Performance monitoring and Progressive privacy in Virtual Distro Dispatcher, a Desktop-as-a-Service solution

Although it is not exactly a new concept, Cloud computing architectures are rapidly spreading over the world of IT, supporting the idea of provisioning various computing capabilities “as-a-service”, in a transparent way for users. Information is stored in servers on a network and cached temporarily on clients, such as desktops, notebooks, handhelds, kiosks, wall computers, etc. Reliable services are delivered to clients from next-generation data centers based on virtualization technologies. Some of the most relevant issues brought about by this paradigm are whether or not this is really feasible on a geographical scale, where network latency matters, and, more generally, whether or not a browser can really substitute every kind of computer application. Finally, big privacy issues rise: users data and work are given away in the hands of third parties, without any control and any real guarantee. According to Utility computing, system resources, such as computation and storage, can be precisely metered and packaged, similarly to what happens with a traditional public utility. In Cloud Computing, the distribution of such a service can occur at different levels. As long as applications are concerned, one talks about Software-as-a-Service (SaaS ): applications are hosted as a service provided to users across a network (e.g., the Internet). If systems are concerned, one can talk about Desktop-as-a-Service (DaaS): desktops can be transformed into a cost-effective, scalable and comfortable subscription service. Desktops are instantiated on a server and then provided to clients on demand across a network. Virtual Distro Dispatcher (VDD) is a distributed system whose aim is to project virtual, fully operational and multiple operating system instances on terminals in a network. Client terminals can be random PCs or energy saving thin clients (such as mini-ITX) managed by a powerful, multiprocessor (and possibly clustered) central system. Desktops are instantiated on a server and then provided to thin clients on demand across a network. VDD gives users the possibility to use their own favorite operating systems, at the same time, on each single thin client. Thin clients are interfaces to proper and isolated machines, that can be made to measure for whatever need and in whatever number (within server limits, of course). This is completely transparent to users, who, even from an obsolete machine, can select a particular machine with certain characteristics and then do everything they would do on such a machine as if it was physical and with its defined performance. Contrary to other systems such as LTSP (Linux Terminal Server Project), VDD offers not only the host operating system to thin clients (e.g., GNU/Linux), but projects virtualized guest systems, i.e. fully operational and independent machines, equipped with diversified desktop systems. Server workloads are relatively predictable and GNU/Linux systems support such workloads well. When desktop environments are concerned, the primary requirement of interactive applications is to respond to user events under human perception bounds rather than to maximize end-to-end throughput. In order to analyze performance of VDD, at first quite an extensive amount of data from tests and benchmarks have been collected. They were related to system aspects, such as CPU usage, memory speed, network bandwidth, disk responsiveness, and so on. Unfortunately, those tests do not say much about user experience. In order to map system performance to desktop performance, a method for coupling system monitoring with desktop benchmarking has been developed. Such method consists in observing low- level system parameters while desktop operations take place and describing correlations, thus tracing a mapping. Such ex-post analysis is used to foresee desktop behaviour while doing system monitoring. It is so possible to react proactively, in order to scale resources accordingly. This way, elasticity property of Cloud Computing becomes relevant at user level, in desktop experience. In public clouds, where data are provided to an infrastructure hosted outside user's premises, privacy issues come to the fore front. The right to act without observation becomes even more important in Desktop-as-a-Service (DaaS) environments. The thesis describes the design, implementation and experimental evaluation of a progressive privacy solution for a DaaS system. Progressive privacy is a privacy preserving model that is configurable by a user not only quantitatively but rather qualitatively, i.e., the user is allowed to discriminate what type of information must be preserved and to what extent, according to his/her desired profiles of privacy. The progressive privacy solution has been embedded into VDD. Specifically, a client-side proxy has been implemented in VDD such that non-intelligible VDD contents and non-traceable VDD actions are guaranteed by means of homomorphic encryption, oblivious transfer and query obfuscation schemes enabled by the proxy. An experimental evaluation of the progressive privacy in VDD has been carried out. The principal results of such evaluation are presented and aim at assessing the performances experienced by users of VDD against the progressive privacy achievements that can be obtained. As expected, the perceived client performances when using VDD highly decrease when augmenting the level of privacy protection. In other words, there exists a trade-off between the level of privacy that can be guaranteed and the performances: the more robust required privacy profile, the strongest enabled privacy policy (large key encryption size, high obfuscation density ), the higher performances experienced by users when they interact with VDD.