SlideShare a Scribd company logo

VPN in Virtualized DataCenter

Download as PPTX, PDF
Jang Group of Companies
Jang Group of Companies

This presentation is my final synopsis defense on "Performance comparison of VPN at different layers of virtualized data center"

Technology
1 of 38
MS-IS Synopsis Defense Date: 05-10-2015 Performance Analysis of VPN at Different Levels of Virtualized Data Center 1
2 By Muhammad Kamran 10727 Supervised By Dr. Muhammad Yousaf Assistant Professor
3 Data Center Data Center is a central repository that contains servers, network devices (switch, Router), security devices (Firewall, IDS, IPS) and storage devices (FC SANS, ISCSI SANS, NAS). Data center provides all the IT related services from single location.
Physical Data Center Collection of physical resources (Servers, Switches, Routers, Firewalls, SANs) that connected with each others through physical links. Virtualized Data Center Data center where some of the hardware (e.g., servers, routers, switches, and links) are virtualized. Virtual Data Center Data center where all of the hardware (e.g., servers, routers, switches, and links) are virtualized. 4 Data Center types
Data Center Physical Infrastructure Fibre Channel Storage Fibre Channel Ethernet NFS Storage iSCSI Storage Network Applications Operating System Physical Host 5
Virtual Data Center Infrastructure Hypervisor Host Fibre Channel Fibre Channel Storage Ethernet NFS Storage iSCSI Storage Network Virtual Machines 6
BareMatel (Type1) Install as operation System. VMware Esxi, Microsoft Hyperv, Citrix XEN, Linux KVM. Hosted (Type 2) Install as application on Operating System. VMware Workstation, Oracle Virtual Box. 7 Hypervisor
Virtual architecture Hypervisor Physical architecture x64 architecture operating system application virtual switch x64 architecture Virtual Network 8
Virtual Switch Physical Switch Virtual Network Load balancing 9
VPN is a widely deployed mechanism for improving the security of data center. It provides: – Enhanced Security – Remote Control – Online Anonymity – Unblock Websites & Bypass Filters – Better Performance – Reduce Costs. VPN 10
• Virtualization provide services to external users like Cloud Computing Services, and to provide security for the connections to internal network, one of the ways is to establish a VPN connection/channel between end points. • VPN are mostly deployed on firewalls. • Deploying VPN for secure communication in not just Physical datacenter but in virtualized environment, there comes problems of Performance, Security, Reliability, Stability and Availability for the Network. Problem Statement 11
Related Work Literature Survey The research on VPN and its impacts on different techniques are mentioned in the tabular form. Mostly techniques involve the effect of VPN on security and performance. 12
No. Reference Analysis Results 1. [1] The analysis of IPSec and SSL in terms of Security and Performance produced that IPSec/SSL depends on security needs IPSec performs betters when compared to SSL, against all security algorithms (DES, 3DES, AES, BlowFish) 2. [2] Performance evaluation of IPSec, PPTP, SSL is done with different security algorithms (3DES, BlowFish, AES) on Different Operating Systems (Windows 2003, Linux, Vista). •In PPTP the difference of performance is negligible but when it comes to DES and AES Linux gives lowest throughput with highest CPU Usage •Windows 2003 is the lowest consumer of CPU except IPSec traffic. Vista almost gives the same results as Linux 3. [3] Effects of video and audio streaming on performances over VPN technology with Novell Netware and Windows 2000 The CPU usage obtained on the Novell platform, the differences are significant. The utilization in Windows never goes more than 4 % but with the Novell platform it touched 10 % for a single encrypted tunnel
4. [4] A performance comparison of OpenVPN and IPSec based VPN measurements including throughput, same cipher and key length From implementation point of view author decided to choose OpenVPN, due to its simplicity and fast and straightforward implementation 5. [5] To investigate the impact of using VPN together with firewall on cloud computing performance 1.The integration of VPN with Firewall in cloud computing will reduce the throughput 2.No traffic received for e-mail application in Cloud-computing with Firewall and no VPN. 3.In web browsing applications, there would be traffic sent and received in the case of cloud computing with VPN and without VPN.
