An architecture for securing federated cloud networks with Service Function Chaining

Abstract

Capacity, availability or resilience of clouds can be increased by interconnecting two or more cloud computing environments to form a cloud federation and share resources. Shared resources include compute and storage resources but also networking resources. By integrating software defined networks/virtual networks (SDN), network function virtualization (NFV) and network function chaining (SFC) technologies into cloud management platforms it is possible to create more advanced and flexible cloud federation mechanisms. In this paper we show how to secure federated cloud networks and how to customise the security of each individual federated cloud network running in a cloud federation. We propose an architecture for securing federated cloud networks by enforcing a global security policy to all network segments of a federation, and local security policies on each network of the federation. Cloud stakeholders can specify the required security virtual network functions (VNF), how to configure them, and how to chain them in a service manifest. The proposed architecture is illustrated with a deep packet inspection case study. Future work on implementing the proposed architecture in an OpenStack federation is briefly discussed.