A search-based identification of variable microservices for enterprise SaaS

Recently, SaaS applications are developed as a composition of microservices that serve diverse tenants having similar but different requirements, and hence, can be developed as variability-intensive microservices. Manual identification of these microservices is difficult, time-consuming, and costly, since, they have to satisfy a set of quality metrics for several SaaS architecture configurations at the same time. In this paper, we tackle the multi-objective optimization problem of identifying variable microservices aiming optimal granularity (new metric proposed), commonality, and data convergence, with a search-based approach employing the MOEA/D algorithm. We empirically and experimentally evaluated the proposed method following the Goal-Question-Metric approach. The results show that the method is promising in identifying fully consistent, highly reusable, variable microservices with an acceptable multi-tenancy degree. Moreover, the identified microservices, although not structurally very similar to those identified by the expert architects, provide design quality measures (granularity, etc.) close to (and even better than) the experts.     

柔性微服务安全访问控制框架

微服务架构实现了应用服务的业务解耦和技术栈分离,但更多的微服务也增加了进程间无状态服务调用频度,如何在保证服务性能的同时确保无状态服务之间的安全访问控制是微服务安全架构面临的关键问题.本文设计了一种柔性微服务安全访问控制框架,结合微服务API网关、轻量级微服务访问令牌构建方法以及柔性适配的微服务安全控制策略等特征,提高了微服务的柔性安全控制能力,经试验分析,代价更小,并在实际项目中验证了框架及方法的有效性.     

基于SaaS的弹性云平台优化调度策略设计

云计算平台利用虚拟化技术使软件应用变得更有效率的同时, 也给资源管理和服务调度带来了挑战。在研究了软件服务（SaaS）与基础设施服务（IaaS）调度的区别基础上, 重点考虑SaaS层的资源调度, 提出基于随机理论的调度模型, 把该层调度描述成一种多目标的优化问题。除了服务质量的要求, 还考虑了弹性这一云服务的重要特性, 并提供了任务调度与弹性服务副本的匹配策略。实验表明本调度机制的设计优化了云平台的整体性能, 达到了较好的负载均衡与资源利用率。     

微服务体系结构实现框架综述

为提高企业级应用的可伸缩性,基于微服务的软件体系结构将单体应用细化为可相互协作、配合的一组小服务,使得服务间开发自由、独立部署、易于维护,更好地满足企业发展需求。目前,微服务框架作为微服务架构的具体实现方案,已被很多大型企业成功实施并开源。论述面向服务体系结构、Web服务及微服务相关概念并作比较;给出微服务体系结构实践中的关键技术以及核心功能模块;分析对比主流微服务体系结构实施框架及其核心部件的特征和差异;探讨微服务组合面临的挑战及微服务框架中的服务组合方案,并总结全文。     

A process partitioning technique for constructing decentralized web service compositions

Web service compositions have been widely applied in different applications. A service composition is usually implemented in either a centralized or decentralized manner. Compared with the centralized service composition, the decentralized composition has no central control component, and components interact with each other directly, thereby achieving better performance. Process partitioning is a technique to divide a process into multiple parts and has been shown that it can be successfully applied to decentralizing process-driven service compositions. This paper proposes a new process partitioning technique for constructing decentralized service compositions. The proposed technique, which is based on typed digraphs and a graph transformation technique, is used for exploring available process partitioning solutions. For applications, this paper discusses the topology and interaction features about the partitioning solutions and summarizes a ranking method for them. Three experiments are conducted to evaluate the proposed methods in this paper. Experimental results show that the proposed methods can be applied in constructing decentralized service compositions effectively. In addition, the results also show that the decentralized compositions can have lower average response times and higher throughputs than the corresponding centralized compositions in the experiments.     

支持多类终端与服务定制的SaaS软件服务架构

由软件即服务(SaaS)模式中软件服务的概念与特点分析,可知现有的面向服务架构(SOA)不能完全支持软件服务的实现。此外,为了拓展软件服务的应用范围,实现多样化的服务,SaaS模式的软件服务必然要满足用户定制服务的需求,以及对多类用户终端的支持。通过对SOA的扩展,在其中引入了软件服务终端、软件服务端口、软件服务注册等模块,提出了一种支持多类终端与服务定制的SaaS软件服务架构,给出了该架构的结构与工作流程,并通过实验证明了该架构可以实现SaaS模式的软件服务,而且能够实现对上述功能需求的支持。     

一种SaaS模式下的服务社区模型及其在全国科技信息服务网中的应用

如何从服务的提供、运营和使用等多个维度有效组织和管理服务是软件即服务(SaaS)模式下面临的一个重要挑战.以支持服务发现为主要目标的传统服务管理方法难以适应SaaS模式下服务的动态有界、关联演化和可控可测等特征及满足服务全生命周期管控的需求.该文结合全国科技信息服务网实际应用,探索了一种支持科技信息资源整合共享与综合利用的"双向"SaaS模式,并提出一种适于该模式下服务管理的服务社区模型.服务社区模型支持服务元建模和业务规范及服务管控策略自主定义,可以使能面向特定业务领域的有界化和有序化服务管理.文中还针对服务管理边界的演化需求讨论了该模型下的服务社区派生机制.最后,以全国科技信息服务网中的科技信息服务运营管理为具体案例,展示并讨论了服务社区模型的使用方法、应用效果和适用范围.     

