A secure cost-effective migration of enterprise applications to the cloud

INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMSInt. J. Commun. Syst. (2013)Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/dac.2594

A secure cost-effective migration of enterprise applicationsto the cloud

Daochao Huang1,*,†, Li Yi2, Fei Song2, Dong Yang2 and Hongke Zhang2

1National Computer network Emergency Response technical Team Coordination Center of China(CNCERT or CNCERT/CC), No.A3, Yumin Road, Chaoyang District, Beijing, China, 100029

2School of Electronic and Information Engineering, Beijing JiaoTong University, Beijing, China, 100044

SUMMARY

Cloud computing is rapidly expanding as an alternative service deployment platform today. This bringsforth many new challenges in migrating enterprise applications into cloud. To enable enterprises to benefitfrom migration while achieving cost-efficiency and keeping sensitive user data confidential against untrustedservers, planning which servers to migrate to the cloud and which to be hosted on-premise is a key problem.This problem has been traditionally approached through the formulation and resolution of large optimiza-tion problems requiring global knowledge. Such approaches are not suitable for large-scale and dynamicenterprise network migrations.

In this paper, the problem of determining the optimal migrated components set of an enterprise applica-tion is revisited and addressed in a way that is both scalable and deals inherently with network dynamicity.In particular, application migration, which enables service components to move between local data centertoward more communication cost-effective cloud, is based on local information. The migration policiesproposed in this work are analytically shown to be capable of moving an enterprise application betweenlocal data center and remote cloud in a way that the cost of service provision is reduced. Experimentalresults show the efficiency, applicability, and easy adaptability of the presented approach. Copyright © 2013John Wiley & Sons, Ltd.

Received 30 October 2012; Revised 27 May 2013; Accepted 27 May 2013

KEY WORDS: cloud computing; enterprise applications; service migration; network utility maximization;migration policies

1. INTRODUCTION

The advantages and initial success stories make the cloud computing draw extensive attention fromboth academia and industry. By promising to reduce the cost of IT organizations through lowercapital and operational expense stemming from the cloud’s economies of scale, and with scalableresources in the pay-per-use manner at relatively low prices, cloud computing are prompting manyenterprises to migrate their existing enterprise applications to the cloud or directly deliver newservices as an alternative to implementing their own server infrastructures, such as [1], whichstudies the design and implementation of a seamless video reconstruction algorithm for reconstruct-ing dispersed video contents into video data for continuous play. The increasing development ofcloud computing technologies and successful examples include Amazon’s EC2 [2], Google AppEngine [3], and Microsoft Azure [4].

Migrating legacy applications to the cloud is a non-trivial task as it leads to new technicalchallenges [5–11]. The main problems in cloud migration include (i) selecting the best and most

*Correspondence to: Daochao Huang, National Computer network Emergency Response Technical Team CoordinationCenter of China (CNCERT or CNCERT/CC), No.A3, Yumin Road, Chaoyang District, Beijing, China, 100029.

†E-mail: [email protected]

Copyright © 2013 John Wiley & Sons, Ltd.

D. HUANG ET AL.

compatible application components to ensure a cost-effective model. When selecting componentsto migrate to the cloud, the complexity inherent in enterprise applications today in terms of theirmulti-tiered nature [7], large number of application components, and interdependencies make it amajor challenge. Thus, a technique for locating components to be migrated without actually movingthem is needed. (ii) When an enterprise outsources its applications including sensitive data to anuntrusted cloud for sharing on the cloud servers, because the cloud is usually operated by com-mercial providers which are very likely to be outside of the trusted domain of the enterprises,how to allow the owner to specify fine-grained access control policies for the sensitive data iscrucial [12, 13].

These concerns described earlier necessitate a secure and cost-effective migration of enterpriseapplications to the cloud, aiming at bringing the migration benefits and minimize commutationcosts (i.e., bandwidth consumption), enhance the quality of service of the provided service andmeet the service-level agreements of users. In particular, solutions design for migrating an appli-cation to the cloud requires an awareness of the target cloud platform, understanding of the datamigration and application migration needs, and the security needs to keep sensitive data confi-dential against untrusted servers during deployment. To satisfy these needs, hybrid architectureswhere enterprise applications are partly hosted on-premise and partly in the cloud are studied inindustry or some related works. Enterprise applications are typically composed of multiple com-ponents, and hybrid architectures offer enterprises flexibility in decision making that can enablethem to locate sensitive databases local while migrating relatively less sensitive components tothe cloud.

In this paper, we provide a partial migration solution to help organizations in building an enter-prise application migration strategy to reap the benefits from cloud adoption while reducing themigration costs under hybrid architecture. On the one hand, to overcome the challenges describedearlier, our approach can be used in the decision-making process based on a set of measurable factorsin the cost models of cloud migration. In the presented approach, a cost measuring function is usedto choose the optimal migration scenarios. On the other hand, to measure the benefits of migration,we introduce service migration utility functions for different types of services by mapping the bene-fits of migration to utility values from the bandwidth allocation and usage perspective. Maximizingthe gap between benefits and migration costs is the objective of migration. The approach also con-sidered the access control policies, which are used to protect privacy of the outsourced data. Theanalytical findings of this work are also supported by simulation results, which focus on illustratingthe correctness and effectiveness of the proposed solution. It is shown that in realistic topologies, themigration costs under the proposed Migration Policy can be prohibitively large because of exten-sive wide-area Internet communication between local and remote cloud components. However,the mean delay of transactions after migration is not significantly higher than the delays priorto migration.

In summary, the main goals of this paper include the following:

(1) Choosing the option that minimizes the costs migrating enterprise applications to cloudthrough wide area network, especially the communication costs between migrated parts andother on-premise parts must be minimized.

(2) Minimizing the coupling between cloud-based and on-premise components, namely, reduc-ing the amount of transferred data between the cloud’s components and the on-premisecomponents, where coupling is a measure of the degree of interaction between applicationcomponents.

