In recent years, the need for performing large data transfers between sites in corporate cloud environments such as remote office/branch office (ROBO) environments has grown significantly due to various emerging technologies and business requirements. Examples of these technologies/business requirements include cross-site disaster recovery via virtual machine (VM) replication, cross-site VM migration, unified data management, and others.
One method for securely supporting large data transfers in a cloud environment is to establish a private line (i.e., a dedicated, point-to-point network connection) between the sender and receiver sites. Unfortunately, private lines can be extremely costly to lease or install and may not be available in all geographic locations.
The preferable option from a cost standpoint is to utilize the public network(s) interconnecting the sender and receiver sites for such transfers. The challenges with this option are (1) ensuring the security of the data being transmitted, and (2) maintaining high data throughput and scalability to support very large transfer volumes. There are a number of existing network security mechanisms, like Public Key Infrastructure (PKI)-based authentication and the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols, which can be used to increase the security of data transfers over public networks. But, while these mechanisms are continually being hardened and improved, the use of a public network as the underlying data transport means that the sender and receiver entities cannot control all of the nodes in the data transmission path by design. As a result, these mechanisms may be still be vulnerable to eavesdropping, masquerade, and other types of network attacks.
It is also possible to implement newer homomorphic end-to-end encryption schemes that ostensibly provide greater security guarantees. However, these schemes generally cannot scale to support the large data transfers needed in corporate clouds due to relatively poor throughput performance and high computational cost.