heading for enterprise repositories. The forward-deployed,
single-hop proximity to mobile devices promotes energy
efficiency as well as lower latency (faster response times). If
tactical cloudlets are pre-provisioned, there are many
applications that can function disconnected from the enterprise
or can synchronize with the enterprise if and when there is
connectivity. The fact that cloudlets are discoverable enables
mobile devices to locate mission-specific capabilities as
personnel and cloudlets move and missions change. Finally,
virtual machine technology not only simplifies the distribution
and rapid deployment of capabilities, but also enables the
leverage of any legacy application that can be packaged inside
a VM.
The results of the experiments led us to combine Cached
VM with Cloudlet Push as the cloudlet provisioning
mechanism for our current working prototype to enable lower
energy consumption on the mobile device, place less
requirements on mobile devices, and simplify provisioning in
tactical environments. An additional advantage of combining
both mechanisms is that if the mobile device already has the
client app it can simply invoke the matching Service VM; if
not it can obtain the client app from the cloudlet, similar to
accessing an app store, and then invoke the matching Service
VM. The tradeoff is that it relies on cloudlets that are pre-
provisioned with server capabilities that might be needed for a
particular mission, or that the cloudlet is connected to the
enterprise, even if just at deployment time, to obtain the
capabilities. We argue that this requirement is not unreasonable
in tactical edge environments and that it makes cloudlet
deployment in the field easier and faster while leveraging the
state of art and best practices from the cloud computing
industry. A pre-provisioned-VM-based solution also promotes
resilience and survivability by supporting rapid live VM
migration in case of cloudlet mobility, discovery of more
powerful or less-loaded cloudlets, or unavailability due to
disconnection or disruption. It supports scalability and
elasticity by starting and stopping VMs as needed based on
number of active users (which is typically bounded in edge
environments because group size is known). In addition, the
request-response nature of many of the operations needed in
the field also lends itself to an asynchronous form of
interaction in which the cloudlet can continue processing and
send results back to a mobile device (directly or by re-routing)
as network conditions change. Although not part of the
presented prototype implementation, an added feature would
be to have “dual-mode” cloudlet-ready apps that exploit
cloudlets when and if available but rely on a local
implementation as a fallback mechanism. The local
implementation could be identical or could be a version that is
adapted for resource-constrained devices that may not provide
the same precision or quality of results but would provide some
result even if a cloudlet is not available.
We are currently working on a standard packaging of
Service VMs so that they can be easily installed from the
cloudlet manager (web-based interface to the Cloudlet Server
and Service VM repository), an enterprise Service VM
repository, a thumb drive, or the mobile device connected via
USB to the cloudlet. We are also adding the following
capabilities to adapt to cloudlets to the characteristics of
tactical environments:
Optimal cloudlet selection: We are extending the
cloudlet discovery protocol to use metadata from the
client app, Service VM, and the cloudlet so that in the
case that there is more than one cloudlet in range, the
mobile device can automatically select the cloudlet that
maximizes a pluggable utility function. This function
can be based on cloudlet load, signal strength, or any
other parameter.
Manual and automated cloudlet handoff: We are adding
VM migration capabilities to enable manual and
automated handoff of data and computation between
cloudlets that are within range of each other. Manual
handoff would enable scenarios in which a user is
migrating capabilities from a fixed cloudlet to a mobile
cloudlet to support field operations, as well as
reintegration back to the fixed cloudlet. Automated
migration would enable load balancing, similar to what
is done in cloud data centers for resource optimization.
Data synchronization between cloudlets and the
enterprise: Even though cloudlets can operate fully-
disconnected from the enterprise if they are pre-
provisioned at deployment time, there are situations
when cloudlet capabilities (Service VMs) need access
to a master data source located in the enterprise. We
plan to add support for integration with distributed,
networked filesystems such as Coda [16] to support
disconnected operations with opportunistic
synchronization when connectivity becomes available.
Our future work is related to security, in particular
establishing the initial trust between mobile devices and
cloudlets; that is (1) as a mobile device, is what I discovered
really a "friendly" cloudlet? and (2) as a cloudlet, did that
offloading request really come from a "friendly" mobile
device? The solution presented in this paper relies on the
underlying network to provide the secure communication
between the mobile device and the cloudlet. While this may be
enough in some scenarios, it is not enough for many military
scenarios. A common solution for establishing trust between
two nodes is to use a third-party online trusted authority that
validates the credentials of the requester or a certificate
repository. However, the characteristics of tactical edge
environments do not consistently provide access to that third-
party authority or certificate repository because tactical
cloudlets operate in what is known as DIL environments
(disconnected, interrupted, low bandwidth). The goal is to
explore solutions for establishing trusted identities in
disconnected environments with the advantage/constraint that
tactical cloudlets are not meant to be long-lived, meaning that
they are pre-provisioned and eventually deployed to support a
mission. This constraint may enable us to explore more
dynamic identity solutions.
A
CKNOWLEDGMENT
This material is based upon work funded and supported by
the Department of Defense under Contract No. FA8721-05-C-