The concept of cloud computing has appeared recently to denote computing architectures in which computing processes traditionally located on user client stations of a company, or on servers of the company, are offloaded to remote servers. Remote hardware resources, distributed across the world, are thus accessed on demand via the Internet to create services accessible on-line by users. The applications and the data are no longer situated on the user's local computer, or on the server situated in this user's company, but in a cloud composed of a certain number of interconnected remote servers. With cloud computing, a company therefore no longer needs to set up its physical network infrastructure by itself. On the contrary, it can call upon a service provider that offers turnkey capabilities such as these. This same provider can thus offer a plurality of dematerialized infrastructures to a plurality of different clients on the basis of a same physical architecture of interconnected servers.
A cloud computing architecture generally relies on a dematerialization based on a virtualization of resources. Virtualization consists in running several operating systems on a single computer, as if they ran on separate computers. Virtualization makes it possible to increase the performance of an infrastructure by maximally optimizing the use of the resources of the infrastructure. Furthermore, it generates substantial savings by pooling resources and activities.
Cloud computing architectures are proposed to clients with service and availability guarantees negotiated by contract and subject to a pricing system adapted to the resources allocated (the term commonly used is “provisioning”.) In order to guarantee this availability to clients at all times, systems make it possible to balance the resources in real time over a set of host servers. Thus, in the event of a load increase in a virtual machine hosted by a host server, which reaches its capacity limit when this load increase occurs, the system evaluates the priority of this virtual machine with respect to other co-tenant virtual machines hosted by the same host server in order to allocate additional resources to it. This allocation of additional resources consists in moving the virtual machine in question toward another host server which possesses sufficient resources, or in moving virtual machines that are co-tenants of this virtual machine so that it possesses more resources, or again in duplicating the virtual machine over several host servers so as to meet the increased resource requirements. To move a virtual machine in this way, use is made of a system of hot migration of virtual machines from a source host server toward a target host server. This system is known by the name of dynamic load balancing. Dynamic load balancing functionality thus makes it possible to automatically manage intermittent requests for additional resources within a cloud architecture in order to ensure that the virtual machine is continuously available. When a virtual machine is migrated toward another host server, it retains the same identifying characteristics, namely the same IP address, the same MAC address, etc. When this functionality is active and an upward variation in the consumption of resources (e.g. the processor, memory, or storage) is observed on a virtual machine in a cluster, and this variation causes the host server to reach its capacity limit, then one or more migrations of virtual machines toward one or more host servers can be effected so as to balance the load distribution between the host servers as well as possible. Thus, the virtual machine in question may be migrated, or virtual machines that are co-tenants of the virtual machine in question may be migrated. However, an upward variation of resource consumption or an attack caused for malicious purposes cannot be stopped by the migration of virtual machines. The resources required for the affected virtual machine continue to increase. More migrations of the virtual machine or machines can then occur and once the possibilities are exhausted, there is a risk that the last server will be unavailable, leading to interruption of access to other virtual machines present on the host server, and perhaps dedicated to other clients. Whatever the situation, all the servers through which a virtual machine has passed during successive migrations will have been affected.
Generally, a migration of a virtual machine is not harmless. It has effects on the network. In fact, all information relating to the state of the machine in the process of migrating transits through the network. When several virtual machines are migrated, it is obvious that these effects may penalize the performance of the network as a whole. On the other hand, migration is restrictive: the target host server must have access to the same sub-network as the source server, be based on the same type of CPU (Central Processing Unit), have access to the same storage medium, etc. These restrictions reduce the possibilities of migrations that risk always affecting the same host servers, and in the same way, the co-tenant virtual machines. Moreover, once the possibilities of migration have been exhausted, there is a risk that the last host server affected or the co-tenant machines will be unavailable.
Thus, an attack against a virtual machine in a cloud computing architecture where the dynamic load balancing functionality is active may have a dangerous effect on the host server, the co-tenant virtual machines, or even the whole architecture, by causing uncontrolled migrations. This is penalizing in an architecture intended to offer turnkey network services, the availability of which is guaranteed by contract, to a plurality of clients.