1 / 11

Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments

Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments. Renato Figueiredo Associate Professor Center for Autonomic Computing ACIS Lab University of Florida. Outlook. Architecting autonomic virtual networks

mauli
Download Presentation

Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments RenatoFigueiredo Associate Professor Center for Autonomic Computing ACIS Lab University of Florida

  2. Outlook • Architecting autonomic virtual networks • Isolation, security, encapsulation, dynamic configuration, migration • Self-configuration, self-healing, self-optimization • Applications in cloud and collaborative environments • Virtual Private Clusters • Social VPNs • Archer: a collaborative environment for computer architecture simulation • Ongoing/future work

  3. Social VPNs • Focus on usability of security • VPNs: can recover Internet end-to-end connectivity • From a user’s perspective: it needs to be simple • My computer gets a virtual network card • It connects me directly to my social peers • All IP packets: authenticated, encrypted, end-to-end • Leverage well-known PKI techniques • No configurationbesides establishing social links • All I need to do to is log in to a web based social network • Applications, middleware work as if the computers were on the same local-area network

  4. carol.facebook.ipop 10.10.0.2 node0.alice.facebook.ipop 10.10.0.3 • Alice’s services: • Samba share • RDP server • VoIP, Chat • Advertise to Bob, Carol Social Network API Alice’s public key certificate Bob’s public key certificate Carol’s public key certificate Social network Information system Social network (e.g. Google chat) Social Network Web interface Social VPN Overview Social relationships web-based profiles, email/chat networks. Public key certificates retrieved through social API or XMPP Overlay network (IPOP) Bob: browses Alice’s SMB share Symmetric keys exchanged and point-to-point private tunnels created on demand; Multicast-based resource discovery Alice Carol Bob

  5. SocialVPN Control Plane • Use APIs of well-established social networks for peer discovery and certificate exchange • Centralized user identity and data store for certificate exchange • Facebook APIs and data store • Federated user identities and peer-to-peer messaging for synchronous certificate exchange • XMPP online chat protocol (Google chat, Jabber.org; Facebook has partial support) • May use DHT for asynchronous certificate exchange

  6. SocialVPN Data Plane • IPOP core, with end-to-end security • Dynamic IP address assignment • Key to supporting IPv4 in large social networks • Facebook has more users than there are class A private IPs! • Avoid conflicts with local private networks • Dynamic IP translation; supports mobility • Key: while whole social network is huge, my social network fits in a subnet • [Figueiredo et al, COPS 2008]

  7. SocialVPN dynamic IP translation Non-conflicting private network Src: 172.16.1.10 Dst: 172.16.1.1 10.10.x.y Alice: 10.10.1.1 VNIC Bob: 10.10.1.2 Ann Ann: 10.10.1.3 172.16.x.y Alice Ann: 172.16.1.1 Bill: 172.16.1.2 Src: 10.10.1.1 Dst: 10.10.1.3 Alice: 172.16.1.10 Src: AliceOverlayID Dst: AnnOverlayID VNIC

  8. SocialVPN Connection times • 128 nodes on Amazon EC2, 450 nodes on PlanetLab • Majority of links formed in less than a second • DHT lookup, symmetric key exchange • Few additional seconds for NAT traversal

  9. Per-node Bandwidth • Small cost of maintaining overlay connections • 1KByte/s for 128 peers

  10. Trust relationships • I manage who I trust - SocialVPN • Alice friend of Bob, Bob friend of Carol • Social VPN links: Alice <-> Bob, Bob <-> Carol • No direct connection between Alice and Carol • Self-signed certificates • Small-scale, ad-hoc; social VPN is not all-to-all connected • I delegate trust to a third party - GroupVPN • Alice, Bob and Carol trust Trent, a group moderator • Social VPN links: A<->B, B<->C, A<->C • Trent acts as CA, signing as a side-effect of approving user • GroupVPN is all-to-all connected

  11. GroupVPN security management • IPOP creates VPN links autonomously • But who decides on VPN membership? • How to multiplex many virtual private IP overlays over the same P2P overlay? • Key approaches: • Namespaces: separation of virtual IP address spaces • VPN configuration: Web-based group front-end to manage certificates, automatic signing and configuration • Centralized user and certificate management, decentralized VPN routing • Users create, configure VPN groups, namespaces • Group owner manages joining/leaving of a group • Certificate signing/revocation is automated • PKI infrastructure, simple usage model for virtual clusters

More Related