Deployment-driven Security Configuration for Virtual Networks

Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network - a software-defined communication fabric that links together the various Virtual Machines (VMs) to each other and to the physical host on which the VMs reside. Because of its key role in providing connectivity among VMs and the applications hosted on them, Virtual Networks have to be securely configured to provide the foundation for the overall security of the virtualized infrastructure in any deployment scenario. The objective of this paper is to illustrate a deployment-driven methodology for deriving a security configuration for Virtual Networks. The methodology outlines two typical deployment scenarios, identifies use cases and their associated security requirements, the security solutions to meet those requirements, the virtual network security configuration to implement each security solution and then analyzes the pros and cons of each security solution.