On the virtualization and dynamic orchestration of satellite communication services

Key features of satellite communications such as wide-scale coverage, broadcast/multicast support and high availability, together with significant amounts of new satellite capacity coming online, anticipate new opportunities for satellite communications services as an integral part within upcoming 5G systems. To materialize these opportunities, satellite communications services have to be provisioned and operated in a more flexible, agile and cost-effective manner than done today. In this context, this paper describes a solution for the virtualization and dynamic orchestration of satellite communication services that builds on the introduction of Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies within the satellite ground segment systems. Along with the description of the main system architecture traits, the flowchart of a general procedure for the dynamic instantiation of virtualized satellite networks on top of a SDN/NFV-enabled satellite ground segment system is provided. The paper also presents experimental results for the dynamic customization of satellite network services through the implementation of a set of virtualized satellite network functions that can be orchestrated over general purpose open virtual platforms.Peer ReviewedPostprint (author's final draft

HIL: designing an exokernel for the data center

We propose a new Exokernel-like layer to allow mutually untrusting physically deployed services to efficiently share the resources of a data center. We believe that such a layer offers not only efficiency gains, but may also enable new economic models, new applications, and new security-sensitive uses. A prototype (currently in active use) demonstrates that the proposed layer is viable, and can support a variety of existing provisioning tools and use cases.Partial support for this work was provided by the MassTech Collaborative Research Matching Grant Program, National Science Foundation awards 1347525 and 1149232 as well as the several commercial partners of the Massachusetts Open Cloud who may be found at http://www.massopencloud.or

Issues and Challenges for Network Virtualisation

In recent years, network virtualisation has been of great interest to researchers, being a relatively new and major paradigm in networking. This has been reflected in the IT industry where many virtualisation solutions are being marketed as revolutionary and purchased by enterprises to exploit these promised performances. Adversely, there are certain drawbacks like security, isolation and others that have conceded the network virtualisation. In this study, an investigation of the different state-of-the-art virtualisation technologies, their issues and challenges are addressed and besides, a guideline for a quintessential Network Virtualisation Environment (NVE) is been proposed. A systematic review was effectuated on selectively picked research papers and technical reports. Moreover a comparative study is performed on different Network Virtualisation technologies which include features like security, isolation, stability, convergence, outlay, scalability, robustness, manageability, resource management, programmability, flexibility, heterogeneity, legacy Support, and ease of deployment. The virtualisation technologies comprise Virtual Private Network (VPN), Virtual Local Area Network (VLAN), Virtual Extensible Local Area Network (VXLAN), Software Defined Networking (SDN) and Network Function Virtualisation (NFV). Conclusively the results exhibited the disparity as to the gaps of creating an ideal network virtualisation model which can be circumvented using these as a benchmark

Practical Encryption Gateways to Integrate Legacy Industrial Machinery

Future industrial networks will consist of a mixture of old and new components, due to the very long life-cycles of industrial machines on the one hand and the need to change in the face of trends like Industry 4.0 or the industrial Internet of things on the other. These networks will be very heterogeneous and will serve legacy as well as new use cases in parallel. This will result in an increased demand for network security and precisely within this domain, this thesis tries to answer one specific question: how to make it possible for legacy industrial machines to run securely in those future heterogeneous industrial networks. The need for such a solution arises from the fact, that legacy machines are very outdated and hence vulnerable systems, when assessing them from an IT security standpoint. For various reasons, they cannot be easily replaced or upgraded and with the opening up of industrial networks to the Internet, they become prime attack targets. The only way to provide security for them, is by protecting their network traffic. The concept of encryption gateways forms the basis of our solution. These are special network devices, that are put between the legacy machine and the network. The gateways encrypt data traffic from the machine before it is put on the network and decrypt traffic coming from the network accordingly. This results in a separation of the machine from the network by virtue of only decrypting and passing through traffic from other authenticated gateways. In effect, they protect communication data in transit and shield the legacy machines from potential attackers within the rest of the network, while at the same time retaining their functionality. Additionally, through the specific placement of gateways inside the network, fine-grained security policies become possible. This approach can reduce the attack surface of the industrial network as a whole considerably. As a concept, this idea is straight forward and not new. Yet, the devil is in the details and no solution specifically tailored to the needs of the industrial environment and its legacy components existed prior to this work. Therefore, we present in this thesis concrete building blocks in the direction of a generally applicable encryption gateway solution that allows to securely integrate legacy industrial machinery and respects industrial requirements. This not only entails works in the direction of network security, but also includes works in the direction of guaranteeing the availability of the communication links that are protected by the gateways, works to simplify the usability of the gateways as well as the management of industrial data flows by the gateways

A Cisco-Based Proposal for Arne Core Routing Infrastructure

Systems Engineering and Application Development (SEAD) Practicum provides opportunities for students to engage in proposing, designing, building and testing various projects related to information technology. There are several ongoing projects designed to upgrade, improve or revamp some aspect of the Academic Research Network, generally referred to as ARNe, and services or applications that are a part of its architecture. Regis University is in the process of replacing their current architecture and equipment that forms the core of ARNe in order to facilitate further upgrades and new projects within various aspects of ARNe. This paper examines and proposes a Cisco-based routing solution utilizing Cisco ISR routing platforms for interconnecting the core WAN, providing a high-performance, scalable, and flexible solution for immediate and future needs

GNFC: Towards Network Function Cloudification

An increasing demand is seen from enterprises to host and dynamically manage middlebox services in public clouds in order to leverage the same benefits that network functions provide in traditional, in-house deployments. However, today's public clouds provide only a limited view and programmability for tenants that challenges flexible deployment of transparent, software-defined network functions. Moreover, current virtual network functions can't take full advantage of a virtualized cloud environment, limiting scalability and fault tolerance. In this paper we review and evaluate the current infrastructural limitations imposed by public cloud providers and present the design and implementation of GNFC, a cloud-based Network Function Virtualization (NFV) framework that gives tenants the ability to transparently attach stateless, container-based network functions to their services hosted in public clouds. We evaluate the proposed system over three public cloud providers (Amazon EC2, Microsoft Azure and Google Compute Engine) and show the effects on end-to-end latency and throughput using various instance types for NFV hosts