The "transition" period of "private cloud" security-the design concept of the "Cloud" SOLUTION
Jack zhai
I. Embarrassing status quo of private cloud security
Cloud computing is favored by CIOs because IT can provide virtualized resource pools, elastic service capabilities, and self-service services. In order to improve the utilization rate of enterprise IT equipment and improve the service disaster tolerance capability, most enterprises are trying to build private clouds.
Generally, the transition from an existing IT management system to a private cloud platform requires several steps: data centralization, business system integration, IT resource virtualization, management platform cloudification, and cloud service provision. Many people think that private cloud is the construction of information centers. In fact, the virtualization transformation of information centers is generally merged into the unified O & M management platform of information centers in the last two phases, rather than necessarily providing cloud services, therefore, it cannot be called a private cloud in a strict sense .) In this process, resource virtualization is the key, because only resources are virtualized and managed can we talk about Dynamic Allocation and provide elastic service support capabilities. Which resources can be managed through virtualization? Computing resources, including CPU and content, storage resources, and network resources. We have noticed that security resources are not generally involved. This is not surprising, because the virtualization platform manufacturers focus on service implementation first, and most of the security issues are put behind consideration.
This poses a challenge for CIOs: Private clouds provide unified services for various business departments of enterprises, including not only computing resources, storage resources, and network resources, but also security resources, for example, identity authentication, virus detection and removal, intrusion detection, and behavior audit only allocate computing and storage resources to the system. For users, they are not "streaking ". Different from public clouds, Private clouds have a single business and can establish unified security policies. Different private cloud business systems have different security requirements. Within a "Cloud, how to deploy different security policies for different business systems? Where is the deployment?
Cloud computing security has always been a hot topic in the industry. A special organization, CSA (cloud Security Alliance), has appointed some guiding opinions, but it is difficult to implement them. To sum up, cloud computing security has two difficulties:
First, it is a problem of the cloud computing system architecture itself.
Because of the use of virtualized resource management, the server of the user's business system is no longer explicitly running on which server, but dynamically drifting VM (Virtual Machine ), users of different business systems are in and out of a "general hospital", and there is no "boundary" between different business systems. How can we ensure that users who are restless can peek at the data of other systems, can the isolation between user business flows be achieved only through the management of Virtual Operating Systems? Not to mention the study of Virtual Machine escape, such as the blue pill. Traditional operating systems have a bunch of vulnerabilities. Will there be very few loopholes in Virtual Operating Systems? The hazard level is greater.
Second, it is a problem of Virtual Operating System vendors.
Currently, there are not many vendors that can provide virtual operating systems, such as VMware, Microsoft, Ctrix, Xen, RedHat, and Fang Wu. VMware, which has the largest market share, is a private code vendor like Microsoft and only provides third-party development interface APIs. VMware provides underlying security interfaces for the system, such as VMSafe. However, these interfaces are not yet available to security vendors in China. That is to say, to achieve secure deployment, you can only purchase products from third-party security vendors outside China. Other vendors, such as Xen, are open-source and have no interface problems. However, they must be able to deploy and maintain Xen with strong technical strength.
One sentence: security problems in the cloud are serious. The best way is that security devices can form pooled resource pools like storage devices. When users apply for ECs instances, it is allocated to users as needed along with computing and storage resources.
However, it may take some time for the current security vendors to completely reach this stage. To cope with the security of private cloud services in the transitional period, we have proposed the "Cloud" security solution for the transitional period.
Ii. Design Ideas of the "Cloud" SOLUTION
When there is no way to determine that multiple business systems can be securely isolated from each other in the cloud, according to the security requirements of different business systems, deploy business systems with similar security requirements and similar service objects in one cloud. Otherwise, they will be deployed in different clouds. In this way, enterprises will form one cloud, such as office business cloud, production business cloud, and Internet service cloud, or classified into Level 1 system cloud, level 2 system cloud, and level 3 system cloud according to the level of classified protection.
