Sanjay ChaudharyGaurav SomaniRajkumar Buyya Editors

Research Advances in Cloud Computing

Research Advances in Cloud Computing

Sanjay Chaudhary • Gaurav SomaniRajkumar BuyyaEditors

Research Advances in CloudComputing

123

EditorsSanjay ChaudharySchool of Engineering and Applied ScienceAhmedabad UniversityAhmedabad, GujaratIndia

Gaurav SomaniDepartment of Computer Science andEngineering

Central University of RajasthanAjmer, RajasthanIndia

Rajkumar BuyyaSchool of Computing and InformationSystems

The University of MelbourneMelbourne, VICAustralia

ISBN 978-981-10-5025-1 ISBN 978-981-10-5026-8 (eBook)DOI 10.1007/978-981-10-5026-8

Library of Congress Control Number: 2017949490

© Springer Nature Singapore Pte Ltd. 2017This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or partof the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations,recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmissionor information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilarmethodology now known or hereafter developed.The use of general descriptive names, registered names, trademarks, service marks, etc. in thispublication does not imply, even in the absence of a specific statement, that such names are exempt fromthe relevant protective laws and regulations and therefore free for general use.The publisher, the authors and the editors are safe to assume that the advice and information in thisbook are believed to be true and accurate at the date of publication. Neither the publisher nor theauthors or the editors give a warranty, express or implied, with respect to the material contained herein orfor any errors or omissions that may have been made. The publisher remains neutral with regard tojurisdictional claims in published maps and institutional affiliations.

Printed on acid-free paper

This Springer imprint is published by Springer NatureThe registered company is Springer Nature Singapore Pte Ltd.The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore

To my wife (Sunita), Son (Mandar) andDaughter (Anuradha)

—Sanjay Chaudhary

To my wife (Priyanka), Daughter (Anaya),and Nephew (Aradhya)

—Gaurav Somani

To my wife (Smrithi) and Daughters (Soumyaand Radha)

—Rajkumar Buyya

Foreword

Cloud computing is still growing by leaps and bounds and is likely to be used in allmajor server centers in future. This will be driven by both the low-cost and richfeatures of clouds. It is hard to see how traditional institutional data centers cancompete except for specialized services such as supercomputing or real-timeresponse to nearby components of the Internet of things. Progress in clouds comesfrom both the commercial and research communities and their collaboration. Thistimely book addresses many critical open topics that can be divided into three areas:

1. Programming model, infrastructure, and runtime2. Resource management3. Security.

The programming model, infrastructure, and runtime chapters include a futuristicchapter on serverless computing—one of the most promising cloud topics coveringmicro-services, event-based execution, and the FaaS function as a service model.Other chapters cover high availability, simulation, classification, migration, andvirtual network performance. High-performance computing in big data andstreaming issues are considered.

The resource management chapters cover resource scheduling including VMplacement and use of gaming techniques for pricing and allocation. The importantbroad topics of auto-scaling and energy management are covered thoroughly.

The security chapters cover broad topics including interoperability, accesscontrol, use of trusted computers, and the important special issues raised bycontainers. A major application focus is health care. Forensic analysis of intrusionevents is a fascinating topic.

The value of the book can be measured by the interest of the topics andthe quality of the chapter authors. However, a key measure is the credentials of theeditors who have put together this magnificent collection. The expertise of theeditors covers the three areas as seen in their brief research descriptions below.

Sanjay Chaudhary has made significant contributions in the cloud resourcemanagement and allocation methods. Sanjay brings a vast research experience inworking on various issues related to cloud infrastructure, performance, SaaS

vii

application development, application migration, and workflow scheduling in cloudcomputing environments. Sanjay also brings a rich experience of working with gridcomputing systems which have helped him in contributing to various resourcemanagement aspects of cloud computing.

Gaurav Somani has worked on multiple aspects of cloud computing domainsuch as resource management, metering, verification and accounting, and a numberof security issues. Gaurav has made a number of significant contributions in thearea of attack mitigation and recovery in cloud computing. VM backup, securededuplication, performance isolation, and DDoS attack prevention are fewimportant research problems he has addressed in the recent past.

Rajkumar Buyya has a very rich experience of developing production-levelsystems related to cloud computing and grid computing systems. He has madesignificant contributions in terms of highly cited papers related to the softwaresystems related to overall management of cloud resources. Raj and his group havedeveloped two popular software packages, Aneka and CloudSim, which are forcloud computing research and production usages.

I commend the book “Research Advances in Cloud Computing” to allcomputing professionals. Read and Enjoy!

Bloomington, USAMay 2017

Geoffrey FoxChair, Intelligent Systems EngineeringSchool of Informatics and ComputingDistinguished Professor of Computing

Engineering, and Physics, Director of theDigital Science Center, Indiana University

viii Foreword

Preface

Cloud computing is a novel computing paradigm which has changed the wayenterprise or Internet computing is performed. Today, for almost all the sectors inthe world, cloud computing is synonym to on-demand provisioning and delivery ofIT services in a pay-as-you-go model. The success story of cloud computing as atechnology is credited to the long-term efforts of computing research communityacross the globe. Software as a Service (SaaS), Platform as a Service (PaaS), andInfrastructure as a Service (IaaS) are the three major cloud product sectors. Eachone of these product sectors has their effects and reaches to various industries. Ifforecasts are to be believed, then more than two-third of all the enterprises acrossthe globe will be entirely run in cloud by 2026. These enthusiastic figures have ledto huge funding for research and development in cloud computing and relatedtechnologies. University researchers, research labs in industry, and scholars acrossthe globe have recreated the whole computing world into a new cloud enabledworld. This has been only possible by coordinated efforts into this direction. Today,almost every university across the globe has cloud computing and its relatedtechnologies included in their computer science curriculum. Additionally, there areextensive efforts on innovation and technology creation in the direction of cloudcomputing. These efforts are much visible in the reputed cloud computing researchplatforms like international conferences and journals.

