Hardware to Virtual Firewall Migration Heuristic Rules
Project Members
Ibrahim Waziri Jr
Ibrahim Waziri Jr
Abstract
In this era of cloud computing, many data centers rely on a
composite security framework consisting of hardware and virtual
firewalls. Hardware firewalls are optimized for greater throughput
while virtualized firewalls can only scale to match DoS attempts. To
maximize the utility of each form factor, we developed an in-line
firewall scheme with variable filtering point. The primary filtering
point changes between hardware and virtual firewalls based on realtime
conditions. The architecture incorporates heuristic-based
migration logic. To define the heuristics, a performance evaluation
was conducted following two test scenarios: spike tests and
endurance test. Packet throughput was also assessed using JMeter.
The results indicate that a threshold approach to filter-point
migration maximizes network throughout while offering the
insurance of on-demand scalability.