Lecture 02b Cloud Computing II

Size: px
Start display at page:

Download "Lecture 02b Cloud Computing II"

Transcription

1 Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12, No.4, Dec Mobile Cloud Computing Cloud Computing II 2 Note 1

2 Network Infrastructure The data-center server organization has often adopted a three-tier architecture. a web or Presentation Tier on the front end an Application Tier to perform the application and business-processing logic a Database Tier (to run the DB management system) (Figure 1 on the next slide) It follows that the server connectivity and the network topology for the cloud data centers might follow a similar organization. Mobile Cloud Computing Cloud Computing II 3 Data Center Extension IaaS If the cloud is seen as an extension of the existing data center, IaaS is a natural fit. You would specify the number of servers in each tier, load the appropriate server image, specify the links between them, and specify the network connectivity. The cloud provider handles the elasticity by ensuring that the number of servers and switches is adequate for you. Per-use billing and on-demand resource addition and removal are also provided by the cloud provider. Mobile Cloud Computing Cloud Computing II 4 Note 2

3 PaaS Infrastructure In PaaS, you transfer more control to cloud provider. The platform can scale transparently without your involvement other than at the time of configuration. Cloud providers can realize this function often with a three-tier topology similar to traditional data centers. Some of them have innovated to perform parts of the function differently. Eg. DB functions may rely upon a model of scaling out (splitting the DB across multiple servers) instead of scaling up (increasing the capability of the machine). Mobile Cloud Computing Cloud Computing II 5 SaaS Infrastructure SaaS vendors have the highest degree of control. The topology can be similar to existing data centers and scale up or down according to the number of users added. Most of them are quite straightforward. Mobile Cloud Computing Cloud Computing II 6 Note 3

4 Mobile Cloud Computing Cloud Computing II 7 Virtualization and Its Demands on Switching There are some addressing and control factors to consider on supporting things like virtual switch. Consider a data center with 100 servers, each with 16 VMs but one physical 10-Gbps Ethernet connection from each physical machine. With traditional method, you need 16 MAC and IP addresses for each server, a total of 1600 addresses. This problem is exacerbated when you increase the number of VMs per server. Switching between MAC addresses belonging to the virtual machines is done by the virtual switch. Mobile Cloud Computing Cloud Computing II 8 Note 4

5 Virtualization and Its Demands on Switching The virtual switch treats the physical link as an uplink to the external physical switch. Each physical host can have more than one virtual switch to support greater logical segmentation. It is common for each of the virtual switches to have its own physical uplink to the external switch. Virtual switch does not need to learn MAC addresses. It forwards all destination-unknown frames over the physical link (or uplink to the physical switch). It switches traffic between the intramachine VMs according to policy (eg. prohibit such traffic). Mobile Cloud Computing Cloud Computing II 9 Virtualization and Its Demands on Switching The virtual switch is just used for aggregation and access control within a physical server hosting VMs. Management of virtual switches can follow an aggregation model (i.e. multiple virtual switches managed through an external node). (next slide) This external node provides the management view. This separation of control- or management-plane functions permits easier VM migration. Problem: Inter-VM traffic within the same machine is not visible and cannot be appropriately monitored. Mobile Cloud Computing Cloud Computing II 10 Note 5

6 Virtual Switch Mobile Cloud Computing Cloud Computing II 11 IaaS Private Clouds If a private cloud to enterprise A is realized as a partition in a the IaaS provider s public cloud, then the private cloud should be reachable as a LAN extension to the servers in A s data center. (next slide) A secure Virtual Private Network (VPN) tunnel is set between the A s data center and the public cloud using public IP addresses. The VPN gateway uses multiple contexts each context corresponding to a specific private cloud. Traffic from enterprise A is decrypted and forwarded over to an Ethernet switch to the private cloud. Mobile Cloud Computing Cloud Computing II 12 Note 6

7 Mobile Cloud Computing Cloud Computing II 13 Possible Evolution Scenarios Automation of the VPN connection between the enterprise and cloud service provider. Integration of the VPN functions with the site-to-site VPN network functions from service providers. Cloud service providers using multiple data centers. CloudNet is an example being developed by AT&T Labs and the U Mass Amherst to address the two scenarios above. Mobile Cloud Computing Cloud Computing II 14 Note 7

