Date Added: Jan 2010
This paper offers the point of view of an RSA CTO with regard to security architecture for Next-Generation Data Center (NGDC) deployments. NGDC deployments have been characterized by this paper as a unified network, virtualization of computing legacy, and dynamic configuration and management of infrastructural components. The paper works as reference security architecture for NGDC in the following three terms: protection for the hypervisor layer; protection of NGDC infrastructure; and security services provided to users of applications. This is a micro study of security architecture purely with respect of NGDCs instead of broader topics associated with it such as any cloud computing ones. Because NGDCs use a high number of physical resources and the service environment is dynamic in nature, the centers are able to become reliable and available. This paper deals with security services available for protection of data centers. Protection against threat to NGDCs is what this paper primarily focuses on. This is done with the use of an approach that works with layering that is present within next-generation data centre. This includes deployment of virtualization, and creating increased processing abstraction. While this is familiar practice that a hypervisor relies on, with NGDCs comes along a new layer of abstraction. With this layer, applications can be managed and hosted independent of hypervisors. This paper offers a good understanding of NGDC security requirements and provides countermeasures towards that end.