We feel that there is a significant need to systematically present quality researchfindings of recent advances in cloud computing for the benefit of community ofresearchers, educators, practitioners, and industries. Although there are largenumbers of journals and conferences available, there is a lack of comprehensive andin-depth tutored analysis on various new developments in the field of cloudcomputing. This book on “Research Advances in Cloud Computing” discussesvarious new trends, designs, implementations, outcomes, and directions in thevarious areas of cloud computing. This book has been organized into three sections:

ix

1. Programming model, infrastructure, and runtime2. Resource Management3. Security.

The first chapter on “Serverless Computing: Current Trends and Open Problems”covers various serverless platforms, APIs, their key characteristics, technicalchallenges, and related open problems. Recently, enterprise application architecturesare shifting to containers and micro-services, and it provides enough reasons forserverless computing. The chapter provides detailed requirements of different pro-gramming models, platforms, and the need of significant research and developmentefforts to make it matured enough for widespread adoption.

Cloud providers face the important challenge regarding resource managementand aim to provide services with high availability relying on finite computationalresources and limited physical infrastructure. Their key challenge is to manageresources in an optimal way and to estimate how physical and logical failures canimpact on users’ perception. The second chapter on “Highly Available Clouds:System Modeling, Evaluations and Open Challenges”, presents literature survey onhigh availability of cloud and mentions the main approaches for it. It explorescomputational modeling theories to represent a cloud infrastructure focusing onhow to estimate and model cloud availability.

The third chapter on “Big Data Analytics in Cloud—A Streaming Approach”discusses streaming approach for data analytics in cloud. Big data and cloud havebecome twin words—used sometimes interchangeably. Interpretation of big databrings in idea of mining and analytics. There is significant literature on cloud thatdiscusses infrastructure and architecture but a very little literature for algorithmsrequired for mining and analytics. This chapter focuses on online algorithms thatcan be used for distributed, unstructured data for learning and analytics over Cloud.It also discusses their time complexity, presents architecture for deploying themover cloud, and concludes with presenting relevant open research directions.

Cloud data centers must be capable to offer scalable software services, whichrequire an infrastructure with a significant amount of resources. Such resources aremanaged by specific software to ensure service-level agreements based on one ormore performance metrics. Within such infrastructure, approaches to meetnon-functional requirements can be split into various artifacts, distributed acrossdifferent operational layers, which operate together with the aim of reaching aspecific target. Existing studies classify such approaches using different terms,which usually are used with conflicting meanings by different people. Therefore, itis necessary a common nomenclature defining different artifacts, so they can beorganized in a more scientific way. The fourth chapter on “A Terminology toClassify Artifacts for Cloud Infrastructure” proposes a comprehensive bottom-upclassification to identify and classify approaches for system artifacts at the infras-tructure level, and organize existing literature using the proposed classification.

The fifth chapter focuses on “Virtual Networking with Azure for Hybrid CloudComputing in Aneka”. It provides a discussion on the need of inter-cloud com-munication in the emerging hybrid, public, or federated clouds. Later, they provide

x Preface

a case of Azure Virtual Private Network (VPN) services to establish suchinter-cloud connections using an overlay network for hybrid clouds in Anekaplatform. It also presents a functional evaluation of the proposed approach with thehelp of experiments.

The sixth chapter on “Building Efficient HPC Cloud with SR-IOV EnabledInfiniBand: The MVAPICH2 Approach” presents a detailed case ofhigh-performance computing in cloud. It discusses the single-root I/O virtualizationperformance in the InfiniBand interconnects and provides locality aware commu-nication designs to optimize the overall performance using MVAPICH2 library. Italso proposed advanced designs to support the HPC in cloud computing environ-ments along with open research problems.

To facilitate effective resource allocation, cloud providers should allocateresources ahead of service demands, in a way that does not waste resources. Thecalculation of optimal allocations requires integer programming, which is compu-tationally difficult to accomplish. The seventh chapter on “Resource Procurement,Allocation, Metering, and Pricing in Cloud Computing” proposes an approachusing the uncertainty principle of game theory which achieves close to optimalresults. An approach for time-varying tariffs for cloud services, considering varyingload levels on the cloud provider’s infrastructure, and the time-varying pricing ofelectricity from a smart grid, is also proposed. The chapter involves the creation of aper-instance power consumption model for VMs on a cloud and a power-awarecloud metering architecture.

Auto-scaling is an important feature of cloud computing which allows flexiblejust-in-time allocation and release of computational resources in response todynamic and often unpredictable workloads. The eighth chapter on “DynamicSelection of Virtual Machines for Application Servers in Cloud Environments”covers the importance of auto-scaling for web applications whose workload is timedependent and prone to flash crowds. Reactive auto-scaling policies are successful,but here the authors are investigating the issue related to which VM type is the mostsuitable for the specific application and have proposed an approach for dynamicVM-type selection. It uses a combination of online machine learning techniques,works in real time, and adapts to changes in the users’ workload patterns, appli-cation changes as well as middleware upgrades and reconfigurations. The chapterhas described a prototype, which is tested with the CloudStone benchmarkdeployed on AWS EC2 and it has achieved encouraging results.

One of the current concerns of systems designers is related to the growth ofpower consumption in cloud computing systems. The techniques to address thisproblem range from decisions on locations for data centers to techniques that enableefficient resource management. Resource allocation, as a process of resourcemanagement, distributes the workload throughout the data center in an efficientmanner, minimizing the power consumption and maximizing the system perfor-mance. The nineth chapter on “Improving the Energy Efficiency in CloudComputing Data Centres Through Resource Allocation Techniques” presents anoverview of the resource management and resource allocation techniques, whichcontribute to the reduction of power consumption without compromising the cloud

Preface xi

user and provider constraints. It also covers two practical cases to illustrate thetheoretical concepts of resource allocation as well as have discussed the openchallenges that resource management will face in the coming years.