6. [7] Impact of protocols (SSL, PPTP, IPSec) on end-to-end user application performance using metrics such as throughput, RTT, jitter, and packet loss on windows XP SP/2 host (vpn client) connected to a windows server 2003 host (vpn server) ) and to a fedora core 6 host (vpn server) TCP Throughput: PPTP on windows server 2003 is the first, PPTP on fedora core 6 is the second, OpenVpn on fedora core 6 is the third, L2TP/IPsec on fedora core 6 is the forth, L2TP/IPsec on windows server 2003 is the fifth, OpenVpn on windows server 2003 is the last in the TCP throughput RTT: PPTP on windows server 2003 is the first, PPTP on fedora core 6 is the second, L2TP/IPsec on windows server 2003 is the third, OpenVpn on fedora core 6 is the forth, OpenVpn on windows server 2003 is the fifth, L2TP/IPsec on fedora core 6 is the last in RTT
UDP Throughput: PPTP on windows server 2003, PPTP on fedora core 6, L2TP/IPSec on windows server 2003, and L2TP/IPSec on fedora core 6 the UDP throughput is equal to the transmission rate if the transmission rate is less than 8000 kbits/sec and is less than the transmission rate if the transmission rate is more than 8000 kbits/sec, OpenVpn on windows server 2003 and OpenVpn on fedora core 6 the UDP throughput is equal to the transmission rate if the transmission rate is less than 200 kbits/sec and is less than the transmission rate if the transmission rate is more than 200 kbits/sec.
7. [8] Analysis includes performance measurement, link quality and stability analysis, feature comparison, interaction with TCP/IP protocols The results are dramatic loss of performance and throughput because of encapsulation and authentication techniques and than adding VPN increase complexity and calculations. This study draw the result that IPSec’s performance is the lowest compared to PPTP/L2TP 8. [9] To secure voice over IPSec VPNs while guaranteeing the performance and quality of services, without reducing the effective bandwidth by using the AVISPA model Newer VoIP over VPN security solution that adopts IPSec tunneling protocol in combination with cRTP and IPHC compressions technologies and uses SIP to exchange IPSec parameters. This solution provides security for voice traffic and guarantees performance and quality of services, without reducing the effective bandwidth
9. [10] Analysis based on structure, security and benefits of VPN technology for corporate networks VPN technology can provide highly secure communications between corporate networks and their branch-offices, remote employees, or business partners. VPN provides communication at low cost and require little management skills from the administrators.
The limitation in all of the previous studies are: 1. Implementations are done not done on different levels of Virtual Environment 2. Implementations are specific to old versions of OS [2] 3. security/performance is main concern of IPSec and SSL VPN not other attributes like availability [1] 4. Performance measurements doesn’t include virtual architecture [1] Limitations of Existing Techniques 19
5. No QOS, No Site-Site VPN Analysis of Multimedia Application [3] 6. Decrease in traffic flow when VPN is deployed in Cloud Computing (Doesn’t include the study of VPN when firewall is deployed as :Physical FW, Appliance FW, Distributed FW: with VPN?) [5] 7. Software VPNs have a significant impact on performance, producing high CPU usage and limiting network throughput [6] 20
8. No Performance evaluation of the remote access VPN protocols on Software/Hardware VPN [7] 21
Proposed Solution VPN Performance on FW as Hardware in VDC VPN Performance on FW as VA in VDC VPN Performance on FW as Application in VDC VPN Performance on Integrated & Distributed FW in VDC I want to compare the VPN performance in Virtualized Environment (DC) on these scenarios: 22
Data Center Topology Ethernet iSCSI Storage Network Host1 Host2 23
Scenario:1 IPSec/SSL in Hardware FW Virtual Switch Firewall Physical Switch IPSec/SSL Connection 24
