Skip to main content
SpringerLink
Log in
Book cover

International Conference on Service-Oriented Computing

ICSOC 2019: Service-Oriented Computing pp 267–282Cite as

Thread-Level CPU and Memory Usage Control of Custom Code in Multi-tenant SaaS

  • Conference paper
  • First Online:

  • 2505 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11895))

Abstract

Software-as-a-Service (SaaS) providers commonly support customization of their services to allow them to attract larger tenant bases. The nature of these customizations in practice ranges from anticipated configuration options to sophisticated code extensions. From a SaaS provider viewpoint, the latter category is particularly challenging as it involves executing untrusted tenant custom code in the SaaS production environment. Proper isolation of custom code in turn requires the ability to control the CPU and memory usage of each tenant.

In current practice, OS-level virtualization tools such as hypervisors or containers are predominantly used for this purpose. These techniques, however, constrain the number of tenants that a single node can cost-effectively accommodate.

In this paper, we present a practical solution for thread-level tenant isolation, vis-à-vis CPU and memory usage in presence of tenant-provided custom code. Both Java Runtime Environment (JRE) bytecode and tenant code are instrumented with usage control checkpoints which, based on data gathered using the Java Resource Consumption Management API (JSR-284), ensures that CPU and memory usage of tenants remain within their Service-level Agreements (SLA) limits.

Our experiments show that the tenant accommodation capacity of single node increases 59 times with the proposed solution instead of containers. This scalability improvement comes at the average cost of \(0.31\,\mathrm{ns}\) performance overhead per control checkpoint.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Storage and network resources are not dealt with in this paper because the Java RCM API already provides quite straightforward ways to control IO usage.

  2. 2.

    This is specifically required for CPU because fulfilling F1 for the latter is feasible by suppressing the usage too much.

  3. 3.

    The source code can be downloaded via http://people.cs.kuleuven.be/~majid.makki/icsoc-2019/main.html.

  4. 4.

    The act of constantly recording these parameters has no impact on the obtained results.

  5. 5.

    The claimed CPU usage control in fact restricts the response time of the untrusted script rather than its CPU usage.

References

  1. Gupta, D., Cherkasova, L., Gardner, R., Vahdat, A.: Enforcing performance isolation across virtual machines in Xen. In: van Steen, M., Henning, M. (eds.) Middleware 2006. LNCS, vol. 4290, pp. 342–362. Springer, Heidelberg (2006). https://doi.org/10.1007/11925071_18

    Chapter  Google Scholar 

  2. Somani, G., Chaudhary, S.: Application performance isolation in virtualization. In: IEEE International Conference on Cloud Computing, CLOUD 2009, pp. 41–48. IEEE (2009)

    Google Scholar 

  3. Li, Y., Li, W., Jiang, C.: A survey of virtual machine system: current technology and future trends. In: 2010 Third International Symposium on Electronic Commerce and Security (ISECS), pp. 332–336. IEEE (2010)

    Google Scholar 

  4. Vaquero, L.M., Rodero-Merino, L., Buyya, R.: Dynamically scaling applications in the cloud. ACM SIGCOMM Comput. Commun. Rev. 41(1), 45–52 (2011)

    Article  Google Scholar 

  5. Weissman, C.D., Bobrowski, S.: The design of the force.com multitenant internet application development platform. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, pp. 889–896. ACM (2009)

    Google Scholar 

  6. Song, H., Chauvel, F., Solberg, A.: Deep customization of multi-tenant SaaS using intrusive microservices. In: 2018 IEEE/ACM 40th International Conference on Software Engineering: New Ideas and Emerging Technologies Results (ICSE-NIER), pp. 97–100. IEEE (2018)

    Google Scholar 

  7. Li, X.H., Liu, T.C., Li, Y., Chen, Y.: SPIN: service performance isolation infrastructure in multi-tenancy environment. In: Bouguettaya, A., Krueger, I., Margaria, T. (eds.) ICSOC 2008. LNCS, vol. 5364, pp. 649–663. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89652-4_58

    Chapter  Google Scholar 

  8. Lin, H., Sun, K., Zhao, S., Han, Y.: Feedback-control-based performance regulation for multi-tenant applications. In: 2009 15th International Conference on Parallel and Distributed Systems (ICPADS), pp. 134–141. IEEE (2009)

