Content uploaded by K C Gouda
Author content
All content in this area was uploaded by K C Gouda on Jan 22, 2016
Content may be subject to copyright.
A STUDY ON THE DIFFERENT ASPECTS OF THE
VIRTUAL PRIVATE CLOUD
Abstract – The concept of cloud computing is now
well known, but the measures taken to provide
security within the cloud environment is more
important. Today many technologies have been
developed to provide security in the cloud network.
Introducing the concept of virtual private network
(VPN) in the cloud provides secure way of
transmitting information over public cloud
environment. Virtual Private Cloud provides logical
separation between public and private cloud. Since
anyone can access resources available in the public
cloud, obviously there is multiple numbers of threats
to it. The effective measures taken to avoid these
threats are done with the help of VPC. In this paper,
we have discussed different concepts of VPC with
scenarios along with the need of VPC and its
advantages. Also how effectively we can use VPC is
also been discussed.
Key terms: VPN, VPC.
I. INTRODUCTION TO VIRTUAL
CLOUD
Virtual private cloud (VPC) is a private network
within public cloud infrastructure [6]. It offers
multiple users with the provision of private, isolated
section of cloud infrastructure where the user can
launch resources on-demand in a virtual network that
they define. Using a public cloud environment gives
businesses the flexibility and benefits of a cloud, such
as scalability and reduced IT costs. Adding a private
network within the public cloud
Environment adds enhanced security features to the
public cloud for sensitive corporate data. The
scenario of VPC is schematically shown in fig. 1.
Fig.1 VPC Environment
In the above fig.1, multiple users are accessing
information from public cloud through internet.
Cloud service provider (CSP) has to maintain jobs
running in the servers, network of computers and
information stored in the database or any other
storage medium such as disk. VPC describes a
situation whereby cloud service provider virtually
partitions a portion of public cloud environment into
an isolated environment for exclusive use by single
customer [6]. This service is accessible via private
network connection and not through the public
internet. This is achieved by establishing secure
virtual network over the public cloud. This is an area
which could grow alongside the wider growth in
cloud computing. The fig.2 conveys that the users
with the help of internet, approach public cloud to
access services. Where in for the purpose of security,
CSP can logically partition the portion of public
cloud into Virtual Private cloud and the users can
access resources through a separate Virtual Private
Network (VPN).
The cloud infrastructure services market, and in
particular the VPC market, is a compelling
Mrs.Radhika T V,
Assistant Professor,
Department of Information
Science
& Engineering,
Dayananda Sagar College of
Engineering,
Bangalore, India
Dr. S.Sathish Kumar,
Associate Professor,
Department of Computer
Science & Engineering,
RNS Institute of
Technology,
Bangalore, India
Krushna Chandra Gouda,
Scientist
CSIR Centre for Mathematical
Modeling and Computer
Simulation.(C-MMACS)
Wind Tunnel Road
Bangalore, India
International Journal of Applied Engineering Research, ISSN 0973-4562 Vol. 10 No.86 (2015)
© Research India Publications; http/www.ripublication.com/ijaer.htm
343
opportunity for network and infrastructure service
providers [4]. Cloud infrastructure services - also
known as Infrastructure as a Service (IaaS) - involve
the provisioning of prepackaged managed
infrastructure in the form of virtual server instances.
These virtual instances include components of
varying size or capacity such as storage, RAM, and
CPU processing power, as well as a preferred server
operating system (for example, Windows or Linux).
These services allow customer organizations to
deploy and manage their own applications on
virtualized servers that are hosted offsite at a service
provider data center, thus enabling customers to
focus on managing their application workloads
without needing to maintain the underlying server
infrastructure.
Since VPC is considered as an IaaS computing,
networking, and storage environment operated by a
service provider for a single organization that is a
subset of a larger cloud infrastructure (for example, a
public cloud) and it is an on-demand configurable
pool of shared computing resources allocated
within public cloud environment, providing certain
level of isolation between the different organizations
(denoted as users hereafter) using the resources. The
isolation between one VPC user and all other users of
the same cloud (other VPC users as well as other
public cloud users) is achieved normally through
allocation of a Private IP Subnet and a virtual
communication construct (such as a Virtual Local
Area Network, VLAN or a set of encrypted
communication channels) per user [7].
