More Related Content
Similar to 50120130405007
Similar to 50120130405007 (20)
More from IAEME Publication
More from IAEME Publication (20)
50120130405007
- 1. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
49
A PROPOSED MODEL FOR MAPPING INFRASTRUCTURE AS A SERVICE
IN CLOUD COMPUTING WITH HARDWARE FIREWALL FOR
DISTRIBUTED SECURITY ENVIRONMENT
Amardeep Das1
Abhaya Kumar Sahoo2
Department of Information Technology, C.V.Raman College of Engineering,
Mayank Tiwary3
Bhubaneswar, India
ABSTRACT
Cloud computing is a colloquial expression used to describe a variety of different types of
computing concepts that involve a large number of computers connected through a real-time
communication network (typically the Internet). Cloud computing is a synonym for distributed
computing over a network and it means the ability to run a program on many connected computers at
the same time. The phrase is also, more commonly used to refer to network-based services which
appear to be provided by real server hardware, which in fact are served up by virtual hardware,
simulated by software running on one or more real machines. Such virtual servers do not physically
exist and can therefore be moved around and scaled up (or down) on the fly without affecting the end
user - arguably, rather like a cloud. In the most basic cloud-service model, providers of IaaS offer
computers - physical or (more often) virtual machines and other resources. A hypervisor, such as
Xen or KVM, runs the virtual machines as guests. Pools of hypervisors within the cloud operational
support-system can support large numbers of virtual machines and the ability to scale services up and
down according to customers' varying requirements. Our aim of the work is to create a model by
which mapping of infrastructure as a service with hardware firewalls can be done. So, simulation of
physical machines from Internetwork Operating System of hardware firewall can be created in form
of virtual machines and can be used to satisfy individual customer security needs.
Keywords: Cloud Computing, Distributed environment, Firewall, Hypervisor, IaaS.
1. INTRODUCTION
Cloud computing is a type of computing that relies on sharing computing resources rather
than having local servers or personal devices to handle applications. In cloud computing or “the
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
TECHNOLOGY (IJCET)
ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)
Volume 4, Issue 5, September – October (2013), pp. 49-54
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2013): 6.1302 (Calculated by GISI)
www.jifactor.com
IJCET
© I A E M E
- 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
50
Internet”, different services such as servers, storage and applications are delivered to an
organization's computers and devices through the Internet. Cloud computing is comparable to grid
computing, a type of computing where unused processing cycles of all computers in a network are
harnessed to solve problems for any stand-alone machine.
The goal of cloud computing is to apply traditional supercomputing, or high-performance
computing power, normally used by military and research facilities, to perform tens of trillions of
computations per second, in consumer-oriented applications such as financial portfolios, to deliver
personalized information, to provide data storage or to power large, immersive computer games. To
do this, cloud computing uses networks of large groups of servers typically running low-cost
consumer PC technology with specialized connections to spread data-processing chores across them.
This shared IT infrastructure contains large pools of systems that are linked together. Often,
virtualization techniques are used to maximize the power of cloud computing.
In computing, a firewall is software or hardware-based network security system that controls
the incoming and outgoing network traffic by analyzing the data packets and determining whether
they should be allowed through or not, based on a rule set. A firewall establishes a barrier between a
trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be
secure and trusted. Many personal computer operating systems include software-based firewalls to
protect against threats from the public Internet. Many routers that pass data between networks
contain firewall components and conversely many firewalls can perform basic routing functions. The
aim of our work is to map IaaS of cloud computing with hardware firewall. If future firewalls use
IaaS, simulate their IOS and provide virtual firewall machines to their clients, then they can
drastically change the current scenario of cloud service provider’s datacenter. In this paper we
propose a model which can satisfy future cloud customers, on their demand of separate security layer
for their cloud services.
2. CLOUD COMPUTING IAAS FUTURE SCOPE AND PROBLEMS
2.1 Infrastructure as a Service
Nowadays cloud computing has evolved into a highly demanded and secure computing, out
of its many features and services we primarily focus on infrastructure as a service.