(3) Keeping the business sensitive data or private data on-premise to protect privacy.(4) Employing the elasticity of the cloud by adopting ‘pay-as-you-go’ concept to reduce the

resources waste of server utilization and network bandwidth.

The rest of the paper is organized as follows. Section 2 represents related work and in Section 3the migration algorithm is described in detail. Section 4 and Section 5 discuss the secure consider-ation and implementation algorithm respectively. In Section 6, we analyze our proposed scheme interms of its performance and security. We conclude this paper in Section 7.

Copyright © 2013 John Wiley & Sons, Ltd. Int. J. Commun. Syst. (2013)DOI: 10.1002/dac

SECURE COST-EFFECTIVE CLOUD MIGRATION OF ENTERPRISE APPLICATIONS

2. BACKGROUND AND RELATED WORK

2.1. Background

Three types of migration policies are considered in existing research: (1) Full migration with localreplicas. The entire applications including the sensitive data are migrated into the cloud to betterhandle peak workloads. By replicating servers both locally and remotely, users internal and externalto enterprise can be servered from different locations. Then, Service replication, high service avail-ability and load balancing can be obtained by this way while the sensitive data are not within thesame trusted domain as data owners. (2) Partial migration. Sensitive databases and its related com-ponents are located local to achieve data privacy, while relatively less sensitive components aremigrated to the cloud. Several key factors must be taken into account: (a) planning which compo-nents must be migrated; (b) ensuring correctness of security policies on migration, in other words,the access policies between components after migration are consistent with the original one beforemigration. (c) ensuring the cost savings from migration are as high as possible. The disadvantagesof partial migration include high response time for internal users and extensive wide-area com-munication costs between local and remote components. (3) Partial migration with local replicas.To reduce the extensive wide-area communication costs, partial migration with local replicas isneeded, where internal users can be served by local service replication. Figure 1 depicts exam-ples of partial migration with or without local replicas, in which applications are decomposed intothree functional tiers: a front-end tier such as web servers that handle user requests; a business-logic tier performing specialized application logic; a back-end tier that comprises of variousdatabases servers.

2.2. Related work

The enterprise application outsourcing problem has been discussed both in industry and academia.Some existing solutions [7,14–19] have indicated how important an appropriate architecture reflects

Figure 1. An example of partial migration.


D. HUANG ET AL.

on the ability to move it from local to cloud. There has been significant interest in industry in hybridcloud architectures where enterprise operations are partly hosted on-premise and partly in the cloud.By only migrating less sensitive components of applications to the cloud, sensitive data preserving isachieved in hybrid architectures. [14] emphasize that appropriate cloud application architectures arepart of the solution to cloud interoperability, and existing applications may need to be re-architectedto facilitate migration. The key is trying to architect applications that reduce or eliminate the numberof difficult-to-resolve dependencies between the application stack and the capabilities provided bythe cloud service provider.

The closest work to the one presented here are Cloudward [7], which proposes an approach ofrealizing hybrid cloud architecture to migrate enterprise applications to the cloud. The migrationstrategy introduced in this paper tries to address the key challenges such as ensuring that applicationresponse time meet designed targets and the cost savings from migration are as high as possible.Security policies to ensure correctness of access control lists after migration is also considered.However, planning which servers to migrate requires global knowledge and a continuous recalcu-lation of the transaction delays in case of network changes. Such approaches are not suitable forlarge-scale and dynamic network environments.

Many other hybrid migration approaches have been proposed in recent years, such as [14–19].Among them, [14–16] provide cost models for hybrid migration to choose the optimal migrationscenarios in the decision-making process by locating components to be migrated without actuallymoving them. The first cost model measures coupling among different components of the migratedsystem and proposes cost measuring function. The second model is based on a comprehensiveliterature research on cost factors and the idea of combining cost of data centers and cost for usingclouds. The third model investigates the migration costs of several deployment options using popularbenchmarks, which affect the costs of deployment choice. Kashef and Altmann [17] present a frame-work called CloudGenius, which can automate the decision-making process of migration. CMotion[18], another Cloud motion framework leverages existing application models and provided sup-port to migrate composite applications into and between clouds. Tak et al. [19] is focusing on howto smoothly migrate and tune a web service-based enterprise application to the cloud through aconnection-oriented framework.

Some matured cloud platform vendors have developed methodologies for migrating existingapplications to the cloud, such as Amazon EC2, Google App Engine. Organization who plans tomigrate applications to the AWS cloud needs a stepwise approach to cloud migration with well-defined phases aimed to help in identifying applications that are ideal for cloud migration, planningfor data and application migration, and application deployment on the cloud platform [20]. Platformas a Service (PaaS) providers such as Google App Engine provide tools for developing applicationsand an environment for running these applications. To deliver an application with a PaaS platform,users need to develop and deploy it on the platform; this is the way Google App Engine works.Users can only deploy App Engine applications on Google services, but cloud application platformssuch as the Appistry CloudIO Platform allow for in-house private cloud deployment as well asdeployment on public cloud infrastructures such as Amazon EC2.

Some other approaches have also been proposed to combat against unauthorized informationleakage during migration. Protecting sensitive information by enabling computations with encrypteddata and protecting customers from malicious behaviors by enabling the validation of the computa-tion results are two essential aspects for migrating enterprise applications. Ordinary techniques forsecure outsourcing usually apply cryptograph methods by disclosing data decryption keys only toauthorized users [21]. However, these techniques inevitably introduce a heavy computation overheadand latency on the enterprise for key distribution and data management. To address these prob-lems, [22] exploits an attributed-based encryption combined with proxy and lazy re-encryptionsto achieve secure, scalable, and fin-gained data access control in cloud computing; Wang et al.[11] focus on secure outsourcing of widely applicable linear programming (LP) computations. Bydecomposing LP computation outsourcing into public LP solvers running on the cloud and privateLP parameters owned by the customer, practice efficiency is achieved while protecting sensitiveinput/output information. This method is not applicable to nonlinear programming computationoutsourcing in cloud.