650) this. width = 650; "title =" yun1.JPG "src =" http://www.bkjia.com/uploads/allimg/131227/06492C619-0.jpg "/>
Cloud solution design model
The core network of an enterprise is "physical". Different Service clouds are connected to the core network. Each cloud has its own cloud management center, responsible for cloud computing, storage, and security resource management. Enterprise Users are divided into virtual terminals (such as virtual desktop "silly terminals") and real terminals (such as PCs and other "Rich terminals "), you can log on to different clouds through the enterprise network. Users of the entire network adopt uniform identity authentication and establish a cloud Security Management Center platform. This platform uses the interfaces of various cloud management centers, you can directly monitor the running status of virtual machines in the cloud.
The advantages of the cloud solution are obvious: in a cloud, the security requirements of business systems are similar, users are the same, and the demand for security isolation is greatly reduced, this solves the security problem of security isolation between different business systems in one cloud. The network between clouds is "physical", and the traditional security boundary ideas are fully applicable. Of course, different clouds can adopt different virtual operating systems to reduce the excessive reliance on a single manufacturer (the desktop operating system's dependency on Microsoft is a headache for many CIOs). Finally, if there is a problem with Alibaba Cloud, it will not affect other cloud business systems;
The disadvantages of the cloud solution are also obvious: the improvement of IT resource utilization is limited, which is obviously contrary to the goal of adopting virtualization technology; the construction of multiple clouds and multiple management and operation platforms is artificially constructed, management complexity is significantly increased.
However, the cloud solution can solve the contradiction that the current security of the virtualization platform is not yet in place, and the business needs promote the cloud computing model. Learning while walking, "crossing the river by feeling the stones" is better than wasting food for some reason.
The cloud solution breaks down the security issues of Enterprise Private clouds:
Security between clouds
Security in clouds
Iii. Cloud security design ideas
Different clouds are logically like the "Security Domain" in the design of traditional security solutions and have clear security region boundaries. Therefore, security between clouds can fully follow the traditional security solution design ideas, for deployment ideas, refer to the three baselines of the vase model. One platform provides security protection baselines for network boundaries and security domain boundaries. The dynamic monitoring baselines for important resource areas and core aggregation; credit Management baseline for users and O & M personnel; security management platform for daily O & M and emergency handling. For specific technical and management requirements, refer to the requirements of classified protection.
650) this. width = 650; "title =" yun2.JPG "src =" http://www.bkjia.com/uploads/allimg/131227/0649263194-1.jpg "/>
Iv. Cloud security design ideas
The cloud is actually within the scope of a cloud platform management system. It can also be said that it is a security design under a virtualized operating system management platform. From the system perspective, there are two levels of security design:
Security in virtual machines
Security on the virtualization platform
1) Security in virtual machines:
It is the virtual machine applied by the user. From the user's perspective, it looks the same as the physical server. The operating system and service software selected by the user. Therefore, the security in a virtual machine is like the security protection design for a host system. As the management of virtual machines is much simpler than physical machines, it is easy to perform configuration modification and patch upgrade management. the on/off server is just a file running under a directory.
At the same time, the computing resources of virtual machines can be dynamically applied, and there is no longer a conflict between the security of traditional hosts and resources for business competition, that is, because the security monitoring inside the host will reduce the efficiency of business operation, many business managers refuse to install other resident software. Of course, the compatibility problem between software still exists. Therefore, before upgrading the system or installing security software, you must test it on other virtual machines, ensure that the normal operation of business software is not affected.
650) this. width = 650; "title =" yun3.JPG "src =" http://www.bkjia.com/uploads/allimg/131227/0649264031-2.jpg "/>
Security considerations for virtual machines are as follows:
1. identity Authentication and permission management: identity authentication can be integrated with the Identity Authentication System of the entire network, but permission management has its own Details Management in the cloud, ensures that users inside the cloud can access business differences;
2. service reinforcement and anti-control defense: This is mainly for servers. Like common business servers, basic security reinforcement is required, installing Suitable patches, disabling unnecessary services, and deleting accounts are not enough. A server is a network-oriented service that interrupts services and only affects its own business. If hackers intrude into the server and become a zombie, the server may become a tool to attack other targets. Because multiple business systems are running in the cloud and vulnerabilities of one system are exploited, a hacker's bridgehead is built and becomes a stepping stone for internal attacks, many hackers intrude into the core and secret servers step by step. Therefore, the server is not controlled by intruders, and it is the minimum baseline for server security. It is necessary to install the anti-control defense system or reinforce the system;
3. terminal protection system: this is mainly for remote desktop or BYOD, because there are a wide variety of visitor terminals, the security status is strange, and the access terminal should be properly checked for security, or restrict its permission to access cloud services. Of course, you can also use the "container-type" Remote Desktop to isolate the services in the remote terminal from other systems, ensure that viruses and trojans on terminals cannot intrude into cloud services;
4. Anti-Virus: viruses and Trojans are pervasive. It is necessary to filter user traffic. Of course, anti-virus can also be implemented at the entrance of the cloud, but it is more effective for viruses at the application layer to be detected and killed through host monitoring.
