 Smart Grid Internet of Things and Fog Computing

The second part of this chapter is dedicated to the up-to-date development of the IoTand of ldquoFog Computingrdquo based on the achievements in Wireless Personal Area Network(WPAN) The IoTfog computing enabling technologies are discussed Case studiesbased on use of on-board -controllers such as Raspberry Pi are examined

51 Smart Grid as Integration Technology for the Networks ofEnergy Supply and Telecommunication

Green computing Green IT is an important predecessor trend and part of smart griddevelopment because of the significant efforts on waste heat and energy recycling(Fig 51) Additionally to the known Power Usage Effectiveness (PUE) the EnergyReuse Efficiency (ERE) value has to be used Let us compare one to each other

Power usage effectiveness (PUE)

bull PUE D TotalFacilityEnergy=ITEquipmentEnergy D Ptotal=PIT

bull PUE gt 10 ideal value 101

bull compare to K D PIT=Ptotal D 1=PUE0 lt K lt 1

Energy reuse efficiency (ERE)

bull ERE D TotalEnergyConsumptionofaDataCentre RecyclingEnergy

=ITEquipmentEnergy D P0

total Precycling=PIT

bull 0 lt ERE lt PUE lt 150

Fig 51 Green IT symbolic representation (Source magatechnologyit)

51 Smart Grid as Integration Technology for the Networks of Energy 137

Fig 52 The construction of the efficient energy consumption and recycling within of a buildingwith a lsquogreenrsquo IT data centre (According to [39])

Example 51 For one particular provider of green IT services [39] the following valueshave been computed PUE D 102=105 and ERE D 062=068 The high efficiency isbased mainly on the water cooling and the renunciation of all refrigeration systems Theconstruction of the efficient energy consumption and recycling within of a building withgreen IT data centre (according to [39]) is given in Fig 52 The construction encompassesthe following components (1) servers (2) tank and warm water preparation (3) airwaterwarm pump (4) air supply (5) ventilation (6) air supply to the servers (7) ventilationfrom the servers (8) air supply warm pump (9) ventilation from warm pump (10)heating forerun (11) heating countercurrent (12) warm water (13) fresh water stream(14) heating system (15) warm water cone filters and (16) optional photovoltaic

The computation of the energy efficiency is given in Fig 53 According to thiscomputation the following PUE values are resulting

1 PUE without the warm pump PUE D 254ŒMW=a=250 6ŒMW=a D 101 ie254ŒMW=a D 262 8ŒMW=a (for warm pump)

2 PUE with the warm pump PUE D 105 ie 262ŒMW=a=250 6ŒMW=a


Fig 53 The computation of the energy efficiency (Source [39])

Smart grid definition The high-tech twenty-first century is in particular also thecentury of ldquosmall power supply systemsrdquo due to the use of advanced information andcommunication technologies in energy networks Creation of combined systems calledldquoSmart Gridrdquo opens great prospects for the development of both of these industries (energyand IT) and is intended to provide a synergistic effect This section examines existingmodels of smart grid suitable basic networking technologies as well as typical usagescenarios for integrated intelligent networks

Smart grid is a technological direction for the integration of electric power supplyand telecommunication networks in order to increase the energy efficiency of bothtypes of networks reduction of CO2 emission under the Kyoto Protocol consideringdecentralisation of existing architectures for an integrated network (ie one of the mainprinciples of Internet construction) and improving of its efficiency (efficient switchingrouting) under use of alternative and renewable energy sources (like wind solar Electro-Magnetic (EM)-smog) combined with use of hybrid hydrocarbon-electric vehicles(Plug-in (Hybrid) Electric Vehicles (PEV)) with optimisation of network managementtechniques and billing services (Smart Metering) within the conventional power supplynetworks as well as increasing its safety security and Quality of Service (QoS) in suchintegrated networks for power supply and telecommunication [23 35]

The conceptual terms laquogridraquo and laquosmart gridraquo should not be confused The (intelli-gent) grid network solutions are used for time-consuming computing tasks (simulationplanning forecasting etc) based on (virtual) server clusters or supernodes with use ofconventional protocols of the Internet Nowadays grids are a weighting part of innovativecloud computing technology (for instance by IaaS Infrastructure as a Service) [30] whenthe (mobile) client access to computing power is very easy The most important task whichhas already become a ldquoclassicrdquo of the grid technology is a rational and decentralised


redistribution of computational workload between participating (virtual) servers clustersor supernodes in the computing life-cycle of time-consuming engineering scientific oreconomical tasks

Therefore the concepts of laquogridraquo and laquosmart gridraquo are co-related areas of researchBut the energy efficiency is not a direct scientific and technical challenge for purelycomputational grid technology [9] Heat and redundant energy occurs here only asby-product and even a harmful product (ldquoheat waste productsrdquo of modern networktechnology)

Active deployment of the environmentally friendly and thus laquogreenraquo smart gridtechnology goes on today in many developed countries for example Australia EuropeanUnion in particular Germany and Austria USA Canada Peoplersquos Republic of China andSouth Korea which would like to provide and reinforce their own energy independencefor the future Several leading research groups in universities carry out the correspondingresearch subjects on the mentioned area and already possess certain ldquoknow-howrdquo oftenin combination with innovative companies An example is the Kiwigrid Smart GridManagement Platform engineered in cooperation with Technische Universitaumlt Dresdenin Germany (TUD) [10] On this platform energy applications are offered through amarketplace and linked to data processing and analytics services A smart meter gatewayconnects devices and allows for an optimisation of power consumption

The slogan of the coordinated actions might be for all stakeholders as follows ldquoFromthe Internet of Data and Web Services to the Internet of Energy Servicesrdquo Nowadays thereare numerous international organisations and well-known companies that are developingthe technology and corresponding devices for smart grid Among them are IEEECENELEC Cisco Deutsche Telekom Siemens etc [2 4 9 16 21]

The existing basis for local-area solutions of smart grid is built on the followingwell-known network technologies Powerline Homeplug Worldwide Interoperability forMicrowave Access (WiMAX) PoE (Power over Ethernet) KNX LON (Local OperatingNetwork) Wireless Sensor Networks (WSN) (ZigBee EnOcean) etc [2842] But thereis also a necessity to develop integrative solutions for network decentralisation (one ofthe main principles of Internet construction) to improve its efficiency to facilitate use ofalternative and renewable energy sources (like wind solar EM-smog) and to stimulate thedevelopment of efficient energy storages (batteries peculiar energy depot) aimed to storeredundant or excess (electric) energy

To reach this goal we first need to formulate a list of scientific and technicaldevelopment challenges for an integrated network (smart grid) on the existing basis ofstandard network architectures then requirements for such networks and then to developits own basic models How will everything work together Consider the following twoscenarios

Example 52 What will be a middle-class network connection for a Small and MediumEnterprise (SME) in 2020 Only one cable or wireless link will provide the utilityservices such as electricity telephony Internet digital high-definition television and cloud


services Room heating will be realised via derivation and recycling of redundant energyfrom multiple (virtual) servers The wired and wireless automation of local-area as wellas piconets like Local Operating Network (LON) KNX Home and Building ControlStandard (KNX) ZigBee EnOcean will be used to serve and control the in-doorclimate Management of such integrated networks can be performed through EthernetLocal Area Network (LAN)Wireless Local Area Network (WLAN) links as wellas convenient protocols like Internet Protocol (IP) Internet Control Message Protocol(ICMP) Simple Network Management Protocol (SNMP) The program supportconfiguration and tuning of the intelligent network is realised with the use of mobiledevices (smartphones and tablets) mobile applications and through offered web servicesrunning in a cloud environment

Example 53 The scenario depicts a vision similar to one particularly involved Germancompany Siemens but is applicable to other companies with a similar portfolio Accord-ing to Fig 54 in the future smart grid is designed to connect four major components [16]which operate both as consumersproducers and electric energy storages The componentsare

Fig 54 AC ndash Alternating Current HVAC ndash Heating Ventilating and Air Conditioning PEV Smartgrid technology highlights inspired by Siemens


1 Intelligent buildings2 Electricity plants3 Electromobility4 Smart metering

Intelligent buildings also called intelligent homes for residential buildings are equippedwith solar panels and local-area networks for climate automation like Field Bus and WSNThese are connected to power plants enterprises for the generation of (electric) energyalso called AC plants based on conventional or alternative and renewable energy sourceslike wind solar and EM-smog Electric mobility based on hydrocarbon-electric hybridvehicles (PEV) that accumulate power and can afterwards ldquouploadrdquo it to the network leadto a strong electromobility Intelligent counters and meters for smart metering automate thecharging and billing processes They carry out the monitoring and network managementaimed at low-energy consumption on the basis of improved tariff models with respect tothe workload parameters and traffic both in analogy to packet-switched networks

The considered components 1ndash4 may both use and release the excess (electro-)energyand stored redundant currents in the network This leads to synergy effects betweenthe different consumers and producers of energy as the timing of the production andconsumption peaks differ widely Furthermore information technology helps to controlthe timing by being able to shift the peaks according to schedules An example is overnightdishwashing which can be programmed to happen at a particularly convenient time basedon electricity supply and cost

Electricity demands and ldquoGreen ITrdquo today Increasing demands of energy and signif-icant rising of ICT prices evoke the necessity of energy use efficiency which has to berealised over the entire IT life cycle ldquodesign ndash operation ndash modification ndash operation ndash rdquoThe ecological protection of the environment CO2 emission discharge economisationof the fossil resources and electricity power plays a very important role nowadays Theenrollment of renewable energy resources is required in operation of facility grids inoperation of IT and networks in disposal of waste energy and in the deployment of smartmeters for the user provider and equipment as well as power plants The correspondingenergy demands per annum by the years 2000 until 2015 are exemplarily shown for theserver and data centres in Germany in Fig 55

Based on the studies in the years 2010ndash2012 of the Borderstep Institute the followingthree tendencies became apparent

1 Since 2008 more and more attention is payed to the ldquoGreen ITrdquo solutions2 Considering as reference the year 2011 we can constitute that the electricity consump-

tion for the server and data centres in 2011 is approximately 14 TWh under the awaiteddemands within the ldquobusiness as usualrdquo In comparison to the ldquoGreen ITrdquo scenario the


16

14

12

0

8

6

4

2

02000

TW

hye

ar

2001

398 TWh

101 TWh

97 TWh

60 TWh

93 TWh

142 TWh

2002 2003

Green IT Business as usual Trend

2004 2005 2006 2007 2008 2009 2010 2011 2012

Borderstep 2010 ndash 2012

2013 2014 2015

Fig 55 Annual tendencies to electricity consumption for server und data centres in Germany

Table 51 The overall annual electricity demands in Germany

Year Electricity demands (gross) Primary (fossil) energy consumption

Overall Renewable energy resources Overall Renewable energy resources

[TWh] [PJ]

1991 5396 32 146 13

2000 5796 66 144 29

2005 6141 102 146 53

2009 5813 163 135 89

2015 600 326 133 125

demands are more than 23 TWh below despite of huge growth of the server and datacentres with significant reducing of the electricity costs of about 12 mia Euros (2011)

3 These partial electricity demands (97 TWh) are corresponding to approximately18 of the overall electricity consumption in Germany To compare to producethe mentioned amount of electricity four middle-dimensioned coal power plants arerequired

The overall annual electricity demands in Germany for some selected years are shown viaTable 51 The representation is based on the sources [1 41]


Fig 56 Forecast for the annual electricity consumption of telecommunications and IT branch inGermany

The simple empirical formula 51 can be taken into account for recalculating ofelectricity volumes With this formula and the given analysis a forecast for the annualelectricity consumption for telecommunications and IT branches until the year 2025 canbe calculated (Fig 56)

1 TWh D 03 PJ (51)

The forecast has shown that the annual electricity consumption of communicationand information businesses in Germany was significantly reduced since 2010 until 2015from 560 TWh down to 478 TWh ie approximately by 15 This important reductiontrend will be continued until the year 2020 and then stabilise at around 452 TWh

462 TWh in 2025 Therefore the positive development of electricity consumption of theseindustries can be distinguished In the given internal structure the cause of this overalldeclining trend becomes clear Successively the electricity demands in households publicand workspace IT areas are reduced In contrast the electricity demands for the dataand computing centres will be increased too based on the increasing data traffic Thisprognosis has foreseen a lot of implemented energy efficiency measures because of greatsocial meaning of ldquoGreen-ITrdquo processes in industrialised countries

How to advance and deepen the success of ldquoGreen ITrdquo in such countries There is thegreat variety of the possible approaches to smart grid implementations as follows

bull videoconferencing instead of business travelbull notes electronically (paperless) instead of on paper


bull reduction of unnecessary printingbull reduction of energy consumption in the use and productionbull sustainable product design and manufacturing durable as possible hardwarebull resource-saving programming (Green Software Engineering)bull reduction of CO2 emissionbull decentralisation of the networkbull QoS increase (efficient switching routing)bull use of alternative and renewable energy sources (wind solar thermal)bull optimisation of measurement and network management (smart metering and energy-

efficient web services)bull increase of network security safety and reliability

511 Services Architectures and Multi-level Models

The integrated architecture of smart grids has to repeat in a certain extent the well-known Open Systems Interconnect (OSI) network architecture (Fig 57) But it mustbe also multi-dimensional ie has to reflect not only the abstraction levels with multipledefined interfaces functions and services but the various types of network technologiesand domains of its use types of consumers and service providers device types accesscontrol techniques schemes to billing and payment for the consumed services

Fig 57 APL ndash Application NWK ndash Network MAC PHY ndash Physical A simplified architecture forsmart grids


Let us consider a selection of the existing multi-layered and multi-dimensional modelsfor smart grid which are oriented towards shared use of telecommunications

1 National Institute of Standards and Technology USA (NIST) Smart Grid ConceptualModel

2 IEEE Smart Grid Model3 A proprietary model of Cisco Smart Grid4 Common architecture of ITGVDE Smart Grid (Germany)5 Next development of model (4) the EU Smart Grid Architecture Model (European)

One of the first models developed in the area the model (1) called NIST Smart GridConceptual Model provides abstraction of properties of the integrated intelligent networkbased on a classic three-level representation encompassing the following levels (1) Powerand Energy (2) Communications (3) IT and Services [11]

The universal model (2) was engineered in IEEE working groups IEEE Smart Gridis a professional organisation for standardisation and co-ordination among the smartgrid stakeholders within IEEE Universality of the mentioned IEEE smart grid modelconsists in the creation and description of a meta-system called smart grid whichextends the rules interfaces and functions for individual intelligent networks to theso-called smart grid domains also based on the following three levels (1) Power andEnergy (2) Communications and finally (3) IT and Services IEEE shifted the focusof consideratioon to the second and third layer as the determining levels for the first layerelectricity distribution in smart grids [9]

The following proprietary model (3) was provided by the company Cisco one of theleading companies in the field of network technologies and products [2] The modeltakes into account the development aspects of integrated (mobile) power transmissionand telecommunications in the context of hardware and software that is produced by thecompany Nowadays Cisco provides design and implementation deployment and supportof infrastructure and services for smart grids as well as numerous communication systemsfor the power supply sub-stations automation networks (Field Area Networks) for powersupply nets provides data security (Cisco Switches Routers Firewalls like ASA-CX) forthe smart grid creates the virtual storage centres for data processing (network storagescloud computing) thus extending those capabilities of Wireless Area Network (WAN)architectures The Cisco Connected Grid Network Management Solutions (NMS) offer theinfrastructure access tools monitoring and management facilities for IP-enabled devicesintegrated into smart grid

Furthermore let us consider the advantages of a common architecture for smartgrid architecture proposed by ITGVDE Existing network technologies can be easilyintegrated into the framework of model (4) The installed services are independent of thebasic network infrastructure (as is the idea of OSI) The common architecture for smartgrids allows adequate modeling of integrated networks of energy and information supplyat different levels of abstraction Model (4) of smart grids can be used recursively or


Levels Smart Power Grid Services

PortalUsers

Smart PowerWeb Services

MarketPlace Portfolio

TechnicalServices

Standardized

Middleware

Proprietary

NodesComm andtransportchannels

VirtualTools

NW

NW

GW ServiceProduction

Tools resourcesAU Automation

MonitoringAC Energy

SupplyNWTelco

Metering

Metering

Metering

AC

AC

AU

AU

Consumers1

2

3

4

Fig 58 GW ndash Gateway AC ndash Alternating Current (energy supply nets) AU ndash Automation (andmanagement) networks SPGWS ndash Smart Power Web Services NW ndash Network Metering ndash controland telemetry Market Place ndash allocation and reselling of services Common 4-layer architecture forsmart grid [18] and the types of energy supply and data supply services (1) consumers (2) servicesand virtualisation (3) info-objects and service communication (4) infrastructurephysical layer

hierarchically to describe the inter-operability between different providers offering theirservices (Fig 58)

bull Communications in particular mobile communicationsbull Electrical energy supplybull Smart metering including intelligent control and telemetrybull Smart power web services

A typical service for smart power distribution would be the brokering of excess productionin households ie micro-plants In such scenarios power is produced by roof-topsolar installations private wind turbines as well as thermal sources Depending on thecompensation of feeding energy into a grid profit for selling it to a nearby user or abenefit from using it for custom purposes such a brokering service guides the producer ofelectricity to a decision


Fig 59 Domains DER ndash Distributed Energy Resources GTD ndash Generation Transmission Distri-bution (production) CP ndash Customer Premise (delivery) Zones Process Field Station OperationEnterprise Market (PFSOEM) EU Smart Grid Model and Architecture [6] (1) business layer (2)function layer (3) information layer (4) communication layer (5) component layer

The presence of the common architecture of smart grids provides nevertheless a widefield for activities and describes the ability of the model to absorb innovations [5 18]

As the development of this well-known and recognised model (4) progresses a morecomplex multi-dimensional European model (5) called EU Smart Grid Architecture(Fig 59) should be considered The model possesses its five component layers as followsBusiness Function Information Communication and Component as well as two furtherdimensions called Domains and Zones [6 22]

Example 54 From the viewpoint of the telecommunications department at DresdenUniversity of Technology [26] ldquo in a green world renewable energy sources are the keyto reduce the CO2 footprint These energy sources are typically non-stationary This factorrequires much more complex control of the grid To enable this the energy distributionnetwork has to become more intelligent due to new services distributed generation ofenergy (virtual power plants) and new safety and security requirements It will finally


Fig 510 LV ndash low voltage MV ndash middle voltage (1) MV part of substations (2) LV part ofsubstations (3) street cabinets (4) substations (MV+LV) (5) interruptions (open meshes) Smartgrid representation as a PLC

be a Smart Gridrdquo Nowadays new demands on reliability and security to the supportcommunication network appear The discussed approach enables close system integrationoptimal distributed power generation via virtual power plants efficient control on theelectricity distribution and deployment of new network services which are becomingmore intelligent simultaneously It has been proven that a particular attention should bepaid under current conditions to the deployment and use of PLC technology (Fig 510)

Smart grid development trends The European Commission by way of their DirectorateGeneral for Communications Networks Content and Technology in Brussels also believethat smart grids will play an important role in increasing the importance of renewable andalternative energy sources for low-energy consumption delivery savings and decreasingthe CO2 emission Without integration between telecommunication and informationnetworks the established goals are unattainable Smart grid is therefore a significant partof the long-term research and technology development program called Horizon 2020 [6]

The German Association of Electrical and Electronics Engineers VDE (in GermanldquoTechnisch-wissenschaftlicher Verband der Elektrotechnik und Elektronikrdquo) insists onplanned efforts for transforming of the traditional electricity networks and the creation


of intelligent nets In several European countries this approach has become a significantpart of the national energy policy In this case it is not about some individual decisionsfor ldquoseveral thousand kilometers of cable or 100 million eurosrdquo Instead integratedsolutions for the smart grid must be developed during a middle-term period The mainobjective is as follows re-construction flexibility of the entire system re-design withelements of the modernisation of infrastructure increasing of capacity and number ofpower plants [18]

Meanwhile the approaches in the development of smart grid systems in the worldeconomy are very individual Let us consider some of them in detail

1 Australia The orientation to the development of intelligent energy supplying networksand smart grid has been taken in 2009ndash2010 WiMAX networks play an important rolein the frame of smart grids as a transport for support of applications for sub-stationautomation hybrid electric vehicles (PEV) as well as for domestic smart meters socalled IHD (In-Home Devices) However the final implementation of smart grids inAustralia is constrained by the lack of appropriate multilateral obligations between theproviders The inter-operability between the stakeholders has to be developed aimedto maintenance of communication networks that are integrated into the smart gridThe other limiting factor is a relatively small number of charging stations for electricvehicles despite obvious increases

2 China In the frame of the ldquocurrent five-year planrdquo for the Peoplersquos Republic of Chinaa construction of a national-wide monitoring system for national energy networkshas been started titled WAMS (Wide Area Monitoring System) The WAMS usesthe offered devices called PMU (Phasor Measurement Units) from selected Chinesemanufacturers to improve the reliability and security of the national smart gridsolutions Electrical energy production and distribution as well as broadband datachannels are tightly and restrictively controlled by the state Therefore complianceand conformity with existed standards and processes on the way of transition to anational smart grid is practically guaranteed There are already more than 60 millionsmart meters installed in China [44] although studies about the operations experienceare rare

3 South Korea The state plans until 2030 to reduce the overall consumption of conven-tional energy sources by 3 and electricity by 10 despite rising industrial demandsdue to the implementation of a nationwide smart grid The start has been taken in 2009the planned amount of investments for the system development for the next 20 yearsis about 24 1015 USD in equivalent to the national currency in South-Korean Won(KRW)

4 European Union The development of intelligent networks towards smart grid isa part of the European Technology Platform for the period up to 2020 devel-oped by CENELEC (in French ldquoComiteacute Europeacuteen de Normalisation Eacutelectrotech-niquerdquoEuropean Committee for Electrotechnical Standardisation) [4] The committeeCENELEC is occupied in charge of European standards in the field of electrical


engineering Together with ETSI (Telecommunications Standards Institute in the EU)the committee works on a European system of technical regulation and standardisationincluding the mentioned smart grid techniques models and tools

5 USA The support for smart grids became a part of the US federal policy towardlegislatively approved energy independence and security of one of the strongesteconomies in the world The amount of investment towards the middle-term develop-ment of this new technology will reach up to 11 trillion dollars ie 11 1012 USDaccording to plans from 2009 The short-term budget is however about 45 billiondollars according to the Recovery and Reinvestment act [17] Private microgrids arepart of the overall plan to turn the energy network into a bi-directional one similar tocommunication networks until the year 2030 On a global scale about 4000 megawattsare currently contributed by microgrids [36]

Example 55 An example of a connected smart grid and cloud computing implementationis given below Due to use of todayrsquos powerful high-end servers within the contemporarydata centres with the installed broadband optical links (so-called Fibre Channel) asignificant amount of heat stands out as a harmful by-product Some companies occupythemselves already with the mentioned problem and are developing their own solutionsfor the disposal of heat excesses for eg domestic heating and air-conditioning facilitiesor HVAC (Heating Ventilating and Air Conditioning) An imaginary joint-stock companyECO-Cloud is situated in a city of about 500000 to 1000000 habitants in Western Europeand acts as a data centre and cloud provider Several corresponding products and solutionsare offered cloud products (own virtualised data centre) and heat products (own smartgrid)

The temperatures of the servers can reach up to 55 degrees with water heat canalisationand dissipation The system of the waste heat recycling delivers a PUE of approximately106ndash115 Multiple clients use HVAC facilities in the city of the ECO-Cloud offices aswell as in other remote sites They could obtain up to 30 of cheap heat and warm waterfrom the mentioned clouds immediately The facility grids companies act as partners forthe ECO-Cloud with further 70 of the clients (users of the Internet standardised dataand cloud services) The waste heat distribution principle (based on [39]) is presentedin Fig 511 The company ECO-Cloud uses virtualisation technologies to create thecomputing storage and networking infrastructure The solutions are based on integratedcloud stacks as technology set

The clients use the in-door located services of virtual computing centres Hybridclouds with standard services spanning across company-internal and ECO-Cloud-hostedmachines are offered via ECO-Cloud too The IT resources such as operating sys-tem applications run-time platforms test and development environments as well aspurely processing power memory or network capacities and much more can be madeavailable to the users if necessary The computing centres encompass standardisedcloud services like Infrastructure-as-a-Service (IaaS) Software-as-a-Service (SaaS) and


Fig 511 Waste heat distribution principle

Platform-as-a-Service (PaaS) as well as specific compute applications (compute serviceRAIDRAIC SAN NAS cloud stacks web hosting virtual operating systems file storageand sharing) [38] Redundant heat as a ldquoby-product of processingrdquo is withdrawn via serversin 19-racks into the energy storage which provides circulation of hot water in the pipeswithin a building and heating of potable water The central system for HVAC facilities issupported via use of PoE (Power over Ethernet) as well as wired and wireless automationLANs

While ECO-Cloud is an imaginary company nowadays multiple companies havespecialised on such business models An example is the former Helsinki electricity stationwhich still contributes to municipal heating due to diverting excess heat from the serversand racks installed in it nowadays The next two detailed examples will highlight additionalconcrete cases

Example 56 Similar principles are used by the high-tech company CloudampHeat Tech-nologies [39] The analog to the mentioned technical solution provides a lower PUE valuedown to 106 by the middle Tcpu D 55 ıC compared with the conventional grids and cloudsolutions where it is necessary to remove the excess heat as by-product to install more air-conditioning devices and provide them with power supply The construction of the waste


Fig 512 Redundant heat and energy recycling in the systems of smart gridcloud computing onthe example of CloudampHeat (Based on source wwwcloudandheatcom)

heat distribution can be depicted as in Fig 512 With such a construction up to 30 ofheat and warm water supply can be retrieved from the on-site cloud facility

Example 57 Another concrete example is IBH an innovative and customer-focusedcompany IBH provides the following services

1 Internet services including Internet access channels like SFV DSL MPLS or Metro-Ethernet

2 Hosting services for servers and complex IT installations as well as Application ServiceProviding (ASP)

3 Cloud computing services4 Domain registration and management as well as security certificates5 High-reliable fault-redundant three-phase Uninterruptable Power Supply (UPS) up to

4400 kVA


Thus the waste heat from the data centre can be used for the heating of the buildingThe lost unusable waste heat from the computing centre is ecologically cooled via thedeployment of so-called ldquoindirect free coolingrdquo which enables an extraordinary highenergy efficiency for the computing centre ie a value of PUE lt 12 is attempted [8]

Example 58 Surely ldquogreenrdquo means a significant PUE improvement The ldquostate-of-the-artrdquo in a data centre today is to increase the temperatures in the server room gradually Thegeneric empirical ldquoformulardquo is in force see Eq 52

T D 1ıC H) PUE D 2ndash4 (52)

The formula expresses that an extra degree of heat gives 2ndash4 of energy efficiencyimprovement Energy efficiency improvement considers therefore its minimisation to thevalue PUE of about 10 with the same further decimal positions after the comma and thefirst zero

From formerly freezing air temperatures of T = 1112 degrees up to above 1617 degreesas the longtime standard for data centres the servers are nowadays being cooled down tothe rather warm level of 20ndash22 degrees without problems [31] With innovative solutionsindoor air temperatures are even increased up to 2324 degrees Very brave installationsare set up to go with the supply of air temperatures even higher than that The realitylies behind the technical possibility which means still far behind only 20 to 30 ofdata centre operators are already pursuing concepts and solutions for ldquohigh-pushing thetemperaturesrdquo [32]

Optimisation of cloud services for smart grids Google achieves a PUE of 112 due tofurther optimisation of hardware waste heat recycling systems and building constructionfeatures like improved air circulation reuse of waste heat and further techniques Thismeans that only 12 of energy required for computing is used not by servers as com-puting entities but by other services like air conditioning energy distribution lightingsurveillance systems and diverse building automation systems

Due to the ratio which is equal with and without consideration of time the PUE isdetermined as follows

PUE Dtotaldatacentreenergy

ITequipmentenergyD

totalpower

ITpower(53)

According to the Uptime Institutersquos Data Centre Surveys which track the average PUEin data centres by collecting survey responses there is a clear trend of reduction whichin the year 2007 was reported to be around 25 [19 40] The first survey in 2011 reportedan average PUE in the domain of about 189 As the fifth survey published in 2015 tellsthe PUE was reduced to 17 This means a significant improvement on the side of Googleeven though more than half of the data centre operators plan for a medium-term PUE of15 or less


Fig 513 Optimisation of cloud services for smart grids parallel computing and big data

The PUE thus becomes an attractive optimisation goal for service providers It affectsthe operational expenses whereas other optimisation targets focus more on capitalexpenses for the procurement of goods including the average server refresh rate whichcan be increased with high-quality hardware and good maintenance and repair servicesagain involving operational expenses Equation 54 formalises the operational goal aroundthe PUE optimisation

MaxPUE^

QoS Constraints_


Where Costsmax QoSmin are the cost and quality of service constraints ie maximumPUE by strictly given QoS and cost constraints

In the third phase where we are now (maximum PUE by strictly given QoS and costconstraints) the following options of further improving the energy efficiency are attractiveand will most likely be used for contemporary data processing services (Fig 513)

1 Simultaneous operating of as few units as possible thanks to service and resourcevirtualisation increased resource sharing and load balancing

2 Better load utilisation of operating units eg by dynamic operation of serversdistribution of virtual machines and scheduling


3 Using of more energy-efficient units (measured in Watt per GHz) to need less energyfor cooling

4 Optimised selection of location eg in cold regions close to rivers free cooling5 Reuse of waste heat eg for building heating or warming of potable water6 Use of a mix of local or regional energy producers to reduce transmission losses This

requires a smart energy grid and brokering ie a marketplace application in the cloudto work on a larger scale

Waste heat models To optimise the PUE it is essential to understand how to modelwaste heat and in particular the transport of waste heat The direction of transport isfrom the non-optimal computing equipment in particular CPUs acting as excess heatproducers to water or air as excess heat consumer media To understand the physicalbackground knowledge from the field of thermodynamics kinetics and green computingneeds to be combined Through more precise and fitting models the utility of smart gridswhich combine power systems and computing systems will be increased

The model will be derived from a state-of-the-art data centre perspective 9-inch-racksaccording to the norms EIA 310-DIEC 60297 are widely be used for the data centre andcluster construction The slots for such racks are called units or height units in jargonsimply 1 U One rack unit counts 175 inches (4445 mm) of height The following set ofunit dimensions H W D is wide-spread (Eq 55)

H D 17500 D 4445 mm D 1 U

W D 1900 D 482 6 mm

D D 600 800 900 mm

(55)

The 1900 rack containing the units has the following fixed dimensions The width W is19 inches (4826 mm) and gave the name to this standard The depth is derived directlyfrom the unitrsquos D The height H is determined by the industry standard for a rack cabinetwhich is 42 U and hence 4445 mm 42 D 18669 mm D 187 m These dimensions aretaken as input to a simplified Boltzmann waste heat transport model Excess heat recyclingand transport can be formulated and solved for the following constructions are given inFig 514 The shown principle of the removal and recycling of the energy can be usedfor the additional HVAC capacities within the civic administrative as well as industrybuildings

In the general case the Boltzmann model is linked to the Boltzmann ThermodynamicEquation (BTE) which for the heat balance can be given as specified in Eq 56

Pa D cmmmdTs

dtC PtI Pt D

SCTs Tw

RTI RT D

lmT

mT(56)


Fig 514 The waste heat recycling and transport principle (a) rack with units (b) unit with wasteheat removal device

In this equation Pa is the power absorbed by the system and Pt is the useless (excesswaste) power expended to the thermal conductivity Ts is the temperature of surface andTw the temperature of cooling liquid or cooling gas for example water cm is the thermalcapacity of heated materials and mm their corresponding mass RT expresses the thermalresistance of heated materials which depends on their temperature Finally m and lm referto the thermal conductivity and the thickneck of material respectively

Taken into account that for the stationary regime of heat exchanging the quotient of dTs

and dt becomes 0 the equation system can be rewritten as follows (Eq 57)

Pa D Pt DSCTs TwmT

lmT (57)

Based on the equation to build the waste heat model one now onsiders the complexthermodynamic problem of the cooling processors units as a task of simulation of a regularthermodynamic system In this system the sources of heat are named S Their squaresurface is similar and equal to a b and the distance between cooling units is named lAmong the length of cooling units a tube T with cooling liquid or gas is mounted Theheat is transferred along the tube with the velocity vc The corresponding model of thecooling system is plotted in Fig 515


Fig 515 Generalised structure of cooling process for two processors unit (1) cooled downprocessor unit with the dimensions a b and the square Sc D ab (2) tube T with the coolingliquid or gas

The accuracy of the estimations for the temperature of crystal surface Ts temperatureof cooled liquid or gas Tw and of the power given by Eqs (56) (57) is not very high dueto multiple thermodynamic processes which act during the interaction between heated andcooled materials surfaces Those processes are not taken into account for the simplifiedexplanation In general the accuracy of such calculations is not greater than 30 Inany case these calculations for solving BTE can give the necessary recommendationsto engineers for elaboration and using of cooling systems For example the suitablerecommendations for the design of the cathode cooling systems for glow dischargeelectron guns were formulated and described as theoretic techniques in papers firstTherefore a similar approach for thermodynamic models computing is possible too Theuse of massive computing power for instance HPC allows for obtaining a higher accuracyin solving thermodynamic equations with finite elements

The presented BTE model can be decomposed into three subordinate models Themodel BTE1 is aimed at waste heat removal based on the cooling liquid or gas within thetube T in the area of a processor unit S The heat removal is carried out via a compoundadapter The second model BTE2 is dedicated to cooling down of the cooling liquidafter its heating in the tube T in the area between the units The length of this area is lcorrespondingly to Fig 515 Model BTE3 is the combined model of the models BTE1and BTE2 for a rack with N units

When solving the equations associated with the models BTE1 through BTE3 thefollowing observations can be drawn The PUE resulting from BTE1 and BTE2 is close to12 for both and about 13 for BTE3 These results match the state-of-the-art PUE factorsin data centres with standard cooling More details formulas and theoretic considerationscan be found in a relevant publication [34]

The estimations for temperature of CPU crystals (within the units) for temperatureof cooling liquid (waste heat removal) and the PUE evaluations based on the mentionedmodels have been considered in [25 33 43] The dependencies of PUE are given in


2

28

26

24

22

2

18

16

14

12

110 15 20 25 30 35 40 45 50

P = 500 WP = 400 WP = 300 WP = 200 WP = 100 W P = 500 W

P = 400 WP = 300 WP = 200 WP = 100 W

P = 500 WP = 400 WP = 300 WP = 200 WP = 100 W

PUE1 rel unit

PUEΣ rel unit

PUE2 rel unit

15

110 15 20 25 30 35 40

3

28

26

24

22

2

18

16

14

1210 15 20 25 30 35 40 45 50

45 50litermin

vel litermin

vel

litermin

vel

a b

c

Fig 516 Modelled PUE dependencies on the dissipated power of the processor units and givenvelocity of water flux based on the model BTE1 (a) BTE2 (b) BTE3 (c N=10) Modeled PUEvalues for ldquogreenrdquo data centres and clouds are about 106 under use of the efficient cooling processgood agreed to the ldquobest practicesrdquo

Fig 516andashc correspondingly These depictions describe the obtained PUE values for theabove-mentioned models BTE1ndash3 and are completely in line with the ldquobest practicesrdquodiscussed in the examples V4ndashV7 in this chapter as well as in the literature

Note Additional material on waste heat modelling and recycling is available ascomplementary digital-only material from the publisherrsquos website

512 Smart Grid Enabling Network Technologies

Enabling networking and communication technologies for smart grids offer wirelessconnectivity between devices Six such technologies are of particular interest

1 PLC outdoor as well as indoor as homeplug2 Bluetooth v42 WPAN


3 ZigBeeEnOcean sensor piconets4 6LoWPAN as fog computing predecessor5 WiMAX networks specific to some regions with sufficient coverage6 Partially LTE5G which are discussed in other chapters as alterantive to WiMAX

Let us discuss some of them to understand their characteristics better

Powerline PLC PLC networks are oriented to use electrical supply networks (grids)for data and voice transfer This is an important enabling technology for IoT and smartgrids The network transmits data or voice by superposition of an analog signal over thealternating electric current (AC 5060 Hz) PLC in the WAN area offer a kind of DSLconnection via a power cable between providers and users

bull 1536 subcarriers with 84 best frequencies in the range 2 34 MHzbull Data rate per station of about 15ndash205 Mbitsbull Variants of WAN PLC are BPL and NPL NPL (Narrowband over Power Lines) with

data rate of 15 Mbits and BPL (Broadband over Power Lines) with data rate of205 MBits

PLC in the LAN area are more suited to applications within buildings PowerLAN presentshousehold electrical lines with a voltage of 230 V and a frequency of 5060 Hz foradditional data transmission

For such installations Orthogonal Frequency-Division Multiplexing (OFDM) isdeployed for converting digital signals into analog signals similar to XDSL or WLANMost PowerLAN standards work in the high frequency band F D 2 68 MHz so thatthey do not interfere with the electric current frequency and with the aim of achievinghigh data rates Power supply networks as low voltage networks are usually three-phasesystems In the private sector the HomePlug standard thus achieves gross transfer rates ofup to 14 Mbits (regular HomePlug) 85 MBits (HomePlug Turbo) 200 Mbits (HomePlugAV) and even 500 Mbits (IEEE 1901) The standards HomePlug AV (200 Mbits) andIEEE 1901 (500 Mbits) are fully compatible with each other The maximum range ofHomePlug adapters is however limited to 300 m under ideal conditions and much lesswhen obstacles are in the way

The PLC usage main problems and violations are

bull line lengthbull interferencebull interoperabilitybull price

Longer lines mean the occurrence of attenuation effects which limit the transmission powerand hence reduce the receiverrsquos ability to process the signals effectively leading to a


Fig 517 WiMAX flexible architecture

reduced data rate The interference comes from the workload and household machinesThe interoperability with Wi-Fi is not guaranteed as producers are unable to agree on acommon standard Finally such systems are still subject to a relatively high price

WiMAX networks The architecture components for WiMAX networks are depicted inFig 517 Among the WiMAX components are

bull SSMS Subscriber StationMobile Stationbull ASN Access Service Networkbull BS Base Station a part of ASNbull ASN-GW ASN Gateway a part of ASNbull CSN Connectivity Service Networkbull HA Home Agent a part of CSNbull NAP Network Access Providerbull NSP Network Service Providerbull ASP Access Service Provider (IP)

The most important interfaces are R1 R2 R3 R4 R5 (refer Fig 517) The use of WiMAXis regional specific It is frequently used in South Korea South Africa (named iBurst)


and the Slovak Republic as well as in urban areas in other countries An example isHeidelberg in Germany But commonly the WiMAX networks found however a relativelysmall acceptance compared with LTE In fact many former deployments have been shutdown already for instance by Sprint in the USA Still about one billion people can becovered

