Traditional enterprise network security is based on the deployment of security appliances placed on some specific locations filtering, monitoring the traffic going through them. In this perspective, security appliances are chained in specific order to perform different security functions on the traffic. In the cloud, the same approach is often adopted using virtual security appliances to protect traffic for different virtual applications with the challenge of dealing with the flexible and elastic nature of the cloud. In this paper, we investigate the problem of placing virtual security appliances within the data center in order to minimize network latency and computing costs for security functions while maintaining the required sequential order of traversing virtual security appliances. We propose a new algorithm computing the best place to deploy these virtual security appliances in the data center. We further integrated our placement algorithm in an open source cloud framework, i.e. Openstack, in our test laboratory. The preliminary results show that we are placing the virtual security appliances in the required sequential order while improving the efficiency compared to the current default placement algorithm in Openstack.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.