Secure virtual network over federation of clouds

From Master Projects
Jump to: navigation, search

has title::Secure virtual network over federation of clouds
status: finished
Master: project within::Parallel and Distributed Computer Systems
Student name: student name::Sajith Kalathingal
Start start date:=2011/01/01
End end date:=2011/07/01
Supervisor: Thilo Kielmann
Second reader: has second reader::Kees van Reeuwijk
Poster: has poster::Media:Media:Posternaam.pdf

Signature supervisor



Contrail project aims to create an open source computational cloud by building its own IaaS platform. The Virtual infrastructure network (VIN) is used by Contrail project to efficiently integrate loose infrastructure components into a cohesive, secure virtual cluster platform. An important aspect of Contrail is to allow federation of contrail IaaS with other existing IaaS platforms like Amazon EC2 so that the users can run some part of their programs on Contrail IaaS and the rest on external services like Amazon EC2. The VIN aims at building a VPN-like network for a user's application in one or more federated IaaS platforms.

The Secure virtual network created for the VIN should build a VPN-like network providing secure and efficient connectivity between all the compute nodes reserved by the user. To enable contrail to use external IaaS infrastructure, VIN should make sure that the secure virtual network is built without the need to modify the underlying Virtual machine monitor used by the network. Since Cloud federation requires connectivity over internet, security is of at most importance.

There exists two major implementation, namely IPSec and OpenVPN, which could be used to create the secure virtual network. The goal of the project is to determine the most efficient and secure way to create the network over the federation of cloud which should be implemented entirely within the guest VM's. A prototype should be created which should configure, deploy and manage the secure virtual network consisting of several independant VM's of the user.

Creation of Secure virtual network will require

  • A study of the capabilities of existing IaaS implementations.
  • Performance comparison of OpenVPN and IPSec over high speed netowrk

(DAS-4 Cluster).

  • Performance comparison of OpenVPN and IPsec over slow speed internet.
  • Scripts to deploy and manage user's virtual machines.