Secure Elecion Infrasrucures Based on IPv6 Clouds Firs IPv6-only OpenSack Cloud used o deliver producion services is de-ployed by Nephos6, Cikomm and SnT-Universiy of Luxembourg. Laif Ladid, Presiden, IPv6 Forum; Research Fellow and Gabriela Gheorghe, Researcher, SnT, Universiy of Luxembourg discuss Why? IPv6 iself enables addressabiliy and hus helps endo-end conneciviy, when i comes o many heerogeneous compuing resources (for example, mobile devices and Inerne of Things). Cloud sysems help reduce spending on infrasrucure, improve accessibiliy, and enable scaling. Cloud sofware o deploy and manage flees of virual resources is already available, eiher proprieary or opensource; his echnology is already offering managemen feaures ha nework adminisraors were only dreaming abou before. Togeher, cloud and IPv6 make sense ogeher be-cause he resources ha IPv6 can access, can be virualised in he cloud and conrolled remoely. Laif Ladid, IPv6 Forum Presiden During he 2014 elecions in Germany, a producion ready, IPv6-based Opensack Cloud esablished a he Universiy of Luxembourg successfully delivered elecion resuls o German voers, a World Firs o pioneer he fuure of he open world of cloud compuing! said Laif Ladid, Presiden, IPv6 Forum and Research Fellow a he Universiy of Luxembourg. Cloud and IPv6 make sense ogeher For public adminisraions engaged in building fuure-proof infrasrucures, IPv6 and cloud sysems managed in-house are worh o consider ogeher. Boh cloud infrasrucures and IPv6 are echnologies of he presen and i is ime o make hem par of he fuure. Elecion pilo based on an IPv6-enabled cloud The Universiy of Luxembourg (UL) hosed he firs IPv6-only cloud in a producion environmen, in cooperaion wih Cikomm and Nephos6. This cloud sysem served he May 2014 elecions in Germany for he Cikomm cusomers, and successfully served 5% of he requess of all he ciizens accessing he elecion resuls presened here. The service showcased by his pilo is he presenaion of he elecion websie. Throughou he elecion days, ciizens of various municipaliies in Norh-Rhine Wesfalia could access he curren voing coun on a Cikomm-hosed websie (hp://wahlen.cikomm.de/). The backend webserver for his websie has radiionally been IPv4-only, and wih his pilo we showcased wo novelies a he same ime: IPv6 enablemen of websie needed especially by hose ciizens accessing i from machines ha are IPv6 enabled; 28 InerComms www.inercomms.ne
DEVELOPMENT NEW SERVICE DELIVERY Cloud compuing assurance (availabiliy, resilience, scalabiliy, securiy) when i comes o handling large amouns of user raffic. The pilo achieved is purpose fully. I employed an open-source cloud disribuion, OpenSack Havana, ha was adaped in-house o suppor IPv6, as naive IPv6 suppor is no ye official. The pilo has passed an inensive esing phase ha covered heavy load generaion and handling. During he es and producion phase, he pilo was subjec o exensive QoS monioring and performance daa collecion. The pilo gahered ogeher a number of presenaion servers on he Cikomm sie, and wo ohers on he Luxembourg sie. This is shown in figure 1 below. The firs figure shows how resources from differen locaions (one is QSC, he oher is he Luxembourg sie) were inegraed ogeher under he same cikomm.de domain. The QSC resources are all IPv4-only, while he Luxembourg ones were addressable only via IPv6. Figure 2 below shows he deploymen a he UL sie in more deails: on 4 physical servers (of which one is a cloud conroller and he oher 3 are cloud nodes) here are a number of virual resources in he cloud. These resources are virual machines: images of complee operaing sysem and applicaions running on op of i. These virual resources are managed inernally by he cloud operaing sysem OpenSack in his case and are siuaed in he same nework segmen in he universiy nework, proeced by a firewall. Transiion o IPv6 The ransiion o IPv6 can be of he applicaion o be virualized and deployed in he cloud, on he secropensack sysem iself. In our case, he applicaion o be run in he cloud was Figure 2 he presenaion websie. This was HTML code and hence was independen of he IP proocol undersood by he browser. The inegraion of IPv6 in OpenSack is no ye officially achieved in he open-source communiy. A UL, he OpenSack Havana esbed has been pached for full IPv6 suppor wih he help from Nephos6, an IT company based in Raleigh, USA. All deails of he pach can be found in a previously published whiepaper (hp://www.nephos6.com/ pdf/opensack-havana-on-ipv6.pdf) and hey cover he address assignmen, and some rouing issues in OpenSack. The pach is relaively easy o deploy and, once insalled, i is possible o launch virual machines wih naive IPv6 addresses. The pach will be officially inegraed in he nex version of he OpenSack sofware. When virual machines can have IPv6 addresses, hey can be accessible direcly, wihou any need for inermediae (proxy) configuraions, by boh users and nework adminisraors. In oher words, everyhing