    Google Scholar 

  9. Leitner, P., Wetzstein, B., Rosenberg, F., Michlmayr, A., Dustdar, S., Leymann, F.: Runtime prediction of service level agreement violations for composite services. In: Dan, A., Gittler, F., Toumani, F. (eds.) ICSOC/ServiceWave -2009. LNCS, vol. 6275, pp. 176–186. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16132-2_17

    Chapter  Google Scholar 

  10. Wang, W., Huang, X., Qin, X., Zhang, W., Wei, J., Zhong, H.: Application-level CPU consumption estimation: towards performance isolation of multi-tenancy web applications. In: 2012 IEEE 5th International Conference on Cloud computing (CLOUD), pp. 439–446. IEEE (2012)

    Google Scholar 

  11. Back, G., Hsieh, W.C., Lepreau, J.: Processes in KaffeOS: isolation, resource management, and sharing in Java. In: Proceedings of the 4th Conference on Symposium on Operating System Design & Implementation-Volume 4, p. 23. USENIX Association (2000)

    Google Scholar 

  12. Czajkowski, G., Daynès, L., Titzer, B.L.: A multi-user virtual machine. In: USENIX Annual Technical Conference, General Track, pp. 85–98 (2003)

    Google Scholar 

  13. Geoffray, N., Thomas, G., Muller, G., Parrend, P., Frénot, S., Folliot, B.: I-JVM: a Java virtual machine for component isolation in OSGi. In: IEEE/IFIP International Conference on Dependable Systems & Networks, DSN 2009, pp. 544–553. IEEE (2009)

    Google Scholar 

  14. Czajkowski, G., Daynàs, L.: Multitasking without compromise: a virtual machine evolution. ACM SIGPLAN Not. 47(4a), 60–73 (2012)

    Article  Google Scholar 

  15. Johnson, G., Dawson, M.: Introduction to Java multitenancy. Technical report (2015)

    Google Scholar 

  16. Herzog, A., Shahmehri, N.: Problems running untrusted services as Java threads. In: Nardelli, E., Talamo, M. (eds.) Certification and Security in Inter-Organizational E-Service. IOLCS, vol. 177, pp. 19–32. Springer, Boston (2005). https://doi.org/10.1007/11397427_2

    Chapter  Google Scholar 

  17. Rodero-Merino, L., Vaquero, L.M., Caron, E., Muresan, A., Desprez, F.: Building safe PaaS clouds: a survey on security in multitenant software platforms. Comput. Secur. 31(1), 96–108 (2012)

    Article  Google Scholar 

  18. JCP: JSR 284: Resource Consumption Management API. https://jcp.org/en/jsr/detail?id=284. Accessed 04 Dec 2018

  19. Czajkowski, G., Hahn, S., Skinner, G., Soper, P., Bryce, C.: A resource management interface for the Java\(^{\rm TM}\) platform. Softw. Pract. Exp. 35(2), 123–157 (2005)

    Article  Google Scholar 

  20. Grove, D., DeFouw, G., Dean, J., Chambers, C.: Call graph construction in object-oriented languages. ACM SIGPLAN Not. 32(10), 108–124 (1997)

    Article  Google Scholar 

  21. OSGi Alliance: OSGi specification (2012). https://osgi.org/download/r4v43/osgi.core-4.3.0.pdf. Accessed 19 Apr 2017

  22. Simão, J., Lemos, J., Veiga, L.: \(A^{2}\)-VM: a cooperative Java VM with support for resource-awareness and cluster-wide thread scheduling. In: Meersman, R., et al. (eds.) OTM 2011. LNCS, vol. 7044, pp. 302–320. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25109-2_20

    Chapter  Google Scholar 

  23. Kim, Y.J., Lee, Y.C., Han, H., Kang, S.: Hierarchical recursive resource sharing for containerized applications. In: Pahl, C., Vukovic, M., Yin, J., Yu, Q. (eds.) ICSOC 2018. LNCS, vol. 11236, pp. 781–796. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03596-9_56

    Chapter  Google Scholar 

  24. Makki, M., Van Landuyt, D., Joosen, W.: Towards PaaS offering of BPMN 2.0 engines: a proposal for service-level tenant isolation. In: Mann, Z.Á., Stolz, V. (eds.) ESOCC 2017. CCIS, vol. 824, pp. 5–19. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79090-9_1

