Design And Implementation Of Elastic Resource Management On Enterprise’s Cloud Security Platform

Traditional enterprise’s security solution is a hardware protection based on thephysical network. Because this way depends on the physical network and need to bedeployed manually, it is not suitable to protect virtual machines (VMs) in the cloudcomputing environment. Compared with traditional physical hardware protection,making use of virtual machine with security protection function in cloud to protect theother virtual machines will take advantage of cloud resources’ elasticity.In our cloud security platform, a group of VMs will be named as deployment Unit,such as a set of VMs used as web servers. Actually such VMs deployed in the cloudenvironment will have the same or similar physical configuration and virtual network.Then we can provide consistent protection for these deployment units by deployingspecific VM acted as traditional hardware appliance in the same virtual network. Suchdeployed VMs, which serve as traditional security hardware, are called “virtualappliance”(vAP) by us with special security function designed in our platform. vAPis much more flexible and extensible for being designed plentiful security functionand used to protected different VMs. We can deploy or recycle vAPs in an elastic waycorresponding to vAP’s load balance and transfer them within cloud or across clouds.This thesis will research how to manage the vAPs elastically based on somecustomized rules in our cloud security solution, including deploying and recyclingVMs in cloud. Elastic Resource Management is divided into three parts:(1) virtualmachine’s assignment, which means assigning for users VMs to deploy their application;(2) template management, which means converting VM with specificsecurity function to image file and managing them in our system;(3) deploymentmanagement, which means deploying VM instances by our vAP’s templates orrecycling vAP’s VM instances. By deploying security modules outside thedeployment unit’s network interface, we can catch plenty information to response toactual situation for managing resources and cover required protection. Through thisprocess, we will make use of different third-part cloud platform’s APIs tocommunicate with resources in cloud and design how to elastically manage oursecurity protection modules by executing tasks with a simple workflow engine. Nowthe project has been implemented in VMware cloud platform, so will make our thesisfocus on the VM elastic management in VMware vSphere platform.