This paper describes the basics of IBM Software Defined Network for Virtual Environments (SDN VE) including how multitenant computing works and its challenges. IBM SDN VE is a multi-hypervisor, server-based solution that enables a virtual network to overlay a physical IP network. I’ll also go into the concepts of how SDN VE is implemented in its first version for VMware 5.x. Most of the discussion below also applies to the KVM version of SDN VE released in February, 2014.
Meeting the Challenges of Multitenant Computing
Much of SDN VE is based on IBM’s own research and experiences in data center environments, as well as the feedback gathered from hosting and managed service providers (MSPs). More and more, these environments are relevant to the IT enterprise. A key trait of a cloud environment is multitenancy, in which multiple customers (known as “tenants”), rent space in the cloud and expect to be highly isolated from each other. Imagine companies Alpha and Beta both wanting to use the services of same public cloud.
They must be highly isolated. In doing so, the cloud operator (the hosting company) must ensure that:
* Crosstalk between customer networks is prohibited: This is not only to prevent data leakage but also to prevent deliberate (corporate espionage) or accidental attack (via infection).
* Tenants do not compromise the cloud network: Customers can do dumb things, like opening TCP ports to the rest of the world or using “password” as their root or administrator password. A hosting company cannot let a successful attack on a tenant compromise its hosting infrastructure and all of the other tenants along with it.
Read more… download the full whitepaper.