The maximum distance for signal transmission is about 3ndash10 km

Sensor pico nets As opposed to the previously discussed network types which emphasisequality of service and cost requirements wireless sensor (pico) networks (WS(P)N)additionally put emphasis on various aspects of energy efficiency A WSNrsquos energyefficiency is a significant prerequisite for its lifetime low maintenance cost and highreliability First a short overview about WSN systems will be given Then the mostimportant compromises or trade-offs between the diverse factors will be discussedespecially those which influence energy efficiency and service quality on any networklayer

WSNs have already become a mature technology and play an increasingly importantrole for industrial production intelligent houses automated buildings and observationin the free space in agriculture and forestry ecology and ship transport This list ofapplications of WSNs is however far from being complete Advanced WSNs replace incombination with WLAN and WiMAX networks conventional communication systems formulti-function network services and automation systems

A general sensor network consists of a number of distributed and independent sensornodes (SN) with radio modules These are capable of capturing technical or environmentalparameters There are many different sensor types and technologies of which two shallbe considered (Table 52) Common to all these technologies is the issue of energy-efficient operation of the resulting sensor networks Energy-efficient sensor nodes arecharacterised by durability interoperability and assurance of quality of service levels(QoS) within constructed WSNs Furthermore they are highly reliable and contain cost-efficient customisation mechanisms

Table 52 Characteristics ofwidely-used WSN systems

Property EnOcean ZigBee 802154

Frequency MHz 868 2400

MAC layer Beacon Beacon CSMA

Topology Starmesh Starmesh

Data rate KBits 125 250

Number of nodes 232 D ca 4 milliards 216 D 65536

Security ndash AES

Energy consumption Very small Small

Collision probability Very small Small

Energy harvesting Yes No

Range m 30ndash300 10ndash75


Fig 518 Structure of a WSN

The usual frequency bands F for WSN are F D 315 916 MHz (Mica2 Mica2Dot)and F D 24 GHz (ZigBee IEEE 802154 Imote) The usual transmission ranges ofsensor nodes can be from 30 up to 150 m The energy consumption is about 1000 mW forsending and receiving data 100 mW in idle mode and 005 W in sleep mode The averagetransmission power is PTx D 4 10 dBm To guarantee the requirements concerningenergy efficiency and real-time behaviour only short data packets (telegrams TL

100 bytes) with relatively small overhead are being used The state transition of a sensornode (SN) requires energy and slows down the network overall

The approach of energy harvesting allows for the extraction of energy from theenvironment and thus for a reduction of battery power consumption (Fig 518) Theexclusive energy supply of sensor nodes with energy harvesting is however not possibledue to the lack of steadiness in the used energy sources Therefore the nodes have to beplaced with care Furthermore an optimisation of routes to the gateway (GSNGW) isrecommended

The software used on the nodes (operating system applications libraries middleware)has to be very compact The executed tasks and the data to be processed often have to


be scheduled preliminary and grouped with telegram aggregation For the minimisationof the energy consumption of the communication (SN ndash SN and SN ndash GW) and forincreasing the performance of the gateway concepts such as caching threading andredundancyreplication are to be considered The task processing in the applications isevent-based [45] As operating system for the sensor nodes Tiny OS is often used It hassmall requirements on memory and processing power

Design of energy-efficient wireless sensor networks Requirements and methodsImportant properties of energy-efficient WSNs are

bull Efficient batteries with long lifetime in the sensor nodes possibly combined withenergy harvesting

bull Energy managementbull Efficient protocols in the layers 2 and 3 with reduced traffic and low overheadbull Efficient operating systems and applicationsbull Optimised topology including hierarchies and clusteringbull Redundant planning and functionality reservesbull Combined approaches in a cross-layer design

Multi-layered design Nowadays the design of WSNs is supported with a variety ofenergy management methods and planning tools The cross-layer approach combinesexisting models methods and tools within one integrated framework and offers significantadvantages due to the holistic appreciation of values between requirements of energyefficiency and service level The methods for designing energy-efficient WSNs can beclassified in a layered architecture as follows

bull Hardware focusing on the physical (PHY) layerbull Focusing on the MAC layerbull Focusing on the topologybull Focusing on routingbull Focusing on applications

An attempt for a corresponding classification of methods usable for the design of energy-efficient WSNs is shown in Fig 519

Efficient energy management for WSNs primarily means that the overall powerconsumption of a WSN must be reduced by optimising the consumption of its sensor nodesexpressed in Wbit or Wevent Such an optimisation leads to an extension of parameterswhich indicate the lifetime (time-to-live TTL) expressed in 1000 h or 100 d The followingparameters are common T1 ndash time until the failure of the first sensor node T2 ndash time untilwhich 50 of all nodes fail T3 ndash time at which the network splits into multiple partitionsor ldquoislandsrdquo T4 ndash time until the surface coverage of the network is reduced The TTLparameters are explained in Eq 58


Fig 519 Classification of design methods for energy-efficient WSNs

The cross-layer construction of WSNs needs to consider the mutual influence of theconflicting requirements energy efficiency and service level Appropriate compromisesneed to be found

bull Hardwarendash Higher transmission frequency more data per TDMA slot as well as more compact

components but more complex modulation techniques and higher energy consump-tion requirements

ndash Lower transmission power less energy consumption upon transmission but lowersignal-noise ratio (SNR) and lower data throughput

ndash Lower current of the components (cf Fig 520) lower energy consumption of theCPU but correspondingly lower CPU speed

ndash Higher battery capacity longer lifetime but larger physical dimensions This isalso true for energy harvesting approaches which require sufficiently strong energysources and batteries in order to adjust the non-continuous energy supply

bull MAC layerndash Longer sensor duty cycles in communication protocols (eg synchronous

on-demand TDMA or Advanced Asynchronous CSMACA with RTSCTS orRendezvous) improved degree of utilisation but also higher latencies


Fig 520 (a) Dynamic voltage scaling (b) Capacity of batteries and energy harvesting devicesApproaches to optimise the energy consumption

bull Topologyndash Cluster of nodes following a unified scheduling scheme with lower duty cycle lower

power consumption in sensor nodes through shorter distances but higher latenciesthrough overhead and higher energy consumption at the cluster head

ndash Dense WSN with redundant nodes higher availability and reliability but alsoincreased traffic and therefore more collisions of data telegrams as well as morefrequent timeouts

bull Routingndash Highly developed routing algorithms (eg geographic routing) increase the reliabil-

ity of the message transfer but cause higher routing complexity and therefore morelaborious routing adaptations in cases of topology changes

bull SoftwareApplicationsndash Compact operating system and further software components due to limited CPU

speed and RAM capacity better resource utilisation but lower precision throughdata aggregation as well as a necessity for special algorithms for distributedstatistical pre-processing of large volumes of data


These compromises (trade-offs) need to be accounted for in the design phase to achievethe goal of durable WSNs with high QoS high reliability and interoperability betweenthe nodes The stored energy density can vary between 10 and 10000 Wcm3 Thedetermination of TTL parameters can be performed by considering the following factors

minTTL D ˛ıq

ıxPTx F d DR SNR TL OH (58)

Hereby q refers to the battery charge [mAh] F and PTx to transmission frequency andpower d to the average distance between nodes (hop distance) DR to the data rate TL tothe average size of a data telegram and OH to the overhead in each data telegram is acentralised Gaussian random value whereas ˛ is a logarithmic decrement value

Topology optimisation The most important decision when designing topologies of aWSN is the choice between single-hop and multi-hop routing methods

The following aspects are to be considered Who communicates with whom (starcluster or mesh) incomplete knowledge about the topology only information about thelocal environment is known frequent topology changes on-offboarding mobility aspectsrouting algorithms and of course the energy efficiency of the resulting solution

The degree of freedom for the decision can be described as a triangle ldquotopologyndash routing ndash energy radiationrdquo which is displayed in Fig 521 The power radiation ismodelled as follows

PRx D KF˛d K D PRxdref (59)

Whereas PRx refers to the receiver field force F to the sender frequency d to thedistance and PRxdref dref to the measurable reference receiver power and distanceK ˛ are model constants from the free space damping model

Clustering in WSN When nodes of a WSN are distributed in fixed installations thehardware will degrade over time After some years some of the nodes may fail or thebattery capacity may be depleted In such cases it is important to consider the correctplacement of the nodes to avoid missing hops for the transmission or even partitionednetworks in which between any two nodes one from either partition any communication ispossible Failures and ldquodesertificationrdquo effects are depicted in Fig 522 Optimal clusteringand a certain amount of transmission link redundancy is therefore required

LEACH description Low-Energy Adaptive Clustering Hierarchy (LEACH) is analgorithm which clusters nodes so that the communication between any two nodes orbetween any node and a base station is routed through cluster heads The nodes that werealready cluster heads (CHs) cannot play role of CHs for next 1

p rounds where p is thedesired percentage of cluster heads in the network Furthermore each node possessessome probability Z lt Tn to become the cluster head in a new round At the end of


Fig 521 Topology ndash routing ndash energy radiation Energy efficiency via topology and routing

Fig 522 Failures and ldquodesertificationrdquo effects [37]


the round each of the nodes which have not become head calls the next CH and becomesa only cluster member (Join Cluster) Then each of the CHs have to establish a plan (clusterschedule) for each node This enables a successful data transfer for its own cluster

bull Spatially distributed applications with data aggregationbull Cluster Heads (CH) are defined locally and randomisedbull They have to be periodically replacedbull Energy efficiency

Figure 523 shows the LEACH algorithm in an example to increase the lifetime of piconets

Sensor piconets ZigBee and EnOcean Both technologies ZigBee and EnOcean areenablers for smart grids and important for IoT and fog computing Their characteristicswere already identified earlier (remember Table 52) They found their usage for intelligenthome process control robotics automotive and aviation The components are sensors vsactuators (servomotors pumps heating controls) The typical bottlenecks are batteriesaccumulators privacy and anonymity Due to a limited amount of energy they havetherefore less reliability and more expensive maintenance This is the reason why energyharvesting ie use of ambient energy (solar EM smog noise ) is a very importantoption

bull solar radiation consider during the installationbull reduction of maintenance costsbull cheaper materialsbuilding materials

WPAN ZigBee The name ldquoZigBeerdquo derives from the zig-zag dance of the bees by foodsearching ndash in analogy to the traffic in a meshed network ZigBee is designed as a WPANeffectively a low-data rate PAN and uses IEEE 802154 specifications for the PHY andMAC layer as shown in Fig 524

A short history of ZigBee systems

bull 1998 ndash ZigBee launched by Philipsbull 2001 ndash IEEE 802154 based ZigBee Group foundedbull 2002 ndash ZigBee Alliance founded (Philips Mitsubishi and 230 other companies)bull 2005 ndash first ZigBee products appaeared on the marketbull 2007 ndash current standards ZigBee 2007 release

ZigBee products fully conform to the requirements of low-rate wireless PANs with thefollowing features

bull low data ratebull long battery life


Y Y

X X

Surviving nodes []

Life durability [days]

14000

100

50

700 1050350

Direct connected Static clustersLEACH

a

b

Fig 523 (a) Different LEACH cluster heads in the neigbour rounds the round 1 and round 2 (b)Clustering by LEACH better surviving LEACH approach to clusters head asssingment long lifepiconets [37]

bull secure networking with AES encryption and WPA2 authentication

There are three roles for ZigBee devices

bull ZigBee End Device (ZED)bull ZigBee Router (ZR)bull ZigBee Coordinator (ZC)


Fig 524 ZigBee layer model(Own representation)

The ZigBee End Device (ZED) is a simple device such as a light control It implementsonly part of the ZigBee protocols and is therefore also called RFD (Reduced FunctionDevice) One is logged on to a router of their own choice then they form a star topologywith it The ZigBee Router (ZR) refers to FFD devices which can act as routers Onecan log on to an existing router by forming a tree or mesh topology Finally the ZigBeeCoordinator (ZC) is a special router within a PAN It takes the role of coordinator Thus itcontrols the basic parameters of the PAN and manages the network The general topologyof ZigBee systems is shown in Fig 525

ZigBee systems operate in the ISM band with a frequency of F D 24 GHz and datarates of DR D 025 MBit=s for a range of 10ndash75 m In the MAC layer either CSMACAis implemented or so-called Beacon signals are sent similar to how a lighthouse worksThe Beacon signals are sent by a cooperating station after longer communication idlenessintervals All network participants within the proximity will become ready to receive for acertain amount of time Collisions become unlikely with this technique

ZigBee offers compatibility to alternative solutions on the layers 1 and 2

bull USA and China ndash 902915 MHz 40 kBitsbull Japan ndash 928 MHzbull Other Asian countries ndash 315 MHzbull Europe ndash 868 MHz 20 kBits


Fig 525 (a) Star vs P2P (b) Multi-hops ZigBee topologies

However more possible interferences with existing WLAN networks need to beconsidered The most important applications of ZigBee products are

bull Structural Health Monitoringbull Facility Managementbull Smart Metering usw

The next rival is EnOcean

WPAN EnOcean The company EnOcean located in Oberhaching near Munich belongsto Siemens EnOcean a system of wireless sensors with power self-supply by energyharvesting is broadly used in the area of building automation They are similar althoughalso distinguishable from ZigBee systems as shown in Fig 526


Fig 526 Sensor piconets ZigBee and EnOcean in comparison CO2 reduction from Airbus planeswith sensors and home automation with thousands of sensors in the Torre Espacio in Madrid a56-floors building (Sources airbuscom eswikipediaorg)

EnOcean offers a high energy efficiency by combining the transformation of locallyavailable environmental energy with dynamic voltage scaling and very short duty cyclesEnOcean systems have been practically known since the year 2001 In 2008 the EnOceanAlliance has emerged from several well-known companies from multiple countries (DEFR EU USA) among them Siemens and Osram In 2015 EnOcean focuses on buildingautomation with several products switches sensors receivers and controllers gatewaysmanagement systems and accessories Furthermore there is a joint development withZigBee 30 for energy harvesting

EnOcean products work over distances from 10 to 300 m For the design of EnOceansystems an optimised cross-layer approach is followed (Fig 527) The MAC layer isbased on beaconing The associated collision probability is however relatively small Tominimise its effects pseudo-random short telegrams with a message length of 14 bytesare submitted three times The systems use the frequency band of F D 868 MHz andoffer low data rates with DR D 125 kBit=s However EnOcean structures are robust andenergy-conserving

There may be interferences to the following radio networks

bull GSM DECT ndash rare occasionsbull ZigBee 802154 ndash needs to be accounted for


The use of EnOcean products happens through more than 50 system integrators whodevelop and produce products for the building automation (light shadows heating climateand air conditioning) industry automation and the automotive sector These systems aretypically more economical than their rivals and are broadly supported on the market forinstance in Germany France and other EU countries One disadvantage of the technologyin comparison with other WSNs is a lack of integrated security mechanisms

EnOcean is a good example for the compromises needed for the design of WSNs Thefollowing design criteria have been set to adapt to the low energy supply generated byenergy harvesting

bull Single hop to the cluster head flooding between cluster heads data processing incluster heads

bull MAC layer no collision detection but beaconing uni-directional communicationbetween sensors and cluster heads

bull Limited energy supply short telegrams (1 ms) and duty cycle (01ndash1 )

The EnOcean layer model is depicted in Fig 527 The main distinguishing features ofthese piconets in general are

bull low data ratebull long battery lifebull secure networking

Fig 527 EnOcean layermodel


They are analogous to ZigBee features but implement energy harvesting as uniquestrength ie incorporate the use of ambient energy and primarily solar (also EM smognoise )

Typically tasks of designing efficient and high-quality WSN deployments are

bull Energy-efficient protocolsbull Cross-layered optimisationbull Trade-offs between layers are to consider

The following layers are of interest

bull Hardware or PHY basedbull MAC basedbull Topology basedbull Routing basedbull Application and data basedbull Cross-Layered (combined approach)

Example 59 Think of a ldquotoy smart gridrdquo An example of a model environment for smartgrid (Smart Grid Simulator) [13 37] is presented in Fig 528 The modeling environmentconsists of a miniature city (eg is based on the famous German model railway toyldquoModelleisenbahnrdquo) The structures of the model cities are the buildings H1 H2 H3H4 a plant and a McDonalds restaurant all of which are placed on a portable board or atable

The emulation of ldquocustomersrdquo and ldquosuppliersrdquo of electricity is based on microproces-sors or single-board microcomputers AVR Raspberry Pi and Intel Edison are represen-tative products in this category The compact dimensions and low power consumption areamong the main priorities of on-board computers (see Tables 53 and 54)

Let us discuss the computing nodes based on Raspberry Pi [14] These computationalnodes are combined to a local area network (LAN) with low dimensions Each nodeRasPi1 RasPi2 RasPi3 operates one ldquobuildingrdquo and visualises on the display orLEDs LED1 LED2 LED3 the active ldquoconsumersrdquo and ldquosuppliersrdquo of electricitywithin the ldquobuildingsrdquo and in the system in general

With use of the ventilators and LED lamps the main ldquoweather conditionsrdquo like sunradiation and wind are emulated The modeling environment (so-called simulator) iscontrolled by the developed software scripts (running as WWW applications) and shouldmap to the changes of connections through reflection of the new ldquoconsumersrdquo andldquosuppliersrdquo of electricity as well as undertake the representation of some changes withinthe weather conditions Thus using the model environment within the artificial toy system


Sensor

House 2

House 1

McDonalds

USB hub

Ethernet switch

House 3 Plant

D

D

D

D

D

D

RailwayStation

KB

KB

KB

KB

KB

LegendX Raspberry Pi

KB Keyboard

D Display

House 4

LED

Ventilator

KB

USBsupply

InterconnectionsGPIO

EthernetUSB

Wind

Weather

a

b

Fig 528 Example of a modeling environment for smart grid [13] (Photo nlwikipediaorgtopology inspiration rninftu-dresdende)

the real parameters and laquosmart gridraquo conditions can be modeled This includes the usageof intelligent network services electricity grids as well as the energy-efficient informationservices


Table 53 The distinguishingfeatures of on-board computers

Characteristics On-board computer

CPU type ARM Cortex Intel

GPU type Mali Intel PowerVR etc

RAM 05 up to 8 GByte

Price Approx 15 up to 100 $

Dimensions Max 2 5 cm

Power consumption 25ndash5 W

Table 54 Comparison of the chips and microcomputers AVR Raspberry Pi Intel Edison

Parameters AVR32 Raspberry Pi Intel Edison

Manufacturer Atmel CA 2006 CambridgeRaspberryPi Foundation UK2011

Intel CA 2014

Dimensions Middle Small like a bank plas-tic card

Tiny like an SD storagecard

Type RISC-CPU low power32 bit -controller

ARM on-board -computer

On-board -computer2-Core i-Quark 22 nm-transistor technology

Frequency 66ndash200 MHz 700 MHz 400 MHz

RAM Flash D 512 KByteRAM D 64 KByte

SD card instead ofHDD RAM 256MByte

ndash

Ports networkinterfaces

USB 20 serial USART 1x LAN Ethernet10100 RJ45 2x USB30 1x SD 1x HDMI1x ClincTRS adapter6x GPIO

Wi-Fi Bluetooth

Operating sys-tem

Linux Linux BSD UNIXRISC OS

Linux

Look

Board or pod ndash

approximateprice

20 19ndash30 ndash


513 Case Study A CAD Toolset for the Design of Energy-EfficientCombined Networks

There are multiple tools which aid in the design of communication networks in particularsensor networks energy grids or combined smart grids In the following the tool CANDY(Computer-Aided Network Design Utility) will be introduced briefly Further literatureabout CANDY is available [27 29]

Basics on CANDY The energy-efficient combined networks in the context of smart gridscan be designed with use of CANDY Framework and Online Platform [27] We would likefurthermore to discuss important development trends for a CAD for combined networkplanning regarding to the tool integration and access The CANDY Framework and OnlinePlatform is examined as a reference system The CANDY system has been represented asan exhibit at CeBIT 2007 2008 2011 in Hannover Germany and has demonstrated itsusefulness for academic and industrial network planning challenges

A CAD toolset for combined office communication and building automation networks(sketched in Fig 529) is presented It especially focuses on the combination of wired

Fig 529 LON ndash Local Operating Network KNX ndash European Standardised Bus AutomationNetwork (EN 50090 ISOIEC 14543) PDA ndash Personal Digital Appliance ERP ndash EnterpriseResource Planning EDP ndash Electronic Data Processing A combined office communication andbuilding automation network


(IEEE 8023-LAN) and wireless (IEEE 80211-WLAN 80216-WiMAX) networks as wellas on wireless sensor networks using 802154EnOcean

The CANDY framework supports an integrated design methodology providing a com-plete design workflow The design requirements on these networks are often contradictiveand often have to consider diverse technical factors among them performance energy andcost efficiency for a network solution altogether

The system provides the following features

bull integrated workflow managementbull dedicated network description via NDMLbull structured cabling by EN 50173 supportbull front-end to CAD conformity (ifcXML) IP infrastructure analysisbull access services to a high-performance computer clusterbull as well as parallelised design routines realisation (OpenMP) [29]

Dedicated network language The framework uses the dedicated Network Design Mark-up Language (NDML) an XML-based notation to express modelled networks NDMLsupports a uniform way of representing all major active and passive network elements(including switches routers gateways patch fields cross panels base stations sensorsaccess points as well as automation nodes) their detailed technical properties as wellas their interconnections and related configuration issues In contrast to existing vendor-specific notations NDML is based on open standards and enables interoperability andportability of network design tools and projects

Tool integration concepts and access CANDY is an open framework with a large setof design tools and functionalities These include design editors consistency checkstransformation tools specific wireless network design tools and integration of existingsimulation environments NDML serves as common ldquogluerdquo for these tools Java tech-nologies facilitate the tool development including among others Application Server andMiddleware (Apache Tomcat with JSP Java Server Pages and EJB Enterprise JavaBeans) ERCP (Eclipse Rich Client Platform) as well as web services (Apache Axis 2)A flexible tool access is provided via available Java desktop applications and Androidapplications on mobile devices such as smartphones and tablets

Development history The CANDY tools have been developed along with emergingnetwork trends They went through the following development history

1 Conception and implementation of a prototype (CANDY Prototype)

bull Conception of NDML with prototype for network editorbull Prevalent implementation basis Java servlets Java applets EJB


2 Realisation of dedicated planning tools (CANDY Framework) inter alia tools for

bull structured cabling system called CANDY Trace Routerbull optimised design of radio networks called CANDY Site Finderbull prevalent implementation basis Eclipse Rich Client Platformbull further development of NDML (XSD instead of DTD achievements in advancing

of viewpoints und language elements)bull realisation of an extensible framework (CANDY Framework) with mostly important

planning steps and front-ends to capsulated external tools

3 Further realisation of a universal design platform (CANDY Framework with CANDYOnline Platform)

bull workflow and documentation management (ldquoWF-centricrdquo)bull support of all design stepsbull loose embedding of capsulated external tools via web servicesbull prevalent implementation basis HTML5 AJAX web servicesbull creation of multiple agile mini-tools for combined network designbull multimodal access via mobile users with smart phones and tablets (cp Fig 530)

CANDY Frameworkand Online Platform

Modules1 ndash Project Manager

2 ndash Network Editor3 ndash Component Browser

4 ndash SCS Trace Router5 ndash Wireless Site Finder6 ndash Workload Analyser

7 ndash Bill ReporterFE ndash Front-end (XML)

T ndash Loose-coupled and 3rd party toolslike for instance NS 2

High-performancecomputing environment

DB ndash Component repository

Access viaCANDY Web

Services furtherinterfaces

FE

1

2

3

4

5

6

7

DB

Project Data

Component List Network List PerformanceReport

Cost Bill

NDML

Environment

T

T

ApplicationServer JREEclipse RCP

Fig 530 Design tool integration and access


After multiple iterations of development the system now possesses the followinghighlights which make it suitable for future networks and smart grids

1 Accurate planning is the precondition to decisive advantage under competition pressureIn view of networks complexity the task can be solved by use of efficient software toolslike CANDY Framework and Online Platform

2 Network engineers have to optimise large-scaled objectives within complex contextsCANDY represents an integrated design for 80238021180216802154 networksunder use of its own models as important integration component

3 The implemented CANDY Online Platform provides possibility to running of complexparallelised propagation algorithms for wireless networks as well as multi-variantTCPIP simulation processes in high-performance computing environment Thisdeployment mode was verified on MARS (ZIHTUD)

4 The realised framework and access services offer to the specialists and students a rarepossibility to start their ambitious CAD jobs obtain the results in few minutes supportreal measure data acquisition and their comparison with modelled results

Workflow-centric management A CANDY workflow for network design andldquoWF-centric managementrdquo are built under use of the following principles

1 A CANDY workflow is combined from a sequence of design steps2 Each step consists of one process (task) or multiple parallel processes3 Each process possesses a status eg (ready [yn] result [C=])4 Each process uses andor produces inputoutput documents5 A process is either an atomic process or a workflow by itself as shown in Fig 531

Simulation and validation The design results for WLAN IEEE 80211 are in general notsatisfyingly accurate Correspondingly a site survey functionality with design correctionis necessary for each installation (cp Fig 532a) An advanced method for the planning ofradio networks leans on the prognosis of the received power PRx and a comparison of mea-sure values aimed at their further optimisation The method is called ldquoMeasurement-basedPredictionrdquo (MbP methodology) The reference components of the MbP methodologyare shown in Fig 532 By deployment of the MbP methodology advanced measuredevices and hardware solutions can be used The databases contain all necessary referencevalues covering samples antenna coordinates and other metrics The used empirical radiopropagation model is valuated and via inset of the MbP methodology is adapted to the realreceived power PRx

An example of the practical use of mini-tools for the design of a wireless networkconstellation within the CANDY Online Platform is given in Fig 533

The discussed design steps within CANDY are furthermore presented in summary inFig 534andashi The design process starts with a topology editor (a) which outputs the basic


Fig 531 WF-centric management

network elements and connections between them From the visual modelling a textualnetwork description (b) in NDML is then derived This description is then importedinto another modelling tool (c) and applied to a concrete deployment site for instancea building with an ifcXML description (d) The wireless and wired connections are then


Fig 532 Simulation and validation

Fig 533 Simulation via mini-tools within the CANDY Online Platform


acce

ss to

a c

ompu

ter c

lust

er

star

ting

a re

mot

e jo

b

pick

up o

f the

resu

lts

from

com

putin

g cl

uste

r

a w

ired

part

SC

S

traci

ng fo

r Eth

erne

t LA

N

perfo

rman

ce s

imul

atio

na

NM

DL

repo

rt

a C

AD

-con

form

ifcX

ML

desc

riptio

n of

a b

uild

ing

a w

irele

ss p

art

envi

ronm

ent a

ttenu

atio

n

topo

logy

edi

tor

ifcX

ML

data

impo

rtnetw

ork

desc

riptio

n vi

a N

DM

L

a cf

gi

bd

eh

Fig

53

4D

esig

nro

utin

esm

odel

san

dto

ols

(a)

Topo

logy

edito

r(b

)N

etw

ork

desc

ript

ion

via

ND

ML

(c)

ifcX

ML

data

impo

rt(

d)A

CA

D-c

onfir

mif

cXM

Lde

scri

ptio

nof

abu

ildin

g(e

)A

wir

edpa

rt

SCS

trac

ing

for

Eth

erne

tL

AN

(f

)A

wir

eles

spa

rt

envi

ronm

ent

atte

nuat

ion

(g)

perf

orm

ance

sim

ulat

ion

aN

MD

Lre

port

(h)

acce

ssto

aco

mpu

ter

clus

ter

star

ting

are

mot

ejo

b(i

)pi

ckup

ofth

ere

sults

from

MA

RS

mul

ti-co

resu

perc

ompu

ter


tested and traced according to their specific characteristics (e f) Using the refined NDMLdescription a first performance forecast can be generated (g) Due to the complexityof modern installations with hundreds of network elements the simulation and othercalculations are best outsourced to a high-performance compute service as a remote job(h i)

In summary CANDY shows that not only the runtime and operational perspectivebut also the systematic and tool-supported planning beforehand is an important element inachieving high-quality network installations for basic connectivity cloud network servicessmart grids and connected things

52 From Internet of Services to Internet of Things Fog Computing

It may appear to the reader that we told everything about the properties of IoS and cloudcomputing today to the fullest satisfaction in the first chapters But there is another trendthat is impossible not to be highlighted within this book that claims to convey a broadscientific novelty Let us examine these new trends in network services collectively calledIoT as well as the ways of their realisation in the form of Fog Computing

The interconnection of scientific and technical ideas on Internet of Things Internet ofServices clouds and smart grids is shown in Fig 535 The mentioned technologies andtrends IoT IoT clouds and smart grids are developed in close cooperation and relatedto each other The presented organigram depicts additionally the approximate dates of

Internet ofServices (loS)

CloudComputing

2005-2010Amazone MS

Smart Grid

1999Auto-IDMIT

Kevin Ashton CiscoSAP Telefoacutenica

2011IEEE CENELEC Cisco

Deutsche Telekom Siemens

Internet ofThings (loT)

2004-2007WWW OASIS Google

Fig 535 Ideas development concerning IoT IoS clouds and smart grids

52 From Internet of Services to Internet of Things Fog Computing 185

the inset of the mentioned terms and categories as well appropriate system exmaples oftheir use with specifications on which organisations and companies are interested in thisdevelopment

Internet of Things The so-called IoT provides the radio-communication between multi-ple milliards of low-power devices within near distance up to global scale using protocolssuch as IPv6 The Internet of Services with its realisation in the form of clouds and withthe number of devices approaching N Š 109 nowadays will be shifted in the midterm toIoT The following distinguishing features are typical for this transformation

bull huge number of devices N gt 300 109 (probably after 2020)bull low power consumption and long-life nodesbull energy-efficent and secured communication radio-protocols interfaced to ldquonear fieldrdquo

and IPv6bull wide deployment within embedded systems and industry (cf Industry 40)bull penetration to each sphere of human activities and everyday life (Fig 536)

Highly concentrated deployments of connected things exist in South Korea Denmark andSwitzerland each having about 30 devices online per 100 persons according to OECD[12] This statistics apparently excludes interaction devices such as smartphones tabletsand notebooks which would significantly increase the statistics The IoT field overlapswith application areas for instance robotics smart cities transportation (through e-ticketsand on-board units in electronic toll areas) agriculture and environmental sensing

The origins of IoT are in the RFID transponders technology offered eg by Auto-ID-LabMIT The mentioned technology has become civilian development firstly in 1999However the first ideas on the modulation and magnetic survey of mini-antennas in theldquobugsrdquo belong still to Lev Thermin (research of electromagnetic and acoustic oscillationsin far ago year 1948) He is also the author of an exotic musical instrument ldquothereminvoxrdquocalled after his name and using the developed RFID principles

The next impulse to development was obtained from companies like SAP and Tele-foacutenica Further thanks to their ideas Cisco formulated the IoT creation conditions and

Fig 536 Fog computing primary concepts


Fig 537 Internet of things prognosis (Source Cisco)

basic requirements to IoT (Fig 537) It means amongst other things the urgent deploymentof IPv6 The usage of IPv6 with an available address space of 2128 addresses means thepossibility to address up to 3401036 active network devices or approximately 3001027

ldquothingsrdquo per user (figuratively each bacterium)Today the services provided by the Internet are also directly related to solving of the

problems of effective management of power and home control of embedded systems (smartfacilities intelligent homes) The efficient electricity consumption is considered in closeassociation with environmental and ecological problems which are regulated within theEuropean Union and the world community The regulatory basis is the internationallyratified Kyoto protocol an appendix to the United Nations Framework Convention onClimate Change and its follow-up meetings until 2015 in Paris According to the treatiessigned by 195 nations the global warmth must be restricted to C2 ıC over the pre-industrial levels Improving the energy efficiency of powerful computer servers and otherhousehold and industrial devices is achieved nowadays through the use of electricitydistribution networks and management solutions like smart grids [22]

Another important factor in the development of modern Internet services is the signifi-cant growth of the volumes of parallel computing combined with savings of computingresources Here the experts foresee firstly resources within the transition from cloud


computing in some cases to the so-called Fog Computing which is associated withthe transfer of a large number of computing demands in the area of low-power homemicrocomputers Embedded processors -controllers and on-board computers have themain objective on effective management of consumer devices Fog computing and use ofmicrocomputers are directly related and can provide significant savings of energy Dueto the expansion of the concept of fog computing from the cloud computing paradigminto intelligent network nodes (so called Radio Network Edge) by network equipmentproducers such as Cisco a whole set of new applications and services was enabled Thefeatures of fog computing are as follows

bull node heterogeneitybull leading role of wireless accessbull low-latency location-awareness speed node re-activatingbull wide geographical distributionbull very big number of nodes and their mobility supported via IPv6bull priorised streaming and real-time applications

Fog computing offers the appropriate platforms for IoT-services clouds and smart gridsSuch networks provide automatic and automated execution of usual everyday routinesespecially domestic processes book reading listening to music home heating andairconditioning to make a cup of coffee to take medicine at regular terms to prepare andcook simple meals to water the flowers and garden and other activities with automationpotential It is because they insist on a combination of domestic hosts gadgets instrumentsand ldquothingsrdquo into a single heterogeneous network that will be served via low-energyldquogreenrdquo Internet protocols The use of traditional MAC and IPv4 addresses for data link andnetwork layers respectively can not identify an impressive number of deployed devicesTherefore there is no doubt that a gradual transition to IPv6 is required Started in 1990this transition seems to have accelerated since 2011 when many users switched fromtunneled IPv6 (6to4) to native connections leading to a 10-fold increase in adoptionjust three years later Still in 2015 the service provider Google reports that only about8 of requests to its services are delivered with IPv6 on a global level [7] The per-country statistics nevertheless show the different adoption speeds Belgium Switzerlandand Portugal each have more than 20 IPv6 traffic according to this statistic Cisco reportsother statistics however According to them these three countries each have more than45 IPv6 deployment [3]

Example 510 The Internet of Things (IoT) may be illustrated as follows Imagine acity or ordinary home diversity of smart gadgets (laptops smartphones and tablets)and multiple household appliances (TV alarm clocks coffee makers washing machinesrefrigerators microwave ovens automated window blinds) HVAC systems (boiler radia-tors air conditioning fan and ventilators) systems for garden irrigation security (lockscameras) and lighting systems (including solar panels) intelligent sensors (heat light


motion) and so on The warehouses delivery and logistic systems as well as publictransport and private cars have to be equipped in the long term with interfaces forWLAN3G Similarly the small ldquothingsrdquo (books compact discs DVDs medication inblisters fast food in vacuum packs soft drinks etc) can be equipped with low-costBluetooth interfaces RFID transponders and similar small-data links and then interact witheach other through further energy-efficient communications networks (infrared wirelessmobile power and low voltage networks)

521 Enabling Technologies for IoT

Dialectically enabling technologies help ldquoturning a quantity into a new qualityrdquo Thedemarcation of the categories of IoT IoS clouds and smart grids and the relatedones is given in Fig 538 In fact this demarcation is not quite clear nowadays Theconcepts are closely related and toothed due to their development histories The depictedconcepts are closely adjoined with modern methods and network technologies systemsand services given in ovals in the figure Since the use of cloud systems became wide-spread the ldquoInternet of Thingsrdquo has become a way of implementation and a platform for

Fig 538 Closely related demarcation through IoS cloud and fog computing IoT and smart grids


fog computing with low-energy radion nodes That made an imperceptible architecturaltransformation from mixed-distributed decentralised powerful systems (voluminous andbig data processing clustering) to many small geographically distributed but logi-cally connected hosts gadgets appliances and ldquothingsrdquo into a single heterogeneousnetwork The number of devices (hosts gadgets) in todayrsquos Internet (of people) isby modern statistics about N 109 Thus the number of users corresponds to thepopulation of the earth Due to continued growth in the coming years the estimatednumber of devices will reach N gt 30 109 Therefore the qualitative change toIoT is possible faster than expected Accordingly to frequent estimations it should happenin 2020

The enabling technologies for IoT are manyfold Typically they are listed as follows

bull Mobile Networks (LTE 5G)bull GPS (Global Positioning System)bull Wi-Fi (Wireless Fidelity)bull WiMAX (Worldwide Interoperability for Microwave Access)bull Powerline Homeplugbull PoE (Power over Ethernet)bull KNX (Konnex) LON (Local Operating Network)bull Bluetooth IrDA (Infrared Data Association)bull WSN (ZigBee EnOcean)bull 6LoWPAN (IPv6 over low-power Wireless Personal Area Networks)bull RFID (Radio Frequency ID) NFC (Near Field Communication) QR (Quick

Response)bull Watermarks (as steganography applications)

In addition to the already discussed smart grid enablers the next fog computing technologyis combined via the use of energy-efficient protocols Being the interpenetration of IoTsmart grids and clouds fog computing is possible today eg on the basis of the energy-efficient and low-cost protocol 6LoWPAN that implements IPv6 over MAC protocols ofIEEE 802154 and PLC networks This protocol was standardised via IETF and is opento use via multiple vendors

Let us consider the most simple and price-efficient enabling technology In particularlet us put the focus on lowest-cost and simplest methods to IoT communication likethe RFID transponders (RFID tags) the Near Field Communication (NFC) tags and QR(Quick Response) labels Their function is to localise and connect the ldquothingsrdquo to Internetat large The RFID NFC and QR systems operate at short distances (10 cmndash10 m) and havetheir origins in logistics and warehousing Thanks to the energy efficiency of RFID andNFC the period of permanent service is rather long and is approximately 12ndash72 monthsAfterwards the batteries need to be replaced The extended capabilities for addressingthese free devices are provided by IPv6 which can support many IP nodes (devices) perone inhabitant of the world


RFID transponders The devices for reading of RFID (Radio Frequency ID) can beintegrated within modern smartphones as well as operate as standalone readers (RFIDreaders) just similar to multiple well-known card readers or bar code readers widely usedin trading and in the storage business The use of RFID transponders is regulated bythe International Telecommunication Union (ITU-T) and within the following assignedfrequency bands LW 125ndash134 kHz KW 1356 MHz UHF 865ndash869 MHz (in Europe)UHF 950 MHz (in USA and Asia) SHF 245 and 58 GHz Their constructions are veryvariative Usually RFID transponders (or RFID tags) are passive It means that in theircontstruction an excitation antenna is available (Fig 538) The other option for an activeRFID transponder is a more intelligent system with memory storage microcontroller andbattery Such systems have a shorter life expectancy but they can be programmed orconfigured to a suited smart grid or fog computing node Active transponders can thereforepublish data on their own without having to be polled The high frequency passive HFtransponders (RFID tags) use the well-known radar principle and through activation andmodulation of the magnetic field can carry out the survey code that RFID readers cancapture The antennas of HF transponders use also planar inductance coils with many turnsThe RFID transponders with sensorics are oriented to measure certain physical or chemicalparameters As a rule these are usually pressure acceleration expansion moisture orelectrical conductivity They need one of the RFID readers which possesses very differentconstructions handheld mobile fixed and combined with the bar code reader Commercialand logistics coding with codes in the 64 96 and 128 bit format is called EPC (ElectronicProduct Code) and is typically used in mass RFID transponders The deployment areas areas follows in municipal and warehousing on railways and airports in supermarkets andlibraries in logistics in animal tracking (eg dog tags) and in biometrical access controlsystems in particular an increasing number of international passports called e-passportswhich allow for crossing borders without border patrol staff

