Massonet P., Naqvi S., Ponsard C., Latanicki J., Rochwerger B., Villari M., A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures, IEEE Workshop on Dependable Parallel, Distributed and Network-Centric Systems 2011 (DPDNS 2011), In conjunction with the IEEE International Parallel and Distributed Processing Symposium, Anchorage, Alaska, USA, 16-20 May 2011 (accepted)
Current cloud infrastructures have opaque service offerings where customers cannot monitor the underlying physical infrastructure. This situation raises concerns for meeting compliance obligations by critical business applications with data location constraints that are deployed in a Cloud. When federated cloud infrastructures span across different countries where data can migrate from one country to another, it should be possible for data owners to monitor the location of their data.
This paper shows how an existing federated Cloud monitoring infrastructure can be used for data location monitoring without compromising Cloud isolation. In the proposed approach collaboration is required between the cloud infrastructure provider (IP) and his client, the service provider (SP) : the IP monitors the virtual machines (VM) on the SP’s behalf and makes the infrastructure level monitoring information available to him. With the monitoring information the SP can create the audit logs required for compliance auditing. The proposed logging architecture is validated by an e-Government case study with legal data location constraints.