Hypervisor VM1 VM2 VM05 VM3 VM4 NSX Network Virtualization Logical L2 Logical Firewall Logical Load Balancer Logical L3 Logical VPN IPSec/SSL Connection Scenario:2 IPSec/SSL in Integrated & Distributed FW 25
Hypervisor VM1 VM2 Firewall Appliance VM3 VM4 Scenario:3 IPSec/SSL in FW as Appliance IPSec/SSL Connection 26
Hypervisor VM1 VM2 VM3 VM4 Scenario:4 IPSec/SSL in FW as Application IPSec/SSL Connection 27
Performance Comparison • Performance of IPSec/SSL VPN deployment strategies will be compared base on Communication Delays, Data Rate, CPU Usage on different levels of Virtualization. Performance: 28
Virtualized data center on VMware hypervisor VMware vCenter for management of virtualized data center 4 Virtual machines with Win Server 2012 OS FTP Server on 2nd VM DHCP Server on 3rd VM Active Directory Server , DNS Server on 4th VM Proposed Methodology 29
2 Hypervisor Hosts – Processor Dual Core 3.0 GHz – RAM 16GB, Disk 80 GB ,2 NIC 1gbs 30 Physical Servers ISCSI SAN − Processor Dual Core 3.0 GHs − Ram 4 GB, Disk 250 GB, NIC 1gbs VCenter Server − Processor Dual Core 3.0 GHz − RAM 8GB, Disk 80 GB ,1 NIC 1gbs
Cisco ASA 5505 Firewall Cisco ASA 100v Virtual Appliance Pfsense Software Firewall Vmware NSX Distribute firewall 31 Firewall
− VMware ESXI 5.5 Hypervisor − VMware Vcenter 5.5 − VMware web client − VMware vclient − Startwind ISCSI software SAN − Vmware NSX − Microsoft Server 2012 R2 − Microsoft DNS/AD/DHCP 32 Hypervisor/Software
Timeline Actual Work Time Required Create Virtualized Data Center 2 Weeks Installation of Network Monitoring and Analysis tools 1 Week Installation and Configuration of FW Scenarios 2 Weeks Creation and Configuration of Network devices 1 Week Creation and Configuration of VPN between end nodes 1 Week Analysis/Measurement of traffic for each scenario/level 1 Month Finalizing Results 2 Weeks Write-up of Analysis 3 Weeks Final Report 1-2 Weeks
Summary • This study will be actual implementation of VPN (IPSec/SSL) on 4 different levels of virtualization. The performance measurement of VPN on all these levels based on Delays, Bandwidth and Throughput. This will gives us results as what kind of VPN perform better in different scenarios.
1. AbdelNasir Alshamsi and Takamichi Saito, "A Technical Comparison of IPSec and SSL", Advanced Information Networking and Applications, 2005. AINA 2005. 19th International Conference. 2. Shaneel Narayan, Kris Brooking, Simon de Vere, "Network Performance Analysis of VPN Protocols: An empirical comparison on different operating systems", Networks Security, Wireless Communications and Trusted Computing,. NSWCTC, April 2009. 3. Samir Al-Khayatt, Siraj A. Shaikh, Babak Akhgar, Jawed Siddiqi, “Performance of Multimedia Applications with IPSec Tunneling”, Information Technology: Coding and Computing, International Conference, April 2002. 35 References
4. I. Kotuliak, P. Rybár, P. Trúchly, “Performance Comparison of IPsec and TLS Based VPN Technologies”, Emerging eLearning Technologies and Applications (ICETA), 2011 9th International Conference. 5. Ameen, Siddeeq Y, Nourildean, Shayma Wail, “Firewall and VPN Investigation on Cloud Computing Performance”, International Journal of Computer Science and Engineering Survey 5.2 (Apr 2014). 6. Pena, C.J.C.; Evans.J, "Performance evaluation of software VPNs (VPN)", Local Computer Networks, 2000. LCN 2000. Proceedings. 25th Annual IEEE Conference 2000. 7. Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani, “Performance Evaluation for Remote Access VPN on Windows Server 2003 and Fedora Core 6”, Telecommunications in Modern Satellite, Cable and Broadcasting Services, 2007. TELSIKS, 8th International Conference 2007.
8. T. Dierks and E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.2”, IETF RFC 5246, 2008 9. Thomas Berger, "Analysis of Current VPN Technologies", Availability Reliability and Security, 2006. ARES 2006 IEEE, April 2006 10. Wafaa Bou Diab, Samir Tohme, Carole Bassil, “VPN Analysis and New Perspective for Securing Voice over VPN Networks”, Networking and Services, 2008, ICNS International Conference 2008. 11. Ayhan ERDOĞAN, Dz. Yzb, “Virtual Private Networks (VPNs) : A Survey”, Institute of Naval Sciences and Engineering 2008.
Any Question End … 38