In a VPC solution, the previously described
mechanism, providing isolation within the cloud, is
accompanied with a VPN function (again, allocated
per VPC user) that secures, by means of
authentication and encryption, the remote access of
the organization to its VPC cloud resources. With the
introduction of the described isolation levels, an
organization using this service is in effect working on
a 'virtually private' cloud (i.e. as if the cloud
infrastructure is not shared with other organizations),
and hence the name VPC [7].
A VPC (also known as a virtual private data center)
is virtually partitioned from the larger cloud,
typically through a firewall and VLAN, rather than
completely physically separated. VPCs are operated
by service providers, and typically come packaged
with a set of enterprise data center services. A VPC
is also considered as the logical division of a service
provider's public cloud multi-tenant architecture to
support private cloud computing in a public cloud
environment. Just as a virtual private network (VPN)
provides secure data transfer over the public Internet,
a VPC provides secure data transfer between a
private enterprise and a public cloud provider,
ensuring that each customer's data remains isolated
from every other customer's data both in transit and
inside the cloud provider's network. This can be
accomplished through the use of security policies
requiring some or all of the following elements:
encryption, tunneling, private IP addressing or
allocating a unique VLAN to each customer.
VPC is also considered to provide on-demand
Infrastructure as a Service (IaaS) external to a
customer's data center, but it runs on a dedicated
infrastructure, rather than a multi-tenant
infrastructure. It is usually connected to each
customer using a virtual private network (VPN) or
another direct network connection, rather than the
public Internet. As such, a virtual private cloud can
offer higher service-level agreements (SLAs) than
public clouds, contracting for up to 100% uptime in
some case. A virtual private cloud provides with
logically isolated infrastructure, with fully private
networking and resource pools. The Fig. 2 illustrates
the representation of VPC.
Fig.2. Schematics of VPC
Amazon Web Services (AWS) launched Amazon
Virtual Private Cloud on 26 August 2009, which
allows the Amazon Elastic Compute Cloud service to
be connected to legacy infrastructure over an IPSec
virtual private network connection. In AWS, VPC is
free to use, however users will be charged for any
Virtual Private Networks (VPN) they use. EC2
(Elastic Compute Cloud) and Relational Database
Service (RDS) instances running in a VPC can also
be purchased using Reserved Instances; however will
have a limitation on resources being guaranteed.
Google App Engine supported similar functionality
via their Secure Data Connector product which was
launched on 7 April 2009 [7].
FortyCloud is an example for a VPC solution that
can be provided over 3rd parties' public cloud
infrastructures, such as AWS EC2. Host Virtual is an
infrastructure as a service (or IaaS) cloud hosting
International Journal of Applied Engineering Research, ISSN 0973-4562 Vol. 10 No.86 (2015)
© Research India Publications; http/www.ripublication.com/ijaer.htm
344
service that incorporates VPC as a feature. HP offers
an Enterprise Cloud Services-Virtual Private Cloud.
Offering as part of their Converged Cloud Solutions
Platform that integrates Private Cloud, Managed
Cloud, and Public Cloud Services based on
OpenStack [7].
II. NEED OF VPC
Security in the Cloud is a very popular topic among
cloud analysts and bloggers. Many leading analysts
point out that security is the main concern for
Enterprises considering a Public Cloud strategy,
while others suggest that migration to the cloud
actually improves IT security for many Small and
Medium Enterprise (SMEs), or at least that security
threats in the cloud are not as severe as first
anticipated [3].
The first step before making a prediction or drawing
a conclusion on the state of cloud security is to
determine what „cloud‟ are we talking about. Cloud
services are usually divided into three „as-a-service‟
paradigms: SaaS (Software as Service), PaaS
(Platform as Service) and IaaS (Infrastructure as
Service). Each paradigm has different security
aspects and therefore any discussion must clearly
distinguish between the three.
The following discusses IT security in Public Cloud
IaaS (Public Cloud for short). Public Cloud data
centers are multi-tenant (virtualized), multi-user
environments (unlike Private Clouds that may be
multi-tenant but are „hosting‟ single
user/organization) [3]. What is unique in the Public
Cloud environment is that the responsibility on IT
security is shared between the Cloud User (the
organization consuming IaaS services) and the Cloud
service provider (CSP), with a clearly defined limits
or boundaries.
