Top

Published in:

2019 | OriginalPaper | Chapter

Thread-Level CPU and Memory Usage Control of Custom Code in Multi-tenant SaaS

Authors : Majid Makki, Dimitri Van Landuyt, Bert Lagaisse, Wouter Joosen

Published in: Service-Oriented Computing

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Software-as-a-Service (SaaS) providers commonly support customization of their services to allow them to attract larger tenant bases. The nature of these customizations in practice ranges from anticipated configuration options to sophisticated code extensions. From a SaaS provider viewpoint, the latter category is particularly challenging as it involves executing untrusted tenant custom code in the SaaS production environment. Proper isolation of custom code in turn requires the ability to control the CPU and memory usage of each tenant.

In current practice, OS-level virtualization tools such as hypervisors or containers are predominantly used for this purpose. These techniques, however, constrain the number of tenants that a single node can cost-effectively accommodate.

In this paper, we present a practical solution for thread-level tenant isolation, vis-à-vis CPU and memory usage in presence of tenant-provided custom code. Both Java Runtime Environment (JRE) bytecode and tenant code are instrumented with usage control checkpoints which, based on data gathered using the Java Resource Consumption Management API (JSR-284), ensures that CPU and memory usage of tenants remain within their Service-level Agreements (SLA) limits.

Our experiments show that the tenant accommodation capacity of single node increases 59 times with the proposed solution instead of containers. This scalability improvement comes at the average cost of \(0.31\,\mathrm{ns}\) performance overhead per control checkpoint.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter An Energy Efficient and Interference Aware Virtual Machine Consolidation Algorithm Using Workload Classification

next chapter Optimized Application Deployment in the Fog

Storage and network resources are not dealt with in this paper because the Java RCM API already provides quite straightforward ways to control IO usage.

This is specifically required for CPU because fulfilling F1 for the latter is feasible by suppressing the usage too much.

The source code can be downloaded via http://people.cs.kuleuven.be/~majid.makki/icsoc-2019/main.html.

The act of constantly recording these parameters has no impact on the obtained results.

The claimed CPU usage control in fact restricts the response time of the untrusted script rather than its CPU usage.

Gupta, D., Cherkasova, L., Gardner, R., Vahdat, A.: Enforcing performance isolation across virtual machines in Xen. In: van Steen, M., Henning, M. (eds.) Middleware 2006. LNCS, vol. 4290, pp. 342–362. Springer, Heidelberg (2006). https://doi.org/10.1007/11925071_18CrossRef

Somani, G., Chaudhary, S.: Application performance isolation in virtualization. In: IEEE International Conference on Cloud Computing, CLOUD 2009, pp. 41–48. IEEE (2009)

Li, Y., Li, W., Jiang, C.: A survey of virtual machine system: current technology and future trends. In: 2010 Third International Symposium on Electronic Commerce and Security (ISECS), pp. 332–336. IEEE (2010)

Vaquero, L.M., Rodero-Merino, L., Buyya, R.: Dynamically scaling applications in the cloud. ACM SIGCOMM Comput. Commun. Rev. 41(1), 45–52 (2011)CrossRef

Weissman, C.D., Bobrowski, S.: The design of the force.com multitenant internet application development platform. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, pp. 889–896. ACM (2009)

Song, H., Chauvel, F., Solberg, A.: Deep customization of multi-tenant SaaS using intrusive microservices. In: 2018 IEEE/ACM 40th International Conference on Software Engineering: New Ideas and Emerging Technologies Results (ICSE-NIER), pp. 97–100. IEEE (2018)

Li, X.H., Liu, T.C., Li, Y., Chen, Y.: SPIN: service performance isolation infrastructure in multi-tenancy environment. In: Bouguettaya, A., Krueger, I., Margaria, T. (eds.) ICSOC 2008. LNCS, vol. 5364, pp. 649–663. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89652-4_58CrossRef

Lin, H., Sun, K., Zhao, S., Han, Y.: Feedback-control-based performance regulation for multi-tenant applications. In: 2009 15th International Conference on Parallel and Distributed Systems (ICPADS), pp. 134–141. IEEE (2009)

Leitner, P., Wetzstein, B., Rosenberg, F., Michlmayr, A., Dustdar, S., Leymann, F.: Runtime prediction of service level agreement violations for composite services. In: Dan, A., Gittler, F., Toumani, F. (eds.) ICSOC/ServiceWave -2009. LNCS, vol. 6275, pp. 176–186. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16132-2_17CrossRef

10.

Wang, W., Huang, X., Qin, X., Zhang, W., Wei, J., Zhong, H.: Application-level CPU consumption estimation: towards performance isolation of multi-tenancy web applications. In: 2012 IEEE 5th International Conference on Cloud computing (CLOUD), pp. 439–446. IEEE (2012)

11.

Back, G., Hsieh, W.C., Lepreau, J.: Processes in KaffeOS: isolation, resource management, and sharing in Java. In: Proceedings of the 4th Conference on Symposium on Operating System Design & Implementation-Volume 4, p. 23. USENIX Association (2000)

12.

Czajkowski, G., Daynès, L., Titzer, B.L.: A multi-user virtual machine. In: USENIX Annual Technical Conference, General Track, pp. 85–98 (2003)

13.

Geoffray, N., Thomas, G., Muller, G., Parrend, P., Frénot, S., Folliot, B.: I-JVM: a Java virtual machine for component isolation in OSGi. In: IEEE/IFIP International Conference on Dependable Systems & Networks, DSN 2009, pp. 544–553. IEEE (2009)

14.

