With the advent of remote data center applications such as cloud computing, extension of existing networks to utilize such remote resources is quickly becoming one of the major issues surrounding this new technology. Various enterprise networks tap these resources during periods of high load on local devices. In some situations, a network may “scale out” to the remote data center and designate remote nodes to offload some of the processing performed by the local devices. In other situations, a network may “relocate” a device or process to the remote data center entirely. Regardless of the methods used, many systems will utilize remote devices to perform functions as if they were part of the local network.
While simple and unsophisticated networks may easily make use of remote resources through via basic delegation algorithms and communication channels, more complex networks present additional considerations for such extension. For example, many enterprise networks may specify various security policies for application to traffic within the network. According to such policies, traffic associated with a particular device or group of devices may be required to pass through a firewall, be encrypted, or comply with various other policies. When adding devices from a remote data center, it becomes difficult to ensure that such policies will be enforced as intended.
A network administrator may attempt to ensure policy enforcement through various means. For example, an administrator may use additional policy enforcement nodes to ensure that traffic being routed through the remote data center passes through at least one such node. This approach, however, may require considerable manual configuration, which may be undesirable in a system that dynamically makes use of remote resources. Further, it may be difficult and/or resource-intensive to ensure that the proper policies are being enforced on each type of traffic passing through the additional policy devices.