Download The Case for Enterprise Ready Virtual Private Clouds Timothy Wood

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
Document related concepts

Computer and network surveillance wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Network tap wikipedia , lookup

Cloud computing issues wikipedia , lookup

Transcript 
The Case for Enterprise
Ready Virtual Private
Clouds
Timothy Wood, Alexandre Gerber*,
K.K. Ramakrishnan*, Jacobus van der
Merwe*, and Prashant Shenoy
University of Massachusetts Amherst
*AT&T Research
Cloud Computing
Rent computation and storage resources on
demand
• Accessed by multiple enterprise sites
Cloud Platform
Cloud Platform types:
• Software as a Service
–
•
Platform as a Service
–
•
Hotmail, Google Docs
Google App Engine, Microsoft Azure
Infrastructure as a Service
–
Amazon EC2, VMware vCloud
Enterprise Sites
Enterprise Cloud Challenges
Existing platforms do not meet the needs of
enterprise customers
•
Insufficient security controls
–
•
Need isolation at server and network level
Deployment is difficult
Cloud resources are completely separate from local ones
– Can’t make VMs look like part of existing LAN
–
•
Limited control over network resources
Cannot specify network topology or IP addresses
– Cannot reserve bandwidth or request QoS guarantees for
network links
–
Moving to the Cloud
Acme wants to move part of its payroll app into the cloud
Should be easy, right…?
Acme LAN
Front End
Reports
Processing
Tier
Processing
Tier
Cloud Platform
Data Store
Problem #1: Transparency
Application may have been written for LAN environment
–
Might utilize broadcast or LAN service discovery
Must add Internet gateways for apps previously only on LAN
Now must communicate via public IPs or configure DNS
Lack of transparency causes
application modifications and
infrastructure reconfigurations
Acme LAN
Front End
front.acme.com
GW
Cloud Platform
Processing
proc.cloud.com
Data Store
data.acme.com
GW
Problem #2: Security
Acme’s servers are now accessible from the public internet!
–
Servers formerly on secure LAN now exposed to malicious users
Must configure firewall rules to limit access
–
Fine grain rules are difficult to manage in dynamic environments
Acme LAN
Front End
front.acme.com
Lack of secure cloud connections
exposes enterprise to threats from
both in and out of the cloud
Cloud Platform
Processing
proc.cloud.com
Data Store
data.acme.com
Hacker123
hax.cloud.com
Problem #3: Flexible Resource Mgmt
Benefit of cloud computing: ability to easily adjust resource
capacities and add new VMs
–
–
After a change must deal with transparency and security issues
all over again!
Current platforms do not support network resource reservation
(Bandwidth/QoS guarantees)
Enterprises want control over
network resources. Cloud must
support dynamic changes
Acme LAN
Front End
front.acme.com
Data Store
data.acme.com
Cloud Platform
+1
+1
+1
Processing
proc.cloud.com
Processing #2
proc2.cloud.com
Key Observation
Existing cloud platforms only cover
storage and computation
Cloud Platform
Disk
VM
+
+
Enterprise Sites
Enterprise Clouds need control
over the network as well
Virtual Private Clouds
A Virtual Private Cloud is…
–
–
A secure collection of server, storage, and network resources
spanning one or more cloud data centers
That is seamlessly connected to one or more enterprise sites
VM
Enterprise
Sites
VM
VM
VM
Cloud
Sites
Virtual Private Networks (VPNs)
–
–
–
Layer 2 and 3 MPLS based VPNs
Created by network provider with no end host configuration
Already used by many businesses!
VPC Benefits
For the customer:
– Isolates network & compute resources
•
–
Cloud resources are only accessible through VPN
Simplifies deployment since cloud looks same as local
resources
For the service provider:
– Provides mechanism for control over resource reservation
within provider network
– Simplifies management of multiple data centers by
combining them into large resource pools
VPC Challenges & Solutions
Existing cloud platforms do not integrate with network
service providers
•
Must coordinate with ISP to create VPN endpoints
•
VPN endpoints must be linked to VLANs within the cloud
data center
VPN endpoints are traditionally static
•
Utilize virtual routers with programmable interfaces to
rapidly create and reconfigure routers
•
Use BGP signaling to dynamically adjust VPN topology
CloudNet
Cloud Manager
•
Allocates computation and storage resources
•
Manages VLAN assignment within cloud network
Network Manager
•
Creates and configure VPN endpoints
•
Reserves network resources
Network Manager
VPN
VPN
Routers
Customer Edge
Provider Edge
Cloud Manager
VLAN
VM VM
VLAN
VM VM
WAN Migration
Layer 2 VPNs make WAN act like a LAN
Can use existing LAN migration
techniques to move across WAN
WAN Migration
Layer 2 VPNs make WAN act like a LAN
CE
Customer Site
PE
Cloud Site 1
A
VLAN
PE
B
ARP!
Layer 2 VPN (VPLS)
CE
Router
ARP!
PE
VLAN
Switch
VPN endpoint
Can use existing LAN migration
techniques to move across WAN
B
Cloud Site 2
Summary
Cloud Computing for enterprises requires:
• Security
•
Transparency
•
Flexibility
CloudNet can help provide these features
• Defines interface between cloud platform and network provider
•
Uses VPNs for secure, seamless connections
•
Employs virtualization at server, router, and network levels to
improve agility and efficiency
Future Work
•
Network optimizations to reduce latency of WAN migration
•
Utilize VPLS to simplify deployment of high availability services
across WAN
Questions?
[email protected]
Extra slides
WAN Migration
LAN migration already supported by Xen, VMware, etc
•
Transparently move a VM between two hosts
•
Useful for load balancing, maintenance, etc
•
Only works on LAN because of need for network reconfiguration
Layer 2 VPNs make WAN act like a LAN
•
Lets VPN endpoints across WAN act as a single LAN segment
•
Allows for WAN migration without modifying VM platform!
Storage migration still must be handled by other means
Related documents
Water in the Air - Earth Science With Mrs. Locke
Water in the Air - Earth Science With Mrs. Locke
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
I am a tornado - Santee School District
I am a tornado - Santee School District
Operating System Research Worksheet
Operating System Research Worksheet
Meteorology Study Guide
Meteorology Study Guide
Clouds- Lesson 3
Clouds- Lesson 3
Why is the sky blue? - Pennsylvania Sea Grant
Why is the sky blue? - Pennsylvania Sea Grant
FinalExamSpring2005
FinalExamSpring2005
Weather and Climate
Weather and Climate
Legal issues in cloud computing
Legal issues in cloud computing
Slide 1
Slide 1