AUTOMATED REASONING FOR EVENT MANAGEMENT IN CLOUD PLATFORMS

Information

  • Patent Application
  • 20230161637
  • Publication Number
    20230161637
  • Date Filed
    April 24, 2020
    4 years ago
  • Date Published
    May 25, 2023
    a year ago
Abstract
The disclosure relates to a method, system and computer readable media for automatically managing an event in a cloud system. The method comprises determining a candidate action to be applied to the cloud system for managing the event. The method also comprises applying the candidate action to a model of the cloud system. The method comprises, upon determining that the model of the cloud system meets at least one performance indicator and that the candidate action is a proved action, applying the proved action to the cloud system.
Description
TECHNICAL FIELD

The present disclosure relates to automated event management in cloud platforms and to automated fault management.


BACKGROUND

Faults often occur in cloud networks and systems and contribute to a significant portion of cloud operational costs. For instance, an infrastructure fault (e.g. a central processing unit (CPU), memory or hard disk drive (HDD) fault) detected at one node of an edge cloud, if not properly handled, may propagate and may spread up towards the application level. It may also propagate across several cloud nodes in the same cluster of the edge cloud. Once spread, it can be hard to identify and trace the root cause of the fault, which can delay the identification of appropriate fault recovery and prevention procedures. Recent developments in fifth generation (5G) networks have involved various technologies related to the edge and distributed cloud computing; the challenge of fault management (e.g. recovery procedures, prevention procedures) in such networks is threefold.


First, due to the heterogeneous devices and cloud deployments, it is very difficult to select the appropriate procedure to recover or prevent such faults in all the network and system domains. When such faults are detected, it requires human feedback or input to identify appropriate action to solve or handle the identified faults. This approach requires a lot of manual configuration and prior knowledge about the metrics and actions having a direct impact on the faults in a specific device or cloud. In addition, manual troubleshooting cannot guarantee to cover all fault scenarios and to propose the appropriate recovery or prevention procedures given the complexity and the size of current networks and systems. Hence, troubleshooting expertise can only be mastered after years of experience, especially in large cloud systems.


Second, the selection of appropriate fault management procedures for each domain and scenario becomes a challenge to avoid fault propagation. For example, procedures used in a data center may be very different from those used in content delivery networks. In addition, several procedures can be used to recover a detected or predicted fault and these procedures may perform differently under different circumstances. Furthermore, cloud systems may change in unforeseen ways because the workload and the cloud infrastructure can change over time, which may lead to the occurrence of new faults that require new recovery procedures. Consequently, there is no explicit, global, troubleshooting methodology that can be automated and utilized in such network and system domains due to the dynamic and complex nature of cloud systems.


Third, the cloud infrastructure and the available resources may change frequently, especially in edge domains. This introduces a challenge for a selected recovery and prevention procedure as it needs to adapt to changes due to the dynamic and unpredictable cloud contexts. For example, a method used to recover a CPU fault may become unusable or inappropriate (e.g. it may take a longer time than expected or it cannot be applied on the processor) according to available resources from one domain to another.


SUMMARY

There is therefore a need to design an automated method to determine the appropriate recovery or prevention procedures for detected or predicted faults in cloud systems.


There is provided a method for automatically managing an event in a cloud system. The method comprises determining a candidate action to be applied to the cloud system for managing the event. The method also comprises applying the candidate action to a model of the cloud system. The method also comprises, upon determining that the model of the cloud system meets at least one performance indicator and that the candidate action is a proved action, applying the proved action to the cloud system.


There is provided a system for automatically managing an event in a cloud system. The system comprises processing circuits and a memory, the memory containing instructions executable by the processing circuits. The system, upon executing the instructions, is operative to determine a candidate action to be applied to the cloud system for managing the event. The system is also operative to apply the candidate action to a model of the cloud system. The system is also operative to, upon determining that the model of the cloud system meets at least one performance indicator and that the candidate action is a proved action, apply the proved action to the cloud system.


There is also provided a non-transitory computer readable media having stored thereon instructions for managing an event in a cloud system. The instructions can comprise any of the steps described herein.


The methods, systems and computer readable medias provided herein present improvements to the way fault management in cloud platforms operate.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 a schematic representation of information related with an action.



FIG. 2 is a schematic illustration of the architecture for event management in cloud platforms.



FIG. 3 is a schematic illustration of the fault detector-predictor.



FIG. 4 is a flowchart of a method for fault management in cloud platforms.



FIG. 5 a schematic illustration of the architecture of the action selector.



FIG. 6 is a schematic illustration of an example constraints satisfaction problem as represented by a graph.



FIG. 7 is a flowchart of a method executed by the action selector.



FIG. 8 a schematic illustration of the architecture of the cloud model analyzer.



FIG. 9 is a flowchart of a method executed by the cloud model analyzer



FIG. 10 a schematic illustration of the architecture of the action reasoner.



FIG. 11 is a flowchart of a method executed by the action reasoner.



FIG. 12 a schematic illustration of the prover.



FIG. 13 a schematic illustration of example actions from an action pool.



FIG. 14 a schematic illustration of an example of fault management in a cloud platform using selected actions.



FIG. 15 is a flowchart of a method for automatically managing an event in a cloud system.



FIG. 16 is a schematic illustration of a cloud or virtualization environment in which the different methods, systems and computer readable medias described herein can be deployed.





DETAILED DESCRIPTION

Various aspects, features and embodiments will now be described with reference to the drawings to fully convey the scope of the disclosure to those skilled in the art.


Sequences of actions or functions may be used within this disclosure. It should be recognized that some functions or actions, in some contexts, could be performed by specialized circuits, by program instructions being executed by one or more processors, or by a combination of both.


Further, computer readable carrier or carrier wave may contain an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein.


The functions/actions described herein may occur out of the order noted in the sequence of actions or simultaneously. Furthermore, in some illustrations, some blocks, functions or actions may be optional and may or may not be executed.


Referring to FIG. 1, which is a schematic representation of an action, the action 100 includes information about one or more task or function to be performed to repair a specific fault. Herein, the action is defined as a combination of the following information: an identifier (ID) 102, one or more inference rules 104, the target component 112 experiencing the fault, one or more key performance indicators (KPIs) 114 to be improved, and a success rate 116 the action achieves. A person skilled in the art would realize that the action could be defined differently, with more or less information and could still be used to achieve a similar purpose.