3. PROBLEM STATEMENT

In this section, we present a model that enables enterprise to systematically plan which componentsof their applications must be migrated to the cloud on condition that the optimal objective valueof migration is achieved. We consider an outsourcing architecture involving three different entities,as illustrated in Figure 1: the cloud data center, which has computation, storage, and bandwidthresources and provides service in a pay-per-use manner; the enterprise network, which is mainlycomposed by local data center; and the users, which include internal and external users.

We present a partial migration formulation in Section 3.1 and provide modeling details in thefollowing subsections.

3.1. Abstraction and problem formulation

Typically, general enterprise application includes three functional tiers as follows: a front-end tier, abusiness-logic tier, and back-end tier. In practice, web front-ends and business-logic tier easily allowfor solutions where a subnet of servers may be migrated to cloud, whereas back-end databases onthe other hand involves sensitive data, and an associated set of servers which should be maintainedlocal. Then, partial Migration Policy is considered here. Two migration policies definitions are givenas follows:

The definition of Migration Policy P1: the components hosted sensitive data, and its associatedparts are located at local data center, whereas the rest of the enterprise application are moved tocloud data center. No local replicas exist in local data center.

The definition of Migration Policy P2: partial migration is advised to reduce transaction delay ofboth internal and external users. The definition of partial migration here is for an enterprise applica-tion located at some nodes in local data center at time t , the components except of the sensitive datarelated parts backup to cloud data center at time t C 1.

The first proposed policy (referred to Migration Policy P1) is investigated to model partial migra-tion in which enterprise applications are partly hosted on-premise and migrated into the cloud. Toreduce the wide-area Internet communication costs between local sensitive databases and migratedcomponents, the second Migration Policy (referred to Migration Policy P2) is proposed that isanalytically shown to be capable of moving the local enterprise applications while keeping localreplicas, then internal and external users can be served from different locations, and the peak work-load of the application can be smoothed with the rapidly scale up and down feature of cloud. Themigration costs under Migration Policies P1 and P2, namely, the summary of migration costs andaccess costs difference before and after migration, are studied in detail.

We assume that an enterprise application is offering a service to clients that can benefit from themigration of the application from local to remote cloud. The goal of the migration is to maximizethe service utility while minimizing the migration costs, by introducing network maximization andtriggering migrations cost savings.

Formally, we consider an enterprise network eG D �eV ,eE�. Each enterprise application hostingnode v 2 eV has certain properties and features associated with it (e.g., in terms of CPU poweror memory or storage or access bandwidth). Assume that an enterprise running Q applications,si , 16 i 6Q, andN components (across all applications), cj , 16 j 6N in local data center. Eachapplication involves a subset of components. For instance, s1 D ¹c1, c2, c4º indicates that applications1 has components c1, c2, and c4. Our main objective is to shed light onto the trade-off between ser-vice migration benefits Us.t/ (service utility in cloud) and the service migration costs Costmigs .t/

at time t ; moving the enterprise applications to a cloud may increase the service processing timefor sensitive data preserving, because traffic between the data center and the cloud is now sent overthe Internet. Therefore, our total objective is to ensure the that access costs after migration are notsignificantly higher than the costs prior to migration while obtaining the maximized service utilityafter migration. In summary,

max Us.t/�Costmigs .t/

subject to migration policy Pother QoS constraints

(1)


D. HUANG ET AL.

where the migration costs of an enterprise application, denoted by Costmigs .t/, include (i) theincreased access costs after migration; (ii) migration transaction costs which depend on to a largeextent on the available bandwidth Bandwidth.p/ on the migration path p W src ! dst betweenmigration source node src and destination node dst , and the size sié.smig/ of the migrated part ofapplication s. Another major cost factor is the transit costs, namely, the number k.p/ of intermediatenodes on path p. In other words,

Costmigs .t/DXs2S

.Access cost increase/

CXs2S

f�Bandwidth.p/, k.p/, sié

�smig

�� (2)

Let q .s, c/ D nsNs

if c 2 cloud data center and q .s, c/ D Ns�nsNs

if c 2 local datacenter, whereNs and ns are the total number of components and the number of migrated components of appli-cation s, respectively. Then, the right second part of the previous formulation can be rewritten asPs2S

f .Bandwidth.p/, k.p/, sié.s/ � q.s, c//, because executing the migration process involves

one-time costs, such as the effort in acquiring model parameters and re-engineering applications forcloud deployment. Comparing one-time costs with dynamic access cost savings due to the networktopology is subject to frequent changes, planning which server to be migrated is an optimizationproblem that mainly is determined by the access costs increase. As a result, we focus on the firstpart of the overall migration costs in this paper.

3.2. Modeling access costs

Let the mean rate at which data packets associated with a particular server node v are transferredthrough the enterprise network be represented by �v , namely, service demands. The set of compo-nent nodes on which a component corresponding to a certain service is hosted at time t is definedas K.t/, where t will take discrete values corresponding to component movements.

Next, we define SPT .t/ as the set of all possible shortest path trees in a network at time t .The subset of SPT .t/ containing the SPTs rooted at node x is defined as SPTx.t/, such thatSPTx.t/ � SPT .t/. Let SPT tx be the SPT in SPTx.t/ over which data corresponding to thenodes’ service demands are forwarded toward the component node x. Then, v 2 SPT tx will indicatethat node v is served by component node x. Figure 2 depicts an example, where a tree (depictedwith dense lines) rooted at the component node 0 before migration (note that the root node becomes10 after migration) is created and including all network nodes, namely, SPT t0 . In general, a SPTassociated with a given component node is not unique. When the number of components is greaterthan one, then a forest of the SPT is created, which each tree rooted at the corresponding componentnode, namely, SPT .t/.

