3. 3
Data Center
Data Center is a central repository that contains
servers, network devices (switch, Router), security
devices (Firewall, IDS, IPS) and storage devices (FC
SANS, ISCSI SANS, NAS).
Data center provides all the IT related services from
single location.
4. Physical Data Center Collection of physical resources (Servers, Switches,
Routers, Firewalls, SANs) that connected with each
others through physical links.
Virtualized Data
Center
Data center where some of the hardware (e.g., servers,
routers, switches, and links) are virtualized.
Virtual Data Center Data center where all of the hardware (e.g., servers,
routers, switches, and links) are virtualized.
4
Data Center types
5. Data Center Physical Infrastructure
Fibre Channel
Storage
Fibre
Channel
Ethernet
NFS
Storage
iSCSI
Storage
Network
Applications
Operating System
Physical Host
5
10. VPN is a widely deployed mechanism for improving the
security of data center.
It provides:
– Enhanced Security
– Remote Control
– Online Anonymity
– Unblock Websites & Bypass Filters
– Better Performance
– Reduce Costs.
VPN
10
11. • Virtualization provide services to external users like Cloud
Computing Services, and to provide security for the
connections to internal network, one of the ways is to
establish a VPN connection/channel between end points.
• VPN are mostly deployed on firewalls.
• Deploying VPN for secure communication in not just
Physical datacenter but in virtualized environment, there
comes problems of Performance, Security, Reliability,
Stability and Availability for the Network.
Problem Statement
11
12. Related Work Literature Survey
The research on VPN and its impacts on different
techniques are mentioned in the tabular form. Mostly
techniques involve the effect of VPN on security and
performance.
12
13. No. Reference Analysis Results
1. [1] The analysis of IPSec and SSL
in terms of Security and
Performance produced that
IPSec/SSL depends on
security needs
IPSec performs betters when compared to
SSL, against all security algorithms (DES, 3DES,
AES, BlowFish)
2. [2] Performance evaluation of
IPSec, PPTP, SSL is done with
different security algorithms
(3DES, BlowFish, AES) on
Different Operating Systems
(Windows 2003, Linux,
Vista).
•In PPTP the difference of performance is
negligible but when it comes to DES and AES
Linux gives lowest throughput with highest
CPU Usage
•Windows 2003 is the lowest consumer of
CPU except IPSec traffic. Vista almost gives
the same results as Linux
3. [3] Effects of video and audio
streaming on performances
over VPN technology with
Novell Netware and
Windows 2000
The CPU usage obtained on the Novell
platform, the differences are significant. The
utilization in Windows never goes more than
4 % but with the Novell platform it touched
10 % for a single encrypted tunnel
14. 4. [4] A performance comparison of
OpenVPN and IPSec based VPN
measurements including throughput,
same cipher and key length
From implementation point of
view author decided to choose
OpenVPN, due to its simplicity
and fast and straightforward
implementation
5. [5] To investigate the impact of using
VPN together with firewall on cloud
computing performance
1.The integration of VPN with
Firewall in cloud computing will
reduce the throughput
2.No traffic received for e-mail
application in Cloud-computing
with Firewall and no VPN.
3.In web browsing applications,
there would be traffic sent and
received in the case of cloud
computing with VPN and without
VPN.