NFC and QR labels NFC (Near Field Communication) systems are supported by a widepalette of leading Operating System (OS) vendors for smartphones and tablets egWindows Phone 8 or higher Android 23 or higher as well as by API (Windows DeveloperProgram for IoT) There are the following two types of near-field communication whichare also visualised in Fig 539

bull without connection establishment within passive high-frequency transponders (HFRFID) based on the standards ISO 14443 and ISO 15693 this method is suitableexcept for applications working on sensitive data because on the phase of transponderactivation its antenna can be eavesdropped by third parties

bull connection-oriented (between two equal active transmitters Tx)

The QR labels (Quick Response) are designed for universal reading of small quantitiesof data They have become popular by encoding logical addresses in the form of URIsfor Internet applications in particular websites The operation principle for QR-reading


Fig 539 Examples of fog computing with RFID

Fig 540 Operation principle for QR-reading mobile applications

mobile applications is depicted in Fig 540 First a camera sensor is directed at thedisplayed QR code Then a picture is taken and processed QR codes contain a certainamount of redundancy as well as positioning aids so that even under imperfect lightingand camera holding conditions the data will be retrieved In the final step the data isprocessed so that when it represents an URI a registered application is launched which inmany cases will be a web browser


Advanced Bluetooth v42 The Bluetooth (BT) Special Interest Group (SIG) wasfounded in 1998 by Ericsson IBM Intel Nokia and Toshiba The new specificationof BT released in 2014 and superseding previous BT versions including the onesstandardised as IEEE 802151 defines its advanced features towards smart grid IoT andfog computing use The specification differentiates between high performance and lowpower consumption use cases Its improvements are as follows

bull better privacy higher data ratebull IPv4IPv6 connectivitybull interoperability with 6LoWPANbull integration to an Internet Protocol Support Profile (IPSP)bull 25 faster transferbull 10 increased packet capacity (transmission errors power consumption is reduced)bull new deployment scenarios and further improvements for IoT

BTv42 uses additional data security techniques for BT connections eg the customersshould be informed in a shop about the proposals per beacons only if explicitly approvedIn BTv42 deployments IPSP uses IP based software infrastructures for managing of BTsmart devices BTv42 is ideal for IoT networked home environments required personalas well as large-room control Depending on the requirements there is the low-energyspecification (Bluetooth LE) the high-performance specification with enhanced data rate(Bluetooth EDR) and some devices even implement a dual mode which enables thecreation of adaptive applications

6LoWPAN This important enabling technology for smart grids and IoT acts simul-taneousely like a fog computing predecessor The acronym means ldquoIPv6 over LowPower Wireless Personal Area Networkrdquo There is a small genesis history of 6LoW-PAN Originally the company Jennic from Sheffield UK implemented the project6LoWPAN as equivalent to ZigBee equivalent The Jennic 6LoWPAN had the followingfeatures

bull standardised IETF IP networkingbull flexible topologiesbull SNAP API similar to SNMP

As such it is based on the IEEE 802154 WPAN standard and uses compressionmechanism to deliver IP packets efficiently over such links Most hardware supportsWPAN links in the 24 GHz band so that 16 channels and a data rate of 250 kbps areavailable The maximum transmission unit in such WPAN links is 127 bytes so that IPv6packets need to be fragmented into multiple WPAN packets

6LoWPAN networks can be set up in a point-to-point star and self-healing tree topol-ogy Typical cluster sizes are up to 100 nodes The protocol supports automatic staring


clustering routing and healing and furthermore end-to-end message acknowledgementseven when routing in a mesh with multiple hops

For software development several APIs are provided The first is rather abstract andC-based for simple applications It gives access to the on-chip periphery and systemservices The second is called SNAP ndash Simple Network Access Protocol It works similarto SNMP and allows the IPv4IPv6-based data exchange between devices Likewise it isbased on a Management Information Base (MIB) for the remote control configuration anddiagnostics of 6LoWPAN networks

As an example a mesh network with Internet access by a 6LoWPAN gateway isgiven in Fig 541 6LoWPAN technology commonly resembles ZigBee although thereare important differences Most importantly as 6LoWPAN offers IP connections it iscompatible to protocols with other physical layers whereas ZigBee devices can onlycommunicate with other ZigBee devices The network stack implementation for theprotocol is therefore much smaller too which means more re-use and less sources forerrors Typical for 6LoWPAN is an IPv6 deployment for addressing a large numberof sensor nodes The large installation base of such devices led to the rise of the fogcomputing paradigm Nevertheless 6LoWPAN adoptions seems to be slower than ZigBeeadoption and other protocols such as ANT+ which is not even sharing the physical layerwith the other two are now gaining momentum which keeps the compatibility issue open

Fig 541 6LoWPAN Fog computing predecessor


Data security in IoT Some authors believe that the ldquoInternet of Thingsrdquo is a potentiallyldquodisruptiverdquo technology since it deals with the invisible widespread and ndash undesirablefor users ndash transformations to computing nodes (ie inter alia to small harmful ldquobugsrdquoor spies) of familiar and well-known ldquothingsrdquo like private cars walls of apartments andoffices electronic wares product packaging furnitures valuables conventional paperand more This transformation may violate the anonymity and private sphere of regularcitizens and even harm national data security Transformations to the IoT and fogcomputing are studied anyway thoroughly via leading political and power structures overthe world (EU Commission NSA in USA etc) The solution to this problem on datasecurity in IoT that appears just today is already possible through the use of relevantcryptoprotocols steganography and concealed routing within the IoT enabling wirelessnetworks and mobile networks Chapter VII is dedicated specially to the mentionedproblematics

522 Case Studies on IoT with On-Board Micro-controller Raspberry Pi

In the following paragraphs we offer case studies on the use of the on-board -controllerRaspberry Pi to realise low-energy systems for service delivery and fog computing

On-board -controllers of type Raspberry Pi Its compact size and low powerconsumption are the main priorities of the single-board computers such as AVR ArduinoIntel Edison and Raspberry Pi The models AA+BB+ 2B and Zero of Raspberry Pi areon-board -controllers that are oriented to mass usage for different areas of embeddedsystems IoT and smart grids Model B is shown in Fig 542

The Raspberry Pi node is normally coupled to a secured voltage block with a MicroUSBadapter The secured voltage block has the following work characteristics

bull Input Voltage ndash 90ndash264 V ACbull Voltage freuency ndash 47ndash63 Hzbull Output Voltage ndash 5 V DCbull Output current ndash up to 1200 mAbull Max power consumption ndash up to 6 Wbull Temperature ndash 0ndash40 ıCbull Dimensions ndash 64 485 255 mmbull Weight ndash 79 g

Table 55 printed below includes the comparison of the usual Raspberry Pi models A andB which offer a reasonable performance for running server applications and controllingconnected devices Compared to them the model Zero is much cheaper and smaller andwhile being faster than A and B offers less connectivity interfaces and is therefore moresuitable for software service delivery Model 2B is even faster despite lower tact due to its


Fig 542 On-board computer Raspberry Pi model B (Source Oracle)

Table 55 Comparison of usual Raspberry Pi models A and B

Characteristics Model A Model B

Approximate price 25$ 35$

CPU 700 MHz ARM

GPU BroadCom VideoCore

Codecs H264 MPEG-2

SDRAM 256 MByte 512 MByte

Ports and interfaces ndash 2x USB30 1x SD 1xHDMI 1x Clinc TRS adapter6x GPIO

1x LAN Eth 10100 RJ45 2xUSB30 1x SD 1x HDMI 1xClinc TRS adapter 6x GPIO

Regular voltage cur-rent power

5 W 500 mA 25 W 5 W 700 mA 35 W

ARM Cortex-A7 CPU and equipped with more main memory but also more expensiveHence the choice of the right model depends on the use case and on the budget Theenergy supply can be also coupled via the microUSB cable Nominal voltage is 5 V thecurrent does not exceed the current 700 mA that is the regular power that it consumesis no more than 35 W Frequently instead of a hard disk the SD card is used as bootdrive The new SDHC standard allows capacities of up to 32 GByte The SD card has toretrieve the OS for the node as well as the necessary applications which can be installedfrom multiple freely-available ISO images for Raspberry Pi After image deployment the


re-configuration of the used services is possible depending on the use case The systemprovides a lot of adapters as well as ports (SD LAN USB HDMI GPIO Clinc)

Already announced is the Raspberry Pi 3 Model B which instead of requiring USBdongles has Bluetooth 41 (Low Energy) and WLAN adapters pre-installed [15]

The Raspberry Pi microcomputers are supported by many OS distributions Amongthem are adapted versions of existing systems such as Android Debian Ubuntu ArchLinux Gentoo and NetBSD but also dedicated distributions most prominently RaspbianRaspBMC (now OSMC) and Pidora Raspbian is based on Debian and tracks new modelsso that it is a good default choice One of the features of the system is a centralconfiguration file called configtxt to configure low-level parameters which wouldotherwise be configured in the BIOS Among them are display resolutions overclockingand USB power settings

The worldrsquos smallest PC and its applications The advanced Raspberry Pi acts alsoas the worldrsquos smallest PC in popular media as it symbolises the miniaturisation trendfrom clumsy PC hardware to embeddable micro-systems and nano-systems despite onlybeing one out of many single-board computers (Fig 543) This is especially the casefor the new Raspberry Pi 2 Model B which belongs to the type Mini-PC with 6 timesmore CPU performance in comparison to the conventional models The system can beequipped with the free-of-charge Windows 10 version as well as with the aforementionedOS distributions There are some constructive features of the Pi 2B

bull Broadcom SoC (System on Chip) BCM2836 which computes with the quad-core ARMCortex-A7 CPU

bull tact frequency reaches up to 900 MHz

Fig 543 AdvancedRaspberry Pi2 model B asmini-PC (Source chipde)


bull larger RAM of 1 Gbytebull Support via Windows Developer Program for IoT in addition to free software OS

distributions

An application of Raspberry Pi is the deployment as low-energy home intelligent nodefor fog computing scenarios One of the most useful usage examples thus becomesthe energy-efficient service provisioning for XaaS (Everything as a Service) basedon these microcomputer units [14] The structure of these services can include interalia

bull sensor controllerbull home control systembull efficient small clusterbull private cloudbull file server and web server (Fig 544)

Fig 544 The examples of low-energy home intelligent node based on on-board -controllerRaspberry Pi


The microcomputer Raspberry Pi offers energy savings by consuming only up to 35 WTherefore with the use of Raspberry Pi it is possible to create energy-efficient XaaS asoutlined before But with such choices what is better Where are the avantages providedin more centralised often virtualised systems (clustering clouds) or small and moredecentralised ones (microcomputers piconets) To use big clusters or to start from theclouds multiple VMs from the hot reserve or the small on-board -nodes like RaspberryPi Arduino or Intel Edison with only small power consumption The discussed trade-offsherewith are as follows

bull reliability and QoSbull data security and privacy as well as access anonymitybull deployment effortbull energy consumptionbull operating expenses

There are no comprehensive answers to this question yet and it remains open today

Example 511 To create a media centre the Raspberry Pi 2 Model B is optimally suitedbecause it has a special unit that is responsible for the recognition of multiple codecs andformats XBMC Media Centre software can be recommended for this case XBMC MediaCentre is available across all OS options including Linux Mac OS X (Snow LeopardLeopard Tiger Apple TV) Apple iOS Microsoft Windows Android as well as pre-configured for Raspberry Pi The XBMC Media Centre uses diverse formats codecs andprotocols

bull graphic PNG JPEG BMP GIF ICO TIFF PCX etcbull audio MIDI AIFF WAVWAVE MP2 MP3 AAC AACplus AC3 DTS ALAC

AMR WMA etcbull video DivX Xvid BivX AVI MPEG-1 MPEG-2 H263 MPEG-4 MPEG-4 AVC

(H264) HuffYUV Indeo MJPEG RealVideo RMVB Sorenson WMV etcbull play lists PLS M3U WPLbull disk images CUE NRG IMG ISO BINbull network protocols IP IPv6 UPnP NFS SMBSAMBACIFS XBMSP DAAP HTTP

HTTPS FTP RTSP (RTSPU RTSPT) MMS (MMSU MMST) RTMP PodcastingTCP UDP SFTP RTP

bull media types CD DVD DVD-Video Video CD (VCDSVCDXVCD) Audio-CD(CDDA) Blu Rays USB Flash Drives HDD

bull meta-data APEv1 APEv2 ID3 (ID3v1 and ID3v2) ID666 Exif (GeoTagging)

One should also take into account that additional functional blocks affect the size of thedevice Therefore they should be realised in the form of individual hardware modules


Fig 545 A media centre structure scheme based on Raspberry Pi

or anticipate making a special case which will be different from the standard pod forRaspberry Pi However making a separate connected device has significant advantages interms of practical use

In Fig 545 a media centre structure scheme based on Raspberry Pi is depicated Theconsidered media centre consists of the Pi node an HDMI monitor USB keyboard USBmouse infrared (IR) interface and speakers

The examined system based on Raspberry Pi is energy-efficient and offers the followingfeatures

bull video and audio players can access all files via FTP SFTP SSH and WebDAVbull multiple codecs that are retrieved from the SD card within a LAN or from the Internet

are supportedbull the IR control transceiver allows remote controlbull plugins for the integration with pupular online services are available

The new versions of XBMC are extended via an add-ons framework The extensions forXBMC Media Centre can be also implemented in the Python programming languagewhich makes this an easy task for IT-affine users The graphical user interface (GUI) forXBMC can be configured declaratively via WindowXML

Example 512 Let us examine the deployment of a web server on the basis of the on-board -controller Raspberry Pi The mobile and fixed network access to the service is


henceforth supported on PCs tablets and smartphones Taking into account the creation ofa cost- and energy-efficient host the use of a home DSL router from vendors like BelkinNetgear or Linksys among others is assumed to be possible What will the user haveto do as the next step The user needs to configure the system by using firmware (IPaddresses port 80 for the web server perhaps 8080 for additional services etc) and theninstall XAMPP for a linuxoid Raspberry Pi distribution The full package called XAMPPincludes inter alia

bull web server Apache with SSL supportbull MySQL Lite databasebull phpMyAdmin tool for the web-based administration of the databasebull PHP module for running server-side scriptsbull FTP client FileZilla for uploading content and scripts to the web serverbull ProFTPD daemon for offering an upload possibilitybull Perl module for more server-side scriptsbull servlet container Apache Tomcat with Java support for more complex server applica-

tionsbull mail server with POP3 and SMTP protocols and many more for additional services

The content management for the created web server as well as application support onthe Raspberry Pi micro-computer node is provided by using a Secure Shell client withthe associated protocol SSH With a client to Dynamic DNS (DDNS) the dynamicprovisioning and use of the domain name is enabled without evident registration by anInternet service provider Straight from the mentioned host the control of the creation anduse of the new server can be established eg in this manner laquomywebserverpublicdnsraquoFrom then on the web server and its content and applications are accessible to the world

Example 513 An example of an energy-efficient file server offering private cloud storagebased on the Raspberry Pi micro-computer unit is presented in Fig 546 Since the SD carddoes not have enough space and can not provide a stable long-term service with readingand writing oprations but rather requires a necessary external storage device a USB driveor network storage service can be controlled by the file server The system based on themicro-computer unit with the function file server includes the following elements

bull Raspberry Pi node with OS Raspbian or similar which is coupled to the Internet with aDSL router

bull an external USB drive with up to 5 TByte capacity (USB ndash SSDHDD such as SeagateBackup Plus) which is mounted as a hard disk drive with the tools provided by theoperating system

bull optionally more local or network drives to offer redundant storage with higher capacityandor higher availability


Fig 546 Low energy file server based on a Raspberry Pi node

The file system of the storage device can be of any type considering that all clientsaccess the system through network protocols such as FTP SCP WebDAV SMB or CIFSTo set up the system software for such a flexible access it is necessary to use toolslike SSH Apache and Samba The Samba service is shipped by the majority of Linuxdistributions The main advantages of Samba are the free licencing simultaneous usageof different hosts within an IP networkLAN like Windows Unix and Linux with supportof file echange among them Under use of Samba an external storage device such as anUSB drive becomes ldquovisiblerdquo within the network de-facto like by the slogan laquoShare thedrive on your networkraquo

Clusters of Raspberry Pi A single on-board -controller is already quite capable Nowimagine a (Beowulf) cluster of these Prototyped at the Free University of Bolzano inSouth Tyrol Italy the Bobo with 40 nodes and the Bobino with 8 nodes (the model shownin Fig 547) combine cluster computing with tiny nodes [20] Apart from all nodes beingequal by running as workers some have been designed to assume special roles in order tokeep the system images lean and the system itself manageable The roles are (1) gateway(2) brain and (3) backup All nodes are internally connected by Ethernet The gatewayrsquostask is consequentially to connect the cluster to the outside world by Ethernet WLAN orEthernet-over-USB All internal processes are controlled by the brain node Finally the


Fig 547 Bobino a cluster of 8 Raspberry Pi nodes

backup node is queried to retrieve an unmodified image in case of accidental irreversiblemodifications during experiments

Such a system requires user-friendly node reservation grouping and monitoringfunctions The monitoring is essential because nodes may fail easily Imagine that eachnode has a mean time between failures (MTBF) of one million hours This means that theprobability of failure of any node in a two-year period is determined as follows [24]

pT D 1 e TMTBF D 1 e 2a

114y D 174 (510)

However the failure of the overall system depends on a serial MTBF in conjunctionwith the mean time to repair (MTTR) If the MTTR is too high the likelyhood of anothernode failing just when one is already under repair is quite high Therefore the followingholds

MTBFserial D1

1MTBF1

C 1MTBF2

C C MTTRMTBF1MTBF2

(511)

For the 8 nodes of Bobino and an assumed one-day repair this means that

MTBFserial D1

8MTBF C 24

8MTBF

D 9090909 h (512)


In other words just about 1037 years Hence pT rises to 1753 For the 40 nodesof Bobo the values are correpondingly MTBRserial D 2463054 h or just about 281 yearsand pT D 509 meaning that a failure of the system is already more likely thanits continuous operation Parallel functionality with redundancy is therefore much bettersuited for such clusters

For the node reservation and grouping Bobo and Bobino ship with the MegaRPImiddleware which includes appropriate management web interfaces as well as user-oriented software including file managers on top of the standard Raspbian software

523 The Future Industry 40 Vision

Industry 40 platform Industry 40 (originating as Industrie 40 in Germany aroundthe year 2011) is a future strategic goal in the high-tech strategy of the German federalgovernment Its main driver is to advance the informatisation of the production processesThe goal is a smart factory characterised by adaptivity resource efficiency and ergonomicworking conditions as well as the integration of customers and business partners into thebusiness value chain The technological basis of industry 40 are cyber-physical systems(CPS) and the IoT cf Fig 548

Fig 548 Industry 40 as outlined by the German government program 2011 (Own representationbackground Google ldquoGreenrdquo Fabrics)


Fig 549 Industry 40 service visions (Own representation and photo)

Within Industry 40 information and communication technologies as well as automa-tion and production technologies become increasingly and more than ever dovetailed toeach other The political ambition is to defend and extend the traditional core of theGerman industry with its internationally outstanding positions as shown in Fig 549

524 Fog Computing

Fog computing as a concept means that the services data storages applications andcomputing (business logic) are shifted on the ldquonetwork edgerdquo ie closer to the usersonto interactive end devices or ambiental micro-factor devices The question which is tobe solved can be formulated as follows how close do they get partially or completelyThe other names for similar concepts are ldquoedge computingrdquo or ldquoeverything on the usersiterdquo The co-existence with cloud computing services is provided too The services areoffered in form of XaaS An example of a fog topology can be given as follows in Fig 550Despite a cloud typically operating as a central node the support of multiple intelligentfog nodes with the shifted functionality is foreseen


Fig 550 Topology for fogcomputing

Fig 551 Cloud and fog computing common architecture

A common architecture for combined use of Cloud and Fog computing is depicted inFig 551 The architecture includes the following three hierarchical planes

1 Plane 1 The clouds and data centres which build an IoS with typical access via webservice protocols


Table 56 Fog advantages Requirements Advantage

Low latency Less hops

High data mobility Data locality and local caches

Less limited data rate On-site processing

Reliability and robustness Fast failover

Rich storage with metadata Location awareness

2 Plane 2 The fog nodes which are involved to the virtual environments for datapreprocessing functionality migration and load balancing with the clouds (refer plane1)

3 Plane 3 The users with end devices which build an IoT and are placed on the edge ofthe fog infrastructure

Such kind of the distributed architectures for combined use of cloud and fog computingoffers several clear advantages Table 56 summarises them specifically for requirementson cloud and network storage The main requirements on fog computing on a technicallevel are as follows

bull IPv6 deployment to reach millions of serving devicesbull growth of provided security in particular deployment of firewalls and intrusion

detectionbull authenticity of coupled devices must be guaranteed everywhere in the combined

structures (users + fog + clouds)bull encryption and digital signature has to be guaranteed via robust combinations of

AES+RSA+PKI

Concrete technical platforms for fog computing are rare They remain mostly a vaguetechnical concept to be fully realised within the next years Still a few preliminaryarchitectures exist One such implementation platform to cloud and fog computinginteroperability is offered in [46] and shown in Fig 552 Suitable network option for theplatform are ZigBee EnOcean 6LoWPAN coupled with cheap microcontrollers

53 Conclusions

The chapter discussed the architectural transformations of modern networks and theirmobile services and applications in the framework of development of upcoming networktechnologies like ldquoSmart Gridrdquo (as an intelligent network for services as electricity andenergy-efficient information services) as well as ldquoInternet of Thingsrdquo IoT (providing radio-communication of multiple milliards of low-power IPv6 devices at near distance) withtheir methods of implementation in the form of ldquoFog Computingrdquo

53 Conclusions 207

Fig

55

2Fo

gco

mpu

ting

plat

form

and

appl

icat

ions

with

clou

dco

nnec

tivity

(Fro

m[4

6])


In some developed countries an integrated intelligent network on the sample of theconventional Internet is rapidly created (a network with open mesh platforms for energyservices) The network possesses the ability to use standardised software interfacesas well mobile applications with several offered web services and among them cloudservices Thanks to the standardisation of smart grid (accordingly to the intentionsof the organisations like NIST IEEE VDE CENELEC etc) software and hardware-independent access and communication between the components are although not yetguaranteed quite likely Nevertheless some devices only communicate with proprietaryprotocols to send data to services determined by their vendors which severely restricts theubiquitous connectivity visions

The standardisation of the structure of the open networks towards smart grids is todayone of the development priorities as for energy and telecommunications industry in boththe USA and Europe The combined services of such networks will find in the near future(about 2020ndash2030) an opportunity to attract a stable increasing number of stakeholdersand users Nowadays there is the opportunity to create a large range of its own ldquosmartapplicationsrdquo and ldquosmart servicesrdquo within the smart grids

Thus to the development of such integrated electric power networks and telecommu-nications both will soon be given a necessary impulse The smart power grid services (ieelectricity) will be freely delivered disposed to the market and freely traded there frommultiple perspectives purchase sale exchange credit providers and resellers The effectwill be analog to todayrsquos ongoing revolution of smartphones and tablets on the mobilecommunication market that has arisen as a result for instance of deployment of alreadyfamiliar and contemporary concepts like the application directory App Store (Apple) oropen source OS Google Android

It is expected that the integration technologies and models for electrical networksand telecommunications discussed in this work will lead to a reduction of the overallconsumption of conventional energy sources CO2 footprint under the Kyoto protocolto further decentralisation of the supplier networks (based on the principle of Internetconstruction) Smart grids have to increase in the middle-term the energy efficiency underuse of alternative and renewable sources like wind solar and EM-smog They will inspireoptimisation techniques for network management and service billing (smart metering)for the integrated networks for power supply systems and telecommunication both byincreasing of its safety security and QoS

The decisive importance of smart grids and the IoT is the use of wireless networks likePowerline ZigBee EnOcean and 6LoWPAN and components with established servicesfor measurement automation and parameters control (so-called smart metering) whichconverts the parameters of the environment and climate to digital form

Now that the worldrsquos leading IT companies are engaged in the implementation of smartgrids and cloud computing for example Google with Nest and the Compute Platform oneof the major problems remains the studies of the opportunities and challenges of alternativeenergy sources in order to create environmentally friendly technologies and to improve theclimate on the planet

References 209

References

1 Bundesministerium fuumlr Wirtschaft und Energie online httpbmwide2 CISCO Grid Operation Solutions online httpwwwciscocom3 Cisco 6lab - The place to monitor IPv6 adoption online http6labciscocomstats 20154 Comiteacute Europeacuteen de Normalisation Eacutelectrotechnique online httpwwwcenceneleceu5 Energieinformationsnetze und -Systeme Bestandsaufnahme und Entwicklungstendenzen 2010

128 p in German ITGVDE6 EU Commission Expert group on the security and resilience of communication networks and

information systems for smart grids online httpwwwsmartgridseu7 Google IPv6 Statistics online httpwwwgooglechipv6statisticshtml 20158 Ibh it-service gmbh online httpswwwibhde 20159 IEEE Smart Grid Conceptual Model online httpsmartgridieeeorg

10 Kiwigrid Smart Grid Management Platform online httpwwwkiwigridcomenproducts-solutionshtml 2016

11 NIST Framework and Roadmap for Smart Grid Interoperability Standards Rel 20 TechnicalReport 1108R2 National Institute of Standards and Technology USA February 2012

12 OECD Digital Economy Outlook online httpsdxdoiorg1017872F888933225312 May2015

13 Projects of the Chair of Computer Networks of TUD online httpwwwrninftu-dresdende14 Raspberry Pi Projects online httpelinuxorgRPi_Projects 201615 Raspberry Pi Trading Ltd Raspberry Pi 3 Model B - Single Board Computer online https

fccidio2ABCB-RPI32 201616 Siemens AG online ttpwwwsiemenscom17 Smartgridgov online httpswwwsmartgridgov 201518 Technisch-wissenschaftlicher Verband der Elektrotechnik und Elektronik online httpwww

vdecom19 Uptime Institute Reports 2011ndash2014 online httpsuptimeinstitutecom20 Pekka Abrahamsson Sven Helmer Nattakarn Phaphoom Lorenzo Nicolodi Nick Preda

Lorenzo Miori Matteo Angriman Juha Rikkilauml Xiaofeng Wang Karim Hamily and SaraBugoloni Affordable and Energy-Efficient Cloud Computing Clusters The Bolzano RaspberryPi Cloud Cluster Experiment In UsiNg and building ClOud Testbeds (UNICO) workshop at the5th IEEE International Conference on Cloud Computing Technology and Science (CloudCom)volume 2 pages 170ndash175 December 2013 Bristol United Kingdom

21 Joumlrg Benze Smart Grid Normung und Standardisierung 2012 FH Salzburg IKT Forum22 Brussels EU-CEN-CENELEC-ETSI SG Coordination Group Smart Grid Reference Architec-

ture Technical Report M490 CENELEC November 2012 p 10723 S Guy S Marvin W Medd and T Moss Urban Infrastructure in Transition Networks

Buildings Plans EarthscanRoutledge London 2012 240 p24 Thomas J Harrison and Thomas J Pierce System integrity in small real-time computer systems

In Proceedings of the national computer conference and exposition (AFIPS) June 197325 Horst Kuchling Taschenbuch der Physik Hanser Verlag 2014 21st edition 711 p in German26 R Lehnert Smart Grid Communications In Proceedings of IEEE ELNANO Conference Kiev

Ukraine April 201327 Andriy Luntovskyy Integration Concepts for Computer-Aided Design Tools for Wired and

Wireless Local-Area Networks Shaker Verlag Aachen 200828 A Luntovskyy Distributed applications technologies DUIKT Publisher 2010 474 p

Monograph in Ukrainian




31 Andriy Luntovskyy Josef Spillner and Volodymyr Vasyutynskyy Energy-EfficientaNetworkServices as SmartaGridaIssue In Soft Computing in Computer and Information Science Advances in Intelligent Systems and Computing volume 342 pages 293ndash308 SpringerInternational Publishing Switzerland March 2015

32 Harald Lutz and Ulrich Terrahe Future Thinking Kongress Das Rechenzentrum der Zukunft33 V Melnyk Modeling of the temperature modes for the cathodes of high voltage glow discharge

based on heat balance equation Bulletin of Kherson National University of Technology Issue 3(39) 2010

34 Igor Melnyk and Andriy Luntovskyy bdquoGreen Computingldquo and the Simplified Waste HeatTransport Models In 20th International Conference on Advanced Computer Systems (ACS)2016

35 J Momoh Smart Grid Fundamentals of Design and Analysis John Wiley amp Sons NY 2012216 p

36 Bryan Nicholson Becky Harrison and Lee Cogan The future of the grid ndash evolving tomeet americarsquos needs online httpswwwsmartgridgovfilesNortheast-Region-Workshop-Summary-Finalpdf May 2014

37 J Ploennigs V Vasyutynskyy and K Kabitzsch Comparative Study of Energy-EfficientSampling Approaches for Wireless Control Networks IEEE Transactions of IndustrialInformatics (TIT) 6(3)416ndash424 August 2010

38 Alexander Schill and Thomas Springer Verteilte Systeme - Grundlagen und BasistechnologienSpringer-Verlag second edition 2012 433 p in German


40 Matt Stansberry 2014 Data Center Industry Survey online httpsjournaluptimeinstitutecom2014-data-center-industry-survey 2015

41 L Stobbe M Proske H Zedel R Hintemann J Clausen and S Beucker Entwicklung desIKT-bedingten Strombedarfs in Deutschland Studie im Auftrag des Bundesministeriums fuumlrWirtschaft und Energie Fraunhofer IZM and Borderstep Institute 2015


43 S Tugay Mathematic modeling of the physical processes on the surface of the cooled cathodesin the electron sources of high voltage glow discharge Electron Simulation Vol 34 No 62012

44 Katherine Tweed China Pushes Past US in Smart Grid Spending IEEE Spectrum EnergywiseBlog February 2014

45 V Vasyutynskyy and K Kabitzsch Event-based Control Overview and Generic Model In IEEEInternational Workshop on Factory Communication Systems (WFCS) pages 271ndash279 NancyFrance May 2010

46 Shanhe Yi Zijiang Hao Zhengrui Qin and Qun Li Fog Computing Platform and ApplicationsDept of Computer Science College of William and Mary 2015

6Future Mobile Communication From 4G To 5G 5GEnabling Techniques

Keywords

Mobile cellular and satellite radio networks bull 4G bull 5G bull Enabling technologiesand inter-operability bull IoT bull QoE bull Future standard IMT 2020 bull Distributed InputDistributed Output (DIDO)

61 Conventional Techniques

Conventional telecommunication technologies integrate mobile cellular and satellite radionetworks and are typically divided into four generations by most of the literature (Fig 61)The peak data rates are depicted below within the figure The next generation 5G will bedeployed in the mid-term although most likely after 2020 due to the high developmentcost and the ongoing amortisation of the predecessor 4G [17 18]

The generations (shorthand G) started with 1G and 2GGlobal System for MobileCommunications (GSM) with some obsolete extensions (as a basis) Soon afterwards3GUniveral Mobile Telecommunications System (UMTS) and the accelerator HighSpeed Download Packet Access (HSDPA) (sometimes referred to as 35G) was rolledout and is nowadays practically deployed world-wide 4GLong-Term Evolution (LTE)has then been introduced as current standard with a recent upgrade to LTE Advanced Inthe meantime research activities concentrate on the coming-soon 5G introduction withina future standard International Mobile Telecommunications (IMT) 2020 Cellular radionetworks enable division of geographic areas into radio cells with specific frequencybands The current 3G4G architecture of mobile communication including WPANWireless Local Area Network (WLAN) WiMAX etc is extended with a hierarchicalcell structure down to picocells and femtocells [15] (Table 61) Cells refer to the signaltransmission radius around an antenna The larger the cell the less the number of installed


211

212 6 Future Mobile Communication From 4G To 5G 5G Enabling Techniques

Fig 61 Generations of mobile communication

Table 61 Hierarchical cell structure for mobile communication

Type DistanceData rate(MBits)

Mobility(kmh) Deployment in 3G and 4G

Giga Cell 100 km 0144

1013 kms or4700

Transnational providers satellites

Macro Cell 10 km 0384 2 500 National providers

Micro Cell 1000 m 0384 72 120 Campus city districts metropolitanareas

Pico Cell 100 m 72100 10 Hotspots ndash railway stations cafesairports hotels

Femto Cell 10 m 28 10 Residential gateways

antennas needs to be but at the same time larger cells would mean a higher number ofrecipients causing issues with signal strength and connection management Femtocellsare the smallest cell size in use They accomodate a low number of connections (up to 16)mostly in residential settings and hence are comparable with WLAN

Example 61 According to Swisscom a Swiss telecommunications networks operatorthe needs-driven bandwidth evolution happened in the following way [5] Free voice callsover the Internet summed up to 750 billion minutes in 2013 and will increase to 1700billion in 2018 In 1993 voice transmission over the Internet was not yet feasible as the2G (GSM) bandwidth was 02 MBits In the 3G time introduces with UMTS in 2001 thebandwidth increased to 039 MBits then in 2008 with HSPA to 72 and two years later

61 Conventional Techniques 213

with HSPA+ even to 42 MBits The 4G (LTE) time started in 2011 with 150 and peakedthrough LTE Advanced in 2014 with even 450 MBits

Due to their current technology both LTE networks and satellite radio systems will bepresented in greater detail on the next pages

611 LTE Networks

The advantages of 4G or Long Term Evolution are nowadays as follows

bull compatibility to UMTSHSDPA and moderate to higher data rates as a rule up to300 MBits downlink and 75 Mbits uplink

bull LTE spectral efficiency 13 BitsHz vs only 02 by 3Gbull deployment of advanced techniques on modulation and antennas like Orthogonal

Frequency-Division Multiplexing (OFDM) and Multiple Input ndash Multiple Output(MIMO) antennas

bull flexible channel bandwidths (from 14 MHz up to 20 MHz)bull very low latency of less than 5 msbull deployment of unified IP Multimedia Subsystem (IMS) platform

The IMS uses the Session Initiation Protocol (SIP) specified in Requests for Comments(RFC) 3261 to offer telephony services as a combination of conventional switched-circuit networks and Internet Protocol (IP) networks The system architecture of LTE C

IMS is given in Fig 62 The basic components of LTE architecture are as follows

bull SGSN ndash Serving GPRS Support Node (GPRS)bull SAE ndash 3GPP System Architecture Evolutionbull GERAN ndash GSM EDGE Radio Access Network (EDGE)bull UTRAN ndash UMTS Terrestrial Radio Access Network (UMTS)bull IMS ndash IP Multimedia Subsystembull PSS ndash Packet-switched Streaming Servicebull PCRF ndash Policy and Charging Rules Functionbull EPS ndash Evolved Packet Systembull EPC ndash Evolved Packet Corebull HSS ndash Home Subscriber Serverbull MME ndash Mobility Management Entitybull IASA ndash Inter-Access System Anchorbull UPE ndash User Plane Entity

The current performance for LTE downlink in several countries is compared inTable 62


Fig 62 4GLTE architecture

Table 62 4G downlinkperformance

International 75 MBits

Korea 186 MBits

USA 65 MBits

The system is based on GPRS EDGE UMTS technologies (GERAN UTRAN SAE)and is completely packet-oriented The IMS platform enables Voice over IP (VoIP) withsupport of conventional protocols (cp Fig 63) as well as data services on the base of SIPand other standardised protocols

Within IMS different planes or layers are defined The first one is the user plane orgateway which connects the system to an IP uplink The second one is the control planeor gateway control Through this plane caller identification and billing information isexchanged The third one is call control or session control The fourth one is the servicesfunction plane Among other tasks it contains functions to check the connection qualityfor emergency calls the connection to messaging services (SMS) and to connect prepaidcallers to the system The Diameter protocol (RFC 6733) is used within IMS to perform theauthentication authorisation and accounting of communication partners It succeeds thepreviously used Radius protocol which is however still in use in WLAN roaming networks


Fig 63 General architecture for conventional protocols for VoIP and multimedia

and other constellations The simplified layered IMS architecture with the planes (a) andservice components (b) including classical fixed networks is depicted in Fig 64

612 Satellite-Based Radio Systems

The 4G architecture is also augmented with satellite-based radio systems (Fig 65) Thegeneral features of satellite-based radio systems are as follows

bull large latencybull large bandwidthbull many channelsbull time division algorithms

The radio systems are often only usable with a large latency about 024 s with GEOsThis severely impacts real-time communication but the remaining features still makeit suitable for other communication requirements The satellites typically offer separateuplink and downlink bands either 46 GHz or 1214 GHz These huge bandwidths are


Fig 64 (a) Planes (b) Service components AS ndash Application Server SCIM ndash Service CapabilityInteraction Manager MRFC ndash Multimedia Resource Function Controller MRFP ndash MultimediaResource Function Processor MRF ndash Media Resource Function CSCF ndash Call Session ControlFunction BGCF ndash Breakout Gateway Control Function MGCF ndash Media Gateway Control FunctionMGW ndash Media Gateway HSS ndash Home Subscription Server HLR ndash 2G Home Location RegisterSimplified IMS architecture


Fig 65 Satellite-based radio systems (Based on rninftu-dresdende)

oriented at eg each 500 MHz and each 50 Mbits thus enabling broadband commu-nication As a general observation the channel structure consists of 800 digital voicechannels with 64 kbits (800 64 D 50000 kbits data channels) Their allocationhappens for short time periods to individual channels through time division multiplexingon-demand

Satellite-based radio systems architecture includes the following components

bull GGW ndash Gateway Ground Stationsbull Footprint as a general covering or service areabull Spotbeams which are placed by each satellite as service areabull ISL ndash Inter-Satellite Linksbull MUL ndash Mobile User Linksbull GWL ndash Gateway Linksbull the IP backbone which is implemented via convenient DSL MPLSATM as well as

regional-specific technologies (eg HSDPA)

The motion of the satellite transponders can be described with good proximity via theplanetary motion theory basically elaborated by Johannes Kepler Galileo Galilei andNicolaus Copernicus Therefore we can use the following formulae

Angular frequency

D 2 f T D1

fD

2

(61)


Gravitation on Earth

FG DMm

R2(62)

By Newton

FG D gm (63)

Therefore

g DyM

R2(64)

Transformed because g and R are known constants

M D gR2I FGr DMm

r2D gm

R

r

2

(65)

Furthermore it is important to demarcate the satellite height (h) from the distance toEarthrsquos middle point (r)

r D R C h (66)

