Center for Autonomic Computing Intel Portland, April 30, 2010 Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments.

Slides:

Advertisements

Similar presentations

Education and training on FutureGrig Salt Lake City, Utah July 18 th 2011 Presented by Renato Figueiredo

Advertisements

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Internetworking II: MPLS, Security, and Traffic Engineering

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Center for Autonomic Computing Intel Portland, April 30, 2010 Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments.

Voice over IP Skype.

Addressing the P2P Bootstrap Problem for Small Overlay Networks David Wolinsky, Pierre St. Juste, P. Oscar Boykin, and Renato Figueiredo ACIS P2P Group.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Module 5: Configuring Access for Remote Clients and Networks.

SCSC 455 Computer Security Virtual Private Network (VPN)

Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

Internet Protocol Security (IPSec)

Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design Copyright © PLANET Technology.

Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.

Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

NetComm Wireless VPN Functionality Feature Spotlight.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

NETWORKS – NETWORK FUNDAMENTALS. How do computers connect to each other? Wired vs. Wireless Network cards Special device on computer that lets the computer.

On the Design of Autonomic, Decentralized VPNs David Wolinsky, Kyungyong Lee, Oscar Boykin, and Renato Figueiredo ACIS P2P Group University of Florida.

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

Advanced Computing and Information Systems laboratory Plug-and-play Virtual Appliance Clusters Running Hadoop Dr. Renato Figueiredo ACIS Lab - University.

Overlay network concept Case study: Distributed Hash table (DHT) Case study: Distributed Hash table (DHT)

Grid Appliance – On the Design of Self-Organizing, Decentralized Grids David Wolinsky, Arjun Prakash, and Renato Figueiredo ACIS Lab at the University.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

VICCI: Programmable Cloud Computing Research Testbed Andy Bavier Princeton University November 3, 2011.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.

Virtual Private Networks Warren Toomey. Available WAN Links.

Advanced Computing and Information Systems laboratory Virtual Appliances for Training and Education in FutureGrid Renato Figueiredo Arjun Prakash, David.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

Module 5: Configuring Access for Remote Clients and Networks.

C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.

Module 9: Fundamentals of Securing Network Communication.

Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.

Center for Autonomic Computing Intel Portland, April 30, 2010 Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments.

A Survey on Parallel Computing in Heterogeneous Grid Environments Takeshi Sekiya Chikayama-Taura Laboratory M1 Nov 24, 2006.

Cooperative Education – Networking Fall 2009 Network Team Saigon Institute of Technology.

Advanced Computing and Information Systems laboratory IP over P2P: Enabling Self- configuring Virtual IP Networks for Grid Computing Arijit Ganguly, Abhishek.

An analysis of Skype protocol Presented by: Abdul Haleem.

Internet Architecture and Governance

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 10: Providing Secure Access to Remote Offices.

Protocol Requirements draft-bryan-p2psip-requirements-00.txt D. Bryan/SIPeerior-editor S. Baset/Columbia University M. Matuszewski/Nokia H. Sinnreich/Adobe.

1 Extreme Networking at Home Jari Arkko, Ericsson.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

HIP & MIP V 6 SECURITY Research: Security Architecture IRT Lab, Columbia University.

Securing Access to Data Using IPsec Josh Jones Cosc352.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

SOSIMPLE: A Serverless, Standards- based, P2P SIP Communication System David A. Bryan and Bruce B. Lowekamp College of William and Mary Cullen Jennings.

CLOUD ARCHITECTURE Many organizations and researchers have defined the architecture for cloud computing. Basically the whole system can be divided into.

Presented by Edith Ngai MPhil Term 3 Presentation

CIS 700-5: The Design and Implementation of Cloud Networks

Oracle SOA Cloud Integration Project

Peer-to-peer networking

NETW 208 Enthusiastic Studysnaptutorial.com

Network Virtualization

Goals Introduce the Windows Server 2003 family of operating systems

Peer-to-Peer Reputations

Public-Key, Digital Signatures, Management, Security

Amazon AWS Certified Solutions Architect Professional solutions-architect-professional-practice-test.html.