Recommended

Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yongharryvanhaaren
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDNMuhammad Moinur Rahman
 
Network Virtualization
Network Virtualization Network Virtualization
Network Virtualization InterVision Systems
 
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and CloudIEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and CloudPriyanka Aash
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
 
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...Louis Göhl
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
 

Recommended

Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yongharryvanhaaren
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDNMuhammad Moinur Rahman
 
Network Virtualization
Network Virtualization Network Virtualization
Network Virtualization InterVision Systems
 
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and CloudIEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and CloudPriyanka Aash
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
 
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...Louis Göhl
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
 
Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test MethodologyIxia
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)SDNRG ITB
 
Software Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_truptiSoftware Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_truptitrups7778
 
SDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologySDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologyIRJET Journal
 
RTI Technical Road Show SPAWAR SD
RTI Technical Road Show SPAWAR SDRTI Technical Road Show SPAWAR SD
RTI Technical Road Show SPAWAR SDReal-Time Innovations (RTI)
 
The Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudThe Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudChunghan Lee
 
Industrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsIndustrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsJavier Povedano
 
Futex ppt
Futex pptFutex ppt
Futex pptOECLIB Odisha Electronics Control Library
 
Cloud Architecture
Cloud ArchitectureCloud Architecture
Cloud ArchitectureRichard Harvey
 
The Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityThe Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityBrent Salisbury
 
Da for dummies techdays 2012
Da for dummies techdays 2012Da for dummies techdays 2012
Da for dummies techdays 2012Alex de Jong
 
Cisco project ideas
Cisco project ideasCisco project ideas
Cisco project ideasVIT University
 
Next Generation Security Solution
Next Generation Security SolutionNext Generation Security Solution
Next Generation Security SolutionMarketingArrowECS_CZ
 
SDN and NFV: Facts, Extensions, and Carrier Opportunities
SDN and NFV: Facts, Extensions, and Carrier OpportunitiesSDN and NFV: Facts, Extensions, and Carrier Opportunities
SDN and NFV: Facts, Extensions, and Carrier Opportunitiesrjain51
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVKingston Smiler
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingPriyanka Aash
 
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Haidee McMahon
 
Network Virtualization: Delivering on the Promises of SDN
Network Virtualization: Delivering on the Promises of SDNNetwork Virtualization: Delivering on the Promises of SDN
Network Virtualization: Delivering on the Promises of SDNOpen Networking Summits
 
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...David McGeough
 
guna_2015.DOC
guna_2015.DOCguna_2015.DOC
guna_2015.DOCGunasekaran Subramani
 
Orascom-tehnical study final
Orascom-tehnical study finalOrascom-tehnical study final
Orascom-tehnical study finalSidy mohamed KOUTAM
 

More Related Content

What's hot

Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test MethodologyIxia
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)SDNRG ITB
 
Software Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_truptiSoftware Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_truptitrups7778
 
SDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologySDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologyIRJET Journal
 
The Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudThe Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudChunghan Lee
 
Industrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsIndustrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsJavier Povedano
 
The Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityThe Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityBrent Salisbury
 
Da for dummies techdays 2012
Da for dummies techdays 2012Da for dummies techdays 2012
Da for dummies techdays 2012Alex de Jong
 
SDN and NFV: Facts, Extensions, and Carrier Opportunities
SDN and NFV: Facts, Extensions, and Carrier OpportunitiesSDN and NFV: Facts, Extensions, and Carrier Opportunities
SDN and NFV: Facts, Extensions, and Carrier Opportunitiesrjain51
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVKingston Smiler
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingPriyanka Aash
 
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Haidee McMahon
 
Network Virtualization: Delivering on the Promises of SDN
Network Virtualization: Delivering on the Promises of SDNNetwork Virtualization: Delivering on the Promises of SDN
Network Virtualization: Delivering on the Promises of SDNOpen Networking Summits
 