And inference rule 104 is a logical transformation or function that can be used to infer a conclusion, it comprises at least one premise 106 that is used to create an argument. It takes the premises, analyzes their syntax, and returns one or more conclusion 110. According to this proposed definition, an inference rule 104 can be composed of a set of premises 106 and a set of conclusions 110.


A premise 106 is a sequence of propositions that a given statement will justify and return a specific conclusion. Herein, a premise includes a fault type 107 and one or more axiom 108 or a set of axioms.


A fault type 107 refers to the nature of the experienced fault (memory, HDD, CPU, network, etc.).


An axiom 108 is a proposition or statement that serves as a premise leading to a specific conclusion or reasoning when its value is true.


A conclusion 110 is the logical consequence or deduction that is obtained given that some statements or propositions are true. Herein, it is the results of the combination of (1) the fault type 107 and (2) the axiom 108 values. This means that whenever the fault type 107 and axiom 108 are true, then the conclusion 110 is true.


A component 112 is an element of the monitored system in relation to which a fault may occur and to which an action 100 will be applied to repair a given fault.


A mapped KPI 114 is a type of performance measurement for an affected KPI associated with a specific fault.


A success rate 116 is a calculated percentage of successes among a number of attempts when applying a specific action with respect to a specific fault.


Different approaches exist concerning reasoning for fault management. These existing approaches can be grouped in four different classes: rule-based reasoning, case-based reasoning, model-based reasoning and machine learning or artificial intelligence (AI).


Rule-based reasoning combines a collection of rules, where each rule has the form of Boolean expression and action. When a Boolean expression is matched with a problem or fault, a corresponding action is executed. However, it this has several shortcomings: it requires exact matching, it fails if the fault is not anticipated by the rules, and it requires explicit updates for new faults.


Case-based reasoning can reason based on past problems and solutions. It is case-specific, and it is not easy to generalize to all cases. Case-based reasoning can incorporate the learning of new cases. A large case base improves the technique but can slow things down.


Model-based reasoning refers to developing a model of the physical world. Then, at run time, the model build from previous knowledge is combined with observed data to derive conclusions such as diagnosis or prediction. Key limitations of model-based reasoning include model validation, model re-use for another system, and the degree of model accuracy. In addition, model-based reasoning can handle problems explained by the model only.


Machine learning or AI based approaches require the compilation of libraries of healthy and fault patterns for the performance of a device. These libraries do not provide knowledge-rich structures or justifications for device behavior or failures.


Automatic and adaptive fault reasoning-management is a challenging task. It is difficult to design efficient and appropriate models to deal with fault management in any cloud platform or software system. Hence, it is of interest to design an automated solution to overcome the above-mentioned limitations.


Described herein is a method and system to automatically reason and select an appropriate action to be applied to recover from and/or prevent faults in cloud systems. The method comprises:

    • identifying a candidate action to be applied on the cloud system for managing the event;
    • applying the candidate action to a model of the cloud system; and
    • upon determining that the model of the cloud system meets at least one performance indicator after applying the candidate action, applying the candidate action to the cloud system.


Some of the advantages of such a method/system, includes:

    • automatic diagnosis for fault management for cloud systems, without requiring input from an expert human;
    • fast and efficient analysis of proposed actions to be applied to cloud systems to recover and/or prevent the occurrence of faults;
    • continuous learning about new faults while evaluating their corresponding actions (which means that as time goes on, less and less of the expensive fault reasoning method will be required);
    • a very simple mechanism to extend the faults automated reasoning method to other applications, such as performance or security management; and
    • complementary to other reasoning solutions (e.g. rules-based, case-based, model-based reasoning solutions).


Although the detailed description presented herein highlights an automated reasoning solution for fault management, the underlying method can be generalized to cover other applications, such as performance or security management.



FIG. 2 illustrates a system 200 which comprises three main components. The first component is an “Action Selector” 215 which identifies the main characteristics of a detected or predicted fault provided by a fault detector-Predictor 210 and which combines a set of inference rules to find a good candidate action (selected within an action pool 220) to be applied on the cloud system to recover from the fault or prevent its occurrence. The input of this component is mainly the detected or predicted fault and the output is mainly a candidate action to be applied on the cloud system.


The second component is a “Cloud Model Analyzer” 230, which takes as input a description of a given cloud system 205 and which provides as output a formal description of the cloud system. The main goal of the cloud model analyzer is to provide a high-level representation, or description of the architecture, of the cloud system as well as the different logical connections between its blocks using a formal language.


The third component is an “Action Reasoner” 225, which uses a candidate action output from the “Action Selector” component, applies it to the formal cloud model output from the “Cloud Model Analyzer” component and verifies its corresponding changes on the “formal cloud model”. Next, the action reasoner checks whether the cloud model meets certain input specifications. When the specifications are met, the action reasoner approves the candidate action and notifies the “Action Selector” to apply it on the real cloud system. Next, the “Action Selector” gets feedback about the system's new state with respect to the detected fault and its recovery. The applied action and its feedback are stored in an “Action Pool” for future uses (e.g., future detected similar faults having the same characteristics). Otherwise, it automatically reasons and analyzes the system performance and/or traces to propose other appropriate candidate actions to be applied or to identify appropriate adjustments to the “candidate action”. The identified adjustments are sent to the “Action Selector” to modify the proposed candidate action accordingly.


The Performance Detector-Predictor 235 and the Security Detector 240 are elements that could be switched with the Fault Detector-Predictor 210 to provide other functionalities to the cloud system, based on the same technique.



FIG. 3 illustrates the Fault Detector-Predictor 210 of FIG. 2 in more details. The Fault Detector-Predictor 210 uses offline historical data samples to train a model using machine learning algorithms (i.e., Neural Network, Random Forest, Support Vector Machine, etc.). Once the model is trained, online data samples that are collected at different times (which may be at regular time intervals) can be fed to the model to determine or predict faults which will trigger the automated reasoner. The Performance Detector-Predictor 235 and the Security Detector 240 could be implemented using similar techniques.