Let Cx.t/ denote the cost incurred by component node x for serving node v at time t , for allv 2 SPT tx . Clearly,

Cx.t/DX

8v2SPT tx

�vd .v, x/ (3)

where d.v, x/ is defined as the traveling cost between nodes v and x, such as latency, delay, ornumber of hops. The overall cost over all components in the network at time t , denoted as C.t/, isgiven by

C.t/DX8x2K.t/

Cx.t/

DX8x2K.t/

X8v2SPT tx

�vd .v, x/.(4)

The resulting minimal cost C.t/ can be determined by solving the previously optimizationproblem given by Equation (1). This is difficult in the large-scale and dynamic network environment,



Figure 2. Shortest path trees and subtrees for an example partial migration.

where the network topology is subject to frequent changes requiring the recalculation of the optimalsolution. To solve such problem, we next exploit a local information-based enterprise applicationmigration.

Assume that a complex service consists of a number of components. For each component, whichis located at node x at time t , there exist a number of neighbor nodes Sx over which data asso-ciated with services demands of all nodes v 2 SPT txn¹xº are forwarded to it. That is, nodes ofa certain subtree of SPT tx forward data associated with their own service demands through somenode y, y 2 Sx . We define �y

�SPT tx

�as the particular subtree, which is also a tree of root node

y. Further, A��y

�SPT tx

��is defined as the aggregate service demands that are forwarded to the

component node y through link .x,y/ over subtree �y�SPT tx

�. Hence, A

��y

�SPT tx

��is equal to

the summation of the service demands of the individual nodes of the corresponding subtree or

A��y

�SPT tx

��D

X8v2�y.SPT tx/

�v (5)

For instance, in the example depicted in Figure 2, data associated with the service demands towardthe component 10 are forwarded over link (10,0) for nodes 0, 1, and 2 over link (10,3) for nodes 3,4, 5, and 6, and over link (10,7) for nodes 7, 8, and 9. So, there are three subtrees denoted by�0�SPT t10

�, �3

�SPT t10

�and �7

�SPT t10

�, as shown in Figure 2.

3.3. Application migration for a single component node

In practice, when a component node located at node x in local data center moves to node y inremote cloud data center, the SPT of root y is usually different from that of root node x (i.e.,SPT tC1y ¤ SPT tx ), it is easy to see that there exist nodes whose distance from the component noderemains the same, or increases, or decreases.

Lemma 1For a single component node in an enterprise network, component node movement x

t�! y is taken

if C .t C 1/ < C.t/.


D. HUANG ET AL.

Lemma 2For a single component node in an enterprise network and component node movement x

t�! y,

C .t C 1/ < C.t/ is satisfied if

�A��y

�SPT tx

��A

��x

�SPT tC1y

��d .x,y/

>X

8v2‰xt�!y

�v .d .v,y/� d .v, x// (6)

where ‰xt�!y

D ¹v W v 2 SPT txn�y�SPT tx

�and d.v,y/ < d.v, x/º is the set of nodes of

SPT txn�y�SPT tx

�utilizing the shortest path toward the new component node y that is shorter than

that toward node x plus the distance d.x, y/ between node x and y.

ProofTo proof Lemma 2, we define a hypothetical cost assuming that (i) the component moves to nodey at time t C 1; (ii) the corresponding SPT over which data are forwarded toward the component

node y (which should have been SPT tC1y , if the component movement xt�! y had actually taken

place) remains the current one SPT tx . Let C SPTtx

y .t C 1/ denote a hypothetical cost, then,

CSPT txy .t C 1/D

X8v2SPT tx

�vdSPT tx .v,y/ (7)

In general, the SPTs are different for different roots, SPT tC1y ¤ SPT tx , except for the special caseof topologies with unique SPTs.

With respect to the hypothetical cost definition, assume that some node y in remote cloud datacen-ter, the distance from node v 2‰

xt�!y

over any shortest path of SPT tC1y minus the distance d.x,y/

between nodes x and y is smaller than the distance toward node x. Therefore, d .v,y/� d .v, x/ <

d .x,y/. On the basis of Equation (1), Cy .t C 1/ 6 C SPTtx

y .t C 1/. For any node v 2 �y�SPT tx

�,

dSPTtx .v,y/ D d .v, x/ � d .x,y/, whereas for any node v 2 SPT txn�

y�SPT tx

�. From the

aforementioned and in view of Equations (6) and (7),

CSPT txy .t C 1/�Cx.t/

D�X8v2�y.SPT tx/

�vd .x,y/CX8v2SPT txn�

y.SPT tx/�vd .x,y/

D�A�SPT txn�

y�SPT tx

��A

��y

�SPT tx

��d .x,y/

(8)

Given that SPT txn�y�SPT tx

�D �x

�SPT tC1y

�[‰

xt�!y

,

CSPT txy .t C 1/�Cx.t/

D��A��y

�SPT tx

��A

�SPT txn�

y�SPT tx

��d .x,y/

DX8v2‰

xt�!y

�vd.x, y/��A��y

�SPT tx

��A

��x

�SPT tC1y

��d.x, y/

(9)



On the basis of the fact that d .x,y/ > 0, if A�SPT txn�

y�SPT tx

��< A

��y

�SPT tx

��,

then C SPTtx

y .t C 1/ � Cx.t/ < 0, in other words,P8v2‰

xt�!y

�vd.x, y/ ��A��y

�SPT tx

��

A��x

�SPT tC1y

��d.x, y/ < 0.

BecauseP8v2‰

xt�!y

�vd .x,y/ >P8v2‰

xt�!y

�v.d.v, y/� d.v, x//,

�A��y

�SPT tx

��A

��x

�SPT tC1y

��d .x,y/

>X8v2‰

xt�!y

�v .d .v,y/� d .v, x//(10)

As a result, when Equation (9) is satisfied, it is ensured that Cy .t C 1/ < Cx.t/; in view ofEquation (4), it is derived that C .t C 1/ < C.t/.

