SAN DIEGO - A paper presented at the recent HotCloud '09 Conference proposed a method that will help overcome some of the most significant issues that some organizations have towards cloud computing: Control over network resources and security that is required in order to reduce the risk of computing over a cloud. The paper, entitled "The Case for Enterprise-Ready Virtual Private Clouds", is a collaborative effort between the University...
of Massachusetts, Amherst and AT&T Research Labs.
The issues raised in the paper were addressed in slightly different ways by other researchers (see Private Virtualization Infrastructure and Trusted Cloud Computing for other approaches). Although all three papers describe similar concerns, each takes a somewhat different approach at attacking the issues.
"The separation of cloud and enterprise resources...can lead to security concerns" because "enterprise customers must utilize IP addresses on the public Internet in order to link application components in the cloud to their own sites," the Virtual Cloud paper suggested. "The lack of coordination between network and cloud resources leaves the customer … responsible for … arranging for traffic isolation and bandwidth guarantees with a separate network service provider," the paper continued.
The solution to the issues raised is something the authors call CloudNet, a framework that joins VPNs and cloud computing. The authors propose creation of what they call a Virtual Private Cloud (VPC). VPCs are created "by taking dynamically configurable pools of cloud resources and connecting them to enterprise sites with VPNs." According to the authors, a VPC can span multiple cloud data centers.
The CloudNet architecture uses two controllers that automate management of resources in both the cloud computing data centers and the provider network:
The Cloud Manager handles creation of virtual machines and manages performance within each VPC. The Cloud Manager uses several forms of virtualization, allowing physical resources to be shared across many customers.
The Network Manager is run by the network provider. It is responsible for creation and resource provisioning of the VPN. The Network Manager configures the provider edge (PE) routers to create VPN endpoints.
The Cloud Manager and Network Manager communicate with each other, coordinating the link between the network and the customer systems. The communication is also necessary when a virtual machine is migrated between cloud sites.
The authors concluded that "CloudNet can provide secure and seamless cloud resources to enterprises." This was a research paper, and no target data for actual implementation - if at all - was provided by the authors.
Dig Deeper on Data security in the cloud