Fig1. Infrastructure As a service in today’s data center
- 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
51
IaaS is a branch of cloud computing which delivers virtual machines as a service to customers. IaaS
is of different types in different cases such as bare metal virtualizations, Para virtualizations etc. In
this service the hypervisor plays the main role. In bare metal virtualizations the hypervisor is directly
installed on physical servers as base operating systems. Upon the hypervisor the virtual machines or
other operating systems are installed. Here every physical server has got a central storage such as a
SAN or a NAS. Today’s hypervisors have got great features of load balancing between the primary
and secondary virtual machines. The whole process of load balancing is totally dependent on the
central storage. Examples of today’s hypervisors include Microsoft Hyper-V, ZEN, KVM,
VMWARE ESX, etc.
2.2 The role of firewall in IAAS data center
Today firewalls play a vital role in securing data centers incoming traffic. Firewalls can be
said as a bottleneck of traffic coming inside and outside of the data centers. Firstly their work is
translating network address (NAT), then adding different layers of security for the enterprises.
Today’s latest firewalls such as Cisco ASA, PIX and FWSM provide a great deal of security features
such as threat detection, port filtering, in-cast congestion control, reverse path forwarding check and
many more. In many patterns of incoming traffic, they also perform dynamic rule re-ordering,
building of optimized decision tree which could increase the average time efficiency of the packet
matching algorithms. In IAAS environment the firewalls provide security for the whole data center.
These need different set of security policies that satisfy every customer needs.
Fig2. A typical diagrammatic view of IAAS service provider’s data center firewall
- 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
52
3. RELATED WORK
3.1 Future Problems with growing demands of IAAS in cloud computing
There is a very high growth rate of cloud service providers in the market. These providers
provide every type of cloud services which include PaaS, SaaS, Iaas etc. We have focused mainly on
IaaS scope and its problems. When in future the demand of virtual machines will grow very rapidly
or in other words when huge mass will ask for safe, secure and cost effective virtual machines on
cloud, there may arise a shortage of resources of security to fulfill an individual security needs or
demands. It may not affect when the demand is less as of today’s environment where the need is only
for 10 or 15 virtual machines on cloud. But In future when the demand grows and the demand of
virtual machines on cloud grows from 50 to 60, then the needs of security will also rise and it
becomes very much difficult for administrators to satisfy each individual with their security needs.
3.2 Solutions which could solve the problems
The problem of providing separate layer of security differently for each customer can be
solved if we start virtualization with hardware firewalls. This can be done the same way as IaaS
works. As like IaaS if firewalls start providing virtual firewall machines to their clients, the
customers demanding separate security can also get a virtual firewall on the same cloud and they can
optimize the firewall according to their needs. Now the customers will get many other benefits too
including separate firewall console.
4. TYPICAL TODAY'S SCENARIO
Today the data centers or cloud providers don’t seem to offer separate firewall console or
separate layer of security for each customer. In today’s environment the administrators try to
minimize the customer’s needs using only one firewall, which may become in-sufficient when the
grow of demand rises.
5. VIRTUALIZATION WITH HARDWARE FIREWALLS
We propose a model for firewalls which would provide an efficient way of scaling virtual
firewall machines. This can be done if we use hypervisors the same way we do for physical
machines. Our architecture too needs a central storage and many hardware firewalls connected in
clusters which could handle all the policy and user settings of each virtual firewall machine. If the
firewalls have a base operating system i.e a firewall hypervisor instead of the main IOS, then the IOS
will be installed on that hypervisor. Now virtualizations can be done with firewalls. Our model also
adds much functionality to the existing model. The load balancing of virtual firewall machines can
be done also. The load balancing is done with many parameters such as if load for one virtual
firewall machines increases on one node of firewall clusters and any other nodes are getting
comparatively less load, then that virtual machine can be shifted on other nodes of clusters getting
less load.
- 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
53
Fig3. Firewalls Network Diagram
5.1 Other Benefits of Virtualization with firewalls
This type of virtual machines could also satisfy other needs. If we need to get other IOS or
upgraded versions, we can easily get it by just installing the upgraded IOS on the hypervisor. The
configuration of virtual firewall machines can also be done remotely. We can now implement or
install multi-vendor operating systems for the firewalls on the same hypervisor. Now again for multi-
vendor operating systems the architecture of the firewall’s hardware has to be open. This will also
give rise to the further development of the firewall’s operating systems.