    Chapter  Google Scholar 

  25. Truyen, E., Van Landuyt, D., Reniers, V., Rafique, A., Lagaisse, B., Joosen, W.: Towards a container-based architecture for multi-tenant SaaS applications. In: Proceedings of the 15th International Workshop on Adaptive and Reflective Middleware, p. 6. ACM (2016)

    Google Scholar 

  26. Ochei, L.C., Bass, J.M., Petrovski, A.: Degrees of tenant isolation for cloud-hosted software services: a cross-case analysis. J. Cloud Comput. 7, 22 (2018)

    Article  Google Scholar 

  27. Zhang, X., Tune, E., Hagmann, R., Jnagal, R., Gokhale, V., Wilkes, J.: CPI 2: CPU performance isolation for shared compute clusters. In: Proceedings of the 8th ACM European Conference on Computer Systems, pp. 379–391. ACM (2013)

    Google Scholar 

  28. Krebs, R., Spinner, S., Ahmed, N., Kounev, S.: Resource usage control in multi-tenant applications. In: 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 122–131. IEEE (2014)

    Google Scholar 

  29. Walraven, S., De Borger, W., Vanbrabant, B., Lagaisse, B., Van Landuyt, D., Joosen, W.: Adaptive performance isolation middleware for multi-tenant SaaS. In: 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC), pp. 112–121. IEEE (2015)

    Google Scholar 

  30. Lama, P., Wang, S., Zhou, X., Cheng, D.: Performance isolation of data-intensive scale-out applications in a multi-tenant cloud. In: 2018 IEEE International Parallel and Distributed Processing Symposium (IPDPS), pp. 85–94. IEEE (2018)

    Google Scholar 

  31. Binder, W., Hulaas, J.G., Villazón, A.: Portable resource control in Java. ACM SIGPLAN Not. 36, 139–155 (2001)

    Article  Google Scholar 

  32. Janik, A., Zieliński, K.: Transparent resource management with Java RM API. In: Alexandrov, V.N., van Albada, G.D., Sloot, P.M.A., Dongarra, J. (eds.) ICCS 2006. LNCS, vol. 3994, pp. 1023–1030. Springer, Heidelberg (2006). https://doi.org/10.1007/11758549_136

    Chapter  Google Scholar 

  33. Activiti. https://www.activiti.org/. Accessed 04 Dec 2018

  34. Rhino. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/. Accessed 04 Dec 2018

  35. HoseinyFarahabady, M.R., Lee, Y.C., Zomaya, A.Y., Tari, Z.: A QoS-aware resource allocation controller for function as a service (FaaS) platform. In: Maximilien, M., Vallecillo, A., Wang, J., Oriol, M. (eds.) ICSOC 2017. LNCS, vol. 10601, pp. 241–255. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69035-3_17

    Chapter  Google Scholar 

Download references

Acknowledgment

This research is partially funded by the Research Fund KU Leuven (project GOA/14/003 - ADDIS) and the strategic basic research (SBO) project DeCoMAdS.

Author information

Authors and Affiliations

  1. imec-DistriNet, Department of Computer Science, KU Leuven, Leuven, Belgium

    Majid Makki, Dimitri Van Landuyt, Bert Lagaisse & Wouter Joosen

Authors
  1. Majid Makki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dimitri Van Landuyt
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bert Lagaisse
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wouter Joosen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Majid Makki .

Editor information

Editors and Affiliations

  1. Laboratory for Analysis and Architecture, Toulouse, France

    Sami Yangui

  2. National Engineering School of Sfax, Sfax, Tunisia

    Ismael Bouassida Rodriguez

  3. Laboratory for Analysis and Architecture, Toulouse, France

    Khalil Drira

  4. RMIT University, Melbourne, VIC, Australia

    Zahir Tari

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Makki, M., Van Landuyt, D., Lagaisse, B., Joosen, W. (2019). Thread-Level CPU and Memory Usage Control of Custom Code in Multi-tenant SaaS. In: Yangui, S., Bouassida Rodriguez, I., Drira, K., Tari, Z. (eds) Service-Oriented Computing. ICSOC 2019. Lecture Notes in Computer Science(), vol 11895. Springer, Cham. https://doi.org/10.1007/978-3-030-33702-5_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-33702-5_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-33701-8

  • Online ISBN: 978-3-030-33702-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation