The present invention relates to network implementation, and more specifically, to a secure cloud implementation.
In a cloud-server network environment there can be different kinds of servers, for example web servers at the front-end, compute servers, database servers, and storage servers. Some of the servers handle confidential and sensitive data, for example credit card information, social security records, health care information, etc. Other servers within data center may handle other non-sensitive information. Networks may be set up with the aim to ensure that sensitive and confidential data are secure and will not be exposed to breaches. In a dynamic virtualized data center, it may be difficult to group all the servers handling confidential data together and dynamically secure them. Sometimes the sensitive data is known to some of the servers while not known to other servers in the network. The sensitive data might be stored on the compute servers but might not be on the storage or database servers. Sometimes data needs to be shared with some servers but not with the other servers.