The satellites describe an elliptical or circular orbit around the Earth The height h (thedistance r from the Earth center) remains constant because

FG D mg

R

r

2

D mr2 D FZ (67)

whereFG ndash Attraction of earth FZ ndash Centrifugal force m ndash Mass of the satellite R ndash Earth radius

6370 km r ndash Distance to earth middle point g ndash Acceleration of gravity g = 981 m=s2 ndashAngular frequency D 2 f T D 1=f D 2= f ndash Rotational frequency of the satelliteM ndash Mass of earth ndash Keplerrsquos constant

As a brief conclusion herewith is Keplerrsquos Law

a DgR2

42D const a D

r3

T2(68)

The formulae 7 C 8 solved for r offers (9)

r D3

sgR2

2 f 2(69)


Where the distance from a satellite to the earthrsquos surface depends only on its orbitalperiod In the special case with T D 24 h with synchronous distance and specificallyh D 35786 km it means (example visualised in Fig 66)

r D 6370 km C 35786 km D 42156 km (610)

The classes of satellite-based radio systems are called GEO MEO LEO and HEO andthey are depicted in Fig 67

The comparison oft the satellite-based systems is given in Table 63 and Table 64The most important data for the current and historical types of satellite-based systems are

Fig 66 Explaining thecontext of r and T in KeplerrsquosLaw (Based on rninftu-dresdende)

Fig 67 LEO ndash Low Earth Orbit MEO ndash Medium Earth Orbit HEO ndash Highly-Elliptical OrbitGEO ndash Geostationary Earth Orbit Satellite system classes GEO MEO LEO and HEO (Based onrninftu-dresdende)


Table 63 Examples of radio SAT

SATsystemtype Class Orbit h

Number ofSAT F-Band DR max Services

Orbcomm LEOoriginallycommer-cial2000

775ndash800 km

27 smallsatellitesm=45 kg2G ndash since2014further 18

VHF band137ndash150 MHz

48ndash576 kbits

EmailsTelephony

Inmarsat GEO since1979commercial

35786 km 5ndash11 fivegenera-tions

ndash 492 kbits Navigation TVInternet links Seaemergencycommunicationservices AirTraffic ControlGPS EGNOS

Globalstar LEO1991ndash1994

1400 km 48+4 ndash 144 kbitsviachannelbundling

Telephony datatransfer

ICO RTT MEO1998ndash2000

10390 km 10+2 ndash ndash Telephony datatransfer

Teledesic LEO1997ndash2002

700 km 288m=120 kg

286ndash291 GHz

100 MbitsUL720 MbitsDL

TelephonyInternet links

Iridium LEO1997ndash1998

780 km 66 (+6) ndash 24 48 kbits


summarised regarding to class services and deployment area transponder multiplicitylicenced frequency band orbit height and circulation period data rate transmitting powerlatency and operation durability

The GEO SAT systems (Fig 68) operate on constant distance to the Earth and possessa relatively high latency

D2 h

cD

2 35786 km

300 000 kms

D 0239 s (611)

The non-stationary LEO SAT systems are characterised as follows

bull distance h from the Earth of ca 300ndash1800 kmbull shorter signal propagation times (5ndash10 ms)bull lower transmission power of mobile stations sufficiently


Table 64 Comparison of radio SAT

Satellitesystems GEO MEO LEO

Distance km h D 35786 kmr D 42156 km

r-R D 6000ndash12000 kmrespectively20200

r-R = 300ndash1800 km

Periode T 24 h 6ndash12 h 90ndash120 min

Latency t 025 s 70ndash80 ms 10 ms

Transmittingpower W

10 5 1

Deployment Multiplicity on systemsca 2000 Sputnik(1957) Intelsat 1ndash3(1965 1967 1969)Marisat (1976)Inmarsat-A (1982)Inmarsat-C (1988) etc

ICO 10+2 Iridium 66+6 Globalstar48+4 144 kBits Teledesic(2003) 288 2ndash64 MBitsOrbcomm 35

Bitrate kBits 01ndash1 10 1ndash64000

Average lifetime years

15 10 5ndash8

bull however more satellites required (gt50) frequent handover between satellites (aboutevery 10 min)

bull short lifetime of the satellite due to atmospheric friction (only 5ndash8 year)bull examples Iridium Teledesic Globalstar ISS (Fig 69)

MEO SAT systems are operated generally in the distance about 10000 km and have alower required number of satellites (about 12) They are characterised with slow motionno frequent handover between satellites is necessary The period is T D 6 h MEO providesan average life time under 10 years The problems of using MEO are as follows

bull propagation time 70 to 80 msbull higher transmission power necessarybull special antennas required

As an import and well-known MEO system class the navigation satellites have to bediscussed The examples are as of early 2016

bull GPS (USA) h D 20200 km T 12 h 32 satellitesbull GLONASS (RF) h D 19100 km T 11 h 15 min 28 satellitesbull GALILEO (EU) h D 23222 km T 14 h 30 satellites


Fig 68 GEO SAT systems

62 A New Generation of Mobile Communication

One of the most popular definitions for 5G as a new generation of mobile communicationis as follows ldquoIn evolutionary view it will be capable to support wireless WWW allowinghighly flexible dynamic ad-hoc wireless networks in revolutionary view this intelligenttechnology is capable of interconnecting the entire world without limitsrdquo [7] While thisdefinition is very broad it emphasises new requirements and motivates us to take anotherlook at the mobile communication generations

A comparison of the existing mobile network generations is given via Table 65The network specialists from Deutsche Telekom NTT DoCoMo Amtel Samsung

Telefonica Vodafone Ericsson and other telecommunications operators [14] generateurgently their visions and technical requirements for future generation mobile commu-nication as well as the new standard 5GIMT 2020 The research on 5G technology beganin 2012 in France with achieving data rates over 4 GBits

In 2013 in Japan a new step towards 5G was made the equipment of the companyNTT DoCoMo has shown the ability to transfer data from the user with a data rateof up to 10 GBits (uplink) at a frequency F D 11 GHz on the 400 MHz bandwidthData was carried on the vehicle at a speed of 9 kmh In October 2014 the companySamsung Electronics has made a new recent record-breaking experiment with a datarate of 12 GBits at a vehicle speed of 100 kmh and even a data rate of 75 GBits in

62 A New Generation of Mobile Communication 223

Fig 69 (a) ISS as special LEO (b) Humanityrsquos first space flight on 1241961 durabil-ity D 108 min height h = ca 400 km (LEO) LEO SAT systems (Sources reflektioninfoNASA)

Table 65 Mobile generation comparison (Source wwwelektronik-compendiumde)

Generation Radio technology Transfer type Data rate

1G AMPS Analog circuit switching obsolete ndash

2G GSM Digital circuit switching 96 kbits

25G HSCSD Digital circuit switching 576 kbits

GPRS Digital packet switching 115 kbits

275G EDGE Digital packet switching 236 kbits

3G UMTSUTRAFDD

Digital mostly packet switching 384 kBits

UMTSUTRATDD

Digital mostly packet switching 2 Mbits

35G HSPA (HSDPAHSUPA)

Digital packet switching 144 Mbits

39G LTE Digital packet switching 150 Mbits

4G LTE Advanced Digital packet switching actual stan-dard

1 Gbits

5G IMT2020 Digital packet switching 10 100 Gbits

stationary conditions at a frequency of 28 GHz But the use of such higher frequenciesby F gt 5 GHz (in the mm-band) is rather problematic due to large attenuation in denseurban areas without increasing the transmission power On the other hand low-frequencytransmission is not always possible necessary licenses and (inter-)national regulationsare obstacles Therefore other new methods and international voting and conventions arerequired Samsungrsquos mm-wave testbeds set up in October 2014 have shown (as visualisedin Fig 610) the following results [14]


Fig 610 Advanced communication technologies for high speed mobility (Source SamsungElectronics)

bull data rate approximately 2 GBits by velocity of 110 kmh was the worldrsquos first 5G datatransmission at highway speeds

bull record-breaking 12 GBits data transmission was reached at over 100 kmhbull in stationary conditions under use of F D 28 GHz spectrum the data rate 75 GBits was

obtained

621 Visions and Requirements

The official 5G start is planned to happen only in the year 2020 The status nowadays(architecture depicted in Fig 611) is as follows

bull research on advanced antenna techniques interference minimisation and further devel-opment of enabling technologies towards 5G (see next sections)

bull world-wide activities and tests among them Ishigaki (NTTDoCoMo) Seoul (Sam-sung) Stockholm (Ericsson) Dresden (Vodafone Chair 5glabde) London (KingrsquosRoyal College) Lund University (Sweden) BeijingShenzhen (China) and others (seeFig 611)

Requirements for the 5th generation The main 5G requirements are as follows

bull use of existing 4G infrastructure with augmentation via flexible WLAN-conformcommunication everywhere under international voting and conventions


Fig 611 4G with SAE ndash 3GPP System Architecture Evolution GERAN ndash GSM EDGE RadioAccess Network (EDGE) UTRAN ndash UMTS Terrestrial Radio Access Network (UMTS) IMS ndash IPMultimedia Subsystem SDN RAT ndash Radio Access Technology (Handover) DIDO for Multiuser-Wireless MIMO the systems with multiple Tx Rx antennas The 5G basic architecture

bull medium term obtaining of data rate D 10 GBits this rate corresponds to up-to-dateneeds to multi-media content download

bull tiny latencies real time inter-operability services without human interventionbull wide use of available frequency bands mm-Band with F D 30 up to 300 GHz (partially

and questionable)bull inter-operability with further mobile and wireless radio networks

The advanced antenna technique MIMO was already deployed in diverse network tech-nologies like WiMAX 80216adem WLAN 80211nacad LTE and others MIMOantennas allows nowadays communication with NTx D 16 transmitting and NRx D 16

receiving antennas Thus also a downlink with a data rate of DR D 10 GBits andabove is possible This DR D 10 GBits is about one hundred times fater in contrast toDR D 100 MBits the current status of peak data rate of LTE For the standard IMT20205G the wide use of 3D arrays for multiple input and multiple output channels (MIMOup to 16 16 16) is foreseen [3] The related data rates and mobility for mobile usersin the mobile communication systems of 3G 4G and 5G is depicted in Fig 612 Theprovided data rate will be increased more than 5000 times The peak data rate will thusreach 50 Gbits The data rate must be increased 10 up to 50 times in comparison to theones offered by LTE and LTE Advanced The prognosis is as follows in 2020 up to 50


Fig 612 From 3G to 5G Datarates to mobility (By Samsung Electronics)

milliards devices will be IPv6-driven partially with 5G So for instance the priority of5G directions for companies in the telecom manufacturing area for instance Ericsson areas follows

bull digital economy remote machine controlbull smart gridsmart meteringbull Internet touch technologies smart citiesbull and IoT (Internet of Things)

The ongoing 5G forums for the advancement of specifications and testbeds for futuretelecommunication protocols are as follows

bull 5G PPP (5G Infrastructure Public-Private Partnership)bull METIS (Mobile and wireless communications Enablers for Twenty-twenty (2020)

Information Society)

The research laboratory 5glabTU Dresden There are multiple 5G activities inseveral universities and research laboratories in addition to the commercial researchactivities by telecommunications equipment manufacturers One such laboratory has beenestablished in Dresden Germany At Dresden University of Technology a modern 5GLaboratory at the Vodafone Chair for Mobile Communications Systems has openedto advance the data rates coverage connection stability and other aspects of mobileconnections [113] The researchers can evaluate and test a broad spectrum of 5G-enablingtechnologies These include the following LTE IEEE 80220 80216e 80216ademMultigigabit Standard WiGig 60 GHz IEEE 80211ad IEEE 1905 Bluetooth v42 andLoWPAN The 5Glab includes network hardware and software computer chips spectrom-eters and cloud computing services The requirements to the 5th generation according to


WirelessCommunication

Automation

loT

Big Data andHPC

OperatingSystems

Audio amp HapticEngineering

Safety Privacyand Security

System-on-a-Chip Integration

SoftwareEngineering

Databases

NetworkedEmbeddedSystems

Human-Machine-Interfaces

Storages

CommunicationTheory

AntennasRF and

PhotonicsEngineering

Fig 613 Requirements to 5th generation according to the 5Glab in Dresden

the visions and initial findings of the 5Glab [212] are given in Fig 613 Nowadays mobilecommunication is occupied with provisioning in general of IP services and transmission ofmultimedia content from one place to another But tomorrow a new generation will be ableto control a wide range of objects in real time with only insignificant human intervention inthe frame of IoT It is necessary to optimise existing systems and mobile wireless networksparticularly in terms of data rate latency interference and reliability according to the staffof the 5Glab

The intentions of 5glabde in Dresden are depicted in Fig 614 Based on the sentencethat ldquo The Internet will disappear in our senses and sensitivitiesrdquo (by E Schmidt) wecan constitute that in opposite to it the future Internet will become 5G Tactile InternetThe breakthrough requirements characterise this transformation into the new 5G TactileInternet with advanced QoS parameters 10 Gbps 1 ms RTT 10000 sensors per cell 108

less outage as well as more security and heterogeneity

Huawei and 5G radio mobile Huawei Technologies was founded in 1987 and actsnowadays as one the largest telecommunications equipment and handset manufacturersin the world By the opinion of Huawei there are the three major design objectives for 5G

1 Implementation of ldquomassive capacityrdquo and ldquomassive connectivityrdquo (similar to theprevious vision)


Fig 614 The intentions of 5glabde towards 5G Tactile Internet

2010 2011 2012

5G Research Prototype Trial

Rel 10 Rel 11

LTE-Advanced

IMT New Spectrum Vision Requirement Technology Eval

LTE-B LTE-C

3GPP

ITU

Rel 12 Rel 13 Rel 14 Rel 15 Rel 16

5G Standard Product Deployment

2013 2014 2015 2016 2017 2018 2019 2020 2021

Time

5G

Fig 615 5G roadmap according to Huawei (Source huaweicom5gwhitepaper)

2 Flexible and efficient use of all available spectra for different network deploymentscenarios (refer to the DIDO concept)

3 An adaptive network solution framework will become a necessity for accommodatingboth LTE and air interface evolution Results from research on clouds and software-defined networks will reshape the entire mobile ecosystem The possible 5G roadmapcan be realised as follows according to Huawei (Fig 615)

As one can see the efforts for 5G development are running in parallel to the deploymentof the new releases for 4GLTE up to LTE-C release 16 [4] The new developmentfor all-spectrum radio access nodes will require the achievements in fundamental radio


F in GHz

Europe

300 150

02 025 05 10 2 3 4 6 810 20 40 60 100

IR UV

60

A B C D E F G H I J K L M

30 15 75 5 3 15 075 05 03 000005λ in cm

Fig 616 5G radio frequency bands EndashL

Fig 617 The Huawei 5G network integrated architecture (300 MHz up to 300 GHz in themid-term) within an IoT

technologies like the air interface RAN radio frequency transceiver and devices Thecontext for the typical radio frequency bands is to be deployed or licensed for thefuture 5G mobile radio networks including the bands EndashL It is depicted in Fig 616It means primarily the broad frequency span 2ndash60 GHz The wave lengths are placedcorrespondingly between 15 and 05 cm

The advanced radio backhaul and new fiber access for the fixed network will be an inte-gral part of next generation commercial network solutions within 5G The interoperabilitywithin 5G network architecture as well the future extension of the since-used 3G cellhierarchy (according to Huawei) is depicted in Fig 617 The Tera-cells are foreseen withthe backhauls to the usually existing 3Gndash4G macro- and microcells The interoperabilitywith the fixed part enables data rates up to 100 Tbps


Fig 618 5G scenario multimodal access using SDN

Architecture and virtualisation of provider core networks The 5G constructionpoints of gratitude are as follows (Fig 618) Software implementations for provider coreprototypes for 5G may be based on networks under use the following protocols of SDNOpenFlow and VXLAN as well as virtualisation concepts like VMWare vSwitch CitrixXen products and others Use of SDN for software implementations of provider cores inpractice for 5G networks enables enterprises and providers to receive vendor-independentfunctions for the management and control of network components and services from anytype of unified providing center which will greatly simplify their operation The use ofSDN as part of the 5GIMT 2020 is a determined position Despite improving advancedRAT (Radio Access Technology) and RLAN (Radio LAN) as well as the use of newdatabase systems for frequency assignment DIDO the use of infrastructure based onexisting systems including 4GSAE 3GUTRAN and 2GGERAN virtualisation servicescarried out via SDN play an important role The comparison of 4G and 5G is given inTable 66

Due to SDN routine network reconfiguration functions will be simplified Thus thenetwork administrators do not have to enter hundreds of strings of configuration codesfor different switches or routers The network can be quickly changed in real timeAccordingly the deployment time for new applications and services can be greatly


Table 66 Comparison of 4G and 5G

4G 5G

Human-centric limited connections An intelligent web of connected things (IoT)

Lagging cloud service Instantaneous cloud service

Limited to high quality of experience Constant to ultra-high quality experience

Short range limited control Long range real-time full control

Table 67 5G service vision Everything on cloud Immersive experience

Ubiquitousconnectivity

Telepresence

Desktop-likeexperience on the go

Lifelike media everywhere

An intelligent web ofconnected things

Real-time remote control

Fig 619 The newest abilities of 5G systems (By Samsung Electronics)

reduced These effects are leading to new service visions which become possible withthe same amount of investment as shown by Table 67

New abilities and visions of 5G The newest abilities according to vendors like SamsungElectronics [14] of 5G systems in the area of services and mobile applications are shownin Fig 619

Another promising application for 5GIMT 2020 networks is shown in Fig 620 Itrefers to the establishment of IoT (Internet of Things) applications [19] which are based


Fig 620 Service vision growth into all directions with 5G (Own representation inspirationSamsung Electronics)

Table 68 The features of future 5G (IMT2020)

Mobile connections Mobile data trafficMobile cloudtraffic Things connected

Everything on cloud Immersiveexperience


Telepresence


Lifelike mediaeverywhere

An intelligent webof connected things

Real-time remotecontrol of machines

on inter-operabilty of different physical types of radio networks as well as virtualisationtechnology for the core services to interact with each other and with the externalenvironment (6LoWPAN SDN) The features of future 5G (IMT2020) are as follows(Table 68)

The following scenarios of 5G deployment regarding IoT and ubiquitous computingapplications therefore become realistic and will be implemented beyond just researchprototypes within the next few years

bull smart home manufacturing healthbull smart retail transportation citybull remote surgery driving and hazardous work

The hardware trends towards 5G connectivity also drives software and data trendsAccording to Gartner a research and consulting company Big Data is one of the mostimportant trends of IT infrastructure development along with virtualisation and energy


efficiency of IT Such data is supposedly voluminous in the multi-terabytes and petabytesrange as well as having a high variance and velocity The most outstanding big datasources are Geographical Information Systems (GIS) and other curated databases parallelclusters and grids semantic and social networks typically dubbed Web 20 and Web 30cloud computing as well as the intelligent Internet of Things The accumulation of bigdata is now typical for trading and marketing electronic payments process automationfor international justice and criminology and the pharmaceutical and advertising industryA large number of scientific and research institutes organisations and universitiesaccumulate store and compute large volumes of technical and scientific informationOften such large information amount is not structured so that it is characterised withextra-proportional complexity of information management Also a significant increase innetwork traffic occurs and via the heterogeneity of geographically distributed data as wellas replicas within multiple computing nodes the amount of data will increase even more5G will be surely actively involved in big data acquisition and processing

622 5G Inter-Operability

5G networks will most likely become pervasive and yet it can be expected that con-nectivity issues due to low signal strength overload due to too many devices even insmaller cells or simple the desire of users to not be globally tracked at some point makeit necessary to complement 5G with other wireless transmission techniques Two inter-operability considerations are therefore presented here

Inter-operability to networking technologies A comparison of 5G mobile network andsome of their predecessors with wireless protocols which can potentially provide mutualinter-operability is represented in Fig 621 with the corresponding distances and datarates in logarithmic scales The following networking technologies have to provide inter-operability to 5GIMT2020 (Fig 621)

bull Mobile WiMAXbull WiGigbull IEEE 80211adbull IEEE 1905bull Piconets WSN Bluetooth 6LoWPAN

Mobile WiMAX is especially popular in South Korea In other regions IEEE 8022080216adem and 4G play a larger role The multi-Gigabit standard WiGig operates inthe 60 GHz band It has been established by the WiGig Alliance with the IEEE standard80211ad aimed at the cooperation with other protocols like USB 30 HDMI and PCI-Express with a data rate of 1 GBits It operates mostly in-door The reception qualitythrough walls remains questionable However the cabling remains in the ambience With


Fig 621 Overall comparison of distances and data rates for wireless and telecommunicationnetworks (Source wwwelektronik-kompendiumde)

IEEE 80211ac specified in the year 2013 larger channel bandwidths up to 160 MHzbecome possible Furthermore optimised modulation and 8 8 MIMO are foreseenleading to a much higher data rate of 6936 MBits However todayrsquos products for saleon the market support only 3 3 MIMO a bandwidth of 80 MHz and consequently adata rate of 1299 MBits In contrast to traditional WLAN IEEE 80211ad is designedfor only a few meters of transmission distance This results from the high absorptionof oxygen at 60 GHz A large bandwidth is needed to achieve a high data rate of7 GBits The 60 GHz band is from 57 to 66 GHz and is divided by a channel spacingof 2160 MHz in four channels having a bandwidth of 1760 MHz In comparison IEEE1905 is a standard which defines a network enabler for home networking supporting bothwireless and wireline technologies IEEE 80211 (Wi-Fi) IEEE 1901 (HomePlug HD-PLC) powerline networking IEEE 8023 Ethernet and Multimedia over Coax (MoCA) In2010 it emerged from the specification group 19051 with the development of convergencedigital home network specifications in which around 30 organisations participated Threeyears later the draft P19051 specification has received the final approval and publicationby IEEE

Inter-operability with 6LoWPAN A special place in the 5G inter-operability scheme isreserved for the 6LoWPAN protocol This protocol has been presented in chapter V referto there for the details This paragraph discusses the combination of a long-range but oftencost-intensive protocol 5G with a short-range but generally free (provider-less) protocol6LoWPAN In the context of 5G 6LoWPAN is also called a Wireless NeighbourhoodArea Network (WNAN) in addition to WPAN This means that it borders cellular networksincluding 2Gndash5G


To combine the properties of 5G and 6LoWPAN a new communication class calledLow-Power Wide Area Network (LPWAN) has been introduced in 2015 The most popularrepresentative is LoRaWAN the long-range standard for wide-area networks (WANs)It allows sensors to communicate over 10 miles without obstacles or 3 miles in denseurban areas with a battery duration of 10 years In Europe it communicates in the 433and 853ndash870 MHz bands in China in the 779ndash787 MHz band and in North America inthe 902ndash928 MHz band LoRaWAN achieves even longer distances by concentrating thetraffic from nodes (eg sensors) in concentrators or gateways tunneling the traffic througha wireless network of at least 3G quality and then forwarding it to application serverswhich process the data The transmission is encrypted The gateways can be installed ontowers alongside mobile communication base stations The data rate ranges from 03 to50 kbps depending on many factors which influence the transmission using an adaptivetransmission scheme to save precious battery power [6]

623 Future Standard IMT 2020 Deployment Scenarios

Due to the future standard IMT 2020 a lot of new attractive services and infotainmentapplications are going to appear The following deployment scenarios are possible

bull more mobile connections with increasing mobile data trafficbull more mobile cloud traffic mobile paymentsbull connected ldquothingsrdquo IoT as well as virtual immersive realitybull immersive surrounding services (Fig 622)

The combination of small network cells in particular nanotechnology with cloud com-puting converged all-IP networks and flat IP architecture has been proposed under thename Nanocore [8] Such networks would be an instant-on solution for services in variousdomains including search communication education and banking The nano-equipmentwould be the logical sucessor to todayrsquos trend of shrinking device sizes from desktop PCsto mobile phone handsets smart watches and other wearables and finally body-integratedchips which are supplied with power from the body

One quote of Eric Schmidt at that time CEO at Google applies in the light of thisdevelopment ldquoThe Internet will disappear in our senses and sensitivitiesrdquo New sensorsand applications for people with limited possibilities are foreseen via 5G too The 5Gsensors can control or lock houses heating and ventilation laptops cars bikes garagesor gardens using 5G mobile devices when the humans have forgotten to do it or are justlonging for more comfort More and more the mobile smartphones can share the workloadwithin the grids and P2P systems In this case systems are needed to integrate with 5Gmobile so that they can help to identify the best server or service for any offloading activityMobile devices can perform radio resource management and optimise the coverage


Fig 622 AR ndash AugmentedReality VR ndash Virtual RealityImmersive (surrounding)services via 5G (SourceSamsung Electronics)

Constant to Ultra High Quality Experience

Requirements for Immersive Surrounding

Service

8K UHDgt 100 users

Hologram

AR VR


E2E NW Latencyl

l Cell Throughput

lt 5 ms

gt 100 GBits

Fig 623 Transition to ubiquitous connectivity via 5G (Source Samsung Electronics)

5G smartphones will be able to suggest to you possible medicine for your healthiness andfitness due to the combination of hardware sensors integrated applications and remoteservices [9] The intelligent web of connecting things is provided which is symbolised inFig 623


Table 69 Optimised parameters of 5G

Parameters Values

QoE Uniform experience of GBits speed and instantaneous responseeverywhere

Cell throughput 100 GBits

E2E network latency lt5 ms

E2E latency 5 ms

Air latency 1 ms

Cost reduction in comparison 4G

Simultaneous IoT connections 10 20 x more than 4G

Bitcosts factor ca 50x bitcosts

Optimisation factors and Quality of User Experience (QoE) Which factors are to beoptimised within the new 5GIMT 2020 standard Firstly let us discuss contradictive RANtechnologies for significant performance enhancement Some of the trade-offs between thelisted factors to be considered are as follows

bull capacity and cell edge data rate enhancementbull advanced MIMO usage for multi-user operation with 3D-arrays of antennasbull advanced modulation and spectral efficiency enhancement (SE)bull interference accountingbull cost-efficiency and QoE optimisationbull connection management latency minimisation

Let us start by comparing the 4GLTE cell capacity with cell throughput up to 64 MBitscell latency of ca 10 ms and higher data rates only on cell edges with the requirements foran immersive surrounding service Below some optimised parameters of 5G are shown(Table 69)

The superior QoE (Quality of User Experience) of 5G in comparison to its predecessor4G is represented in Fig 624 The data rates and latency values have to be practicallyuniformly distributed close to the base stations as well as at the nominal distance ieregardless of user locations within each communication cell to avoid a position-dependingimpairment of the transmission and reception quality [8]

Cost models Furthermore there will be the gains in the costs for the operators whichmay or may not be passed on to the subscribed users The 5G systems have to provideubiquitous and simultaneous connections everywhere and have to do it approximately50 times more cost-efficient than 4GLTE systems in order to make a broad roll-out andupgrade of existing networks and cell towers feasible This is called a bitcosts factor of 50The 5G cost structure is shown in Fig 625 The financial consequences of the deploymentof 5G infrastructure for the providers can be computed as follows


Fig 624 Superior user experience with 5G connectivity (Based on Samsung Electronics material)

Fig 625 5G cost structure (Based on Samsung Electronics material)

Expenditures D CAPEX C OPEXI CAPEX min _ OPEX min

Profit D Revenueanno CAPEXpartial OPEXanno max

ROI DRevenue Expenditures

Expenditures 100

(612)

Where ROI ndash Return of Investments ie operator revenue increasing OPEX ndashOperational Expenditures (personal used materials electrical power and maintenance)CAPEX ndash Capital Expenditures (hardware investments construction costs buildings orequipment) anno ndash yearly partial ndash yearly amortisation amount


Overview on OFDM-based systems The acronym OFDM stands for OrthogonalFrequency-Division Multiplexing It is one of the techniques to divide the signalstransmitted over one specific frequency by multiplexing Unique characteristic of OFDMis a higher density when placing carrier frequencies for multiple communication channelswithin a given spectrum of frequencies The overlap between carriers is possible inprinciple but is only of secondary concern due to the specific selection of orthogonalfrequencies The term ldquoorthogonalityrdquo refers to the relation of carriers in a way that eachcarrier achieves its maximum when its orthogonal carriers do not carry any signal andare therefore in the null position The technique is robust with regards to small-bandperturbations

Orthogonal Frequency Division Multiple Access (OFDMA) is an extended techniquebased on OFDM for the access to the frequency band In other words OFDMA is a multi-user version of the popular OFDM digital modulation with multiple access modes [11]These access modes are achieved within OFDMA by assigning subsets of subcarriers toindividual users In short OFDMA D OFDM assignment on demand The relationshipbetween OFDMA OFDM and classic frequency-division multiplexing techniques issummarised in Fig 626

Fig 626 Better spectra usage enabled by OFDM and OFDMA


Systems based on OFDM have been used since the 1990s Practical examples includeDSL including ADSL and VDSL DAB and DVB-T WiMAX and Bluetooth as wellas modern WLAN networks based on IEEE 80211g 11n or later The consequent use ofOFDM within WLAN networks led to significant increases of the data rate due to optimalspectral efficiency which refers to the ratio of data rate to channel bandwidth With thistechnique data rates of about 600 MBits and a reach of 70 m within buildings and 250 moutside of buildings can be achieved However the modulation methods used in OFDMwere not sufficient anymore for increased requirements The methods called BPSK QPSK16QAM and 64QAM have in particular restrictions due to cell boundaries

Advanced modulation technique FQAM The capacity and cell edge data rate enhance-ment is obtained within 5G via the new advanced modulation method titled FQAM(Feherrsquos Quadrature Amplitude Modulation) FQAM is considered as a Post-OFDM-method There are no cell boundaries (therefore the handovers or roaming effects) theincreased density is provided via small 4G5G cells which are integrated via powerfulwireless backhauls (Fig 627)

Advanced MIMO structures The deployment of 5G requires that more powerful MIMOmethods are provided within a typical combination multi-user MIMO with 3D arrays ofantennas Multi-user MIMO (MU-MIMO) is a set of advanced MIMO antennas arrangednot just in a 2D grid but in a 3D cube The 5G systems will use both MU-MIMO aswell as its enhancement FD-MIMO (Full-Dimension MIMO) FD-MIMO enables theactual deployment of the 3D arrays of antennas These structures possess the followingparameters M N K where M are horizontal antennas N vertical antennas and Kantennas per sub-array For instance 8 4 2-structures are typical for 5G hardware Theuse of such advanced MIMO structures (MU-FD-MIMO) is shown in Fig 628

Fig 627 Advanced smallcells and FQAM (SourceSamsung Electronics)

Wirelessbackhaul

No cell boundary

Capacity amp Cell EdgeEnhancement

Increaseddensity


32 Digital Chains(MNK)=(841)

Average Cell Throughput- Total antenna elements 64

9

8

7

6250

5

4

3

2

Avg

sp

ectr

al e

ffic

ien

cy (

bp

sH

z)

1

0

Note1 Rel10 4x2 MU-MIMONote2 (M N K) means that M horizontal ant N vertical ant K ant per sub-array

Rel10[1] (842)[2] (841) (842) (841)

- sim250 performance gain compared to LTE Rel 10

Deployment Model System Throughput


Sub-Arrays(K=2)

Fig 628 Advanced MIMO structures (MU-MIMO and FD-MIMO)

624 Resource Allocation Method for Future WLAN

DIDO ndash a new technology aimed to provide flexible multiuser wireless LAN everywhereunder international regulations and conventions for the used frequencies The technol-ogy should only augment the existing GERAN UTRAN SAE and IMS mobile radioinfrastructure of previous generations 2Gndash4G with a flexible world-wide WLAN which isoperated under use of a databases for available frequency bands and the web-based contentcalled DIDO Data Centers The use of a wide spectrum of frequencies is thus foreseenThe pioneer of the DIDO approach is the company Rearden (USA) with activities bySteve Perlman [10] Nowadays DIDO is one of the most important research fields on 5GPrimarily DIDO was tested with some freqencies F D 1 MHz 1 GHz in WLAN modeBut in the mid-term DIDO will be able to use all these wave lengths () and frequencybands (F) which are given below respectively

bull HF ndash High Frequency (100 m3 MHz ndash 10 m30 MHz)bull UHF ndash Ultra High Frequency (1 m300 MHz ndash 1 dm3 GHz)bull SHF ndash Super High Frequency (1 dm3 GHz ndash 1 cm30 GHz)bull EHF ndash Extremely High Frequency (1 cm30 GHz ndash 1 mm300 GHz)


Fig 629 DIDO advantages

The expected DIDO advantages are depicted in Fig 629 They encompass theinterference-free communication of multiple users with multiple websites through aDIDO data centre Without DIDO the communication of 3 users and 3 depicted accesspoints (APs) can follow only with interference Therefore time sharing for 3 users and3 APs (TDMA) with 33 of data rate for each (one sends two idle) respectively isnecessary Under use of the DIDO technique for the communication of three users andthree APs a DIDO data center is provided The users and APs can be operated withoutinterference and with full bandwidth Instead of time sharing we obtain three independentWWW sessions

The general DIDO architecture is depicted in Fig 630 The process with 5 10 usersand 5 10 APs connecting to 5 10 different websites is shown exemplarily There is nointerference among the 5 10 users and all users get the benefit of 100 of the data rateof the channel Furthermore it doesn not matter where the APs are located or which userowns which one Each user gets the data from the website they are connected to throughan independent wireless channel [16]

DIDO Rural The single disadvantage of DIDO is the necessity of inter-governmentalagreements and certain regulatory bodies to use the wide spectra of frequencies DIDO


Fig 630 DIDO components DIDO user devices (tablets smartphones notebooks PC) DIDO AP(5GWLAN) DIDO data centers (wireless cloud) DIDO architecture

Fig 631 DIDO Rural (Source Rearden)

has also certain specifics on rural areas because it needs to operate with lower frequenciesie within the HF band (100 m3 MHzndash10 m30 MHz) so that the resulting waves can spanlarge distances of approximately 900 km DIDO Rural is depicted in Fig 631


DIDO APs in rural areas are able to transmit over far longer distances than regularWLAN APs or cellular towers The transmission can be provided via the well-knownldquosky wavesrdquo (Near-Vertical Incidence Sky Waves NVIS) They cannot be blocked bythe curvature of the Earth and can cover a diameter of approximately 900 km which fitsthe requirements NVIS are the alternative to the ground waves (GWaves) transmissionswhich can cover about d D 70 km in diameter before being blocked by the curvature ofthe Earth [16]

63 Conclusions

To repeat the quote ldquoThe Internet will disappear in our senses and sensitivitiesrdquo (EricSchmidt) Nowadays mobile communication is occupied with provision in general of IPservices and transmission of multimedia content from one place to another but tomorrowthe new 5G will be able to control a wide range of objects in real time with onlyinsignificant human intervention in the frame of IoT and other attractive apps Surely 5Gwill be actively involved in adjacent telecommunications and computing topics includingbig data acquisition and processing The DIDO method is aimed to provide a flexiblemultiuser wireless LAN everywhere The technology is offering an alternative way ofcommunicating beyond the current limitations of LANs and LTE4G networks Severalprominent companies also prepare steps towards widely deployed 5G The companyMicrosoft intends it soon to provide the access to the 10 million Wi-Fi hotspots Throughits Internet telephony subsidiary Skype Microsoft offers already the Wi-Fi access to abouttwo million hotspots world-wide Under the label ldquoMicrosoft WLANrdquo the access rightswill be granted to the customers of its Office and Skype products

References

1 Vodafone Chair TUD online httpmnsifnettu-dresdende2 5G-Labor TU Dresden (Online) 20143 IMT Vision towards 2020 and Beyond online httpswwwituintdms_pubitu-roth0a06

R0A0600005D0001PDFEpdf 20144 5G A Technology Vision Huawei White Paper online httpwwwhuaweicom5gwhitepaper

20155 Technologien zur mobilen Kommunikation Whitepaper 20156 LoRaWAN ndash What is it ndash A technical overview of LoRa and LoRaWAN online httpwww

lora-allianceorgportals0documentswhitepapersLoRaWAN101pdf 20167 Shakhil Akhtar Evolution of Technologies Standards and Deployment of 2Gndash5G Networks

20098 Jason Clark 5G Nanocore online (in German) httpdescribdcomdoc876168785G-the-

Nano-Core

References 245


10 Steve Perlman et al Distributed-Input-Distributed-Output (DIDO) Wireless Technology A NewApproach to Multiuser Wireless 2014

11 Sungnam Hong et al FQAM A modulation scheme for beyond 4G cellular wireless communi-cation In Globecom Workshops 2013

12 Gerhard Fettweis and Frank Fitzek 5G Lab in Dresden (Online)13 Frank Fitzek 5G Next Generation Mobile Communication In Proceedings of International

Symposium on Microwave and Optical Technology (ISMOT) Dresden Germany June 2015Invited Talk

14 Samsung Howard Benn 5G Mobile Communications for 2020 and Beyond Vision and KeyEnabling Technologies October 2014

15 Artemis Networks LLC Introduction to pCell ndash Wireless Reinvented Whitepaper16 Steve Perlman and Antonio Forenza DIDO White Paper (Online) online httpwwwrearden

comDIDODIDO_White_Paper_110727pdf 201517 Alexander Schill and Thomas Springer Verteilte Systeme ndash Grundlagen und Basistechnologien

Springer-Verlag second edition 2012 433 p in German18 Andrew S Tanenbaum and David J Wetherall Computernetzwerke Pearson Studium fifth

edition 2012 1040 p in German19 T Thieme Challenges of the Internet of Things for sensor applications wireless communication

and new solutions of energy supply In Proceedings of International Symposium on Microwaveand Optical Technology (ISMOT) Dresden Germany June 2015 Invited Talk

7Security in Distributed Systems

Keywords

Protection Goals bull Transport-Layer Security (TLS) bull Virtual Private Network(VPN) bull Stateful Inspection Firewall (SIF) bull Web Application Firewall(WAF) bull Stateful Multi-Layer Inspection Firewall (SMLIF) bull Intrusion DetectionSystem (IDS) bull Intrusion Prevention System (IPS) bull Advanced Evasion Firewall(AEF) bull Collaborative Intrusion Detection Network (CIDN) bull Insider attacks bullPretty Good Privacy (PGP) bull Security and privacy legislation

The goal of this chapter is to give a broad overview on recent developments in securingdistributed systems Special emphasis is put on multilateral security which equallyincludes the mechanical protection of systems and the guided privacy preservation forusers In the cloud age characterised by ubiquitous connectivity but also by almost sneakydata collection and activity pattern collection such a broad view on security is warrantedto not put anybody who eventually uses such complex systems at risk more than necessaryDespite extreme caution there will never be an absolute security and operational orinteraction mistakes may still put users at risk

The chapter first presents security and protection goals and outlines which protectiontechniques help achieving the goals Regrettably not all goals can be achieved equallywell at the same time which makes a trade-off discussion unavoidable The secondsection gives detailed information on many protection techniques with a focus on practicalapplications The subsequent section presents and compares security layers in distributedsystems which partially correspond to network layers For each layer exemplary securitytechniques are explained Finally the fourth section puts the technological security intoa global and temporal context and outlines juridical and societal implications and recentdevelopments


