Professional Documents
Culture Documents
Abstract: Cloud Computing in recent years has become a buzz tenants are required that enhances the agility of business
word in the world of information technology. Cloud computing process.
also referred as on demand computing has been extensively
adapted by various organization irrespective of their scale and The delivery of services can be simplified in cloud computing
nature of work, essentially because of kind of flexibility, ease, by using “Virtualization Technology” [2]. This technology
scalability, less overhead and cost benefits that cloud computing
contributes in making the cloud cost effective by supporting
provides. In recent years we have seen discrete and unique cloud
implementations resulting in automation of complicated resource scalability and building a layer of abstraction to hide
business processes at a never imaginable cost. Cloud computing the complexity of underlying hardware, and segregating the
provides three basic architecture to cater the needs of different software and hardware [3]. In fact, cloud computing has three
users i.e. IaaS (Infrastructure as a Service), PaaS (Platform major virtualization characteristics; partitioning, isolation and
as a Service) and SaaS (Software as a Service). As the encapsulation. The effective utilization of hardware resources
implementation of cloud computing is exponentially broadening can be achieved by delegating them as virtual machines with
and it is being implemented in newer and newer fields, need is help of Hypervisors, which are the core components of
being felt by cloud implementers to have unique service Virtualization. Enhance security, simplify management and
architectures for a specific implementation. In other words a
cost saving can be achieved with help of Virtual Private
unique cloud service architecture e.g. for Educational
Establishments or e.g. a discrete service architecture for Virtual Network (VPN).
Private Network (VPN) if it is to be deployed through cloud. As
Virtual Private Networks are a part of most of the network Most of enterprises accept placing their important data in the
deployments all over the world connecting branches, business cloud whenever the cloud service provider ensures the
partners and outlets and providing seamless connectivity availability of encryption and cryptographic protocols to
especially for SME’s (Small-Medium sized Enterprises). Most of provide the confidentiality, integrity and authentication. Cloud
the organizations with VPN deployments want to reduce the VMs could connect to the enterprise network through VPN.
operational cost, implementation cost and overhead associated This will allow transmission data over the Internet by using
with VPN’s. This research paper is mere effort to study the need encrypted protocols. Typically, cloud is managed by an entity
for discrete cloud architecture for the implementation of VPN or provider outside the enterprise control which lead many
service through cloud computing. This research paper introduces
a unique cloud architecture VPNaaS (Virtual Private Network as
enterprises to not very confident or accept placing their
a Service). confidential data into public cloud. One circumstance help
enterprises to adopt public cloud is by connecting cloud VMs
Keywords: Cloud VPN; VPN as a Service; Cloud and Virtual to enterprise network with help of VPN. The most commonly
Private Networks; Cloud Architecture used VPN protocols are Secure Socket Layer (SSL), Internet
Protocol Security (IPsec), Point-to-Point Tunneling Protocol
I. INTRODUCTION (PPTP) and Layer 2 Tunneling Protocol (L2TP) which are used
over unreliable public Internet to secure data communication.
Cloud Computing is a new virtualization technology that
shares computing resources (e.g. hardware, software, storage Despite of cloud computing benefits, there are security
space, operating systems and infrastructure), through Internet. breaches in term of data loss, data breaching and traffic
Nowadays, Cloud Computing as service is considered a major hijacking. Thus, there is a need of effective VPN solution in
nerve of modern information technology world similar to cloud. The connectivity to tenant networks can be provided by
electricity and water in urban areas [1].Different cloud Virtual Private Networking as a Service (VPNaaS). The data
computing services can be utilized without worrying about the protection and confidentiality of sensitive information in cloud
complexity of technology and infrastructure architecture. These environment is assured by deploying encryption, which can be
computing services are available and scalable whenever cloud achieved by setting up VPN services in cloud.
Authorized licensed use limited to: KLE Technological University. Downloaded on March 04,2022 at 09:45:04 UTC from IEEE Xplore. Restrictions apply.