SDSN@RT: A middleware environment for single-instance multitenant cloud applications

With the single-instance multitenancy (SIMT) model for composite Software-as-a-Service (SaaS) applications, a single composite application instance can host multiple tenants, yielding the benefits of better service and resource utilization and reduced operational cost for the SaaS provider. An SIMT application needs to share services and their aggregation (the application) among its tenants while supporting variations in the functional and performance requirements of the tenants. The SaaS provider requires a middleware environment that can deploy, enact, and manage a designed SIMT application, to achieve the varied requirements of the different tenants in a controlled manner. This paper presents the SDSN@RT (software-defined service networks at runtime) middleware environment that can meet the aforementioned requirements. SDSN@RT represents an SIMT composite cloud application as a multitenant service network, where the same service network simultaneously hosts a set of virtual service networks, one for each tenant. A service network connects a set of services and coordinates the interactions between them. A virtual service network realizes the requirements for a specific tenant and can be deployed, configured, and logically isolated in the service network at runtime. SDSN@RT also supports the monitoring and runtime changes of the deployed multitenant service networks. We show the feasibility of SDSN@RT with a prototype implementation and demonstrate its capabilities to host SIMT applications and support their changes with a case study. The performance study of the prototype implementation shows that the runtime capabilities of our middleware incur little overhead.     

Constrained evolutionary computing approach to Web service compositions

Web services are being adopted as a viable means of accessing Web-based applications. Web services are not only used to exchange information between enterprises but also to help software developers provide value-added services for various demands. Web service compositions are synthesised by researchers from elementary Web services, offering the opportunity for service providers and application developers to create value-added services. However, a problem exists in the current distribution process of Web service compositions: the general analysis and selection of services can be overly complex and are completed manually. Therefore, there is a need to manage composite Web services automatically. But the research related to ranking candidate services and selection of optimisation strategies is sparse. Yet, few have been published that consider the constraints of non-functional properties. In this article, a systemic but autonomous composition process has been proposed. This study proposes an evolutionary approach that applies the characteristics of the object-oriented concept of Web services and the genetic algorithm to effectively manage and optimise the Web service composition. It is capable of escaping not only from local optima due to a population-based approach, but also from unbiased nature, which enables it to perform well in a situation with little domain knowledge. In this article, the related literature is reviewed. Then, the Web service composition model incorporated with a genetic algorithm is proposed. Finally, a practical implementation is illustrated and shows a good result in terms of solution quality.     

一个面向语义服务发现的QoS本体

随着网络上服务数量的急剧增长，用户使用服务有了更多的选择。服务的QoS属性是用户实施服务选择的一个重要准则。为了实现支持QoS的语义服务匹配和服务选择，本文对语义QoS规范进行了深入研究，并根据QoS和应用的相关性提出了一种分层的QoS语义模型。该模型使得服务提供者可以基于SLA在不同的场景下为用户提供不同层次的QoS保障。在此模型基础上，本文对支持QoS的语义服务匹配与服务选择算法进行了详细讨论。此外，还给出了一个基于QoS本体的服务发现框架。     

Dynamic web service composition based on OWL-S

Composing existing web services for enterprise applications may enable higher level of reuse. However the composition processes are mostly static and lack of support for runtime redesign. In this paper, we describe our approach to the extension of the OWL-S ontology framework for dynamic web service composition. We raise the level of abstraction and propose an abstract service layer so that web services can be com- posed at the abstract service level instead of the concrete level. Each abstract service is attached with an instance pool including all instances of the abstract service to facilitate fail-over and dynamic compositions.     

Adaptable,model-driven security engineering for SaaS cloud-based applications

Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple “tenants” of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants—i.e. multi-tenancy—increases tenants’ concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants’ needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants’ security requirements. We use abstract models to capture service provider and multiple tenants’ security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.     

