5. Technical documentation

The NebulOuS Meta-OS implementation can be considered as a PaaS for the Cloud-Edge Continuum. Its architecture follows a modular design, with discrete components implementing different functionality. The NebulOuS Meta-OS consists of:

• The User Interface: This is the main point of entry for end users and system administrators to interact with the NebulOuS platform. It facilitates the definition and deployment of Cloud/Edge services along with their optimization requirements, along with security policies that can be enforced on the clusters. It includes a controller layer that exposes most of the logic as an API.

• The Security & Privacy Manager: It consumes user-defined security policies and deploys them in the NebulOuS-managed clusters.

• The Optimizer: A typical NebulOuS application consists fundamentally of a set of containers pre-grouped into microservices. The role of the components collectively referred to as the Optimizer is: a) to decide on the placement of the microservices ranging from the core Cloud data centres to the Edge devices, b) to decide on the multiplicity of microservices and duplicate microservices that are bottlenecks in the application and c) to provide the application with more resources with the right capabilities in the right location to execute the application’s microservices.

• The Deployment Manager: The NebulOuS ‘Deployment Manager’ acts as an abstraction layer to handle the lifecycle of a cluster dedicated to a specific user application. It exposes the main REST endpoints used by other NebulOuS components to manage the cluster resources and communicates with the Execution Adapter that executes the required actions on the underlying infrastructure.

• The Execution Adapter: It is the NebulOuS “executionware”. It provides on-demand access to computing resources such as servers, storage, and networking, offering more direct control over cloud-based systems. It enables to perform CRUD operations on different public or private clouds and offers REST endpoints to communicate with these infrastructure interfaces, to manage the virtual machines and Edge devices.

• The Overlay Network Manager: The ONM automatically creates and manages a secure network overlay between the Cloud/Edge resources. This overlay takes the form of a VPN, which assumes two main functionalities: a) it provides connectivity between the NebulOuS compute resources (physical and/or virtual) and b) it secures the data in transit by encrypting them.

• The Data Collection & Management System: The Data Collection and Management component is related to data management, both in the context of managing the monitoring data collected from the IoT/Edge/Cloud compute resources, as well as with respect to the data exchanged internally between the NebulOuS components.

• The Event Management System: The role of EMS is to deploy and maintain the monitoring functionality of NebulOuS on infrastructure nodes, which observe the necessary Quality of Service (QoS) metrics of the deployed applications.

• The SLO Violation Detector (SLOViD): The role of SLOViD is to inform the NebulOuS platform about situations in which a reconfiguration is possibly needed, based on the predictions of forecasters, as well as information about one or more devices abandoning the processing topology.

• The Smart Contract Encapsulator: The Smart Contract Encapsulator encapsulates SLAs in smart contract. It will provide a mechanism for infusing into smart contracts both the SLA rules and the monitoring algorithms used to determine whether these rules are satisfied by application execution. It will enable smart contracts to invoke other services and third parties for performing arbitrage when SLAs are violated, also encompassing a sensing/monitoring loop that regularly feeds the information into the smart contracts.

• The Fog/Edge Resource Manager: Eexecutes appropriate scripts to detect/identify the capabilities of the device, and installs an appropriate monitoring agent for collecting health status data.

• The Cloud/Fog Service Broker: The Cloud/Fog Service Broker assists NebulOuS in coping with the massive number of resources that can be considered in Cloud Computing Continuum deployments. Its goal is to reduce the variability space when considering Cloud Computing Continuum resources for hosting application component instances.

• The Brokerage Quality Assurance: The BQA mechanism assures brokerage quality by ensuring abidance of application provisioning requirements and preferences with organisational policies: higher-level requirements that reflect an organisation’s business and/or security standpoint with respect to application provisioning

• The SLA Generator: The SLA Generator is responsible for the automatic creation of SLA templates. It is based on the NebulOuS meta-ontology, which supports a) the description of entities and their properties in the cloud continuum (“resources”) and b) the description of application provisioning requirements and preferences (“QoS”).

• The AI-driven Anomaly Detection: The role of the AI-driven anomaly detection engine is to ensure QoS, being able to identify deviation from “normal” behaviour (i.e., low probability events, anomaly) of IoT devices.