Modern technological developments have increased the need to use web technologies, which, in particular, as a computer paradigm with the appropriate capabilities: greater flexibility and affordability at a low cost. Effective implementation of modern information technologies: Web, Cloud, IoT (Internet of Things), etc. it is impossible without the corresponding normative documents describing legal norms, problems, risks and ways of their minimization. Convenient and secure use of web and Cloud services is based on the principles of trust between service providers and users, but trust is not possible without the support and provision of service level agreements (SLAs). Another factor in guaranteeing such trust is the comprehensive provision of regulatory standards at the international and national levels.
Demand for cloud computing is growing every year due to their key characteristics, which have been most comprehensively and fundamentally described by the European Union Agency for Cyber Security (ENISA) [1] and the National Institute of Standards and Technology (NIST) [2]. However, the use of cloud technologies alone does not minimize the risks of accidents, catastrophes, cyberattacks and component failures, which is especially important for critical infrastructure. To minimize such risks, it is necessary to maintain not only the support and counteracting system, but to close the foundations of fault tolerance, availability and resistance in the early stages of planning and design. That is why the development of a methodology for the development and maintenance of cloud systems of high availability for critical infrastructure is an urgent issue.
Currently, the industrial provision of services provided by various cloud service providers (CSP) and among them the largest Amazon, Microsoft and Google [3]. CSPs provide users with flexible plans for renting and maintaining virtual cloud infrastructure and services based on IaaS, PaaS, SaaS and others. According to these user requirements for the availability of the cloud system and its elements, which are usually supported by simple model calculations (such as methods of the Reliability Block Diagram (RBD) or failure tree analysis (FTA)), various internal and external factors or the dynamics of their changes may not be taken into account. On the other hand, the use of a Markov [4] or semi-Markov [5] models should be justified, requiring time and computing resources. We propose to perform a comparative analysis of availability models of cloud architecture (on the example of a video hosting system). The paper considers a simple model based on RBD, a Markov model with constant parameters, and a Multifragment model with a variable parameter. The discrepancy of simulation results is estimated. The obtained simulation results can be used not only by users of cloud systems, but also by CSP service personnel to improve the planning and failure risk assessment procedure.
The issue of assessing the quality of cloud services is relevant and widely covered in scientific works. When calculating the reliability and availability of most authors [6] use models based on RBD and failure trees [7]. The issues of calculating the input parameters for such models are covered in [8] (the assessment of the availability of the virtualized environment for different scenarios of their use).
The study [9] also evaluated the input parameters for a specific pattern -the cloud mobile system.
Complex models based on the Markov approach have been considered in subsequent publications. In [10], the Stochastic Reward Nets was created. Works [11][12] contain queuing models and case, based on Markov reward models.
In [13] authors describe the approach based on the use of Semi-Markov models to assess availability of a cloud infrastructure with multiple pools. Unlike Markov, the Semi-Markov models are utilized by researchers when the system operated at diverse modes on different intervals in time.
In [14] the analysis of software failure data was performed in order to determine the optimal laws of time distribution between expected failures. The study [15] analyzed a sample of data on vulnerabilities of software servers based on an open repository [16]. Since these studies do not specify an analysis tool, it can be concluded that manual data processing was performed.
The approach proposed in this article has already been approved in a study [17], which compared the results of modeling Markov and semi-Markov models of cloud service. The research performed here is a logical continuation [17], as it was specified values of input parameters and results by using the Markov and Multifragment models.
Research methodology is based on the use of the principles of systems analysis [18][19] in setting and solving research problems. This is manifested in [18]:
-determining the stages of solving tasks and the logical sequence of their implementation; -the choice of adequate mathematical apparatus, research methods and their correlation with the tasks of individual stages;
-formal presentation of types, procedures, indicators and parameters that describe the functioning of the cloud system and external influences on it; -decomposition of the cloud system architecture into components and study of their relationships in the tasks of analysis, evaluation and ensuring availability;
-establishing and studying the relationship between the resulting indicators of cloud system availability, obtained using various mathematical models, taking into account the peculiarities of their operation, maintenance and use.