FIG. 4 presents a detailed flowchart of the different steps involved in the proposed process 400. Given the cloud system description, step 401, the system builds and generates a formal model for the corresponding cloud system, step 402, that describes the logical connections between the blocks of the cloud system.


Given a new online data sample, the Fault Detector and Predictor is able to identify the occurrence of a fault, step 403a or 403b, when or before it happens. When no fault is detected or predicted, the Fault Detector and Predictor waits for the next online data sample, step 404. Then, the Fault Detector and Predictor waits until getting a new data sample from the monitored cloud system.


A data sample may include metrics concerning the status of CPU, storage, memory, Input/Output, temperature, node capacity, etc. at a given time, such as go_memstats_heap_inuse_bytes, node_load1, go_memstats_alloc_bytes, go_memstats_heap_alloc_bytes, node_vmstat_nr_unevictable, node_memory_Dirty, node_memory_Unevictable, node_vmstat_nr_mlock, node_memory_Mlocked, go_memstats_stack_inuse_bytes, etc.


In the presence of a fault, the Fault Detector and Predictor determines the main characteristics of the detected or predicted fault (e.g., comparing the metrics between the no-faulty state and the faulty state and getting the deviation from the normal cloud system state). The Fault Detector and Predictor checks, step 405, whether there exist similar faults stored in the “Action Pool” that were previously analyzed by the system (e.g. it checks metrics describing the fault and their deviations from the normal range, the metrics may be ordered according to their importance).


When similar faults are found, the Fault Detector and Predictor applies the selected action on the real cloud system, step 406, and updates the Action Pool and the cloud formal model accordingly, step 412b.


When no similar faults are found, the Fault Detector and Predictor selects a combination of the input inference rules that would compose the new candidate action given the characteristics of the identified fault, step 407.


The proposed candidate action is applied on the formal cloud model to verify its usefulness and efficiency, step 408.


The Fault Detector and Predictor checks, step 409, whether the proposed candidate action meets an input specification to determine its efficiency to recover or prevent the fault. The input specifications are the KPIs that reflect the characteristics of the system when it recovers or prevents a fault. Those KPIs can be monitored through variables to track change on the system.


When the KPI specification is met, the “Action Selector” applies the approved action on the real cloud system, step 411, and get a feedback about the new cloud system status after recovering the fault (e.g. fault recovered or not, metrics related to the corresponding fault). The received feedback is later used to store the applied action and its system feedback within an Action Pool, step 412b. The Action Pool is used to save the cost associated while looking for the appropriate action for future similar faults. The received feedback is used as well to update the formal cloud model to reflect the new changes accordingly, step 412a.


When the KPI specification is not met, the “Action Selector” analyzes the obtained results from the formal cloud model analyzer and identifies the possible reasons that lead to the failure of “candidate action”. The “Action Selector analyzes and reasons over the obtained “possible causes” and determines adjustments (e.g. new inferences rules) to the “Action Selector” to modify the candidate action, step 410. When no new rules/candidates are discovered, the system generates an alarm to notify the user to give his input or feedback with respect to the triggered scenario.



FIGS. 5 and 7 present the architecture and the flowchart of the “Action Selector”, respectively.



FIG. 5 illustrates the architecture of the Action Selector. Illustrated there is a “Features Deviation Analyzer” 510 that is responsible to identify a list of deviated features, step 701, in the presence of a detected-predicted fault, given an online data sample from the monitored system. Precisely, the Features Deviation Analyzer checks whether the online data sample (value) is within the range of the statistical properties (e.g. mean, standard deviation, etc.) of the training data used to train the detection and prediction model.


Given the list of the deviated features from the previous step, the “Fault-Features Similarities Analyzer” first checks whether there were similar faults previously discovered by the “Action Selector”, step 702. The “Fault-Features Similarities Analyzer” 515 checks if there exists a previous fault with similar deviated features in the “Action Pool” 220. Next, it sorts the identifies similar faults by the amount of the deviation for each feature compared to the training data. Finally, the “Fault-Features Similarities Analyzer” select the most relevant “N” similar faults. “N” can be tuned with a random or specific variable based on the feedback from the monitored system.


Given the list of top “N” similar faults, step 703, the “Fault-Features Similarities Analyzer” compares the amount of the deviation with an input threshold (e.g., 70%, 80%, 90%) that is initialized by the user and tuned later when receiving system feedback. Particularly, the “Fault-Features Similarities Analyzer” selects the most similar faults, step 704, and ranks these faults based on their deviation similarities results and it chooses the one with the highest score. If the system shows the same deviation in the presence of faults, that means that the same action can be applied to get it back to the normal state. Therefore, the same action applied previously can be used on the most similar fault.


When the specified threshold is not met or no similar faults were found, the “Fault-Features Similarities Analyzer” will initiate the process of finding new candidate action, step 710, based on the characteristics of the detected-predicted fault.


A “Rules Conflict Solver” 520 analyzes the list of identified similar faults and their composing inferences rules. A combination of the rules can be found from the actions applied to similar faults to go back to the normal state. The goal of this solver is to go through the inference rules of the identified similar faults and get the list of the ones that are non-conflicting, step 709. The solver can be modeled as a constraint satisfaction problem (as described below) which can be solved using one of the known algorithms: backtracking, forward checking, maintaining arch consistency.


The Constraints Satisfaction Problem consists of assigning values to variables while satisfying certain constraints. Constraints Satisfaction Problem consists of three components:


Finite set of variables which are the conclusions in the inference rules of the selected actions.






r={r
1
,r
2
,r
3
,r
4}


Finite set of values for each variable






V={V
1
,V
2}





V1=1→a given rule to be selected





V2=0→a given rule to not be selected


where each variable can take one of the values in V.






r
1={0,1}






r
2={0,1}






r
3={0,1}






r
4={0,1}


Finite set of constraints between the variables. There are two types of constraints: combination of conclusions in inference rules should reside in the same action, and combination of conclusions in inference rules should not reside in the same action.






