Shinya Kitajima, Tetsuya Uchiumi, Shinji Kikuchi and Yasuhide Matsumoto System Management Lab.,...

CONFIDENTIAL MATERIAL / RESTRICTED ACCESSCONFIDENTIAL MATERIAL / RESTRICTED ACCESS

Shinya Kitajima, Tetsuya Uchiumi, Shinji Kikuchi and Yasuhide MatsumotoSystem Management Lab., System Software Laboratories, FUJITSU LABORATORIES LTD.

Automatic Server Role Identification for Cloud Infrastructure Construction

Contents

Background Misconfigurations in settings How to decide the same role servers?

Our method Four rules

Evaluation Accuracy rate Impact of four rules

Conclusion

Contents

Conclusion

Background

Public cloud Resources and infrastructure are put together.

• [Resources] : CPU, Memory, Disk space...• [Infrastructure] : Server, Switch, Network...

Users rent the virtual resources.

VirtualResources

Need to install more resources and infrastructure!!

Installation of new infrastructure

Copy the configuration settings. Can reduce construction costs.

Existing infrastructure New infrastructure

Settings

Operations manager

ModifyNetworksettings

Have to modify network settings

Misconfigurations

Sometimes misconfigurations occur. Servers cannot communicate with each other. The new infrastructure does not work properly.

Settings

Operations manager

ModifyNetworksettings

Host name: manager2IP address: 192.168.4.25DNS server: 192.168.44.5Gateway: 192.168.0.240

Host name: manager1IP address: 192.168.0.25DNS server: 192.168.0.5Gateway: 192.168.0.240

Mistyping

Forgot to change

Misconfiguration detection

Our approach Detect the differences between the communication logs.

• New infrastructure is copy of existing infrastructure.• Communication pattern should also be the same.• [Communication log]

• Source IP address, source port, destination IP address, destination port• Captured by tcpdump

Server AServer B Server C Server A’

Server B’ Server C’Existing infrastructure New infrastructure

Setting of Server B’ is wrong?

Two types of servers

Management servers Organize cloud computing services

• User information• Dom0 information• Storage information• Network information• Charge information

Dom0 servers Lent their resources as virtual resources to users

• e.g. CPU, memory, storage

Settings of management servers are different from each other.

Dom0 servers

Management servers

Focus only on management servers

Goal of our research

Determine pairs of servers to compare the communication log.

Can not compare the communication logs.

Can compare the communication logs.

MailMail

NTP yum

yumCMDB

Same role server = Same communication logs

Applying Scene

Plan Construc-tion

Function Test

Operation Test Operation

Construction phase Operation phase

Scene to apply our method

Function test after construction Another, function test after update or improvement

Motivation

You may think ...

However, A data center continues to change.

• The actual structure of data center changes from a plan gradually.• New function, new machine, fix problems, etc.

Constructers change a plan.• They often do not install a new data center according to plan.

• Misconfigurations, unreasonable plan, etc.

If there is a plan, it is not necessary to determine

the same role server by using technique.

A plan is only a plan.

Difficulty of this problem

It is difficult to know servers’ role from their appearances.

The configurations of servers in both data center is not completely the same.

Very similar

Which?

Automatic identification

To use communication logs is easy and make sense. We can also detect misconfigurations from communication logs. Communication logs influenced by misconfigurations.

• Consider the differences between the communication logs.

Communicationlogs

List of the samerole servers

Detectmisconfigurations

Contents

Conclusion

Compare communication logs

Summary of our method

Assumption: configurations are almost the same.

Compare communication logs

Can observe almost the same communication logs.

UniquePortRule

Corre-spondingSources

RemainingUnique

PortRule

CommonPortsRule

Communication logs

Our method(Four rules)

IdentificationExisting data center

New data center17

Existing data center

Basic idea of our method

Same role server have the same listening ports

Send packets

NTP server192.168.1.3

Listening port for NTPPort number : 123

New data center

Send packets

NTP server192.168.5.3

IP 192.168.1.13.53746 > 192.168.1.3.123

Listening port for NTPPort number : 123

NTP client192.168.1.13

NTP client192.168.5.13

IP 192.168.5.13.52131 > 192.168.5.3.123

Communication log Communication log

If the listening ports are the same,we can assume that those server have the

same role.We call these servers as the corresponding servers.

Rule 1 : Unique port rule

Focus on the unique listening port. Used by only one pair of servers.

• These pairs are the corresponding servers.

Existing data center New data center

254438080

252952

90049004

258080 252952

: Listening port number

254438080

251238080

254438080

258080

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Unique listening port

254438080

252952

258080 252952

: Corresponding servers

254438080

251238080

254438080

258080

Corresponding servers

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Corresponding serversCorresponding servers

Rule 2 : Corresponding sources rule

Focus on the servers where the source servers are the corresponding servers. These pairs are the corresponding servers.

254438080

252952

258080 252952

254438080

251238080

254438080

258080

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Corresponding serversSource servers are the corresponding servers

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Rule 3 : Remaining unique port rule

Focus on the unique listening port again. Ignore the listening ports used by the corresponding servers. These pairs are the corresponding servers.

254438080

252952

258080 252952

90049004

254438080

251238080

254438080

258080

Focus on the unique listening port again. Ignore the listening ports used by the corresponding server. These pairs are the corresponding servers.

254438080

252952

258080 252952

254438080

251238080

254438080

258080

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Corresponding serversUnique listening port

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Corresponding serversCorresponding serversCorresponding serversCorresponding servers

Rule 4 : Common ports rule

Focus on the servers where the source servers are the corresponding servers again. Several servers are candidates for the corresponding servers. The servers that have most common listening ports as the

corresponding servers.