The tenth chapter on “Recent Developments in Resource Management in CloudComputing and Large Computing Clusters” provides a comprehensive and detailedoverview of overall cloud computing resource allocation framework with a focus onvarious resource scheduling algorithms. This chapter also provides a definitivedirection toward cloud scheduling solutions, architectures, and fairness algorithms.

The eleventh chapter on “Resource Allocation for Cloud Infrastructures:Taxonomies and Research Challenges” provides a classification of VM place-ments solutions in the form of taxonomies. These taxonomies are prepared forconceptualization of VM placement problem as provider–broker setting, andframing it as an optimization problem. Authors also comment on the formation ofcloud markets to provide a basis for multi-objective VM placement algorithms.

The twelth chapter on “Many-Objective Optimization for Virtual MachinePlacement in Cloud Computing” presents a comprehensive discussion on virtualmachine placement problem and extends the discussion by proposing many objec-tive VM placement algorithms for initial VM placement and reconfiguration. It alsogives an overview of open research problems at the end of the chapter to provide thescope of future work toward fully dynamic multi-objective VM placement problems.

The thirteenth chapter on “Performance Modeling and Optimization of LiveMigration of Virtual Machines in Cloud Infrastructure” is based on improvementof the pre-copy algorithm for live migration system. The improved pre-copyalgorithm is developed by three models: (i) compression model, (ii) predictionmodel, and (iii) performance model. Each model is used to evaluate downtime andtotal migration time of different workloads. The first model performs migration ofdifferent sizes of VM with three workloads: (i) idle system, (ii) kernel compile, and(iii) static web server. Prediction model works with adaptive dirty rate and adaptivedata rate to evaluate complex workloads running in a VM. The performance modelis used to find dirty pages using dirty page rate model. It is observed that bothprediction model and performance model work efficiently than the existingframework of Xen. It concludes that three proposed models are able to improvepre-copy and the results are tested for the same.

Security and privacy being a very active and hot topic of research and discussionthese days, we have five chapters dedicated to the relevant issues associated withcloud computing security. Isolated containers are rapidly becoming a great alter-native to traditional virtualized environments. The fourteenth chapter on “Analysisof Security in Modern Container Platforms” makes two important contributions.First, it provides a detailed analysis of current security arrangements in the con-tainer platforms. Second, it offers an experimental analysis of containers by pro-viding details on common threat and Vulnerabilities Exposures (CVEs) exploits.This twofold analysis helps in comparing the CVE exploits to be able to comparewith the state-of-the-art security requirements by the popular literature.

The fifteenth chapter on “Identifying Evidence for Cloud Forensic Analysis”discusses forensic analysis and post-attack evidence collection on the cloud

xii Preface

computing infrastructures. Authors describe the evidence collection activity at threedifferent places which are at Intrusion Detection System (IDS), cloud provider APIcalls, and VM system calls. It shows a step-by-step attack scenario reconstructionusing the proposed prolog-based tool following the proposed evidence collectionapproach. Forensic analysis of cloud computing infrastructures is still in its infancyand authors provide directions for data collection and forensically capable clouds.

The sixteenth chapter on “An Access Control Framework for Secure andInteroperable Cloud Computing Applied to the Healthcare Domain” addressesvarious health record security issues and provides an FSICC framework(Framework for Secure and Interoperable Cloud Computing) that provides amechanism for multiple sources to register cloud, programming, and web servicesand security requirements for use by applications. Future research directions areprovided at the end of this chapter to help the enthusiastic readers about the openareas.

The seventeenth chapter on “Security and Privacy Issues in Outsourced PersonalHealth Record” provides a detailed survey on existing personal health recordmanagement systems (PHRMSs) considering the security and privacy featuresprovided by each one of them. This state-of-the-art survey is extended by givingpointers to multiple open research problems in the healthcare domain.

The last in the series of five chapters dedicated to cloud security is a chapter on“Applications of Trusted Computing in Cloud Context”. Trusted computing para-digm has been considered as one of the important security research milestones toleverage various security solutions. This chapter investigates applications of trustedcomputing in cloud computing areas where security threats exist, namely in livevirtual machine migration.

Ahmedabad, India Sanjay ChaudharyAjmer, India Gaurav SomaniMelbourne, Australia Rajkumar Buyya

Preface xiii

Acknowledgements

We are thankful to

• Contributing authors• Springer• Suvira Srivastava• Ahmedabad University• Australian Research Council for Future Fellowship• Prof. M.S. Gaur, MNIT, India• Central University of Rajasthan• Antony Raj J.• Family members

xv

Contents

Serverless Computing: Current Trends and Open Problems. . . . . . . . . . 1Ioana Baldini, Paul Castro, Kerry Chang, Perry Cheng, Stephen Fink,Vatche Ishakian, Nick Mitchell, Vinod Muthusamy, Rodric Rabbah,Aleksander Slominski and Philippe Suter

Highly Available Clouds: System Modeling, Evaluations, and OpenChallenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Patricia Takako Endo, Glauco Estácio Gonçalves, Daniel Rosendo,Demis Gomes, Guto Leoni Santos, André Luis Cavalcanti Moreira,Judith Kelner, Djamel Sadok and Mozhgan Mahloo

Big Data Analytics in Cloud—A Streaming Approach . . . . . . . . . . . . . . 55Ratnik Gandhi

