Академический Документы
Профессиональный Документы
Культура Документы
2/2012 3
This article defines Cloud Computing and highlights key concepts, the benefits of using
virtualization, its weaknesses and ways of combining it with classical VoIP technologies
applied to large scale businesses.
The analysis takes into consideration management strategies and resources for better
customer orientation and risk management all for sustaining the Service Level Agreement
(SLA). An important issue in cloud computing can be security and for this reason there are
several security solution presented.
Keywords: Cloud computing, VoIP, Data virtualization, DoS
We also must mention the personnel movement of the server from one location to
costs that in the traditional method another was needed as well as a list of
implies, because it requires a large modifications that are necessary for any
number of people to mange resources, physical movement.
allocated in different geographical areas.
Also, every new installation needs to be 5 The levels that can attack a VoIP
fully made, and this translates in large infrastructure
installation time for every new server. In Denial-of-Service or VoIP Service
cloud computing these aspects can be Disruption. Denial-of-service (DoS) attacks
solved in a reduced amount of time, the can affect any IP-based network service.
installation of services taking very little. The impact of a DoS attack can range from
It is done by cloning other virtual nodes, mild service degradation to complete loss of
so all the software and application service. There are several classes of DoS
installation is done only once and then all attacks. One type of attack in which packets
the new software is installed by cloning. can simply be flooded into or at the target
In this way a large number of identical network from multiple external sources is
servers can be created within minutes, called a distributed denial-of-service
without the need to separately install each (DDoS) attack.[3] DoS attacks are difficult
necessary application. to defend against, and because VoIP is just
Cloud computing reduces human error to another IP network service, it is just as
a minimum, due to the fact that there is susceptible to DoS attack as any other IP
no need to process the same information network services. Additionally, DoS attacks
every time. It is enough to have only one are particularly effective against services
correct virtual machine, that has been such as VoIP and other real-time services,
tested, all the other being replicas of the because these services are most sensitive to
first. adverse network status. Viruses and worms
Migrating services from one are included in this category as they often
geographical area to another, from one cause DoS or DDoS due to the increased
machine to another, transferring from network traffic that they generate as part of
one solution to another their efforts to replicate and propagate.[9]
The classical method required for each ARP Spoofing
modification to restart all the installation ARP is a fundamental Ethernet protocol [3].
procedures, which involved time spent Perhaps for this reason, manipulation of
and large costs. Cloud computing has the ARP packets is a potent and frequent attack
extraordinary benefit of easily moving mechanism on VoIP networks. Most
information from one machine to another network administrators assume that
and between servers, without taking into deploying a fully switched network to the
account the geographical distance. It is desktop prevents the ability of network users
possible for a virtual machine to have a to sniff network traffic and potentially
node in Bucharest and to move that capture sensitive information traversing the
service within minutes on another server network. Unfortunately, several techniques
in Brasov, without damages or problems. and tools exist that allow any user to sniff
Within minutes servers can be moved traffic on a switched network because ARP
from one location to another, from one has no provision for authenticating queries
country to another, while keeping the or query replies [4].
service functional even while migrating. Additionally, because ARP is a stateless
This option did not exist in the traditional protocol, most operating systems (Solaris is
method. Using this method implied that an exception) update their cache when
the service would not be functional for at receiving ARP reply, regardless of whether
least several days, and that the physical they have sent out an actual request.
8 Implementation of Cloud Computing into VoIP
governed by a formal change users that have accessed the room along
management process. with a date/time-stamp [6].
- A system of monitoring and auditing
physical access to VoIP components, 6 Security for the VoIP Infrastructure
wiring, displays, and networks must be One example of how to configure a secure
implemented (e.g., badges, cameras, an system cloud for VoIP is the creation of a
access logs). From the point at which an network demilitarized zone (DMZ) on a
employee enters the building, it is single host.
recommended that there be a digital In this example, three virtual machines are
record of their presence. configured to create a virtual DMZ on
- The server room should be arranged in a Standard Switch 1: Virtual Machine 1, 2,3
way that people outside the room cannot and 4 run Web server and are connected to
see the keyboard (thus seeing virtual adapters through standard switches.
users/admin passwords). These virtual machines are multi homed.
