{"title":"以提高云防火墙容错能力为任务的嵌套虚拟化技术实现场景","authors":"Vitalii Tkachov, Mykhailo Hunko, Vadym Volotka","doi":"10.1109/PICST47496.2019.9061473","DOIUrl":null,"url":null,"abstract":"Currently, the use of cloud firewalls allows protecting not only individual network resources, but also the entire infrastructure of large data centers. The main requirement for a cloud firewall is high fault tolerance. There are classic ways to increase fault tolerance, which focus on high redundancy of technological solution. Small and medium Internet business cannot always afford the creation of a separate solution to ensure the security of resources. Therefore, it is relevant to implement nested virtualization technology that gives the opportunity to use a cloud server with a hypervisor inside, in which, in turn, virtual machines are launched. Firewall software can be directly implemented on these virtual machines. Improving the fault tolerance of a cloud firewall is possible using of a set of nested virtual machines of the cloud server, which can be instantly restored by its hypervisor. To analyze the impact of the resource allocation plan of the cloud server, to detect a failed or incorrectly running nested virtual machine, the calculation of the virtual machine efficiency indicator is given. The paper proposed three scenarios for the use of nested virtualization technology: nested virtualization of services, nested virtualization of machines and virtualization of the entire infrastructure. For each of them, experimental studies have been carried out in order to identify patterns of time delay values for restoring the full functionality of the cloud firewall after a network attack on its various elements. By conducting experiments, it has been established that the use of nested virtualization technology in the first scenario allows to get a time gain of 7 times; in the second scenario there is a gain of 1.5 times; in the third one, it has been allowed to fully restart the cloud firewall infrastructure in a new cloud.","PeriodicalId":6764,"journal":{"name":"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)","volume":"34 1","pages":"759-763"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Scenarios for Implementation of Nested Virtualization Technology in Task of Improving Cloud Firewall Fault Tolerance\",\"authors\":\"Vitalii Tkachov, Mykhailo Hunko, Vadym Volotka\",\"doi\":\"10.1109/PICST47496.2019.9061473\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Currently, the use of cloud firewalls allows protecting not only individual network resources, but also the entire infrastructure of large data centers. The main requirement for a cloud firewall is high fault tolerance. There are classic ways to increase fault tolerance, which focus on high redundancy of technological solution. Small and medium Internet business cannot always afford the creation of a separate solution to ensure the security of resources. Therefore, it is relevant to implement nested virtualization technology that gives the opportunity to use a cloud server with a hypervisor inside, in which, in turn, virtual machines are launched. Firewall software can be directly implemented on these virtual machines. Improving the fault tolerance of a cloud firewall is possible using of a set of nested virtual machines of the cloud server, which can be instantly restored by its hypervisor. To analyze the impact of the resource allocation plan of the cloud server, to detect a failed or incorrectly running nested virtual machine, the calculation of the virtual machine efficiency indicator is given. The paper proposed three scenarios for the use of nested virtualization technology: nested virtualization of services, nested virtualization of machines and virtualization of the entire infrastructure. For each of them, experimental studies have been carried out in order to identify patterns of time delay values for restoring the full functionality of the cloud firewall after a network attack on its various elements. By conducting experiments, it has been established that the use of nested virtualization technology in the first scenario allows to get a time gain of 7 times; in the second scenario there is a gain of 1.5 times; in the third one, it has been allowed to fully restart the cloud firewall infrastructure in a new cloud.\",\"PeriodicalId\":6764,\"journal\":{\"name\":\"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)\",\"volume\":\"34 1\",\"pages\":\"759-763\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PICST47496.2019.9061473\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PICST47496.2019.9061473","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Scenarios for Implementation of Nested Virtualization Technology in Task of Improving Cloud Firewall Fault Tolerance
Currently, the use of cloud firewalls allows protecting not only individual network resources, but also the entire infrastructure of large data centers. The main requirement for a cloud firewall is high fault tolerance. There are classic ways to increase fault tolerance, which focus on high redundancy of technological solution. Small and medium Internet business cannot always afford the creation of a separate solution to ensure the security of resources. Therefore, it is relevant to implement nested virtualization technology that gives the opportunity to use a cloud server with a hypervisor inside, in which, in turn, virtual machines are launched. Firewall software can be directly implemented on these virtual machines. Improving the fault tolerance of a cloud firewall is possible using of a set of nested virtual machines of the cloud server, which can be instantly restored by its hypervisor. To analyze the impact of the resource allocation plan of the cloud server, to detect a failed or incorrectly running nested virtual machine, the calculation of the virtual machine efficiency indicator is given. The paper proposed three scenarios for the use of nested virtualization technology: nested virtualization of services, nested virtualization of machines and virtualization of the entire infrastructure. For each of them, experimental studies have been carried out in order to identify patterns of time delay values for restoring the full functionality of the cloud firewall after a network attack on its various elements. By conducting experiments, it has been established that the use of nested virtualization technology in the first scenario allows to get a time gain of 7 times; in the second scenario there is a gain of 1.5 times; in the third one, it has been allowed to fully restart the cloud firewall infrastructure in a new cloud.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
