The present invention relates to cloud-based computing in which computer resources are provided in a scalable fashion as virtual machines and in particular to a method of implementing “middlebox” functionality in such cloud-based systems in a manner consistent with cloud-based computing.
“Middleboxes” are important components of large computer installations (e.g. data centers) having multiple computers executing applications such as Web servers, application servers, file servers or databases or the like (application computers). In this environment, middleboxes provide for network related functions such as the management of security (e.g., intrusion detection systems (IDS) and firewalls) and the enhancement of network efficiency (e.g., load balancers, WAN optimizers, and the like). Most simply, middleboxes may be directly wired in the path of data to the application computers with which they are associated. Middleboxes may be similarly installed by programming network switches used to control interconnections on the network joining the middleboxes and application computers.
Cloud computing presents an alternative to a private data center in which computing resources are flexibly provided on demand in the form of virtual machines that may, for example, implement the application computers of conventional computer installations. A cloud application manages the virtual machines so that users of the cloud can buy additional virtual machines at periods of high demand and return those virtual machines when the demand drops. By aggregating many users, significant economy of scale may be realized in terms of maintenance of the hardware, provision of physical resources such as power and cooling, and smoothing of peak demands.
It is known how to implement middlebox functions on virtual machines implemented in a cloud computing system. Installing such middlebox functions in the cloud, however, can be difficult because of the fluidity in the relationship between physical hardware and virtual machines, which may not be revealed or easily modified by the user. When additional virtual machines are purchased from the cloud application to meet peak demands, there is no simple mechanism for scaling middlebox virtual machines appropriately.