2016 5th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 7-9, 2016,
AIIT, Amity University Uttar Pradesh, Noida, India
Cloud computing is a new technology that offers the delivery advisory in information security and network fields have been
of on-demand services (e.g. hardware, software, storage space, defined the VPN are National Institute of Standards and
operating systems and infrastructure) for enterprises through a Technology (NIST) and Gartner.
shared network. This allows Small- Medium sized Enterprises
(SMEs) to contribute towards reducing their capital and NIST has defined VPN as “a virtual network that is built on
operational expenses. Moreover, cloud computing uses “pay- top of existing physical networks to provide a secure
per-usage” model to match the needs\demands of their communications mechanism for transmitted data and other
customers. This allows enterprises to deploy world-class information in between networks” [4].
infrastructure with dynamic facility to allocate and/or release
compute resources on the fly and at a marginal cost. Most of Gartner has described VPN as “a system that delivers
Cloud Service Providers have built their data centers enterprise-focused communication services on a shared public
interconnected via high-speed Internet links and distributed network infrastructure to provide customized operating
them in different geographic locations. characteristics uniformly and universally across an
enterprise” [5].
Considering a scenario wherein different cloud tenants are
sharing the same infrastructure in the cloud service models. VPN DEPLOYMENT
While data traversing in cloud, tenants do not want their There are two types of VPN connections: Remote Access VPN
confidential information to be compromised or altered by any and Site-to-Site VPN [6]. Remote Access VPN connects the
third parties without detection. Data encryption considers as an employees to their company’s intranet from home or anywhere.
extremely helpful method to assure the protection of data within SSL, IPsec, PPTP and L2TP are the most widely used VPN
cloud environments. Currently, cloud service provider requires protocols in “Remote Access VPN”. SSL VPN: It provides
enhancing the security provided to their cloud tenants. This will remote access connectivity through the web browser’s native
ensure the confidentiality and data protection of sensitive SSL encryption and a standard web browser [7]. IPsec VPN:
information. Thus, there is a requirement to deploy VPN as It’s another type of remote access VPN which supports all
cloud based service model to interconnect networks over public IP-based applications and connects only devices with specific
network infrastructures and secure the data transmission across configurations [7].
the private subnets.
In contrast, Site-to-Site VPN connects the company’s intranet
The research concentrates on establishing a virtualized based to their business partner’s intranet and may also connect
environment to facilitate communication between Cloud geographically spaced out company intranets. It uses IPsec,
Service Provider (CSP) across geographically different Generic Routing Encapsulation (GRE) and Multi- Protocol
locations by using VPN solution. Furthermore, a detailed study Label Switching (MPLS) as VPN tunneling protocols [7].
was conducted to address the currently used VPN solutions by Intranet VPN: It’s a type of Site-to-Site VPN that allows
SMEs, to comparatively analysis different architectural designs connectivity between sites of a single enterprise [8]. It uses to
for building traditional VPN and to examine the performance connect small number of remote offices together into single
and the implications while extending VPN to cloud. There is network. Extranet VPN: It’s another type of Site-to-Site VPN
also a proposal for new architecture to build VPN as cloud that allows connectivity between enterprises (e.g. business
based service model. partners, supplier or customer) [9]. It uses to connect
enterprise’s LAN with another enterprise’s LAN in order to
II. RELATED WORK share environment with controlled and secured network access
[10].
There are rapid changes in technology and business
requirements to continue cost saving, many enterprises are VPN TUNNELING TECHNOLOGIES
being asked to explore alternative solutions to traditional
Tunnel is established through public network to secure
network connectivity as a way of minimizing their operating
communication. This tunnel is created with help of widespread
expenses. Virtual Private Network (VPN) is designed to gain
VPN tunneling technologies (e.g. IPsec, L2TP and PPTP) [11].
secure access into an enterprise’s private network as well
These technologies are used to secure data tunnels over an
reduce costs and increase performance. VPN is a term used
insecure network, which is VPN. Tunneling technologies are
generically to describe a communication network. It uses a
rely on both open source implementations and commercial
combination of strong encryption and tunneling technologies to
secure a tunneled connection through untrusted or unsecured products[12].
network (e.g. Internet). This allows enterprises to transport IPsec is one of the most complete secured accessible standards
their private data\network services by using public based on developed protocols uses to transport the data. It’s a
infrastructure networks. There is no standard interpretation for collection of security protocols allows the system to select the
VPN term. The networking specialists and enterprises may proper security protocols while transmitting the data.
understanding VPN in different ways. There are different Authentication Header (AH), Encapsulating Security Payload
institutes and advisories have tried to define the VPN (ESP) and Internet Key Exchange (IKE) are three primary
terminology. The two major broadly known institute and protocols uses by IPsec to establish connection and transmit
527
Authorized licensed use limited to: KLE Technological University. Downloaded on March 04,2022 at 09:45:04 UTC from IEEE Xplore. Restrictions apply.
