Home Opinions Cloud Security and Control using SDN Overlay

Cloud Security and Control using SDN Overlay


By Chris Purrington, VP of Sales at CohesiveFT

CohesiveFT is company ‘born in the cloud’. Since 2006 we’ve been helping our customers to use cloud computing, and that whole time we’ve been focused on addressing the issues of security, control and complexity which are encountered when using Infrastructure as a Service. Our goal is, as much as possible, to allow our customers to carry on doing in the cloud what they were doing on premise, without lots of changes and learning.

From a customer engagement in 2007 (a global science project looking to use AWS to host common business tools shared to 50+ locations) we identified the need for secure overlay networking and so developed VNS3™ our Software Defined (Overlay) Networking product, although of course it wasn’t called SDN back then.

In this blog I want to tell you about VNS3 (“Virtual Network Server-Cubed”) and how it can address many common cloud adoption hurdles, but I should also mention it is part of a suite of products that offer a tool kit for cloud application migration. Our Server3™ image and topology automation product allows you to import your VMs, software components and ISOs, and capture your topology definitions. It then transforms them into VMs for your chosen cloud and launches these VMs together as one application. This multi-cloud application migration process is all about automation and reuse, not magic! Watch out for more on this in a later blog.

Cloud Adoption Hurdles

Back to application centric SDN. We use that term because VNS3 operates at the application layer (layer7) rather than down at the network layer as other OpenFlow based SDN offerings do. Running at the application layer VNS3 gives back control to the application owner and so addressees many more of todays cloud based system’s requirements than OpenFlow does. Here are some of the typical adoption hurdles faced when moving systems to the cloud;

  • Security – is your data secure enough?
  • Compliance – can the CXO attest to the security of their data?
  • Compliance – is the level of encryption high enough for PCI/HIPPA/etc.?
  • Connectivity – can all your remote offices, or customer/partners securely connected to their specific servers in the cloud?
  • High availability/DR – will my system always be available, or can I recover quickly?
  • Control – can I use the IP addressing I want, where I want it?
  • Scaleability – can I connect as many offices, networks and devices as I want?
  • Portability – can I move my network with my application to another cloud?
  • Connectivity for ‘road warriors’ – can our iOS and Android devices be connected securely?
  • Monitoring – can I use my existing NOC to monitor and manage my cloud-based servers?
  • Integration – how can I integrate to on premise data, systems and infrastructure, eg Active Directory.

All of these and more are addressed by VNS3 – it’s so much more than a cloud VPN or VLAN.

Your Network in Your Control

VNS3 is a software only virtual appliance that our customers license, deploy, configure and manage. It’s in their control, not in the control of the cloud providers, so their CXO can attest that their data in motion to, from and within the cloud is secured with 256 bit encryption.

VNS3 is a hybrid device, it is a router, switch, firewall, IPsec and SSL VPN Concentrator and protocol re-distributor. This means our customers can overlay the cloud native network with their own network and so have control over end-to-end Encryption, IP Addressing, Network Topology and Multicast Protocols.

We see lots of varied uses for VNS3 in the Cloud; capacity expansion, disaster readiness/recovery, legacy migration and integration, development & test environments on demand, cloud WAN, and partner/customer/branch networks.
The overlay network is achieved through the separation of network identity from location, allowing our customers to ;

Extend their corporate network into the cloud VNS3
Integrate to on premise systems and data
Spread their overlay network across multiple cloud regions or even cloud providers,
Create a highly available meshed network
Build hybrid and or federated clouds.
Connect multiple locations and remote users to federate common shared infrastructure
Create global cloud WANs to connect to disparate customer & partner networks – often with very different requirements.
Create a cloud security lattice – orthogonal security measures layered up to provide enterprise class security in the cloud

We see lots of varied uses for VNS3 in the Cloud; capacity expansion, disaster readiness/recovery, legacy migration and integration, development & test environments on demand, cloud WAN, and partner/customer/branch networks. Relying on VNS3, customers have created PCI and HIPPA compliant services, ISV are embedding it, SI’s are delivering solutions with it – and CSPs/MSPs are offering it as a ‘VPC on steroids’.

An example of a VNS3 high availability multi cloud meshed overlay network with a 172 address, securely connecting multiple data centers.

These meshed networks are dynamic, they can be designed to failover automatically to keep make the network always available, and a comprehensive set of APIs are available so you can script and automate your overlay network’s creation.

As the cloud space matures the number of cloud providers will continue to grow, analysts are validating that cloud convergence, interoperability and federation across providers will be key for many production deployments. So the importance of Overlay SDN will grow, as will architecting your cloud networking for security, flexibility and future choice.

CohesiveFT are also sponsoring Cloud World Forum at London Olympia 26th/27th June you can find them on stand 3050. CohesiveFT are founders and organisers of CloudCamp London, the next one is 26th June 2013; www.cloudcamp.org/london.

Interact with CohesiveFT on Twitter: @cohesiveFT

Get in touch: