By Topic

Hybrid security architecture for data center networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Ho-Yu Lam ; Dept. of Electr. & Comput. Eng., New York Univ., Brooklyn, NY, USA ; Song Zhao ; Kang Xi ; Chao, H.J.

Security is critical to data centers, especially multi-tenant data centers that host a variety of applications in a single facility. Conventional schemes place security devices (middleboxes) at a few choke points (e.g., core routers) and rely on routing policy to guarantee middlebox traversal. Coupling routing and security services together complicates operation and troubleshooting since routing and security are operated by different teams. When a data center scales, the security system needs upgrade accordingly. However, the current approaches are not flexible and incur high cost. Observing that rich computing resources are already available in data centers, we are interested in using a large number of software middleboxes to achieve scalability and cost efficiency. We present Hybrid Security Architecture (HSA), a design to decouple security services from routing and to allow the integration of hardware and software middleboxes in a complementary way. HSA is more cost-effective and flexible compared to the conventional schemes that solely use hardware middleboxes. It allows topology and routing changes with minimal impact to security services, and vice versa. In particular, HSA does not require modification to switches and routers. This paper explains the framework of HSA, describes the key techniques, presents a testbed to validate the design, and discusses future research directions.

Published in:

Communications (ICC), 2012 IEEE International Conference on

Date of Conference:

10-15 June 2012