The CSP is responsible for securing the access to the
physical servers and the virtualization layer (enabling
and serving the multiple tenants), while the Cloud
User is charged with securing the hosted Operating
System and the applications installed over it. The
latter encompasses all IP communication Protocols
and application security aspects. Some CSPs provide
basic security tools (such as basic hypervisor layer
firewalls), which the Cloud consumers can utilize to
enhance IT security in their domain of responsibility.
Other CSPs leave everything to the consumer own
discretion/capabilities. The shared responsibility
scenario is showed in the fig. 3.
Fig. 3. Shared Responsibility Model
Every Public Cloud virtual server is associated with a
public IP address in order to allow remote access.
The IP subnets of the public data centers are well
known and hence are an easy target for automated
„scanning‟ activities from hackers. In addition, every
virtual cloud server has a data-center internal
(private) IP address. On this address the server is
reachable from all other virtual servers sharing the
same IP subnet in the data-center. Those
„neighboring‟ servers might host a threat as well.
Should we stay away from Public Clouds then?
Definitely not! The Public Cloud economic model
(pay-per use model, granular billing, agile resource
allocation, etc.) is too attractive to abandon.
Following are three relatively simple principles or
instructions that can be utilized to provide IT security
in Public Cloud environments [3].
1. Isolate the virtual servers from the rest of the
data center making them unreachable from „foreign‟
servers which are placed in particular order. This can
be achieved by allocating a dedicated VLAN (virtual
LAN) for the servers (several CSPs support such a
service) or by encrypting all data-center incoming
traffic.
2. Access the Cloud servers using remote VPN
facility. Using VPN technology in this context has
many benefits. The first is that all the Enterprise
information traversing the public Internet on the way
to/from the cloud data center is encrypted, and the
second is that one can control exactly who can
communicate with cloud servers. This requires that
the service Provider has to install at least one VPN
gateway in the Cloud data-center.
International Journal of Applied Engineering Research, ISSN 0973-4562 Vol. 10 No.86 (2015)
© Research India Publications; http/www.ripublication.com/ijaer.htm
345
3. On the cloud servers, disable all communication
over public IP addresses. This ensures that the cloud
servers are reachable from the „outside world‟ only
through VPN gateway.
Implementation of the above instructions over Public
Cloud infrastructure is the basis for a Virtual Private
Cloud (VPC) solution. FortyCloud provides a VPC
solution that is cloud-provider independent and can
be deployed over any Public Cloud infrastructure
(such as AWS, Rackspace, Google etc.) and over
several clouds simultaneously.
Also Elasticity is one of the important features of
cloud computing which is implemented through the
mechanisms such as auto scaling and load balancing.
Because of these mechanisms, cloud based
applications are able to adapt dynamically to any
kind of workloads. In order to achieve this, there is a
requirement to analyze the performance of Virtual
Machine (VM) instantiation in a private cloud
platform, considering different components such as
VM type, VM image size, and VM caching [8].
Even though VPC achieves secure isolation from the
public cloud, but it cannot avoid the impact of
performance deterioration such as traffic congestion.
So there is a need of bandwidth guaranteed VPC for
avoiding accidental and unwanted influence among
the multiple customers [9].
III. BENEFITS OF VIRTUAL PRIVATE
CLOUD
There are many benefits to using virtual private cloud
as your IT solution [6]. It is a cost-effective solution
that allows businesses the security they need without
the expensive infrastructure. Key advantages or
benefits virtual private cloud gives users:
A. Scalability: Allows cloud administrator to add
resources on-demand to accommodate additional
users and allows you to scale up and down as
workloads change and develop.
B. Automation: Removal of manual processes to
dynamically provision virtual machines.
C. Security: Traffic to and from the cloud
infrastructure stays within the corporate firewall
without crossing the Internet. Cloud administrators
are able to set policies to specify which users are
allowed to access cloud resources.
D. Performance: Enhanced performance is a direct
result of the scalability and automation components
because resources are available on-demand and the
infrastructure necessary to support these resources is
always available.
E. Control: Virtual Private Cloud allows the service
provider to have complete control over the data
stored in a public cloud as well as incoming and
outgoing traffic.
F. Service-Level Agreements (SLA): A VPC can
offer higher SLAs than public clouds, contracting for
up to 100% uptime in some cases.
