Design Of Network Security Architecture For Cloud Platform Based On Openstack

Network security is an eternal topic in the Internet,with the rapid development of cloud computing,cloud computing will eventually occupy the future of the server market,while the security needs of the cloud is also increasing.Cloud computing products on the market today,a small number of independent research and development by large Internet companies own closed-source cloud products,such as Amazon,Ali cloud,etc.;the majority of common development of open source cloud computing products,and open source cloud computing platform,the most representative Sex is OpenStack.The OpenStack neutron's network component neutron itself provides the primary firewall-Advanced Services FWaaS-located at the edge of the network,controlling the flow of data coming in and out of the network,installed on the network nodes of the cloud platform cluster,and distributed firewalls on cluster computing nodes on the cloud platform--Security Groups;however,the underlying components of these components are based on Linux IPtables and Linux systems to control the namespace to enter the corresponding virtual machine or network of tenant network packets,and Linux software system to achieve the performance of security components Poor,difficult to meet the business needs of the market.Currently,cloud security products on the market is still very little,and has not yet developed,so most of the data center cloud platform network security program design is still based on hardware devices,software equipment,supplemented to build.In order to meet the urgent needs of all types of enterprises on the private cloud network security,this paper presents a framework based on OpenStack private cloud network security architecture design.This paper will focus on the following four parts: First,will introduce the cloud network security research background and significance,research status,the main content and innovation;Second,and then introduce the virtual network implementation principle,OpenStack basic network architecture,And cloud computing platform on the network data traffic trends;introduced OpenStack virtual network components neutron and SDN docking works;study OpenStack network security components provided by the security group and the principle and application of the firewall;Third,and then design an OpenStack Access to SDN,add hardware,network security equipment,cloud platform data center after the overall network architecture diagram,the details of each network security device access cloud platform access program;Fourth,the test will be the whole structure of some of the safety equipment function And discusses some problems in the data center network and how to solve these problems,and puts forward some suggestions for the improvement of the system..