雲端彈性虛擬資料中心服務平台之安全性提升

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：18

、訪客IP：18.218.61.16

姓名

李忠信(Zhong-Xin Li) 查詢紙本館藏

畢業系所

資訊工程學系在職專班

論文名稱

雲端彈性虛擬資料中心服務平台之安全性提升
(Security Enhancement for Managing and Establishing Virtual Elastic Datacenters)

相關論文

★ 以伸展樹為基礎的Android Binder Driver	★ 應用增量式學習於多種農作物判釋之研究
★ 應用分類重建學習偵測航照圖幅中的新穎坵塊	★ 一個建立在平行工作系統上的動態全球計算平台
★ 用權重參照計數演算法執行主動物件垃圾收集	★ 一個動態負載平衡之最大可能性估算計算架構
★ 利用多項系統負載資訊進行動態P2P系統重組的策略研究	★ 基於Hadoop系統的雲端應用程式特徵擷取與計算監測架構
★ 適用於大型動態分散式系統的調適性計算模型	★ 一個提供彈性虛擬資料中心的雲端服務平台
★ 雲端彈性虛擬機房服務平台之資源控管中心	★ 一個適用於自動供應雲端系統的動態調適計算架構
★ 線性相關工作與非相關工作的探索式排程策略	★ 適用於大資料集高效率的分散式階層分群演算法
★ 混合雲端環境上的多重代理人動態調適計算管理架構	★ 基於圖形的平行化最小生成樹分群演算法

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

SAMEVED (System Architecture for Managing and Establishing Virtual Elastic Datacenters)是一個提供使用者建立、管理虛擬資料中心的雲端服務平台。SAMEVED利用虛擬化技術並且整合了VPN（Virtual Private Network）和虛擬路由器的功能，可以讓使用者自行定義虛擬資料中心的網路拓樸與運算環境。本篇論文針對SAMEVED的安全性進行研究，提出一些安全上的改良。SAMEVED的 VPN連線讓使用者可以把本地網路延伸到虛擬資料中心，但是這段連線卻缺乏加密保護，封包可能會遭到讀取，所以我們改採用L2TP/IPsec VPN，以確保VPN連線的加密性和認證性。另外，我們設計了私有雲繞送（Routing），形成與Internet隔離的子網路（subnet），可以存放私密資料於此。最後我們在SAMEVED系統開發安全群組功能。安全群組就像防火牆一般，可以控制虛擬機器群組允許哪些訊務（traffic）進出，可以更加提升虛擬資料中心的安全性。

摘要(英)

SAMEVED (System Architecture for Managing and Establishing Virtual Elastic Datacenters) is a system architecture which provides a cloud service that can allocate and manage a private, virtual elastic datacenter. The SAMEVED provides users the ability to define the network topology and the computing environment of virtual datacenter by virtualization technologies. This paper makes some security enhancement in SAMEVED. We implement L2TP/IPsec VPN which provides encryption and authentication. Also we design the routing mechanism in VPC to create a private subnet in which we can place protected server here. At last, we develop the Security Group function for SAMEVED. The Security Group acts as a firewall that controls the in-coming and out-going traffic of a group of VM instances.

關鍵字(中)

★ 虛擬資料中心
★ 虛擬化技術
★ 雲端計算
★ 安全群組

關鍵字(英)

★ virtual datacenter
★ virtualization
★ cloud computing
★ security group

論文目次

目錄
摘要 i
Abstract ii
目錄 iii
圖目錄 iv
表目錄 v
第一章緒論 1
1-1問題定義與實作目標 2
1-2研究的主要貢獻 3
1-3 文章架構 5
第二章相關研究 6
2-1 Citrix XenServer 6
2-2 Eucalyptus 8
2-3 OpenStack 9
2-4 Amazon VPC 10
2-5 SAMEVED 11
第三章私有雲實作 12
3-1 L2TP/IPsec VPN 14
3-1-1 L2TP/IPsec VPN實作 15
3-2 私有雲Routing 18
3-2-1 私有雲Routing實作 19
3-2-2 私有雲Routing驗證 20
第四章安全群組 22
4-1 SAMEVED安全群組使用權限 24
4-2 SAMEVED角色伺服器架構 25
4-2-1新增安全群組成員的伺服器互動流程 27
4-3 SAMEVED Prototyping 28
4-4 SAMEVED安全群組功能詳述 29
4-4-1 新增安全群組 29
4-4-2 新增安全群組成員 30
4-4-3 管理安全群組成員 31
第五章結論 32
第六章未來研究方向 33
6-1 VM VIF Isolation Rule 33
參考文獻 34

