Design And Implementation Of Access System In IaaS Cloud Based On VPN

Cloud computing is a new IT application model. The general idea of cloud computingis to enable computing resources, such as servers, storages and networks, to be provisionedvia pipes as running water or electric power. Compute resource can be customized and paidon-demand so that enterprises do not need phurcasing physical servers.IaaS (Infrastructure as a Service) is based on virtualization technology，provideshardware infrastructures. In IaaS platform, network security solutions should be migratedto the cloud when the business application had been migrated. As It is difficult to migratethe hardware based security solutions to the cloud, enterprise need a cloud side applicationbased security solution.A new security solution is introduced by the system described in this paper. It is basedon vAP (Virtual Appliance) in VMware vSphere platform. A vAP is a cloud sideapplication which can provide fundamental service to other applications. It is a small Linuxsystem that has various kinds of security software installed. After deployed within virtualnetworks, a vAP provides protection to virtual machines in those networks. It is muchmore extensible than hardware-based solution, and can be dynamically deployed,configured and recycled.The system this paper designed and implemented is about network interconnection ofthe solution, including virtual network management, remote access and gatewayinterconnection. The system manages virtual networks in the cloud using cloud API. Andnew features such as deploying on-demand and centralized management are developed inVPN management in the cloud. The system has three parts: ClueDirector UI formanagement user interface, ClueDirector Sever for management server side, AccessGate for VPN gateway. ClueDirector UI is based on Flex, running in browsers. ClueDirectorServer is the management center of the system, control the cloud’s resource via variouskind of cloud API, and manage the AccessGate. AccessGate based on small Linux,encapsulates the system service and provides API via RESTful web service. Now thesystem has been implemented in VMware vSphere cloud platform, so this paper willfocuses on virtual network management and AccessGate management in VMware vSphereplatform.