247

248 7 Security in Distributed Systems

71 Security and Protection Goals

System security would be unnecessary if everything went according to the (non-evil) planReality is different however risks and threats are to be actively considered when designinga system which shall be robust and resilient and continues to work and serve its userseven in the presents of failures or attacks Securing distributed systems is both harderand easier compared to securing monolithic systems Harder because there is no centralpoint of control and easier because the distribution itself gives a system certain benefitialcharacteristics especially considering the elimination of a single point of failure

Which kinds of the attacks can be performed on the data and services in distributedsystems What causes security violations and is making trouble The mostly commonanswer to this question is given by Fig 71 It presents an abstract view on todayrsquos systemsin a way that terminals and end devices refer to mobile phones tablets notebooks watchesor even intelligent household machines The attackers usually practice the followingattacks

bull unauthorised unfriendly access to the information (at the nodes and terminals)bull manipulation and falsification of information (in the messages or by their transmitters

at the routes)bull intrusions violations and disorders of availability (at the nodes and terminals)

In order to understand and assess the level of security a system provides it is commonlybroken down to a set of protection goals which can be considered as distinct and yetsometimes inter-dependent aspects Figure 72 explains how the notion of protection goalshas been extended over the years as reaction against the risks threats vulnerabilitiesand actual exploits While initially only three such goals have been of importance when

Fig 71 Distributed systems security and troubles in data processing and communication

71 Security and Protection Goals 249

Fig 72 Historical development of a holistic view on protection goals in distributed systems

designing systems nowadays twelve socio-legal-technical goals need to be considered tobuild distributed systems with overall multilateral protection

In the following all twelve protection goals will be explained and paired with a set ofassociated risks and a set of techniques to achieve the respective goal Each goal refers toa subject which may be the data the processing application software the entire integratedsystem which may be exposed as a service or even the system user The techniques arethus always specifically applicable to a subject

bull Integrity Whoever creates data software or systems wants to ensure their integrityin a way that no hidden modification can take place without The risks are maliciousmodification by adversaries and accidental modification by corruption and malfunctionndash Data Integrity A receiver should see the exact same data which the sender sent

Techniques to ensure this property are simple (error-detecting) and less simple(error-correcting) checksums including parity bits hamming codes and cyclicredundancy codes as well as self-integrity measures which combine the checksumswith cryptographic safety nets including digital signatures and authenticated mes-sage digests


ndash Processing Integrity A data processor should always return the correct resultsIn particular given the same parametric and contextual input data the outputshould always be the same In practice fault tolerance techniques such as n-versionprogramming with strict voting over the results ensure a proper functional integrityThis notion of processing integrity overlaps with processing reliability but alsoincludes correct results

ndash SystemService Integrity A system should always be in a non-compromised stateWays to achieve this goal include the widely discussed trusted computing conceptssuch as authenticated chain of trust booting but also third-party certification andphysical protection measures

bull Confidentiality Whoever creates data software or systems wants to confine it in a waythat nobody else except for a limited creator-defined set of receivers can interprettheir content The risks include unauthorised copies and analytics The wider riskimplications include unwanted privacy breaches especially in combination with masssurveillance and industrial espionage of not publicised software or hardwarendash Data Confidentiality Data needs to be confined by encryption Both symmetric and

asymmetric encryption algorithms are used for diverse requirements Symmetricalgorithms work with a single key which must be secretly shared among senderand receivers whereas asymmetric algorithms work with private-public keypairsthe public part of which is shared publicly for encrypting messages to the key ownerwho can then decrypt them with the corresponding private key

ndash Processing Confidentiality Protected data processing requires the confidentiality ofboth data and processing code For data structure-preserving encryption methodssuch as homomorphic and order-preserving encryption allow for processing withoutintermediate decryption For the processing code two choices are to prevent accessto the code by means of dongles or obfuscation or to explicitly declare it open andtherefore avoid this problem altogether

ndash SystemService Confidentiality Sometimes a networked service should remainhidden in order to conceal the operator The semantics of this regulation confusethe users because they do not precisely know what system or service is in use Theconcept of hidden services is useful for ensuring the confidentiality of the entiresystem

bull Availability Whoever makes data software or systems available to potential receiversor to oneself has an interest in keeping the offering available The risks are temporaryor permanent unavailability for instance due to hardware and software failures con-nectivity issues or operator mistakes Compared to the notion of reliability availabilitymeans a quantifiable expression for mostly available whereas reliable means alwaysavailable A system with less than 100 availability cannot be reliable [24]ndash Data Availability Sent data should always be receivable and stored data should

always be retrievable Techniques to support these properties are centered aroundredundant coding and replication or dispersion of data Such data needs to be


distributed over resources or services with mixed availabilities in a way that theoverall availability becomes much higher

ndash Processing Availability Processing power needs to be safeguarded to ensure thatit is always available on-demand to yield correct and timely results The risks areoverload and long queueing of requests With distribution techniques leading to highoverall availability a high load can be shared among multiple processing instancesCorrespondingly round-robin scheduling and parallelisation techniques need to beincorporated into the software or the infrastructure

ndash SystemService Availability The uptime of a system is a metric for its availability Ina distributed system each system part needs to have a high uptime without overloadAmong the considered systems are interactive devices operated by users whosefunctionality must be available at any point in time independent from network orservice issues

bull Utility Similar to infrastructural utilities including water gas sewerage or publictransport services and computing resources need to be available on-demand able tocope with load spikes and failures and other disruptions billed only according to theactual usage Utility refers to a certain (instant) usefulness in this context and impliesthat data and service protocols need to be offered in contemporary formats which evolveover time along with technological trends

bull Possession The user who possesses systems or credentials is factually in control overthem Barring any trust in third parties to whom possession could be outsourcedsystems need to both ensure and convey the state of possession to users The loss ofpossession is often the first step towards a loss of confidentiality for instance whenan attacker steals an encrypted piece of data and only needs a few more moments todecrypt it When working with remote data it is often not trivial to find out if one isstill in (sole) possession of the data Methodic means to prove the breach of possessionthrough modifications and therefore also the integrity at least heuristically are availablethrough proof-of-possession protocols Many of these protocols use Merkle trees torealise the proof in an efficient manner [18 19] They are hierarchical hash trees inwhich a single hash or checksum at the root of the tree covers all data of one datasetThe breach of possession through leaks and unauthorised read access is even less trivialpractically impossible and must be dealt with beforehand by proper secret sharing ofdata as well as sufficient physical protection Some researchers claim that quantumcryptography will help in detecting read access during data transmission [9] but thesemethods have not yet arrived for everyday computing needs

bull Authenticity This goal ensures that data service interfaces or invocations originatefrom authenticated parties only Through various technical methods including primar-ily digital certificates and signatures but also network addresses and login credentials tosome degree the origin can be determined reliably and hence the authorship of digitalasset can be proven More advanced methods overlap with digital forensics methods andcompare behavioural aspects such as invocation frequencies or data structures which ofcourse require a rather large knowledge base to detect deviations as falsifications When


using signatures similar to data integrity a cryptographic protection (through messagedigests) need to be ensured When using certificates the chain of trust or network oftrust needs to be taken into account as well

bull Reliability A system is called reliable when it is 100 available and when the data andprocessing results it delivers are 100 correct [24] Reliability in distributed systemscan be achieved through fault-tolerant processing techniques including failover andbyzantine results comparison as well as general defensive programming techniques

bull Liability Service-Level Agreements (SLAs) are negotiated between a service providerand a service consumer to legally ensure that the rights and obligations for both willbe adhered to subject to penalties otherwise The SLAs refer to multiple qualitydimensions For data the liability covers typical data quality attributes includingrecentness precision completeness and correctness For processing other attributessuch as response time and discretion are of importance

bull Imputability This protection goal is linked to authenticity It refers to the ability todistinguish between multiple involved parties in a distributed system in the case oftrouble Imputability makes it possible to pinpoint exactly whose fault has led to thetrouble and who would therefore be liable

bull Non-Linkability This goal is in some way the opposite to imputability It allows dataprocessing without knowing who processed data and whose data is being processedThe use of pseudonyms is a classical approach towards non-linkability of activitiesin systems Encryption naming and separation or isolation techniques further help inachieving this goal

bull Transparency Users need to be informed about who does what is supposed to do whator has the capabilities to do what Transiently this protection goal must therefore befulfilled between any two systems as long as one of them directly or indirectly isinteracting with a user Proper service descriptions as well as certificates audits andopenness (eg open source software) are suitable but generally not sufficient mech-anisms to provide transparency In contrast blackboxes and virtualisation techniquesisolate systems to a degree that transparency becomes less of a concern

bull Anonymity Similar to transparency this protection goal is oriented at users interactingwith systems A system must ensure that users can access it anonymously This goalis counter the goal of authenticity and must be weighted against it depending on thescenario requirements Hidden services anonymisation networks and overlay networksare starting points to achieve anonymity

It should be noted that this list is not complete One could argue that next to transparencyeffective controllability and interveneability belong into it as well The considerate readershould consult recent security publications to find out which new protection goals made itinto the list Due to the high number of risks it seems there will be no shortage of newgoals and most certainly no dropping of an existing goal off this list

Instead in the next section the briefly mentioned protection techniques will be outlinedin greater detail

72 Protection Techniques 253

72 Protection Techniques

Exemplary techniques are introduced and presented briefly in this section The techniquesspan checksum and digest for data integrity encryption and steganography for dataconfidentiality orchestration parallelisation and multiplexing for high availability of dataprocessing as well as anonymisation trusted computing and hidden services techniquesSome techniques will be presented in greater detail later in the subsequent sectionsBeforehand cryptographic techniques will be explained on a general level as they arethe foundation to many of the protection techniques

Deployment fields for cryptographic methods When the Internet was still a specialsubject for a small group of scientists and early adopters no security measures for thecommunication were deployed because it was not necessity for data protection and evenanonymity After the commercialisation of the Internet and since the era of the wider usein all industry branches and areas of life due to increased misuse measures to security andprotection became necessary These measures have to allow safe traffic protected accessand application deployment For such aims cryptographic methods and crypto protocolshave been developed implemented and continuously improved The deployment areas forcryptographic methods are as follows

bull web applications and backend systems for online banking (e-banking) shopping (e-commerce) and government services (e-government)

bull communication (VoIP video conferences chat e-mail) as well as social networks andforums

bull diverse distributed systems with remote communication and service interfaces compo-nent software middleware application servers

bull clusters clouds grids client-server and peer-to-peer systemsbull multimedia applications and groupware for application sharing and real-time editing

Arrangement of the cryptography methods and their classification In Fig 73 thearrangement of the methods of cryptography crypto analysis and steganography is given

Cryptology as a discipline consists of the following theories cryptography cryptoanalysis and steganography Encryption methods can secure data against the loss ofconfidentiality andor of integrity (protection against manipulation) as well as alsoauthenticate the sender of a message (digital signature) Steganographic methods canprovide hiding of information as well as deployment of digital watermarks (visible orinvisible)


Fig 73 Arrangement of the cryptology methods

721 Checksum and Digest

Extra data also called redundant data is used to describe the content of data asunambiguous as possible for the purpose of checking its integrity The more redundant datais afforded the better both the existence of modifications and the location (and possiblerepair) of modifications can be performed Generally parity codes checksums and digestsare used for this purpose Furthermore some (cryptographically protected) hashcodes evenoffer protection against not only accidental but also malicious data modifications Thefollowing codes protect against non-malicious modifications of data

bull Parity Simple parity bits (01) or multiple bits signal the integrity of digital dataHistorically used in modem transmissions parity bits are still of great importance forerror-correcting code memory (ECC memory) as well as certain hard disk combina-tions

bull Hamming Code These are specific multi-bit codes with guaranteed properties aboutidentifiable and recoverable bit flip modifications in data

bull Cyclic Redundancy Code These are more complex codes in which modifications in onelocation also affect subsequent locations These are used for protecting against mediascratches (CD DVD ZIP) but also in several robust network protocols

bull One-Way Hash Sum Compared to the previous codes the goal is to yield a hash whichis not likely or even close to impossible to be duplicated when applying the code toother data despite the hash being much smaller than the data These properties arecalled weak and strong collision resistence respectively An illustrative example wouldbe to map objects to their geometric two-dimensional shape A house would become a


pentagon a pool a circle and a door a rectangle However a window would become arectangle too Several hash algorithms with weak and strong collission detection andwith and without cryptographic protection existndash Message Digest (MDx) MD-5 is the most prominent one historically used to detect

accidental or malicious modifications of filesndash Secure Hash Algorithm (SHA-x) SHA-1 is the most prominent one having

replaced MD-5 for file integrity checks SHA-1 is also used to prevent a-posteriorimodifications to changesets in distributed version systems most notably Git

The following codes offer extended protection against malicious modifications of data

bull HMAC This so-called keyed-hash message authentication code generates a hashsumover both the data and a secret key

722 Encryption

Encryption methods The encryption of data leads to its concealment for unauthorisedparties so that read access is not possible anymore and write access leads to unknownresults unless the key is known There are symmetric and asymmetric methods Thesymmetric ones are characterised by a shared key between sender and receiver of the datawhereas the asymmetric ones separate the receiverrsquos public key used by the sender forencryption and the receiverrsquos private key used by the receiver for decryption Symmetrickeys must be shared beforehand eg through other means or within a short communicationwith asymmetric encryption In contrast asymmetric keypairs can be exchanged using keyexchange protocols

bull symmetric Advanced Encryption Standard (Advanced Encryption Standard (AES))with or without CBC

bull asymmetric Rivest Shamir Adleman Cryptosystem (RSA) ElGamalbull key exchange Diffie-Hellman X509v3

The Rijndael encryption standardised as AES was developed in 1998ndash2003 by VincentRijmen and Joan Daemen from Belgium It is typically used with key lengths of 128 or256 bits Before it the Data Encryption Standard (DES) developed in 1972ndash1977 at IBMhas been the only practical option but suffered from early attacks and restricted operationoutside of the USA with keys of only 56 bits length otherwise up to 168 bits The RSAalgorithm is slightly younger developed in 1977ndash1983 by Ron Rivest Adi Shamir andLeonard Adleman at MIT Being asymmetric it requires longer keys typically 1024 up to4096


The Diffie-Hellman (DH) key exchange was given its name for its authors WhitfieldDiffie and Martin Hellman The scheme of Diffie-Hellman (sometimes called anonymousDH scheme) acts as mathematical foundation in multiple cryptographic applications likethe SAML concept (Security Assertion Markup Language) for web services encryptedindividual network connections with TLS as well as holistically encrypted networksegments with IPsec Figure 74 shows the basic functionality of the DH scheme

Example 71 The communication partners in secure environments typically receivesymbolic names such as Alice und Bob They can be simultaneously considered likethe networks A and B which are secured via a suitable protocol The following valuesp g a b can be also deployed for DH As the result the common secret key K for thecommunicating parties is calculated without prior knowledge of the key or any part of it(Table 71)

In the actual applications numbers which possess hundreds of digits have to be usedThe given example uses only very small numbers for didactic purposes for instance (referto Table 71)

1 Alice and Bob agree on the values p D 13 and g D 22 Alice chooses a random number a D 5 Bob chooses a random number b D 7 The

numbers are not revealed3 Alice calculates A D 25 mod 13 D 6 and sends the result to Bob4 Bob calculates B D 27 mod 13 D 11 und sends the result to Alice

Fig 74 Arithmetics enabling the functionality of Diffie-Hellman key exchange

Table 71 Exemplary DHcombinations

Exemplarycombination Parameters

Commonsecret key K

p g a b

1 13 2 5 7 7

2 23 5 6 15 2

3 11 4 3 5 1


Fig 75 A classification of cryptographic methods

5 Alice calculates K D 115 mod 13 D 76 Bob calculates K D 67 mod 13 D 77 They both obtain the same result KA D KB D K D 7

Despite of listeners (intruders attackers) being in a position to overhear the numbers 132 6 and 11 the common secret key K for Alice and Bob is K D 7 but will remain hidden

The further classification of basic cryptographic methods is depicted in Fig 75 Theyare of great importance to many mechanisms and protocols in use in todayrsquos distributedsystems

Encryption strength Furthermore the crypto methods can be classified according totheir safety and security strength There are the following main classes

1 Information-theoretically secure methods It means that also for an unrestricted attacker(with unlimited resources) an attack does not succeed The attacker will not gaininformation about plaintext or key within the cryptosystem This leads to unconditionalsecurity or perfect secrecy (eg using a one-time pad)

2 Provably-secure methods Breaking of a crypto system requires the solution of a well-known difficult mathematical-logical problem In this case it means provable security(eg RSA)

3 Computationally or practical-secure methods There are no known concepts andavailable resources for breaking the crypto system in an appropriate time span (egAES)


4 A combination of the listed items is widely used in modern systems too For instanceTLS is a combination of multiple methods like DESAESCBCRSA and OpenPGPcontains a collection of such concepts

723 Steganography

Steganographic methods hide data (payload) in other data (carrier) Among other goalsone goal is to work around restrictions in the use of cryptographic methods simply byhiding the fact that these methods are used at all A further protection aspect is in analogyto wearing valuable objects visible at night in a lonely corner of a town While this maybe perfectly fine in an ideal city of law and order in reality it is sometimes better to notshow the valuables Especially in the era of mass surveillance online steganography incombination with anonymity become essential methods to maintain privacy about who isdoing what Steganographic methods for digital data encompass

bull concealment in noisy multi-media data (audio images video)bull concealment in otherwise ignored parts of a file structure for instance behind the end

of file markerbull covert information by unnoticeable delays in data transmission

It should be noted that many steganographic methods tolerate no lossy compression ofdata

724 Orchestration Parallelisation and Multiplexing

Multiple services can be combined to achieve greater availability performance confiden-tiality or combinations thereof and with other properties One typically distinguishes thefollowing combinations

bull full replication with 100 redundancy or multiples thereofbull fragmentation and partial replication with selective redundancy lt 100 bull secret sharing with high redundancy

725 Anonymisation

Anonymisation is achieved by hiding the information about who the communicating peersare One effective method is to deviate from the usual one-on-one messaging model andinstead to introduce levels of indirection by special message encoding and distribution

73 Security Layers 259

Channel mixing techniques for anonymity on the network level include random routing(JAP model) onion routing (TOR model) or dispersed routing They can be combinedwith encryption to achieve confidentiality

726 Trusted Computing and Physical Protection

In distributed systems there is no absolute security Partially this can be remedied bytrust assuming the trust is warranted Trusted computing is a term refers to a chain ofcertificates which covers entire devices from their start-up to the execution of softwareapplications in a way that ultimately only applications trusted by the certification rootwill run Obviously this model has certain restrictions when considering the necessity tocompile custom applications

Furthermore beyond all digital security measures sometimes devices need to bephysically secured This will not be elaborated on in this chapter

73 Security Layers

After the presentation of foundational protection techniques this section puts them intocontext for actual networked and distributed systems Not all protection techniques canbe covered here therefore only the layered confidentiality is explained Following thenetwork layers in the Open Systems Interconnect (OSI) or Internet Protocol (IP)models the embedding of encryption techniques at the network connection data transportand application content level will be explained

Figure 76 visualises the cross-layer secure protocol stack for Internet-wide distributedservices and applications

731 Network Encryption IPsec

On the lowest level of network connectivity encrypted links need to be established TheIPsec specification combines three elements to achieve this goal First IP packets areencrypted so that instead of a plain payload an Encapsulated Security Payload (ESP)is transported instead Second instead of a plain package header with modifiable IPaddresses an Authenticated Header (AH) is used instead Third an Internet Key Exchange(IKE) server is operated within the network to facilitate key exchange comparison andrevocation The IKE server runs however on the service layer whereas ESP and AH areactive on the connection layer


Fig 76 Secure networking stack with well-defined protocols and conceptual additions

732 Transport Encryption TLS

With TLS individual links instead of entire networks are cryptographically protectedsimilar to IPsec Even when the participating nodes and application for instance client andserver communicate in a plain-text protocol the resulting network transmission becomesbinary and cannot be deciphered except with the right key

733 Content Encryption SMIME and PGP

Sometimes communication happens over multiple hops instead of directly between twonodes Some of the connection links (ldquolegsrdquo) may be unencrypted In this case it isimportant to encrypt the message itself instead There are certain limits for instanceconcerning the meta-data contained in the message Nevertheless the message bodywhen present can typically be encrypted without a problem Two methods to perfom theencryption are SMIME which uses a hierarchically issued certificate and PGP which usesa decentralised web of trust

74 Security Protocols and Network Concepts 261

734 Authorisation Kerberos and OAuth2

Even when all links are encrypted and all message content is encrypted as well theexecution of a service invocation may have to be authorised Beyond the conventionalusernamepassword or usernamekeypassphrase credentials contemporary services suchas Kerberos and OAuth2 are used to minimise the effectiveness of attackers who steal thecredentials With Kerberos a so-called ticket is given as key with limited temporal validityThe analogy to banks is the TAN which is generated on demand and can be used only forseveral minutes

735 Further Secure Services DNS-SEC VPNs and Proxies

This section has given a brief introduction to security services on a network Furtherservices including DNS-SEC to secure the hostname to network address translation aswell as proxy services exist and are used occasionally but will not be analysed in detail

74 Security Protocols and Network Concepts

Cryptographic protocols and technologies An overview of useful cryptographic pro-tocols and technologies in relation to the OSI network layers is depicted in Fig 77 Theprotocols are ordered as follows layer 3 layer 4 layers 5ndash7 The two bottom layers arebest secured physically and will therefore not be considered here

In the following paragraphs these protocols and cryptographic algorithms will bediscussed in details The discussion starts with the over-arching infrastructure for publickeys and certificates Then the encryption of the network channel to securely transmitmessages within applications will be explained This is followed by a comparison to anapplication-agnostic encryption for all channels before then proceeding in the next sectionto firewalls encrypted and signed messages and finally access control considerationsLegal aspects as well as anonymity are also discussed at the end of the chapter

Public key infrastructure and X509 specification In applications for private andbusiness communication as well as e-commerce transactions the integrity and confiden-tiality of all messages and activities as well as the authenticity of the participants areof utmost importance Therefore public keys or certificates and reliable attribution ofdigital signatures to user names are required Public keys can be generated and distributedby everyone as pair of a public-private key pair which leads to peer-to-peer webs oftrust whereas certificates are a hierarchical means to ensure the authenticity of a service


Fig 77 Overview of cryptographic protocols and technologies

or organisation The hierarchy implies that a trusted third party a certificate authoritymust exist Public keys and certificates can be thought of to be analogous to a personalidentification card with a photo and other confirmable information on it

One certificate solution is offered by the standard for digital certificates X509an ITU-T standard for a hierarchical public-key (certificate) infrastructure X509 waspublished first in the year 1988 whereas the current version is X509v3 standardised asRFC 5280 in 2008 In some aspects the specification is competing with the Kerberosstandard (1978) with its Ticket Granting Tickets (TGT) concept The certificate exchangeprovides the following information to the users the digital signature of CertificateAuthority (CA) the type of the cryptographic algorithm and the leasing duration for acertificate in the network In contradiction to the ldquoweb-of-trustrdquo model (PGP) X509v3uses a rigorous hierarchic CA system The certificates are used in all known web browserse-mail clients and other secure network protocol clients and servers for instance aspart of the network encryption which will be presented later The specification X509is aimed at the integrity of public keys for digital signatures and combined (symmetricand asymmetric) encryption Therefore it is unavoidable that applications keep track ofa Certificate Revocation List (CRL) maintained by another trusted third party which isupdated whenever an incident with a certificate authority such as a breach becomes knownApplications must therefore consult the CRL for instance by periodic downloads beforeattempting to establish a secure connection


Fig 78 Example for hierarchical CAs (Source wwwrninftu-dresdende)

An example for hierarchical CAs is given in Fig 78 One can see that a root CATelekom is trusted by Alpha and Beta and Beta in turn is trusted by user Schmid

Digital certificates are structured data of a certain size They typically appear in binaryformat but can be serialised to human-readable text formats for consultation An examplestructure of digital certificates is as follows

CertificateData Version 3 (0x2) SerialNumber 1 (0x1)Signature Algorithm md5WithRSAEncryptionIssuer C=XY ST=Austria L=Graz O=TrustMe Ltd

OU=Certificate AuthorityCN=CAEmail=catrustmedom

ValidityNot Before Oct 29 173910 2000 GMTNot After Oct 29 173910 2001 GMT Subject C=ABC ST=Austria

L=ViennaO=Home OU=Web Lab CN=anywherecomEmail=xyzanywherecom

SubjectPublic Key Info Public Key Algorithm rsaEncryption RSA Public Key (1024 bit)Modulus (1024 bit) 00c4404c6e141b61368424b261c0b5

d7e4 Exponent 65537 (0x10001)X509v3 extensions X509v3Subject Alternative Name emailxyzanywherecomNetscape Comment mod_ssl generated test server certificate

NetscapeCert Type SSL ServerSignature Algorithm md5WithRSAEncryption 12edf7b35ea093

3fa01d


Obviously a lot of information is contained in a single digital certificate Even more willhave to be processed if the hierarchy is taken into account by forming certificate chainsup to a trusted root CA Table 72 therefore presents a simplified abstract view of the mostimportant certificate contents

TLS as network connection encryption protocol The transmission of data over wiredor wireless connections can be secured in multiple ways Techniques include the physicalisolation the encryption of the content and the encryption of the connection Thislast technique is discussed here The most prominent protocol to realise this techniqueintegrated with IP and hence widely used is TLS

The application cases for TLS in the TCPIP protocol stack are depicted in Table 73The TLS protocol plays an important role in e-commerce applications providing crypto-graphic security by encryption and encrypted checksums and optionally peer authentica-tion on layer 4 TLS hence includes three main data security mechanisms confidentialitydata integrity as well as mutual authentication of communication partners (refer triadhexad and duedecad) There are many different implementations of the protocol eachwith their own weaknesses due to incomplete protocol adherence and simple programmingerrors Therefore just like any security-critical software the user or the administrator ofa system should regularly check for new versions Examples for TLS implementationsare OpenSecure Sockets Layer (SSL) and since 2014 its fork LibreSSL the differently

Table 72 Certificate contents User personal information (name organisation filialaddress)

Digital signature of issuing CA and further information

User open key

Duration of using of digital certificate

Digital certificate class

Digital and identification number for digital certificate(certificate-ID)

Table 73 TLS based application protocols and their port numbers

Applications Dedicated TLS portnumbers HTTPS(443) SSMTP(465) IMAPS(993) POP3S (995)XMPPS (5223)

Upgrade to TLSpossible HTTP(80) SMTP (25)IMAP (143)POP3 (110)XMPP (5222)

Further well-known applicationprotocols with upgrade FTPS(21 vs 990) IRCS (194 vs 994de facto 6667 vs 6697) LDAP(389 vs 636) EAP-TLS SIPNNTP and others

Transport TLS upon connection or after upgrade

TCP represented by a socket within applications

Network IP

Net access Ethernet DSL WLAN WPAN 3Gndash5G cellular others


designed and licenced GnuTLS the Network Security Services (NSS) originating inweb browsers and Mbed TLS optimised for embedded connected devices The securedapplication protocols based on TLS like HTTPS or SSMTP operate either via additionalTCP ports which are different from usual ldquowell-knownrdquo ports or via an upgrade of theconnection within the session in case the protocol has been designed with upgradeability inmind The latter method is commonly called StartTLS due to a syntax element of the samename in some of the application protocols It should be noted that with DTLS (DatagramTLS) a similar method is available to protect UDPIP connections which was first specifiedin 2006 and reached version 12 in 2012 However this method is not widely used innetwork applications except for VoIP telephony and video conferencing Generally whenapplications do not support TLS natively their communication can be tunneled through apre-established TLS connection if both ends of the connection can be controlled Severalgeneric tunneling tools exist for this purpose even though using a VPN may be a moreappropriate option to extend this principle to all connections between two nodes instead ofjust selected ones

The predecessor protocol of TLS was called SSL Initially SSL 10 was developmentin 1993 by Netscape Communications vendor of the web browser Netscape Navigatorand associated products Mature versions appeared in 1999 driven by the increasede-commerce requirements SSL 30 and TLS 10 (renamed from SSL 31) were subsequentlyengineered and standardised by the IETF In 2002 the AES encryption algorithm wasadded to the protocol and in 2006 and 2008 the revised versions TLS 11 and 12 appearedrespectively Due to an increasing number of successful attacks against the protocol its useis only recommended with a restricted (strong) set of encryption algorithms while othersare still supported but should not be used anymore The advantages of TLS are still thefollowing

bull wide acceptance in software and servicesbull API support in multiple implementations for practically all programming languagesbull good performance modular architecturebull adaptation to regional-individual legislative norms

The TLS protocol stack is aimed to secure communication via sockets ie a universalmechanism providing a secured end-to-end communication based on TCP and IP betweentwo Internet nodes Figure 79 shows the TLS protocol structure based on its simplifiedpredecessor SSL

Several cryptographic functions cryptosystems and algorithms are deployed withinthe TLS standard causing it to be one of the most complex Internet protocols It usesasymmetric cryptosystems (cipher suites or in short ciphers) for the initial key exchangefollowed by symmetric ciphers for the data exchange The recommended ciphers arespecified in the IETF RFC 7525BCP 195 released in 2015 which will also influencethe final specification of TLS 13 Four cipher suites are accordingly recommended Theasymmetric RSA cipher combined with the symmetric AES method with either a 128 bit


Fig 79 SSL protocol stack layers and sub-protocols

Fig 710 Overall CBC mode for stream ciphers (IV initialisation vector)

key and 256 bit checksum or a 256 bit key and 384 bit checksum in either Diffie-Hellman Encryption (DHE) or Elliptic Curve Diffie-Hellman Encryption (ECDHE) modeWhile many other combinations exist they are not recommended anymore The checksummethod shall be the Secure Hash Algorithm SHA1 even though in the near future SHA3standardised as NIST FIPS 202 may have to replace it [23] All four cipher suites shoulduse the GaloisCounter Mode (GCM) an authenticated encryption method with additionaldata Conventionally Cipher Block Chaining (CBC) mode has been used and is still widelydeployed It is explained in Fig 710

Comparison TLS versus VPN Virtual networks are overlay networks which logicallymap the communication of one network area into another one by using a proxy serviceOne of the commonly used protocols for running a VPN is IPsec which was created in thecontext of IPv6 In practice a VPN provides a secure access to LAN-internal services overan unsecured IP network using the communication modes Site-to-Site Site-to-End End-to-End or Host-to-Host Such a VPN provides a secure access for all installed services via


(Mobile)client

providers

Internet

VPN server

Firm network

Authenticationserver

Firm serverseg email

Applications

Fig 711 Client bonding to a VPN server with IPsec tunneling

the same path (routed through the Internet) and protection of separated IP subnets underconfidence of the internal network structure In contrast to VPN TLS offers more fine-granular security and provides each service over a unified socket-identifier (IP addressand port) [11 13]

Figure 711 shows a typical VPN scenario implemented with IPsec In it the clientuses a dial-up DSL or cable connection to the Internet through any provider server Oncethe Internet connection is established with an activated network interface a permanentnetwork connection of the client (laptop tablet or smatphone) to the VPN server bothrunning IPsec is established The client performs an authentication at the VPN serverso that a secured tunneling (IPsec tunnel) is established With this preparation step asecure communications to any host any port and thus any service in the corporate networkbecomes possible The Internet access for the VPN client is optionally protected by thecorporate firewall and likewise IP-protected global sites such as publication archives nowbecome available to the user through the company network

Let us compare TLS and VPN based on IPsec Via IPsec it is possible to secure theaccess to internal services over an insecure IP network with use of the following modes

bull client (home office) ndash firm servers (eg email queries)bull mobile users ndash filial office (eg data download)bull filial office ndash head quarter (eg file transfer)

The differences are

bull VPNIPsec secure access is provided for all services through the same pathbull VPNIPsec IP subnets are protected as well as the internal network structure is bentbull TLS provides secure end-to-end connections for each service per a socket identifier (IP

address port) thereby offering fine-grained protection

Implications There is no one-size-fits-all solution available to make a system secureThe required level of security in distributed systems is only available under consideration


of complementary techniques and communication protocols with analysis of their(inter)national deployment backgrounds The following techniques are known now

bull public key and certificate infrastructures are necessary for mutual authentication ofcommunication partners

bull TLS authentication integrity and encryption provide the necessary guarantees forsecure communication in distributed systems

bull communication content may need further protection for instance additional encryptionfor true end-to-end guarantees for instance by using XML Security for structured XMLdocuments

bull mishandling of internally installed services can be avoided via deployment of firewallswith packet filtering anti-malware encryption and content analysis functionality

Firewalls will therefore be presented in the next section

75 Firewalls

Firewalls enforce policies about which services can be accessed by whom and who cancommunicate with whom in a networked system Modern firewall systems are compared toclassical concepts in this section The filtering rules are analysed with examples of selectedcommercial solutions Advanced collaborative intrusion detection systems and networksas well as the threats based on the insider attacks on CIDN are examined A common CIDNfunctionality catalogue is discussed

Classical firewalls Publicly available services (web server e-mail server file sharingweb services and hosted applications) are placed in an isolation zone so that any faultsin these services and any data leaks will not compromise the often more strictly operatedinternal services of a company or institution (payrolls strategy documents customer data)The zone is commonly called Demilitarised Zone (DMZ) and protected by firewalls onboth sides the public-facing one which lets most traffic pass into it and the private-facingone which either blocks all traffic or restricts it to VPN connections Different filteringfunctionality can be offered

bull filtering IP packets (layer 3)bull filtering in a proxy called circuit relay (layer 4)bull filtering certain applications with application-specific communication patterns (layers

5ndash7)

A firewall system with multiple internal services and with DMZ with publicly-offeredservices is shown in Fig 712 The goal is blocking the unauthorised access attempts to

75 Firewalls 269

Fig 712 (a) Firewall main concepts (b) an example for firewall-secured network servicesFirewall system with DMZ (Based on [22])

private networks based on IP addresses (using PF Packet Filter) TCPIP port information(using CR Circuit Relay) or application-related information (using AG ApplicationGateway)

A well-known open source packet filter system is IPtables which is available inconjunction with the Netfilter implementation in the Linux operating system kernel It letsusers configure packet filtering inspection transformation and logging but also networkaddress translation and connection tracking A similar system is Pf or Packetfilter derivedfrom the BSD line of operating systems It includes traffic shaping commands as well toprioritise certain services over others


Comparison and further development Table 74 depicts the filter abilities for basicfirewalls concepts The available functions can be separated correspondingly to thepresented concepts PF CR and AG Furthermore there are hybrid firewall systemswith integrated functionality namely the so-called SIF [5] from Check Point SoftwareTechnologies and next-generation (NG) systems which are appearing now

The PFs and CRs are very simple and efficient The AGs or application layer firewallsbring tighter the key benefits of the common filtering They can semantically ldquounder-standrdquo certain applications and protocols such as VPN DNS FTP SMTP POP3IMAPHTTP as well as their secured versions eg HTTPS or SSH For use of public cloudaccess monitoring beyond permissible services of virtualised clusters networks storages(VLAN SANNAS) and services (VMs RAICs) as well as of SDN there some specialfirewall solutions available as well Since about 2012 a new generation of AGs callednext-generation firewalls (NG) was deployed NG is nothing more than a ldquowidenedrdquo andldquodeepenedrdquo inspection at the application stack based on the classical SIF solutions (referTable 74) The existing deep packet inspection systems can be extended via

bull intrusion detection and prevention systems (IDS and IPS)bull user identity integration (by binding user IDs to IP or MAC addresses or explicit

credentials for ldquoreputationrdquo)

For the better demarcation of the terms one needs to consider that a firewall is a securitysystem that protects a single computer a set of peers or networks against unwanted orillegal access However the functionality of a firewall is not directly oriented to detectand pinpoint external attacks A classic firewall implements only separate filtering rulesto protect directly all network (mobile wireless) communication With the purpose of thedetection of different attack kinds advanced IDSIPS modules are more suitable They canbe also used on the top of well-known firewall solutions (classical and advanced)

bull IDS ndash they describe the detection of attacks that are directed against a computer systemor network and serve to increase the security in a network

bull IPS ndash these systems are the enhanced IDS which also provide the defense functionalityto fend off in the case of the discovered networked attacks (external as well as of aninsider)

Therefore the IDSIPS systems can be seen as further development of the firewallsconsidered or correspondently as the advanced firewall modules

One special kind of NG firewall is the so-called WAF The defense against the WAFattacks was implemented in the tool ldquoWAF Fingerprinting utilising timing side channelsrdquo(WAFFle) [5]

Advanced Evasion Technologies Advanced Evasion Technologies (AET) ndash without anytraces and fully anonymously into a network ndash are an ongoing challenge for (virtual)

75 Firewalls 271

Table 74 Basic firewallconcepts and their filterabilities (own representation)

Filtering abilities Firewall concepts

PF CR AG SIF NG

1 IP sourcetarget addresses x x

2 TCP ports and connections x x

3 Denial-of-service attacks(DoS) Distributed DoS(DDoS)

x

4 Enabled or disabled proto-cols

x x x

5 Proxies for certain services x x

6 HTTP proxy proxy server x x

7 Antivirus software (virusesworms trojans)

x x

8 Malware blocking x x

9 Anti-phishing x x

10 Aplication-specific authen-tication

x x

11 Aplication-specific encryp-tion

x x

12 DMZ x x

13 VPN and IPsec x x

14 Enabled domain names(sourcetarget)

x x x

15 Spam filtering x x

16 Analysis of content-specifickey words

x x

17 Blocking of special applica-tions and scripts (Java appletsActive-X web services furtherplugins)

x

18 Web application firewall s

19 Cloud Access Monitoring s

20 Virtualised networks stor-ages and services

s

21 SDN s

22 IDS IPS networkIDS (intrusion detec-tionpreventionnetworkcollaboration)

s

23 CIDN as the networks ofIDSIPS

s

24 Time window control x x x x x

Legend + ndash available s ndash special solutions available


network data security In contrast to the known evasions and penetrations AET combineand change the methods to camouflage an attack or malicious code These combinationsallow the hackers to infiltrate a network unnoticed in spite of multiple security solutionsbeing in place According to current estimations there are more than 2180 potentialcombinations of AET available A good example is the cross-layered functionality whichindeed is an attack integrated over exploits in several OSI layers For the defender IPSor AEF represent effective technologies against AET They can analyse combined attackpatterns at different OSI layers An example is the AET platform from Stonesoft Suchkind of IPS provides a combined protection IPS anti-virus firewall DMZ and networkzoning as division into multiple protection domains The deployment makes sense for largecompanies with multiple branches and structural units Some of the detection and defensepatterns and test series are as follows

