How private networking can increase your cloud security | Joviam - Cloud Computing Infrastructure

tech-features-banner

Our Blog

 

 

Our Blog

 

How private networking can increase your cloud security

Posted by Joviam Administrator on 08 08 2016.

Cloud infrastructure is all about networking. While certain workloads can (and are) done offline, client access to those resources still require secure network access through authentication, integrity and availability. Private networking can be used as a valuable tool to assist in achieving these, by simplifying or enabling best practices. This post explores some of the ways in which these can be done to meet real business objectives.

 

  1. Isolation

In a traditional physical cluster, you would be mad to not use air gapped switches for internal networking between servers. The same can be said for cloud instances.

Communications between instances on the same organisation need not transit the internet. Aside from the cost involved in metered bandwidth use that cloud services charge, there’s the additional overhead of running connections over untrustworthy public connections. Private networking keeps traffic between instances local to your organisation’s private VLANs, which are typically enforced with access control lists (as with Joviam). The effect of this is isolated transit between instances you’ve connected to these private networks.

This doesn’t replace due diligence for security, such as the use of VPNs, SSH and firewalls, but is another layer of security for peace of mind.

 

  1. Segmentation

On platforms like Joviam, you’re able to define multiple, custom private networks to be deployed with their own IP ranges, gateway addresses and subnet masks. With these, you don’t just have the ability to privately network instances across an organisation, you’re even able to segment out certain instances with their own private networks.

As an example, you could have one private network configured for communicating with your database server. In this case, instances not attached to this private network aren’t even on the right IP range to access it, let alone having credentials to authenticate.

 

  1. Flexibility and time to deployment

Private networking lets you build out more complex topologies without having to outsource to other services or deal with the complexity of hybrid cloud deployments. Theoretically, you could take a series of physical servers, even the firewalls and dedicated UTMs (unified threat management) boxes and migrate them to the cloud with the same layer 2 network access they had on your previous physical network.

 

  1. Quality of Service (QoS)

Another key and often overlooked aspect to security is availability. With multiple layer 2 private networks available for attaching to instances, everything from frame size to subnet addresses can be implemented depending on workload requirements. The result is the potential for optimised performance and availability of hosted services between instances, such as nodes in a Hadoop cluster.

 

  1. Easier monitoring and rate limiting

Along with optimising for network performance, isolated traffic is simpler to monitor. By using a gateway instance and monitoring traffic to different ports, traffic can be more easily monitored, and risks mitigated with effective rate limiting on each connected private network. By ensuring only trusted connections from a limited set of peers can occur over certain private networks, the origin and patterns of traffic are easier to discern.

This gives more visibility into your cluster at any one time, and can greatly assist in isolating and mitigating potential security issues.

 

  1. Simpler VPN deployment

With a private network or networks between instances, deploying a VPN is a snap. With a network appliance instance acting as a VPN gateway, remote clients can access all the instances on the private network without further configuration. For customers wanting to segment further, different private networks can be deployed and VPN credentials issued to further limit access for certain end users.

Where a fully blown VPN isn’t required, even an sshuttle [sic] or SSH gateway can be used to similar effect.

 

  1. Cost effective

As touched on in several points, layer 2 private networks are free to deploy and use. Whereas other platforms would require you to pay for transit between the internet and your firewall, then again to your Windows Server; Joviam only charges for the initial public transit. This means complete, isolated private networks can be deployed without double dipping, so there’s no cost overhead to secure your infrastructure.

 

Share this post on:Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
Share on LinkedIn
Linkedin
Email this to someone
email

Sign up for a FREE 14-day trial