8 Layer 2 vs Layer 3 Connectivity Layer 2 (switching) or Layer 3 (routing)? Layer 2 is simpler, where the MAC address and VLAN information are used for forwarding. The disadvantage of Layer 2 networks is scalability due to flat topology. Can use routing and subnets to provide segmentation at the cost of forwarding performance and network complexity. How about connectivity management for VM migration? (next slide) Mobile Cloud Computing Cloud Computing II 15 Layer 2 vs Layer 3 Connectivity Most common scenario: when a VM is migrated to a different host on the same Layer 2 topology. After migration, IP and TCP packets destined for the VM must be resolved to a different MAC address or the same MAC address connected to a different physical switch. An Address Resolution Protocol (ARP) request from the migrated VM can cause the switch tables to be updated. It may be less complex to freeze the VM and move it across the network. Mobile Cloud Computing Cloud Computing II 16 Note 8

9 Cloud Federation There may be situations where an enterprise needs to work with multiple cloud providers. Cloud interoperability and the ability to share information between clouds become important. This is sometimes known as cloud federation. Cloud federation manages consistency and access controls when two or more independent geographically distributed clouds share either authentication, files, computing resources, command and control, or access to storage resources. Mobile Cloud Computing Cloud Computing II 17 Cloud Federation Issues Single sign-on scheme which can be implemented: through an authentication server maintained by an enterprise that provides the appropriate credentials Or a central trusted authentication server to which all the cloud services interface could be used. CPU and storage resources may be orchestrated through the individual enterprise or through an interoperability scheme (federation agreement). How can the VM migration be done transparently and reliably? Mobile Cloud Computing Cloud Computing II 18 Note 9

10 Cloud Federation Issues Connectivity Layer 2 vs Layer 3 secure tunnel Consistency and a common understanding are required Charging or billing and reconciliation Management and billing systems need to work together business models for peering arrangements Cloud federation is a relatively new area in cloud computing. Mobile Cloud Computing Cloud Computing II 19 Security Topics The provider s security processes will need to be as good as or better than that of the enterprise. An audit of the vendor s processes will need to be done periodically, possibly including patches and security updates for the individual components. Infrastructure and data isolation must be assured between multiple tenants. The hypervisor should be treated as an OS and have the latest security patches applied. Similarly for paravirtualized operating systems. Mobile Cloud Computing Cloud Computing II 20 Note 10

11 Security Topics Security functions can run as virtual appliances. IaaS users can load and configure their own firewall or other security virtual appliance. These virtual appliances need to be managed and patched regularly. Logging and audit trails for applications are important. Cloud providers should enable access to their application monitoring and profiling tools. Authentication mechanisms are required at both ends (cloud user and provider) Mobile Cloud Computing Cloud Computing II 21 Security Topics Configuration and updates to the network infrastructure must be audited and tracked. The cloud infrastructure should support security functions such as intrusion detection and prevention, firewalling, and Denial of Service (DoS) prevention. The cloud service is vulnerable to Distributed Denial of Service (DDoS) attacks. Network-based DDoS prevention is a possible solution. The biggest issue for IT managers to adopt cloud is the problem of security and loss of control. Mobile Cloud Computing Cloud Computing II 22 Note 11

12 Virtualization and Security One option involves plug-ins to the hypervisor so that packets destined to the VMs are captured and processed by the security plug-ins. A second option is to make a specific VM handle the security functions without changing or adding to the hypervisor. For VM migration, it is important that the connection between the source and destination hypervisors is authenticated and encrypted during the course of migration. Mobile Cloud Computing Cloud Computing II 23 Virtualization and Security A rogue hypervisor could overwhelm a destination machine by migrating a large number of VMs to it. Policies and logic are required at the hypervisor level to ensure that these vulnerabilities are addressed. Network-based throttling( 節 流 ) might be required so that live migration does not cause congestion. Mobile Cloud Computing Cloud Computing II 24 Note 12

