Towards More Manageable and Secure Enterprise and Data-Center Networks
2018-03
Loading...
View/Download File
Persistent link to this item
Statistics
View StatisticsJournal Title
Journal ISSN
Volume Title
Title
Towards More Manageable and Secure Enterprise and Data-Center Networks
Authors
Published Date
2018-03
Publisher
Type
Thesis or Dissertation
Abstract
Past decades have seen ever more devices connected to the Internet and new networked services created. Demands for networks -- whether campus or enterprise networks that support most of our daily work activities or data center networks that power today's cloud services such as web, email, social media, music or video streaming services -- have seen rapid growth. Managing and securing these networks with growing size and complexity have become a daunting task, as today's networks are primarily "manually" managed by network operators. This task is further compounded by lack of effective tools for network configurations and monitoring systems to provide visibility as to what is going on inside a network. This thesis studies existing network management approaches and identifies their limitations. We develop new network management frameworks -- in particular, leveraging emerging networking technologies -- to assist network operators and users in better managing and securing networks. We specifically focus on three key management tasks: diagnosing security policy misconfigurations, enhancing routing flexibility, and gaining on-demand flow visibility for better network control. First, we study security group (i.e., the primary means for cloud customers to configure security policies to protect their virtual machine instances from attacks) configurations and usage by customers in a public cloud platform based on real-world datasets. Motivated by the results and insights obtained from this measurement study, we develop a cloud security group analysis system which helps cloud customers diagnose potential misconfigurations and provides suggestions to refine security group configurations. Second, we propose a novel framework for incremental and graceful transition from legacy networks to Software-Defined Networking (SDN) networks in stages by gradually replacing legacy devices with SDN-enabled devices as needed and as budgets allow. Hence, network operators can gracefully experiment with SDN networks to gain experience and build confidence while minimizing service disruption. More importantly, operators can enjoy the benefits as fully deployed SDN networks. We design and build a novel unified network management controller that exerts SDN-like, fine-grained routing control over both SDN-enabled and legacy switches in hybrid networks. Third, with the goal of obtaining on-demand visibility as to monitor "who is talking to whom", we propose clairvoyant networks to provide visibility for any network flow at any time with low cost. Clairvoyant networks are partially programmable -- they require as few as one SDN switch -- and rely on a specialized network controller that controls paths through both the SDN and legacy networks. Our proposed clairvoyant controller allows operators to define what to see, where to see, and how to see; then enables/disables the specified flows' visibility in a task scheduler, within milliseconds. In summary, this thesis studies the management of enterprise and data center networks. Our developed systems are capable of: i) helping operators and users understand and diagnose security policy configurations; ii) providing unified routing control to enable incremental and graceful transition from legacy networks to SDN networks; and iii) gaining on-demand flow visibility for better network control.
Description
University of Minnesota Ph.D. dissertation. March 2018. Major: Computer Science. Advisor: Zhi-Li Zhang. 1 computer file (PDF); xii, 102 pages.
Related to
Replaces
License
Collections
Series/Report Number
Funding information
Isbn identifier
Doi identifier
Previously Published Citation
Suggested citation
Jin, Cheng. (2018). Towards More Manageable and Secure Enterprise and Data-Center Networks. Retrieved from the University Digital Conservancy, https://hdl.handle.net/11299/196518.
Content distributed via the University Digital Conservancy may be subject to additional license and use restrictions applied by the depositor. By using these files, users agree to the Terms of Use. Materials in the UDC may contain content that is disturbing and/or harmful. For more information, please see our statement on harmful content in digital repositories.