- Any unused modems must be The Machine 5 and 6 runs an Asterisk
disabled/removed. server. The conduit between these elements
- No password evidence (notes, sticky is Standard Switch 2, which connects the
notes, etc.) is allowed around the system. firewalls with the servers. This switch has
- The CPU case should be locked and the no direct connection with any elements
key must be accounted for and protected. outside. From an operational viewpoint,
A backup key should be made and kept external traffic from the Internet enters
securely offsite (e.g., in a safety deposit Virtual Machine 1 through Hardware
box). Network Adapter 1 (routed by Standard
- USB, CD-ROM, monitor port, and Switch 1) and is verified by the firewall
floppy disks drives should be removed, installed on this machine. If the firewall
disabled, or glued shut. authorizes the traffic, it is routed to the
- Adequate temperature and humidity standard switch in the DMZ, Standard
controls must be implemented to avoid Switch 2. Because the Web server and
equipment damage. application server are also connected to this
- Adequate surge protectors and UPS switch, they can serve external requests.
must be implemented, maintained, and Standard Switch 2 is also connected to
tested. Virtual Machine 4 and Virtual Machine 5.
- Cleaning and maintenance people This virtual machine provides a firewall
should be prohibited from the area between the DMZ and the internal corporate
surrounding network.
any electronics. This firewall filters packets from the Web
- Food, drink, or smoking is prohibited in server and application server. If a packet is
the same areas. verified, it is routed to Hardware Network
IP-PBX equipment must be located in a Adapter 2 through Standard Switch 3.
locked room with limited access. This Hardware Network Adapter 2 is connected
type of access must be provided as a user to the internal corporate network. This
authentication system with either a key- network could be used for virus propagation
card or biometric device. The use of a or targeted for other types of attacks. The
keypad alone to gain access is not security of the virtual machines in the DMZ
permitted. All methods of gaining entry is equivalent to separate physical machines
into the room must provide for a list of connected to the same network.
10 Implementation of Cloud Computing into VoIP
telephony in foreign countries due to the Pitsilis. Cloud computing for e-science
reduced costs with cheaper work force. with carmen, (2008), pp. 1–5.
[4] R. M. Savola, A. Juhola, I. Uusitalo,
7 Conclusion Towards wider cloud service applicability
By innovation and a perfectible degree of by security, privacy and trust
security, VoIP industry is consolidating is measurements. International Conference
market place, frightening to be able soon on Application of Information and
to take the place of conventional Communication Technologies (AICT),
solutions (expensive, insecure and (Oct., 2010), pp. 1–6.
inflexible). [5] M.-E. Begin, An egee comparative
Cloud computing allows to create study: Grids and clouds – evolution or
inexpensive systems, with little upfront revolution. EGEE III project Report, vol.
costs and to be scaled to massive sizes, 30 (2008).
when needed. In many cases the best [6] B. Rochwerger, D. Breitgand, E. Levy,
VOIP solution is to use cloud computing A. Galis, K. Nagin, I. M. Llorente, R.
and replace the classical solution. The Montero, Y. Wolfsthal, E. Elmroth, J.
advantages can be defined both by the Caceres, M.Benyehuda, W. Emmerich, F.
providers, which are motivated by the Galan, The Reservoir model and
future profits that can arise due to the architecture for open federated cloud
lower costs that the classical technology, computing. IBM Journal of Research and
as well as the users who have the Development, vol. 53, no. 4 (July, 2009),
possibility of reducing or eliminating the pp. 1–11.
telephony service costs. [8]“Implementing QoS Solutions for H.323
Videoconferencing over IP”, Cisco
References Systems Technical Whitepaper Document
[1] G. Gruman, E. Knorr, What cloud Id: 21662, 2007.
computing really means. InfoWorld, [9] P. Calyam, M. Haffner, E. Ekici, C.-G.
(2009, May). [Online]. Available: Lee, “Measuring Interaction QoE in
http://www.infoworld.com/d/cloudco Internet Videoconferencing”, Proc. of
mputing/what-cloud-computing- IFIP/IEEE MMNS, 2007.
reallymeans-031 [10] S. Winkler, “Digital Video Quality:
[2] L. Siegele, Let it rise: A survey of Vision Models and Metrics”, John Wiley
corporate IT. The Economist, (Oct., and Sons Publication, 2005.
2008).
[3] P. Watson, P. Lord, F. Gibson,
Panayiotis Periorellis, and Georgios
published articles, and 2 scientific papers. Her fields of interest include: Linux, Clusters, VoIP
and Cloud Computing.