IV. HOW TO USE VIRTUAL PRIVATE CLOUD
After utilizing the benefits from virtual private cloud
internally, it is possible to offer this to customers as
another source of revenue [6]. Providing virtual
private cloud services to existing users is an easy way
to give your users accessibility to a cloud
environment while using resources already at your
disposal. Virtual private cloud also gives your
customers increased levels of scalability and the
ability to customize their solution.
There are three ways to provide virtual private cloud
to customers: white label cloud, using virtual private
cloud for internal business purposes or purchasing
cloud infrastructure.
1. White label cloud (also called as white labeling)
provides a branded public cloud solution through a
wholesale model that you can offer to your customers
without purchasing infrastructure.
2. Using virtual private cloud for internal business
purposes allows customers to purchase a cloud
environment from a provider and reduces cost by
helping to consolidate infrastructure. Further, it
increases security in the cloud and provides
scalability for the business.
3. Purchase cloud infrastructure, from which
customers can directly purchase virtual private cloud
environments. This option also gives the flexibility to
run the internal cloud applications and servers on the
same infrastructure [6].
Only particular users are able to access the cloud
environment, giving peace of mind that has control
over the traffic moving within their cloud. Further,
the clouds performance increases because of the
decreased number of users. In-bound and out-bound
traffic in the cloud is reduced, which stabilizes the
predictability of bandwidth and provides a better
performing cloud environment.
International Journal of Applied Engineering Research, ISSN 0973-4562 Vol. 10 No.86 (2015)
© Research India Publications; http/www.ripublication.com/ijaer.htm
346
Also a new method can be provided for securing
users on the VPC which is achieved with the help of
Internet Protocol-Virtual Private Network (IP-VPN).
But there is a need to analyze effective ways of
connecting cloud to IP-VPN [10].
CONCLUSION
VPC provides potential for companies as a viable IT
solution. For companies looking to migrate toward
the cloud in a safe and secure way, this is a flexible
offering that can be used in any workplace. Since
VPC provides higher level of SLA, cloud services
from VPC are always available to the users. So it is
also considered as best solution to move towards
VPC rather than public cloud. Using virtual private
cloud helps to achieve efficient business processes in
a secure environment. Additionally presenting it to
the customers creates a new revenue stream for
business and offers another, more secure solution.
Since it provides a separate dedicated virtual network
for transmission across public cloud, VPC can be
considered as secure. As we continue moving
forward with adopting cloud services, the increased
number of virtual private cloud adopters will
continue to grow.
REFERENCES
[1] Carbon Disclosure Project Study
2011,Cloud Computing –The IT Solution for
the 21st Century.
[2] Virtual private cloud-as-a service: Extend
Enterprise Security policies to public cloud,
CISCO white paper.
[3] http://fortycloud.com/public-cloud-security-
revisited-the-need-for-vpc
[4] Virtual Private Cloud: Service Provider
Opportunities, 2012 Schireson
Associates,CISCO white paper.
[5] http://searchcloudcomputing.techtarget.com
[6] http://blog.appcore.com/blog/bid/174815/Vi
rtual-Private-Cloud-The-Benefits-it-Holds-
for-Your-Business.
[7] http://en.wikipedia.org/wiki/Virtual_private
_cloud.
[8] Eliomar Campos, Rubens Matos, Paulo
Maciel, Igor Costa, “Performance
Evaluation of Virtual Machines Instantiation
in a Private Cloud”, IEEE World Congress
on Services, pp:319 – 326, 2015.
[9] Takahiro Miyamoto, Michiaki Hayashi,
Kosuke Nishimura, “Sustainable Network
Resource Management System for Virtual
Private Clouds”, 2nd IEEE International
Conference on Cloud Computing
Technology and Science, pp: 512-520, 2010.
[10] Hiroaki Hata, Yuka Kamizuru, Akira
Honda, “Dynamic IP-VPN architecture for
Cloud Computing”, IEEE Information and
Telecommunication Technologies
(APSITT), 8th Asia-Pacific Symposium on,
pp:1-5, 2010.
International Journal of Applied Engineering Research, ISSN 0973-4562 Vol. 10 No.86 (2015)
© Research India Publications; http/www.ripublication.com/ijaer.htm
347