A Terminology to Classify Artifacts for Cloud Infrastructure. . . . . . . . . 75Fábio Diniz Rossi, Rodrigo Neves Calheirosand César Augusto Fonticielha De Rose

Virtual Networking with Azure for Hybrid Cloud Computing inAneka. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Adel Nadjaran Toosi and Rajkumar Buyya

Building Efficient HPC Cloud with SR-IOV-Enabled InfiniBand: TheMVAPICH2 Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Xiaoyi Lu, Jie Zhang and Dhabaleswar K. Panda

Resource Procurement, Allocation, Metering, and Pricing in CloudComputing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Akshay Narayan, Parvathy S. Pillai, Abhinandan S. Prasadand Shrisha Rao

Dynamic Selection of Virtual Machines for Application Servers inCloud Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187Nikolay Grozev and Rajkumar Buyya

xvii

Improving the Energy Efficiency in Cloud Computing Data CentresThrough Resource Allocation Techniques . . . . . . . . . . . . . . . . . . . . . . . . . 211Belén Bermejo, Sonja Filiposka, Carlos Juiz, Beatriz Gómezand Carlos Guerrero

Recent Developments in Resource Management in Cloud Computingand Large Computing Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Richard Olaniyan and Muthucumaru Maheswaran

Resource Allocation for Cloud Infrastructures: Taxonomies andResearch Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Benjamín Barán and Fabio López-Pires

Many-Objective Optimization for Virtual Machine Placement inCloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291Fabio López-Pires and Benjamín Barán

Performance Modeling and Optimization of Live Migration of VirtualMachines in Cloud Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327Minal Patel, Sanjay Chaudhary and Sanjay Garg

Analysis of Security in Modern Container Platforms . . . . . . . . . . . . . . . . 351Samuel Laurén, M. Reza Memarian, Mauro Conti and Ville Leppänen

Identifying Evidence for Cloud Forensic Analysis . . . . . . . . . . . . . . . . . . 371Changwei Liu, Anoop Singhal and Duminda Wijesekera

An Access Control Framework for Secure and Interoperable CloudComputing Applied to the Healthcare Domain . . . . . . . . . . . . . . . . . . . . . 393Mohammed S. Baihan and Steven A. Demurjian

Security and Privacy Issues in Outsourced Personal Health Record. . . .. . . . 431Naveen Kumar and Anish Mathuria

Applications of Trusted Computing in Cloud Context . . . . . . . . . . . . . . . 449Mohammad Reza Memarian, Diogo Fernandes, Pedro Inácio,Ville Leppänen and Mauro Conti

xviii Contents

About the Editors

Dr. Sanjay Chaudhary is a Professor and Associate Dean of the School ofEngineering and Applied Science, Ahmedabad University, Ahmedabad, India. Hisresearch areas are data analytics, cloud computing, and ICT applications in agri-culture and rural development. He has authored four books, six book chapters, andpublished more than hundred research papers and ten literary articles in interna-tional conferences, workshops, and journals. He has served on the program com-mittees of leading international conferences and workshops, and he is also amember of the review committees of leading journals. He holds a doctorate degreein computer science from Gujarat Vidyapeeth, Ahmedabad, India. Earlier, heworked as a Professor and Dean (Academics Programs) at DA-IICT. He has alsoworked on various large-scale software development projects for the corporatesector, co-operative sector, and government organizations. He is actively involvedin various consultancy and enterprise application development projects.

Gaurav Somani is an Assistant Professor at the Department of Computer Scienceand Engineering at the Central University of Rajasthan (Ajmer), India. He hassubmitted his PhD in Computer Science and Engineering from MNIT, Jaipur, India.His research interests include distributed systems, network security, cloud com-puting, and open-source technologies. He has published number of papers in var-ious conferences and journals of international repute and is a reviewer of many topjournals. Some of his top papers are published in highly reputed journals such asComputer Networks, Annals of Telecommunications, Computer Communications,IEEE Cloud Computing, Computers and Electrical Engineering, FGCS, and IEEECloud. He has written a book on “Scheduling and Isolation in Virtualization” whichis published by VDM Verlag Dr. Muller Publishers, Germany. This book is used asa text/reference book in some graduate-level programs across the globe. He is also apart of multiple international conferences across the globe where he has played arole of TPC member, session chair, and invited speaker. He was the keynote and thetutorial chair at the ICISS 2016. He is a member of IEEE and ACM.

xix

Dr. Rajkumar Buyya is a Redmond Barry Distinguished Professor of ComputerScience and Software Engineering and Director of the Cloud Computing andDistributed Systems (CLOUDS) Laboratory at the University of Melbourne,Australia. He is also serving as the founding CEO of Manjrasoft, a spin-off com-pany of the university, commercializing its innovations in cloud computing. Heserved as Future Fellow of the Australian Research Council during 2012–2016. Hehas authored over 525 publications and seven text books including “MasteringCloud Computing” published by McGraw Hill, China Machine Press, and MorganKaufmann for Indian, Chinese, and international markets, respectively. He has alsoedited several books including “Cloud Computing: Principles and Paradigms”(Wiley Press, USA, Feb 2011). He is one of the highly cited authors in computerscience and software engineering worldwide (h-index=112, g-index=245, 63,900+citations). Microsoft Academic Search Index ranked Dr. Buyya as #1 author in theworld (2005–2016) for both field rating and citations evaluations in the area ofDistributed and Parallel Computing. Recently, Dr. Buyya is recognized as “2016Web of Science Highly Cited Researcher” by Thomson Reuters.

xx About the Editors

Serverless Computing: Current Trendsand Open Problems

Ioana Baldini, Paul Castro, Kerry Chang, Perry Cheng,Stephen Fink, Vatche Ishakian, Nick Mitchell, Vinod Muthusamy,Rodric Rabbah, Aleksander Slominski and Philippe Suter

Abstract Serverless computing has emerged as a new compelling paradigm for thedeployment of applications and services. It represents an evolution of cloud program-mingmodels, abstractions, and platforms, and is a testament to the maturity and wideadoption of cloud technologies. In this chapter, we survey existing serverless plat-forms from industry, academia, and open-source projects, identify key characteristicsand use cases, and describe technical challenges and open problems.