1 At layers 3 and 4 Firstly the opportunities for the attacks within the protocols IP TCPand UDP are discovered

2 At layers 5ndash7 The appliction-layer protocols such as SMB and RPC are protectedTherefore the internal threats have to be are assessed

3 Then AET can discover threats for other protocols such as IPv6 HTTP4 If AET uses HTTP (Port 80) the intruders can also mislead the firewall and infiltrate

users with malware spreaded into the network over regular web traffic Therefore AETfor web services web applications and cloud computing environments are a particularlyserious threat

Stateful Multilayer Inspection Firewalls The next significant generation of the com-bined SIFNG firewalls are the so-called SMLIF systems According to the opinion of theresearchers of Gartner the following top list of modern SMLIF can be represented [1628]

1 AhnLab2 Barracuda Networks3 Check Point Software Technologies4 Cisco5 Dell SonicWALL6 F57 Fortinet8 Hillstone Networks9 HP

10 Huawei11 Intel Security (McAfee)12 Juniper Networks13 Palo Alto Networks

75 Firewalls 273

14 Sangfor15 Sophos16 Stormshield17 WatchGuard

The listed firewall solutions and vendors operate the cross-layered multi-defense withcombining of multiple filter abilities like eg positions 18ndash23 (referring to Table 74 aswell as the next sections)

Collaborative IDS and Networks (CIDN) The widespread IDS evaluate and prohibitthe potential intrudersrsquo attacks that are directed against a computer systems or a networkIDS increase data security significantly in contrast to the classical firewalls whose supportfor also uncovering effects of intrusions such as data modification is not satisfying IPSare the enhanced IDS which provide the additional functionality aimed at discoveringdefeating and completely avoiding the potential attacks Nevertheless as a rule theclassical IDSIPS are operated autonomously per system They are not able to detecttemporary unknown intrusion threats which become more sophisticated and complex yearover year Those dangerous threats can serve to bring disorder to the operation of datacenters and computing clusters round-the-clock in 247-mode Therefore the cooperationand collaboration of the IDS within a network is of great meaning The comparison of thenetwork IDS (NW-IDS) with pure IDS is depicted in Fig 713 The NW-IDS has a lot ofnew features

A CIDN is an advanced concept for a collaborative IDSIPS network intended tobridge over the disadvantage of the standalone defense against the unknown dangerousattacks The CIDNs allow (Fig 714) to the participating IDS as the network peers to sharethe detected knowledges experiences and best practices oriented against the intrudersrsquothreats [14] The main requirements to the construction of a CIDN and the support ofsuch functionality are as follows efficient communication at short up to middle distancerobustness of the peers (IDS) and links scalability and mutual compatibility of individualparticipating peers (IDS) The typical interoperable networks are as follows LAN WLAN2Gndash4G as well as NFC and Bluetooth

A CIDN consists of multiple NW-IDS under use of multiple computers radio devicesand installed firewalls The participating users are organised in groups In the examplethe groups encompass the users Alice Bob Charlie and Dave The coupling between thegroups is loosely or tightly However insider-attacks to CIDNs are possible Another userTrudy serves as example This type of networking improves the overall accuracy on thethreats danger grade as well as the intrusion level assessment The cooperation among theparticipating single peers (IDS-collaborators) becomes more efficient within a CIDN Butnevertheless the CIDN itself can become a target of attacks and malicious software Somemalicious insiders within the CIDN may compromise the inter-operability and efficiency


Fig 713 Comparison of pure IDS with NW-IDS [5]

of the intrusion detection networks internally Therefore a lot of CIDN research problemshave to be considered [14] for instance

bull selection of the peers (collaborators) and trust managementbull collaborative intrusion decision makingbull resource management within CIDNs

CIDN attacks and insider attacks on CIDN The traditional network attacks cansignificantly compromise the security inside a CIDN The simple attacks are as follows(A1ndashA4 list positions)

1 Eavesdropping2 Man-in-the-middle3 Replaying4 Cloning (34 like DDoS)

75 Firewalls 275

Fig 714 Example of cooperation within the CIDNs

The advanced insider-attacks to CIDNs (list positions A5ndashA9) which can suddenlyoccur from the peers-insiders within a previously not compromised CIDN are as follows[5 14]

5 Sybil attacks distribution of a large amount of pseudonyms (fake identities) via amalicious peer

6 Newcomer attacks a malicious peer tries to erase its ldquobad historyrdquo with other peers inthe network

7 Betrayal attacks The trust mechanism robust to betrayal attacks shall satisfy the socialnorm ldquoIt takes a long-time interaction and consistent good behavior to build up a hightrust while only a few bad actions to ruin itrdquo When a trustworthy peer acts dishonestlyits trust value should drop down quickly hence making it difficult for this peer todeceive others or gain back its previous trust within a short time

8 Collusion attacks Collusion attacks occur when a group of compromisedmaliciouspeers cooperate together in order to compromise the network

9 Hybrid attacks (5 C 6 C 7 C 8)


Table 75 Common CIDN functionality catalogue (own representation)

CertainCIDNexamples

Topologytype

Focus Specializa-tion on thethreats

AttA1ndashA4

AttA5ndashA9

Privacy Anony-mity

Indra Distributed Local Spam R R A A

Domino Decentralised Global Worms R R A A

Abdias Centralised Hybrid Trojans R R A A

NetShield Socialengineer-ing WAF

R R A A

Att Attack R Robustness A Awareness

A typical CIDN must provide the following common functionalities against thesekinds of attacks (see Table 75) They can be represented via a catalogue in a matrixrepresentation thereof based on [14]

To conclude the consideration of firewalls one can state that the advanced firewalls likeSMLIF IPS and collaborative intrusion detection systems gain increasingly in importanceThey can be also deployed within the scenarios of NFC and IoT (Internet of Things) Thefirewalls and IDS are often combined into individual participating peers (LAN WLAN2Gndash4G NFC and Bluetooth) with the possibility of collaboration and better prevention ofboth the external and insider attacks

PGP for authenticated and encrypted messaging PGP ndash originally a product calledPretty Good Privacy and nowadays an open standard called OpenPGP is known since1991 The main intention of PGP is the popularisation of civic cryptography The shortbut expressive PGP history is as follows Philip Zimmermann made the cryptographicmethods publicly available as software including DES RSA DH key exchange MD5 El-Gamal AES (formerly Rijmen and Rijndael) and more at that time strong cryptographicalgorithms The key length was 128 bits and more although for the global export due tocryptographic restrictions many algorithms were limited to 56 and sometimes only 40bits After the PGP publication on the Internet delivered as freeware and subsequentlyin the form of source code text in a book the program became popular around theworld The success of PGP led to the foundation of the PGP Corporation conductedby P Zimmermann But in 1993ndash1997 followed a lawsuit against P Zimmermannfrom the US government However the new release of PGP published at MIT PressPublishing as a theory book with all the source codes provided no further allegationsand court prosecutions Since 1997 there was a development towards PGP acceptanceas a new IETF standard called OpenPGP The deployment areas of PGP are as followsencryption of database transactions emails and hard disk partitions (drives) network(SDN) protection and encryption VoIP calls (ldquocrypto phonerdquo) real-time encryption suchas chat For messaging as well as authenticated file downloads the digital signaturefunctionality is also of great importance

75 Firewalls 277

Some examples of PGP products

bull PGP as freeware and free software wwwgnupgorg wwwpgpiorgbull PGP implementation Gpg4win wwgpg4windebull PGP products by Symantec wwwsymanteccombull PGP products by PGP Corporation PGP Desktop (with PGP Desktop EMail PGP

Whole Disk Encryption and PGP NetShare)bull Zfone software for encryption of VoIP calls (cp SkypeAES) zfoneprojectcom

As a new development related to the PGP standard since around 2014 acts Blackphonea secured smartphone based on the Android operating system offered by Silent Circle(P Zimmermannlsquos company) and Geeksphone (Spain) This is a smartphone whichallegedly complete secures against espionage and persecution It provides web anonymityfor this matter The creator of PGP encryption software elaborated that ldquothe most securesmartphone in the worldrdquo is called ldquoBlackphonerdquo Blackphone uses an Android flavourcalled PrivateOS The services are cryptographically secured email service instantmessages service VoIP service analogous to Skype Anonymity is provided by MIXservices such as JAP (Java Anon Proxy) of TUDUniversity of Regensburg and Tor (TheOnion Routing United States) which anonymise Internet activities at the level of TCPconnections The system enables web browsing instant messagingIRC SSH P2P andprotects against the analysis of the traffic of its users The requirement include specialheadphones for the communication of both conversation participants The system offersalso multi-language functionality with more than seven languages

Access control concepts Authorisation is per definition the assignment of access rightsfor a distributed system or for certain services of it The typical access control conceptsare Access Control Lists (ACL) or capabilities Both concepts are compared in Fig 715

With ACLs for each object Oi some lists are defined about who can perform someoperations Op above al the subjects (Sj) for instance write permission of a process to afile The operations are Op = R ndash Read W ndash Write E ndash Execute I ndash Invoke D ndash Delete

Fig 715 Comparison ACL and capabilities within the authorisation matrix


Fig 716 Enabled Op = R ndash Read W ndash Write Authorisation matrix for a C-S model

Fig 717 Combined security (own representation based on X800)

With capabilities the permissions are associated with a subject Sj but cannot bechanged by the subject itself One can specify which objects Oi may be modified throughthe operations Op D f g

The authorisation mapped on the C-S systems is shown below (Fig 716) Assignmentand proving of access rights (from C) to resources (namely S) can be done in distributedsystems by

bull capabilities for a subject (in this case for the client) orbull ACLs by an object (here the server)

X800 architecture Combined security in distributed systems is required Such a securityarchitecture is regulated by X800 for layered secure computing environmentscenterswhich include the following secured components and layers (Fig 717)

bull computing environments or centers (I and II)bull layers (1ndash5) as well as the communications interface (6)

76 Security in Web Applications Legal and Technological Aspects 279

bull standardisation by national laws and regulations at the EU level and internationalbull physical and organisational protection which is carried out via monitoringbull technical protection via shielding channel codingbull protection by firewalls via voluminous filteringbull use of data protection protocols and standards as well as ACL facilitiesbull securing by cryptographic methods (symmetric and asymmetric)

76 Security in Web Applications Legal and Technological Aspects

Technological and legal aspects of data security guaranteeing web systems are examinedThey are used for the creation of electronic societies in e-commerce and e-governancedomains as well as by Enterprise Application Integration (EAI) within institutions andcompanies The required level of security for web systems in international use is onlyavailable under consideration and combination of recommended complementary tech-niques and communication protocols and with the analysis of their national deploymentbackgrounds and legal basis As case studies the mechanisms and technologies of datasecurity guaranteeing gateways for electronic payment transactions and portals for mobilecommerce are examined in this section

Modern web-based systems and services [22] possess a complex distributed architec-ture for instance distributed representation business logics and database services (n-tier)A variety of communication protocols (transport multimedia messaging directory time)and architecture components are involved Frequently they operate within an internationalcontext with interactions across country and legislation area boders and simultaneouslyhave to adhere to existing regional legislation Let us represent as example a flight bookingsystem based on web User portal (depicted in Fig 718) and client management systemsare integrated with back-office and flight logistics systems The connections between userportal client management and the remaining systems are shown below in Fig 719 Theprocessed transactions 1 2 3 bind loosely the mentioned parts Two aspects have to beconsidered the legislation regarding information technology and data security [1] and thetechnology providing for data security

The motivation of the section is to explain the enhancement of modern web applicationsinto so-called data security guaranteeing web systems with appropriate development andoperation steps The contained paragraphs examine techniques of web security withpeculiarities in mobile communication XML Security as one concrete specification tosatisfy the security requirements posed by service-oriented web applications (or webservices) and legal aspects of such web application Furthermore cast studies on gatewayand portal solutions for e-payment and e-commerce are provided Hybrid solutions forSecure Electronic Transaction (SET)TLS gateways are analysed


Fig 718 Typical flightbooking user interface formobile phones connected to acomplex distributed bookingsystem

User

1

3

2ClientMana-gement

- Laws and regulations (national European international)- physical and organizational protection (monitoring supervision certification)

Information Technology Legislation

Data Security

Flightlogi-stics1 ndash Flight booking

2 ndash Billing accounting

3 ndash Reservation

- Protection via cryptographic methods (symmetric and asymmetriccryptography)- Protection via firewalls (FW) and antivirus virus software- Use of data secure protocols and standards in InternetIntranet

BackOffice

Fig 719 Technological and legal aspects of data security guaranteeing web systems


761 Technological Aspects of Data Security Guaranteeing WebSystems

Secure end-to-end-communication via web The most widely-used technology for webapplication security is the HTTPS which is HTTP sectured with TLS To achieve a goodoverall grade of security across all protection goals including integrity confidentiality andauthenticity TLS is used together with complementary techniques (Fig 720) that extendsecurity mechanisms [25] and the grade of security of web communication (for instanceIPsecVPN as well as SET)

TLS [7 13] offers secure end-to-end communication with user authentication undercompliance to Signature Right (compare SigG in Germany US DSA etc) and confidentdata transfer However a combined security architecture (X800) under considerationof legal and technological aspects is required For instance content-analysing firewallsfor defense against content manipulation threats may have to be used The TLS Recordsub-protocol workflow is shown in Fig 720 Additional sub-protocols exist TLS Change-CipherSpec and TLS Alert are shown in Fig 721

TLS is extensible in order to be future-proof regarding the development of newcryptographic algorithms TLS supports certain combinations of key exchange encrypting

SSL ndash Secure Socket Layer

Encapsulation for SSL Data

Fragmentation (F)Compression

SSL-Header

Cryptographicsystem (CS)

Advantages (+) Disadvantages (ndash)

bull Performancebull Easy Implementation

bull Key distributionbull no digital signature

bull Performance

Hybrid approach necessary

as trade-of between cryptographic strength and algorithmic performance

Used for SSLv3TLSv1PGPOpenPGPGnuPG X509v3 Kerberos v5

Alternatively fast Elliptic Curves Cryptography (RSA-equivalent Key size only 160 Bit)

bull Unproblematic keydistributionbull Digital signature possible

CS with privatekeys (symmetric)

CS with publickeys (Asymmetric)

Plain text (optionally compressed) MAC

Appending of MAC(no 2a MAC Sub-layer)

Encryption

Appending of header

PDU-Structureencrypted

Compressed

Abbreviations

Application Data

F F

MAC

Cipher

H

F

PGP ndash Pretty Good PrivacyTLS ndash Transport Layer SecurityRSA ndash Rivest-Shamir-Adleman Security

PDU ndash protocol data unit F ndash fragment H ndash headerMAC ndash Message Authentication Code (no 2a-MAC Medium Access Control)

Fig 720 TLS Record sub-protocol


Fig 721 Further TLS sub-protocols (a) ChangeCipherSpec (b) Alert

and authenticating technique so called CipherSuites Cryptography is subject to nationalrestrictions in many countries (to be detailed below) A hybrid symmetric-asymmetricmethod is used within the up-to-date TLS as a compromise between cryptographic strengthand algorithmic runtime complexity (X509v3 Kerberos v5) However as a more efficientalternative ECC (Elliptic Curve Cryptography) can be employed [8] it achieves RSA-equivalent cryptographic strength with a key length of only 160 bits An importantpeculiarity is the use of TLS in the field of mobile communication with WAP 2x Thisis an important option for m-commerce [4] Since WAP 20 an advanced transport viaTCP and secure end-to-end-communication via TLS are employed replacing the criticisedUDPWTLS combination of WAP 1x TLS does not work with UDP so the protectionof SNMP traffic is not possible For the protection of DNS traffic special solutions (forinstance Kerberos X509) are necessary Since no protected transactions are providedonly partial support for e-payment is available

Web services and TLS borderline case Simple request-reply protocols like XML-RPCor HTTPS (with TLS) are sometimes unsatisfying for the deployment of service-orientedarchitectures and web services across organisational boundaries [21] The problem isrooted in the encryption and authentication of web service messages The communicationis carried out via multiple (more than two) servers and offers security vulnerabilities if aTLS server filters certain data without encryption and authentication for instance due toman-in-the-middle attacks with spoofed certificates On the other hand fully encryptingthe content prevents caching and in many cases proper routing The solution is thereforebased on security features in the message headers (eg SOAP headers) offering end-to-end-security for services via distribution of binary security tokens in analogy to X509


certifikates and Kerberos tickets These security features are offered by among otherspecifications XML Signature (via RSA or Diffie-Hellman) and XML Encryption (viaAES) A mapping of security services onto web services is provided by the XML-basedAssertion Mark-Up Language (SAML) which is aimed at the authentication and autho-risation between security domains and certificate authorities SAML displaces ASN1(Abstract Syntax Notation One) used in Kerberos and X509 However SAML is notcompletely compatible with existing TLSHTTPS deployments Furthermore performanceis reduced due to the parsing of assertion files and the resulting considerable protocoloverhead

Technological problems and legal limitations of TLS use In spite of the shownpowerful features and properties regarding data security guaranteeing web-based com-munication TLS possesses several limitations

bull technological problemsbull legal limitations

The technological problems start with a limited adoption There is only a partial andlimited deployment in SOA (only with XML Security) and for execution of electronictransactions (only in combination with SET) no support against threats like IP sniffingand IP spoofing (only together with VPNIPsec and content filtering firewalls) not usablefor intranet UDPSNMP systems and for the protection of network file system services noprotection for DNS (via KerberosX509) no provision of security via H323 (ISDN voicetransfer) The legal limitations are depending on regional regulations From time to timecertain countries declare restrictions on the export or use of cryptographic technologies Insuch cases TLS is sensible to brute force attacks [15] due to reduced key sizes

Electronic transaction and payment systems SET SET is an e-payment system It wasdeveloped by VISA and MasterCard in cooperation with IT companies and nowadayspossesses great practical relevance The functionality of SET includes encrypted transferof credit card numbers via Internet and authentication of participating parties The actualpayment transfer is carried out using conventional banking systems and techniques [2]Figure 722 compares SET with other systems A disadvantage comes from the transactionexpenses

762 Legal Aspects of Data Security Guaranteeing Web Systems

The information technology legislation as a discipline expands the conventional areasof legislation Legal issues involved in web applications deployment include nationaland international legal co-actions due to cross-border communication legal protection ofsoftware legislation regarding provision of online services legal protection of offered


Fig 722 E-payment systems and SET (Source wwwrninftu-dresdende)

multimedia user data legal protection of databases and database products legal protec-tion of domain names regulations regarding cryptography and contract regulations ine-commerce

Relevant legislation for e-commerce in Germany The survey in Table 76 is based onJuris by the Federal Ministry of Justice and summarises the German legislation regardinge-Commerce [1 3 20] Regulations specific to distant selling are written down in theGerman Civil Code (BGB) The TMG (Federal Telecommunications Act) regulates thecountry of origin principle (sect3) mandatory particulars (sect6) and responsibilities (sectsect7ndash10)of service providers European regulations regarding e-commerce were integrated into theBGB (German Civil Code) They can be found in the general part (regulations regardingconsumer protection) Transnational business processes involve different laws the lawof the country of the vendor the law of the country of the customer and the law of thecountry where the server is placed Within the European Union the EC Directive onElectronic Commerce (200031EC) is decisive In general the contract parties are freeto choose the law applicable to their contract as stated in the convention on the lawapplicable to contractual obligations which was realised in Germany by the article 27EGBGB (introductory act to the civil code) In e-commerce a contract becomes valid bya demonstrably submitted electronic declaration of intent This includes digitally createdand electronically submitted declarations of intent

BDSG (Bundesdatenschutzgesetz) is the German Federal Data Protection Act (FederalData Security Law) It operates together with the further data protection acts in Germany inthe area-specific regulations eg TMG (Telemediengesetz 2007 ndash Telemedia and Internet


Table 76 E-commerce legal aspects and corresponding German laws

Web application security topic Legal basis in Germany

BGB AGB ZPO BDSG SigG TKG TMG UWG

Contract law x x

Deputy legal norm (Stellvertre-tungsrecht)

x

Law of obligations x x

Obligation of vendor and customer x x

Right of withdrawalreturn x x

Separation between advertisement andcontent

x

Use of cryptography x

Certificate authorities x x x

Usage Law) or SigG (Signaturgesetz 2001) BDSG controls the exposure of personaldata which are manually processed or stored in IT systems The TKG (Telekommu-nikationsgesetz) is the Federal Law for the regulations of the content in the area oftelecommunications With the changes in 2007 more protection of telecommunicationclients within the TKG was integrated as well as some new regulations on telco monitoringfor VoIP applications became available

German abbreviations in Table 76

1 BGB ndash Buumlrgerliches Gesetzbuch (Federal Civil Code)2 AGB ndash Allgemeine Geschaumlftsbedingungen (Common Business Conditions for

E-Commerce)3 ZPO ndash Zivilprozessordnung (Federal Code of Civil Procedure)4 BDSG ndash Bundesdatenschutzgesetz (Federal Data Security Law)5 SigG ndash Gesetz uumlber Rahmenbedingungen fuumlr elektronische Signaturen (Frame Condi-

tions for Digital Signature Use)6 TKG ndash Telekommunikationsgesetz (Federal Telecommunications Act)7 TMG ndash Telemediengesetz (Federal Telemedia Law)8 UWG ndash Gesetz gegen den unlauteren Wettbewerb (Federal Law against unfair Compe-

tition)

Regulations of cryptography Cryptography is subject to legislative regulations in manycountries Usually this concerns export of cryptography In some countries also importproduction use and supply of cryptographic products and services are regulated In the fol-lowing a survey of relevant multilateral agreements and the national regulations of somecountries is given The following information is based on [17] Most national regulationsregarding cryptography are based on the provisions of the Wassenaar Arrangement (WA)The Wassenaar Arrangement was signed in 1996 as follow-up to COCOM (Coordinating


Committee for Multilateral Export Controls) It was amended in 1998 and 2000 differentcountries stick to different versions of its provisions Presently the WA is composed of40 countries including the Russian Federation and Ukraine The Wassenaar provisionsare not directly applicable they have to be implemented into national law by each membercountry The Wassenaar provisions regarding cryptography are not presented here Insteadthe resulting European regulations and national legal situations of selected countries arepresented

bull European Unionbull USAbull Germanybull Francebull China

In the European Union the export of cryptography is regulated by Council RegulationNo 13342000 Export within European Union is free with some exceptions for instancecrypto-analysis systems For those general intra-community licenses are available Forexport to Australia Canada Japan New Zealand Norway Switzerland and the USACommunity General Export Licenses are available For export to other countries exportlicenses specific to the target country can be filed for

The USA signed the Wassenaar Arrangement without the General Software Note butincluding the changes from December 1998 The export of cryptography is restricted Theregulations have been relaxed in several steps over the past years [17] Export under alicense exception is allowed after a technical review by BIS (Bureau of Industry andSecurity) for cryptography of any key length destined for non-government end-usersin any country except a group of seven countries and also for government end-usersin the European Union Australia Japan New Zealand Norway and Switzerland Thesame applies for products specifically designed for individual consumer use of any keylength destined for any recipient (excepting a small group of countries) Export to othergovernments requires a license Unrestricted crypto source code can be exported to anyend user under a license exception without technical review BIS demands a copy of theURL of the source code All other source code can be exported under a license exceptionafter a technical review to non-government end users Knowing export of source code tostates under embargo is forbidden but provision on the WWW does not require checkingfor a downloaderrsquos location Any cryptography can be exported to subsidiaries of US firmswithout technical review Post-export reporting is required for exporting certain productsabove 64 bit

The export of cryptography from Germany is regulated according to European Unionregulations and the Wassenaar Arrangement Use and supply of cryptography are notrestricted The legal situation in Austria is similar regarding use of cryptography

The import and export of cryptography in France are regulated by Law 2004-575Import from within the European Union and the EEA (European Economic Area) is free


Table 77 Regulation of crypto-technologies in France

Category Import Export Supply Use

Authentication-only cryptography F F F F

Cryptography for confidentiality (key length lt= 40 bit) F A D F

Cryptography for confidentiality (key length40 128 bit)

F A D D

Analogue cryptography (in fax machines) F F D F

Specific applications of cryptography that donrsquot enableto the user to encrypt data

F F F F

Crypto-equipment accompanying an invitee of the state F F ndash F

Other A A A A

Regulations of cryptography are based on a subdivision of cryptographic products intoseven categories (see Table 77 data based on [17] Special regulations exist for temporaryexport If encrypted data is found during a crime investigation qualified persons arerequired to decrypt data

The following aspects have to be noticed in Table 77 F ndash Free D ndash Declarationrequired A ndash Authorisation required F for private use only otherwise declarationrequested

Peoplersquos Republic of China Import and export of cryptographic technology require alicense by the State Encryption Management Commission Use and production of cryptog-raphy are also restricted Manufacturers must obtain an approval for their cryptographicproducts this requires a specification of the type including the key length Encryptionproducts of foreign origin may not be distributed only approved products may be usedFor securing WLAN networks WAPI (WLAN Authentication and Privacy Infrastructure)a Chinese national standard must be used WAPI uses a proprietary symmetric encryptionalgorithm Therefore its cryptographic strength cannot be estimated

Example 72 An important disadvantage of SET use lies in the transaction expendituresdue to orientation on large clients (banks clearing houses) A fruitful idea is to combineareas of TLSSET encryption and authentication via special TLSSET gateways (Fig 723)This will lead to a considerable simplification of the SET authentication scheme and costreduction for service providers (banks) and users (mainly the small business sector)

The following researches in the field of TLS are necessary

bull The crypto-parameters are assigned at the start via the TLS Handshake sub-protocoland must be changed frequently due to increased risk of key breaking within durablesessions

bull TLSSET gateways must support SOA-conventional schemes of communication withmultiple parties and be inter-operable with XML Security


Fig 723 SET-TLS gateway more attractiveness for the small business sector

77 Steganography in Distributed Systems

Use cases for steganography Steganography deployment in distributed systems ismeaningful in situations where the use of the cryptographic methods and protocols isrestricted or even prohibited The governmental controls and rigorousness of the lawsconcerning cryptography is shown in Fig 724 The data for the depicted distributions havebeen acquired on a review [27] Therefore in some regions of the world the deploymentof the listed methods is strongly state-restricted or even prohibited nowadays

Some governments such as in Pakistan Russian Federation and Peoplersquos Republicof China limit significantly the civilian use of cryptography in particular for messageexchange and storage devices But for circumventing an official encryption ban the onlyworkaround is steganography If the secret message can be hidden and isnrsquot recogniz-able as an encrypted message the use of secure steganography can not be effectivelyprosecuted Therefore steganography is the necessary workaround Furthermore thecombination of steganographic and encryption methods is a powerful argument against any

77 Steganography in Distributed Systems 289

no data available

domestic controls

law demandingdecryptionsmall and specialcontrolsdecryption order andspecial controls

DOMESTIC CRYPTO REGULATIONS

(c) Bert-Jaap Koopsunclear

no domestic controls

Fig 724 Distribution of governmental controls and rigorousness of the laws concerning cryptog-raphy (Source wwwcryptolaworg)

state paternalism Especially since implementations of encryption concepts that provideeffective protection are available as freeware and open source software (refer PGP)

Stenography definition Let us give a general definition of the discipline Steganographyis the science of hidden embedding storage and transmission of confidential informationwithin a carrier medium called a container The word for the discipline consists of twoancient Greek ingredients

bull ldquosteganosrdquo = ldquocoveredrdquo (compared to ldquocryptordquo = ldquosecretrdquo)bull ldquographeinrdquo = ldquowriterdquo

Therefore it means ldquosteganographyrdquo = ldquocovered writingrdquo (compared to ldquocryptographyrdquo= ldquosecret letterrdquo) The modified medium is referred as a ldquosteganogramrdquo (compared toldquocryptogramrdquo) Let us exemplify the history of stagonography [27] Already Herodotusone of the first historians reported about 2500 years ago about how to keep confidentialcommunications with steganography These were the times for creative things apparentlyunused wax writing tablets bearing the message on the wood under the wax layer Onother occasions messages were sewn into animals and ndash as prey and gift ndash contributedto the receiver via the messenger himself ndash often dressed as a hunter (called courteouscavalier) Slaves were tattooed with a shaved head the message on the scalp and sent tothe receiver once the hair had grown back for a re-shave But steganography is not limited


to these historic examples Nowadays certain other examples are still in use 2500 yearslater with the computer being a commonplace instrument steganography became popularand wide-spread than never before

The steganographic methods hide the messages (steganograms) into a huge varietyof media applications due to the large amount of redundant data in comparison to plaintext The containers are news pictures music videos and rich text files including XMLand HTML comments as well as obfuscated source code files The explosive messagespass mostly undetected to their receivers But what happens if an attacker searchesspecifically for embedded messages What about compressed media Usually this is goodfor bandwidth in the networks but it offers less container space for hiding messages

Motivation What is the motivation to steganography Encrypted messages are some-times too apparent They lead to the impression that the sender probably has something tohide and thus draw solely the suspicion on him- or herself The suspicion can be hiddenvia a neutral harmless carrier medium This kind of secrecy has a propos a long traditionwhich will be explained with historic examples Figure 725 gives a general example ofthe terms and processes in steganography

771 Steganography in Development

Steganography vs cryptography Similar to cryptography the goals of steganographyencompass security and confidentiality information to be concealed (hidden) so that

Fig 725 A steganographical application


for a third party nothing is noticeable excluding the evident content of the carriermedium (neutral harmless text image audio or video) The steganographical conceptsensure that confidential information is not disclosed to third parties The classification ofsteganography is usually carried out in two possible ways either it is considered a sub-chapter of cryptography or as an independent science Nowadays one needs to considerthe enhancing role of steganography Thereby it is important

bull that the objectives of cryptography (confidentiality via evident secrecy) do not coincidewith the objectives of steganography (confidentiality via hidingconcealing)

bull in practice cryptography and steganography are often combined

Steganography can be deployed with two different aims

bull as supplement to wide-spread cryptographic methodsbull by legacy limitations for cryptography inset

Some famous steganography examples from fine arts To this category of earlysteganography belong multiple oevres paintings with hidden messages and statementswhich are perfectly visible to the human eye but only to the conscious and attentiveobserver A first such case is ldquoThe Ambassadors rdquo or the portrait of Jean de Dintevilleund Georges de Selve (1533) which is shown in Fig 726 The painting is superimposed

Fig 726 The Ambassadors(1533) (Source wikiartorg)


at the National Gallery Trafalgar Square London Its author is Hans Holbein the Younger(1497ndash1543) the technique is oil on oak board Holbein has embedded a secret message(steganogram) in this famous painting in 1533 Notice that the primary function of anypainting of that epoque is a digital photo But let us analyse the image accurately

Both noble lords have magnificent clothes The Persian carpets lute two books ()in mathematics and of poetry binoculars sundial and sextant quadrant with globe andastrolabe can give a hint on religious intellectual and artistic interests of both personagesbut there is a steganogram a deformed skull acts as mortality symbol (Fig 727)

Nowadays digital photos have taken over the function from paintings to act as legaldocumentation and pieces of proof The people in former times had to hire a reputablepainter The next example of steganography in the area of fine arts is the ldquoArnolfiniMarriagerdquo (1434) which is shown in Fig 728 The painture is from the National Gallery

Fig 727 The steganos to ldquoThe Ambassadorsrdquo (1533 source wikiartorg)

Fig 728 The ArnolfinirsquosMarriage (1434) (Sourcewikiartorg)


Trafalgar Square London The painter created the oevre in oil on oak board His namewas Jan Van Eyck (1390ndash1441) called ldquoking of paintersrdquo even after centuries after histime [26]

However there is a known fact about Jan Van Eyck diplomatically delicate jobs werenot a novelty for him But realise for example that Duke Philippe III one of the rulersof Burgundy wanted to marry Princess of Portugal Isabella In reality Philippe has neverseen the princess in his life For his patron Van Eyck painted the portraits of Isabellaand Philippe next to each other Obviously Duke Philippe was happy with the results andmarried her But let us analyse the image What is in the front The painting was createdin Bruges ndash the known rich port city in Flanders back then a northern county of the Duchyof Burgundy The Arnulfinis were at that time rich bankers and a merchant family living inthe city On the basis of this painting marriage book entry a legislative act for the registryoffice had to be done Notice that the painter signed the image as document in the role awitness This is very important for us evidence of the development of the written contractlaw

But beyond the signature the painting is also full of optional secret symbols eachobject in the room is meaningful The possible steganography meanings are as follows

bull oranges and lemons imported from Spain ndash prosperitybull a glass window in the XV-th centurybull cooper light on the ceiling expensive mirror on the wallbull small dog valuable race ndash fidelitybull wrinkles on the clothing of the woman ndash possibly pregnancy meaning tenderness and

fertility but also controversy Burgundian fashion

Posible meaningful steganos of which historians are not sure even after an extendedanalysis (details in Fig 729)

bull the slippers (= controversy conflict = no marriage)bull the mirror (by zoom the witnesses are seen)bull ldquoleft hand marriagerdquo ldquomorganatic marriagerdquo

Further considerations are as followsThe woman ldquostands significantly lowerrdquo both literally on the picture and figuratively

within the social system A morganatic marriage (meacutesalliance) implies that there areno inheritance right for her and her children in case of death of the husband Marriagecertificates were normally issued in such cases until the morning of the following daySome researchers even discuss about the relation being only an engagement instead of amarriage There is also the opinion among scholars in this field that the painting may showthe alternative marriage of his cousin who had a similar face


Fig 729 Some steganos to ldquoThe Arnolfinirsquos Marriagerdquo (1434 source wikiartorg)

772 Steganography Main Concepts

Example 73 Let us consider a simple example with a photo-carrying holiday postcardas carrier medium (container) shown in Fig 730 The postcard should be sent with thefollowing text written on it

Dear colleagues We now finally enjoy our holidays on these wonderful islands of Spain Theweather is really good accommodation also as well as the food Great Regards M K

Compare the meaning of the text with the one conveyed by the same text but with alittle bit of formatting change

Dear colleaguesWe now finally enjoy our holidays on these wonderful islands of SpainThe weather is really goodaccommodation alsoas well as the foodGreat Regards M K

Do you see the difference The way the words are positioned can by itself convey asecret message for instance by using the word count per line or the character count perword and building a new alphabet over these numbers

In computer-aided networked steganography an attacker tries to filter out the messagedirectly from the steganogram ndash unless he or she knows which application has hiddenthe message in the picture or sound track In this case the extraction can happen moresystematically


Fig 730 A simple example with a postcard (own photo)

Kerckhoffsrsquo principles Kerckhoffsrsquo principles (KP 1883) are known from cryptographyKP 1883 states that the security of a system should not depend on the secrecy of thealgorithms but only on the secrecy of a key If a secure method is given therefore onlythe knowledge of the correct key for the decryption is of importance The considerationof KP 1883 in steganography is historically considered of secondary importance as thetransmitted information is unrecognizable for human senses But nowadays steganograpicmethods and applications become more and more available for instance as open sourcesoftware and therefore the extraction of secrets also becomes trivial when assuming thewide-spread use of these applications This is why in recent times in steganography agreater effort must be taken similar to cryptography to meet the standards of KP 1883

Thus there is nowadays a separation into

1 Symmetric steganography2 Asymmetric steganography (public-key steganography)

Similar to symmetric cryptography by applying symmetric steganography a sender and areceiver exchange a secret key in advance to encrypted message transfer They both knowin what way and where a message is hidden In asymmetric steganography ndash just likein asymmetric cryptography ndash a public key is available and possibly even authenticatedwhich is used to hide a message The message is asymmetrically encrypted with the public


Fig 731 A steganographical application unrecognisable coding decoding but no compression

key and embedded into a container with a lot of noise data The encrypted and embeddedmessage can be read only by the message receiver that possesses a specific private keyNobody else can decrypt the message According to KP 1883 nobody is even able to findor decrypt the hidden message in the medium

But the developers of steganography software feel no lack of ingenuity and creativityNowadays there are several steganography applications including algorithms for a lot ofdifferent image formats audio formats tools for different text formats and some exoticsfor example transforming bits in nonsense texts or troublesome spam (Fig 731)

Let us exemplify some further steganography examples beyond the digital world usingphysical objects They are as follows

bull wax tabletsbull spaces in formatted textbull invisible inkbull data points on clothes

Some advanced examples (visualised in Fig 732) are explained below for examplechanging the individual bits of the pixel graphic files (as a rule in red)

bull input bitmap file (with 24-bit color depth) pixel colors from red-green-blue (RGB)bull changing of the bits is unrecognizable


Fig 732 (a) Embedding of steganogram into red colour (b) Embedding of shadowing in somewide-spread gaming applications Examples of steganographic applications

bull insertion of letter T (with ASCII value 84) hidden in red colorbull red values 065 098 111 234 101 000 244 038bull addition of the bits of ASCII T bits 0 1 0 1 0 1 0 0bull changed red values 065 099 111 235 101 001 244 038

Or another example

bull every 10th bit in the red color is reserved for hidingbull easy for programming for example as a PHP script

A further approach is tied with mixing of noises in some voice transfers or VoIPtransmission This category of steganograms can be also combined into videostreams or recorded gaming but without the use of loss-afflicted compressionmethods

Example 74 Several businesses have specialised on products and services aroundsteganography Company Steganos (founded 1997 in Dresden Germany) has been one ofthe first and plays a role as a reference with commercial success for protection of digital


Fig 733 Steganographical applications from steganoscom

privacy [6] The products encompass a file hiding application as well as general computersecurity products such as a VPN client and a password manager A file hiding scheme isshown in Fig 733

773 Watermarks and Steganography

Although watermarks are a special kind of steganographical applications they are well-known in paper form since 1282 The first deployment of watermarks was carried out inthe paper mills of Bologna Watermarks have always been important to prove the followingproperties of paper documents (as securities)

bull authenticitybull originalitybull authorshipbull copyright

But watermarks were up to a few years ago focused on material support in particularpaper and cardboard bills securities trademarks on products Another kind are seals onhigh-value products such as processors

Nowadays digital watermarks are in use which adapt the concept to digital media Theyare used to protect digital works against unauthorised copies A digital work can contain a


visible or invisible copyright notice This statement should be so anchored that the unau-thorised distributor can not remove it or obscure it without pervertingchanging the carriermedium to uselessness After the copyright notice is destroyed the digital document videoor song becomes of such poor quality that its use and further distribution is no longeruseful A digital watermark must therefore be robust It is of secondary importance whetheran attack can demonstrate the changes in a file with a watermark The entertainmentindustry and media companies spend continuously a lot of money for the development ofrobust digital watermark technology In practice these concepts (collectively called digitalrights management) barely work against sufficiently technically-skilled distributors Onthe other hand in combination with steganography personalised watermarks allow easyidentification of (already known) distributors

Example 75 A scenario not hard to imagine with todayrsquos online social networks Youfind a website where photos of yourself are published But you are the originator andonly you possess the copyright on these photos and nobody else Two questions will thenarise

bull How can you prove the unlawful use and potential privacy violation andbull How do you prove that you are the original photographer