A new QoS ontology and its QoS-based ranking algorithm for Web services

Web service composition is a promising solution for building distributed applications on the Internet in which Web service discovery is a key step. With a number of Web services having similar functionality, it is necessary to rank those services to select the best Web services for a request. QoS information which can reflect user’s expectation and experience of using a service is often used as a distinguish factor in a service ranking algorithm. Different service providers and participants may use different QoS concepts for describing service quality information. Therefore, it leads to the issue of semantic interoperability of QoS. In this paper, we propose a novel approach for designing and developing a QoS ontology and its QoS-based ranking algorithm for evaluating Web services. The QoS ontology can support not only describing QoS information in great detail but also facilitating various service participants expressing their QoS offers and demands at different levels of expectation. The QoS-based ranking algorithm adopted Analytic Hierarchy Process (AHP), a multiple criteria decision making technique, as an underlying mechanism for developing a flexible and dynamic ranking algorithm. The proposed QoS ontology and ranking algorithm can be used in various applications in order to facilitate automatic and dynamic discovery and selection of Web services.     

密码服务系统研究综述

密码服务系统是将基本密码算法运算功能、密码资源管理功能以及密钥管理机制综合起来,面向上层安全应用提供密码安全服务的计算机系统。其中,安全服务是在已有密码设备功能或密码软件包功能的基础上面向上层安全应用进行了高度抽象、概括和集成的结果。从工程应用的角度对密码服务系统实现过程中的体系结构、密码算法、密钥管理及其相关硬件的研究进展进行了综述,分析了使用密码设备组建密码服务系统的方法、需求,基于安全应用的需求,结合对前人工作和市场现有产品的分析,指出了现有密码服务系统的设计与工程化实现中需要进一步研究的方面和问题。     

基于可变性模型的可复用与可定制SaaS软件开发方法

云计算环境下,软件通过互联网向租户提供服务,这种基于互联网的软件交付模式称为SaaS（软件即服务）.与传统软件交付模式相比,SaaS软件通常运行于软件供应商的服务器端,同时为多个租户提供服务.由于需要支持不同租户的个性化需求,SaaS软件应具备足够的灵活性,以应对快速变化的租户需求;而且针对某一个租户的变更,不应影响其他租户.通过扩展课题组前期开发的基于可变性管理的适应性服务组装方法及其支持平台,提出了一种云计算环境下可复用、可定制的SaaS软件开发方法,开发了相应的支持平台,包括支持SaaS模式的服务组装引擎和远程定制工具.该方法针对不同租户的共性需求,提供一个抽象服务组装模型,支持平台在运行阶段解释执行抽象服务组装模型,根据租户的个性化需求派生不同的流程实例,这些运行时流程实例多态共存、互不影响.采用一个特定领域的SaaS软件实例来验证该方法的可行性,评估了支持平台的性能.实验结果表明,该方法及其支持平台可以支持多实例多租户的交付模式.     

基于服务集成管理的SaaS解决方案

分析SaaS平台功能及其架构模式,阐述平台中服务使用的流程。并以此为基础提出基于运营和服务集成管理两个模块的SaaS解决方案,详细分析模块之间的相互关系,论述服务集成至平台的逻辑过程,制定一种规范的服务调用标准,为实现SaaS平台提供一种可行的方案。     

Toward the automation of a QoS-driven SLA establishment in the Cloud

Composite software as a service (SaaS)-based SOA offers opportunities for enterprises to offer value-added services. The cornerstone for such a business is service level agreements between Cloud customers and Cloud providers. In spite of the hype surrounding composite SaaS, standardized methods that enable a reliable management of service level agreements starting from the SLA derivation from the customer requirements to the SLA establishment between the two stockholders are still missing. To overcome such a drawback, we propose a method for SLA establishment guided by QoS for composite SaaS. Our method provides: (1) a requirement specification language for the Cloud customer to define the composition schemas of the requested services along with its QoS constraints; (2) a Cloud provider offer specification language and method to help in identifying the services and resources that satisfy the customer requirements; and (3) an SLA document definition language and method to specify a deployable composite SaaS on the Cloud. Our approach for SLA establishment embraces model-driven architecture principles to automate the SLA document generation from the customer requirements document. The automation is handled through model transformations along with enrichment algorithms to ensure the generation of complete SLA documents.     

SaaS模式下的信息安全探讨

SaaS(软件即服务)是一种通过互联网提供应用服务的方式,客户可以根据自己实际需求,通过互联网向SaaS提供商定购所需的应用软件服务,并通过互联网获得SaaS提供商提供的服务。SaaS模式彻底颠覆了传统软件的运营和交付模式,免除了中小企业购买、构建和维护基础设施和应用程序的巨大投资成本。但它存在着较大的安全风险,如在可靠性、稳定性、安全性上,尤其是在财务数据和隐私方面。论文首先分析了SaaS的特点和不足,并提出了增强SaaS模式下信息安全的几种方法。