C={r
1
≠r
3
,r
1
=r
2
,r
2
≠r
3
,r
4
=r
1
,r
3
≠r
4
,r
2
=r
4}


The Constraints Satisfaction Problem can be represented by a graph where nodes correspond to variables and edges correspond to constraints, as shown in FIG. 6. The problem is to assign a value for each variable such that the constraints are met. The problem can be solved by backtracking, forward checking, maintaining arch consistency.


When no conflicting rules or no similar faults are found, the solver select some rules from the “Rule Pool” 530 to compose one or more new candidate action(s), step 710.


A “Rules Optimization Analyzer” 525 uses the resulting non-conflicting rules from the previous step, or the rules selected by the solver (when no similar faults were found) to find a good (aiming towards optimal) combination of inference rules. The main objective of the analyzer is to determine a new candidate action to be applied on the cloud system to recover or prevent a fault. Particle Swarm Optimization (PSO) can be used to find a candidate action, step 711. PSO is selected because it can optimize a problem by iteratively trying to improve a candidate solution with regard to a given measure. The PSO tries to move the candidate solutions called particles around the search-space according to a mathematical formula as explained below.


Quantum Particle Swarm Optimization (QPSO) is a discrete version of PSO to solve problems with binary-valued solution elements.


Simulated Annealing (SA), Genetic Algorithm (GA), and Column-Generation (CG) are other examples of algorithms that could alternatively be used. PSO is chosen because of its effectiveness in solving a wide range of applications. It has the ability to find optimal or near-optimal solutions for large-space problems in a short time compared to other heuristics.


The QPSO steps are now described. First, the particles are initialized. A particle is defined based on the quantum bit. Two vectors are initialized.


A quantum particle vector V(t)i, which is the velocity for particle i and is initialized to random values between [0,1]:






V(t)i=[v(t)1i,v(t)2i, . . . ,v(t)ni]  (1)


and a discrete particle vector p(t)i, which is initialized by initializing a random number for each v(t)ji.


Then, according to the condition in (3) and (4), the discrete particle vector p(t)i is initialized:






p(t)i=[p(t)1i,p(t)2i, . . . ,p(t)ni]  (2)


where n is the size of the problem, i.e., the total number of non-conflicting rules.





If randji>v(t)ji→p(t)ji=1   (3)





Otherwise p(t)ji=0   (4)


The initial population is evaluated by calculating the objective function for each particle, e.g., optimize the mapped KPI.


The particles that represent non-dominated solutions are stored in a repository REP. Each particle keeps track of its best local position, which is the best solution obtained by this particle so far (PilocalBest).


At each iteration, the algorithm selects PglobalBest that denotes the best position achieved so far by any particle in the population. There are several ways to select PglobalBest. One way is to rank the solutions in the repository and choose the one with the highest rank.


The velocity equation is updated according to equation (5) and the particle vector is updated in the same way as in equations (1) to (4)






V(t+1)=w×V(t)+c1×Vlocalbest(t)+c2×Vglobalbest(t)   (5)






V
localbest(t)=α×plocalbest(t)+β×(1−plocalbest(t))   (6)






V
globalbest(t)=α×pglobalbest(t)+β×(1−pglobalbest(t))   (7)


where α+β=1, β<1, 0<α, α and β are control parameters, w represents the degree of belief on oneself, c1 is the local maximum, and c2 is the global maximum.


Pilocalbest is updated by applying Pareto dominance. If the current position is dominated by the one in the memory, the one in the memory is kept; otherwise, the one in the memory is replaced by the current position. Algorithm 1 shows how the algorithm can be implemented.












Algorithm 1: Example of a known QPSO Algorithm
















 1
Initialization: number of iterations, j ← 0, V(t), P(t)


 2
t=0


 3
value = Evaluate Population (P(t))


 4
store the position of particles that represents non-dominated vector in



repository REP


 5
initialize memory for each particle


 6
pilocalBest[i] = Pi(t)


 7
j = j + 1


 8
while j < number of iterations


 9
 | set PglobalBest by selecting from the REP


10
 | for each particle P(t)


11
 | | update velocity and position of particles


12
 | | value = Evaluate Population


13
 | | update thePlocalBest


14
 | | if the current P(t)is non-dominated by pilocalBest [i]


15
 | | | pilocalBest[i] = Pi(t)


16
 | | end


17
 | end


18
 | select the non-dominated particles


19
 | update the REP by comparing current non-dominated particles



 | with the ones in REP


20
end









An “Action Evaluator” 540 is responsible for applying the proposed action on the cloud system, step 705, with respect to the detected-predicted fault.


Next, the Action Evaluator gets the system feedback, step 706, on whether the applied action was able to properly handle the fault or not.


According to the result of the previous steps, the Action Evaluator also updates the parameters “N” and “the similarity threshold”, step 708. For instance, one possible update could be to enlarge the search space for the most similar faults by increasing the value of “N”. Another possible update could be to increase the similarity threshold to make sure that the system will recover from the fault when applying the same action.


Based on the received feedback, the Action Evaluator stores those information (e.g., fault, deviated features, applied action, system feedback) on the “Action Pool”, step 707.



FIGS. 8 and 9 present the architecture and the flowchart of the “Cloud Model Analyzer” 230 in the system, respectively.


The goal of the “Cloud Model Analyzer” is the construction of a formal model for the cloud system and its properties. To this aim, the Communication Sequential Processes language is used to formally model the cloud system because it enables the modeling of synchronous and concurrent systems. Specifically, it enables to model the behavior and communication of multiple processes and parallel components for different distributed systems.


Linear Temporal Logic (LTL) is also used to provide a description of the properties that are verified. In the context of fault management, the properties to verify are the KPI of the monitored cloud system when applying a specific action to recover or prevent a fault.


Concretely, a model is constructed to formally describe the components of the cloud system including the dependencies between the components, updates of the system and the KPI updates when an action is applied.


A “Components Analyzer” 810 is responsible for getting the list of the different blocks composing the cloud system, steps 901 and 902, with respect to the input given from a user and a system description.


A “Dependencies Analyzer” 815 is responsible for representing a high-level description of the connections between the identified components, step 903.


An “Actions Analyzer” 820 is responsible for tracking the changes on the formal model of the cloud after applying an action, step 904.


