SAMEVED (System Architecture for Managing and Establishing Virtual Elastic Datacenters)是一個提供使用者建立、管理虛擬資料中心的雲端服務平台。SAMEVED利用虛擬化技術並且整合了VPN(Virtual Private Network)和虛擬路由器的功能,可以讓使用者自行定義虛擬資料中心的網路拓樸與運算環境。本篇論文針對SAMEVED的安全性進行研究,提出一些安全上的改良。SAMEVED的 VPN連線讓使用者可以把本地網路延伸到虛擬資料中心,但是這段連線卻缺乏加密保護,封包可能會遭到讀取,所以我們改採用L2TP/IPsec VPN,以確保VPN連線的加密性和認證性。另外,我們設計了私有雲繞送(Routing),形成與Internet隔離的子網路(subnet),可以存放私密資料於此。最後我們在SAMEVED系統開發安全群組功能。安全群組就像防火牆一般,可以控制虛擬機器群組允許哪些訊務(traffic)進出,可以更加提升虛擬資料中心的安全性。SAMEVED (System Architecture for Managing and Establishing Virtual Elastic Datacenters) is a system architecture which provides a cloud service that can allocate and manage a private, virtual elastic datacenter. The SAMEVED provides users the ability to define the network topology and the computing environment of virtual datacenter by virtualization technologies. This paper makes some security enhancement in SAMEVED. We implement L2TP/IPsec VPN which provides encryption and authentication. Also we design the routing mechanism in VPC to create a private subnet in which we can place protected server here. At last, we develop the Security Group function for SAMEVED. The Security Group acts as a firewall that controls the in-coming and out-going traffic of a group of VM instances.
