Towards Cloud, Service and Tenant Classification For Cloud Computing

One of the major concerns cloud computing platforms face today is the lack of a unique identification of the "who" within the network infrastructure. State-of-the-art technologies (such as VLANs or IP addresses) lack functionality to cope with the highly dynamic and scalable, ever changing and virtualized cloud-enabled data center infrastructures. A shared and limited address space or the loss of identification across boundaries render classification unusable for per-tenant, per-service or per-cloud-provider policies. In this work, we introduce the concept of a classification mechanism that is fine-grained enough to associate tenants, services and cloud providers to their network streams. The Tenant-ID, Service-ID and Cloud-ID is added as a tag to Layer 3 packets throughout the consumer-to-service communication. We argue that the proposed service and tenant isolation concept is generic enough to be applicable across the whole cloud environment, thereby eliminating current limitations and enabling new network functionality.