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...David McGeough
 

What's hot (20)

Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test Methodology
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
 
Software Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_truptiSoftware Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_trupti
 
SDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologySDN: A New Approach to Networking Technology
SDN: A New Approach to Networking Technology
 
RTI Technical Road Show SPAWAR SD
RTI Technical Road Show SPAWAR SDRTI Technical Road Show SPAWAR SD
RTI Technical Road Show SPAWAR SD
 
The Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudThe Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public Cloud
 
Industrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsIndustrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an Standards
 
Futex ppt
Futex pptFutex ppt
Futex ppt
 
Cloud Architecture
Cloud ArchitectureCloud Architecture
Cloud Architecture
 
The Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityThe Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on Security
 
Da for dummies techdays 2012
Da for dummies techdays 2012Da for dummies techdays 2012
Da for dummies techdays 2012
 
Cisco project ideas
Cisco project ideasCisco project ideas
Cisco project ideas
 
Next Generation Security Solution
Next Generation Security SolutionNext Generation Security Solution
Next Generation Security Solution
 
SDN and NFV: Facts, Extensions, and Carrier Opportunities
SDN and NFV: Facts, Extensions, and Carrier OpportunitiesSDN and NFV: Facts, Extensions, and Carrier Opportunities
SDN and NFV: Facts, Extensions, and Carrier Opportunities
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guarantees
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFV
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined Networking
 
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
 
Network Virtualization: Delivering on the Promises of SDN
Network Virtualization: Delivering on the Promises of SDNNetwork Virtualization: Delivering on the Promises of SDN
Network Virtualization: Delivering on the Promises of SDN
 
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...
 

Similar to VPN in Virtualized DataCenter

The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Controlsandy_vasan
 
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreAdvanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreinside-BigData.com
 
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...ijceronline
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestChanaka Lasantha
 
Spirent TestCenter Virtual on OracleVM
Spirent TestCenter Virtual on OracleVMSpirent TestCenter Virtual on OracleVM
Spirent TestCenter Virtual on OracleVMMalathi Malla
 
Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...Principled Technologies
 

Similar to VPN in Virtualized DataCenter (20)

guna_2015.DOC
guna_2015.DOCguna_2015.DOC
guna_2015.DOC
 
Orascom-tehnical study final
Orascom-tehnical study finalOrascom-tehnical study final
Orascom-tehnical study final
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
Mellanox Approach to NFV & SDN
Mellanox Approach to NFV & SDNMellanox Approach to NFV & SDN
Mellanox Approach to NFV & SDN
 
Katuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdfKatuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdf
 
GREAT MINDS
GREAT MINDSGREAT MINDS
GREAT MINDS
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
 
V P N
V P NV P N
V P N
 
Hyper-V Networking
Hyper-V NetworkingHyper-V Networking
Hyper-V Networking
 
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreAdvanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
 
CloudX on OpenStack
CloudX on OpenStackCloudX on OpenStack
CloudX on OpenStack
 
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latest
 
Spirent TestCenter Virtual on OracleVM
Spirent TestCenter Virtual on OracleVMSpirent TestCenter Virtual on OracleVM
Spirent TestCenter Virtual on OracleVM
 
Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...
 
Jvvnl 071108
Jvvnl 071108Jvvnl 071108
Jvvnl 071108
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

