The present invention relates generally to networking, and more particularly, to a method for policy aware deployment of enterprise virtual tenant networks.
Recent years have witnessed an increased interest from enterprises in outsourcing their functionality to the (internal, external, or hybrid) Cloud. Current migration solutions offered by most Cloud providers are well suited for simple Web or data manipulation applications whose bottleneck affect computing resources. However, a key challenge for migrating these enterprise applications is the preservation of management policies, such as bandwidth guarantees between machines, firewall rules, load balancing schemes, and administrative requirements.
Current Cloud providers generally employ two approaches to implement these policies, i.e., hardware and software-based. Specifically, the hardware-based schemes (e.g., virtual private cloud) essentially allocate an isolated network environment for each tenant and export tenant policies to actual physical appliances. These approaches deliver high performance and excellent reliability, but are weak in flexibility and scalability and cannot support multi-tenancy. In contrast, the software based schemes are designed for shared multi-tenant environments and realize tenant appliances using virtual machine based implementations. These schemes offer excellent flexibility, but are challenged by significant performance degradation and management complexities.
Recent research efforts have recognized the need to export enterprise policies together with virtual machines. In particular, existing methods allow Cloud customers to specify bandwidth requirements between all pairs of virtual machines they request. One prior technique proposes additional policies that increase the path diversity or traffic isolation. However, all of existing approaches are tailored for the specific policies of interests and cannot be extended to more general middlebox policies, such as firewall rules that drop traffic or direct it through an IDS, and load balancer rules that distribute traffic to certain destinations.
Accordingly, there is a need for a method for policy aware deployment of enterprise virtual tenant networks that overcomes the limitations of prior efforts.