Security as a Service for Hybrid Clouds
Permanent address of the item is
Virtualization has increased amongst the IT service providers as a method for achieving more efficient server usage. This has led to the concept of cloud services, offered by large data centers with the help of virtualization techniques. Cloud service is an abstract service, which provides IT services as self-service for the end user. For example these services can provide virtual servers as on-demand. Virtual servers in the cloud are usually reachable from the Internet, so their protection is necessary. This master's thesis discusses firewalling virtual machines inside the cloud, together with virtual firewall distributions and their features. Cloud services are usually self-services and thus their cloud environment and firewall are managed centrally. Automated firewall provisioning and management for a cloud service is described. Main goal for the master's thesis was to find a feasible centrally managed security system. Vyatta was used as a virtual firewall software and the test environment was built on top of the Openstack cloud. Vyatta included firewall, VPN and routing features suitable for enterprise usage. The deployed virtual firewall performed well in the test environment with the necessary features and also the central management worked without problems. The central management system was feasible and reusable with other projects. Also the automatic deployment of Openstack cloud was a feasible choice. However, using Vyatta requires a lot of changes at least to the Openstack cloud platform, and hence the network setup and management is difficult. There are on-going efforts to virtualize networking devices in the data center as well. This will allow the whole service platform to be centrally managed using a single interface. Thus all changes to the network and new virtual service requests can be executed as the customer demands them. Software Defined Networking (SDN) and Network Fuctions Virtualization (NFV) both drive the systems to more virtualized and centrally managed environments, thus providing an important research topic in this field.