Nubes: Towards building a Secure and Scalable Hybrid Cloud Infrastructure

Abstract

Industry accepted definition of Hybrid Cloud is an infrastructure which spans Public Cloud, off premise from customer’s data center and Private Cloud, on premise to the customer’s data center. Public Cloud has sustainable economics of scale (cost) and ubiquitous easy access advantage over Private Cloud whereas, Private Cloud has secu- rity, privacy and predictable performance and availability advantage over Public Cloud. A Hybrid Cloud conceptually can combine the advantages of both Private and Public Cloud however, there are number of challenges especially with the Storage technologies to provide secure and scalable Hybrid Cloud infrastructure. In this thesis, we propose a framework to build secure and scalable hybrid cloud infrastructure.With the advent of Server Virtualization, it is possible to move applications between the Private and Public Cloud. With the advent of Container technologies and Micro- Services based paradigm for application development it is possible to burst compute needs from private cloud to public on an on-demand basis. However, Storage infras- tructure pose considerable technical challenges to realize the Hybrid Cloud vision in practice. There are two major issues with Storage in Hybrid Cloud: (1) Storage has Gravity and (2) Storage Protocols are inherently insecure. In the first part of the thesis, we will first examine the issues with workload mo- bility. Application migrations or bursting within Hybrid Cloud is bottlenecked by the Storage infrastructure. It is not commercially viable to keep a mirrored copy of all data between the Private and Public clouds simultaneously to enable workload migration through Virtual Machine Migration or Containers Micro-Services. The amount of data which needs to be transferred between Private and Public cloud is too large. The simple access pattern based heuristic based model to determine the data to move between ele- ments of Hybrid Cloud is computationally prohibitive. In order to address these storage migration challenges, we will propose machine learning (Support Vector Machine) based solution. In the second part of the thesis, we will examine the known security vulnerabilities of each Storage protocols used in Hybrid Cloud, namely: a) Block Storage (iSCSI), b) File Protocol (NFS) and c) Object Protocol (S3). These storage protocols were designed assimple point to point inter-connect technologies and in time haven’t evolved beyond just the performance optimization. The protocols are susceptible to simple vulnerabilities such as man in the middle attacks and more. And in this part of the thesis, we will provide a new Storage Protocols paradigm using Location Based Services to enhance the security model for data access. And finally, in the third part of the thesis, we propose a Secure and Scalable Hybrid Storage (SSHS) framework by combining the Machine Learning techniques for Storage Mobility and Location Based Services to enhance Security overcomes the major barriers in adoption and deployment of the Hybrid Cloud Infrastructure. The experimental results demonstrate the framework to self-learn and self-manage data mobility based on the workload in Hybrid Cloud and also demonstrates the power of integration of location-based services with the Storage protocol to secure chain of trust data access from Application to Storage.