Abstract
Network functions virtualization intertwined with software-defined networking opens up great opportunities for flexible provisioning and composition of network functions, known as network service chaining. In the cloud, this allows providers to create service chains tuned to each application type while optimizing resources’ utilization. This is particularly useful to accommodate different tenants’ applications with different security needs. However, considering security provisioning from the single perspective of resources optimization may lead to deployment solutions that do not comply with well-known security-related best practices and recommendations. In this paper, we propose network security defense patterns (NSDP) aimed at leveraging the best practice and know-how from the security experts and at capturing various security constraints to efficiently select compliant security functions’ deployment options. The placement problem being a NP-Hard problem to solve, we also propose a scalable networking and computing resources aware optimization framework to efficiently provision different NSDPs. We further show the feasibility of implementing NSDPs in the cloud infrastructure through the integration of our approach into an open source cloud framework, namely OpenStack, in our test laboratory. The simulation results show the effectiveness of our approach in selecting an optimal placement of the security functions for large data centers with hundreds of thousands of computing nodes, while complying with the predefined security constraints and improving the scalability compared to the current placement algorithms.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call