To model the processes that accompany the operation of the cloud architecture (failures and restored component systems, attacks on nah, installation of patches) was created cloud architecture model. The cloud system is a complex multilevel and distributed system that can be represented by a diagram of different levels of nesting [8,10]. The cloud architecture model describes a three-level client-server network architecture that includes three networks (mobile, CDN and primary virtual network) to service groups of end devices. Thus, the common elements for a typical cloud system are a group of end devices (DSM), a physical access network (MNT), elements of a virtual access network (VPN and SGR) and load balancing (LB). Cloud application services (API, Calls, Autoscaling) are special for video hosting services. An important element, such as CDN, should be singled out, as the use of such a network allows in part unload regional cloud services. CDN also provides protection against DDoS-type cyberattacks, but this element is the most accessible for criminal activities.
The failure of any unreserved element of the cloud system architecture (Figure 1) will cause unavailability in customer service. Based on this, the Reliability Block Diagram (RBD) of the cloud system (Figure 2) will include seven consecutive elements, each of which characterizes the serviceability of the corresponding elements of the architecture. Elements of architecture: WiFi and MNT, SGR and VPN form parallel links in RBD. The developed model does not describe redundant service configuration, but both web servers (LB, QS) and application servers (APS) can be reserved through a high availability cluster, in which case RBD will contain additional redundant components.
Also developed RBD can be detailed, because each service is primarily implemented as a clientserver distributed structure (respectively, it is characterized by failures and restores the client and server page) [10]. Secondly, services are created on the basis of hardware and software systems (respectively, they are characterized by failures of hardware and software) [12]. However, in the developed model it was decided to limit certain values of failures due to physical and design defects and attacks on the vulnerability of the component.
According to the method, as recommended in [4], the calculation of the availability of the system with a mixed connection of elements is performed by formula (1) ,
where , .
(
The availability values obtained by formulas (1) and (2) are stationary. This greatly simplifies the model, but does not allow to study the dynamics of changes in availability function over time.
The graph of states and transitions of the Markov model of the cloud system (Figure 3) includes one serviceable state S1, four operational states S4, S6, S10, S12 and nine inoperable states S2, S3, S5, S7, S8, S9, S11, S13, S14. This Markov model describes the functioning of the cloud system in terms of manifestation of only hardware and software defects under the condition of averaging the failure rates and recovery of components of the architecture, performed on the basis of the method [4]. The model does not describe changes in the intensity of design defects (for example, during attacks on components). However, using repeated reproduction of the model experiment, you can get the dynamics of changes in the resulting indicator when changing one or more input parameters.
The system of Kolmogorov-Chapman differential equations constructed for the graph of the model in Figure 3 is represented by formula (3).
To obtain single solution to this system additions in the form of initial conditions were applied (4). Modeling the change of the input parameter requires the introduction of an additional cycle, in which when changing the parameter each time the Markov model is recalculated. A code for such operations has the following form. In the given code fragment for storage of availability function values the array Ag is used, and the resulting indicator is defined by the formula (5).
.
The multifragment model of cloud system availability allows taking into account the change of input parameters in one model step. This complicates the marked digraph of the functioning of the system, as shown in Fig. 4. The process of functioning of the cloud system is as follows. Initially, the system implements all planned functions and is in state S1. In the process of functioning, the failures of the system components are manifested, as a result of which it passes into the state S2..S14 and is restored (the system returns to the state S1). To simplify the perception of the model, in digraph (Fig. 4) all transitions not related to the attack on the CDN are hidden in the superstates S(1..14 *) (for the first fragment) and S(15..28 *) (for the second fragment).
After a certain time interval, the system fails due to an attack on the vulnerability of the CDN component, and it goes into state S3. If the attacker succeeds (the CDN attack was successful), the system moves to a new part of the model (state S17), and if the attack fails, it returns to state S1. The probability of success of the attacker is weighted by the parameter a∈ [0..1]. After several successful attacks (usually Nf = [8..12], the intensity of the attack reaches its maximum (because for technical reasons, the attacker can not speed them up).
When building availability models of cloud system, the following assumptions were made [4,5]. a) For the RBD availability model: -the availability of each of the components of the cloud architecture in equation ( 1) is determined by the formula μi/(μi+λi), where the values of μi and λi are the input parameters averaged by method [4] for each element of the cloud system. b) For the Markov model of the cloud system:
-the flow of events that translates the system from one functional state to another has the properties of stationary, ordinariness and absence of aftereffects, respectively, the input parameters of the model λі, μi are assumed to be constant;
-each element of the cloud system at any time may be in working order or inoperable states. c) For the multifragment cloud system model: after elimination of CDN vulnerability in F1 fragment, the intensity of attack on CDN is specified as λCDN j+1 , and is defined as:
the of attack on CDN component (for technical reasons) is limited by the maximum λCDN max .