5.2 Unified working of proposed model
If variation of hypervisors exists, it becomes very difficult for standardization. It is highly
difficult to create firewall clusters and implement our model for serving distributed security console
to IaaS customers. So in this situation it is necessary for us to create standards for communication of
multi-vendor hypervisors to implement our proposed model. In future if multi-vendor hypervisors
starts to communicate even if in IaaS with cloud services, then also it would solve out most of the
problems such as independent virtual-machine load transfer from one hypervisor of one vendor to
other hypervisor of other vendor.
6. CONCLUSION
In this paper, we have focused on virtualization of hardware firewalls for creating virtual
firewall machines, which could work in the same way as that of virtual machines. These virtual
firewall machines could be created by installing the hypervisor as the base operating system, and
then installing the IOS or the actual operating system over the hypervisors. This primarily needs a
central storage and other firewalls nodes in cluster. This could also facilitate much other
functionality such as load balancing between virtual firewall machines and installation other vendor
independent operating systems on the hypervisors. This model of architecture mainly adds a separate
layer of security for the customers hiring cloud services form the service providers, in form of virtual
firewall machines. In this paper, we have proposed a new model which could start virtualization with
firewalls and solve the problem of demands for separate security layer from the cloud customers
getting cloud services in bulk from the service providers.
- 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
54
7. REFERENCES
[1]. P.Y. Danet et al., “Future Internet Strategic Research Agenda, Ver. 1.1,” Cross-European
Technology Platforms (X-ETPs) Group, 2010.
[2]. M. Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing, tech. report
EECS-2009-28, Univ. of California, Berkeley, 2009.
[3]. Q. Zhang, L. Cheng, and R. Boutaba, “Cloud Computing: State-of-the-Art and Research
Challenges,” J. Internet Services and Applications, vol. 1, no. 1, 2010, pp. 7–18.
[4]. J. Greenberg et al., “The Cost of a Cloud: Research Problems in Data Center Networks,”
Computer Communication Rev., vol. 39, no. 1, 2009, pp. 68–73.
[5]. L.M. Vaquero-Gonzalez et al., “A Break in the Clouds: Towards a Cloud Definition,”
Computer Communication Rev., vol. 39, no. 1, 2009, pp. 50–55.
[6]. J. Cardoso, K. Voigt, and M. Winkler, “Service Engineering for the Internet of Services,”
Enterprise Information Systems, Lecture Notes in Business Information Processing, vol. 19,
no. 1, Springer, 2009, pp. 15–27.
[7]. A. Li et al., “CloudCmp: Comparing Public Cloud Providers,” Proc. 10th Ann. Conf. Internet
Measurement, ACM, 2010, pp. 1–14.
[8]. J. Tordsson et al., “Cloud Brokering Mechanisms for Optimized Placement of Virtual
Machines across Multiple Providers,” Future Generation Computer Systems, vol. 28, no. 2,
2012, pp. 358–367.
[9]. D. Zissis and D. Lekkas, “Addressing Cloud Computing Security Issues,” Future Generation
Computer Systems, vol. 28, no. 3, 2012, pp. 583–592.
[10]. A.Madhuri and T.V.Nagaraju, “Reliable Security in Cloud Computing Environment”,
International Journal of Information Technology and Management Information Systems
(IJITMIS), Volume 4, Issue 2, 2013, pp. 23 - 30, ISSN Print: 0976 – 6405, ISSN Online:
0976 – 6413.
[11]. R Suchithra and Dr.N.Rajkumar, “Virtual Machine Placement in a Virtualized Cloud”,
International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 3,
2012, pp. 435 - 445, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
[12]. Varun S. Moruse and A.A.Manjrekar, “Software Defined Network Based Firewall
Technique”, International Journal of Computer Engineering & Technology (IJCET),
Volume 4, Issue 2, 2013, pp. 598 - 606, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
[13]. Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, “Security in Cloud Computing”,
International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 1,
2012, pp. 258 - 265, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.