In private virtualized computing centers, sometimes referred to as on-premise data centers, devices such as network middleboxes have traditionally been managed by an IT administrator through a network operations center (NOC) or network operating secure center (NOSC). As used herein, a network middlebox is a physical or virtual intermediary networking device performing functions other than the normal, standard functions of an IP router on the datagram path between a source device and a destination device. A router is defined as a networking device that forwards data packets between nodes in a computer network and/or between computer networks. A middlebox may transform, inspect, filter, or otherwise manipulate traffic for purposes other than packet forwarding. Examples of middleboxes include firewalls and similar security devices, load balancers, network optimizers (such as wide area network optimizers), protocol accelerators, intrusion detection systems, intrusion prevention systems, and proxy/caches. Such middleboxes may be managed by, e.g., configuring, updating, monitoring, diagnosing, and controlling the middleboxes.
Middleboxes are conventionally connected to an internal management network and to a data network. The management network is for managing components of the computing system, such as the middleboxes, and the data network is for transferring other data not related to management. The data network is typically connected to an external wide area network (WAN), such as the Internet, while the management network is private to the computing system. The management network may further be separated from the data network by a security “layer” or “gap,” which prevents external users from modifying devices in the computing system.
Virtualized computing systems have begun to move from on-premise infrastructures to cloud-based infrastructures. The distinction between “on-premise” and “cloud” is that on-premise infrastructures are typically accessed by users through a local area network (LAN), while cloud-based infrastructures are typically accessed by users through a WAN. Cloud architectures are used in cloud computing and cloud storage systems for offering infrastructure-as-a-service (IaaS) cloud services. Examples of cloud architectures include the VMware vCloud Director® cloud architecture software, Amazon EC2™ web service, and OpenStack™ open source cloud computing service. IaaS cloud service is a type of cloud service that provides access to physical and/or virtual resources in a cloud environment. These services provide a tenant application programming interface (API) that supports operations for manipulating IaaS constructs, such as virtual machines (VMs) and logical networks.
As virtualized computing systems have moved from on-premise infrastructures to cloud infrastructures, IT administrators have had to manage middleboxes through remote NOCs that are connected to a virtualized cloud computing system through an external WAN. However, the external WAN is typically not connected to the management network of the cloud computing system for security reasons, making management and diagnosis of middleboxes, which traditionally relied on such management networks, difficult.
Additionally, middleboxes in computing systems are often provided by third-parties (i.e., parties other than those responsible for managing the virtualized cloud computing system), and each middlebox may have its own protocol and API. An IT administrator who wishes to manage middleboxes may then need to communicate with each middlebox using its own protocol and API. The multitude of protocols and APIs used by third-party middleboxes can make managing the middleboxes difficult.