13 Standards Bodies in CC The Desktop Management Task Force (DMTF) has specified a portable format (the Open Virtualization Format, OVF) for packaging the s/w to run as a VM. Another group under DMTF called the Open Cloud Standards Incubator focuses on standardizing the interactions between cloud environments. The Cloud Security Alliance (CSA) is a new group to address security aspects with a focus on security assessment and management. Mobile Cloud Computing Cloud Computing II 25 Standards Bodies in CC The Organization for the Advancement of Structured Information Standards (OASIS) sees clouds as an extension of the Service-Oriented Architecture (SOA). The Storage Networking Industries Association (SNIA) has a Cloud Storage Technical Working Group (TWG) that works on storage standards. It has developed the Cloud Data Management Interface (CDMI). Mobile Cloud Computing Cloud Computing II 26 Note 13

14 Some Perspectives on CC Cloud computing and SOA: Some view cloud computing as a specific deployment case of an SOA. Server virtualization schemes: No matter what approach is taken, the final decision is on total costs. Other types of virtualization: such as desktop, application, and presentation virtualization. Data transfer and network bandwidth: Data needs to be sent back and forth between the cloud user and cloud provider. The charges can quickly add up. Mobile Cloud Computing Cloud Computing II 27 Some Perspectives on CC WAN acceleration for the cloud: chatty protocols and applications can benefit from WAN acceleration devices. VM migration: Need to consider the amount of data movement when a VM is migrated across a network. Management: Current paradigms are quite discrete and provide a strong level of control. Efforts are being made to unify management schemes. Energy considerations: With CC, overall energy consumption may be reduced. Mobile Cloud Computing Cloud Computing II 28 Note 14

15 Some Perspectives on CC Legal and regulatory considerations: VM migration, data migration, load balancing policies may need to consider legal and regulatory issues. Cloud providers with data centers in different countries may also encounter similar issues. Mobile Cloud Computing Cloud Computing II 29 Conclusion The area of cloud computing is very dynamic and offers scope for innovative technologies and business models. Ongoing work with respect to solutions is substantial (in vendor research labs, product development organizations, as well as in academia) It is clear that cloud computing will see significant advances and innovation in the next few years. Mobile Cloud Computing Cloud Computing II 30 Note 15

16 Assignment 1 A Service on GAE with Datastore Design a GAE service to test the Google cloud platform. Your service must use the Google Datastore for keeping data. You are encouraged to design any type of service you can think of. Must demonstrate your service and explain your design to me. Due date: Mar 22, 2012 Mobile Cloud Computing Cloud Computing II 31 Note 16

Lecture 02a Cloud Computing I

Lecture 02a Cloud Computing I Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking

More information

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight

More information

In This Issue. From The Editor

In This Issue. From The Editor December 2009 Volume 12, Number 4 A Quarterly Technical Publication for Internet and Intranet Professionals In This Issue From the Editor... 1 Cloud Computing... 2 SSH... 18 Book Review... 30 Fragments...

More information

Analysis of Network Segmentation Techniques in Cloud Data Centers

Analysis of Network Segmentation Techniques in Cloud Data Centers 64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology

More information

Cloud Infrastructure Planning. Chapter Six

Cloud Infrastructure Planning. Chapter Six Cloud Infrastructure Planning Chapter Six Topics Key to successful cloud service adoption is an understanding of underlying infrastructure. Topics Understanding cloud networks Leveraging automation and

More information

Cloud Computing Architecture: A Survey

Cloud Computing Architecture: A Survey Cloud Computing Architecture: A Survey Abstract Now a day s Cloud computing is a complex and very rapidly evolving and emerging area that affects IT infrastructure, network services, data management and

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Extending Networking to Fit the Cloud

Extending Networking to Fit the Cloud VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

Virtual Machine in Data Center Switches Huawei Virtual System

Virtual Machine in Data Center Switches Huawei Virtual System Virtual Machine in Data Center Switches Huawei Virtual System Contents 1 Introduction... 3 2 VS: From the Aspect of Virtualization Technology... 3 3 VS: From the Aspect of Market Driving... 4 4 VS: From

More information

Secure Cloud Computing with a Virtualized Network Infrastructure

Secure Cloud Computing with a Virtualized Network Infrastructure Secure Cloud Computing with a Virtualized Network Infrastructure Fang Hao, T.V. Lakshman, Sarit Mukherjee, Haoyu Song Bell Labs Cloud Security: All or Nothing? Amazon EC2 Government Cloud Shared computing,

More information

Proactively Secure Your Cloud Computing Platform

Proactively Secure Your Cloud Computing Platform Proactively Secure Your Cloud Computing Platform Dr. Krutartha Patel Security Engineer 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Agenda 1 Cloud