Get Ready for the New Internet: IPv.6

Presentation transcript:

Center for Autonomic Computing Intel Portland, April 30, 2010 Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments Renato Figueiredo Associate Professor Center for Autonomic Computing ACIS Lab University of Florida

2 Outlook  Architecting autonomic virtual networks Isolation, security, encapsulation, dynamic configuration, migration Self-configuration, self-healing, self-optimization  Applications in cloud and collaborative environments Virtual Private Clusters Social VPNs  Archer: a collaborative environment for computer architecture simulation  Ongoing/future work

3 Social VPNs  Focus on usability of security VPNs: can recover Internet end-to-end connectivity From a user’s perspective: it needs to be simple  My computer gets a virtual network card It connects me directly to my social peers All IP packets: authenticated, encrypted, end-to-end  Leverage well-known PKI techniques No configuration besides establishing social links  All I need to do to is log in to a web based social network  Applications, middleware work as if the computers were on the same local-area network

4 Social VPN Overview Alice Carol Bob Social Network Web interface Social network (e.g. Google chat) Overlay network (IPOP) carol.facebook.ipop node0.alice.facebook.ipop Social Network API Social network Information system Alice’s public key certificate Bob’s public key certificate Carol’s public key certificate Social relationships web-based profiles, /chat networks. Public key certificates retrieved through social API or XMPP Symmetric keys exchanged and point-to- point private tunnels created on demand; Multicast-based resource discovery Bob: browses Alice’s SMB share Alice’s services: Samba share RDP server VoIP, Chat Advertise to Bob, Carol

5 SocialVPN Control Plane  Use APIs of well-established social networks for peer discovery and certificate exchange Centralized user identity and data store for certificate exchange  Facebook APIs and data store Federated user identities and peer-to-peer messaging for synchronous certificate exchange  XMPP online chat protocol (Google chat, Jabber.org; Facebook has partial support)  May use DHT for asynchronous certificate exchange

6 SocialVPN Data Plane  IPOP core, with end-to-end security  Dynamic IP address assignment Key to supporting IPv4 in large social networks  Facebook has more users than there are class A private IPs! Avoid conflicts with local private networks Dynamic IP translation; supports mobility Key: while whole social network is huge, my social network fits in a subnet [Figueiredo et al, COPS 2008]

7 SocialVPN dynamic IP translation Non-conflicting private network Alice x.y Alice: Bob: Ann: Ann x.y Ann: Alice: Src: Dst: VNIC Src: Dst: Src: AliceOverlayID Dst: AnnOverlayID Bill:

8 SocialVPN Connection times 128 nodes on Amazon EC2, 450 nodes on PlanetLab -Majority of links formed in less than a second -DHT lookup, symmetric key exchange -Few additional seconds for NAT traversal

9 Per-node Bandwidth Small cost of maintaining overlay connections - 1KByte/s for 128 peers

10 Trust relationships  I manage who I trust - SocialVPN Alice friend of Bob, Bob friend of Carol Social VPN links: Alice Bob, Bob Carol  No direct connection between Alice and Carol  Self-signed certificates  Small-scale, ad-hoc; social VPN is not all-to-all connected  I delegate trust to a third party - GroupVPN Alice, Bob and Carol trust Trent, a group moderator Social VPN links: A B, B C, A C  Trent acts as CA, signing as a side-effect of approving user  GroupVPN is all-to-all connected

11 GroupVPN security management  IPOP creates VPN links autonomously But who decides on VPN membership? How to multiplex many virtual private IP overlays over the same P2P overlay?  Key approaches: Namespaces: separation of virtual IP address spaces VPN configuration: Web-based group front-end to manage certificates, automatic signing and configuration Centralized user and certificate management, decentralized VPN routing  Users create, configure VPN groups, namespaces Group owner manages joining/leaving of a group  Certificate signing/revocation is automated PKI infrastructure, simple usage model for virtual clusters