Pere Monclus Oct 18th, 2012

pmonclus@plumgrid.com

The Role of Networking in building Secure Public/Private Clouds

2

Networking Dilemma

Provide Connectivity (default open)

Prevent Unwanted Connectivity (default closed)

A matter of Policy

QoS ∞ QoS QoS

3

Why so hard? (part 1)

Midsize Enterprise Network diagram (Cisco Safe guides)

WHERE to apply Security Policies is harder than Connectivity

4

The approach to Security

Designing Network Security •  Adding Security as a self contained element

Designing Secure Networks •  Incorporate Security from the beginning

Network Security is a System !!

5

Why so hard? (part 2)

Business Needs

Risk Analysis

Security Policies

Security System

The problem doesn’t start at Network Security …

… often is expected to be solved by a Network Service

6

And… what about Cloud?

Business Needs

Risk Analysis

Security Policies

Security System

Business Needs

Risk Analysis

Security Policies

Security System

Business Needs

Risk Analysis

Security Policies

Security System

Tenant 1 Tenant 2 Tenant 3

Business Needs

Risk Analysis

Security Policies

Security System

Public / Private Cloud provider

Users / Tenants Infrastructure Guarantees

Superset of requirements

7

Cloud Provider: Tenant Isolation

Tenant 1

Tenant 2

Tenant 3

Cloud Provider

Isolation Multitenancy Self Provisioning Cloud Services

Provider Control

Infrastructure Internet

8

Tenant: Networking Application Isolation

10.0.1.0/24 10.0.2.0/24

VM VM VM VM

Inbound/Outbound policies

Interface attached network security policies

Services: FW, VPN, IPS, UTM, … (pics!)

Is this the right model in a virtual world?

9

What is Isolation? What SLA are we willing to sign up to?

•  Subnet separation?

•  Security rules?

•  Security services (FW/IPS/UTM/…)

•  Tenant Inbound/Outbound enforcement?

•  …

•  Network separation? Physical? Virtual?

•  Transit Policies?

•  Data Leakage?

•  Physical Placement?

•  Traffic confidentiality?

•  ...

Tenant owns?

Provider owns?

•  Enforcement points? •  Common/Separate? •  New types

•  How to merge policies? •  Policy definition vs. Policy Rendering? •  Proper workflows

10

Security Life Cycle

What about?

•  System Monitoring and Maintenance

•  Compliance Checks

•  Incident Response

•  Forensics / Visibility / Analysis tools

Who owns that?

How do we cross from Provider to Tenant and we still provide simple operational models?

11

Network security and OpenStack

12

OpenStack Quantum Model

Network Node(s)

Compute Node(s) Cloud Controller Node

Management Network

Data Network

Quantum server

quantum-*-plugin-agent

quantum-*-plugin-agent

quantum-l3-agent

quantum-dhcp-agent

Physical Network Virtual Network

* from Quantum Admin guide

Compute

Storage

Networking

Network Controller

13

OpenStack Network Types

Virtual Network

Physical Network

Virtual Ports (VMs)

Physical Ports (Servers)

VLANs

Linux Bridges

Local Network

Overlays

Flat Network

Provider Networks

Tenant Networks

Tenant Networks

14

Spoofing/MiM v2.0 (Provider Worries)

Can I compromise/impersonate a VM/Server/Port?

•  How to prevent the provisioning of a rogue Server

•  How to prevent the provisioning of a rogue VM

•  How to prevent the provisioning of a rogue Port / Taps

But… if it happens:

•  How to prevent the ‘connectivity’ of a rogue Server / VM / Port to a physical or logical network

* Not to enter into discussions about securing the Cloud Controller

15

Application Policy Management (Tenant Worries)

In a Virtual environment:

•  Policy definition

•  Policy Rendering

•  Policy Enforcement

•  Security Services Offering (Virtual Appliances)

16

Identity and Location to the rescue

Understanding the linkage between Physical and Virtual

Understanding the linkage between Identity and Address

17

Multisite Clouds

Physical/Virtual and Identity/Address expand across Datacenters

18

•  Service Insertion (Choke points at the Operator and Tenant level) •  Physical Appliances •  Virtual Appliances •  Distributed Appliances

•  New policy capabilities •  Applied at the VM ifc level (definition-rendering problem) •  Identity based

•  Proper articulation of Virtual/Physical bindings

•  Cloud Controller workflows for security

•  Discussion on where to apply/attach global policies

•  What SLAs and Certifications will the Tenants expect?

Possible steps to integrate Security in OpenStack

19

Conclusion

•  No easy answer to Security

•  Blurring the line between Virtual and Physical networks brings many additional challenges and OPPORTUNITIES

•  Centralized control structures are more vulnerable. Need proper workflows.

•  Incorporate Security from early stages, it is difficult to bolt it in

20

Questions?

Pere Monclus pmonclus@plumgrid.com

www.plumgrid.com