Abstract
With the widespread use of container cloud, the security issue is becoming more and more critical. While dealing with common security threats in cloud platforms and traditional data centres, there are some new security issues and challenges in the container cloud platform. For example, there are significant challenges in network isolation and resource management. This paper proposes a private container cloud platform PCCP based on Docker supporting domestic software and hardware to solve these security problems. This paper introduces the system architecture and functional architecture of the platform. The system has been tested and confirmed to have high availability and high reliability. The platform gives full play to the value of domestic software and hardware and is better able to serve the information construction of our country.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Cloud computing is an Internet-based computing approach. In this way, the hardware and software resources shared can be provided to various computer terminals and other on-demand devices [1]. The cloud computing architecture covers three-tier services, and they are IaaS, PaaS, and SaaS [2]. IaaS has low resource utilization, and the scenario needs to be considered. PaaS uses container technology, does not rely on virtual machines, and is highly scalable [3]. Docker was proposed as an open-source tool in October 2014. It can package applications and their dependencies into containers, and it solves the compatibility problem. However, Docker also faces many problems. For example, the application iteration is slow, the operation and maintenance management are more and more complex [4]. Under this background, container cloud technology is proposed. The container cloud is divided into containers for resources and encapsulates the entire software run-time environment. And it provides the developers and system administrators with a platform for creating, publishing, and running distributed applications [5]. When the container cloud focuses on resource sharing and isolation, container orchestration, and deployment, it is closer to the concept of IaaS. When the container cloud penetrates the application support and run-time environment, it is closer to the idea of PaaS.
To solve the problems such as the slow application iteration and the more complex operation and maintenance management, a private container cloud platform PCCP supporting domestic hardware and software based on Docker is designed and implemented. The system is based on B/S architecture. The server and database are all made in China. And the functions of cluster management, mirror management, and so on are realized. This paper first introduces the research background of the PCCP container cloud platform, then introduces the system testing of the PCCP container cloud platform, and finally summarizes this paper.
2 System Architecture Design
2.1 Functional Architecture
A container is a change from an existing application that is run by a physical or virtual machine to the application that deploy with the containers. And the container runs in the container runtime environment of the cloud operating system. Combined with other DevOps tools such as continuous integration, cloud-based rapid deployment, elastic scaling, and increased resource utilization can be achieved [6]. The functional architecture of the PCCP container cloud platform designed according to the system requirements is shown in Fig. 1.
The functional architecture of container cloud platform
2.2 Scenario Support
-
(1)
DevOps: Help companies achieve the process of DevOps
-
(2)
Micro-service: Support for a micro-service framework to meet the enterprise from a single architecture to the transformation of micro-service architecture.
-
(3)
Intelligent operation and maintenance: It mainly includes multi-index and multi-dimension monitoring alarm, logs analysis, and event audit.
-
(4)
Cluster management: Visual cluster management support multi-cluster management and container security policy development.
-
(5)
Application market: Provide out-of-the-box application market. Users can easily use a variety of middleware, database, and application development framework.
Core Function.
PCCP container cloud platform has several functions, including multi-tenant authority management, cluster management, application management, mirror management, storage management, resource management, pipeline management, load balancing, service discovery, application market, monitoring alarm, log management [7]. The functions and implementations are shown in Table 1.
2.3 Technical Architecture
The container cloud platform uses a container scheduling engine to pool resources such as computing, network, storage, and so on to provide application management capabilities at the distributed data center level. And it is no longer limited to the single mode for the application to give the required types of resources. The resource utilization can be greatly improved, and the IT cost can be reduced based on the lightweight container technology and the scheduling algorithm [8]. Depending on the features such as self-healing, health check, and elastic scaling, the stability and availability of the applications deployed on it can be significantly improved. Relying on the characteristics of orchestration, configuration management, service discovery, and load balancing can dramatically reduce the complexity of application deployment and operation, especially when the application scale is enormous. With these essential applications, you can focus more on business logic and deliver business value more quickly. The hierarchical design and hierarchical structure of the overall architecture are as follows:
-
(1)
The first layer is the application system for business services deployed on the platform.
-
(2)
The second layer is the platform service layer, which provides the platform level service support for the upper layer application to consider more business logic. And turn the deployment, extension, high availability, monitoring, and maintenance work of the application to the platform layer. The platform service layer provides an application development framework and middle-ware, application and service directory, software custom network, performance monitoring, and log management, automated cluster deployment and management, container scheduling, application cluster elastic scaling, abnormal self-healing, persistent volume, service discovery, configuration management, and other functions. The functions provided by the container platform service layer can guarantee the high availability, high scalability, and stability of the applications running on it. And it can send a warning before service failure, which can help IT staff quickly locate and solve problems [9].
-
(3)
The primary component layer contains the underlying core components of the container cloud platform and the components that run with a container. It provides uniform packaging standards for applications and isolation between applications. The network component is used to implement the inter-node container network communication and network isolation policy, and the storage component is used to provide storage support for stateful service.
