Cloud Networking is secure and robust

You can create a complete end-to-end network from one cloud network, running on XenServer, through a VPN to another network in a different cloud. All servers and hosts communicate securely over SSL VPN. Amazon Machine Images are secured by the Amazon infrastructure using security groups.

The proof of concept speaks for itself. Between the Softlayer cloud and the Amazon EC2 cloud is running a site-to-site SSL VPN using Vyatta. All of the images in this architecture are running on XenServer. This proof of concept gives rise to many networking architectures for cloud computing.

The reason for using Vyatta site-to-site SSL VPN between the Softlayer and Amazon EC2 clouds is there needs to be a secure network between the two for the transfer of data. The Vyatta AMI (Amazon Machine Image) can also function as a complete router, firewall and DNS cache. The Vyatta SSL VPN router provides security with scalability. Suppose I wanted to separate the Vyatta SSL VPN from a Vyatta OSPF router, I would just launch another instance of the Vyatta AMI.

As you can see from the network diagram and video, complete routing from the Softlayer cloud to the Amazon cloud network is seamless, without having to buy any proprietary hardware. In fact, it is very low cost compared to traditional network solutions. Virtualized networking is here, it is fast, secure and cheap.

A CloudBurst happens when Citrix Workflow Studio determines that one of the devices in the Softlayer Cloud has reached a high watermark. WFS then instructs the NetScaler VPX to start sending traffic to the Cloud - CloudBurst.

To get your own cloud, go here

Configurations used

Vyatta SSL VPN (V1) - Datacenter Configuration
Vyatta SSL VPN (V2) - Cloud Configuration
XenApp VPN Client - Cloud Configuration

Links for this solution

Vyatta for XenServer - go here
Amazon EC2 - go here
XenServer is Free! - go here
XenApp - go here
Workflow Studio - go here
XenApp VPN Client - go here
Dell Server - go here
IP Addresses - go here

Watch This

Read more news like this.

Its powerful AppExpert!

Cloud Networking is fast

You can create a complete end-to-end network from the datacenter to the cloud. All cloud servers communicate securely over SSL VPN.

Between the datacenter and the Amazon EC2 cloud is a site-to-site SSL VPN built with Vyatta. On the XenApp server in the cloud runs the Citrix Accelerator which connects back to the Citrix Branch Repeater/WANScaler at the datacenter, to accelerate data connections. The Citrix Accelerator makes cloud computing fast, Vyatta makes it secure.

The reason for using Vyatta site-to-site SSL VPN between the datacenter and Amazon EC2 cloud is there needs to be a secure network between the two for the transfer of data. The Vyatta AMI (Amazon Machine Image) can also function as a complete router and firewall. The Vyatta SSL VPN router provides security with scalability.

As you can see from the network diagram and video, complete routing from the datacenter to the Amazon cloud network is seamless. Data resides at the datacenter and is accessed, over the SSL VPN, by the Application running in XenApp. The remote user connects to XenApp, runs the application, and the application delivers the data to the remote user, quickly and securely.

To get your own cloud, go here.

Configurations used

Vyatta SSL VPN (V1) - Datacenter Configuration
Vyatta SSL VPN (V2) - Cloud Configuration
Windows VPN Client - Cloud Configuration

Links for this solution

Vyatta - go here
Amazon EC2 - go here
XenServer is Free! - go here
XenApp - go here
XenApp VPN Client - go here
Dell Server - go here
IP Addresses - go here

Watch This

Read more news like this.

Its powerful AppExpert!

Network Virtualization is secure and routable

You can create a complete end-to-end network from your corporate datacenter, running on XenServer, through the VPN to the network in the cloud. All servers and hosts communicate securely over SSL VPN.

The best part about this solution is that when one vendor said that virtualization breaks the network, it really doesn't.

I just did the proof of concept between a Citrix datacenter and Amazon cloud services. Between the Citrix datacenter and the Amazon cloud, I am running a site-to-site SSL VPN. The SSL VPN running at the Citrix datacenter is running inside of XenServer on a Dell 2950 III server, optimized for virtualization.

