| At the early stage of cloud computing, both academia and industry mainly concentrate on the external public cloud service, aiming to meet new service requirements by novel application mode. However in practice few enterprises intend to replace existing application with new architecture. Since security and reliability are considered as the biggest hindrance for enterprises to adopt public cloud services, more effective and efficient approaches are required to make success deployment of cloud computing for enterprise application:first, existing data center need to be converted into interior private cloud; second, cooperation with service providers together to form compatible external cloud; thereafter, the internal and external resources can be connected via integrated administration between clouds, which help the enterprise to obtain all the benefit and flexibility of cloud computing. All of above result in the concept of Virtual Private Cloud (VPC).Establishing enterprise oriented Virtual Private Cloud requires Virtual Private Network (VPN) to interwork the interior IT resource of enterprise and the external computing resources. However, there are challenges to be dealt with when combining VPNs and cloud platforms. First, creating VPN endpoints requires coordination between the network operator and cloud service provider to allow cloud resources to be securely attached to a VPN endpoint. Next, Cloud operators must ensure that network isolation extends through any local network infrastructure, e.g., switches and routers, within the cloud site itself. Finally, flexibility and rapid provisioning are key requirements in cloud computing, and it is essential that the network transparency and secure communication channels provided by VPNs remain effective despite rapid changes in server and network configuration.To overcome these deficiencies, we propose the enhancement of the cloud computing framework to seamlessly integrate virtual private networks (VPNs), which joins VPNs and cloud computing to form virtual private cloud for enterprise. The proposed framework uses VPNs to provide secure communication channels and to allow customer's greater control over network provisioning and configuration. Specifically we make 4 contributions with respect to architecture, QoS enhancement, joint resource scheduling and WAN based migration:1) The VPC architecture with a VPN infrastructure to make combination of cloud computing resources is proposed. The VPC gives users the abstraction of a private set of cloud resources that are transparently and securely connected to their own infrastructure. MPLS (Multi-Protocol Label Switching) based VPN are used to provide Virtual Private LAN Service (VPLS), bridging multiple VPN endpoints onto a single LAN segment, which make the processing component easily run within the cloud without requiring any modifications since the cloud resources would appear indistinguishable from existing infrastructure already on the enterprise's own LAN.2) A dynamic routing mechanism is proposed to improve packet delivery QoS within VPN. The VPN connection between VPC resource sites requires high QoS such as high bandwidth, low delay and jitter. The route metric is static in the traditional IP routing mode without taking the network condition into consideration, which leads to that the IP routing is usually not optimal especially under the impact of ISP business policy. To address the problem, we propose a dynamic overlay routing mechanism which chooses paths based on a composite metric determined by actively probed delay and jitter information in a real-time fashion. The effectiveness of this mechanism is examined under overlay emulation environment, which is supported by the performance data collected from a real enterprise overlay network.3) Joint scheduling of cloud computing resource and network resource under the VPC architecture with VPN infrastructure is investigated. Traditional VPN configuration employs traffic matrix to design VPN topology. While in the VPC scenario it is difficult to determine the VPN topology in the conventional way. The traffic mode between sites is arbitrary since the traffic mode is determined by the application workflow, resource load and scheduling algorithm. To address the challenge, a dynamic on-demand VPN provision scheme is proposed to realize the joint scheduling of both computing and network resources, which improving the total resource utilization.4) The efficient WAN migration of Virtual machines of VPC is studied and tested. We envision future clouds as flexible resource pools that geographically span multiple data center and enterprise sites which could be interconnected by WAN technology. With this kind of architecture, cloud providers and enterprise customers are able to transparently transfer Virtual Machines between sites considering the tradeoff between load balancing, operational cost and computing performance. However, current virtualization software supports transparent VM migration between physical servers on the same LAN, but WAN migration remains a challenge due to the need for network reconfiguration and storage migration. We exploits the benefits of VPLS to tie networks across the WAN into a single LAN, making transitions across the WAN function as if within a LAN, except for greater network delays during the migration. The performance of VM migration under different network conditions are also tested and evaluated by emulating WAN connection.In summary, using VPN to construct VPC is a relatively new research area where there are still many unknown and interesting subjects waiting researchers to study and explore.
|
PDF Full Text Request