A “KPI Analyzer” 825 is responsible for tracking the change on the KPI of the cloud system and the formal model accordingly, with respect to the changes on the applied actions, step 905.


A “Formal Model Builder” 830 is responsible to combine the output of the previous analyzer (actions, components, KPI, . . . ) to build a formal model of the cloud, step 906. Next, the Formal Model Builder checks the validity of the proposed model, step 908, and tunes its parameters accordingly, step 907.



FIGS. 10 and 11 present the architecture and the flowchart of the “Action Reasoner” 225 in the system, respectively.


The input of the “Action Reasoner” 225 are: (1) a “Formal Cloud Model” and “KPI Specification” from the “Cloud Model Analyzer” and (2) a new “Candidate Action” from the “Action Selector”. The output of the “Action Reasoner” are: (1) a “proved action” when the new candidate action meets the KPI specification otherwise it generates (2) “new rules” to be used to compose new candidate actions. The generated output will be sent to the “Action Selector” either to confirm applying a candidate action or to refine the received actions accordingly.


The “Action Executor” 1010 is responsible for analyzing the input “new candidate action” and to retrieve the rules list composing it, steps 1101, 1102. Following the order in the obtained list, it formally applies each rule, step 1103, on the formal cloud model. Given the abstract description of the dependencies and the updates described in each process in the Communication Sequential Processes model.


The “Model Updater” 1015 is responsible for tracking the changes on the abstract formal model when applying the rules composing the received candidate action following the flow of execution for those rules. The execution of the rules is reflected on the variables of the model that track the changes on the formal model (e.g., CPU utilization, size of queue, IO latency . . . ), step 1104.


The “Prover” 1020 is responsible for checking whether the updated cloud model meets the input KPI specification when applying the new candidate action with respect to recovering-preventing the detected-predicted fault in the monitored system.


The prover that is used can be an existing prover available in the state of the art, including model checkers. For instance, the Process Analysis Toolkit (PAT) model checker can be used to verify the properties of the formal model to perform the formal quantitative analysis of the KPI in the cloud system. Other model checkers that could be used include NuSMV (http://nusmv.fbk.eu/), PRISM (https://www.prismmodelchecker.org/), UPPAAL (http://www.uppaal.org/), TAPAAL (http://www.tapaal.net/), SPIN (http://spinroot.com/spin/whatispin.html) or ROMEO (http://romeo.rts-software.org/).


The choice of PAT is motivated by the fact that PAT is based on Communication Sequential Processes and that it showed good results to simulate and verify concurrent, real-time systems, etc.



FIG. 12 presents how the prover 1020 works, in general, when receiving a property to be verified. Based on a high-level/abstract description of a given system and its environment, the prover first composes/builds a “model” that mostly reflect the functionalities of the input system and its behavior. Given the composed model, the prover can then check whether a given property reflects the system status at a given time by comparing the given value on the input property and the status of elements composing the model. Finally, the prover can generate either a proof that the property is verified or traces as counterexamples to explain why the system did not meet the input property.


Returning to FIGS. 10 and 11, the prover checks the input KPI specification, step 1105, according to the updated version of the formal model and the applied actions.


When the prover 1020 generates a “YES” and a proved action, the “Action Reasoner” 225 notifies the “Action Selector” 1030 to apply the proved candidate action, step 1106.


When the prover generates a “NO” and counterexamples traces, it sends the generated traces to the “Rules Reasoner” 1025 to analyze them, step 1107.


The “Rules Reasoner” 1025 is responsible for providing adjustments or refinements to the input candidate action that fails the verification step, meaning that the prover finds out that it is not the appropriate candidate action to overcome the fault, step 1108 and 1109.


Given the traces generated by the PAT model checker, the Rules Reasoner parses the traces and extracts data about possible relations between the actions-rules and the resulting KPI. To this aim, the states are checked where the formal cloud model does (not) meet a given KPI-property (e.g. target KPI could be that the CPU utilization rate becomes less than 70% to recover a CPU fault) and correlate these states to the obtained KPI performance.


As a result, the correlation between the cloud changes, the applied action, and the KPI rate can be investigated. Based on the obtained correlation results, the proposed “Rules Reasoner” can provide or suggest possible inference rules to overcome the detected or predicted fault using inductive reasoning.


Inductive learning enables a system to recognize patterns and regularities in previous knowledge or training data and to extract general rules from these patterns. The identified and extracted generalized rules can be used in reasoning and problem solving.


There exist several inductive algorithms in the literature including, for example, RULES (RULES: A Simple Rule Extraction System). RULES is a simple inductive learning algorithm for extracting IF-THEN rules from a set of training examples. Algorithms under RULES family are usually available in data mining tools, such as Knowledge Extraction based on Evolutionary Learning (KEEL) and Waikato Environment for Knowledge Analysis (WEKA), known for knowledge extraction and decision making.


For this step, inductive reasoning algorithms that generate generalizations from specific observations can be used. Precisely, it uses the generated data from a given system to make conclusions. New inference rules are built by going from the specific to the general meaning obtained from many observations to produce generalizations or a pattern according to an explanation or a theory. Here is an example of an inductive reasoning: every windstorm in this area comes from the north. I can see a big cloud of dust in the distance. A new windstorm is coming from the north.


Through the process of finding new inferences rules, step 1109, a timing condition is used as a stop criteria in order to notify the administrator, step 1110, when (1) the process is taking longer than expected or (2) the reasoner did not find new rules from the generated traces, or (3) the detected fault is critical like HDD fault that the system should find an appropriate action in a reasonable time because its severity of the read-write operations.


Some illustrative examples will now be described in relation with FIGS. 13 and 14, to demonstrate the functionalities of the system.


For instance, the system can be deployed in different cloud infrastructure environments. This is because it does not depend on the type of the cloud where it is deployed but, it is more related to the type of the experienced events or faults and the system feedback with respect to the applied corrective actions. Moreover, a self-learning solution was proposed that adapts according to the changes captured from the monitored cloud system. Therefore, as an example, Ericsson Network Functions Virtualization Infrastructure (NFVI) is selected as a potential product where the system can be deployed and tested.