254438080

252952

258080 252952

254438080

251238080

254438080

258080

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Corresponding serversCorresponding serversCorresponding serversSource servers are the corresponding servers

Focus on the servers where the source servers are the corresponding servers again. Several servers are candidates for the corresponding servers. The servers that have most common ports as the corresponding servers.

Coincident rate : Co Represents the degree of similarity of the listening ports.

• : The number of common listening ports• : The number of listening ports of server a• : The number of listening ports of server b

254438080

252952

258080 252952

254438080

251238080

254438080

2580801

0.830.670.83

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Identification of remaining servers

Apply the corresponding source rule again.

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Apply the corresponding source rule again.

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Apply the remaining unique port rule again.

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Apply the remaining unique port rule again. Finally identify all servers.

254438080

252952

258080 252952

254438080

251238080

254438080

258080

Corresponding serversCorresponding serversCorresponding serversCorresponding servers

Contents

Conclusion

Evaluation environment

Two small experimental cloud data centers Actual data center in our laboratory

• Management servers : 39• Dom0 servers

• Ignore the communication logs

Recorded period• One and a half day• Enough to obtain almost all types of communication logs

Almost the sameconfiguration

Evaluation contents

Accuracy rate : Ac How precisely our method can estimate the corresponding servers.

• : The set of correct pairs manually identified• : The set of estimated pairs identified by our method

Comparing methods

Unique port rule ✔ ✔ ✔ ✔

Corresponding sources rule ✔ ✔ ✔

Remaining unique port rule ✔ ✔

Common ports rule ✔

Evaluation result

Results of accuracy rate

Contribution to accuracy rate

Repeatedly Applied

Contain wrong answer

Unique port rule Middle

Corresponding sources rule Small

Remaining unique port rule High ✔

Common ports rule Middle ✔ ✔

Conclusion

Automatically identifies servers that have the same role. By comparing the communication logs. The accuracy rate is 94.1%.

[Future works] Deal with the following cases

• The number of servers is different.• The components working on servers is different.

Propose a new misconfigurations detection method.• By comparing communication logs.• Use the corresponding servers list according to our method.

Shinya Kitajima, Tetsuya Uchiumi, Shinji Kikuchi and Yasuhide Matsumoto System Management Lab.,...

Documents

Transcript of Shinya Kitajima, Tetsuya Uchiumi, Shinji Kikuchi and Yasuhide Matsumoto System Management Lab.,...

CALA Directory of Laboratories · 2021. 3. 2. · Membership Number: 3775 CALA Directory of Laboratories Laboratory Name: AGAT Laboratories (Edmonton) Parent Institution: AGAT Laboratories

CALA Directory of Laboratories · 2021. 1. 12. · Membership Number: 2702 CALA Directory of Laboratories Laboratory Name: AGAT Laboratories (Calgary) Parent Institution: AGAT Laboratories

a c e u t i c a Ana Uchiumi et al.,m Pharmaceut Anal Acta 2012, … · 2019. 4. 18. · Uchiumi et al.,m Pharmaceut Anal Acta 2012, 3:5 DOI: 10.4172/2153-2435.1000159. Volume 3 •

Selected Laboratories

Zanfel Laboratories et. al. v. Garcoa Laboratories

TR推進合同フォーラムポスターA2jisedaiinfo.wp.med.kyushu-u.ac.jp/files/2014/07/b2db7cd3...Title TR推進合同フォーラムポスターA2 Author uchiumi Created Date

Prime laboratories

Manufacture of Wood-Pottery Composite Board Andi Hermawan, Takeshi Ohuchi, Noboru Fujimoto, Yasuhide Murase Kyushu University-Japan.

Construction of bifurcation section of underground ... · PDF filePARIS–15 November 2017 Stakeholders Kazuhito Uchiumi, Deputy Manager, Metropolitan Expressway Co. k.uchiumi63@shutoko.jp

ASIA PACIFIC PEDIATRIC ASSOCIATION · Dr. Digant Shastri Dr. Zulkifli Ismail Dr. Yasuhide Nakamura APPA PRESIDENT'S MESSAGE. ... succinct presentation of ideas and practical solutions

ZENOTECH LABORATORIES LIMITED - Securities and … · CAPITAL STRUCTURE ... Zenotech Laboratories Limited, ... amalgamation of Ranbaxy Laboratories Limited, ...

Maver Laboratories: Tapsin, building a brand in Chileftpmbauc.integralit.cl/files/lecturas/Maver-Laboratories-Tapsin... · Brief History of the Maver Laboratories Maver Laboratories

ms 029 - 明治大学cmma.mims.meiji.ac.jp/pdf/ms029.pdfYu Uchiumi ( / MIMS )Mutualism based on reciprocal exchange of costly services must avoid exploitation by "free-riders" . When

OM LABORATORIES

Cambridge Laboratories

Titan Laboratories

Laboratories foss

Applied thermodynamics laboratories; Engineering ...unesdoc.unesco.org/images/0013/001330/133074eb.pdf · Title: Applied thermodynamics laboratories; Engineering laboratories; Vol.:4;

Alphabetical List of Licensed Products€¦ · 0103 Allergy Laboratories, Inc. 0467 Allermed Laboratories, Inc. 0468 Antigen Laboratories, Inc. 0308 Greer Laboratories, Inc. 1272

Hanuchem laboratories