-
(4)
The infrastructure layer is primarily a physical or virtual machine cluster. It provides the computing, networking, and storage resources needed by the container cloud platform. The platform is compatible with domestic hardware and operating system.
The technical architecture diagram of the container cloud platform is shown in Fig. 2.
Technical architecture diagram of PCCP container cloud platform
3 System Testing
3.1 Test Environment
The test environment topology is shown in Fig. 3. The test uses a node server and a laptop. They are both connected to the switchboard.
PCCP container cloud platform test network topology
The model and configuration of the server and client are shown in Table 2. In the test the node server is Kylin system. The CPU is FT1500a@16c CPU. The laptop is the flagship of Windows 7, and the model is the ThinkPad T420.
3.2 Test Content
The contents of the system test are shown in Table 3. In the test results, “·”is the coincidence term, and it conforms to the requirements of the system requirements specification. “*” is the nonconformity. “#” is the coincidence term after modifying. As can be seen from the table, all the test results in this test meet the requirements of the system requirements specification.
3.3 Test Results
In this paper, we test the “PCCP container cloud platform” from the functional performance efficiency. The test results are as follows:
-
1.
System architecture. The system is based on B/S architecture. The server adopts Kylin V4.0 operating system, the database adopts MySQL V5.7.14, the middleware adopts etcd V3.2.24, and the bandwidth is 1000Mbps. The client operating system is the flagship of Windows 7, and the browser uses Google Chrome 52.0.2743.116.
-
2.
System function. The system realizes the container application management, console management interface, configuration version management, customized scheduling mechanism, and log management.
-
3.
Performance efficiency. Starting a single application container took an average of 1.8
Seconds, creating 20 application container copies at the same time took an average of 8.5 s.
4 Conclusion
This paper takes the container cloud platform as the research object. A private container cloud platform PCCP based on Docker is proposed by analyzing the current problems and challenges. PCCP supports domestic software and hardware. The platform uses a container scheduling engine to pool resources such as computing, network, storage, and so on to provide application management capabilities at the distributed data center level. And the platform is no longer limited to the single mode for the application to give the required types of resources. After testing, the system runs stably and has a complete function.
References
Katal, A., Dahiya, S., Choudhury, T.: Energy efficiency in cloud computing data center: a survey on hardware technologies. Clust. Comput. 25(1), 675–705 (2021). https://doi.org/10.1007/s10586-021-03431-z
Meng, Z.Y.: Research on cloud computing technology of computer network in the new era. Comput. Program. Skills Maint. 417(03), 93–94+107 (2020)
Chen, X.Y.: Design and implementation of network resource management and configuration system based on container cloud platform. Zhejiang University (2016)
Parast, F.K., Sindhav, C., Nikam, S., Yekta, H.I., Kent, K.B., Hakak, S.: Cloud computing security: A survey of service-based models. Comput. Secur. 114, 102580 (2022)
Alouffi, B., Hasnain, M., Alharbi, A., Alosaimi, W., Alyami, H., Ayaz, M.: A systematic literature review on cloud computing security: threats and mitigation strategies. IEEE Access 9, 57792–57807 (2021). https://doi.org/10.1109/ACCESS.2021.3073203
Feng, W.C.: Design of network resource configuration management system for container cloud platform. Industrial Instrumentation and Automation (2018)
Cai, L., Lu, J.N., Cai, Z.G., et al.: Resource quota prediction method for container cloud platform based on historical data analysis, CN110990159A[P] (2020)
Zheng, B.: Design of enterprise container cloud platform based on Kubernetes. Digital Technology and Application, 37(348(06)), 148+151 (2019)
Li, J.Z., Zhao, Q.C., Yang, W.: A one-click deployment of big data and deep learning container cloud platform and its construction method, CN111274223A[P] (2020)
Acknowledgements
This research was financially supported by National Key R&D Program of China (2018YFB1004100), China Postdoctoral Science Foundation funded project (2019M650606) and First-class Discipline Construction Project of Beijing Electronic Science and Technology Institute (3201012).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2022 The Author(s)
About this paper
Cite this paper
Wang, Z., Wang, Z., Zhao, J., Chi, Y. (2022). PCCP: A Private Container Cloud Platform Supporting Domestic Hardware and Software. In: Qian, Z., Jabbar, M., Li, X. (eds) Proceeding of 2021 International Conference on Wireless Communications, Networking and Applications. WCNA 2021. Lecture Notes in Electrical Engineering. Springer, Singapore. https://doi.org/10.1007/978-981-19-2456-9_41
Download citation
DOI: https://doi.org/10.1007/978-981-19-2456-9_41
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-2455-2
Online ISBN: 978-981-19-2456-9
eBook Packages: EngineeringEngineering (R0)