Feeds

Rackspace floats virty router and firewall into its clouds

Forget iron, use heavenly Vyatta software appliances

3 Big data security analytics techniques

Moving to clouds should mean breaking free of all kinds of specific hardware devices and running as much software as possible on generic virtual machines – which is why Rackspace Hosting is partnering with Brocade Communications to bring its Vyatta vRouter software to its public and private clouds.

Brocade has been gradually building up its networking and routing capabilities, snapping up Foundry Networks for its Ethernet switching for $2.6bn in December 2008, and buying virtual networker Vyatta for an undisclosed sum in November 2012. Vyatta was founded in 2005 and brought out the first release of its virtual network appliances in October 2007.

Among many things, the Vyatta stack includes a virtual router (which means it runs on a virtual machine hypervisor) that can do a lot of the work that ISR and ASR machines from Cisco Systems can do. The vRouter software is not just a router, however it is named. It also includes a virtual firewall, virtual private networking for linking internal and external sites to each other securely, and a network address translation appliance that allows for applications and databases to be provisioned without public interfaces on the internet, but still able to get patches and updates from the outside world.

John Engates, chief technology officer at Rackspace, says that up until now, customers have had to do a number of different things to try to get these functions into their public or private cloud slices, such as using firewall rules built into Linux, or using OpenVPN as well as the open source Vyatta or the commercial-grade software which has extensions not available in the open source version.

A graphical user interface, integration with Chef and Puppet management tools, and integration with CloudStack and OpenStack cloud controllers is only available in the Vyatta Network OS Enterprise Edition. In hybrid cloud setups, Rackspace has even installed physical VPN, firewall, and routing appliances on behalf of customers.

"With Vyatta, customers can now get industrial-strength firewall, routing, and VPN into the cloud," says Engates, and in such a way that integrates with the Cloud Networks multi-tiered virtual Layer 2 networking service that is part of the public cloud as well as the RackConnect service.

The Cloud Networks service is based on VMware's NVP OpenFlow controller and Open vSwitch virtual switch, which plugs into the XenServer commercial-grade hypervisor from Citrix Systems that Rackspace uses to underpin its OpenStack-based public cloud. (VMware got its hands on NVP and Open vSwitch last year when it acquired virty networking upstart Nicira.)

The vRouter virtual appliance can also link systems running inside a private data center to the Rackspace Cloud. Up until now, customers had to use the RackConnect service, which required an F5 Big-IP or Cisco ASA hardware appliance, but now customers will be able to use vRouter virtual routers instead if they so choose.

One important thing, says Engates, is that both the Cloud Networks service and the vRouter service are both IPv6 compliant, so you don't have to mess around with IPv4.

The vRouter service is in early adopter phase now, which means it is in limited availability. But within the next month or so, Engates says Rackspace will feel comfortable enough with the virty firewall, router, NAT, and VPN appliance to make it generally available. The vRouter service will cost 18 cents per hour over and above whatever Cloud Server instance you run it on.

"We are recommending that people start with a 1GB RAM server instances," Engates. This instance should be able to handle about 30Mb/sec of bandwidth for firewall traffic, which is a pretty small appliance. In this case, the server instance costs 6 cents per hour, so you get the virtual firewall for 24 cents per hour, or about $2,100 per year.

If you need to step up to 100Mb/sec of bandwidth on the firewall, Rackspace recommends a 4GB server instance, which 24 cents per hour for the server and another 18 cents per hour, which works out to $$3,680 per year. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.