When planning which servers to be migrated, we use the strategy described earlier(Lemmas 1 and 2), requiring knowledge of A

��y

�SPT tx

��, A

��x

�SPT tC1y

��, d .x,y/, andP

8v2‰xt�!y

�v .d .v,y/� d .v, x//.A��y

�SPT tx

��and d .x,y/ are available at time t at compo-

nent node x.A��x

�SPT tC1y

��could be obtained after migration at component node y at time tC1.

TheP8v2‰

xt�!y

�v.d.v, y/ � d.v, x// is nonlocal information; however, because the cloud data

center is located at fixed location, in other words, the enterprise application reaches the cloud andlocks in there as long as possible,

P8v2‰

xt�!y

�v.d.v, y/� d.v, x// can be calculated using a set

of training datasets. On the basis of such local information, enterprise applications are migratedin order to exploit information locally available, which ensures the cost-effective migration oflarge-scale enterprise applications.

Under partial migration policy P1, remarkably, for internal users, A�SPT txn�

y�SPT tx

��>

A��y

�SPT tx

��, then C SPT

tx

y .t C 1/ > Cx.t/. Because C SPTtx

y .t C 1/ < Cy .t C 1/, Cy .t C 1/ >Cx.t/. In other words, for users from internal to enterprise network, their access costs increase aftermigration. As a result, partial migration policy P2 is taken to reduce migration costs where internalusers can be served by application local replicas. �

3.4. Application migration for multiple component nodes

If the enterprise application is composed by more than one component, then part of these com-ponents located at local data center at time t moves under Migration Policy P1 to some nodesin cloud data center at time t C 1. Assume for any application s, let Kv.t/ denote the com-ponent node corresponding to some network node v at time t . Let Z be a set of nodes suchthat Z D ¹´ W 8´ 2 V and Kv .t C 1/¤Kv.t/º. Let NZ be a set of nodes such that NZ D

¹N W 8 N 2 V and Kv .t C 1/DKv.t/º. For the case of partial migration xt�!

partial migrationy,

Z ¤ ;, NZ ¤ ;. Cost difference or cost savings are contributed by those nodes v 2 V , that is, costcontributed using the cloud data center minus the cost contributed using the local data center, or�D

P8v2Z �vd .v,Kv .t C 1//�

P8v2Z �vd .v,Kv.t//.

Lemma 3The (optimal) set of migrated components for which access cost savings minimization is achieved(denoted by Z�) can be obtained by minimizing the cost difference, in other words,

Z� D arg min � (11)

Assuming fixed network topology and service demands, it is evident that Z� does not depend ontime t .

For partial migration policy P1, the communication costs between components hosted on-premiseand components migrated to cloud must be taken into account because traffic among components isnow sent over Internet. We call this Internet Communication Costs. Typically, if two components of


D. HUANG ET AL.

an application are tightly coupled and at the same time they are located apart, then it is expected thatthe amount of data transfer between them is large, which results in high bandwidth utilization andcommunication costs. On the other hand, if the tightly coupled components are located in the cloud,then the large amounts of data transfer between them benefit from the characteristics of the cloudsuch as resource pooling and rapid elasticity because physical and virtual resources are dynami-cally assigned and reassigned according to users’ demands, and computing resources can be rapidlyand elastically provisioned to quickly scale out and released to quickly scale in. According to theseconsiderations, the communication costs of cloud migration of enterprise application consist of thefollowing attributes:

� The component ci , i D 1, 2, ...,N , whereN is the total number of components in the enterpriseapplication.� The component cj , j D 1, 2, ...,N , i ¤ j which ci depends on. It is denoted byDepends_On.� The component ck , k D 1, 2, ...,N , k ¤ i which depends on ci , denoted byDepends_On_By.� The number or weight of dependency relationships from ci to cj , denoted byDepends_On_Weight .� The number or weight of dependency relationships from ck to ci , denoted byDepends_On_By_Weight .

Corresponding to these attributes, there are three types of communications between componentsafter migration, including communications between cloud-located components, between on-premisecomponents, and between components located apart. Thus, the Internet communication costs can beexpressed as follows:

�Internet D a �ODC b � IDC c �UF CXs2S

f .Bandwidth .p/, k .p/,Ns � q .s, c// (12)

where parameters a, b, and c represent the probabilities of three types of communications, UFindicates the utility function of a cloud which will be give in the following section.

Lemma 4The (optimal) set of migrated components for which both Internet Communication Costs and accesscost savings minimization are achieved (denoted by Z0) can be obtained by minimizing the totalcosts—the Internet Communication Costs plus access cost savings, in other words,

Z0 D arg min .�InternetC�/ (13)

3.5. Modeling benefits of migration

Enterprise applications may have multiple functional components, which provide different types ofservices including interactive elastic service such as web service, traditional elastic service such asEmail, hard real-time service such as VoIP, and soft real-time service such as video. To depict thebenefits (for instance, service on-demand in a pay-per-use model purchasing resources as needed,when needed) from migrating these applications, we give the service migration utility functionsas follows:

(1) Non-elastic service utility function [23–25]. Some applications such as VoIP (Voice overInternet Protocol) application are extremely sensitive to packet delay and loss caused bybandwidth insufficiency, so their utility function falls into category of hard real-time class,with a minimal requirement of Bmin. When the allocated bandwidth is less than Bmin, ser-vice utility will drop to zero. We denote the maximal utility of each hard real-time service asUs . Let rs.t/ be the request rate of service s at time t , then the utility function of the hardreal-time service can be determined by (depicted by Figure 3(a))

Us .rs.t//D Us �sgn .rs.t/�Bmin/C 1

2(14)



0Bandwidth

Util

ity

0Bandwidth

Util

ity

0Bandwidth

Util

ity

0Bandwidth

Util

ity

Bmin

Bmin

Bmin

(c) Traditional elastic service (d) Interactive elastic service

(b) Soft real−time service(a) Hard real−time service

Figure 3. Utility functions of various services.

