Collaborative Network Security in Multi-Tenant Data Center for Cloud Computing

Data center is the infrastructure of supporting Internet service. Cloud computing is rapidly changing the face of Web Internet service infrastructure, enabling even small organizations to quickly create Web and mobile applications for millions of users by taking advantage of the scale and flexibility of the shared physical infrastructures provided by cloud providers. In this scenario, multiple tenants saved their data and applications in the same data centers making the network boundaries between each tenant become blurred. Also different tenants have different security requirements, it needs to create different security policies for them. Network virtualization is to "compile" a diverse set of tenant-specific requirements into a single configuration of the underlying physical cloud network, enabling multi-tenant datacenters to automatically address a large and diverse set of tenants’ requirements. In this paper, we propose architecture, mechanism design and system implementation of vCNSMS, a collaborative network security prototype system in multiple tenant’s data center network. We demonstrates vCNSMS with a centralized collaborative scheme and deep packet security check in peer-UTMs among vCNSMS with open source peer-UTM system. A security level based protection policy is proposed for simplifying the security rule management for vCNSMS. Different security level has different packet inspection scheme and enforced with different security plugins. A smart packet verdict scheme is also integrated into vCNSMS for intelligence flow processing to defense possible network attack inside data center network. 1