Section: New Results
Management and control
Participants : Sara Bouchenak, Fabienne Boyer, Noël De Palma, Olivier Gruber, Eric Rutten, Jean-Bernard Stefani, Gwenael Delaval, Soufyane Aboubekr, Jean Arnaud, Loris Bouzonnet, Jérémy Philippe.
Self-tuning for Internet Services
This work aims at building SLA (Service Level Agreement) management and self-tuning functions for Web application servers. In particular, we address the issue of providing guarantees on both service performance and service availability, two criteria of service quality that are usually handled separetely, and can be seen as antagonistic (high service availability is usually obtained at the expense of performance, and good performance has usually an impact on availability). We have developed two sets of techniques to achieve self-tuning with guarantees on service level objectives (SLOs) such as maximum response times and maximum abandon rates.
The first set of techniques applies fluid models from control theory to modeling, capacity planning, system control and provisioning of server systems. Our main contributions are:
a novel model that reflects the non-linear behavior of server systems,
a dynamically and automatically evolving model state based on online monitoring in order to reflect service workload variation,
novel control laws that take into account both performance and availability SLOs to dynamically and automatically control the system and provision its resources accordingly.
These techniques were proposed in the form of theoretical model and control laws, implemented in a Java-based prototype called ConSer , and successfully evaluated in a real warehouse online service running on a database system  ,  ,  ,  . This work is conducted in the context of a collaboration between SARDES and the NeCS INRIA Project-Team. This work is the subject of the PhD thesis of Luc Malrait, who is co-advised by Nicolas Marchand (NeCS) and Sara Bouchenak (SARDES).
The second set of techniques makes use of queuing theory to model, provision and plan the capacity of Internet services deployed on clusters of computers, as is usually the case of e-commerce services. Our main contributions consist of:
an extended queuing model that takes into account the distribution and parallelism of cluster-based distributed systems, and allows to predict system performance and availability,
a novel approach for dynamically and automatically configuring model state, which reflects workload changes and does not require system administrators to perform offline calibration of the model, a technically tricky phase usually necessary prior to the use of these types models,
a novel control algorithm that takes into account both performance and availability SLOs while minimizing system costs; it applies dynamic and automatic configuration and provisioning of cluster-based systems with necessary and sufficient resources that guarantee target service performance and availability.
These techniques were proposed in the form of a theoretical extension of the well-known MVA queuing model, the specification of a capacity planning and provisioning algorithm, the design of an online distributed monitoring mechanism of cluster-based systems, and the implementation of a Java-based software prototype called MoKa running in realistic distributed Web applications running on Web servers and database servers  . This work is the subject of the Ph.D. thesis of J. Arnaud.
Self-repair for cluster systems
We have completed the implementation and evaluation of a self-repair architecture for cluster systems, built with the Jade framework. Self-repair is achieved through a combination of component-based design, reßection and active replica- tion of the management subsystem. The self-repair architecture has been applied to a JEE Web application server cluster, and an NFS file server cluster. Our evaluations show that the Jade framework and the self-repair mechanisms add negligible overhead to the operation of a managed system, and that our self-repair architecture achieves short MTTR (Mean Time To Repair) even with a simple repair policy consisting of reconfiguring the managed system so as to maintain the same Web application server architecture in the running cluster. The self-repair architecture is described in detail in Sylvain Sicard's PhD thesis  , and in the book chapter  .
Discrete control for adaptive and reconfigurable systems
Our approach is to apply control techniques based on the behavioral model of reactive automata and the algorithmic techniques of discrete controller synthesis. We consider the problem theoretically and also practically. We therefore adopt the synchronous approach to reactive systems: this way we can, on the one hand, rely on synchronous languages as modeling formalisms, which are equipped with compilers and executable code generators, and on the other hand, use an associated effective controller synthesis tool: Sigali. Both are integrated into a programming language, called BZR, and its compiler, as an extension of the Heptagon language  ,  . We thus have a complete tool-supported method from control modeling down to concrete execution, considering different execution models, and targetting either software or hardware.
This gives us a multi-tier approach to the model-based control of adaptive computing systems, where we can consider the general problem, and contribute on a more specialized topic: to model the discrete behaviours of the system to be regulated, and to obtain a correct controller by automated synthesis. The originality of our approach is in the emerging nature of this topic in computer science, which is appearing in soft-, hard- and middleware. It represents a new combination of existing approaches in:
operating systems and middleware
(discrete) control theory
formal methods and tools, as a link between the two.
We explore control theory for computer science, as an original alernative to computer science for control (as more usually in embedded systems), and to classical discrete control theory (as more usually applied to manufacturing)  .
We currently have the following activities and contacts on the different aspects of our approach:
Control techniques are explored, in discrete controller synthesis (DCS) in cooperation with Herve Marchand (VerTecs, INRIA Rennes), and in optimal DCS on paths, in cooperation with VerTecs (INRIA Rennes), Pop Art (INRIA Grenoble) and INSA Lyon. Other DCS techniques for distributed control are considered woth contacts with GIPSA-Lab and ENSI Tunis.
At the language-level, a modelling and controller generation language called BZR, which involves DCS in its compilation, is designed and develloped with VerTecs (INRIA Rennes); this is done in relation with other synchronous languages developed in the Synchronics Inria cooperative project. An ongoing activity is the language-level integration in a formal specification of Fractal in Alloy, and with the behavioral ADL in Fractal, in the framework of the Minalogic project MIND.
At the execution level, modelling of mechanisms and execution of adaptation control is explored in terms of reactive models of adaptation, and linking the generated controller in the adaptative middleware, related to Fractal: in the framework of the Minalogic project MIND, we target the C implementation (related to Think/Cecilia) in cooperation with ST Microelectronics and Orange labs. We consider execution models with sequential code generation (C, Java, Caml), and begin to explore distributed control.
We are exploring other target application domains, where we expect to find commonalities in the control problems, and variations in the definitions of configurations, and in the criteria motivating adaptation. We are linking BZR with Orccad, a programming environment for control systems, in cooperation with NeCS and SED at INRIA Grenoble. We are examining administration loops in a virtual machine, in cooperation with the Synergy group of Sardes. We are starting an activity concerning reconfigurable circuits, particularly FPGAs, in the framework of the ANR project FAMOUS, in cooperation with DaRT (INRIA Lille), and Lab-STICC in Lorient.