More information

Secure Cloud-Ready Data Centers Juniper Networks

Secure Cloud-Ready Data Centers Juniper Networks Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Table of Contents Virtualization Fueling New Possibilities Virtual Private Cloud Offerings... 2 Current Approaches

More information

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects

More information

CompTIA Cloud+ 9318; 5 Days, Instructor-led

CompTIA Cloud+ 9318; 5 Days, Instructor-led CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

How To Extend Security Policies To Public Clouds

How To Extend Security Policies To Public Clouds What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cisco Secure Network Container: Multi-Tenant Cloud Computing

Cisco Secure Network Container: Multi-Tenant Cloud Computing Cisco Secure Network Container: Multi-Tenant Cloud Computing What You Will Learn Cloud services are forecast to grow dramatically in the next 5 years, providing a range of features and cost benefits for

More information

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc. White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend: CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification

More information

Securing the private cloud

Securing the private cloud Securing the private cloud Gary Gardiner Security Engineer 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone Top Trends of 2011 1 2 3 4 5 6 7 8 9 Virtualization & Cloud Computing

More information

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM Presenter: Vinit Jain, STSM, System Networking Development, IBM System & Technology Group A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio

More information

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer

More information

Evolution from the Traditional Data Center to Exalogic: An Operational Perspective

Evolution from the Traditional Data Center to Exalogic: An Operational Perspective An Oracle White Paper July, 2012 Evolution from the Traditional Data Center to Exalogic: 1 Disclaimer The following is intended to outline our general product capabilities. It is intended for information

More information

Data Center Networking Designing Today s Data Center

Data Center Networking Designing Today s Data Center Data Center Networking Designing Today s Data Center There is nothing more important than our customers. Data Center Networking Designing Today s Data Center Executive Summary Demand for application availability

More information

Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013 Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics Qin Yin Fall Semester 2013 1 Walmart s Data Center 2 Amadeus Data Center 3 Google s Data Center 4 Data Center

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

CoIP (Cloud over IP): The Future of Hybrid Networking

CoIP (Cloud over IP): The Future of Hybrid Networking CoIP (Cloud over IP): The Future of Hybrid Networking An overlay virtual network that connects, protects and shields enterprise applications deployed across cloud ecosystems The Cloud is Now a Critical

More information

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds February 2011 1 Introduction Today's business environment requires organizations

More information

Software-Defined Networks Powered by VellOS

Software-Defined Networks Powered by VellOS WHITE PAPER Software-Defined Networks Powered by VellOS Agile, Flexible Networking for Distributed Applications Vello s SDN enables a low-latency, programmable solution resulting in a faster and more flexible

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 Network Virtualization Overview... 1 Network Virtualization Key Requirements to be validated...

More information

Software Defined Network (SDN)

Software Defined Network (SDN) Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario

More information

Network Security Demonstration - Snort based IDS Integration -

Network Security Demonstration - Snort based IDS Integration - Network Security Demonstration - Snort based IDS Integration - Hyuk Lim (hlim@gist.ac.kr) with TJ Ha, CW Jeong, J Narantuya, JW Kim Wireless Communications and Networking Lab School of Information and

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics

More information

Network Virtualization for Large-Scale Data Centers

Network Virtualization for Large-Scale Data Centers Network Virtualization for Large-Scale Data Centers Tatsuhiro Ando Osamu Shimokuni Katsuhito Asano The growing use of cloud technology by large enterprises to support their business continuity planning

More information

From Secure Virtualization to Secure Private Clouds

From Secure Virtualization to Secure Private Clouds From Secure Virtualization to Secure Private Clouds Gartner RAS Core Research Note G00208057, Neil MacDonald, Thomas J. Bittman, 13 October 2010, RV2A108222011 As enterprises move beyond virtualizing their

More information

How To Create A Cloud Based System For Aaas (Networking)

How To Create A Cloud Based System For Aaas (Networking) 1 3.1 IaaS Definition IaaS: Infrastructure as a Service Through the internet, provide IT server, storage, computing power and other infrastructure capacity to the end users and the service fee based on

More information

Lecture 7: Data Center Networks"