I. Baldini · P. Castro (B) · K. Chang · P. Cheng · S. Fink · N. Mitchell ·V. Muthusamy · R. Rabbah · A. SlominskiIBM Research, New York, USAe-mail: ioana@us.ibm.com

P. Castroe-mail: castrop@us.ibm.com

K. Change-mail: Kerry.Chang@ibm.com

P. Chenge-mail: perry@us.ibm.com

S. Finke-mail: sjfink@us.ibm.com

N. Mitchelle-mail: nickm@us.ibm.com

V. Muthusamy (B)e-mail: vmuthus@us.ibm.com

R. Rabbahe-mail: rabbah@us.ibm.com

A. Slominski (B)e-mail: aslom@us.ibm.com

V. Ishakian (B)Bentley University, Waltham, USAe-mail: vishakian@bentley.edu

P. SuterTwo Sigma, New York, USA

© Springer Nature Singapore Pte Ltd. 2017S. Chaudhary et al. (eds.), Research Advances in Cloud Computing,DOI 10.1007/978-981-10-5026-8_1

1

2 I. Baldini et al.

1 Introduction

Serverless computing (or simply serverless) is emerging as a new and compellingparadigm for the deployment of cloud applications, largely due to the recent shiftof enterprise application architectures to containers and microservices [21]. Figure1shows the increasing popularity of the “serverless” search term over the last 5 yearsas reported by Google Trends. This is an indication of the increasing attention thatserverless computing has garnered in industry trade shows, meetups, blogs, and thedevelopment community. By contrast, the attention of the academic community hasbeen limited.

From the perspective of an Infrastructure-as-a-Service (IaaS) customer, this par-adigm shift presents both an opportunity and a risk. On the one hand, it providesdevelopers with a simplified programmingmodel for creating cloud applications thatabstracts away most, if not all, operational concerns; it lowers the cost of deployingcloud code by charging for execution time rather than resource allocation; and it isa platform for rapidly deploying small pieces of cloud-native code that responds toevents, for instance, to coordinate microservice compositions that would otherwiserun on the client or on dedicated middleware. On the other hand, deploying suchapplications in a serverless platform is challenging and requires relinquishing to theplatform design decisions that concern, among other things, quality-of-service (QoS)monitoring, scaling, and fault tolerance properties.

From the perspective of a cloud provider, serverless computing provides an addi-tional opportunity to control the entire development stack, reduce operational costsby efficient optimization and management of cloud resources, offer a platform thatencourages the use of additional services in their ecosystem, and lower the effortrequired to author and manage cloud-scale applications.

Serverless computing is a term coined by industry to describe a programmingmodel and architecture where small code snippets are executed in the cloud withoutany control over the resources on which the code runs. It is by nomeans an indicationthat there are no servers, simply that the developer should leave most operationalconcerns such as resource provisioning, monitoring, maintenance, scalability, andfault tolerance to the cloud provider.

Fig. 1 Popularity of the term “serverless” as reported by Google Trends

Serverless Computing: Current Trends and Open Problems 3

The astute reader may ask how this differs from the Platform-as-a-Service (PaaS)model, which also abstracts away the management of servers. A serverless modelprovides a “stripped down” programmingmodel based on stateless functions. Similarto Paas, developers canwrite arbitrary code and are not limited to using a prepackagedapplication. The version of serverless that explicitly uses functions as the deploymentunit is also called Function-as-a-Service (FaaS).

Serverless platformspromisenewcapabilities thatmakewriting scalablemicroser-vices easier and cost-effective, positioning themselves as the next step in the evolutionof cloud computing architectures. Most of the prominent cloud computing providersincluding Amazon [1], IBM [24], Microsoft [3], and Google [10] have recentlyreleased serverless computing capabilities. There are also several open-source effortsincluding the OpenLambda project [23].

Serverless computing is in its infancy and the research community has producedonly a few citable publications at this time. OpenLambda [23] proposes a refer-ence architecture for serverless platforms and describes challenges in this space (seeSect. 3.1.3) and we have previously published two of our use cases [5, 29] (seeSect. 5.1). There are also several books for practitioners that target developers inter-ested in building applications using serverless platforms [12, 27].

1.1 Defining Serverless

Succinctly defining the term serverless can be difficult as the definition will over-lap with other terms such as PaaS and Software-as-a-Service (SaaS). One way toexplain serverless is to consider the varying levels of developer control over thecloud infrastructure, as illustrated in Fig. 2. The Infrastructure-as-a-Service (IaaS)model is where the developer has the most control over both the application codeand operating infrastructure in the cloud. Here, the developer is responsible for pro-visioning the hardware or virtual machines, and can customize every aspect of howan application gets deployed and executed. On the opposite extreme are the PaaSand SaaS models, where the developer is unaware of any infrastructure, and con-sequently no longer has control over the infrastructure. Instead, the developer has

DeveloperControl LessMore

Full StackServices(SaaS)

Hardware/VMDeployment

(IaaS)

custom infrastructurecustom application code

shared infrastructurecustom application code

shared infrastructureshared service code

Serverless

Runs in PaaS

Fig. 2 Developer control and serverless computing

4 I. Baldini et al.

access to prepackaged components or full applications. The developer is allowed tohost code here, though that code may be tightly coupled to the platform.