VPN in Virtualized DataCenter

  • 1. MS-IS Synopsis Defense Date: 05-10-2015 Performance Analysis of VPN at Different Levels of Virtualized Data Center 1
  • 2. 2 By Muhammad Kamran 10727 Supervised By Dr. Muhammad Yousaf Assistant Professor
  • 3. 3 Data Center Data Center is a central repository that contains servers, network devices (switch, Router), security devices (Firewall, IDS, IPS) and storage devices (FC SANS, ISCSI SANS, NAS). Data center provides all the IT related services from single location.
  • 4. Physical Data Center Collection of physical resources (Servers, Switches, Routers, Firewalls, SANs) that connected with each others through physical links. Virtualized Data Center Data center where some of the hardware (e.g., servers, routers, switches, and links) are virtualized. Virtual Data Center Data center where all of the hardware (e.g., servers, routers, switches, and links) are virtualized. 4 Data Center types
  • 5. Data Center Physical Infrastructure Fibre Channel Storage Fibre Channel Ethernet NFS Storage iSCSI Storage Network Applications Operating System Physical Host 5
  • 6. Virtual Data Center Infrastructure Hypervisor Host Fibre Channel Fibre Channel Storage Ethernet NFS Storage iSCSI Storage Network Virtual Machines 6
  • 7. BareMatel (Type1) Install as operation System. VMware Esxi, Microsoft Hyperv, Citrix XEN, Linux KVM. Hosted (Type 2) Install as application on Operating System. VMware Workstation, Oracle Virtual Box. 7 Hypervisor
  • 8. Virtual architecture Hypervisor Physical architecture x64 architecture operating system application virtual switch x64 architecture Virtual Network 8
  • 9. Virtual Switch Physical Switch Virtual Network Load balancing 9
  • 10. VPN is a widely deployed mechanism for improving the security of data center. It provides: – Enhanced Security – Remote Control – Online Anonymity – Unblock Websites & Bypass Filters – Better Performance – Reduce Costs. VPN 10
  • 11. • Virtualization provide services to external users like Cloud Computing Services, and to provide security for the connections to internal network, one of the ways is to establish a VPN connection/channel between end points. • VPN are mostly deployed on firewalls. • Deploying VPN for secure communication in not just Physical datacenter but in virtualized environment, there comes problems of Performance, Security, Reliability, Stability and Availability for the Network. Problem Statement 11
  • 12. Related Work Literature Survey The research on VPN and its impacts on different techniques are mentioned in the tabular form. Mostly techniques involve the effect of VPN on security and performance. 12
  • 13. No. Reference Analysis Results 1. [1] The analysis of IPSec and SSL in terms of Security and Performance produced that IPSec/SSL depends on security needs IPSec performs betters when compared to SSL, against all security algorithms (DES, 3DES, AES, BlowFish) 2. [2] Performance evaluation of IPSec, PPTP, SSL is done with different security algorithms (3DES, BlowFish, AES) on Different Operating Systems (Windows 2003, Linux, Vista). •In PPTP the difference of performance is negligible but when it comes to DES and AES Linux gives lowest throughput with highest CPU Usage •Windows 2003 is the lowest consumer of CPU except IPSec traffic. Vista almost gives the same results as Linux 3. [3] Effects of video and audio streaming on performances over VPN technology with Novell Netware and Windows 2000 The CPU usage obtained on the Novell platform, the differences are significant. The utilization in Windows never goes more than 4 % but with the Novell platform it touched 10 % for a single encrypted tunnel
  • 14. 4. [4] A performance comparison of OpenVPN and IPSec based VPN measurements including throughput, same cipher and key length From implementation point of view author decided to choose OpenVPN, due to its simplicity and fast and straightforward implementation 5. [5] To investigate the impact of using VPN together with firewall on cloud computing performance 1.The integration of VPN with Firewall in cloud computing will reduce the throughput 2.No traffic received for e-mail application in Cloud-computing with Firewall and no VPN. 3.In web browsing applications, there would be traffic sent and received in the case of cloud computing with VPN and without VPN.