NFVI is a cloud platform where telecom, operations support system (OSS), business support system (BSS), media, etc. applications are running. Those applications are sensitive and dependent on the quality of the infrastructure on which they are deployed. A fault can negatively impact the quality of service delivered to the users (i.e., media applications) as well as the performance of operations (i.e., OSS and BSS applications). The solution presented herein can be used to avoid those issues and can help in making better decisions and improving the business value for the NFVI. For example, for the OSS and BSS, the system can select the appropriate action to balance, scale up or down the running load when there is a CPU fault to improve the performance of the operations systems. As a result, it can improve the business value associated with those operations or it may align the operations with given business inputs and targets specified by the user.


Table 1, FIG. 13, presents some examples of actions that may be stored in the “Action Pool” in the proposed framework. Different infrastructure faults are chosen including CPU, HDD, Network at both host and virtual machine (VM) levels in a cloud environment.


In the following, 2 examples of faults that are (1) network overloaded, and (2) disk fault, are provided.



FIG. 14 shows an example of a cloud environment to better illustrate the selected examples.


In example 1, the network is overloaded. Let's assume that the link bandwidths between the master node and 3 slave nodes are allocated as follows: 30% for ‘Slave 1’, 20% for ‘Slave 2’, and 50% for ‘Slave 3’. At some point, the “Fault Detector-Predictor” detects a ‘Network-Overloaded’ fault on link 2. First, the “Action Selector” analyzes the deviation of the detected fault-data compared to the training data to find previous similar faults. In this example it is assumed that it will find a similar fault, will then check the Action Pool, and select Action #2 as the Candidate Action because it was applied on an identified similar fault. By the similarity examination, the “Action Reasoner” confirms that applying Action #2 is enough to resolve the detected fault. Accordingly, the bandwidth of Link #2 is increased to 25%, and the one for Link #3 is decreased by 5% (referring to Action #2 in Table 1).


In example 2, the hard disk (HD) is full. At some point in time, a fault ‘Disk Fault: full disk (VM)’ on VM1 is predicted by the “The fault Detector-Predictor”. To proactively handle this fault, the “Action Selector” selects Action #3 as the Candidate Action, based on the similarity between the predicted fault and the fault to which Action#3 was previously applied. The “Action Selector” passes Action #3 to the “Action Reasoner” for further evaluation. However, given the fact that there is only 30G residual capacity in HD1 on host Slavel, applying Action #3 may cause on ‘Disk Fault: full disk (Host)’ on host Slavel (assuming that disk utilization on any host should be lower than 80%, predefined by the admin). The “Action Reasoner” produces a composite action that combines Action #5 and Action #3 as the Action Adjustments after applying the composite actions on the formal cloud model generated by and output from the “Cloud Model Analyzer”. Specifically, the size of HD1 is to be expanded by applying Action #5 (new hard disk attached), then the size of VM Disk (VMD)1 is expanded by 50% (40G to 60G) by applying Action #3. The composite action is then stored in the Action Pool as a new action.


The system presented herein can be implemented and deployed within any distributed or centralized infrastructure cloud system. In addition, it can be implemented in one module or it can be distributed in different modules that are connected.



FIG. 15 illustrates a method 1500 for automatically managing an event in a cloud system. The method comprises determining, step 1501, a candidate action to be applied to the cloud system for managing the event. The method also comprises applying, step 1513, the candidate action to a model of the cloud system. The method also comprises, upon determining that the model of the cloud system meets at least one performance indicator and that the candidate action is a proved action, applying, step 1516, the proved action to the cloud system.


The event may be detected or predicted. The event may be predicted by feeding online data collected from the cloud system to a model trained by machine learning using data samples of previous events and getting an output from the model predicting the event.


Determining the candidate action may comprise identifying, step 1502, at least one deviation caused to the cloud system by the event by comparing online data collected for the event from the cloud system with data samples of previous events. Determining the candidate action may comprise searching, step 1503, previously defined actions executed in response to at least one similar deviation, in an action pool, wherein similar deviations are deviations that obtain a same result when compared with a given threshold. Determining the candidate action may comprise sorting, step 1504, the previously defined actions according to an amount of each of the at least one deviation. Determining the candidate action may comprise selecting, step 1505, one of the previously defined action as the candidate action according to the sorting. The determining (or identification) of candidate actions can be done by comparing with thresholds such as 65%, 70%, or 80%, for example. In this example, deviations above 65%, 70%, or 80% would be deemed similar, respectively.


Selecting one of the previously defined action as the candidate action may further comprise comparing, step 1506, the at least one deviation of the sorted previously defined actions with at least one corresponding predetermined threshold and selecting, step 1507, the previously defined action with a highest ranking determined based on the comparing with the at least one corresponding predetermined threshold.


Determining the candidate action may comprise identifying, step 1502, at least one deviation caused to the cloud system by the event by comparing online data collected for the event from the cloud system with data samples of previous events. Determining the candidate action may comprise upon determining that no previously defined actions have been executed in response to at least one similar deviation, wherein similar deviations are deviations that obtain a same result when compared with a given threshold, by searching an action pool containing stored candidate actions, creating, step 1508, a new candidate action to be used as the candidate action to apply to the cloud system.


Creating a new candidate action may comprise retrieving, step 1509, from the action pool, a plurality of reference candidate actions, each having at least one similar deviation, wherein similar deviations are deviations that obtain a same result when compared with a given threshold. Creating a new candidate action may comprise identifying, step 1510, a plurality of inference rules composing the plurality reference candidate actions. Creating a new candidate action may comprise identifying, step 1511, a list of inference rules from the plurality of reference rules that are non-conflicting and using, step 1512, a constraints satisfaction problem solver for selecting a combination of inference rules, from the list of inference rules, to compose the new candidate action. The reference candidate actions can be selected e.g. according to a ranking that is done based on the comparison with thresholds such as 65%, 70%, or 80%. In this example, deviations below 65%, 70%, or 80% would be deemed similar, respectively.


The model of the cloud system may be a formal model of the cloud system and applying the candidate action to the model of the cloud system may comprise applying the candidate action to the formal model of the cloud system, the formal model describing logical connections between blocks of the cloud system.


The at least one performance indicator may comprise key performance indicators (KPIs) that reflect characteristics of the cloud system when functioning in a normal state. The KPIs may be monitored through metrics that are used track deviations in the cloud system.