2) Security on the virtualization platform:
The security on the virtualization platform is directly related to the openness of the manufacturer's products. There are two scenarios:
The first scenario is the open-source platform, or the underlying security API interfaces of the manufacturer, such as the VMSafe interface of VMware. You can use the interfaces to insert your own security code, checks and controls traffic on virtual machines.
650) this. width = 650; "title =" yun4.JPG "src =" http://www.bkjia.com/uploads/allimg/131227/0649264622-3.jpg "/>
This method directly controls user data streams on the underlying hypervisor of the virtualization platform. Some operating systems as we understand are divided into kernel and user States, it is difficult for hackers to break through the hypervisor to the kernel layer and to bypass such security monitoring.
The second case is that users cannot obtain the underlying interfaces of the virtualization platform, or want to use third-party security control measures (the security managed by the virtualization platform and controlled by themselves is confusing ). This method is a popular security control measure for traffic redirection by security manufacturers.
The idea of implementation is to use the traffic traction control protocol openflow in SDN technology to guide users' business traffic to flow in accordance with the prescribed security policy, combined with the virtualization technology of security products, establish resource pools such as firewalls, intrusion detection, user behavior auditing, and virus filtering. When a user applies for Virtual Machine resources, the resources are delivered to the user along with the computing and storage resources to ensure the security of user services.
The implementation steps are as follows:
1. virtual pooling of security resources: first, virtualization of security devices "multiple to one" to form a virtual, logical, and high-processing security device, such as virtual firewalls and Virtual Intrusion Detection. Then, virtual security devices are virtualized to generate custom virtual security devices with matching processing capabilities;
2. deploy a traffic control server: it is the center of traffic control management. It accepts and deploys security policies for user traffic. When a user's business virtual machine is migrated, it is responsible for the migration and implementation of traffic control policies; this server can be a dual-host hot backup to improve system security, or adopt the virtual machine mode. At the same time, install the traffic control engine in the virtual computing resource pool: the specific method is to open a virtual machine to run the traffic control engine in each physical server, which is responsible for guiding all the virtual machines on the physical server, traffic redirection based on security policies;
3. There are two ways to draw your business traffic:
A) image mode: For security devices connected by bypass such as intrusion detection and behavior audit, you must copy user traffic without affecting the original user business traffic;
B) Control Mode: For security gateway devices such as firewalls, user traffic needs to be directed to the security device virtualization pool. After traffic is cleaned, then, traffic is directed to a normal service to process virtual machines;
4. To change the flow of user traffic, you need to modify the target MAC address and target IP address. There are many specific solutions. Here we use MAC in MAC technology, which encapsulates data packets and restores "safe traffic" to "normal" after being processed by security devices; when cloud physical switches and virtual switches support SDN mode, openflow protocol can also be used for encapsulation during guidance;
5. when a user's business service virtual machine is migrated in different physical services, the security policy of the user's business will also be migrated to the traffic control virtual machine in the target physical service, continue to guide the user's business traffic.
650) this. width = 650; "title =" yun5.JPG "src =" http://www.bkjia.com/uploads/allimg/131227/06492C429-4.jpg "/>
V. Summary
By deploying business systems with different security requirements in different clouds, the "Cloud" solution reduces the demand for business isolation in the cloud, while inside the cloud, traffic redirection and Virtual Machine reinforcement are used to implement security filtering at the network layer and enhance security management of the business system, such as user permission management and business behavior audit, to implement access control at the application layer, encryption is recommended for the storage and transmission of sensitive data.
The "Cloud" solution is a transitional solution. When the security isolation and control technologies in the cloud are mature, multiple clouds can be merged into one cloud.
This article is from the "Jack zhai" blog, please be sure to keep this source http://zhaisj.blog.51cto.com/219066/1213015