50120130405007
Upcoming SlideShare
Loading in...5
×
 

50120130405007

on

  • 243 views

 

Statistics

Views

Total Views
243
Views on SlideShare
243
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

50120130405007 50120130405007 Document Transcript

  • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME 49 A PROPOSED MODEL FOR MAPPING INFRASTRUCTURE AS A SERVICE IN CLOUD COMPUTING WITH HARDWARE FIREWALL FOR DISTRIBUTED SECURITY ENVIRONMENT Amardeep Das1 Abhaya Kumar Sahoo2 Department of Information Technology, C.V.Raman College of Engineering, Mayank Tiwary3 Bhubaneswar, India ABSTRACT Cloud computing is a colloquial expression used to describe a variety of different types of computing concepts that involve a large number of computers connected through a real-time communication network (typically the Internet). Cloud computing is a synonym for distributed computing over a network and it means the ability to run a program on many connected computers at the same time. The phrase is also, more commonly used to refer to network-based services which appear to be provided by real server hardware, which in fact are served up by virtual hardware, simulated by software running on one or more real machines. Such virtual servers do not physically exist and can therefore be moved around and scaled up (or down) on the fly without affecting the end user - arguably, rather like a cloud. In the most basic cloud-service model, providers of IaaS offer computers - physical or (more often) virtual machines and other resources. A hypervisor, such as Xen or KVM, runs the virtual machines as guests. Pools of hypervisors within the cloud operational support-system can support large numbers of virtual machines and the ability to scale services up and down according to customers' varying requirements. Our aim of the work is to create a model by which mapping of infrastructure as a service with hardware firewalls can be done. So, simulation of physical machines from Internetwork Operating System of hardware firewall can be created in form of virtual machines and can be used to satisfy individual customer security needs. Keywords: Cloud Computing, Distributed environment, Firewall, Hypervisor, IaaS. 1. INTRODUCTION Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. In cloud computing or “the INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 4, Issue 5, September – October (2013), pp. 49-54 © IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2013): 6.1302 (Calculated by GISI) www.jifactor.com IJCET © I A E M E
  • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME 50 Internet”, different services such as servers, storage and applications are delivered to an organization's computers and devices through the Internet. Cloud computing is comparable to grid computing, a type of computing where unused processing cycles of all computers in a network are harnessed to solve problems for any stand-alone machine. The goal of cloud computing is to apply traditional supercomputing, or high-performance computing power, normally used by military and research facilities, to perform tens of trillions of computations per second, in consumer-oriented applications such as financial portfolios, to deliver personalized information, to provide data storage or to power large, immersive computer games. To do this, cloud computing uses networks of large groups of servers typically running low-cost consumer PC technology with specialized connections to spread data-processing chores across them. This shared IT infrastructure contains large pools of systems that are linked together. Often, virtualization techniques are used to maximize the power of cloud computing. In computing, a firewall is software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on a rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted. Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and conversely many firewalls can perform basic routing functions. The aim of our work is to map IaaS of cloud computing with hardware firewall. If future firewalls use IaaS, simulate their IOS and provide virtual firewall machines to their clients, then they can drastically change the current scenario of cloud service provider’s datacenter. In this paper we propose a model which can satisfy future cloud customers, on their demand of separate security layer for their cloud services. 2. CLOUD COMPUTING IAAS FUTURE SCOPE AND PROBLEMS 2.1 Infrastructure as a Service Nowadays cloud computing has evolved into a highly demanded and secure computing, out of its many features and services we primarily focus on infrastructure as a service. Fig1. Infrastructure As a service in today’s data center
  • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME 51 IaaS is a branch of cloud computing which delivers virtual machines as a service to customers. IaaS is of different types in different cases such as bare metal virtualizations, Para virtualizations etc. In this service the hypervisor plays the main role. In bare metal virtualizations the hypervisor is directly installed on physical servers as base operating systems. Upon the hypervisor the virtual machines or other operating systems are installed. Here every physical server has got a central storage such as a SAN or a NAS. Today’s hypervisors have got great features of load balancing between the primary and secondary virtual machines. The whole process of load balancing is totally dependent on the central storage. Examples of today’s hypervisors include Microsoft Hyper-V, ZEN, KVM, VMWARE ESX, etc. 2.2 The role of firewall in IAAS data center Today firewalls play a vital role in securing data centers incoming traffic. Firewalls can be said as a bottleneck of traffic coming inside and outside of the data centers. Firstly their work is translating network address (NAT), then adding different layers of security for the enterprises. Today’s latest firewalls such as Cisco ASA, PIX and FWSM provide a great deal of security features such as threat detection, port filtering, in-cast congestion control, reverse path forwarding check and many more. In many patterns of incoming traffic, they also perform dynamic rule re-ordering, building of optimized decision tree which could increase the average time efficiency of the packet matching algorithms. In IAAS environment the firewalls provide security for the whole data center. These need different set of security policies that satisfy every customer needs. Fig2. A typical diagrammatic view of IAAS service provider’s data center firewall View slide
  • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME 52 3. RELATED WORK 3.1 Future Problems with growing demands of IAAS in cloud computing There is a very high growth rate of cloud service providers in the market. These providers provide every type of cloud services which include PaaS, SaaS, Iaas etc. We have focused mainly on IaaS scope and its problems. When in future the demand of virtual machines will grow very rapidly or in other words when huge mass will ask for safe, secure and cost effective virtual machines on cloud, there may arise a shortage of resources of security to fulfill an individual security needs or demands. It may not affect when the demand is less as of today’s environment where the need is only for 10 or 15 virtual machines on cloud. But In future when the demand grows and the demand of virtual machines on cloud grows from 50 to 60, then the needs of security will also rise and it becomes very much difficult for administrators to satisfy each individual with their security needs. 3.2 Solutions which could solve the problems The problem of providing separate layer of security differently for each customer can be solved if we start virtualization with hardware firewalls. This can be done the same way as IaaS works. As like IaaS if firewalls start providing virtual firewall machines to their clients, the customers demanding separate security can also get a virtual firewall on the same cloud and they can optimize the firewall according to their needs. Now the customers will get many other benefits too including separate firewall console. 4. TYPICAL TODAY'S SCENARIO Today the data centers or cloud providers don’t seem to offer separate firewall console or separate layer of security for each customer. In today’s environment the administrators try to minimize the customer’s needs using only one firewall, which may become in-sufficient when the grow of demand rises. 5. VIRTUALIZATION WITH HARDWARE FIREWALLS We propose a model for firewalls which would provide an efficient way of scaling virtual firewall machines. This can be done if we use hypervisors the same way we do for physical machines. Our architecture too needs a central storage and many hardware firewalls connected in clusters which could handle all the policy and user settings of each virtual firewall machine. If the firewalls have a base operating system i.e a firewall hypervisor instead of the main IOS, then the IOS will be installed on that hypervisor. Now virtualizations can be done with firewalls. Our model also adds much functionality to the existing model. The load balancing of virtual firewall machines can be done also. The load balancing is done with many parameters such as if load for one virtual firewall machines increases on one node of firewall clusters and any other nodes are getting comparatively less load, then that virtual machine can be shifted on other nodes of clusters getting less load. View slide
  • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME 53 Fig3. Firewalls Network Diagram 5.1 Other Benefits of Virtualization with firewalls This type of virtual machines could also satisfy other needs. If we need to get other IOS or upgraded versions, we can easily get it by just installing the upgraded IOS on the hypervisor. The configuration of virtual firewall machines can also be done remotely. We can now implement or install multi-vendor operating systems for the firewalls on the same hypervisor. Now again for multi- vendor operating systems the architecture of the firewall’s hardware has to be open. This will also give rise to the further development of the firewall’s operating systems. 5.2 Unified working of proposed model If variation of hypervisors exists, it becomes very difficult for standardization. It is highly difficult to create firewall clusters and implement our model for serving distributed security console to IaaS customers. So in this situation it is necessary for us to create standards for communication of multi-vendor hypervisors to implement our proposed model. In future if multi-vendor hypervisors starts to communicate even if in IaaS with cloud services, then also it would solve out most of the problems such as independent virtual-machine load transfer from one hypervisor of one vendor to other hypervisor of other vendor. 6. CONCLUSION In this paper, we have focused on virtualization of hardware firewalls for creating virtual firewall machines, which could work in the same way as that of virtual machines. These virtual firewall machines could be created by installing the hypervisor as the base operating system, and then installing the IOS or the actual operating system over the hypervisors. This primarily needs a central storage and other firewalls nodes in cluster. This could also facilitate much other functionality such as load balancing between virtual firewall machines and installation other vendor independent operating systems on the hypervisors. This model of architecture mainly adds a separate layer of security for the customers hiring cloud services form the service providers, in form of virtual firewall machines. In this paper, we have proposed a new model which could start virtualization with firewalls and solve the problem of demands for separate security layer from the cloud customers getting cloud services in bulk from the service providers.
  • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME 54 7. REFERENCES [1]. P.Y. Danet et al., “Future Internet Strategic Research Agenda, Ver. 1.1,” Cross-European Technology Platforms (X-ETPs) Group, 2010. [2]. M. Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing, tech. report EECS-2009-28, Univ. of California, Berkeley, 2009. [3]. Q. Zhang, L. Cheng, and R. Boutaba, “Cloud Computing: State-of-the-Art and Research Challenges,” J. Internet Services and Applications, vol. 1, no. 1, 2010, pp. 7–18. [4]. J. Greenberg et al., “The Cost of a Cloud: Research Problems in Data Center Networks,” Computer Communication Rev., vol. 39, no. 1, 2009, pp. 68–73. [5]. L.M. Vaquero-Gonzalez et al., “A Break in the Clouds: Towards a Cloud Definition,” Computer Communication Rev., vol. 39, no. 1, 2009, pp. 50–55. [6]. J. Cardoso, K. Voigt, and M. Winkler, “Service Engineering for the Internet of Services,” Enterprise Information Systems, Lecture Notes in Business Information Processing, vol. 19, no. 1, Springer, 2009, pp. 15–27. [7]. A. Li et al., “CloudCmp: Comparing Public Cloud Providers,” Proc. 10th Ann. Conf. Internet Measurement, ACM, 2010, pp. 1–14. [8]. J. Tordsson et al., “Cloud Brokering Mechanisms for Optimized Placement of Virtual Machines across Multiple Providers,” Future Generation Computer Systems, vol. 28, no. 2, 2012, pp. 358–367. [9]. D. Zissis and D. Lekkas, “Addressing Cloud Computing Security Issues,” Future Generation Computer Systems, vol. 28, no. 3, 2012, pp. 583–592. [10]. A.Madhuri and T.V.Nagaraju, “Reliable Security in Cloud Computing Environment”, International Journal of Information Technology and Management Information Systems (IJITMIS), Volume 4, Issue 2, 2013, pp. 23 - 30, ISSN Print: 0976 – 6405, ISSN Online: 0976 – 6413. [11]. R Suchithra and Dr.N.Rajkumar, “Virtual Machine Placement in a Virtualized Cloud”, International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 3, 2012, pp. 435 - 445, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375. [12]. Varun S. Moruse and A.A.Manjrekar, “Software Defined Network Based Firewall Technique”, International Journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 2, 2013, pp. 598 - 606, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375. [13]. Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, “Security in Cloud Computing”, International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 1, 2012, pp. 258 - 265, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.