參考文獻

[1] M. Armbrust et al., “Above the clouds: A berkeley view of cloud computing,” EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-28, 2009.
[2] M. Armbrust et al., “A view of cloud computing,” Communications of the ACM, vol. 53, pp. 50–58, Apr. 2010.
[3] I. Foster, Yong Zhao, I. Raicu, and S. Lu, “Cloud Computing and Grid Computing 360-Degree Compared,” pp. 1-10, Nov. 2008.
[4] B. Furht and A. Escalante, Handbook of Cloud Computing. Springer, 2010.
[5] I. Foster, "What is the Grid? A Three Point Checklist," GRIDtoday, vol. 6, no. 1, 22 Jul 2002.
[6] A. M. Braverman, "Father of the Grid," The University of Chicago Magazine, vol. 4, no. 96, Apr 2004.
[7] Klaus Krauter, Rajkumar Buyya, Muthucumaru Maheswaran, "A taxonomy and survey of grid resource management systems for distributed computing," Software: Practice and Experience, vol. 2, no. 32, pp. 135-164, Feb 2002.
[8] A. Guirao Villalonga, “Infrastructure as a Service (IaaS): application case for TrustedX.”
[9] J. E. Smith and R. Nair, “The architecture of virtual machines,” Computer, vol. 38, no. 5, pp. 32–38, 2005.
[10] R. J. Figueiredo, P. A. Dinda, and others, “A case for grid computing on virtual machines,” 2003.
[11] S. N. T. Chiueh, “A Survey on Virtualization Technologies,” RPE Report, pp. 1–42, 2005.
[12] “Amazon Elastic Compute Cloud (Amazon EC2).” [Online]. Available: http://aws.amazon.com/ec2/.
[13] H. Jing-Ying, "SAMEVED : System Architecture for Managing and Establishing Virtual Elastic Datacenters," 2011.
[14] Jing-Ying Huang, Cheng-Ta Huang and Wei-Jen Wang, "Providing Virtual Elastic Datacenters as a Service," in Symposium on Cloud and Services Computing, National Taiwan University, Taipei, 2011.
[15] E. Walker, W. Brisken, and J. Romney, “To Lease or Not to Lease from Storage Clouds,” Computer, vol. 43, no. 4, pp. 44-50, Apr. 2010.
[16] M. Schumann, An economic decision model for business software application deployment on hybrid Cloud environments. Universitätsverlag Göttingen, 2010.
[17] U. Ermler, G. Fritzsch, S. K. Buchanan, and H. Michel, “Hybrid Clouds : Comparing Cloud Toolkits,” Structure, vol. 2, no. 10, pp. 925–936, 1994.
[18] N. M. M. K. Chowdhury and R. Boutaba, “A survey of network virtualization,” Computer Networks, vol. 54, no. 5, pp. 862-876, Apr. 2010.
[19] Yogesh Mundada, Anirudh Ramachandran, Nick Feamster, "SilverLine: Data and Network Isolation for Cloud Services," in HotCloud ’11, Portland, OR, 2011.
[20] D. E. Williams, Virtualization with Xen: including XenEnterprise, XenServer, and XenExpress. Syngress, 2007.
[21] “Citrix Systems» Citrix XenServer: Efficient Server Virtualization Software.” [Online]. Available: http://www.citrix.com/xenserver/.
[22] P. Barham et al., “Xen and the art of virtualization,” in ACM SIGOPS Operating Systems Review, New York, NY, USA, 2003, pp. 164–177.
[23] “Xen® hypervisor.” [Online]. Available: http://www.xen.org/.
[24] D. Nurmi et al., “The Eucalyptus Open-Source Cloud-Computing System,” in Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, Washington, DC, USA, 2009, pp. 124–131.
[25] D. Nurmi et al., “Eucalyptus: A technical report on an elastic utility computing architecture linking your programs to useful systems,” UCSB TECHNICAL REPORT, no. 10, 2008.
[26] “Eucalyptus | Leader in Enterprise Cloud Computing and Private Cloud Open Source Software.” [Online]. Available: http://www.eucalyptus.com/.
[27] A. Kivity, Y. Kamay, D. Laor, U. Lublin, and A. Liguori, “kvm: the Linux virtual machine monitor,” in Proceedings of the Linux Symposium, 2007, vol. 1, pp. 225–230.
[28] “KVM.” http://www.linux-kvm.org/page/Main_Page
[29] A. Natsev, Rajeev Rastogi, and K. Shim, “WALRUS: a similarity retrieval algorithm for image databases,” Knowledge and Data Engineering, IEEE Transactions on, vol. 16, no. 3, pp. 301- 316, Mar. 2004.
[30] “OpenStack：Open source software for building private and public clouds.” http://www.openstack.org/
[31] J. Watson, “VirtualBox: bits and bytes masquerading as machines,” Linux Journal, vol. 2008, Feb. 2008.
[32] “VirtualBox.” [Online]. Available: http://www.virtualbox.org/.
[33] “VMware Virtualization Software for Desktops, Servers & Virtual Machines for Public and Private Cloud Solutions.” [Online]. Available: http://www.vmware.com/.
[34] “Amazon Virtual Private Cloud.” http://aws.amazon.com/vpc/
[35] "Extend Your IT Infrastructure with Amazon Virtual Private Cloud," [Online]. http://d36cz9buwru1tt.cloudfront.net/Extend_your_IT_infrastructure_with_Amazon_VPC.pdf
[36] “xl2tpd” [Online]. Available: http://www.xelerance.com/services/software/xl2tpd/
[37] “Openswan” [Online]. Available: https://www.openswan.org/projects/openswan/
[38] “Quagga” [Online]. Available: http://www.nongnu.org/quagga/

指導教授

王尉任

審核日期

2013-1-31

推文