The implementation of Virtual Desktop Infrastructure (VDI) based on private clouds in universities and other educational institutions (such as schools, colleges, etc.) enables more efficient use of shared computing resources. For universities in Kazakhstan (RK), this also provides the benefit of flexible scaling according to current user needs and the load on the university cloud infrastructure. It should be noted that the approach presented in this paper is relevant for universities in RK and research and educational institutions where the IT environment is characterized by dynamic workloads during examination periods, while the requirements for information security within the cloud infrastructure remain consistently high.

Given the variability of workloads on a university’s cloud infrastructure (or, as referred to in [ 1, 2 ], the cloud-oriented educational environment—COEE) and the heterogeneous requirements of users, a key challenge is to estimate the required number of computing nodes (servers) to ensure stable and secure operation of the cloud platform. Previously proposed mathematical models for estimating the number of cluster nodes in VDI-based clouds [ 3, 4 ] are generally based on analyzing resource loads [ 5–7 ], assuming that the main efficiency criterion is the minimization of the number of physical servers given specific resource consumption parameters of virtual machines. However, we argue that such approaches overlook a fundamental aspect of the COEE—information security (IS) of the deployed computations, including trust in physical nodes, requirements for isolation, access control policies, and resilience against internal and external threats to the university IT environment [ 8–11 ].

Under conditions of high load variability, seasonal activity (during examination periods and university admissions in Kazakhstan), and continuous changes in the composition and behavior of users, the rational scaling of cloud infrastructure becomes a key issue for the cloud-oriented educational environments (COEEs) of Kazakhstani universities. Specifically, it involves determining the required number of computing nodes that ensure the stable operation of the COEE.

Existing approaches [ 1, 2, 4, 6, 7 ] for estimating the necessary capacity of a VDI cluster typically rely solely on analyzing resource characteristics—such as CPU and RAM consumption during virtual machine (VM) deployment in a COEE—and are usually reduced to optimization problems focused on minimizing the number of servers under a fixed workload.

However, in a university environment where personal, scientific, and administrative data are processed, information security (IS) cannot be treated as an external or supplementary criterion. On the contrary, it must be integrated into the very logic of evaluating the architectural parameters of a university’s COEE. Neglecting the requirements for the security level of computing nodes or failing to consider the need for isolation between different user groups will inevitably lead to information security incidents—such as data leaks, inter-faculty interference, and unauthorized access. Similar challenges have been noted in research on cybercrime detection in cloud environments using honeypots [ 12 ], where ensuring reliable isolation and trust in cloud nodes proved critical for preventing attacks. Furthermore, recent studies on Shadow IT risks [ 13 ], centralized secret data management in public cloud provisioning [ 14 ], and secure configuration repository efficiency [ 15 ] highlight that security-oriented resource allocation directly influences the resilience and scalability of cloud infrastructures.

Therefore, there is a need to develop a multi-criteria model in which the task of estimating the number of virtualization nodes and placing virtual machines (VMs) takes into account not only technical resources but also indicators of trust and security—both from the side of physical servers and the VMs hosted on them. Moreover, the model must be adaptable to changing operational conditions over time, support scaling scenarios, and enable predictive assessment of cluster behavior under peak loads and heightened information security requirements.

The objective of this study is to determine the minimum required number of computing nodes that ensures, for a university’s Cloud-Oriented Educational Environment (COEE):    correct placement of virtual machines (VMs) based on available resources (CPU, RAM, etc.); compliance with information security requirements (such as isolation and trust in nodes); adaptability to dynamic workloads and scalability of the private cloud (using a Kazakhstani university as a case study).

We introduce the following notation. For the university’s OSS servers, respectively: M is the total number of available physical servers (nodes) of the university’s public information system; R is a total number of resource types (for example, CPU, RAM, etc.); Cjk is the container; k a resource on the server j ∈ {1, …, M}, k ∈ {1, …, R}; Sj ∈ [ 0,1 ] is the security level (trust) of the server j. That is, the higher, Sj. The safer the whole OOUS is.

And similarly for VM parameters, respectively: N is a number of virtual machines (VMs), which must be placed in the SAUCE of the university; active(t) ⊆ {1, …, N} multiple active VMs at a given time; rjk is the minimum required type resources for an INSTANCE at a given t; aj(t) is the current consumption CPU ВМ i at a moment in time t; Hi ∈ [ 0,1 ] is the required security level for ВМ i at a moment in time t.

And additionally we use the following variables: xij(t) ∈ {0,1} is a binary variable that takes the value 1 if the VM is hosted on the server at the time, 0 otherwise; yi(t) ∈ {0,1} is the server in use j at a moment in time t; α ∈ [ 0,1 ] is the redundancy level in case of security (aggressiveness coefficient in assessing the security of educational institutions from the university); λ > 0 is the penalty coefficient for non-compliance with the security of the environmental management system.

