DevSecOps-based Operation of Composable Multi-site Edge-Clouds with Reconfigurable and Visible Clusters

Abstract

Emerging computing paradigms such as cloud, cloud-native, and edge computing have been rapidly changing ICT (information and communication technology) infrastructure. Furthermore, the concept of DevSecOps (developer, security, and operator) is also emerging as a promising methodology for the rapid and secured development of diversified application services. In the methodology, DevSecOps-based operation should address the requirements of developers and security in addition to the management of infrastructure resources. To cope with the rapid transitions, Networked Intelligence Laboratory has built and operated K-ONE Playground with edge clusters distributed over five university sites. During the operation of K-ONE Playground, we have experienced the requirements for DevSecOps-based operation. The actual requirements include providing customized testbeds for developers and acquiring intuitive visibility of networking traffic for protecting edge clusters. To effectively handle the requirements, this dissertation introduces reconfigurable and visible clusters based on the concept of composable multi-site edge clouds. Reconfigurable clusters can support DevSecOps operators to easily change their configuration of building blocks. And visible clusters can support DevSecOps operators to intuitively understand the topology and status of the building blocks in multi-site edge clusters. To realize these technical approaches, we propose reconfigurable and visible clusters on two sides based on our actual experiences. First, this dissertation proposes reconfigurable and visible clusters on the resource side, which utilize the building blocks of physical, virtualized, and containerized cloud nodes. The resource-side reconfigurable and visible clusters can support DevSecOps operators to easily repeat the monitoring, visualization, and reconfiguration to provide user-defined testbeds for developers. Second, this dissertation proposes reconfigurable and visible clusters on the networking flow side employing SmartX Multi-Tier Security (Multi-Sec) framework. By using the building blocks of flow monitoring and filtering functions, SmartX Multi-Sec can support flow-centric online monitoring, three-dimensional onion-ring visualization, and template-based functions deployment. Based on the proof-of-concept implementations, we verify the feasibility of the DevSecOps-based operation of composable multi-site edge clouds with reconfigurable and visible clusters. The use cases clearly show how the reconfigurable and visible clusters address the demanding requirements of the DevSecOps-based operation of K-ONE Playground.