Brocade virtual routers help secure Amazon GovCloud
- By Rutrell Yasin
- Jul 30, 2013
As government IT managers turn to public clouds for rapid, on-demand access to computing resources, they still are wary about losing control over how their data is segmented and secured within cloud infrastructures.
To help assuage these concerns, networking vendors are offering a new class of virtual routers that give agencies the ability to move sensitive workloads to public clouds and securely segment their networked applications from other tenants’ networks or even separate their own test and development applications from those in their production network.
Network provider Brocade is offering the Vyatta vRouter for the Amazon Web Services GovCloud, which is designed to meet the stringent security and regulatory requirements of U.S government agencies. The Vyatta vRouter is a secure virtual router, firewall and virtual private networking solution that lets agencies connect AWS GovCloud to another public or private cloud as well as provide a secure bridge to a data center, Brocade officials said. The vRouter also has advanced user-controlled functionality and extends the number of concurrent VPN tunnels offered by AWS.
Virtual routers provide more control for users and agility for cloud service providers in multitenant shared environments, said Kelly Herrell, vice president and general manager of Brocade’s software networking business unit. Cloud vendors are not carving out dedicated physical areas in their infrastructures for each tenant. They typically have racks and racks of servers upon which organizations are intermingled within a shared hardware environment. In a situation such as this, “it is hard to determine where one customers leaves off and another picks up,” Herrell said.
Instead of running on expensive network hardware, virtual routers run on the same server as the application. By putting network functionality inside the server, users can configure virtual networks that segment their infrastructure from other tenants’ infrastructure, giving them the same type of traffic control they had in their data centers, Herrell said. They can also segment their test and development applications from data in their production networks, he said.
Prior to the virtual router concept — vRouters have been on the market for about three years — agency application deployments on public clouds were slow to take off because cloud providers could not meet agencies’ network and security requirements. Or cloud providers trying to meet those demands had to buy and deploy expensive network hardware on behalf of the agency and send agency clients the credentials to control the environment. This defeated the on-demand provisioning benefits of cloud computing, Herrell said.
The Vyatta vRouter has been running in Amazon’s non-government cloud for about a year, he said, and Rackspace recently rolled out a network-as-a-service offering that uses the Vyatta vRouter. Now if an organization needs a special firewall, virtual private networking and control of their network, Rackspace can provide those capabilities with a click of a button and pass control to the user. Agencies using Amazon’s GovCloud can now do the same. Provisioned as an Amazon Machine Image, the Vyatta solution will help reduce costs because of its ability to be dynamically deployed on demand, Herrell said.
Rutrell Yasin is is a freelance technology writer for GCN.