We use the following restrictions.

Each VM is hosted on the same server, i. e.

Then, unlike the works of [ 3, 7 ], we will introduce restrictions on the safety of the university’s environmental management system (hard or soft approach).

A tough approach Resource Constraints on Each Server in the COEE For each resource

To validate the developed mathematical model, a simulation of virtual machine (VM) placement in a university’s private cloud was carried out, taking into account both resource requirements and information security (IS) constraints. The model was implemented in the Python environment and made it possible to analyze workload distribution and compliance with IS requirements under conditions of a limited number of servers in the university’s Cloud-Oriented Educational Environment (COEE). The results are shown in Figure 1.

The simulation considered a cloud infrastructure consisting of 10 physical servers, each with a fixed CPU capacity (100 arbitrary units) and an assigned security levelSj ∈ [0.6,1.0]. Number of VMs accepted—50 (N = 50 with different base resource consumption CPU (in the range from 5 to 20 conventional units) and individual requirements for the security level of the hosting platform Hj ∈ [0.4,0.9]. A total of T = 20 discrete time steps were used to emulate the dynamic workload of the COEE servers.

At each time step, an attempt is made to place all VMs on the servers. The condition for successful placement is simultaneous compliance with the conditions: sufficiency of available CPU resources on the server; server security level compliance with VM requirements Sj ≥ Ri. The simulation results are presented in Figure 1 as a graph showing CPU load per server over time. The analysis revealed a balanced distribution of workload across servers during periods of moderate activity. However, periodic load spikes indicate the difficulty of satisfying all requirements under a static COEE infrastructure. Significant differences in server load levels were observed, primarily due to filtering based on the security level criterion. During the simulation, the system was unable to place some VMs due to the simultaneous shortage of resources and insufficient trust levels in the available servers. Specifically, around 40 VM placement failures were recorded, mainly during time steps where certain VMs—particularly those with high security requirements—could not be allocated at any point throughout the simulation [ 16–18 ].

The graph in Figure 2 illustrates the trade-off between efficiency and security of virtual machines in the COEE at different values of the weight coefficient β, highlighting the prioritization of resource usage (efficiency) versus compliance with the COEE’s information security requirements [19]. So when β = 0 model (1)–(14) it is exclusively focused on COEE information security, and accordingly, minimizes penalties for placing VMs on insufficiently protected servers, regardless of the number of active nodes. For β = 1 the model minimizes the number of servers involved, ignoring information security requirements. Values between 0 and 1 show varying degrees of compromise. That is, as β increases, the cost of resource efficiency decreases, but the risk of violating information security requirements increases. The obtained results were used to justify the selection of the optimal value of β based on the policy of Abai Kazakh National Pedagogical University (strict COEE information security policy of Abai KazNPU) β ≈ 0.3; saving resources β ≈ 0.7.

As a result, the conducted simulation confirms the necessity of considering information security when designing the architecture of a private university cloud. The model presented in the paper demonstrates that ignoring security requirements when estimating the number of required nodes leads to the risk of partial unavailability of computing resources, even when the total CPU capacity of the COEE servers is formally sufficient.

As part of the grant project IRN AP19678846 “Enhancing the Efficiency of Hybrid and Distance Learning Formats Through the Development of University Infrastructure in the Context of Digital Transformation”, a mathematical model was developed to estimate the optimal number of computing nodes in a private university virtualization cloud, taking into account both technical constraints and information security requirements of the university’s Cloud-Oriented Educational Environment (COEE).

Unlike existing approaches, the proposed model incorporates the trust level of COEE servers and the security requirements of virtual machines, enabling the formalization of information security (IS) risks and their inclusion in the objective function. This has made it possible to construct a multi-criteria optimization problem for VM placement, focused on achieving a balance between resource efficiency and COEE security in universities.

The simulation conducted in the Python programming environment demonstrated that ignoring IS factors leads to the failure to place certain VMs, even when the cluster’s total computational capacity appears sufficient. The results confirm the relevance of integrating IS policies into planning and scaling models for university cloud infrastructure.

We believe the developed model is well-suited to serve as a foundation for designing intelligent cloud management systems in the educational environment, aimed at adaptive load balancing with consideration of information security requirements.

This work was carried out within the framework of the grant research project IRN AP19678846: “Enhancing the Efficiency of Hybrid and Distance Learning Formats Through the Development of University Infrastructure in the Context of Digital Transformation”.

While preparing this work, the authors used the AI programs Grammarly Pro to correct text grammar and Strike Plagiarism to search for possible plagiarism. After using this tool, the authors reviewed and edited the content as needed and took full responsibility for the publication’s content. [19] Q. Yao, Y. Wu, J. Gao, Research on Application of Cloud Desktop Virtualization for Computer Laboratories in Universities, in: IOP Conference Series: Materials Science and Engineering, 563(5), 2019, 052028.