Visible digital watermarks A visible digital watermark is depicted in Fig 734 Suchwatermarks are common on the Internet with so-called stock images These are photos or

Fig 734 Visible watermarks(Source Corbis)


Fig 735 Steganography and watermarks examples for invisible watermarks

clipart pictures which typically show up among the top results in image searches Thelionrsquos share of the visible watermarks belong to few companies including Corbis andGetty Images These companies obtain together the rank of the largest image and mediaCorbis for instance is a digital media company from the USA It takes care of the sale anddistribution of photos and film materials and related rights The collection comprises over100 million image archives over the world

But what if digital watermarks are invisible The benefit of the invisible watermarksbegins where the benefits of the visible ends by the purchases of digital imagesWatermarks obtain a large and important part of the image cover and have the followingcharacteristics

bull robustnessbull no visible quality losses (not visible to people with normal eyes only for trained vision

or for software)bull verification with specific software due to embedding of extra bitsbull compression methods provide for the watermarks a problem

An invisible watermark example for copyright is given in Fig 735 What is therefore thedemarcation between steganograms and digital watermarks In contrast to pure steganog-raphy the watermarks pursue secrecy and confidence not in the first time (Fig 736)but the robustness against attacks on digital watermarks is of primary importance Thisposition can in extreme cases lead to noticeable changes of the carrier medium Robustdigital watermarks are usually designed so that the elimination of a digital watermarkfollows to irreversible degradation of the carrier (container) until it becomes unusable

78 Anonymity and MIX Networks 301

Fig 736 Steganograms and invisible watermarks demarcations between pictures Picture usedFrans Snijders Still life with a monkey a squirrel and a cat ca 1625 (Source wikipaintingsorg)

78 Anonymity and MIX Networks

Anonymity in WWW There is a difference between dreams (more accurately expecta-tions) and reality when browsing the content of the world-wide web an everyday activityfor hundreds of millions of people The expectation for the average user is as follows

bull easy and undetected surfingbull nobody knows and watches the usersbull unlimited possibilitiesbull unregulated (ldquolawlessrdquo) areas

But the coarse reality is in contrast to the expectations

bull anonymous surfing is often not availablebull traced connections and cached addressesbull permanent query and caching of personal data (logons competitions and registrations)bull partial privacy abusebull certain censorship exists even in decentralised webs

Then who needs the anonymity in the WWW indeed There are good arguments for andagainst anonymity which shall be briefly compared Pro anonymity


bull privacy must be guaranteed just like for real lifebull protection against all-round monitoring (like from Big Browther in Orwellrsquos novel

ldquo1984rdquo)bull decision right about who should be able to reveal onersquos identity (informational self-

determination)bull main principle of the BDSG or other similar national and state-wide privacy actsbull consent to the processing of personal data which is only allowed if the individual has

confirmed it or if a law allows this processing

Against anonymity there are less but still a few arguments

bull one should not have to be anonymous if one has nothing to hidebull (inter)national security and safety against terrorist attacks and similar threatsbull protection against illegal machinations (child pornography racism political persecu-

tion)

In the wider Internet the pro-arguments are nowadays widely understood Still due to theoften emotional debates involving the con-arguments anonymity and related digital rightssuch as pseudonymity and strict opt-in to all services including surveillance are still notuniversal

MIXes for anonymity To enforce a certain level of anonymity under the assumptionthat the communication device including the web browser and other network clientsis safe so-called MIXes are used The concept was introduced by David Chaum in1981 MIX networks are special transcoding secured networks The MIX nodes servefor the anonymous communication within a secured network (analog VPN) But the fourbasic functions of a MIX network regarding the messages are as follows (also shown inFig 737)

f1 filteringI 2 collectingI 3 transcodingI 4 sortingg (71)

As a rule MIX networks use a hybrid cryptosystem combined performance and securekey distribution efficiency are combined [10] The MIX main features are

bull receiver anonymity the receiver remains anonymous to the transmitterbull transmitter anonymity the transmitter remains anonymous to the receiverbull both the sender and receiver remain to each other anonymous

The requirements to the MIXes are formulated via D Chaum

bull all MIXes that were traversed by a message have to work together


Fig 737 (a) MIX network (b) D Chaum (Picture source Wikipedia) A MIX network with basicfunctions

bull all other transmitters and receivers of the simultaneously mixed messages in all MIXeswork together

bull an attacker has unlimited computing power

Let us investigate the problem a little bit deeper Tied to the mentioned anonymity conceptthe ldquoanonymiserrdquo as a category can be used It is defined to be an application system ornetwork that helps the users to maintain their privacy and anonymity in the Internet andWWW The anonymiser types can be defined as follows

bull simple anonymisersbull MIX cascadesbull anonymous P2P nets and MIX networks

The simplest anonymisers can be connected to a proxy or a VPN provided via the protocolsL2TP IPSec or PPTP As an example the OpenVPN software can be mentioned The kindof proxy is connected between the users and the target computers Since the proxy orVPN communicates instead of (and on behalf of) the user with the target machine theconnection to the original user cannot be traced as easily as without the intermediateThe data streams between the users and such simple anonymisers have to be encryptedadditionally The simple anonymisers in the form of VPN or proxy can deploy on the basisof TLS and can therefore be combined with a variety of applications Among them arethe following remailers based on e-mail servers cryptophones PGP products like ZfoneBlackphone or OpenVPN

The modern and more efficient anonymisers can use the so-called cascaded MIXes Thecritical data are encrypted several times and passed through several layers of protection


Fig 738 MIX cascades (left) and MIX networks (right)

where each layer of encryption has to be decrypted back Only through encryption anddecryption on the other end of the cascade the data becomes usable again The concept ofa MIX cascade is shown in Fig 738

Only the attackers which possess the total control via all of the MIX cascades controltherefore the data stream completely Even if only a single MIX remains intact or isattacked by an independent third party the overall system remains in any case safe fromthe perspective of the user Software solutions like JonDo or JAP can be qualified asMIX cascades The users are aware that single anonymisers within the cascade stagesare certified regarding their data security and deployment of the cryptographic methods

But even with MIX cascades there is no guarantee that the various nodes or providersdo not cooperate Even if they are located in different countries or jurisdictions this mayhappen The safe conclusion is that one of the MIX nodes must be provided via the userhim- or herself with the required anonymiserrsquos service which is installed onto a user-controlled device In this case the own data can be MIXed with data from further usersand better secured resulting in anonymity like it is typical for a large network with manyparticipants (Fig 738)

Assessment of MIXes The most known MIX applications are as follows

bull TORbull JAP

TOR The Onion Routing has its origins in the USA Its MIXes are used for the anonymityof TCP connections (web browsing instant messaging SSH P2P applications) It protectsagainst traffic analysis for its users which makes it suitable for Skype JAP Java AnonProxy has roots in Germany at TU Dresden and University of Regensburg It follows asimilar approach which offers anonymity for the data traffic of users But using MIXesis not without drawbacks The most important problems tied to the MIXes are dividedinto [12]

bull traffic through a MIX is huge it means certain performance losses and it is not clearwho can compensate the QoS losses

bull MIX payment models regular financing of their operation are not yet definednowadays only few sponsors exist


Fig 739 A MIX network for receiver anonymity

Example 76 A simple example of MIX anonymity is given in Fig 739 A simpleencrypting MIX network functions as follows

bull messages are encrypted under a sequence of public keysbull each MIX node removes a layer of encryption using its own private keybull the node shuffles the message order and transmits the result to the next node

This functionality may not be enough when at the receiverrsquos side all connectionsare joined again and a potential attacker could just concentrate on this part To mit-igate this risk the MIX concept needs to be compared with the previously presentedRAIC concept An extended example of a RAIC with transparent encryption andanonymity based on MIXes is depicted in Fig 740 This combined concept wouldbe named RAIC-RAIN as it combines independentredundant clouds with indepen-dentredundant network connections For the given RAIC certain advanced features areavailable

bull safe and anonymous hybrid access both public + privatebull good privacy for a user is foreseenbull no attacker awareness about the backup cloud structure possiblebull mutual anonymity for a sender (user) and the receivers (providers) could be provided


Fig 740 MD ndash Message Digest MAC ndash Message Identification Code AES ndash Advanced Encryp-tion Standard RSA ndash Rivest Shamir and Adleman Encryption PKI ndash Public Key Infrastructure(X509 Kerberos) RAIC-RAIN transparent encryption and anonymity over redundant networkconnections to redundant clouds

With all the presented tools and techniques a reasonable degree of practical security canbe achieved in networked environments The integrity of devices is ensured by havingfirewalls against malware and network attacks The confidentiality of data is ensured bydisk encryption and their concealment by steganography as well as by mix cascades Theavailability of data requires a distribution ideally in the form of a RAIC in conjunctionwith encryption and steganography and a mixed transmission to maximise the overallprotection

79 Conclusions

This chapter has discussed technological and legal aspects of data security guaranteeingdistributed systems and web systems used in e-commerce e-governance and enterpriseapplication integration domains including a brief discussion of implementation detailsThe required level of security is only available under consideration of complementarytechniques and communication protocols with thorough analysis of their national deploy-ment background The discussed technological and legal aspects of the web applicationshave been illustrated with own investigation results and practical implementations Anincreasing importance is attributed to steganographic applications which are able to securemessages privacy and art drsquooevres without cryptography deployment under restrictivelegislation as well in the powerful combination of cryptographical and steganographicalconcepts Besides the classical approaches the anonymity aspects in distributed systemsare supported via deployment of MIXes MIX deployment can solve the problems ofanonymous surfing

References 307

References

1 BDSG ndash Bundesdatenschutzgesetz German Federal Law online httpwwwgesetze-im-internetdebdsg_1990indexhtml 19902009

2 SET Secure Electronic Transaction Mastercard and VISA 19973 SigG ndash Gesetz uumlber Rahmenbedingungen fuumlr elektronische Signaturen German Federal Law

online httpwwwgesetze-im-internetdesigg_2001indexhtml 20014 Wireless Application Protocol Architecture Specification online httpwwwwapforumorg

whattechnicalhtm 20025 Firewall classification excITingIP online httpwwwexcitingipcom 20156 Steganos ndash Privacy software made easy online httpswwwsteganoscomen 20167 U Black Internet Security Protocols ndash Protecting IP Traffic Prentice Hall 2001 304 p8 S Blake-Wilson N Bolyard V Gupta C Hawk and B Moeller Elliptic Curve Cryptography

(ECC) Cipher Suites for Transport Layer Security (TLS) RFC 4492 May 20069 Gilles Brassard Cryptography in a Quantum World In SOFSEM p 3ndash16 2016

10 David Chaum Untraceable electronic mail return addresses and digital pseudonyms CommACM 24(2)84ndash90 February 1981

11 C Michael Chernick Charles Edington III Matthew J Fanto and Rob Rosenthal Guidelinesfor the Selection and Use of Transport Layer Security (TLS) Implementations NIST SpecialPublication 800-52 2005

12 George Danezis MIX Networks with Restricted Routes In Privacy Enhancing TechnologiesThird International Workshop (PET) March 2003

13 T Dierks and E Rescorla The Transport Layer Security (TLS) Protocol Version 12 RFC 5246August 2008

14 Carol Fung and Raouf Boutaba Intrusion Detection Networks A Key to Collaborative Security2013 261 pages

15 Christina Garman Kenneth G Paterson and Thyla Van der Merwe Attacks Only Get BetterPassword Recovery Attacks Against RC4 in TLS In USENIX Security 2015 p 113ndash128 2015

16 Adam Hils Greg Young and Jeremy DrsquoHoinne Magic Quadrant for Enterprise NetworkFirewalls Gartner April 2015

17 Bert-Jaap Koops Crypto Law Survey online httpwwwcryptolaworg 2008201318 Gunter Saake Muhammad Saqib Niaz Merkle Hash Tree based Techniques for Data Integrity

of Outsourced Data In GvD p 66ndash71 201519 Maryline Laurent Nesrine Kaaniche Ethmane El Moustaine A Novel Zero-Knowledge Scheme

for Proof of Data Possession in Cloud Storage Applications In CCGRID p 522ndash531 201420 M Pierson Computer- und Multimediarecht Hanser-Verlag Taschenbuch der Informatik

2007 esp pp 510ndash52421 M I P Salas and Eliane Martins Security Testing Methodology for Vulnerabilities Detection of

XSS in Web Services and WS-Security Electr Notes Theor Comput Sci (ENTCS) 302133ndash154 February 2014


23 Bruce Schneier SHA-1 Freestart Collision online httpswwwschneiercomblogarchives201510sha-1_freestarthtml 2015

24 Martin L Shooman Reliability of Computer Systems and Networks Fault Tolerance Analysisand Design Wiley 1st edition 2002


25 W Stallings Network Security Essentials Prentice Hall 2002 366 p26 Jan van Eyck The Arnolfini Wedding The Portrait of Giovanni Arnolfini and his Wife Gio-

vanna Cenami (The Arnolfini Marriage) httpwwwwikiartorgenjan-van-eyckthe-arnolfini-wedding-the-portrait-of-giovanni-arnolfini-and-his-wife-giovanna-cenami-the-1434 1434

27 Andreas Westfeld Principles of secured steganography Doctoral dissertation 200028 Greg Young Hype Cycle for Infrastructure Protection Gartner August 2015

Appendix ASelected Originators and Designersof Distributed Systems

The book has introduced several technical algorithms methods systems and servicesThese have evolved over time sometimes by invention but more often by refinementand improvement over previous ideas Hundreds of researchers have been involved inthis process Now it is time to present some selected biographies of researchers systemdesigners and entrepreneurs to give an idea about how the technology has come aboutEach person is introduced with a portrait (picture sources Wikipedia Brian Solis Joi Ito)

A1 Edgar Frank ldquoTedrdquo Codd

bull born in 1923 in England died in 2003 in Floridabull British mathematician and theorist database

copy Springer Fachmedien Wiesbaden GmbH 2017A Luntovskyy J Spillner Architectural Transformations in Network Services andDistributed Systems DOI 101007978-3-658-14842-3

309

310 Appendix A Selected Originators and Designers of Distributed Systems

bull created in the 1960s and 1970s the relational model which is the basis for all relationaldatabases nowadays

bull Raymond F Boyce developed the so called normal Boyce-Codd form (BNCF)bull for his work in the field of databases awarded in 1981 with A Turing Award (the highest

award in computer science)

A2 Tom De Marco

bull born in 1940 in Pennsylvaniabull has had a great influenced to Software Engineering (SWE) as disciplinebull inventor of Structured Analysis (SA) and of Structured Systems Analysis and Design

Method (SSADM) as methods for SWE (1979ndash1986 together with Edward Yourdon)bull project management as basic conceptbull co-founder of the company ldquoThe Atlantic Systems Guildrdquo in which he works still today

A3 Grady Booch

bull born in 1955 in Texasbull American computer scientist ldquoThe IBM Chief Scientistrdquobull worked on the field of modular and object-oriented software design and class libraries

including Adabull author of the SWE methods Object-Oriented Development (OOD 1990) Unified

Modelling Language (UML 1997)bull member of the so called ldquo3 Amigosrdquo (with James Rumbaugh and Ivar Jacobson) which

are considered as the founders of UML

Appendix A Selected Originators and Designers of Distributed Systems 311

A4 James Gosling

bull born in 1955 in Canadabull one of the main originators of Java (1993ndash1994)bull worked from 1984 until 2010 at Sun Microsystems then a few months for Googlebull nowadays he works at a Californian company as Chief Software Architect

A5 Sir Timothy John Berners-Lee

bull born in 1955 in Londonbull British computer scientist and physician at the European Organization for Nuclear

Research (CERN Conseil Europeacuteen pour la Recherche Nucleacuteaire)bull author of the operating system (OS) NeXTSTEPbull inventor of the Hyper-Text Markup Language (HTML) and founder of the World Wide

Web (1990)


bull created also the first website (infocernch)bull as well as a first search enginebull member and president of the World Wide Web Consortium (W3C)bull Massachusetts Institute of Technology (MIT) professor and chairman at University of

Southampton

A6 Tim OlsquoReilly

bull born in 1954 in Cork Irelandbull involved in the development of Perl scripting languagebull founder and head of the OrsquoReilly Publishing publicistbull software developer in open sourcebull one of the pioneers of the term Web 20 as a combination of classical web and other

technical innovations like social networks and clouds (2005) Web 20 = classical web+ social networks + clouds


bull in reference to the term ldquoWeb 20rdquo exists ldquoWeb 30rdquo titled by J Markoff (2008) whichadds to the concepts of classical webWeb 20 the concept of a ldquosemantic webrdquo Web30 = Web 20 + Semantic Web

A7 Roy Thomas Fielding

bull born in 1965 in Californiabull American computer scientistbull main inventor of the protocol Hyper-Text Transfer Protocol (HTTP) and the software

Apache HTTP serverbull developer of the RESTful web service approachbull worked until 2008 for Sun Microsystemsbull is nowadays at Adobe Systems as projectsrsquo main developer

A8 Sergey Brin


bull born in 1973 in Moscowbull US-American computer scientist and architectbull together with Larry Page wrote the master thesis ldquoThe Anatomy of a Large-Scale

Hypertextual Web Search Enginerdquo as the basis for ldquoGoogle Servicerdquobull developed the Google Search Engine (the prototype was launched on in 1998) and then

founded the Google companybull co-author of other Google products

A9 Philip R Zimmermann

bull born in 1954 in Camden New Jersey USAbull inventor of the e-mail encryption software Pretty Good Privacy (PGP)bull fellow of the Stanford Law Schoolrsquos Center for Internet and Societybull running the company Silent Circle from Switzerland due to privacy concerns

A10 Remembering the Pioneers

While computer science and telecommunications are relatively young fields of researchand development the recent years have seen many designers engineers and hackers passaway This paragraph remembers the early pioneers who made many of the presented sys-tems possible but are no longer with us The socio-technical implications are presumablynot clear yet Quite often in computer science and engineering it is possible to reach outto system designers directly in case a protocol detail or an interface parameter is not clearThis will be possible to a much lesser degree in the future while the technology determinesa greater part of our daily life


Wesley Allison Clark ( 2016) was involved in building one of the first transistorcomputers in the 1950s and in proposing connected internet message processors aspredecessor to the Internet Matti Makkonen ( 2015) helped to launch the short messageservice (SMS) as side product to 2G telephony which despite decreasing popularity due toIP-based chat and instant messaging is still used a lot accounting for 145 billion messagesin the UK alone in the year 2013 Bill Moggridge ( 2012) invented the first laptopthe GRiD Compass 1100 weighting 5 kg and thus made portable devices and mobilecomputing possible Dennis MacAlistair Ritchie ( 2011) co-developed the Unix operatingsystem whose successors run much of the Internet and cloud computing infrastructurenowadays as well as the programming language C Ilya Zhitomirskiy ( 2011) co-foundedthe decentralised social network Diaspora and helped in increasing the interest of users tomaintain control over their online activities and services Charlie Walton ( 2011) inventedthe ubiquitous wireless technology RFID used in badges for access control devices ine-tickets on shipping pallets in logistics and on product labels as theft protection

Appendix BResearch Focus

The content of the seven book chapters contains established albeit often recent knowl-edge Some readers may be interested in the challenges tackled by ongoing or recentlyconcluded research projects in which the authors had been involved Some of thesechallenges may be significant enough to let their solutions appear in such books inthe future In any case statements and results must be considered preliminary Theselected project results all of which were made possible by being funded with publicmoney from different German and European funding bodies bring innovations in thearea of wired and wireless network planning as well as cloud security and data servicemanagement

B1 CANDY Network Planning

High-performance fixed wireless and mobile communication networks have becomemore and more important for global corporations small and medium enterprises pub-lic organisations and universities The efficient and economic design of such net-works however remains a challenge and existing design tools only provide limitedand hardly integrated support Therefore the Computer-Aided Network Design Utility(CANDY) team propose a much more integrated design methodology with associ-ated tool support The project presents major conceptual and theoretical challenges asfollows

bull The project proposes an integrated design methodology forming a complete designworkflow It especially focuses on the combination of wired IEEE 8023-LAN andwireless network design (IEEE 80211 80216 802154)


317

318 Appendix B Research Focus

bull The project proposes a modern Network Design Markup Language (NDML) an XML-based notation that serves as a uniform way of representing all major network elements(active and passive) their detailed technical properties and their interconnections andrelated configuration issues As opposed to existing vendor-specific notations NDMLis based on open standards and enables interoperability and portability of networkdesigns

bull CANDY is a framework with a significant set of design tools This includes designeditors consistency checks transformation tools specific wireless network designtools and integration of existing simulation environments As a common notationNDML once again serves as the common glue for these tools

bull The novelty of the results is proven by a large number of publications conference pro-ceedings magazines and workshops The practical results have also been demonstratedsuccessfully at major exhibitions such as CeBIT Hannover 2007 2008 2011

The archived project website of CANDY is httpwwwinftu-dresdendeindexphpnode_id=1329amprefer_id=478ampID=100ampln=en Figure B1 summarises the main featuresof the software utility

Fig B1 Computer-aided network design utility ndash a project for network planning

Appendix B Research Focus 319

B2 FlexCloud Flexible Architectures for Cloud Computing

Within the FlexCloud project young investigators explored methods to give users moreflexible options overview and control methods as well as protection mechanisms forconnecting not just to the Internet but more specifically to cloud services One of the mainresults has been the -Box a virtual box to manage devices services contacts resourcesand other assets that each cloud participant would need or provide Figure B2 gives a high-level insight into the capabilities of the box by showing its demonstrator menu entriesAmong the main features have been a cloud control cockpit and a cloud storage integrator

B3 DaaMob Service Platform Data Service Management

DaaMob is a still ongoing project which envisions a distributed ecosystems of data sourcesdata hubs data aggregators and data consumers with predominantly mobile devices Datasources are sensors with varying protocols endpoints on the web or arbitrary serviceswhich deliver data items and data streams The data-centricity allows for novel designs

Fig B2 Background and menu of the -Box demonstrator


in the service management architecture and the service delivery framework including theexplicit spatial consideration of multiple related endpoints for accessing the data and thetemporal evolution of services Hence the DaaMob Service Platform is inherently reliableand resilient and therefore offers great benefits to applications which access the data Thearchitecture consists of a distributed data hub which brokers data sources taps and storesdata streams as needed and runs data processing code which exposes aggregated filteredor enriched data as virtual data source Developers subscribe to the data sources with orwithout guarantees defined in a service level agreement Applications which access thedata sources can then be widely deployed By keeping a connection to the distributedbroker failures of broker nodes or data sources can be mitigated with replicas or suitablealternatives respectively

Figure B3 shows the dashboard web interface used in the platform to track multipledata sources among them web feeds and physical sensors as services which involvessubscriptions and contributed value-added aggregation services An architectural featureof the dashboard is that it runs entirely on the client side as a web browser applicationA federated XMPP network is used to store and persist data including user preferencesand subscription lists XMPP chat rooms are also used to run conversations between thedata hubs and the applications in terms of service levels and guarantees The use of asession protocol allows for long-running negotiations and adjustments as well as real-

Fig B3 SensDash dashboard to track data sources including sensors as services


time signalling of any condition changes The data hubs in turn use the agreement metricsto pre-allocate sufficient compute storage and networking resources in order to meet thedefined goals They scale out on demand in case an application becomes popular generatesthousands of agreements and millions of data requests

The preliminary project website of DaaMob is httpserviceplatformorgprojectsdaamob

Appendix CAcronyms for Mobile and Wireless

Due to the heavy industrialisation and standardisation in the field of mobile and wirelesscommunication compared to other fields of distributed systems cloud and fog computingas well as services computing the relevant acronyms are again reflected here with anextended explanation

bull 1G Old-fashioned analog mobile phone systems capable of handling very limited orno data at all

bull 2G Second generation voice-centric mobile phones and services with limited data ratesranging from 96 to 192 kBits

bull 25G Interim hardware and software mobile solutions between 2G and 3G with voiceand data capabilities and data rates ranging from 56 to 170 kBits

bull 3G A long awaited digital mobile systems with a maximum data rate of 2 MBitsunder stationary conditions and 384 kBits under mobile conditions This technologyis capable of handling streaming video two way voice over IP and Internet connectivitywith support for high quality graphics

bull 3GPP Third Generation Partnership Project 3GPP is an industry body set up to developa 3G standard based upon wideband CDMA (WCDMA)

bull 3GPP2 Third Generation Partnership Project 2 3GPP2 is an industry standard set upto develop a 3G standard based upon CDMA-2000

bull 35G Interim systems between 3G and 4G allowing a downlink data rate up to14 MBits Sometimes it is also called as High Speed Downlink Packet Access(HSDPA)

bull 4G Evolution of 3G technology that provides support for data rates 100 MBits andmore allowing high quality and smooth video transmission


323

324 Appendix C Acronyms for Mobile and Wireless

bull 5G In evolutionary view it will be capable of supporting wwww allowing highlyflexible dynamic ad hoc wireless networks In revolutionary view this intelligenttechnology is capable of interconnecting the entire world without limits

bull Bluetooth It is a wireless networking protocol designed to replace cable networktechnology for devices within 30 feet Like IEEE 80211b Bluetooth also operates inunlicensed 24 GHz spectrum but it only supports data rates up to 1 MBits

bull CDMA Code Division Multiple Access also known as CDMA-ONE or IS-95 is aspread spectrum communication technology that allows many users to communicatesimultaneously using the same frequency spectrum Communication between users aredifferentiated by using a unique code for each user This method allows more users toshare the spectrum at the same time than alternative technologies

bull CDMA-2000 Sometimes also known as IS-136 and IMT-CDMA multicarrier (1X3X)is an evolution of narrowband radio transmission technology known as CDMA-ONE(also called CDMA or IS-95) to third generation 1X refers to the use of 125 MHzchannel while 3X refers to 5 MHz channel

bull EDGE Enhanced Data rates for Global Evolution technology gives GSM and TDMAthe capability to handle 3rd generation mobile phone services with speeds up to384 kBits Since it uses the TDMA infrastructure a smooth transition from TDMAbased systems such as GSM to EDGE is expected

bull GPRS General Packet Radio Service provides data rates upto 115 kBits for wirelessInternet and other types of data communications using packet data services

bull GSM Global Systems for Mobile Communication is a world-wide standard fordigital wireless mobile phone systems The standard was originated by the EuropeanConference of Postal and Telecommunications Administrations (CEPT) who wasresponsible for the creation of ETSI Currently ETSI is responsible for the developmentof GSM standard

bull Mobile phones Mobile communication systems that uses radio communication andconventional telephone switching to allow communication to and from mobile users

bull NGN NGMN New Generation (Mobile) Networks use new advanced mobile ser-vices and SOA (Service-oriented Architectures) NGNNGMN incorporate of all-IP-architectural changes in telecommunications and access networks of all types whichare integrated into an IoS (Internet of Services) On the other hand these networksare characterised via advanced QoS (Quality of Service) as well as high level of QoE(Quality of Experience) Typical for NGNNGMN is the deployment of more powerfulend devices advanced software solutions and operating systems efficient file systemsand middleware components The services in NGMN are frequently based on integratedmultimedia provider platforms

bull OFDMA Orthogonal Frequency-Division Multiple Access is a multi-user version ofthe popular orthogonal frequency-division multiplexing (OFDM) digital modulationscheme Multiple access is achieved in OFDMA by assigning subsets of subcarriers toindividual users ie OFDMA = OFDM assigning on demand

bull PSTN Public Switched Telephone Network is a regular voice telephone network


bull Spread Spectrum It is a form of wireless communication in which the frequency ofthe transmitted signal is deliberately varied over a wide range This results in a higherbandwidth of the signal than the one without varied frequency

bull TDMA Time Division Multiple Access is a technology for sharing a medium byseveral users by dividing into different time slots transmitting at the same frequency

bull UMTS Universal Mobile Telecommunications System is the third generation mobiletelephone standard in Europe that was proposed by ETSI

bull WAP Wireless Application Protocol defines the use of TCPIP and web browsing formobile systems

bull WCDMA Wideband CDMA is a technology for wideband digital radio communica-tions of multimedia and other capacity demanding applications It is adopted by ITUunder the name IMT-2000 direct spread

bull WWWW A world wide wireless web is capable of supporting a comprehensivewireless based web application that includes full graphics and multimedia capabilityat beyond 4G speeds

Appendix DRepetition and Control of Learning Progress

The seven chapters in this book have conveyed knowledge about diverse areas in servicessystems and telecommunications The utility of knowledge is in being applied to gainskills Therefore in this appendix a number of topics are repeated with control questionsThe choice is topics is not strictly bound to the chapters and is in fact sometimes cross-cutting through several consecutive chapters to promote the learning beyond pre-definedcategories and boxes

Reference solutions to these questions are not contained within this book They canhowever with some effort be retrieved from the publisherrsquos website as auxiliar electronicmaterial

D1 New Generation (Mobile) Networks

(a) What is meant with the term NG(M)N

1 New advanced services and SOA2 Advanced QoSQoE3 Deployment of more powerful end devices4 Deployment of advanced software solutions operating systems file systems and

middleware5 Deployment of integrated MM provider platforms6 All of these positions

(b) Which important NW technologies and development forums belong to theNGNNGMN Name their performance characteristics


327

328 Appendix D Repetition and Control of Learning Progress

(c) What is meant with the term IMS Discuss the advantages when using IMS

1 for a mobile network operator2 for a client company

D2 Periodisation of Computer Networks Phases I to IV Smart GridIoT and Fog Computing

(a) Characterise the four periods of the development of computer networks

(b) Why are energy-efficient methods and protocols of increasing importance nowadaysGive your definition of the concept of ldquosmart gridrdquo

(c) Describe in brief the most important network technologies for the support of SmartGrid

(d) Which Smart Grid models will be used in the medium term

(e) Elaborate on the differences between IoS and IoT

(f) Describe in brief the most important network technologies for the support of IoT

(g) What is Fog Computing

(h) Highlight the differences between Clouds and Fog Computing

D3 Architectural Transformation in Distributed Systems

Significant architectural transformations in network services and distributed systemscharacterise an ongoing trend

(a) Compare C-S and P2P architectures Give 2ndash3 examples for each one

(b) Discuss the architectural transformation in distributed systems What is clusteringWhich advantages does it bring Include a discussion of the increased complexity due tothe synchronisation and the conflict handling as disadvantage

(c) Which advanced architectures are based on C-S Introduce expressive examplesrelated to clusters and clouds

D4 Cloud Computing 329

(d) Summarise the advantages of using cloud technologies according to the NISTdefinition Discuss disadvantages such as the diversity in terms of data privacy andprotection aspects

D4 Cloud Computing

During the evolution of computer networks technologies there have been repeatedparadigms to reduce the functionality of workstations to a terminal (thin client) and totransparently outsource all processing functions into the network

(a) Define the term ldquoCloud computingrdquo

(b) Which cloud models concerning the delivered services are known to you Illustratethe differences between the concepts of SaaS PaaS and IaaS

(c) Describe the technology stack for cloud computing Which components belong intothe architecture of a cloud

(d) Beside the technical cloud stack it is possible to differentiate between differentorganisation forms of clouds with scenario-specific strengths and weaknesses Publicprivate hybrid community and personal clouds Compare the differences in the load andfunctionality distribution between cloud computing on the one hand and conventional ITvs SaaS vs PaaS vs IaaS on the other hand with an MS illustration

(e) Cloud computing implies difficult legal aspects between end users providers andfurther involved parties Comment on this statement concerning the aspects of data privacyand security

Table D1 Cloud functionalityand layers

Cloud scenario SaaS PaaS IaaS

1 Cloud backup

2 Data center

3 VM migration

4 Marketplace

5 High-performance clus-ter for parallel computing

6 SOA platform

7 Test environments

8 Frontend


(f) Demarcate the definition boundaries of clusters grids and clouds

(g) Assign to each cloud usage scenario in the first column of Table D1 the correct patternof cloud services in the second to fourth column In some cases a term may belong tomultiple columns

D5 Virtualisation Concepts

Virtualisation refers to methods which allow to combine or divide physical resources ina distributed system The primary goal is to present an abstraction view to the user toisolate him or her or any application from the actual hardware and software includingcomputational performance and memory availability

(a) A logical layer is introduced between the applications and the resources in order tohide the physical circumstances Create a sketch corresponding to this action

(b) Specify a classification of kinds of virtualisation What is hardware virtualisation andwhat is software virtualisation

(c) What is a VM Comment on the concept of VMM Which kinds of VMM exist Whatis server virtualisation

(d) Mention the advantages of virtualisation from an economic perspective

(e) Look at the following scenario In a company network with 30 computers there arethree different architectures

1 How many import and export routines have to be programmed and installed to facilitatea communication between all the systems

2 Which changes result from adding a 31st computer with a novel system architectureinto the network

3 Which advantages and disadvantages compared to 2 result from the use of a servervirtualisation

(f) What is software virtualisation How does it enable EAI

(g) Describe the areas of use and the functionality of OS containers

D7 Distributed Computing Parallel Computing and Acceleration Models 331

D6 Performance Characteristics of Digital ComputersPerformance Optimisation in Distributed Systems

Threads replication and caching are classic methods for improving the performance ofclientserver systems Describe them briefly

(a) Which additional methods can be used to increase the performance Identify themwith suitable examples

(b) Which seven important empirical rules about the performance optimisation ofclientserver systems are known to you

(c) How to organise a parallel execution with threads Create a sketch with a sampleexecution of statements

(d) How much time is saved when a parallelisation with N threads is enabled for a certainapplication Justify your answer How can the degree of parallelisation be increasedName the key performance indicators of digital computers

(e) Demarcate the terms of processor clock frequency MIPS and FLOPS Introduce anexample for each of the terms

D7 Distributed Computing Parallel Computing and AccelerationModels

Parallel computers have an increased working speed by their distribution of load acrossN available processors In order to fully utilise the complete performance of such aparallel computer the programming technique must be adapted accordingly A numberof languages techniques and programming interfaces are available for this challenge

(a) Which reference solutions for the parallel execution of applications do you knowCompare the features of OpenMP and MPI in this context

(b) Specify a definition for the term ldquoGridrdquo Classify the different types of grids

(c) What is the BOINC system Explain the functional principles of this grid

(d) Exemplify the differences betwen clusters grids and clouds

(e) Name the methods for optimising application performance


(f) Name performance acceleration models for parallel application Consider the laws ofAmdahl and Gustafson-Barsis

(g) The Amdahl law is based on a model of the acceleration of applications throughparallelisation Given are the time effort for one CPU T D 20 000 h Tp D 18 000 hCalculate the speedup factor An according to G M Amdahl and visualise the answer ina diagram

(h) Which changes in performance calculation result from explicitly considering thecommunication flows between threads

(i) Compare the speedup models for parallelised applications according to Amdahl andGustafson-Barsis Given are a number of CPUs in a cluster N D 100 The measuredacceleration A D 25 Calculate the sequential part e as well as the part p D 1 e for theparallelised application according to the metric of Karp-Flatt

D8 Towards 5G

About once per decade the user data rate in the mobile phone networks is increasingby a factor of 10 to 100 This tendency has been observed for quite a while since the1990s The fifth generation of mobile networks is a reference to the next important phaseof development following the notion of ldquoBeyond 4Grdquo and IMT Advanced Standards

(a) Which differences exist between 5G and its predecessors 3G and 4G What is IMS

(b) Elaborate on the role of MIMO and DIDO technologies

(c) Describe briefly the most important network technologies for the realisation of 5Gdeployments in the near future

(d) Characterise the interoperability between mobile networks (Beyond 4G) WLAN and6LowPAN

(e) What is IoT How does this concept correlate with the techniques 6LowPAN and 5G

D9 Security Aspects in NGN

Data privacy protocols play an important role in the electronic business due to their abilityto carry important data security mechanisms Among them are confidentiality integritymutual authentication and non-repudiability

Appendix D Repetition and Control of Learning Progress 333

(a) Define the two terms ldquoauthenticationrdquo and ldquoauthorisationrdquo properly without overlap

(b) Confidential CS communication between an online shop and an external paymentprovider needs to be secured

1 Describe the necessary procedure for a symmetric data encryption2 Now describe the modification of the procedure for an asymmetric data encryption3 Discuss the ldquoPrordquo and ldquoContrardquo of both the symmetric and the asymmetric crypto-

graphic technique4 Why and how should there be a combination of both

(c) What is the protocol SSL for Which sub-protocols are used by SSL

(d) Which important cryptographic standards are used by SSL What is the role of theX509 specification

(e) Describe the limits of SSL for use in web services Discuss the disadvantages

(f) Discuss the differences in the cryptographic protection of data communication withSSL and with VPNIPsec Elaborate on the role of the concept of fine-grained protection

(g) Specify a holistic classification or ordering of cryptorgraphic protocols for datasecurity in distributed systems aligned with the OSI reference model

(h) Discuss the hybrid solutions to SSLSET

(i) What are causes of security vulnerabilities in distributed systems How are those beingexploited by malware

(j) Mention solutions to the previous problems as they are known to you (AV-SW FW)Discuss these concepts concerning the suitability for distributed systems

(k) Explain the differences between capability models and access control lists Comparethese two concepts concerning the following

1 Implementation effort2 Suitability for large-scale systems with many clients3 Propagation and delegation of privileges among clients4 Removal of privileges

(l) A user of an online shop wants to order a couple of products During the course of theordering process the server side wants to check and confirm the identity of the user


1 Describe the authentication with symmetric encryption methods2 Now describe the same with asymmetric methods

(m) A user of an online shop wants to double-check on the integrity and the non-repudiability of the order

1 What is a digital signature2 How are the public and private keys used in combination with a digital signature3 How are message digests (extended checksums) created Characterise the properties of

hash functions4 Why is only the asymmetric encrpytion method suitable for a digital signature5 How many and which keys are needed for the hybrid symmetric and asymmetric

encryption when a digital signature should be generated at the same time Whichprotection goals are feasible in such a scenario

6 What is the meaning of certificate and on which occasions are they distributed Howare hierarchic CAs built Discuss them with the example of X509 Compare them withthe Kerberos method

D10 PGP and Steganography

Jointly with the steganographic methods cryptography offers a compelling combinationfor protecting data and hence information If the secret message is concealed and does notattract the attention as would be the case for obviously encrypted messages the applicationof secure steganography cannot be prosecuted anymore Therefore a ban on encryptionwould be practically void

(a) Discuss the assignment of the cryptographic protocols known to you to the layers inthe OSI reference model

(b) Which cryptographic techniques are used Which ones are integrated in PGP

(c) Which advantages are associated with the OpenPGP standard Which disadvantagesare implied by using PGP in the web of trust scheme

Already Herodot one of the first writers of history reported about 2500 years ago on theconcealment of messages by use of steganography Seemingly unused wax writing padscarried the message on wood underneath the wax surface Messages were also stitched offanimals which were brought by a messenger posing as hunter

(d) Give more historic examples for delivering steganographic messages


(e) Explain in which areas steganographic methods are used today Why is cryptographysometimes insufficient for these cases How is steganography an efficient alternative