For soft real-time application such as Internet Protocol Television (IPTV), the differencefrom hard real-time application is when bandwidth provision increases beyond Bmin, its util-ity does not increase linearly. Instead, a typical S-type curve is obtained. Correspondingly,soft real-time service utility function is quantified by (depicted by Figure 3(b))

Us .rs.t//D Us �

�1

1C e�a1�.rs.t/�a2/C a3

�(15)

where a1, a2, a3 are the parameters of soft real-time service s.(2) Elastic service utility function [23–25].

Us .rs.t//D cs .ln .asrs.t/C bs/C ds/ (16)

where as , bs , cs , ds are the parameters of service s, the parameter values with the service vary.In the example depicted in Figure 3(c), for traditional elastic service, the particular servicefunction can be denoted as

Us .rs.t//D Us .ln .rs.t//C 1/ (17)

Whereas for interactive service (depicted by Figure 3(d)), its service function is

Us .rs.t//D Us ln .rs.t/=Bmin/sgn .rs.t/�Bmin/C 1

2(18)

where Us is the maximum service migration utility, namely, the resource allocation efficiencybecause of migration. Let Bmin indicate the bandwidth allocation threshold requested byinteractive elastic service such as Web service in which service will force to disconnect if theactual bandwidth is less than the bandwidth allocation threshold. sgn.�/ is a sign function.

Typically, elastic service and non-elastic services exist simultaneously in the cloud data center inpractical. This makes the service migration operation become more complex. Consider the accesslink to cloud with bandwidth Bacc , denote the proportion of four types of elastic service users asp1, p2, p3, and p4, corresponding to hard real-time service, soft real-time service, traditional elasticservice, and interactive elastic service, respectively. Where p1Cp2Cp3Cp4 D 1 is satisfied. LetL be the total number of internal and external users. We assume that the users requesting the same


D. HUANG ET AL.

type of service will be provided with equal utility. Hence, the total utility gain of service migrationon the access link can be formalized by

Us.t/D L

4XiD1

piUi .ri .t// (19)

where ri .t/ is the total rate of the i th type of service on the access link. As a result, the bandwidthallocation issue of migrated services in cloud therefore can be equalized to nonlinear programmingproblem with equality and inequality constraints.

Maximize Us.t/D L

4XiD1

piUi .ri .t//

subject toX8y2S.t/

X8v2SPT ty

�vy.t/D ri .t/

L

4XiD1

piri .t/6 Bacc

(20)

where �vy.t/ is the rate at which data packets associated with a particular node v are transferredthrough the enterprise network to component node y at time t .

Lemma 5For an enterprise application composed by multiple components, partial migration policy P1 or P2is taken if Equation (1) is satisfied.

4. SECURE CONSIDERATION

Despite that a partial migration can protect sensitive data by simply keeping them on-premise,another important challenge that must be addressed is security policies reconfiguration. We discussour approach to tackling this challenge in this section.

According to [7], to ensure that a packet between two nodes is permitted (denied) after migrationjust like it is permitted (denied) prior to migration, correctness of security policy migration is thekey requirement.

In our method, we borrow the ideas from [7] and define a concept called accessibility matrix,which captures the accessibility set between application components, where each cell of this matrixconsists of two values: permit or deny. The new address assignment after migration results inthe relationship between components changing from old accessibility matrix to new accessibilitymatrix. During migration process, we first obtain the mapping between local and remote nodesused to host the same components before and after migration. Then, the old accessibility matrix iscorrected according to the mapping. In the case of application with the network intrusion detectionsystem, distributed intrusion prevention system, such as the scheme proposed in [26], can be used todetect well-known intrusion behavior in the migration process and the components communicationacross the Internet.

5. IMPLEMENTATION

According to the basic ideas behind the approach presented earlier, the implementation of theproposed migration approach consists of the following steps (Figure 4 also gives the main steps):

Step 1. Statically scan the deployments of the application to determine the application’s initialset of components (denoted as C ), the number of virtual machines hosting these components, andthe dependencies among components. In this step, according to the enterprise application’s deploy-ment, all of the relationships among components are abstracted to a dependency graph G, wherethe set of components makes up the vertexes of G, and the set of edges consists of the dependencyrelationships among components.



Figure 4. The pseudo code of the main algorithm.

Step 2. Run Shell scripts to generate the dependency matrix (denoted byDM ). In this step, we runShell scripts to create the DM , which consists of the attributes, three types of components, and twotypes of weights as described earlier. To deduce the Internet communication costs, we classify thetransfer data between components located apart into the following two types: the outsourcing dataand the incoming data. Then, the Internet communication costs can be calculated using Algorithm 2(see Figure 5).

Step 3. Compute the communication distance between local data center and remote cloud datacenter (set asD). In this step, the communication distance between components located apart can bedenoted by d.x,y/, where x and y are the hosting nodes of component before and after migration.Typically, this distance is measured by the transmission delay or number of hops of data transfer.Because of the dynamic, complex characteristics of Internet, d.x,y/ is changing over time.