2016 5th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 7-9, 2016,
AIIT, Amity University Uttar Pradesh, Noida, India
data in a secured manner. IPsec runs in two operations modes: (Gupta, P. & Verma, A) have introduced virtual private
Transport and Tunnel. network service based on “Software as a Service” model [14].
This service is fully dedicated to the SME companies. This
L2TP is one of tunneling protocol uses to transmit the data model was designed only to show the concept of elastic VPN
between the communicating systems. It uses by Frame Relay, in cloud computing and require more researches to improve
X.25 networks and Asynchronous Transfer Mode (ATM). It is topology design. The VPN service model is built purely based
capable to transmit non-IP protocols over an IP network and on cloud service by using simple techniques (e.g. load
encapsulates data in PPP frames. The PPP connections use balancing algorithm and topology).The purpose of using load-
authentication mechanisms, which are also use by L2TP balancing algorithm to adjust the computing resources
connections (e.g. EAP, MSCHAP and CHAP). L2TP uses in consumed by the VPN service in a specific VPN block then it
conjunction with IPsec and called “L2TP/IPsec” as L2TP does was distribute the workload of each operation unit within VPN
not provide the data confidentially. block dynamically.
Authorized licensed use limited to: KLE Technological University. Downloaded on March 04,2022 at 09:45:04 UTC from IEEE Xplore. Restrictions apply.
2016 5th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 7-9, 2016,
AIIT, Amity University Uttar Pradesh, Noida, India
today’s market, the skilled network administrators are got mixed responses about the size of the enterprises.
usually expensive. (41%) of enterprises have 100-500 employees (belongs
to medium-sized enterprises), (7.5 %) have 50-100
4) Quality of Service (QoS): It’s a key component of any employees which are belong to small enterprises,
VPN service. It ensures that all applications can coexist followed by those with (10.1%) belong to micro-
and function at acceptable levels of performance. The enterprises.
VPN requires a certain quality of service (QoS) (e.g.
minimum guaranteed bandwidth) for the connections
between VPN sites. VPN uses a shared network
infrastructure (e.g. Internet) and service provider cannot
provide service level guarantee for QoS. In the typical
internet connected environment, there are some
challenges related to QoS such as prioritize the mission
critical traffic through the VPN. The clients have no
control to prioritize the traffic once it leaves their network
as the Internet Service Providers (ISPs) may remark or
discard the traffic that has priority queuing markings [17].
The web-based questionnaire survey is conducted from 2. Usage of VPN solution to provide connectivity to remote
selected respondents from different enterprises to know their offices:
expectations on VPN as cloud-based service model and current The results showed that all respondents (100%) used VPN
problems faced by them in current VPN solution. The solution to connect their remote offices. Most enterprises
respondents sample has been selected based on a probability used VPN connectivity to extend the workplace beyond the
approach. It means that the sample has been elected via “Simple physical offices thus increasing their employees’ productivity
Random Sampling” to obtain an acceptable accurate through workplace flexibility.
information; therefore, some enterprises are more expected to
be selected instead of others [18]. The enterprises selected for
the research are the results of local contacts working with
different local SMEs. The survey was conducted among the
SMEs’ users of the VPN service to answer the research
questions:
1. What are the major benefits for SMEs if they adapt VPN
cloud based service model?
Authorized licensed use limited to: KLE Technological University. Downloaded on March 04,2022 at 09:45:04 UTC from IEEE Xplore. Restrictions apply.
2016 5th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 7-9, 2016,
AIIT, Amity University Uttar Pradesh, Noida, India
Authorized licensed use limited to: KLE Technological University. Downloaded on March 04,2022 at 09:45:04 UTC from IEEE Xplore. Restrictions apply.
