Hybrid security architecture for data center networks

Ho Yu Lam, Song Zhao, Kang Xi, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Security is critical to data centers, especially multi-tenant data centers that host a variety of applications in a single facility. Conventional schemes place security devices (middleboxes) at a few choke points (e.g., core routers) and rely on routing policy to guarantee middlebox traversal. Coupling routing and security services together complicates operation and troubleshooting since routing and security are operated by different teams. When a data center scales, the security system needs upgrade accordingly. However, the current approaches are not flexible and incur high cost. Observing that rich computing resources are already available in data centers, we are interested in using a large number of software middleboxes to achieve scalability and cost efficiency. We present Hybrid Security Architecture (HSA), a design to decouple security services from routing and to allow the integration of hardware and software middleboxes in a complementary way. HSA is more cost-effective and flexible compared to the conventional schemes that solely use hardware middleboxes. It allows topology and routing changes with minimal impact to security services, and vice versa. In particular, HSA does not require modification to switches and routers. This paper explains the framework of HSA, describes the key techniques, presents a testbed to validate the design, and discusses future research directions.

Original languageEnglish (US)
Title of host publication2012 IEEE International Conference on Communications, ICC 2012
Pages2939-2944
Number of pages6
DOIs
StatePublished - 2012
Event2012 IEEE International Conference on Communications, ICC 2012 - Ottawa, ON, Canada
Duration: Jun 10 2012Jun 15 2012

Publication series

NameIEEE International Conference on Communications
ISSN (Print)1550-3607

Other

Other2012 IEEE International Conference on Communications, ICC 2012
CountryCanada
CityOttawa, ON
Period6/10/126/15/12

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Hybrid security architecture for data center networks'. Together they form a unique fingerprint.

Cite this