Venus, the net nebula to protect the cloud computing system security

Cloud computing, from concept to practice

According to statistics, the current more classic definition of cloud computing more than 50 kinds. Different experts and enterprises define the concept of cloud computing from their own perspective. The United States Institute of National Standards and Technology (NIST) is the definition of a more consistent and authoritative one.

NIST's definition of cloud computing: cloud Computing is a model that makes it easy to access a common set of configurable computing resources (such as networks, servers, storage devices, applications, and services) on demand. These resources can be quickly provided and published, while minimizing administrative costs or interference from service providers. The cloud model consists of five basic features, three service models, and four release models, as shown in the following illustration.

Picture-Cloud Model

In the specific practice of cloud computing, it is generally from some aspects began to involve, and specific applications, to find a cloud computing technology to enhance the efficiency of the business model of the road to success.

Our country strategically attaches great importance to this wave of cloud computing, in the national Twelve-Five planning of various departments, the cloud computing mentioned a very important position. And in many cities, a number of enterprises, the beginning of the pilot cloud computing. In the experiment of cloud computing, it is an important problem how to start the cloud computing system in a planned and step-by-step way. Star Chen actively participates in government, enterprise and other user units in the cloud computing technology planning, in the user Building cloud computing system in the process of exploring its security scheme.

Construction process of cloud computing system of a large state-owned enterprise and its security scheme practice

In the domestic cloud computing system's construction practice, the more typical promotion way is: Starts from the private cloud, starts from the IaaS service, expands gradually to the cloud computing application other aspect.

The following figure shows: The cloud computing system for a large group of companies is planned as follows:

1, through the integration of the resources layer, the core computing domain server resources, integrated into the computing resource pool, the formation of cloud computing data center, and through the introduction of server virtualization technology, improve resource utilization efficiency.

2, through the unified management platform to solve the cloud computing data Center resource allocation and management, to achieve dynamic flexible deployment and backup migration management.

3, the development of cloud computing System User management and user-service interface, the group's internal departments and business systems to provide IAAS services.

Extends to Paas/saas services within the group and extends to external services on the basis of private cloud and IaaS services.

Figure out cloud computing system planning for a large group of enterprises

In the implementation of the entire cloud computing system, the corresponding security measures are a great challenge to customers. Venus Chen, the Net Nebula and users together, according to the cloud computing system in different stages of construction, put forward the corresponding security measures.

1. In the phase of computing resource consolidation and server virtualization. The key to security is to address the Security Gateway deployment location problem that server virtualization brings.

2, in the unified management platform phase, the key point of security protection is: To solve the dynamic deployment of Virtual server security features associated with migration.

3, in the User-service interface development phase, the focus of security is: the Unified identity authentication system construction and operation and maintenance audit problems.

Security device deployment after server virtualization

Server virtualization puts forward new requirements for the deployment of secure gateway devices.

1, traditional security equipment, need to support multiple instances (also known as virtual Security Gateway), each instance to support the independent security engine and security management configuration interface to support the cloud computing system for multiple users.

2, in the same physical server within the different virtual server communication flow between the network, need a new form of security equipment, deployed within the virtual operating system, can control the access between virtual servers.

In general, the security gateways deployed under the server virtualization scenario are mainly in the following forms:

Star Chen and the Net nebula has been closely concerned about the use of cloud computing technology in the security product shape impact, has issued related products and solutions, actively support the enterprise users of cloud computing construction.