(f) Classify steganographic techniques according to their carrier medium and the embed-ding scheme Clarify the differences to watermarks

(g) Explain the principles of the combination of steganographic and cryptographicmethods

Appendix EExample of a Written Exam to the DiscussedSubjects

This examination adds to the repetition questions and answers presented before It alsoserves as inspiration to lecturers who want to design a custom examination of about 45minutes The permissible tools would be all paper documents and books as well as a non-programmable calculator but no mobile devices notebooks or other electronic helpers 50points can be achieved in total

Note The reference solution to the exam is available as complementary digital-onlymaterial from the publisherrsquos website

Task 1 Architectural transformations (10 points) Nowadays the significant architec-tural transformations in network services and distributed systems have to be consideredThe processing persistency as well as application data are provided from multiple serversor peers

(a) Compare please C-S and P2P-architectures Specify 2ndash3 differences between themIntroduce your examples at least 2ndash3 to each architecture type (5 points)


337

338 Appendix E Example of a Written Exam to the Discussed Subjects

(b) Describe the current architectural transformations in distributed systems What isclustering what advantages does the method possess Discuss to the increasedcomplexity due to synchronisation and conflict handling as a disadvantage (5 points)

Task 2 Parallel computing (15 points) Parallel computers increase their workingspeed by distributing the available computational efforts to their N processors Theyare commonly found in data centres and in supercomputing sites (shown CHIC TUChemnitz) To determine the full capabilities of a parallel computer with N CPUs a classof acceleration models (speedup models) can be used

(a) Specify please the well-known performance factors of modern computersclustersgrids(2 points)

(b) Gustafson-Barsis Law is a speedup models about the acceleration of the programs viatheir parallelisation It was given the time span is required for a CPU T1 D 4000 hTp D 3800 h Compute please the speedup factor AN by Gustafson-Barsis NoticeN D 1 11 41 71 (7 points)

Calculate the efficiency EN N D 41 Compare please the speedup models forparallelised applications proposed by Amdahl and Gustafson-Barsis


(c) It was given the available CPU number in a cluster is N D 100 the measured speedupfactor A D 75 Compute please the sequential part e as well as the part p D 1 e forparallelised application by Karp-Flatt metrics (3 points)

In order to exploit the full power of a parallel computer with N CPUs theprogramming techniques must be adapted accordingly For this aim a diversity oflanguages methods and programming interfaces are available

(d) Specify the well-known programming techniques to parallel computing (at least 3)What distinguishing features do they have in comparison to the regular source codefor N D 1 increase by a factor of p (3 points)

Task 3 Virtualisation (15 points) Virtualisation addresses the software tools as wellthe methods which enable to summarise or split some available resources of a computeror network based on the concept of VM (virtual machines) The primary objective is toprovide the users with a special layer of abstraction (virtualisation layer) The virtualisationis able to isolate the users and his applications from the actual (hardware) technicalcircumstances

(a) Specify please four other cost benefits of resources virtualisation from the technicaland operational perspective (4 points)

bull Better load balancing for virtual machinesbull

bull

bull

bull


(b) A physical server (RAM of 128 GB and HDD capacity of 05 PB are fully available)in an mid-range enterprise supports 20 VMs with each RAM 4 GBHDD 8000 GB

How much capacity of a physical server is left (4 points)

bull RAM

bull HDD

(c) As managed servers (also virtualised) the specific hosts are titled which operatingsystem and software is constantly monitored and virtualised via a service provider(see the Table E1)

Which server types (s the list above) can be used as (virtual) managed servers ina mid-range enterprise in your opinion Please make complete the given placeholderlines below How much capacity resources should be left in this case (refer to ldquo(b)rdquo)(5 points)

bull VM RAM HDD

bull VM RAM HDD

bull VM RAM HDD

Table E1 Managed servers

AuthenticationserverRADIUS

Database server SQL Mail server (e-mailserver)SMTP MIMEPOP3 IMAP

File server Terminal server Name serverDNS

File transferFTP SFTP DHCP serverDHCPintranet IP NAT PAT undMobile IP

News serverNNTP

Chat serverIRC Game serverTCPIP Web serverHTTP HTTPSSOAP

Proxy serverVPN IPsecSNMP Intranet FW

Streaming serverSIPRTPcodecs

Domain serverbackupserver

Terminal serverRDP Time server (network timeprotocol server)NTP

etc


bull VM RAM HDD

bull VM RAM HDD

bull Resources left RAM HDD

(d) SDN What does this term mean Which SDN protocols and reference solutions doyou know (2 points)

Task 4 Cloud computing (10 points) One of the common definitions of the cloudsaccording to Amazon address the following patterns of existing cloud services SaaS PaaSIaaS

SaaS

PaaS

IaaS

RAIC-DP

Data Stripes A B C

A1

A2

A3

A4

Cloud 1 Cloud 2 Cloud 3

Provider = Public Domain

Cloud 4 Cloud n

Private

B4

B3

B2

B1 C1

C2

C3

C4 P4

P3

P2

P1 Q1

Q2

Q3

Q4

Network Storage

Parity Stripes


(a) To which type (SaaS PaaS IaaS) does belong a cloud-based storage Justify yourstatement (3 points)

(b) What is RAIC Discuss the benefits of mapping of traditional RAID structures tothe clouds based on the specified scenario briefly (referring to the picture below) (7points)

bull DP Double Paritybull

bull

bull

bull

Index

AAnonymous Computing 301

BBackup 110Blockchain 71

CCloud Computing 17 78 110Cluster Computing 17 201Collaboration 73Communication 211 222 238Coordination 38Cryptography 253

DData Centre 136 155Database 30Distributed Computing 45

EE-Commerce 14Energy Efficiency 9 153 177

FFog Computing 184 204

GGreen IT 8 136Grid Computing 19

IInteroperability 233

MMicrocontroller 194Mobile Computing 125 211Modulation 238Multi-Threading 24 28

NNetwork 105 158 177 211 229 259

OOperation 97

PParallel Computing 45Peer-to-Peer Computing 19Performance 48Planning 177Protection Goal 248Protocol 82 85 261

QQuality 86 237

SSatellite 215Secure Computing 248 279Service Platform 86


343

344 Index

Service-Oriented Architecture 15Smart Grid 7 138Social Network 73Storage 110

TTrade-off 62Transaction 26

VVirtualisation 92Volunteer Computing 66

WWeb Application 14 279Web Service 15 82 258

Preface

About the Book


Acknowledgement

About the Authors



Contents

1 Periodisation of Network Service Development

References

2 Architectural Transformations in Distributed Systems








28 Conclusions

References

3 Evolution of Clustering and Parallel Computing

31 Clustering and Grids Performance Parameters and Basic Models






37 Conclusions

References

4 Cloud Computing Virtualisation Storage and Networking










46 Conclusions

References

5 Smart Grid Internet of Things and Fog Computing

51 Smart Grid as Integration Technology for the Networks of Energy Supply and Telecommunication



513 Case Study A CAD Toolset for the Design of Energy-Efficient Combined Networks





524 Fog Computing

53 Conclusions

References

6 Future Mobile Communication From 4G To 5G 5G EnablingTechniques


611 LTE Networks







63 Conclusions

References

7 Security in Distributed Systems




722 Encryption

723 Steganography


725 Anonymisation


73 Security Layers







75 Firewalls


761 Technological Aspects of Data Security Guaranteeing Web Systems







79 Conclusions

References

Appendix A Selected Originators and Designers of Distributed Systems

A1 Edgar Frank ``Ted Codd

A2 Tom De Marco

A3 Grady Booch

A4 James Gosling


A6 Tim O`Reilly


A8 Sergey Brin



Appendix B Research Focus




Appendix C Acronyms for Mobile and Wireless

Appendix D Repetition and Control of Learning Progress


D2 Periodisation of Computer Networks Phases I to IV Smart Grid IoT and Fog Computing


D4 Cloud Computing


D6 Performance Characteristics of Digital Computers Performance Optimisation in Distributed Systems

D7 Distributed Computing Parallel Computing and Acceleration Models

D8 Towards 5G



Appendix E Example of a Written Exam to the Discussed Subjects

Index

Architectural Transformations in NetworkServices and Distributed Systems










H

To our caring wives

Preface

About the Book




vii

viii Preface








Preface ix









x Preface





Acknowledgement



xi

About the Authors




xiii





















xvii

















166 197 208











Contents






xxi

xxii Contents
















Contents xxiii












xxiv Contents





Index 343


Keywords





1
















QoS QoSmin










ties


































References







References 11






Keywords






13


































































































T D A1 A2 A3 (21)














































Codd










Fig

21

9(a

)R

elat

ions

tabl

eldquoe

mpl

oyee

sby

depa

rtm

ents

rdquo(l

ocal

DB

)(b

)H

oriz

onta

l(lin

e-w

ise)

deco

mpo

sitio

n(f

ragm

enta

tion

bytu

ples

)(c

)Ve

rtic

al(c

olum

n-w

ise)

deco

mpo

sitio

n(f

ragm

enta

tion

byat

trib

ute

subs

ets)

DD

Bde

com

posi

tion

via

frag

men

tatio

n












bull Steps














(2PL))














DB MegaStore (2011)








































28 Conclusions 43











10 ms or more


28 Conclusions




References









Keywords







45






























2006 AMD Athlon FX60 18938 26


2011 ARM Cortex-A15 35000 25

2011 AMD FX-8150 108890 36

2011 Intel Core i7 2600K 128300 34

2015 AMD A12 Pro-8800B gt150000 34




P D f n1 I n2 (31)











An DT1

Tn En D 100

An

n(32)



T D s fnot showng

T D s C p fag

T D s Cp

nfbg

T D s Cp

nC k n fcg

e D 1 p

(33)

s1

s1

s1 K K

s2

s2




p1 p2 p3

p3

p3

p2

p1

p2

p1

s2





T D 1

1 1 p C p

An D1

1 p C pn

1

1 p

Amax D1

1 p

Ank D1

1 p C pn C k n

(34)






1 D 1 p C p (35)


25

25

20

15

10

5

0

Threads n

Speedup A(np)

0 100 200 300 400 500

p=05

p=05 p=075 p=09 p=095 p=08

En100

2

15

1

05

00 100 200 300

Threads n

400 500



Ts D 1 pTp C pTpn



p = 80 n = 11 CPUs A11 = 1 C 08 (11 1) = 9

n = 31 CPUs A31 = 1 C 08 (31 1) = 25

n = 71 CPUs A71 = 1 C 08 (71 1) = 57

n = 101 CPUs A101 = 1 C 08 (101 1) = 81










T1 D Ts C Tp e DTS

T1

T1 D eT1 C 1 eT1I

TN D Ts C1

NTpI

TN D eT1 C1

NT1 eT1I

A DT1

TN Y D

1

AD

TN

T1I

1

AD Y D e C

1

N1 e

A D Œe C1

N1 e1

(37)


1

AD e1

1

N C

1

NI

e1 1

N D

1

A

1

NI

e DŒ 1

A 1N

Œ1 1N

D 1 p

(38)









An gt 1

eAn n D 1 p

D

1An

1n

1 1n

p D1 1

An

1 1n

DAn 1

An Ann

DAn 1

An En100

(39)















1 An Dp








Logarithmic Law

5 An D 11pC

pn


6 An D1

1pCpn Ckn

05 p 0999 k 104 105


7 An D 2n D 70 =r



8 An D


9 An gt 1eAn n D 1p










An DT1

TnD n˛ T1 D 8021s ˛ 095 (310)



K20x GPUs





1 8021 10

2 4163 19

5 1749 46

10 908 88

20 471 170

30 321 250

55 181 443

70 144 557










3386 2605


1759 1353


9 692

















VM VM VM VM

VMM


Cloud Computing

On-board μ-Nodes

Fog Computing


Trade-offs



Raspberry Pi

μ

μ

μ

μμ

μ

ArduinoIntel Edison

VM VM


















































Legend

Project Back-end


ProjectScience



BOINC Software

BOINC Manager


BOINCDatabase


Participant

ProjectDatabase

Science Application

API


DataServer(s)

SchedulingServer(s)

Web Server

BOINC Web Pages

Project Web Pages
















current difficulty

232

hashrate(312)



Jul1

1


Price

Oct

11

0k5k10k

15k

20k

25k

30k

Jan

12A

pr1

2Ju

l12

Oct

12

Jan

13A

pr1

3Ju

l13

Oct

13

Jan

14A

pr1

4Ju

l14

Oct

14

Jan

15A

pr1

5Ju

l15

Oct

15

0 U

SD

0G

200

US

D 1

G

400

US

D 2

0G

600

US

D 3

0G

800

US

D 4

0G

1000

US

D 5

0G

1200

US

D 6

0G

Fig

32

0D

evel

opm

ento

fB

itcoi

npr

ofita

bilit

yov

ertim

e(S

ourc

eco

inpl

orer

com

)














37 Conclusions


References 75


References
































Keywords




77

























Access via Internet


Hybrid Cloud








Data + + Data




OS OS OS OS

























































































































VM per VC 10000 10000




























































to the picture)



















Natural phenomena

Hurricanes 1

Fire 6

Water 8

Short-circuit 16

Lightning stroke 17


Human factor

Usage faults 25

Stealing 10


















Several years Low










Platform Provider



























Freeware


Freeware


Freeware



About 1100


About 500






Unix-Distributions


GNU LGPL v2


GNU AGPL v3


BSD-style




Region ofstorage



Amazon CloudDrive







HighSecurityBackup
























App Services















V D n 1Vmin (41)





V D 4 1 500 GByte

D 1500 GByte(42)










P1 D XORA1 B1 C1

P2 D XORA2 B2 C2

P3 D XORA3 B3 C3

Q1 D XORP1 A2 B3 0

Q2 D XORP2 A3 0 C1

Q3 D XORP3 0 B1 C2

Q4 D XOR0 A1 B2 C3

(43)


n 5netto

brutto

n 2
































AONT-RS n = 3 33 33



















References 131







sation

46 Conclusions


References


























References 133











Keywords





135















































16

14

12

0

8

6

4

2

02000

TW

hye

ar

2001

398 TWh

101 TWh

97 TWh

60 TWh

93 TWh

142 TWh

2002 2003


2004 2005 2006 2007 2008 2009 2010 2011 2012


2013 2014 2015





[TWh] [PJ]

1991 5396 32 146 13

2000 5796 66 144 29

2005 6141 102 146 53

2009 5813 163 135 89

2015 600 326 133 125







1 TWh D 03 PJ (51)





















PortalUsers



TechnicalServices

Standardized

Middleware

Proprietary


VirtualTools

NW

NW



MonitoringAC Energy

SupplyNWTelco

Metering

Metering

Metering

AC

AC

AU

AU

Consumers1

2

3

4








































4400 kVA










ITequipmentenergyD

totalpower

ITpower(53)





MaxPUE^

QoS Constraints_












H D 17500 D 4445 mm D 1 U

W D 1900 D 482 6 mm

D D 600 800 900 mm

(55)



Pa D cmmmdTs

dtC PtI Pt D

SCTs Tw

RTI RT D

lmT

mT(56)






Pa D Pt DSCTs TwmT

lmT (57)









2

28

26

24

22

2

18

16

14

12

110 15 20 25 30 35 40 45 50

P = 500 WP = 400 WP = 300 WP = 200 WP = 100 W P = 500 W

P = 400 WP = 300 WP = 200 WP = 100 W

P = 500 WP = 400 WP = 300 WP = 200 WP = 100 W

PUE1 rel unit

PUEΣ rel unit

PUE2 rel unit

15

110 15 20 25 30 35 40

3

28

26

24

22

2

18

16

14

1210 15 20 25 30 35 40 45 50

45 50litermin

vel litermin

vel

litermin

vel

a b

c





































Security ndash AES









































minTTL D ˛ıq


























Y Y

X X

Surviving nodes []


14000

100

50

700 1050350


a

b











































Sensor

House 2

House 1

McDonalds

USB hub

Ethernet switch

House 3 Plant

D

D

D

D

D

D

RailwayStation

KB

KB

KB

KB

KB


KB Keyboard

D Display

House 4

LED

Ventilator

KB

USBsupply


EthernetUSB

Wind

Weather

a

b















Intel CA 2014









ndash



Wi-Fi Bluetooth

Operating sys-tem


Linux

Look

Board or pod ndash

approximateprice

20 19ndash30 ndash
































Access viaCANDY Web


FE

1

2

3

4

5

6

7

DB

Project Data


Cost Bill

NDML

Environment

T

T





















acce

ss to

a c

ompu

ter c

lust

er

star

ting

a re

mot

e jo

b

pick

up o

f the

resu

lts

from

com

putin

g cl

uste

r

a w

ired

part

SC

S

traci

ng fo

r Eth

erne

t LA

N

perfo

rman

ce s

imul

atio

na

NM

DL

repo

rt

a C

AD

-con

form

ifcX

ML

desc

riptio

n of

a b

uild

ing

a w

irele

ss p

art

envi

ronm

ent a

ttenu

atio

n

topo

logy

edi

tor

ifcX

ML

data

impo

rtnetw

ork

desc

riptio

n vi

a N

DM

L

a cf

gi

bd

eh

Fig

53

4D

esig

nro

utin

esm

odel

san

dto

ols

(a)

Topo

logy

edito

r(b

)N

etw

ork

desc

ript

ion

via

ND

ML

(c)

ifcX

ML

data

impo

rt(

d)A

CA

D-c

onfir

mif

cXM

Lde

scri

ptio

nof

abu

ildin

g(e

)A

wir

edpa

rt

SCS

trac

ing

for

Eth

erne

tL

AN

(f

)A

wir

eles

spa

rt

envi

ronm

ent

atte

nuat

ion

(g)

perf

orm

ance

sim

ulat

ion

aN

MD

Lre

port

(h)

acce

ssto

aco

mpu

ter

clus

ter

star

ting

are

mot

ejo

b(i

)pi

ckup

ofth

ere

sults

from

MA

RS

mul

ti-co

resu

perc

ompu

ter








CloudComputing

2005-2010Amazone MS

Smart Grid

1999Auto-IDMIT











































































CPU 700 MHz ARM


Codecs H264 MPEG-2





5 W 500 mA 25 W 5 W 700 mA 35 W












distributions











































114y D 174 (510)


MTBFserial D1

1MTBF1

C 1MTBF2

C C MTTRMTBF1MTBF2

(511)


MTBFserial D1

8MTBF C 24

8MTBF

D 9090909 h (512)










524 Fog Computing




















AES+RSA+PKI


53 Conclusions


53 Conclusions 207

Fig

55

2Fo

gco

mpu

ting

plat

form

and

appl

icat

ions

with

clou

dco

nnec

tivity

(Fro

m[4

6])








References 209

References






































Keywords






211







1013 kms or4700











611 LTE Networks














Korea 186 MBits

USA 65 MBits



















Angular frequency

D 2 f T D1

fD

2

(61)



FG DMm

R2(62)

By Newton

FG D gm (63)

Therefore

g DyM

R2(64)


M D gR2I FGr DMm

r2D gm

R

r

2

(65)


r D R C h (66)


FG D mg

R

r

2

D mr2 D FZ (67)




a DgR2

42D const a D

r3

T2(68)


r D3

sgR2

2 f 2(69)



r D 6370 km C 35786 km D 42156 km (610)










775ndash800 km



48ndash576 kbits

EmailsTelephony










700 km 288m=120 kg

286ndash291 GHz




780 km 66 (+6) ndash 24 48 kbits




D2 h

cD

2 35786 km

300 000 kms

D 0239 s (611)











Transmittingpower W

10 5 1





15 10 5ndash8























3G UMTSUTRAFDD


UMTSUTRATDD






1 Gbits







obtained
























Automation

loT

Big Data andHPC

OperatingSystems




SoftwareEngineering

Databases



Storages

CommunicationTheory

AntennasRF and










2010 2011 2012


Rel 10 Rel 11

LTE-Advanced


LTE-B LTE-C

3GPP

ITU



2013 2014 2015 2016 2017 2018 2019 2020 2021

Time

5G






F in GHz

Europe

300 150

02 025 05 10 2 3 4 6 810 20 40 60 100

IR UV

60


30 15 75 5 3 15 075 05 03 000005λ in cm











4G 5G







Telepresence















Telepresence































Service

8K UHDgt 100 users

Hologram

AR VR


E2E NW Latencyl

l Cell Throughput

lt 5 ms

gt 100 GBits





Parameters Values




E2E latency 5 ms

Air latency 1 ms















Expenditures 100

(612)











Wirelessbackhaul

No cell boundary


Increaseddensity




9

8

7

6250

5

4

3

2

Avg

sp

ectr

al e

ffic

ien

cy (

bp

sH

z)

1

0


Rel10[1] (842)[2] (841) (842) (841)




Sub-Arrays(K=2)
















63 Conclusions


References






Nano-Core

References 245













Keywords





247

































































722 Encryption














Commonsecret key K

p g a b

1 13 2 5 7 7

2 23 5 6 15 2

3 11 4 3 5 1












723 Steganography








725 Anonymisation







73 Security Layers



































3fa01d







User open key










Network IP














(Mobile)client

providers

Internet

VPN server

Firm network



Applications






The differences are











75 Firewalls




5ndash7)


75 Firewalls 269















75 Firewalls 271



PF CR AG SIF NG




x


x x x




x x


9 Anti-phishing x x


x x


x x

12 DMZ x x



x x x



x x


x




s

21 SDN s


s


s












75 Firewalls 273












75 Firewalls 275










CertainCIDNexamples

Topologytype


AttA1ndashA4

AttA5ndashA9

Privacy Anony-mity





R R A A





75 Firewalls 277
























User

1

3

2ClientMana-gement



Data Security



3 ndash Reservation


BackOffice










SSL-Header





bull Performance










Encryption

Appending of header


Compressed

Abbreviations

Application Data

F F

MAC

Cipher

H

F

























Contract law x x


x





x








tition)















F A D D



F F F F


Other A A A A














no data available

domestic controls



































































Or another example








































tion)






















bull TORbull JAP













79 Conclusions


References 307

References






























309





A2 Tom De Marco



A3 Grady Booch






A4 James Gosling





Web (1990)



Southampton

A6 Tim OlsquoReilly








A8 Sergey Brin

















317































323





























327




















D4 Cloud Computing









1 Cloud backup

2 Data center

3 VM migration

4 Marketplace


6 SOA platform

7 Test environments

8 Frontend




































D8 Towards 5G

















































337














bull

bull

bull




bull RAM

bull HDD



bull VM RAM HDD

bull VM RAM HDD

bull VM RAM HDD






News serverNNTP






etc


bull VM RAM HDD

bull VM RAM HDD




SaaS

PaaS

IaaS

RAIC-DP

Data Stripes A B C

A1

A2

A3

A4



Cloud 4 Cloud n

Private

B4

B3

B2

B1 C1

C2

C3

C4 P4

P3

P2

P1 Q1

Q2

Q3

Q4

Network Storage

Parity Stripes





bull

bull

bull

Index










NNetwork 105 158 177 211 229 259

OOperation 97


QQuality 86 237



343

344 Index





Preface

About the Book


Acknowledgement

About the Authors



Contents


References









28 Conclusions

References








37 Conclusions

References











46 Conclusions

References










524 Fog Computing

53 Conclusions

References



611 LTE Networks







63 Conclusions

References





722 Encryption

723 Steganography


725 Anonymisation


73 Security Layers







75 Firewalls









79 Conclusions

References



A2 Tom De Marco

A3 Grady Booch

A4 James Gosling


A6 Tim O`Reilly


A8 Sergey Brin












D4 Cloud Computing




D8 Towards 5G




Index










H

To our caring wives

Preface

About the Book




vii

viii Preface








Preface ix









x Preface





Acknowledgement



xi

About the Authors




xiii





















xvii

















166 197 208











Contents






xxi

xxii Contents
















Contents xxiii












xxiv Contents





Index 343


Keywords





1
















QoS QoSmin










ties


































References







References 11






Keywords






13


































































































T D A1 A2 A3 (21)














































Codd










Fig

21

9(a

)R

elat

ions

tabl

eldquoe

mpl

oyee

sby

depa

rtm

ents

rdquo(l

ocal

DB

)(b

)H

oriz

onta

l(lin

e-w

ise)

deco

mpo

sitio

n(f

ragm

enta

tion

bytu

ples

)(c

)Ve

rtic

al(c

olum

n-w

ise)

deco

mpo

sitio

n(f

ragm

enta

tion

byat

trib

ute

subs

ets)

DD

Bde

com

posi

tion

via

frag

men

tatio

n












bull Steps














(2PL))














DB MegaStore (2011)








































28 Conclusions 43











10 ms or more


28 Conclusions




References









Keywords







45






























2006 AMD Athlon FX60 18938 26


2011 ARM Cortex-A15 35000 25

2011 AMD FX-8150 108890 36

2011 Intel Core i7 2600K 128300 34

2015 AMD A12 Pro-8800B gt150000 34




P D f n1 I n2 (31)











An DT1

Tn En D 100

An

n(32)



T D s fnot showng

T D s C p fag

T D s Cp

nfbg

T D s Cp

nC k n fcg

e D 1 p

(33)

s1

s1

s1 K K

s2

s2




p1 p2 p3

p3

p3

p2

p1

p2

p1

s2





T D 1

1 1 p C p

An D1

1 p C pn

1

1 p

Amax D1

1 p

Ank D1

1 p C pn C k n

(34)






1 D 1 p C p (35)


25

25

20

15

10

5

0

Threads n

Speedup A(np)

0 100 200 300 400 500

p=05

p=05 p=075 p=09 p=095 p=08

En100

2

15

1

05

00 100 200 300

Threads n

400 500



Ts D 1 pTp C pTpn



p = 80 n = 11 CPUs A11 = 1 C 08 (11 1) = 9

n = 31 CPUs A31 = 1 C 08 (31 1) = 25

n = 71 CPUs A71 = 1 C 08 (71 1) = 57

n = 101 CPUs A101 = 1 C 08 (101 1) = 81










T1 D Ts C Tp e DTS

T1

T1 D eT1 C 1 eT1I

TN D Ts C1

NTpI

TN D eT1 C1

NT1 eT1I

A DT1

TN Y D

1

AD

TN

T1I

1

AD Y D e C

1

N1 e

A D Œe C1

N1 e1

(37)


1

AD e1

1

N C

1

NI

e1 1

N D

1

A

1

NI

e DŒ 1

A 1N

Œ1 1N

D 1 p

(38)









An gt 1

eAn n D 1 p

D

1An

1n

1 1n

p D1 1

An

1 1n

DAn 1

An Ann

DAn 1

An En100

(39)















1 An Dp








Logarithmic Law

5 An D 11pC

pn


6 An D1

1pCpn Ckn

05 p 0999 k 104 105


7 An D 2n D 70 =r



8 An D


9 An gt 1eAn n D 1p










An DT1

TnD n˛ T1 D 8021s ˛ 095 (310)



K20x GPUs





1 8021 10

2 4163 19

5 1749 46

10 908 88

20 471 170

30 321 250

55 181 443

70 144 557










3386 2605


1759 1353


9 692

















VM VM VM VM

VMM


Cloud Computing

On-board μ-Nodes

Fog Computing


Trade-offs



Raspberry Pi

μ

μ

μ

μμ

μ

ArduinoIntel Edison

VM VM


















































Legend

Project Back-end


ProjectScience



BOINC Software

BOINC Manager


BOINCDatabase


Participant

ProjectDatabase

Science Application

API


DataServer(s)

SchedulingServer(s)

Web Server

BOINC Web Pages

Project Web Pages
















current difficulty

232

hashrate(312)



Jul1

1


Price

Oct

11

0k5k10k

15k

20k

25k

30k

Jan

12A

pr1

2Ju

l12

Oct

12

Jan

13A

pr1

3Ju

l13

Oct

13

Jan

14A

pr1

4Ju

l14

Oct

14

Jan

15A

pr1

5Ju

l15

Oct

15

0 U

SD

0G

200

US

D 1

G

400

US

D 2

0G

600

US

D 3

0G

800

US

D 4

0G

1000

US

D 5

0G

1200

US

D 6

0G

Fig

32

0D

evel

opm

ento

fB

itcoi

npr

ofita

bilit

yov

ertim

e(S

ourc

eco

inpl

orer

com

)














37 Conclusions


References 75


References
































Keywords




77

























Access via Internet


Hybrid Cloud








Data + + Data




OS OS OS OS

























































































































VM per VC 10000 10000




























































to the picture)



















Natural phenomena

Hurricanes 1

Fire 6

Water 8

Short-circuit 16

Lightning stroke 17


Human factor

Usage faults 25

Stealing 10


















Several years Low










Platform Provider



























Freeware


Freeware


Freeware



About 1100


About 500






Unix-Distributions


GNU LGPL v2


GNU AGPL v3


BSD-style




Region ofstorage



Amazon CloudDrive







HighSecurityBackup
























App Services















V D n 1Vmin (41)





V D 4 1 500 GByte

D 1500 GByte(42)










P1 D XORA1 B1 C1

P2 D XORA2 B2 C2

P3 D XORA3 B3 C3

Q1 D XORP1 A2 B3 0

Q2 D XORP2 A3 0 C1

Q3 D XORP3 0 B1 C2

Q4 D XOR0 A1 B2 C3

(43)


n 5netto

brutto

n 2
































AONT-RS n = 3 33 33



















References 131







sation

46 Conclusions


References


























References 133











Keywords





135















































16

14

12

0

8

6

4

2

02000

TW

hye

ar

2001

398 TWh

101 TWh

97 TWh

60 TWh

93 TWh

142 TWh

2002 2003


2004 2005 2006 2007 2008 2009 2010 2011 2012


2013 2014 2015





[TWh] [PJ]

1991 5396 32 146 13

2000 5796 66 144 29

2005 6141 102 146 53

2009 5813 163 135 89

2015 600 326 133 125







1 TWh D 03 PJ (51)





















PortalUsers



TechnicalServices

Standardized

Middleware

Proprietary


VirtualTools

NW

NW



MonitoringAC Energy

SupplyNWTelco

Metering

Metering

Metering

AC

AC

AU

AU

Consumers1

2

3

4








































4400 kVA










ITequipmentenergyD

totalpower

ITpower(53)





MaxPUE^

QoS Constraints_












H D 17500 D 4445 mm D 1 U

W D 1900 D 482 6 mm

D D 600 800 900 mm

(55)



Pa D cmmmdTs

dtC PtI Pt D

SCTs Tw

RTI RT D

lmT

mT(56)






Pa D Pt DSCTs TwmT

lmT (57)









2

28

26

24

22

2

18

16

14

12

110 15 20 25 30 35 40 45 50

P = 500 WP = 400 WP = 300 WP = 200 WP = 100 W P = 500 W

P = 400 WP = 300 WP = 200 WP = 100 W

P = 500 WP = 400 WP = 300 WP = 200 WP = 100 W

PUE1 rel unit

PUEΣ rel unit

PUE2 rel unit

15

110 15 20 25 30 35 40

3

28

26

24

22

2

18

16

14

1210 15 20 25 30 35 40 45 50

45 50litermin

vel litermin

vel

litermin

vel

a b

c





































Security ndash AES









































minTTL D ˛ıq


























Y Y

X X

Surviving nodes []


14000

100

50

700 1050350


a

b











































Sensor

House 2

House 1

McDonalds

USB hub

Ethernet switch

House 3 Plant

D

D

D

D

D

D

RailwayStation

KB

KB

KB

KB

KB


KB Keyboard

D Display

House 4

LED

Ventilator

KB

USBsupply


EthernetUSB

Wind

Weather

a

b















Intel CA 2014









ndash



Wi-Fi Bluetooth

Operating sys-tem


Linux

Look

Board or pod ndash

approximateprice

20 19ndash30 ndash
































Access viaCANDY Web


FE

1

2

3

4

5

6

7

DB

Project Data


Cost Bill

NDML

Environment

T

T





















acce

ss to

a c

ompu

ter c

lust

er

star

ting

a re

mot

e jo

b

pick

up o

f the

resu

lts

from

com

putin

g cl

uste

r

a w

ired

part

SC

S

traci

ng fo

r Eth

erne

t LA

N

perfo

rman

ce s

imul

atio

na

NM

DL

repo

rt

a C

AD

-con

form

ifcX

ML

desc

riptio

n of

a b

uild

ing

a w

irele

ss p

art

envi

ronm

ent a

ttenu

atio

n

topo

logy

edi

tor

ifcX

ML

data

impo

rtnetw

ork

desc

riptio

n vi

a N

DM

L

a cf

gi

bd

eh

Fig

53

4D

esig

nro

utin

esm

odel

san

dto

ols

(a)

Topo

logy

edito

r(b

)N

etw

ork

desc

ript

ion

via

ND

ML

(c)

ifcX

ML

data

impo

rt(

d)A

CA

D-c

onfir

mif

cXM

Lde

scri

ptio

nof

abu

ildin

g(e

)A

wir

edpa

rt

SCS

trac

ing

for

Eth

erne

tL

AN

(f

)A

wir

eles

spa

rt

envi

ronm

ent

atte

nuat

ion

(g)

perf

orm

ance

sim

ulat

ion

aN

MD

Lre

port

(h)

acce

ssto

aco

mpu

ter

clus

ter

star

ting

are

mot

ejo

b(i

)pi

ckup

ofth

ere

sults

from

MA

RS

mul

ti-co

resu

perc

ompu

ter








CloudComputing

2005-2010Amazone MS

Smart Grid

1999Auto-IDMIT











































































CPU 700 MHz ARM


Codecs H264 MPEG-2





5 W 500 mA 25 W 5 W 700 mA 35 W












distributions











































114y D 174 (510)


MTBFserial D1

1MTBF1

C 1MTBF2

C C MTTRMTBF1MTBF2

(511)


MTBFserial D1

8MTBF C 24

8MTBF

D 9090909 h (512)










524 Fog Computing




















AES+RSA+PKI


53 Conclusions


53 Conclusions 207

Fig

55

2Fo

gco

mpu

ting

plat

form

and

appl

icat

ions

with

clou

dco

nnec

tivity

(Fro

m[4

6])








References 209

References






































Keywords






211







1013 kms or4700











611 LTE Networks














Korea 186 MBits

USA 65 MBits



















Angular frequency

D 2 f T D1

fD

2

(61)



FG DMm

R2(62)

By Newton

FG D gm (63)

Therefore

g DyM

R2(64)


M D gR2I FGr DMm

r2D gm

R

r

2

(65)


r D R C h (66)


FG D mg

R

r

2

D mr2 D FZ (67)




a DgR2

42D const a D

r3

T2(68)


r D3

sgR2

2 f 2(69)



r D 6370 km C 35786 km D 42156 km (610)










775ndash800 km



48ndash576 kbits

EmailsTelephony










700 km 288m=120 kg

286ndash291 GHz




780 km 66 (+6) ndash 24 48 kbits




D2 h

cD

2 35786 km

300 000 kms

D 0239 s (611)











Transmittingpower W

10 5 1





15 10 5ndash8























3G UMTSUTRAFDD


UMTSUTRATDD






1 Gbits







obtained
























Automation

loT

Big Data andHPC

OperatingSystems




SoftwareEngineering

Databases



Storages

CommunicationTheory

AntennasRF and










2010 2011 2012


Rel 10 Rel 11

LTE-Advanced


LTE-B LTE-C

3GPP

ITU



2013 2014 2015 2016 2017 2018 2019 2020 2021

Time

5G






F in GHz

Europe

300 150

02 025 05 10 2 3 4 6 810 20 40 60 100

IR UV

60


30 15 75 5 3 15 075 05 03 000005λ in cm











4G 5G







Telepresence















Telepresence































Service

8K UHDgt 100 users

Hologram

AR VR


E2E NW Latencyl

l Cell Throughput

lt 5 ms

gt 100 GBits





Parameters Values




E2E latency 5 ms

Air latency 1 ms















Expenditures 100

(612)











Wirelessbackhaul

No cell boundary


Increaseddensity




9

8

7

6250

5

4

3

2

Avg

sp

ectr

al e

ffic

ien

cy (

bp

sH

z)

1

0


Rel10[1] (842)[2] (841) (842) (841)




Sub-Arrays(K=2)
















63 Conclusions


References






Nano-Core

References 245













Keywords





247

































































722 Encryption














Commonsecret key K

p g a b

1 13 2 5 7 7

2 23 5 6 15 2

3 11 4 3 5 1












723 Steganography








725 Anonymisation







73 Security Layers



































3fa01d







User open key










Network IP














(Mobile)client

providers

Internet

VPN server

Firm network



Applications






The differences are











75 Firewalls




5ndash7)


75 Firewalls 269















75 Firewalls 271



PF CR AG SIF NG




x


x x x




x x


9 Anti-phishing x x


x x


x x

12 DMZ x x



x x x



x x


x




s

21 SDN s


s


s












75 Firewalls 273












75 Firewalls 275










CertainCIDNexamples

Topologytype


AttA1ndashA4

AttA5ndashA9

Privacy Anony-mity





R R A A





75 Firewalls 277
























User

1

3

2ClientMana-gement



Data Security



3 ndash Reservation


BackOffice










SSL-Header





bull Performance










Encryption

Appending of header


Compressed

Abbreviations

Application Data

F F

MAC

Cipher

H

F

























Contract law x x


x





x








tition)















F A D D



F F F F


Other A A A A














no data available

domestic controls



































































Or another example








































tion)






















bull TORbull JAP













79 Conclusions


References 307

References






























309





A2 Tom De Marco



A3 Grady Booch






A4 James Gosling





Web (1990)



Southampton

A6 Tim OlsquoReilly








A8 Sergey Brin

















317































323





























327




















D4 Cloud Computing









1 Cloud backup

2 Data center

3 VM migration

4 Marketplace


6 SOA platform

7 Test environments

8 Frontend




































D8 Towards 5G

















































337














bull

bull

bull




bull RAM

bull HDD



bull VM RAM HDD

bull VM RAM HDD

bull VM RAM HDD






News serverNNTP






etc


bull VM RAM HDD

bull VM RAM HDD




SaaS

PaaS

IaaS

RAIC-DP

Data Stripes A B C

A1

A2

A3

A4



Cloud 4 Cloud n

Private

B4

B3

B2

B1 C1

C2

C3

C4 P4

P3

P2

P1 Q1

Q2

Q3

Q4

Network Storage

Parity Stripes





bull

bull

bull

Index










NNetwork 105 158 177 211 229 259

OOperation 97


QQuality 86 237



343

344 Index





Preface

About the Book


Acknowledgement

About the Authors



Contents


References









28 Conclusions

References








37 Conclusions

References











46 Conclusions

References










524 Fog Computing

53 Conclusions

References



611 LTE Networks







63 Conclusions

References





722 Encryption

723 Steganography


725 Anonymisation


73 Security Layers







75 Firewalls









79 Conclusions

References



A2 Tom De Marco

A3 Grady Booch

A4 James Gosling


A6 Tim O`Reilly


A8 Sergey Brin












D4 Cloud Computing




D8 Towards 5G




Index

architectural transformations in network services and distributed systems

Documents