Authors I.V. Bogomolov, A.V. Aleksiyants, O.D. Borisenko, A.I. Avetisyan
Month, Year 12, 2016 @en
Index UDC 004.052.34, 004.75
DOI 10.18522/2311-3103-2016-12-130140
Abstract Cloud services are becoming increasingly popular and they are among the most convenient means for computations in wide range of tasks. Authorization and authentication services for resource management in open-source clouds are distinct from proprietary solutions. An «atom» in open-source solutions is not a personal account but a grouping entity (tenant/project/etc). This approach imposes restrictions on building authorization and authentication service. Besides, users and other cloud services interact with the same system which prevents the cloud from adding fake nodes. Identification systems in open cloud platforms rely on two common components: relational database management system and common algorithms of cryptography on stored data. None of the system developers put performance first in such systems but they provide some means for reliability and high availability. This article shows importance of scaling identification system in context of performance for Openstack Keystone. We provide experiments and analytics suggesting that using RDBMS is wrong for such a task due to the complexity of employed crypto-algorithms and centralized storage system. We show that this common approach leads to non-linear scalability on nodes count and number of users. We describe a new approach which allows to solve scalability issues by replacing RDBMS with In-Memory Data Grid(IMDG) solutions. Prototype solution has been implemented using Tarantool IMDG.

Download PDF

Keywords Identity service; Openstack Keystone; cloud computing; Denial of Service; cloud scalability.
References 1. Moreno-Vozmediano R., Montero R.S., Llorente I.M. Iaas cloud architecture: From virtualized datacenters to federated cloud infrastructures, Computer, 2012, Vol. 45, No. 12, pp. 65-72.
2. Ofitsial'nyy sayt Amazon Elastic Compute Cloud [Amazon Elastic Compute Cloud official page]. Available at:
3. Ofitsial'nyy sayt Amazon Elastic Compute Cloud [Microsoft Azure official page]. Available at:
4. Ofitsial'nyy sayt Amazon Elastic Compute Cloud [Google Compute Engine official page]. Available at:
5. Ofitsial'nyy sayt Amazon Elastic Compute Cloud [OpenStack project official page]. Available at:
6. Ofitsial'nyy sayt Amazon Elastic Compute Cloud [Eucalyptus project official page]. Available at:
7. Fontán J. et al. OpenNEbula: The open source virtual machine manager for cluster computing, Open Source Grid and Cluster Software Conference, San Francisco, CA, USA, 2008.
8. Kumar R. et al. Apache cloudstack: Open source infrastructure as a service cloud computing platform, Proceedings of the International Journal of advancement in Engineering technology, Management and Applied Science, 2014, pp. 111-116.
9. Luo J.Z. et al. Cloud computing: architecture and key technologies, Journal of China Institute of Communications, 2011, Vol. 32, No. 7, pp. 3-21.
10. Freet D. et al. Open source cloud management platforms and hypervisor technologies: A review and comparison, SoutheastCon, 2016. IEEE, 2016, pp. 1-8.
11. Lynn T. et al. A Comparative Study of Current Open-source Infrastructure as a Service Frameworks, CLOSER, 2015, pp. 95-104.
12. Opisanie arkhitektury Openstack Keystone [Openstack Keystone architecture description]. Available at:
13. Bogomolov I.V., Aleksiyants A.V., Sher A.V., Borisenko O.D., Avetisyan A.I. Metod testirovaniya proizvoditel'nosti i stress-testirovaniya tsentral'nykh servisov identifikatsii oblachnykh sistem na primere Openstack Keystone [A performance testing and stress testing of cloud platform central identity: OpenStack Keystone case study]: Trudy Instituta sistemnogo programmirovaniya RAN [Proceedings of the Institute for System Programming], 2015, Vol. 27, Issue 5, pp. 49-58.
14. Bell, Tim, et al. Scaling the CERN OpenStack cloud, Journal of Physics: Conference Series, Vol. 664, No. 2. IOP Publishing, 2015.
15. Marek Denis, Jose Castro Leon, Emmanuel Ormancey, Paolo Tedesco (CERN, Geneva, Swit-zerland). Identity federation in OpenStack - an introduction to hybrid clouds. 21st International Conference on Computing in High Energy and Nuclear Physics (CHEP2015). Doi:10.1088/1742-6596/664/2/022015.
16. Ofitsial'naya stranitsa proekta Rally [Rally project official page]. Available at:
17. Almási G. et al. Toward building highly available and scalable OpenStack clouds, IBM Journal of Research and Development, 2016, Vol. 60, No. 2-3, pp. 1-5.
18. Baojiang Cui, Tao Xi. Security Analysis of Openstack Keystone, in Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS): 9th International Conference 2015, 8-10 July 2015, pp. 283-288, Doi: 10.1109/IMIS.2015.44.
19. Bharati P.V., Mahalakshmi T.S. A Combinational Approach for securing the data in cloud storage using HMAC-SHA512 and Information Secured Algorithm (ISA), International Jour-nal of Applied Engineering Research, 2016, No. 6, pp. 4081-4084.
20. Kemme B., Alonso G. Database replication: a tale of research across communities, Proceedings of the VLDB Endowment, 2010, No. 1-2, pp. 5-12.
21. Abramova V., Bernardino J., Furtado P. Experimental evaluation of NoSQL databases, Inter-national Journal of Database Management Systems, 2014, No. 3, P. 1.
22. Dinsmore T.W. In-Memory Analytics, Disruptive Analytics. Apress, 2016, pp. 97-116.

Comments are closed.