Parametrization of input data for the proposed models was performed using Machine Learning tools [21]. In particular, utilized machine learning operations MLlib based on the use of Spark Big Data Platform were used [22]. Statistical processing and evaluation of data characterizing the reliability of the components of the cloud video system was implemented by sequentially performing operations to create Resilient Distributed Datasets, (RDD). In doing on, RDDs were formed from tuples of data that contained statistics on the reliability of CVS components. Next, the formed RDD datasets were transformed into matrix constructs, which were subjected to the operation of statistical testing of hypotheses (Hypothesis Testing) in accordance with the criterion of xi-square (Chi-square test). Figure 5 shows the solutions' scheme using operations of RDDs and Machine Learning. The primary input parameters of RBD, Markov and Multifragment models were determined on the basis of research and certification data [6,8,9] for the analog versions CVS samples. Their values are presented in Table 1. To study the availability of the system, variable values of the input parameter λCDN j were adopted, which are substantiated in [11] and summarized in Table 2.
Comparison of RBD and Markov models is performed under the condition t→∞ (for stable Availability). Under this condition, the solution of the Markov model is reduced to a system of linear (non-differential) equations. The results of the calculations are shown in Table 3.
The simulation results showed that the difference between the cloud system availability indicators determined by RBD and Markov models have differences, not exceeding ΔA=0,0034. The weakest element in the architecture in the absence of attacks are end-user devices (DSM).
Figure 6,a illustrates the decrease in availability with increasing input parameter λCDN j within the interval of Table .2. Estimates obtained using RBD and Markov models with increasing CDN failure rate increase the discrepancy from ΔA = 0.0034 to ΔA = 0.0051.
To solve systems of differential equations constructed according to the Kolmogorov-Chapman matrix, in the paper using the ode15s function [20]. The simulation results are shown in Figure 6 The results of availability modeling using a multifragment model are illustrated in Figure 7. Graphs in Figure 7,a allow you to compare the results of Markov and multifragment models. The availability function obtained by the MFM method reaches a stationary value after t = 8000 hours of operation, and the specified value of stationary availability is A = 0.9189. This indicator can be determined by a simpler Markov model, taking the value of the input parameter λCDN equal to λCDN max .
Figure 7,b illustrates the influence of the input parameter α on the dynamics of changes in the availability function. The mechanism of influence of this parameter is as follows. As the parameter α increases, the time of transition of the availability function to stationary mode decreases, so for α = 0.5 t = 8000 hours; for α = 0.9 t = 4000 hours (that is twice as fast).
In the article, we presented the results of modeling to assess the availability of the cloud system. Two scenarios of events affecting system availability were considered: the first -in the absence of attacks on the CDN component; the second is in the case of attacks that cause an increase in the CDN failures rate to the limit level λCDN max .
Parametrization of input data for the proposed models was performed using Machine Learning tools. In doing on, RDDs were formed from tuples of data that contained statistics on the reliability of CVS components. Next, the formed RDD datasets were transformed into matrix constructs, which were subjected to the operation of statistical testing of hypotheses (Hypothesis Testing) in accordance with the criterion of xi-square (Chi-square test).
A comparative analysis of RBD, Markov and Multifragment models was performed. The obtained results showed that the discrepancy between the stationary availability of RBD and Markov models is ΔA = 0.0034. As the CDN failure rate increases by an order of decimal order, this discrepancy increases to ΔA = 0.0051 (with the RBD model underestimating availability).
The conducted researches allowed to compare the results of Markov and multifragment models. The availability function obtained by the MFM method reaches a stationary value after t = 8000 hours of CVS operation, and the specified value of stationary availability is A = 0.9189. This indicator can be determined by a simpler Markov model, taking the value of the input parameter λCDN equal to λCDN max . The influence of the input parameter α (probability of successful attack on the CDN component) on the dynamics of change of the availability function was also investigated with the help of a multifragment model. As the parameter α increases, the time of transition of the availability function to stationary mode decreases, so for α = 0.5 t = 8000 hours; for α = 0.9 t = 4000 hours (that is twice as fast).
Therefore, the choice of model strongly influences the assessment of the accuracy of the CVS stationary availability level and the time of transition of the availability function to the steady state. The presented results can be used by both developers and DevOps engineers to ensure effective functioning of the high available CVS. Future research directions can be connected with analysis of cloud multiversion architectures by use of DevOps tools.