Table of Contents:
Virtualization is the foundation for two important technologies: Virtualized Grid and Cloud Computing. Virtualized Grid Computing is an extension of the Grid Computing concept introduced to satisfy the security and isolation requirements of commercial Grid users. Applications are confined in virtual machines to isolate them from each other and the data they process from other users. Apart from these important requirements, Virtualized Grid Computing also solves other issues associated with Grid Computing, e.g., the problem of software deployment. Cloud Computing is another paradigm for using remote resources. This thesis focuses on the Infrastructure as a Service model that combines some of the ideas of (Virtualized) Grid Computing with a new kind of business model that features on-demand provisioning of raw computing resources (virtual machines) based on a pay-as-you-go pricing model, i.e., customers pay only for their actual usage.
The use of virtualization technology increases the utilization of physical hosts and simplifies systems management compared to physical machines, e.g., by allowing users to clone a virtual machine or to create a snapshot of a virtual machine as a backup of its state before it is modified. However, not all challenges regarding virtualization are solved yet, and the dynamic nature of both Virtualized Grid and Cloud Computing poses new requirements on the technology.
This thesis addresses various aspects of virtual machine usage in Virtualized Grid and Cloud Computing environments. First, the lifecycle of virtual machines in these environments is analyzed and corresponding models are developed. Then, several issues are identified and solutions for these issues are proposed. The key areas this thesis focuses on are the storage, deployment, and execution of virtual machines. Both storage and deployment are negatively affected by the traditional, self-contained image format used for storing virtual machines: large image files that store the contents of virtual disks. This format prevents an efficient deployment and wastes storage space. Furthermore, the security of virtual machines in these environments is a crosscutting concern affecting all three areas. For example, deployment processes should consider information about the security of a virtual machine image and the execution environment should provide means to monitor virtual infrastructures effectively.
This thesis proposes the concept of image composition that combines multiple layers to a composite disk image. This facilitates sharing of common parts and reduces the deployment times of virtual machines as well as their storage requirements. The Marvin Image Compositor, an implementation of this concept, is presented. Furthermore, this thesis introduces the Marvin Image Store, a storage system for virtual machines that replaces traditional image files by a specialized storage system that separately stores the data and metadata contained in an image file. To improve the security of virtual environments, four different proposals are made: The Update Checker is a system that enables scanning virtual machines for outdated software irrespective of their state. The second proposal is an approach for centrally updating virtual machines that are built with the image composition technique, i.e., installing updates a single time and at the same time affecting multiple virtual machines. The Online Penetration Suite is a system that can automatically scan virtual machines for vulnerabilities. The last proposal in the security context is a monitoring concept that is based on monitoring every layer of a virtualized system and facilitates automatic responses to detected incidents. Finally, a virtual machine migration approach is presented that is able to efficiently migrate a virtual machine in the absence of a shared storage system.
The main contributions of this thesis are: an analysis of the virtual machine lifecycle in Virtualized Grid and Cloud Computing environments for different usage models, the introduction of the Marvin Image Compositor and the Marvin Image Store that optimize storage and deployment of virtual machines, as well as multiple solutions for improving the security of virtual machines and their management. Design and implementation details as well as experimental evaluations are presented for each of the proposals. A summary of the contributions and a discussion of areas for future work conclude this thesis.