  • 15. 6. [7] Impact of protocols (SSL, PPTP, IPSec) on end-to-end user application performance using metrics such as throughput, RTT, jitter, and packet loss on windows XP SP/2 host (vpn client) connected to a windows server 2003 host (vpn server) ) and to a fedora core 6 host (vpn server) TCP Throughput: PPTP on windows server 2003 is the first, PPTP on fedora core 6 is the second, OpenVpn on fedora core 6 is the third, L2TP/IPsec on fedora core 6 is the forth, L2TP/IPsec on windows server 2003 is the fifth, OpenVpn on windows server 2003 is the last in the TCP throughput RTT: PPTP on windows server 2003 is the first, PPTP on fedora core 6 is the second, L2TP/IPsec on windows server 2003 is the third, OpenVpn on fedora core 6 is the forth, OpenVpn on windows server 2003 is the fifth, L2TP/IPsec on fedora core 6 is the last in RTT
  • 16. UDP Throughput: PPTP on windows server 2003, PPTP on fedora core 6, L2TP/IPSec on windows server 2003, and L2TP/IPSec on fedora core 6 the UDP throughput is equal to the transmission rate if the transmission rate is less than 8000 kbits/sec and is less than the transmission rate if the transmission rate is more than 8000 kbits/sec, OpenVpn on windows server 2003 and OpenVpn on fedora core 6 the UDP throughput is equal to the transmission rate if the transmission rate is less than 200 kbits/sec and is less than the transmission rate if the transmission rate is more than 200 kbits/sec.
  • 17. 7. [8] Analysis includes performance measurement, link quality and stability analysis, feature comparison, interaction with TCP/IP protocols The results are dramatic loss of performance and throughput because of encapsulation and authentication techniques and than adding VPN increase complexity and calculations. This study draw the result that IPSec’s performance is the lowest compared to PPTP/L2TP 8. [9] To secure voice over IPSec VPNs while guaranteeing the performance and quality of services, without reducing the effective bandwidth by using the AVISPA model Newer VoIP over VPN security solution that adopts IPSec tunneling protocol in combination with cRTP and IPHC compressions technologies and uses SIP to exchange IPSec parameters. This solution provides security for voice traffic and guarantees performance and quality of services, without reducing the effective bandwidth
  • 18. 9. [10] Analysis based on structure, security and benefits of VPN technology for corporate networks VPN technology can provide highly secure communications between corporate networks and their branch-offices, remote employees, or business partners. VPN provides communication at low cost and require little management skills from the administrators.
  • 19. The limitation in all of the previous studies are: 1. Implementations are done not done on different levels of Virtual Environment 2. Implementations are specific to old versions of OS [2] 3. security/performance is main concern of IPSec and SSL VPN not other attributes like availability [1] 4. Performance measurements doesn’t include virtual architecture [1] Limitations of Existing Techniques 19
  • 20. 5. No QOS, No Site-Site VPN Analysis of Multimedia Application [3] 6. Decrease in traffic flow when VPN is deployed in Cloud Computing (Doesn’t include the study of VPN when firewall is deployed as :Physical FW, Appliance FW, Distributed FW: with VPN?) [5] 7. Software VPNs have a significant impact on performance, producing high CPU usage and limiting network throughput [6] 20
  • 21. 8. No Performance evaluation of the remote access VPN protocols on Software/Hardware VPN [7] 21
  • 22. Proposed Solution VPN Performance on FW as Hardware in VDC VPN Performance on FW as VA in VDC VPN Performance on FW as Application in VDC VPN Performance on Integrated & Distributed FW in VDC I want to compare the VPN performance in Virtualized Environment (DC) on these scenarios: 22
  • 24. Scenario:1 IPSec/SSL in Hardware FW Virtual Switch Firewall Physical Switch IPSec/SSL Connection 24
  • 25. Hypervisor VM1 VM2 VM05 VM3 VM4 NSX Network Virtualization Logical L2 Logical Firewall Logical Load Balancer Logical L3 Logical VPN IPSec/SSL Connection Scenario:2 IPSec/SSL in Integrated & Distributed FW 25
  • 26. Hypervisor VM1 VM2 Firewall Appliance VM3 VM4 Scenario:3 IPSec/SSL in FW as Appliance IPSec/SSL Connection 26