The metrics may comprise at least one of central processing unit (CPU) load, storage usage, memory usage, Input/Output usage, temperature, node used capacity.


Applying the proved action to the cloud system may comprise getting feedback, step 1514, from the cloud system to determine if the event was properly handled.


The method may further comprise, upon determining that the event was properly handled, updating, step 1515 an action pool of candidate actions with the proved action and updating a formal model of the cloud system which models the cloud system, to reflect a result of applying, the proved action to the cloud system. The event may be a fault, a change in a performance indicator or a security alarm.


It should be understood that the term “event” as used in relation with FIG. 15 may refer to a fault related event, a performance change related event, or a security related event, although the previous figures only exemplified fault management.


Referring to FIG. 16, there is provided a virtualization environment in which functions and steps described herein can be implemented.


A virtualization environment (which may go beyond what is illustrated in FIG. 16), may comprise systems, networks, servers, nodes, devices, etc., that are in communication with each other either through wire or wirelessly. Some or all of the functions and steps described herein may be implemented as one or more virtual components (e.g., via one or more applications, components, functions, virtual machines or containers, etc.) executing on one or more physical apparatus in one or more networks, systems, environment, etc.


A virtualization environment provides hardware comprising processing circuitry 1601 and memory 1603. The memory can contain instructions executable by the processing circuitry whereby functions and steps described herein may be executed to provide any of the relevant features and benefits disclosed herein.


Implementation of the techniques described herein can be made in a system such as the one illustrated in FIG. 16. The system for automatically managing an event in a cloud system comprises processing circuits 1601 and a memory 1603. The memory contains instructions executable by the processing circuits whereby the system is operative to determine a candidate action to be applied to the cloud system for managing the event. The system is also operative to apply the candidate action to a model of the cloud system. The system is also operative to, upon determining that the model of the cloud system meets at least one performance indicator and that the candidate action is a proved action, apply the proved action to the cloud system.


The event may be detected or predicted. The event may be predicted by feeding online data collected from the cloud system to a model trained by machine learning using data samples of previous events and getting an output from the model predicting the event.


The system may be further operative to identify at least one deviation caused to the cloud system by the event by comparing online data collected for the event from the cloud system with data samples of previous events. The system may be further operative to search previously defined actions executed in response to at least one similar deviation, in an action pool, wherein similar deviations are deviations that obtain a same result when compared with a given threshold. The system may be further operative to sort the previously defined actions according to an amount of each of the at least one deviation. The system may be further operative to select one of the previously defined action as the candidate action according to the sorting.


The system may be further operative to compare the at least one deviation of the sorted previously defined actions with at least one corresponding predetermined threshold and select the previously defined action with a highest ranking determined based on the comparing with the at least one corresponding predetermined threshold.


The system may be further operative to identify at least one deviation caused to the cloud system by the event by comparing online data collected for the event from the cloud system with data samples of previous events. The system may be further operative to, upon determining that no previously defined actions have been executed in response to at least one similar deviation, wherein similar deviations are deviations that obtain a same result when compared with a given threshold, by searching an action pool containing stored candidate actions, create a new candidate action to be used as the candidate action to apply to the cloud system.


The system may be further operative to retrieve, from the action pool, a plurality of reference candidate actions, each having at least one similar deviation, wherein similar deviations are deviations that obtain a same result when compared with a given threshold. The system may be further operative to identify a plurality of inference rules composing the plurality reference candidate actions. The system may be further operative to identify a list of inference rules from the plurality of reference rules that are non-conflicting. The system may be further operative to use a constraints satisfaction problem solver for selecting a combination of inference rules, from the list of inference rules, to compose the new candidate action.


The model of the cloud system may be a formal model of the cloud system and applying the candidate action to the model of the cloud system may comprise applying the candidate action to the formal model of the cloud system, the formal model describing logical connections between blocks of the cloud system.


The at least one performance indicator may comprise key performance indicators (KPIs) that reflect characteristics of the cloud system when functioning in a normal state. The KPIs may be monitored through metrics that are used track deviations in the cloud system.


The metrics may comprise at least one of central processing unit (CPU) load, storage usage, memory usage, Input/Output usage, temperature, node used capacity.


Applying the proved action to the cloud system may comprise getting feedback from the cloud system to determine if the event was properly handled.


The system may be further operative to update an action pool of candidate actions with the proved action and update a formal model of the cloud system which models the cloud system, to reflect a result of applying the proved action to the cloud system.


The event may be a fault, a change in a performance indicator or a security alarm.


The hardware may also include non-transitory, persistent, machine readable storage media 1605 having stored therein software and/or instruction 1607 executable by processing circuitry to execute functions and steps described herein.


