Description |
In recent years, it has become commonplace for organizations to deploy their services in a cloud environment. However, as this new computation ecosystem matured, the unique challenges of it also started to emerge. Due to the inherent multiparty, multilayer environment of public clouds, both cloud providers and cloud tenants have limited visibility into the whole system. This limited visibility complicates problems involving multiple parties in a cloud, such as accounting resource usage, resource demand estimation, and security monitoring for cloud providers as well as troubleshooting, virtual resource performance estimation/optimization, and automating service deployment for cloud tenants. In existing cloud platforms, solutions for these problems often require time-consuming and expensive interaction between different parties. Given that resource optimization and cost saving are becoming top priorities not only for cloud providers but also for tenants, resolving this lack of visibility problem is becoming a critical challenge of cloud computing platforms. However, extending visibility is not a simple task since, for security and privacy, cloud platforms were originally designed to reduce interparty visibility. In addition, for cloud providers, it could be prohibitively expensive to support such extended visibility for every single tenant. In this dissertation, we study different aspects related to enhancing visibility in a multitenant cloud environment. In the first part of the dissertation, we present a framework to offer cloud tenants better visibility into the cloud infrastructure for better understanding and troubleshooting, where both cloud providers and tenants may save cloud management costs. In the second part, we focus on the cloud provider's visibility into the tenants' network traffic, and enhance it by adopting a widely used traffic matrix estimation model for ISP networks and addressing two key challenges to apply the model to datacenter networks: the sparse traffic matrix problem and the interior traffic sink/source problem. In the last part, we study unintended ways to enhance visibility of tenants in the cloud infrastructure. We focus on cloud tenants' visibility into the states of the virtual firewalls, which are typically supposed to be unknown to cloud tenants, devise a novel method to monitor the states of firewalls, and exploit them as a side channel into the host machine's infrastructure level activities. |