Automated Deployment and Evaluation of BFT Systems Using a Metal-as-a-Service Cloud

Problem

The traditional operation system (OS) virtualization as well as the emerging container systems aim at increasing the utilization of a single physical machine, e.g. via multi-tenant Platform-as-a-Service (PaaS) clouds. Metal-as-a-Service (MaaS) takes a different approach. Instead of virtual machines or containers, MaaS clouds offer complete physical machines to the customers. This is especially useful, when the deployed software has special features that can not or only with big effort, be virtualized, as it will be directly deployed on the hardware. Furthermore, since the customers have full control over the host machines, they can always utilize the entire computing resource in case of resource-intensive workloads, without concerning other customers’ applications. There are well established management and orchestration tools for MaaS clouds, such as Ubuntu MaaS and Ansible. However, so far they are designed and mainly used for generic-purpose applications, and their public clouds’ characteristics might lead to security concerns, in terms of user information and data safety.

Solution

This work aims to provide a private, reliable MaaS cloud that targets those applications with high availability and safety requirements. This cloud platform integrates a Byzantine Fault Tolerance (BFT) protocol to guarantee the reliability and safety of deployed applications, with both state machine replication (at software level) and trusted execution environment (at hardware level) technologies. The implementation of the BFT protocol is modularized for easy deployment and management. It is designed to be offered as a native service to the customers when building and orchestrating the software stacks upon the host machines. This way, cloud customers can benefit from this cloud by simply selecting this native service when deploy their applications, thus they are freed from the need to implement their own BFT system from scratch. Moreover, the integrated BFT protocol enables the replicas to communicate with unmodified clients, which makes the cloud platform capable of deploying customer-facing applications, such as Web service.