Lecture 7: Data Center Networks Lecture 7: Data Center Networks" CSE 222A: Computer Communication Networks Alex C. Snoeren Thanks: Nick Feamster Lecture 7 Overview" Project discussion Data Centers overview Fat Tree paper discussion CSE

More information

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Securing Virtual Applications and Servers

Securing Virtual Applications and Servers White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating

More information

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security

More information

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure

More information

CERN Cloud Infrastructure. Cloud Networking

CERN Cloud Infrastructure. Cloud Networking CERN Cloud Infrastructure Cloud Networking Contents Physical datacenter topology Cloud Networking - Use cases - Current implementation (Nova network) - Migration to Neutron 7/16/2015 2 Physical network

More information

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Introduction

More information

Citrix On-Boarding A target Cloud

Citrix On-Boarding A target Cloud Uni On-Board An Introduction to Uni Systems Cloud On-boarding services portfolio White Paper Solution Brief Contents Introduction... 3 The On-Boarding problem Defined... 3 Defining an application workload...

More information

THE INS AND OUTS OF CLOUD COMPUTING

THE INS AND OUTS OF CLOUD COMPUTING THE INS AND OUTS OF CLOUD COMPUTING and Its Impact on the Network April 2010 Rev. A 04/10 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com http://www.spirent.com AMERICAS

More information

Vyatta Network OS for Network Virtualization

Vyatta Network OS for Network Virtualization Complete Security and Compliance for Virtual Environments Vyatta takes the concept of virtualization beyond just applications and operating systems and allows enterprise IT to also virtualize network components

More information

Configuring Oracle SDN Virtual Network Services on Netra Modular System ORACLE WHITE PAPER SEPTEMBER 2015

Configuring Oracle SDN Virtual Network Services on Netra Modular System ORACLE WHITE PAPER SEPTEMBER 2015 Configuring Oracle SDN Virtual Network Services on Netra Modular System ORACLE WHITE PAPER SEPTEMBER 2015 Introduction 1 Netra Modular System 2 Oracle SDN Virtual Network Services 3 Configuration Details

More information

Table of Content Cloud Computing Tutorial... 2 Audience... 2 Prerequisites... 2 Copyright & Disclaimer Notice... 2 Cloud Computing - Overview...

Table of Content Cloud Computing Tutorial... 2 Audience... 2 Prerequisites... 2 Copyright & Disclaimer Notice... 2 Cloud Computing - Overview... Table of Content Cloud Computing Tutorial... 2 Audience... 2 Prerequisites... 2 Copyright & Disclaimer Notice... 2 Cloud Computing - Overview... 9 What is Cloud?... 9 What is Cloud Computing?... 9 Basic

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013 Intel IT Cloud 2013 and Beyond Name Title Month, Day 2013 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the

More information

The Case for Enterprise Ready Virtual Private Clouds

The Case for Enterprise Ready Virtual Private Clouds The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy University of Massachusetts Amherst *AT&T Research

More information

How To Manage A Virtualization Server

How To Manage A Virtualization Server Brain of the Virtualized Data Center Contents 1 Challenges of Server Virtualization... 3 1.1 The virtual network breaks traditional network boundaries... 3 1.2 The live migration function of VMs requires

More information

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Cisco Nexus 1000V Switch for Microsoft Hyper-V Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

SDN and NFV in the WAN

SDN and NFV in the WAN WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network

More information

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources

More information

Cisco Application Networking for IBM WebSphere

Cisco Application Networking for IBM WebSphere Cisco Application Networking for IBM WebSphere Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address

More information

Private Distributed Cloud Deployment in a Limited Networking Environment

Private Distributed Cloud Deployment in a Limited Networking Environment Private Distributed Cloud Deployment in a Limited Networking Environment Jeffrey Galloway, Susan Vrbsky, and Karl Smith The University of Alabama jmgalloway@crimson.ua.edu, vrbsky@cs.ua.edu, smith102@crimson.ua.edu

More information

Deploying Public, Private, and Hybrid Storage Clouds. Marty Stogsdill, Oracle

Deploying Public, Private, and Hybrid Storage Clouds. Marty Stogsdill, Oracle Deploying Public, Private, and Hybrid Storage Clouds Marty Stogsdill, Oracle SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies

More information

Ranch Networks for Hosted Data Centers

Ranch Networks for Hosted Data Centers Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch

More information

The Road to Cloud Computing How to Evolve Your Data Center LAN to Support Virtualization and Cloud

The Road to Cloud Computing How to Evolve Your Data Center LAN to Support Virtualization and Cloud The Road to Cloud Computing How to Evolve Your Data Center LAN to Support Virtualization and Cloud Introduction Cloud computing is one of the most important topics in IT. The reason for that importance

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

New Security Perspective for Virtualized Platforms

New Security Perspective for Virtualized Platforms , July 3-5, 2013, London, U.K. New Security Perspective for Virtualized Platforms Abdelmajid Lakbabi, Said El hajji, Ghizlane Orhanou, Kaouthar Chetioui Abstract Recently, an important transition in IT

More information

How To Protect Your Cloud From Attack

How To Protect Your Cloud From Attack A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

1.1.1 Introduction to Cloud Computing

1.1.1 Introduction to Cloud Computing 1 CHAPTER 1 INTRODUCTION 1.1 CLOUD COMPUTING 1.1.1 Introduction to Cloud Computing Computing as a service has seen a phenomenal growth in recent years. The primary motivation for this growth has been the

More information

SDN Architecture and Service Trend

SDN Architecture and Service Trend 2013 SDN 高 峰 論 壇 SDN Architecture and Service Trend Dr. Yu-Huang Chu Broadband Network Lab Chunghwa Telecom Co., Ltd., Taiwan 10/09/13 1 Outlines SDN & NFV introduction Network Architecture Trend SDN Services

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure W h i t e p a p e r VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure Table of Contents Executive Summary.... 3 Cloud Computing Growth.... 3 Cloud Computing Infrastructure

More information

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples

More information

Planning the Migration of Enterprise Applications to the Cloud

Planning the Migration of Enterprise Applications to the Cloud Planning the Migration of Enterprise Applications to the Cloud A Guide to Your Migration Options: Private and Public Clouds, Application Evaluation Criteria, and Application Migration Best Practices Introduction

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

Impact of Virtualization on Cloud Networking Arista Networks Whitepaper

Impact of Virtualization on Cloud Networking Arista Networks Whitepaper Overview: Virtualization takes IT by storm The adoption of virtualization in datacenters creates the need for a new class of networks designed to support elasticity of resource allocation, increasingly

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

Installing Intercloud Fabric Firewall

Installing Intercloud Fabric Firewall This chapter contains the following sections: Information About the Intercloud Fabric Firewall, page 1 Prerequisites, page 1 Guidelines and Limitations, page 2 Basic Topology, page 2 Intercloud Fabric

More information

Overcoming Security Challenges to Virtualize Internet-facing Applications

Overcoming Security Challenges to Virtualize Internet-facing Applications Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing

More information

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of

More information

Cloud Security and Data Protection

Cloud Security and Data Protection Cloud Security and Data Protection Cloud Strategy Partners, LLC Sponsored by: IEEE Educational Activities and IEEE Cloud Computing Course Presenter s Biography This IEEE Cloud Computing tutorial has been

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

STeP-IN SUMMIT 2013. June 18 21, 2013 at Bangalore, INDIA. Performance Testing of an IAAS Cloud Software (A CloudStack Use Case)

STeP-IN SUMMIT 2013. June 18 21, 2013 at Bangalore, INDIA. Performance Testing of an IAAS Cloud Software (A CloudStack Use Case) 10 th International Conference on Software Testing June 18 21, 2013 at Bangalore, INDIA by Sowmya Krishnan, Senior Software QA Engineer, Citrix Copyright: STeP-IN Forum and Quality Solutions for Information

More information

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions

More information

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net JUNIPER One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net 2-3-7: JUNIPER S BUSINESS STRATEGY 2 Customer Segments 3 Businesses Service

More information

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding www.citrix.com Contents Introduction... 3 The On- boarding Problem Defined... 3 Considerations for Application On- boarding...

More information

Software Defined Environments

Software Defined Environments November 2015 Software Defined Environments 2015 Cloud Lecture, University of Stuttgart Jochen Breh, Director Architecture & Consulting Cognizant Global Technology Office Agenda Introduction New Requirements

More information

Network Access Control in Virtual Environments. Technical Note

Network Access Control in Virtual Environments. Technical Note Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information