2016 5th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 7-9, 2016,
AIIT, Amity University Uttar Pradesh, Noida, India
reason is improved performance and efficiency that had there is a requirement for discrete and unique service
response percentage of (41.8%). architecture however a specific architecture is not proposed
which will result in VPN being provided as a cloud service. The
future work in this area would be to compare the current service
architectures and missing features and components that are
required for leveraging VPN as a cloud service. Moreover, there
is a need for designing discrete service architecture in cloud
computing for VPN so as to successfully offer VPN as a service.
ACKNOWLEDGMENT
531
Authorized licensed use limited to: KLE Technological University. Downloaded on March 04,2022 at 09:45:04 UTC from IEEE Xplore. Restrictions apply.
2016 5th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 7-9, 2016,
AIIT, Amity University Uttar Pradesh, Noida, India
[13] Arshad,F. et al., "To Cloud or Not to Cloud: A Study of Trade- environment/sme-definition/index_en.htm. [Accessed 20 April
offs between In-house and Outsourced Virtual Private Network," 2016].
pp. 1-6, n.d.. [21] Fisher,O., "Small and Medium-Sized Enterprises and Risk in
[14] Gupta,P. & Verma,A., "Concept of VPN on Cloud Computing the Gulf Cooperation Council Countries: Managing Risk and
for Elasticity by Simple Load Balancing Technique," Int. Boosting Profit," n.d.. [Online]. Available:
Journal of Engineering and Innovative Technology (IJEIT), vol. http://www.financepractitioner.com/financial-risk- management-
1, no. 5, pp. 1-5, May 2012. best-practice/small-and-medium-sized- enterprises-and-risk-in-
[15] Tyagi S., Som S., Rana Q. P.,(2016) “A Reliability Based the-gulf-cooperation-council- countries-managing-risk-and-
Variant of AODV in MANETs: Proposal, Analysis and boosting-profit?page=1. [Accessed 5 May 2016].
Comparison”,7th International Conference on Communication, [22] Singh, Ajay Vikram, and Moushumi Chattopadhyaya.
Computing and Virtualization (ICCCV 2016), Elsevier "Mitigation of DoS attacks by using multiple encryptions in
Publications, will be uploaded to Digital Library of Elsevier as a MANETs." In Reliability, Infocom Technologies and
Part of Elsevier Procedia Computer Science, ISSN: 1877-0509, Optimization (ICRITO)(Trends and Future Directions), 2015 4th
p.p.: 903-911 and will be available on: http: // International Conference on, pp. 1-6. IEEE, 2015.
www.sciencedirect.com / science / article / pii / [23] Ajay Vikram Singh, Bani Singh, M. Afshar Alam, “Issues and
S187705091600243X, 26-27 February, 2016 Challenges associated with Secure QoS aware Routing in
[16] McFarlane,S. & Stonecypher,L., "Understanding VPN - MANETs” , International Journal of Research and Reviews in
Disadvantages," 29 June 2010. [Online]. Available: Ad Hoc Networks (IJRRAN), Vol. 1, No. 3, pp. 73-76,ISSN:
http://www.brighthub.com/computing/windows- 2046-5106, Science Academy Publisher, United Kingdom,
platform/articles/63301.aspx. [Accessed 5 June 2016]. September 2011.
[17] Scott,C. et al, Virtual Private Networks, Second Edition ed.,
O'Reilly, 1999, pp. 46-56.
[18] Stewart,P., "QoS Challenges with VPNs," 6 March 2012.
[Online]. Available:
http://www.packetu.com/2012/03/06/qos-challenges- with-vpns/.
[Accessed 20 May 2016].
[19] Saunders,M. et al, Research Methods for Business Students,
Fifth ed., Pearson Education Limited, 2009, pp.226-228.
[20] European Union, "What is an SME?," n.d.. [Online]. Available:
http://ec.europa.eu/growth/smes/business- friendly-
532
Authorized licensed use limited to: KLE Technological University. Downloaded on March 04,2022 at 09:45:04 UTC from IEEE Xplore. Restrictions apply.