15. 6. [7] Impact of protocols (SSL, PPTP, IPSec)
on end-to-end user application
performance using metrics such as
throughput, RTT, jitter, and packet
loss on windows XP SP/2 host (vpn
client) connected to a windows
server 2003 host (vpn server) ) and to
a fedora core 6 host (vpn server)
TCP Throughput:
PPTP on windows server 2003 is
the first,
PPTP on fedora core 6 is the
second,
OpenVpn on fedora core 6 is the
third,
L2TP/IPsec on fedora core 6 is the
forth,
L2TP/IPsec on windows server
2003 is the fifth,
OpenVpn on windows server
2003 is the last in the TCP
throughput
RTT:
PPTP on windows server 2003 is
the first,
PPTP on fedora core 6 is the
second,
L2TP/IPsec on windows server
2003 is the third,
OpenVpn on fedora core 6 is the
forth,
OpenVpn on windows server
2003 is the fifth,
L2TP/IPsec on fedora core 6 is the
last in RTT
16. UDP Throughput:
PPTP on windows server 2003, PPTP on fedora core 6,
L2TP/IPSec on windows server 2003, and L2TP/IPSec
on fedora core 6 the UDP throughput is equal to the
transmission rate if the transmission rate is less than
8000 kbits/sec and is less than the transmission rate if
the transmission rate is more than 8000 kbits/sec,
OpenVpn on windows server 2003 and OpenVpn on
fedora core 6 the UDP throughput is equal to the
transmission rate if the transmission rate is less than
200 kbits/sec and is less than the transmission rate if
the transmission rate is more than 200 kbits/sec.
17. 7. [8] Analysis includes performance
measurement, link quality and
stability analysis, feature comparison,
interaction with TCP/IP protocols
The results are dramatic loss of
performance and throughput
because of encapsulation and
authentication techniques and
than adding VPN increase
complexity and calculations. This
study draw the result that IPSec’s
performance is the lowest
compared to PPTP/L2TP
8. [9] To secure voice over IPSec VPNs
while guaranteeing the performance
and quality of services, without
reducing the effective bandwidth by
using the AVISPA model
Newer VoIP over VPN security
solution that adopts IPSec
tunneling protocol in combination
with cRTP and IPHC compressions
technologies and uses SIP to
exchange IPSec parameters. This
solution provides security for
voice traffic and guarantees
performance and quality of
services, without reducing the
effective bandwidth
18. 9. [10] Analysis based on structure, security
and benefits of VPN technology for
corporate networks
VPN technology can provide
highly secure communications
between corporate networks and
their branch-offices, remote
employees, or business partners.
VPN provides communication at
low cost and require little
management skills from the
administrators.
19. The limitation in all of the previous studies are:
1. Implementations are done not done on different levels
of Virtual Environment
2. Implementations are specific to old versions of OS [2]
3. security/performance is main concern of IPSec and SSL
VPN not other attributes like availability [1]
4. Performance measurements doesn’t include virtual
architecture [1]
Limitations of Existing Techniques
19
20. 5. No QOS, No Site-Site VPN Analysis of Multimedia
Application [3]
6. Decrease in traffic flow when VPN is deployed in Cloud
Computing (Doesn’t include the study of VPN when
firewall is deployed as :Physical FW, Appliance FW,
Distributed FW: with VPN?) [5]
7. Software VPNs have a significant impact on performance,
producing high CPU usage and limiting network
throughput [6]
20
21. 8. No Performance evaluation of the remote access VPN
protocols on Software/Hardware VPN [7]
21
22. Proposed Solution
VPN Performance on FW as Hardware in VDC
VPN Performance on FW as VA in VDC
VPN Performance on FW as Application in VDC
VPN Performance on Integrated & Distributed FW in VDC
I want to compare the VPN performance in
Virtualized Environment (DC) on these scenarios:
22
27. Hypervisor
VM1 VM2 VM3 VM4
Scenario:4 IPSec/SSL in FW as
Application
IPSec/SSL Connection
27
28. Performance Comparison
• Performance of IPSec/SSL
VPN deployment strategies
will be compared base on
Communication Delays, Data
Rate, CPU Usage on different
levels of Virtualization.