For this chapter, we will focus on the space in the middle of Fig. 2. Here, thedeveloper has control over the code they deploy into the cloud, though that code hasto be written in the form of stateless functions. (The reason for this will be explainedin Sect. 3.) The developer does not worry about the operational aspects of deploymentand maintenance of that code and expects it to be fault-tolerant and auto-scaling. Inparticular, the codemay be scaled to zero where no servers are actually running whenthe user’s function is not used, and there is no cost to the user. This is in contrast toPaaS solutions where the user is often charged even during idle periods.

There are numerous serverless platforms that fall into the above definition. In thischapter, we present the architecture and other relevant features of serverless com-puting, such as the programming model. We also identify the types of applicationworkloads that are suitable to run on serverless computing platforms. We then con-clude with open research problems and future research challenges. Many of thesechallenges are a pressing need in industry and could benefit from contributions fromacademia.

2 Evolution

Serverless computing was popularized by Amazon in the re:Invent 2014 session“Getting Started with AWS Lambda” [2]. Other vendors followed in 2016 withthe introduction of Google Cloud Functions [10], Microsoft Azure Functions [3],and IBM OpenWhisk [24]. However, the serverless approach to computing is notcompletely new. It has emerged following recent advancements and adoption ofvirtual machine (VM) and then container technologies. Each step up the abstractionlayers led tomore lightweight units of computation in terms of resource consumption,cost, and speed of development and deployment.

Among existing approaches,Mobile Backend as-a-Service (MBaaS) bears a closeresemblance to serverless computing. Some of those services even provided “cloudfunctions”, that is, the ability to run some code server-side on behalf of a mobile appwithout the need to manage the servers. An example of such a service is Facebook’sParse Cloud Code [25]. Such code, however, was typically limited to mobile usecases.

Software-as-a-Service (SaaS) may support the server-side execution of user pro-vided functions but they are executing in the context of an application and hencelimited to the application domain. Some SaaS vendors allow the integration of arbi-trary code hosted somewhere else and invoked via an API call. For example, this isapproach is used by the Google Apps Marketplace in Google Apps for Work [14].

Serverless Computing: Current Trends and Open Problems 5

Fig. 3 Serverless platform architecture

3 Architecture

There are a lot of misconceptions surrounding serverless starting with the name.Servers are still needed, but developers need not concern themselves with managingthose servers. Decisions such as the number of servers and their capacity are takencare of by the serverless platform, with server capacity automatically provisionedas needed by the workload. This provides an abstraction where computation (in theform of a stateless function) is disconnected from where it is going to run.

The core capability of a serverless platform is that of an event processing system,as depicted in Fig. 3. The servicemust manage a set of user-defined functions, take anevent sent over HTTP or received from an event source, determine which function(s)to which to dispatch the event, find an existing instance of the function or createa new instance, send the event to the function instance, wait for a response, gatherexecution logs, make the response available to the user, and stop the function whenit is no longer needed.

The challenge is to implement such functionality while considering metrics suchas cost, scalability, and fault tolerance. The platform must quickly and efficientlystart a function and process its input. The platform also needs to queue events, andbased on the state of the queues and arrival rate of events, schedule the execution offunctions, andmanage stopping anddeallocating resources for idle function instances.In addition, the platform needs to carefully consider how to scale andmanage failuresin a cloud environment.

6 I. Baldini et al.

3.1 Survey of Serverless Platforms

In this section, we will compare a number of serverless platform. We first list thedimensions which will be used to characterize the architectures of these platforms,followed by a brief description of each platform.

3.1.1 Characteristics

There are a number of characteristics that help distinguish the various serverlessplatforms. Developers should be aware of these properties when choosing a platform.

• Cost: Typically, the usage is metered and users pay only for the time and resourcesused when serverless functions are running. This ability to scale to zero instancesis one of the key differentiators of a serverless platform. The resources that aremetered, such as memory or CPU, and the pricing model, such as off-peak dis-counts, vary among providers.

• Performance and limits: There are a variety of limits set on the runtime resourcerequirements of serverless code, including the number of concurrent requests, andthemaximummemory andCPU resources available to a function invocation. Somelimits may be increased when users’ needs grow, such as the concurrent requestthreshold,while others are inherent to the platforms, such as themaximummemorysize.

• Programming languages: Serverless services support a wide variety of program-ming languages including Javascript, Java, Python, Go, C#, and Swift. Most plat-forms support more than one programming language. Some of the platforms alsosupport extensibility mechanisms for code written in any language as long as it ispackaged in a Docker image that supports a well-defined API.

• Programming model: Currently, serverless platforms typically execute a singlemain function that takes a dictionary (such as a JSONobject) as input andproducesa dictionary as output.

• Composability: The platforms generally offer some way to invoke one serverlessfunction from another, but some platforms provide higher level mechanisms forcomposing these functions and may make it easier to construct more complexserverless apps.

• Deployment: Platforms strive tomake deployment as simple as possible. Typically,developers just need to provide a file with the function source code. Beyond thatthere are many options where code can be packaged as an archive with multiplefiles inside or as a Docker image with binary code. As well, facilities to version orgroup functions are useful but rare.

• Security and accounting: Serverless platforms are multi-tenant and must isolatethe execution of functions between users and provide detailed accounting so usersunderstand how much they need to pay.

• Monitoring and debugging: Every platform supports basic debugging by usingprint statements that are recorded in the execution logs.Additional capabilitiesmay

Serverless Computing: Current Trends and Open Problems 7

be provided to help developers find bottlenecks, trace errors, and better understandthe circumstances of function execution.