  • 27. Hypervisor VM1 VM2 VM3 VM4 Scenario:4 IPSec/SSL in FW as Application IPSec/SSL Connection 27
  • 28. Performance Comparison • Performance of IPSec/SSL VPN deployment strategies will be compared base on Communication Delays, Data Rate, CPU Usage on different levels of Virtualization. Performance: 28
  • 29. Virtualized data center on VMware hypervisor VMware vCenter for management of virtualized data center 4 Virtual machines with Win Server 2012 OS FTP Server on 2nd VM DHCP Server on 3rd VM Active Directory Server , DNS Server on 4th VM Proposed Methodology 29
  • 30. 2 Hypervisor Hosts – Processor Dual Core 3.0 GHz – RAM 16GB, Disk 80 GB ,2 NIC 1gbs 30 Physical Servers ISCSI SAN − Processor Dual Core 3.0 GHs − Ram 4 GB, Disk 250 GB, NIC 1gbs VCenter Server − Processor Dual Core 3.0 GHz − RAM 8GB, Disk 80 GB ,1 NIC 1gbs
  • 31. Cisco ASA 5505 Firewall Cisco ASA 100v Virtual Appliance Pfsense Software Firewall Vmware NSX Distribute firewall 31 Firewall
  • 32. − VMware ESXI 5.5 Hypervisor − VMware Vcenter 5.5 − VMware web client − VMware vclient − Startwind ISCSI software SAN − Vmware NSX − Microsoft Server 2012 R2 − Microsoft DNS/AD/DHCP 32 Hypervisor/Software
  • 33. Timeline Actual Work Time Required Create Virtualized Data Center 2 Weeks Installation of Network Monitoring and Analysis tools 1 Week Installation and Configuration of FW Scenarios 2 Weeks Creation and Configuration of Network devices 1 Week Creation and Configuration of VPN between end nodes 1 Week Analysis/Measurement of traffic for each scenario/level 1 Month Finalizing Results 2 Weeks Write-up of Analysis 3 Weeks Final Report 1-2 Weeks
  • 34. Summary • This study will be actual implementation of VPN (IPSec/SSL) on 4 different levels of virtualization. The performance measurement of VPN on all these levels based on Delays, Bandwidth and Throughput. This will gives us results as what kind of VPN perform better in different scenarios.
  • 35. 1. AbdelNasir Alshamsi and Takamichi Saito, "A Technical Comparison of IPSec and SSL", Advanced Information Networking and Applications, 2005. AINA 2005. 19th International Conference. 2. Shaneel Narayan, Kris Brooking, Simon de Vere, "Network Performance Analysis of VPN Protocols: An empirical comparison on different operating systems", Networks Security, Wireless Communications and Trusted Computing,. NSWCTC, April 2009. 3. Samir Al-Khayatt, Siraj A. Shaikh, Babak Akhgar, Jawed Siddiqi, “Performance of Multimedia Applications with IPSec Tunneling”, Information Technology: Coding and Computing, International Conference, April 2002. 35 References
  • 36. 4. I. Kotuliak, P. Rybár, P. Trúchly, “Performance Comparison of IPsec and TLS Based VPN Technologies”, Emerging eLearning Technologies and Applications (ICETA), 2011 9th International Conference. 5. Ameen, Siddeeq Y, Nourildean, Shayma Wail, “Firewall and VPN Investigation on Cloud Computing Performance”, International Journal of Computer Science and Engineering Survey 5.2 (Apr 2014). 6. Pena, C.J.C.; Evans.J, "Performance evaluation of software VPNs (VPN)", Local Computer Networks, 2000. LCN 2000. Proceedings. 25th Annual IEEE Conference 2000. 7. Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani, “Performance Evaluation for Remote Access VPN on Windows Server 2003 and Fedora Core 6”, Telecommunications in Modern Satellite, Cable and Broadcasting Services, 2007. TELSIKS, 8th International Conference 2007.
  • 37. 8. T. Dierks and E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.2”, IETF RFC 5246, 2008 9. Thomas Berger, "Analysis of Current VPN Technologies", Availability Reliability and Security, 2006. ARES 2006 IEEE, April 2006 10. Wafaa Bou Diab, Samir Tohme, Carole Bassil, “VPN Analysis and New Perspective for Securing Voice over VPN Networks”, Networking and Services, 2008, ICNS International Conference 2008. 11. Ayhan ERDOĞAN, Dz. Yzb, “Virtual Private Networks (VPNs) : A Survey”, Institute of Naval Sciences and Engineering 2008.

Editor's Notes

  1. Source and Dest. IP
  2. VE = Virtualized Environment
  3. AVISPA model to analyze the security vulnerabilities of exchange messages to initiate session and establish VPN.
  4. VA = Virtual Appliance
  5. HF= Hardware Firewall
  6. FW = Firewall
  7. Table:- (Analysis Areas) (Issues) [Availability][Security][Performance][Reliability]