ha is se up wihin hese virual machines becomes immediaely accessible o everybody. Think of a virual machine as a virual compuer, where any applicaion can run o serve user, and communicae wih oher virual machines o achieve a common purpose. Complex infrasrucure monioring a your fingerips As ypical cloud-based sofware goes, OpenSack gives a very granular way o manage virualized resources. Virual resources in his scenario hos he webserver of he elecion resuls websie, and here hey are virual machines wih a Linux operaing sysem on op. Some of he managemen feaures offered by OpenSack for virual machines cover: Virual machines can be swiched on, off, can be paused, can be replicaed a various saes in heir lifecycle, Virual machines can be firewalled in differen ways from he OpenSack dashboard, Virual machines can change nework configuraions (one-by-one or in groups). For example, machine insances can be assigned differen virual IPv4 or IPv6 addresses, Virual machines can be moniored individually or in groups a hypervisor level, Virual machines can be made o execue scrip acions a booup, Virual machines can be migraed from one physical hos o anoher, wihou losing sae. Figure 1 29 InerComms www.inercomms.ne www.inercomms.ne InerComms 29
Figure 3 shows one view from he OpenSack dashboard he conrol room of he cloud from where he cloud adminisraor can visualize he exising resources, une hem, or change various parameers of he infrasrucure. These feaures are included in he ou-of-he-box OpenSack sofware. Therefore, wih cloud feaures, e-governmen infrasrucures can be managed beer han ever before: he adminisraor can access virual resources, baremeal sysem and nework informaion a any ime and a differen levels of granulariy (virual machines, virualizaion level, hardware moniors on he physical machines on which he virual resources reside), scaling (up or down) of resources can be achieved a runime wih he press of a buon, since elasiciy is one of he main feaures of cloud sysems, and is implemened in OpenSack as is, essenial informaion in he area of runime QoS monioring and assurance. As a proof of concep, UL has experimened on he monioring feaures ha already exis and ha can be added on op of his cloud disribuion. This work was done ogeher wih Cikomm and Nephos6. We have insrumened he ypical OpenSack monioring so ha an e-governmen infrasrucure adminisraor can be offered more informaion abou he disribued sysem in a cenralized way. In his work, and in he following figures, we have used Sonar, a Nephos6 Service Assurance ool. During he acual elecions, we moniored he enduser experience from several locaions in Europe and in he US. We measured HTTP response ime hroughou he elecion day for all virual resources ha users could access (one single URL could direc end-users o he UL infrasrucure when he connecion was over IPv6), and correlaed his ime wih some informaion from wihin he UL deploymen. This approach is useful for several main reasons: firs, he adminisraor can have a concree idea of he user-side experience of he applicaion running on op of he virualized infrasrucure. This can be seen in figure 4, showing he user-side experience of he Cikomm URL hp://wahlen.cikomm.de/ during he elecion on he 25h of May, beween 8pm and 9:45pm. Second, he adminisraion can compare user experience from differen locaions. Figure 5 shows how, in our proof of concep, he adminisraor can experience a cloud dashboard: a map of Europe wih he marks for where he monioring scrips are deployed, and a diagram showing he performance experienced from he differen locaions when accessing he resource in he cloud (in his case, he elecions websie a he URL indicaed above). This informaion can provide hins abou poenial problems (e.g., i is likely a nework problem if he user experience Figure 3 Figure 4 30 InerComms www.inercomms.ne
Figure 5 is bad from some locaions, while i can be a server-side problem if he user experience is bad from all locaions). For example, in he figure below he red line, corresponding o he Gen6 OpenSack locally-deployed measuremen scrip, has a much beer performance han he oher wo, which are subjec o nework delays associaed wih heir locaion. Third, he adminisraor can ac on he observed issues, wheher by invesigaing a he server-side, or by moving resources from one virual/physical nework o anoher, or by saring up new resources. These possibiliies are no available in radiional neworks. In our proof of concep, we could visualize differen ypes of monioring daa in he same dashboard: HTTP daa and ping, for he applicaion running on op of he cloud infrasrucure, Daa repored by monioring ools such as Munin, ha look a disk, CPU and nework operaions when virual machines run, Physical infrasrucure daa (he physical machines on which he virual resources are running) ha is gahered and repored by a service wihin OpenSack called Ceilomeer, which is in charge of reporing sysem saisics. This rich palee of daa is