3.1.2 Commercial Platforms

Amazon’s AWS Lambda [1] was the first serverless platform and it defined severalkey dimensions including cost, programming model, deployment, resource limits,security, and monitoring. Supported languages include Node.js, Java, Python, andC#. Initial versions had limited composability but this has been addressed recently.The platform takes advantage of a largeAWSecosystem of services andmakes it easyto use Lambda functions as event handlers and to provide glue code when composingservices.

Currently available as an Alpha release, Google Cloud Functions [10] providesbasic FaaS functionality to run serverless functions written in Node.js in responseto HTTP calls or events from some Google Cloud services. The functionality iscurrently limited but expected to grow in future versions.

Microsoft Azure Functions [3] provides HTTP webhooks and integration withAzure services to run user provided functions. The platform supports C#, F#,Node.js,Python, PHP, bash, or any executable. The runtime code is open-source and availableon GitHub under an MIT License. To ease debugging, the Azure Functions CLIprovides a local development experience for creating, developing, testing, running,and debugging Azure Functions.

IBMOpenWhisk [24] provides event-based serverless programmingwith the abil-ity to chain serverless functions to create composite functions. It supports Node.js,Java, Swift, Python, as well as arbitrary binaries embedded in a Docker container.OpenWhisk is available on GitHub under an Apache open-source license. The mainarchitectural components of the OpenWhisk platform are shown in Fig.4. Comparedto the generic architectural diagram in Fig. 3, we can see there are additional com-ponents handling important requirements such as security, logging, and monitoring.

3.1.3 New and Upcoming Serverless Platforms

There are several serverless projects ranging from open-source projects to vendorsthat find serverless a natural fit for their business.

OpenLambda [23] is an open-source serverless computing platform. The sourcecode is available in GitHub under an Apache License. The OpenLambda paper [15]outlines a number of challenges around performance such as supporting faster func-tion startup time for heterogeneous language runtimes and across a load balancedpool of servers, deployment of large amounts of code, supporting stateful interactions(such as HTTP sessions) on top of stateless functions, using serverless functions withdatabases and data aggregators, legacy decomposition, and cost debugging. We haveidentified similar challenges in Sect. 6.

8 I. Baldini et al.

Fig. 4 IBM openWhisk architecture

Some serverless systems are created by companies that see the need for serverlesscomputing in the environments they operate. For example, Galactic Fog [13] addedserverless computing to their Gestalt Framework running on top of Mesos D/C. Thesource code is available under an Apache 2 license. Auth0 has created webtasks [7]that execute serverless functions to support webhook endpoints used in complexsecurity scenarios. This code is also available as open source. Iron.io had a serverlesssupport for tasks since 2012 [28]. Recently, they announced Project Kratos [16]that allows developers to convert AWS Lambda functions into Docker images, andis available under an Apache 2 license. Additionally, they are working with CloudFoundry to bringmulti-cloud serverless support to Cloud Foundry users [9]. LeverOSis an open-source project that uses an RPCmodel to communicate between services.Computing resources in LeverOS can be tagged, so repeated function invocations canbe targeted to a specific container to optimize runtime performance, such as takingadvantage of warm caches in a container [20].

3.2 Benefits and Drawbacks

Compared to IaaS platforms, serverless architectures offer different tradeoffs in termsof control, cost, and flexibility. In particular, they force application developers tocarefully think about the cost of their code when modularizing their applications,rather than latency, scalability, and elasticity, which is where significant developmenteffort has traditionally been spent.

The serverless paradigm has advantages for both consumers and providers. Fromthe consumer perspective, a cloud developer no longer needs to provision andmanageservers, VMs, or containers as the basic computational building block for offering

Serverless Computing: Current Trends and Open Problems 9

distributed services. Instead the focus is on the business logic, by defining a set offunctions whose composition enables the desired application behavior. The statelessprogrammingmodel gives the providermore control over the software stack, allowingthem to, amongother things,more transparently deliver security patches and optimizethe platform.

There are, however, drawbacks to both consumers and providers. For consumers,the FaaS model offered by the platform may be too constraining for some appli-cations. For example, the platform may not support the latest Python version, orcertain libraries may not be available. For the provider, there is now a need to man-age issues such as the lifecycle of the user’s functions, scalability, and fault tolerancein an application-agnostic manner. This also means that developers have to carefullyunderstand how the platform behaves and design the application around these capa-bilities.

One property of serverless platforms thatmay not be evident at the outset is that theprovider tends to offer an ecosystemof services that augment the user’s functions. Forexample, there may be services to manage state, record and monitor logs, send alerts,trigger events, or perform authentication and authorization. Such rich ecosystemscan be attractive to developers and present another revenue opportunity for the cloudprovider. However, the use of such services brings with it a dependence on theprovider’s ecosystem and a risk of vendor lock-in.

3.3 Current State of Serverless Platforms

There are many commonalities between serverless platforms. They share similarpricing, deployment, and programming models. The main difference among them isthe cloud ecosystem: current serverless platforms onlymake it easy to use the servicesin their own ecosystem and the choice of platform will likely force developers to usethe services native to that platform. That may be changing as open-source solutionsmay work well across multiple cloud platforms.

4 Programming Model

Serverless functions have limited expressiveness as they are built to scale. Theircompositionmay be also limited and tailored to support cloud elasticity. Tomaximizescaling, serverless functions do not maintain state between executions. Instead, thedeveloper can write code in the function to retrieve and update any needed state. Thefunction is also able to access a context object that represents the environment inwhich the function is running (such as a security context). For example, a functionwritten in JavaScript could take the input, as a JSON object, as the first parameter,and context as the second:

10 I. Baldini et al.

function main(params, context) {

return {payload: ’Hello,’ + params.name

+ ’ from’ + params.place};

}

4.1 Ecosystem

Due to the limited and stateless nature of serverless functions, an ecosystem ofscalable services that support the different functionalities a developer may requireis essential to having a successfully deployed serverless application. For example,many applications will require the serverless function to retrieve state from perma-nent storage (such as a file server or database). There may be an existing ecosystemof functions that support API calls to various storage systems. While the functionsthemselves may scale due to the serverless guarantees, the underlying storage sys-tem itself must provide reliability and QoS guarantees to ensure smooth operation.Serverless functions can be used to coordinate any number of systems such as identityproviders, messaging queues, and cloud-based storage. Dealing with the challengesof scaling of these systems on-demand is as critical but outside the control of theserverless platform. To increase the adoption of serverless computing, there is a needto provide such scalable services. Such an ecosystem enables ease of integration andfast deployment at the expense of vendor lock-in.

