Network barrier and cloud security of private cloud

Source: Internet
Author: User
Keywords Private cloud application cloud security
Tags access application applications bandwidth business business cloud business provider change

Cloud computing provides IT professionals with greater flexibility on how to deliver services. When there is a sudden change in the demand for a new project or workload, it can either hand over the work to a business provider or internally transfer resources until the peak period is passed.

But this flexibility can also pose a cyber threat. For remote transfer applications, the company needs a good network connection between the data Center Web site and the public cloud provider, and the user will not feel degraded. There are two forms of good connections: the necessary bandwidth and the lower latency. Most businesses have an effective network connection to support e-mail, Web browsing, and general internal communication.

To increase the flow of connections between the external cloud provider and the company, you need to plan to protect the application or the original application of the network connection. A typical data center network, especially a gigabit network with much more bandwidth and low latency.

IT managers can also diagnose problems by monitoring internal network devices. But when you transfer a local application to a cloud provider, it is no longer part of your datacenter network. If you want to access your application, your network traffic needs to be routed over a long route, across smaller network links and with long link delays. For example, my Computer uses 3 network segments, or 3 "hops" to access the company's human resources applications, and has a network latency of 0.3 milliseconds (msec).

In a business cloud, handing over an application to a commercial cloud provider adds an additional 20 milliseconds delay to the access server. It spans a network segment of unknown size, and it insiders cannot monitor it. When network latency occurs, some applications are subject to significant losses, especially when some parts of the application are internal, such as databases, and some are part of a commercial cloud.

Most commercial cloud environments charge network usage fees. However, it is not very high to charge 10 cents or 15 cents per gigabit flow, and costs are beginning to increase, especially as most organizations consider fast network speed and flat rate pricing as a matter of course. When you are ready to back up cloud-based applications and data updates, new configurations, and other day-to-day operations of your application, you may be spending money

Cloud security: Using what you know

Security is always part of the cloud implementation plan. The challenge of the private cloud is similar to that of the cloud in existing virtualization projects, so most businesses should not be surprised by the need. But the security of mixed cloud and public cloud models has changed.

Private clouds can leverage traditional network segmentation techniques to place IT groups on traditional security models, such as virtual LANs, firewalls, intrusion detection, and prevention systems. Newer cloud technologies, such as VMware's Vclouddirector, provide a new way to implement firewalls and network isolation. While they are designed to improve the efficiency of IT staff, these new technologies are in contravention of existing policies, procedures, and methods to protect the environment from security and network behavior.

Getting these teams involved earlier in the development cloud is critical to proper adoption.

Mixed clouds bring special data access challenges. Faced with this challenge, some IT teams show a rather paranoid attitude towards the business cloud. They usually think you can't trust the security of the network between the internal data center and the commercial cloud host, and you can't trust the security of the network between the two virtual machines in the business cloud. They also often assume that you cannot trust the security of the underlying storage or storage network of the cloud.

For these problems, there are solutions, and cloud products or underlying virtualization technologies sometimes include these methods. For example, VMware provides virtual private network functionality as part of its product VShield suite. Vmsafe application interfaces and other products, such as the virtual Security suite for VShield or altor networks, can implement virtual firewall functionality.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.