exremely useful for he infrasrucure adminisraor, as i can be used for roo-case analysis and miigaion in case here is an infrasrucure inciden. Moreover, wih muliple virual resources addressable by IPv6, he roubleshooing process is becoming easier because addressing is now sraighforward: every virual machine can be direcly accessed and queried. Wih radiional IP addresses, he adminisraor had a much harder ime o configure NAT and firewalls on individual middleboxes in he infrasrucure. Securiy consideraions Securiy requiremens of he elecion infrasrucure in our experimen cover several aspecs: Firewalling over he physical and virual resources, o preven unauhorized access a nework level. Even hough IPv6 eliminaes NATs, he need for a correcly configured firewall is jus as dire when using IPv6 as when using IPv4, Access conrols when i comes o accessing he virual resources (e.g., he websie and is up-daes, he backend connecion, log daa backups), Resource exhausion deecion / prevenion are paricularly needed in a cloud conex in which illegiimaely demanding resources can exhaus he physical capabiliies, because he cloud s inner elasiciy mechanisms would be riggered easily, Securiy monioring and esing, which are pars of common securiy and reliabiliy pracices. Firewalling in OpenSack can be done from he main adminisraor dashboard, he Securiy groups seings ab. Figure 6 shows how an adminisraor can view and edi securiy group rules for virual machines and se consrains on he inbound and oubound raffic on IP level and above. Advanced access conrols for auhenicaion and auhorizaion are available in OpenSack s command line inerface. OpenSack s ideniy service can be conneced wih an LDAP server, exernal muli-facor auhenicaion services or Kerberos sysems. A super-adminisraor can creae accouns and associae permissions o wha OpenSack calls enans isolaed projecs (i.e., ses of virual resources managed by a single adminisraor) in he cloud. Tenans are subjec o quoa conrols (e.g., number of virual machines hey can launch, number of processor cores hey can occupy, IP address space hey can use, disk space, ec). Tenans resric, herefore, a user s access o cerain virual resources; access key pairs for resources are available per user, bu, as he OpenSack manual menioned, quoas conrol resource www.inercomms.ne InerComms 31
Figure 6 consumpion of each enan across hardware resources, o ensure enan isolaion. Advanced logging and monioring feaures o view user aciviy are also available. For cloud enans such as elecion esbeds, resource exhausion evens can be highly damaging because hey affec he elecion websie and hence ciizens will no longer be able o access i. The enan-based design ha comes naively wih OpenSack can isolae damage from one enan o anoher, hence he spreading of he problem is limied o he physical resources ha he paricular enan is using. Neverheless, exhausing resources wihin a enan says problemaic, and ha is usually brough by Denial of Service (DoS) aacks. In he elecion scenario, UL has been considering how analyics on monioring daa can be used o enable reliabiliy and sysem securiy in he face of DoS aacks. In our approach, by periodically probing he elecion websie i can be inferred if he websie is accessible from all virual sies; if ha is no working as expeced (e.g., response ime wihin a given ime hreshold), i is possible o infer, by disribued monioring, wha resources are underperforming. There are several ways o reac o his siuaion: spawn new resources on he fly and reroue raffic here, migrae virual machines o differen physical hoss, resar virual machines. OpenSack makes i easy and painless o perform such reacions, depending on he siuaion a hand. Conclusions from his GEN6 pilo Wih his experimen, we have shown ha exising e-governmen services can be enabled wih IPv6 and ha open-source cloud disribuions can successfully face real-world requiremens for he public secor. Moreover, our proof of concep shows ha i is possible o inegrae cloud-based services ino a real infrasrucure and add o is scalabiliy, and wih OpenSack hose operaions are now a realiy. The resuling sysem, wih a mix of physical and virual resources working ogeher, can successfully handle real-world peak load, and boh IPv4 and IPv6 "islands" can co-exis in he same infrasrucure and bring added value. In all, we have shown ha i is possible o build fuure proof infrasrucures wih boh IPv6 and cloud echnologies. For more informaion visi: www.io6.eu Furher resources OpenSack Adminisraor s Guide: hp://docs.opensack.org/admin-guide-cloud/conen/ch_preface.hml OpenSack Securiy Guide, hp://docs.opensack.org/securiy-guide/securiy-guide.pdf Press release on Cikomm-UL-Nephos6 elecion cloud esbed, hp://www.gen6-projec.eu/fileadmin/gen6/flyer_gen6/pressemieilung_gen6_02.06.14.pdf Cikomm video-repor on he May 25h 2014 elecion (in German), hp://www.cikomm.de/ueber-uns/news/deailansich/aricle/video-vom-cikomm-wahlabend.hml 32 InerComms www.inercomms.ne