Czajkowski, G., Daynàs, L.: Multitasking without compromise: a virtual machine evolution. ACM SIGPLAN Not. 47(4a), 60–73 (2012)CrossRef

15.

Johnson, G., Dawson, M.: Introduction to Java multitenancy. Technical report (2015)

16.

Herzog, A., Shahmehri, N.: Problems running untrusted services as Java threads. In: Nardelli, E., Talamo, M. (eds.) Certification and Security in Inter-Organizational E-Service. IOLCS, vol. 177, pp. 19–32. Springer, Boston (2005). https://doi.org/10.1007/11397427_2CrossRef

17.

Rodero-Merino, L., Vaquero, L.M., Caron, E., Muresan, A., Desprez, F.: Building safe PaaS clouds: a survey on security in multitenant software platforms. Comput. Secur. 31(1), 96–108 (2012)CrossRef

18.

JCP: JSR 284: Resource Consumption Management API. https://jcp.org/en/jsr/detail?id=284. Accessed 04 Dec 2018

19.

Czajkowski, G., Hahn, S., Skinner, G., Soper, P., Bryce, C.: A resource management interface for the Java\(^{\rm TM}\) platform. Softw. Pract. Exp. 35(2), 123–157 (2005)CrossRef

20.

Grove, D., DeFouw, G., Dean, J., Chambers, C.: Call graph construction in object-oriented languages. ACM SIGPLAN Not. 32(10), 108–124 (1997)CrossRef

21.

OSGi Alliance: OSGi specification (2012). https://osgi.org/download/r4v43/osgi.core-4.3.0.pdf. Accessed 19 Apr 2017

22.

Simão, J., Lemos, J., Veiga, L.: \(A^{2}\)-VM: a cooperative Java VM with support for resource-awareness and cluster-wide thread scheduling. In: Meersman, R., et al. (eds.) OTM 2011. LNCS, vol. 7044, pp. 302–320. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25109-2_20CrossRef

23.

Kim, Y.J., Lee, Y.C., Han, H., Kang, S.: Hierarchical recursive resource sharing for containerized applications. In: Pahl, C., Vukovic, M., Yin, J., Yu, Q. (eds.) ICSOC 2018. LNCS, vol. 11236, pp. 781–796. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03596-9_56CrossRef

24.

Makki, M., Van Landuyt, D., Joosen, W.: Towards PaaS offering of BPMN 2.0 engines: a proposal for service-level tenant isolation. In: Mann, Z.Á., Stolz, V. (eds.) ESOCC 2017. CCIS, vol. 824, pp. 5–19. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79090-9_1CrossRef

25.

Truyen, E., Van Landuyt, D., Reniers, V., Rafique, A., Lagaisse, B., Joosen, W.: Towards a container-based architecture for multi-tenant SaaS applications. In: Proceedings of the 15th International Workshop on Adaptive and Reflective Middleware, p. 6. ACM (2016)

26.

Ochei, L.C., Bass, J.M., Petrovski, A.: Degrees of tenant isolation for cloud-hosted software services: a cross-case analysis. J. Cloud Comput. 7, 22 (2018)CrossRef

27.

Zhang, X., Tune, E., Hagmann, R., Jnagal, R., Gokhale, V., Wilkes, J.: CPI 2: CPU performance isolation for shared compute clusters. In: Proceedings of the 8th ACM European Conference on Computer Systems, pp. 379–391. ACM (2013)

28.

Krebs, R., Spinner, S., Ahmed, N., Kounev, S.: Resource usage control in multi-tenant applications. In: 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 122–131. IEEE (2014)

29.

Walraven, S., De Borger, W., Vanbrabant, B., Lagaisse, B., Van Landuyt, D., Joosen, W.: Adaptive performance isolation middleware for multi-tenant SaaS. In: 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC), pp. 112–121. IEEE (2015)

30.

Lama, P., Wang, S., Zhou, X., Cheng, D.: Performance isolation of data-intensive scale-out applications in a multi-tenant cloud. In: 2018 IEEE International Parallel and Distributed Processing Symposium (IPDPS), pp. 85–94. IEEE (2018)

31.

Binder, W., Hulaas, J.G., Villazón, A.: Portable resource control in Java. ACM SIGPLAN Not. 36, 139–155 (2001)CrossRef

32.

Janik, A., Zieliński, K.: Transparent resource management with Java RM API. In: Alexandrov, V.N., van Albada, G.D., Sloot, P.M.A., Dongarra, J. (eds.) ICCS 2006. LNCS, vol. 3994, pp. 1023–1030. Springer, Heidelberg (2006). https://doi.org/10.1007/11758549_136CrossRef

33.

Activiti. https://www.activiti.org/. Accessed 04 Dec 2018

34.

Rhino. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/. Accessed 04 Dec 2018

35.

HoseinyFarahabady, M.R., Lee, Y.C., Zomaya, A.Y., Tari, Z.: A QoS-aware resource allocation controller for function as a service (FaaS) platform. In: Maximilien, M., Vallecillo, A., Wang, J., Oriol, M. (eds.) ICSOC 2017. LNCS, vol. 10601, pp. 241–255. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69035-3_17CrossRef

Title: Thread-Level CPU and Memory Usage Control of Custom Code in Multi-tenant SaaS
Authors: Majid Makki
Dimitri Van Landuyt
Bert Lagaisse
Wouter Joosen
Publisher: Springer International Publishing
Book: Service-Oriented Computing
Print ISBN: 978-3-030-33701-8

Electronic ISBN: 978-3-030-33702-5

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-33702-5_21

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner