Secure hybrid cloud computing: Approaches and use cases

Abstract

Hybrid cloud is defined as a cloud infrastructure composed of two or more cloud infrastructures (private, public, and community clouds) that remain unique entities, but are bound together via technologies and approaches for the purposes of application and data portability. This paper will review a novel approach for implementing a secure hybrid cloud. Specifically, public and private cloud entities will be discussed for a hybrid cloud approach. The approach is based on extension of virtual Open Systems Interconnection (OSI) Layer 2 switching functions from a private cloud and to public clouds, tunneled on an OSI Layer 3 connection. As a result of this hybrid cloud approach, virtual workloads can be migrated from the private cloud to the public cloud and continue to be part of the same Layer 2 domain as in the private cloud, thereby maintaining consistent operational paradigms in bot the public and private cloud. This paper will introduce and discuss the virtual switching technologies which are fundamental underpinnings of the secure hybrid approach. This paper will not only discuss the virtual Layer 2 technical architecture of this approach, but also related security components. Specifically, data in motion security between the public and private clouds and interworkload secure communication in the public cloud will be reviewed. As part of the hybrid cloud approach, security aspects like encrypted communication tunnels, key management, and security management will be discussed. Moreover, management consoles, control points, and integration with cloud orchestration systems will also be discussed. Additionally, hybrid cloud consideration for network services like network firewall, server load balancers, application accelerators, and network routing functions will be examined. Finally, several practical use cases which can be applicable in the aerospace industry, like workload bursting, application development environments, and Disaster Recovery as a Service will be explored.