About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
ISCC 2016
Conference paper
An architecture for securing federated cloud networks with Service Function Chaining
Abstract
Capacity, availability or resilience of clouds can be increased by interconnecting two or more cloud computing environments to form a cloud federation and share resources. Shared resources include compute and storage resources but also networking resources. By integrating software defined networks/virtual networks (SDN), network function virtualization (NFV) and network function chaining (SFC) technologies into cloud management platforms it is possible to create more advanced and flexible cloud federation mechanisms. In this paper we show how to secure federated cloud networks and how to customise the security of each individual federated cloud network running in a cloud federation. We propose an architecture for securing federated cloud networks by enforcing a global security policy to all network segments of a federation, and local security policies on each network of the federation. Cloud stakeholders can specify the required security virtual network functions (VNF), how to configure them, and how to chain them in a service manifest. The proposed architecture is illustrated with a deep packet inspection case study. Future work on implementing the proposed architecture in an OpenStack federation is briefly discussed.