The SSL VPN Gateway running in the Cloud is also running on Xen as a virtual appliance, or virtual gateway if you will. The Windows Server(s) in the cloud are connected to the SSL VPN using OpenVPN.

The reason for using OpenVPN on the Windows Server(s) to connect to the SSL VPN Gateway in the Cloud is twofold:

1. Amazon doesn't allow the reconfiguration of default gateways on their Amazon Machine Images (AMIs). By configuring the OpenVPN client connection, you can send all traffic from the Windows Server (S3) through the SSL VPN gateway (V2), through the VPN (vtun0) Tunnel, through the SSL VPN gateway (V1) to the private network in the Citrix datacenter AND vice versa.
2. Provides an extra layer of security for traffic traversing the intra-cloud network.

Its powerful AppExpert!

If you're like me, you'll like to mentally create pictures to make sense of what you're reading. The underpinnings of Xen networking, as I found out, is not that difficult once you have the correct pictures in mind. Once I'd discovered the secrets, I decided to write a paper explaining it to myself. Hopefully, others will find this useful as well!

"It's important to understand that XenServer networking operates at Layer 2 of the OSI. This means it's independent of any Layer 3 addressing, such as IP. As we'll see, XenServer acts as a Layer 2 virtual switch..." Read more in my Citrix Knowledge Center article.

Border Gateway Protocol, open-source and it's para-virtualized. No more proprietary software and hardware, you can run as many copies of this as needed on one physical XenServer machine. As a proof point, we used the Vyatta Open Source router to build out our Link Load Balancing network in Santa Clara.  The Open Source Vyatta is running on a Dell server. We configured the BGP routing protocol, but could have have also configured OSPF or RIP and redistributed the routes. This configuration has been proven to outperform the incumbents, and is less costly by a wide margin.  Reduce opex and capex and start rolling this out today.  

What is needed:

• Vyatta Open Source Networking Software
• A Dell Server that supports Virtualization
• XenServer Enterprise 4.1

The Network:

Watch this Video:

Tap into the power of AppExpert!

And it's FREE! Throw away those behemoths that suck power from every grid in the state and drain your budget. This baby is Free, Open Source and VIRTUAL, meaning you can run as many instances of this router as you want on your choice of hardware. What is even more gratifying is it's faster than the old router technology.

Vyatta has commoditized router, firewall and VPN deployment in the same way that Linux commoditized the operating system market. Vyatta open-source networking offers you an alternative to over-priced, inflexible products from proprietary vendors.

Vyatta software enables customers to build routing and security solutions using standard x86-based hardware of their choosing, ensuring networks will always meet performance requirements. Vyatta open-source software delivers the unique advantage of allowing customers to scale networks from the simplest LAN configurations to large BGP WAN edge configurations using a single software package.

Vyatta software includes support for most commonly used network interfaces, industry standard routing and management protocols, and all of these features are configurable via a single command-line interface (CLI) or web-based graphical user interface (GUI) - avail Q3'08. The integrated features and functionality make Vyatta software ideal for SMB, Branch Office, Enterprise and Service Provider deployments.

Summary of features:
BGP, OSPF, RIP, DHCP, QoS, IPSec VPN, VRRP, PPP, 802.1Q, Complete List.

This open source router is already running on XenServer in a large service provider in Europe. We are using it in our Citrix Ready program as a multi-link Intranet with connections to the Internet along with high availability link load balancing.

This para-virtualized Vyatta image runs as a virtual appliance in XenServer v3.2.1 and v4.1.

The XenServer Platform we are using:

• Dell Poweredge 2950 server.
• 2 x Intel 64-bit Quad-Core Xeon Processors, Model E5335 @ 2.00 GHz each, for a total of 8 CPUs.
• 2 Intel 82571EB Gigabit Ethernet (on-board)
• 2 Broadcom NetXtremeII Gigabit Ethernet
• 16 GB of memory.
• 300 GB of Storage.
• XenServer v4.1
• *note: CPU's must support virtualization technology.
  
  
  
  
  
  

Virtual Router - Install:

Virtual Router - Config:

Tap into the power of AppExpert.