Performance:
28
29. Virtualized data center on VMware hypervisor
VMware vCenter for management of virtualized data center
4 Virtual machines with Win Server 2012 OS
FTP Server on 2nd VM
DHCP Server on 3rd VM
Active Directory Server , DNS Server on 4th VM
Proposed Methodology
29
30. 2 Hypervisor Hosts
– Processor Dual Core 3.0 GHz
– RAM 16GB, Disk 80 GB ,2 NIC 1gbs
30
Physical Servers
ISCSI SAN
− Processor Dual Core 3.0 GHs
− Ram 4 GB, Disk 250 GB, NIC 1gbs
VCenter Server
− Processor Dual Core 3.0 GHz
− RAM 8GB, Disk 80 GB ,1 NIC 1gbs
32. − VMware ESXI 5.5 Hypervisor
− VMware Vcenter 5.5
− VMware web client
− VMware vclient
− Startwind ISCSI software SAN
− Vmware NSX
− Microsoft Server 2012 R2
− Microsoft DNS/AD/DHCP
32
Hypervisor/Software
33. Timeline
Actual Work Time Required
Create Virtualized Data Center 2 Weeks
Installation of Network Monitoring and Analysis
tools
1 Week
Installation and Configuration of FW Scenarios 2 Weeks
Creation and Configuration of Network devices 1 Week
Creation and Configuration of VPN between
end nodes
1 Week
Analysis/Measurement of traffic for each
scenario/level
1 Month
Finalizing Results 2 Weeks
Write-up of Analysis 3 Weeks
Final Report 1-2 Weeks
34. Summary
• This study will be actual implementation of VPN
(IPSec/SSL) on 4 different levels of virtualization. The
performance measurement of VPN on all these levels
based on Delays, Bandwidth and Throughput. This will
gives us results as what kind of VPN perform better in
different scenarios.
35. 1. AbdelNasir Alshamsi and Takamichi Saito, "A Technical Comparison
of IPSec and SSL", Advanced Information Networking and
Applications, 2005. AINA 2005. 19th International Conference.
2. Shaneel Narayan, Kris Brooking, Simon de Vere, "Network
Performance Analysis of VPN Protocols: An empirical comparison on
different operating systems", Networks Security, Wireless
Communications and Trusted Computing,. NSWCTC, April 2009.
3. Samir Al-Khayatt, Siraj A. Shaikh, Babak Akhgar, Jawed Siddiqi,
“Performance of Multimedia Applications with IPSec Tunneling”,
Information Technology: Coding and Computing, International
Conference, April 2002.
35
References
36. 4. I. Kotuliak, P. Rybár, P. Trúchly, “Performance Comparison of IPsec
and TLS Based VPN Technologies”, Emerging eLearning
Technologies and Applications (ICETA), 2011 9th International
Conference.
5. Ameen, Siddeeq Y, Nourildean, Shayma Wail, “Firewall and VPN
Investigation on Cloud Computing Performance”, International
Journal of Computer Science and Engineering Survey 5.2 (Apr
2014).
6. Pena, C.J.C.; Evans.J, "Performance evaluation of software VPNs
(VPN)", Local Computer Networks, 2000. LCN 2000. Proceedings.
25th Annual IEEE Conference 2000.
7. Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani, “Performance
Evaluation for Remote Access VPN on Windows Server 2003 and
Fedora Core 6”, Telecommunications in Modern Satellite, Cable and
Broadcasting Services, 2007. TELSIKS, 8th International Conference
2007.
37. 8. T. Dierks and E. Rescorla, “The Transport Layer Security (TLS)
Protocol Version 1.2”, IETF RFC 5246, 2008
9. Thomas Berger, "Analysis of Current VPN Technologies",
Availability Reliability and Security, 2006. ARES 2006 IEEE, April
2006
10. Wafaa Bou Diab, Samir Tohme, Carole Bassil, “VPN Analysis and
New Perspective for Securing Voice over VPN Networks”,
Networking and Services, 2008, ICNS International Conference
2008.
11. Ayhan ERDOĞAN, Dz. Yzb, “Virtual Private Networks (VPNs) : A
Survey”, Institute of Naval Sciences and Engineering 2008.