Step 4. List all possible migration alternatives. In this step, we generate all possible combinationsof the application’s components. The combination function .k, c1, c2, : : : , cN / is used to producepossible combinations; in total, there are NŠ

kŠ.N�k/Šsets where each sets consists of k components

corresponding to one of the k combinations of the ci ’s. For example, if k D 1, then combination.k, c1, c2, : : : , cN / returns the set ¹¹c1º¹c2º, : : : , ¹cN ºº. In a similar manner, if k D 2, then combi-nation .k, c1, c2, : : : , cN / returns the set ¹¹c1, c2º¹c2, c3º, : : : , ¹cN�1, cN ºº, and so on. As a result,

the total number of possible migration combinations is equal toPNkD1

NŠkŠ.N�k/Š

.Step 5. For each migration scenario, we generate the SPT rooted with the component hosting node

and calculate the corresponding cost function. In this step, a dynamic algorithm for maintaining


D. HUANG ET AL.

Figure 5. The pseudo code of the Internet communication costs algorithm.

SPTs is introduced into our approach. The details of the algorithm are given in [27]. The maingoal of this algorithm focuses on extending the well-known static Dijkstra algorithm and other sim-ple dynamic algorithms to a semidynamic SPT algorithm called DynDijkstra. DynDijkstra is themost appropriate algorithm to be used under cloud migration circumstance because it can han-dle multiple edge weight updates, and the set of locally affected vertices in algorithm remainsunchanged regardless of the weight changes. Besides, the number of iterations is the number oflocally affected vertices. Therefore, the CPU time and the units of operations remain flat. The detailsof Calculate_cost_indicator algorithm are shown in Figure 6.

Step 6. Choose the optimal set of migration components M . In this step, after comparing all ofthe migration alternatives, the optimal migration components set is obtained.

6. SIMULATIONS

This section presents results evaluating the importance and effectiveness of our model. In the sim-ulations, we mainly consider the average service response time, which indicates the impact onapplication performance using our method.



Figure 6. The pseudo code of the shortest path tree algorithm.

A hybrid cloud platform was employed to setup the simulation environment, which includes 294physical machines with 678 virtual machines running on them at its peak. We choose two data cen-ters geographically located apart as the local enterprise data center and remote cloud data center,respectively. The local one consists of 35 physical machines with 67 virtual machines, and theremote one has 67 physical machines hosting 129 virtual machines. In both cases, the same setupwas employed, including the network topology and link characteristics, the distribution of servicerequests, and the imposed workload. In our simulations, three types of applications are considered,NetSpeedGather, UrlSpeedGather and weibo, where NetSpeedGather and UrlSpeedGather are twoinformation connection applications, whereas weibo is a social network application that is widelyused; for example, Sina weibo, the most popular of the microblogging sites, currently has more thanfive million users. With our approach, application components which are running on one or sev-eral virtual machines can be partially migrated from local data center to remote data center throughWAN. Then, the packets may be delayed, dropped, and/or forced through a bottleneck link beforebeing passed on to the next node. By gathering the information of the migration delay, loss, and/orbottleneck link speed for a source—destination pair in simulation, the Internet communication costs(transaction delay or bandwidth consumption) are emulated with high accuracy.

To demonstrate the efficiency of our approach, we ran simulations to validate the cumulativedistribution function of response times before and after migration (see Figure 7), the waiting timeafter migration (see Figure 8), respectively. From Figure 7, we found that the increased user responsetime is not significantly higher than the response time prior to migration. In this simulation, theobservation lasts approximately a week, and in total, 956,629 tasks run on our hybrid platform


D. HUANG ET AL.

Figure 7. Cumulative distribution function (CDF) of user response time (in milliseconds) before andafter migration.

Figure 8. Cumulative distribution function (CDF) of waiting time (in milliseconds) after migration.

which consists of component nodes located on local data center and nodes on cloud data center. Thethree types of applications are deployed apart on both sides. Taking the weibo, for example, the userinformation database is located on the local data center, whereas the Web service is running on thecloud. When a user wants to access the weibo Web page, the two parts work together to complete theprocess of identity authentication. To further obtain the waiting time after migration, we evaluatedthe cumulative distribution function of the waiting time. From Figure 8, we can conclude that thewaiting time after migration is controllable, because the delay of 20.72% of the tasks is less than4 ms, whereas 80.25% of the tasks is less than 0.5 s. It means that our method is practical in largescale and dynamic networking environments.

7. CONCLUSIONS

Hybrid cloud-based partial migration was explored in this paper as a way of addressing the enter-prise application migration problem in large scale and dynamic networking environments. We haveframed the problem as one of deciding how many servers to migrate to the cloud and focusedon achieving optimal set of migrated components of enterprise application while minimizing themigration costs and maximizing the migration utility. Unlike classical approaches that require theknowledge of global enterprise and cloud network topology, detailed service demands to determinewhich servers to be migrated, the proposed approach requires only local topology information andaggregate service demands that become readily available to the application hosting node. Further-more, based on the basic migration policy P1, migration policy P2 was explored to help handlepeaks in workload. In particular, the local data-center could be provisioned with enough servercapacity to handle typical workloads for internal users, while cloud resources could be invokedas needed to serve the external users and deal with workload peaks. Using simulations, we showthat our proposed model ensures that the increased communication costs after migration are notsignificantly higher than the costs prior to migration.



REFERENCES

1. Lai YX, Lai CF, Hu CC, Chao HC, Huang YM. A personalized mobile IPTV system with seamless video recon-struction algorithm in cloud networks. International Journal of Communication Systems 2011; 24(10):1375–1387.

2. Amazon Web Services (AWS). Online at http://aws.amazon.com.3. Google App Engine. Online at http://code.google.com/appengine/.4. Microsoft Azure. (Available from: http://www.microsoft.com/azure/).5. Rimal BP, Choi EA. A service-oriented taxonomical spectrum, cloudy challenges and opportunities of cloud

computing. International Journal of Communication Systems 2012; 25(6):796–819.6. The Case Against Cloud Computing. (Available from: http://www.cio.com/article/477473/).7. Hajjat M, Sun X, Sung Y, Maltz D, Rao S, Sripanidkulchai K, Tawarmalani M. Cloudward bound: planning for

beneficial migration of enterprise applications to the cloud. In Proceedings of SIGCOMM, New Delhi, India, 2010;243–254.