Modifications will come to mind to one skilled in the art having the benefit of the teachings presented in the foregoing description and the associated drawings. Therefore, it is to be understood that modifications, such as specific forms other than those described above, are intended to be included within the scope of this disclosure. The previous description is merely illustrative and should not be considered restrictive in any way. The scope sought is given by the appended claims, rather than the preceding description, and all variations and equivalents that fall within the range of the claims are intended to be embraced therein. Although specific terms may be employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims
  • 1. A method for automatically managing an event in a cloud system, comprising: determining a candidate action to be applied to the cloud system for managing the event;applying the candidate action to a model of the cloud system; andupon determining that the model of the cloud system meets at least one performance indicator and that the candidate action is a proved action, applying the proved action to the cloud system.
  • 2. The method of claim 1, wherein the event is detected or predicted.
  • 3. The method of claim 2, wherein the event is predicted by feeding online data collected from the cloud system to a model trained by machine learning using data samples of previous events and getting an output from the model predicting the event.
  • 4. The method of claim 1, wherein determining the candidate action comprises: identifying at least one deviation caused to the cloud system by the event by comparing online data collected for the event from the cloud system with data samples of previous events;searching previously defined actions executed in response to at least one similar deviation, in an action pool, wherein similar deviations are deviations that obtain a same result when compared with a given threshold;sorting the previously defined actions according to an amount of each of the at least one deviation; andselecting one of the previously defined action as the candidate action according to the sorting.
  • 5. The method of claim 4, wherein selecting one of the previously defined action as the candidate action further comprises: comparing the at least one deviation of the sorted previously defined actions with at least one corresponding predetermined threshold; andselecting the previously defined action with a highest ranking determined based on the comparing with the at least one corresponding predetermined threshold.
  • 6. The method of claim 1, wherein determining the candidate action comprises: identifying at least one deviation caused to the cloud system by the event by comparing online data collected for the event from the cloud system with data samples of previous events; andupon determining that no previously defined actions have been executed in response to at least one similar deviation, wherein similar deviations are deviations that obtain a same result when compared with a given threshold, by searching an action pool containing stored candidate actions, creating a new candidate action to be used as the candidate action to apply to the cloud system.
  • 7. The method of claim 6, wherein creating a new candidate action comprises: retrieving, from the action pool, a plurality of reference candidate actions, each having at least one similar deviation, wherein similar deviations are deviations that obtain a same result when compared with a given threshold;identifying a plurality of inference rules composing the plurality reference candidate actions;identifying a list of inference rules from the plurality of reference rules that are non-conflicting; andusing a constraints satisfaction problem solver for selecting a combination of inference rules, from the list of inference rules, to compose the new candidate action.
  • 8. The method of claim 1, wherein the model of the cloud system is a formal model of the cloud system and wherein applying the candidate action to the model of the cloud system comprises applying the candidate action to the formal model of the cloud system, the formal model describing logical connections between blocks of the cloud system.
  • 9. The method of claim 1, wherein the at least one performance indicator comprises key performance indicators (KPIs) that reflect characteristics of the cloud system when functioning in a normal state, wherein the KPIs are monitored through metrics that are used to track deviations in the cloud system, and wherein the metrics comprise at least one of central processing unit (CPU) load, storage usage, memory usage, Input/Output usage, temperature, node used capacity.
  • 10. (canceled)
  • 11. (canceled)
  • 12. The method of claim 1, wherein applying the proved action to the cloud system comprises getting feedback from the cloud system to determine if the event was properly handled.
  • 13. The method of claim 12, further comprising upon determining that the event was properly handled, updating an action pool of candidate actions with the proved action, and updating a formal model of the cloud system which models the cloud system, to reflect a result of applying the proved action to the cloud system.
  • 14. The method of claim 1, wherein the event is a fault, a change in a performance indicator or a security alarm.
  • 15. (canceled)
  • 16. (canceled)
  • 17. A system for automatically managing an event in a cloud system, comprising processing circuits and a memory, the memory containing instructions executable by the processing circuits whereby the system is operative to: determine a candidate action to be applied to the cloud system for managing the event;apply the candidate action to a model of the cloud system; andupon determining that the model of the cloud system meets at least one performance indicator and that the candidate action is a proved action, apply the proved action to the cloud system.
  • 18. The system of claim 17, wherein the event is detected or predicted.
  • 19. The system of claim 18, wherein the event is predicted by feeding online data collected from the cloud system to a model trained by machine learning using data samples of previous events and getting an output from the model predicting the event.
  • 20. The system of claim 17, further operative to: identify at least one deviation caused to the cloud system by the event by comparing online data collected for the event from the cloud system with data samples of previous events;search previously defined actions executed in response to at least one similar deviation, in an action pool, wherein similar deviations are deviations that obtain a same result when compared with a given threshold;sort the previously defined actions according to an amount of each of the at least one deviation; andselect one of the previously defined action as the candidate action according to the sorting.
  • 21. The system of claim 20, further operative to: compare the at least one deviation of the sorted previously defined actions with at least one corresponding predetermined threshold; andselect the previously defined action with a highest ranking determined based on the comparing with the at least one corresponding predetermined threshold.
  • 22. The system of claim 17, further operative to: identify at least one deviation caused to the cloud system by the event by comparing online data collected for the event from the cloud system with data samples of previous events; andupon determining that no previously defined actions have been executed in response to at least one similar deviation, wherein similar deviations are deviations that obtain a same result when compared with a given threshold, by searching an action pool containing stored candidate actions, create a new candidate action to be used as the candidate action to apply to the cloud system.
  • 23. The system of claim 22, further operative to: retrieve, from the action pool, a plurality of reference candidate actions, each having at least one similar deviation, wherein similar deviations are deviations that obtain a same result when compared with a given threshold;identify a plurality of inference rules composing the plurality reference candidate actions;identify a list of inference rules from the plurality of reference rules that are non-conflicting; anduse a constraints satisfaction problem solver for selecting a combination of inference rules, from the list of inference rules, to compose the new candidate action.
  • 24. The system of claim 17, wherein the model of the cloud system is a formal model of the cloud system and wherein applying the candidate action to the model of the cloud system comprises applying the candidate action to the formal model of the cloud system, the formal model describing logical connections between blocks of the cloud system.
  • 25. The system of claim 17, wherein the at least one performance indicator comprises key performance indicators (KPIs) that reflect characteristics of the cloud system when functioning in a normal state, wherein the KPIs are monitored through metrics that are used to track deviations in the cloud system, wherein the metrics comprise at least one of central processing unit (CPU) load, storage usage, memory usage, Input/Output usage, temperature, node used capacity.
  • 26. (canceled)
  • 27. (canceled)
  • 28. The system of claim 17, wherein applying the proved action to the cloud system comprises getting feedback from the cloud system to determine if the event was properly handled.
  • 29. The system of claim 28, further operative to update an action pool of candidate actions with the proved action and update a formal model of the cloud system which models the cloud system, to reflect a result of applying the proved action to the cloud system.
  • 30. The system of claim 17, wherein the event is a fault, a change in a performance indicator or a security alarm.
  • 31. (canceled)
  • 32. (canceled)
  • 33. A non-transitory computer readable media having stored thereon instructions for managing an event in a cloud system, the instructions comprising: determining a candidate action to be applied to the cloud system for managing the eventapplying the candidate action to a model of the cloud system; andupon determining that the model of the cloud system meets at least one performance indicator and that the candidate action is a proved action, applying the proved action to the cloud system.
PCT Information
Filing Document Filing Date Country Kind
PCT/IB2020/053888 4/24/2020 WO