4.2 Tools and Frameworks

Creating and managing serverless functions requires several operations. Instead ofmanaging each function independently, it is much more convenient to have a frame-work that can logically group functions together to deploy and update them as a unit.A framework may also make it easier to create functions that are not bound to oneserverless service provider by providing abstractions that hide low-level details ofeach serverless provider. Other frameworks may take existing popular programmingmodels and adapt them for serverless execution. For example, Zappa [30] and Chal-ice [8] use an @app.route decorator to make it possible to write python code thatlooks like a webserver but can be deployed as a serverless function:

@app.route("/{name}/{place}")

def index():

return {"hello": name,"from": place}

Serverless Computing: Current Trends and Open Problems 11

Fig. 5 Image processing

5 Use Cases and Workloads

Serverless computing has been utilized to support a wide range of applications.From a functionality perspective, serverless and more traditional architectures maybe used interchangeably. The determination of when to use serverless will likely beinfluenced by other non-functional requirements such as the amount of control overoperations required, cost, as well as application workload characteristics.

From a cost perspective, the benefits of a serverless architecture are most apparentfor bursty, compute-intensive workloads. Bursty workloads fare well because thedeveloper offloads the elasticity of the function to the platform, and just as important,the function can scale to zero, so there is no cost to the consumer when the systemis idle. Compute-intensive workloads are appropriate since in most platforms today,the price of a function invocation is proportional to the running time of the function.Hence, I/O bound functions are paying for compute resources that they are not fullytaking advantage of. In this case, a multi-tenant server application that multiplexesrequests may be cheaper to operate.

From a programming model perspective, the stateless nature of serverless func-tions lends themselves to application structure similar to those found in functionalreactive programming [4]. This includes applications that exhibit event-driven andflow-like processing patterns.

5.1 Event Processing

One class of applications that are very much suitable for serverless computing isevent-based programming [5, 29]. The most basic example, popularized by AWSLambda, that has become the “Hello World” of serverless computing is a simpleimage processing event handler function. The function is connected to a data store,such as Amazon S3 [26], that emits change events. Each time a new image file isuploaded to a folder in S3, an event is generated and forwarded to the event handlerfunction that generates a thumbnail image that is stored in another S3 folder. Theflow is depicted in Fig. 5. This example works well for serverless demos as thefunction is completely stateless and idempotent which has the advantage that in thecase of failure (such as network problems accessing the S3 folder), the function canbe executed again with no side effects. It is also an exemplary use case of a bursty,compute-intensive workload as described above.

12 I. Baldini et al.

Fig. 6 Offloading API calls and glue logic from mobile app to backend

5.2 API Composition

Another class of applications involves the composition of a number of APIs. In thiscase, the application logic consists of data filtering and transformation. For example,a mobile app may invoke geolocation, weather, and language translation APIs torender the weather forecast for a user’s current location. The glue code to invokethese APIs can be written in a short serverless function, as illustrated by the Pythonfunction in Fig. 6. In this way, the mobile app avoids the cost of invoking the multipleAPIs over a potentially resource constrainedmobile network connection, and offloadsthe filtering and aggregation logic to the backend.

5.3 API Aggregation to Reduce API Calls

API aggregation can work not only as a composition mechanism, but also as a meansto simplify the client-side code that interacts with the aggregated call. For example,consider a mobile application that allows you to administer an Open Stack instance.API calls in Open Stack [18] require the client to first obtain an API token, resolvethe URL of the service you need to talk to, then invoke the required API call on thatURL with the API token. Ideally, a mobile app would save energy by minimizingthe number of required calls needed to issue a command to an Open Stack instance.Figure 7 illustrates an alternative approach where three functions implement theaforementioned flow to allow authenticated backups in an Open Stack instance. The

Serverless Computing: Current Trends and Open Problems 13

Get API Token Get Server IDs Create Backup

Authenticated Backup

invoke

event

Fig. 7 Reducing the number of API calls required for a mobile client

Write Record Create Issue

database Issue tracker

AP

I

event

invokeinvokeUser

Interaction

update

Fig. 8 Batched invocation for issue tracking

mobile client now makes a single call to invoke this aggregate function. The flowitself appears as a single API call. Note that authorization to invoke this call can behandled by an external authorization service, e.g., an API gateway.

5.4 Flow Control for Issue Tracking

Serverless function composition can be used to control the flow of data between twoservices. For example, imagine an application that allows users to submit feedbackto the app developers in the form of annotated screenshots and text. In Fig. 8, theapplication submits this data to a backend consisting of a scalable database and anon-premise issue tracking system. The latter is mainly used by the development teamand is not designed to accept high volume traffic. On the other hand, the former iscapable of responding to high volume traffic. We design our system to stage allfeedback records in the database using a serverless function which eliminates theneed to standup a separate server to handle feedback requests but still allow us alevel of indirection between the application and the backend database. Once wecollect a sufficient number of updates, we can batch them together into a singleupdate, which invokes a function to submit issues to the issue tracker in a controlledmanner. This flowwould work for a scalable database system [6] and an issue trackersystem that accepts batched inputs [17].