8. Breitgand D, Kutiel G, Raz D. Cost-aware live migration of services in the cloud. In Proceedings of the 3rd AnnualHaifa Experimental Systems Conference, SYSTOR ’10, New York, NY, USA, 2010.

9. Li H, Zhong L, Liu J, Li B, Xu K. Cost-effective partial migration of VoD services to content clouds. IEEEInternational Conference on Cloud Computing, Washington, DC, USA, 2011; 203–210.

10. Wood T, Ramakrishnan KK, Shenoy PJ, Merwe JEVD. CloudNet: dynamic pooling of cloud resources by liveWAN migration of virtual machines. In Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conferenceon Virtual Execution Environments, (VEE ’11), CA, USA, 2011; 121–132.

11. Wang C, Ren K, Wang J. Secure and practical outsourcing of linear programming in cloud computing. In IEEEINFOCOM, Shanghai, China, 2011; 820–828.

12. Yu S, Wang C, Ren K, Lou W. Achieving secure, scalable, and fine-grained data access control in cloud computing.In IEEE INFOCOM, San Diego, CA, USA, 2010; 534–542.

13. Subashini S, Kavitha V. A survey on security issues in service delivery models of cloud computing. Journal ofNetwork and Computer Applications 2011; 34(1):1–11.

14. Kashef MM, Altmann J. A cost model for hybrid clouds. In Economics of Grids, Clouds, Systems, and Services.Springer Berlin Heidelberg: Paphos, Cyprus, 2012; 46–60.

15. Shawky DM. A cost-effective approach for hybrid migration to the cloud. International Journal of Computer andInformation Technology 2013; 2(1):57–63.

16. Tak BC, Urgaonkar B, Sivasubramaniam A. To move or not to move: the economics of cloud computing. InProceedings of the 3rd USENIX Conference on Hot Topics in Cloud Computing, Porland, OR, 2011; 5–5.

17. Menzel M, Ranjan R. CloudGenius: decision support for web server cloud migration. In Proceedings of the 21stInternational Conference on World Wide Web. ACM: Lyon, France, 2012; 979–988.

18. Binz T, Leymann F, Schumm D. CMotion: a framework for migration of applications into and between clouds. IEEEInternational Conference on Service-Oriented Computing and Applications, Irvine, CA, USA, 2011; 1–4.

19. Venugopal S, Desikan S, Ganesan K. Effective migration of enterprise applications in multicore cloud. In Pro-ceedings of the 4th IEEE International Conference on Utility and Cloud Computing (UCC), Victoria, NSW, 2011;463–468.

20. Migrating your existing applications to the AWS cloud. (Available from: http://media.amazonwebservices.com/CloudMigration-main.pdf).

21. di Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P. Over-encryption: management of access controlevolution on outsourced data. In Proceedings of International Conference on Very Large Data Bases (VLDB’07),Vienna, Austria, 2007; 123–134.

22. Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data.ACM Conference on Computer and Communications Security (CCS’06), 2006; 89–98.

23. Hande P, Zhang S, Chiang M. Distributed rate allocation for inelastic flows. IEEE/ACM Transactions on Networking2007; 15(6):1240–1253.

24. Lee JW, Mazumdar RR, Shroff NB. Non-convex optimization and rate control for multi-class services in the Internet.IEEE/ACM Transactions on Networking 2005; 13(4):827–840.

25. Shi L, Liu C, Liu B. Network utility maximization for triple-play services. Computer Communications 2008;31(10):2257–2269.

26. Chen RM, Hsieh KT. Effective allied network security system based on designed scheme with conditional legiti-mate probability against distributed network attacks and intrusions. International Journal of Communication Systems2012; 25(5):672–688.

27. Chan EPF, Yang Y. Shortest path tree computation in dynamic graphs. IEEE Transactions on Computers 2009;58(4):541–557.


D. HUANG ET AL.

AUTHORS’ BIOGRAPHIES

Daochao Huang received his MS and PhD degrees in Communication and Information Sys-tems from the Beijing Jiaotong University of Electronic and Engineering of China, Beijing,China, in 2007 and 2013, respectively. His research interests are in the areas of commu-nication networks including cloud computing, data center, and Next Generation Internettechnologies.

Li Yi received his BS degree from Northeastern University of China in 2008. He is workingtoward his PhD. degree at Beijing Jiaotong University, where his main research interestsfocus around distributed mobility management, ID/Locator separation, and next generationInternet.

Fei Song received his PhD degree from Beijing Jiaotong University. He is now a lecturer inthe National Engineering Laboratory for Next Generation Internet Interconnection Devices,School of Electronic and Information Engineering, Beijing Jiaotong University. His cur-rent research interests are protocols optimization, wireless communications, and cloudcomputing.

Dong Yang received his BS degree from Central South University, Hunan, China, in 2003and PhD degrees in Communications and Information Science from Beijing Jiaotong Uni-versity, Beijing, China, 2009. From March 2009 to June 2010, he was a post-doctoralresearch associate with Jönköping University, Jönköping, Sweden. In August 2010, hejoined the School of Electronic and Information Engineering, Beijing Jiaotong University.His research interests are network technologies, including routing, Internet architecture, andwireless sensor networks.

Hongke Zhang received his MS and PhD degrees in Electrical and Communication Sys-tems from the University of Electronic Science and Technology of China, Chengdu, China,in 1988 and 1992, respectively. From September 1992 to June 1994, he was a post-doctoralresearch associate with Beijing Jiaotong University (BJTU), Beijing, China. In July 1994,he joined BJTU, where he is currently a professor with the School of Electronic and Infor-mation Engineering. He is also the chief scientist of the National Basic Research Programof China. He has published more than 100 research papers in communications, computernetworks, and information theory. He is the author of eight books written in Chinese.


Documents

A secure cost-effective migration of enterprise applications to the cloud