Z Gallerie, a home décor and furniture retailer based in Los Angeles, wanted to take advantage of Amazon Virtual Private Cloud as a test bed for Web development. The goal was to have a VPN connection from the company’s corporate network to Amazon’s network to provide secure remote connectivity for developers around the world while taking advantage of the scalability of Amazon’s cloud platform.
Now we have a virtual private cloud, leveraging all the features and functions of Amazon, but with the security of a VPN.
Howard Kolodny, vice president of IT, Z Gallerie
But there was a problem: Z Gallerie is a Cisco Systems shop and Amazon VPC doesn’t support Cisco natively, said Howard Kolodny, vice president of IT at Z Gallerie. The idea of swapping out its corporate firewall to enable a compatible cloud VPN wasn’t a reasonable alternative.
Then the retailer came across Belmont, Calif.-based Vyatta Inc. and its software-based network operating system. The Vyatta Network OS, which provides network security and connectivity in a software appliance, enabled Z Gallerie to use AWS VPC without having to swap out its firewall, Kolodny said.
“It made Amazon part of our corporate network. Now we have a virtual private cloud, leveraging all the features and functions of Amazon, but with the security of a VPN,” he said.
Limited network security with Amazon VPC
Organizations that are moving to cloud and hosted environments are finding the networking and network security capabilities offered by providers like Amazon and Rackspace aren’t all that sophisticated, said Eric Hanselman, research director of the networking practice at 451 Research, a division of analyst firm The 451 Group. Vyatta fills the gap, he said.
“There weren’t many ways to be able to connect outside of VPC in other than Amazon-created tunnels and those, like the other networking capabilities in Amazon EC2 and VPC, don’t give you a lot of filtering controls,” he said.
“You could terminate that tunnel into a physical router, but if you want flexibility in the way you build your own internal infrastructure and how you’re leveraging cloud infrastructures, [Vyatta] gives you the ability to have a router you can use for all the filtering and tunnel definition capabilities that would mimic those available in a full physical router.”
Vyatta’s advantage over competitors such as Cisco is that it can be run in any type of virtualized or hosted cloud environment, Hanselman said. “Any place you have the ability to stand up a virtual appliance,” he added.
Chenxi Wang, vice president and principal analyst at Cambridge, Mass.based Forrester Research Inc., cited Vyatta as one of the vendors organizations can consider when they need additional network security capabilities in an IaaS environment. Vyatta’s technology allows for network security capabilities, such as firewall and IPS to be packaged together and deployed as software, she said during a cloud security virtual seminar hosted by SearchSecurity.com and SearchCompliance.com in May. Other vendors in the cloud network security space include CloudPassage Inc. and Dome 9 Security Ltd., she said.
In general, most IaaS providers offer host-based firewalls, but it’s up to the customer to configure and manage each host, Wang said. Few IaaS providers offer built-in IPS; customers need to roll their own or use a third-party vendor, she said.
Looking ahead, Z Gallerie is planning to move its production website to the Amazon VPC environment. The company will use Vyatta to manage and secure access of the administrative functions of the site, Kolodny said.
Z Gallerie wants to eliminate its need for physical computing equipment, he said.
“My goal is to never buy another server,” Kolodny said. “We’re about selling people furniture, home accessories and framed art. To the extent we can focus energies on that and not on buying and configuring and managing servers, our energies will be better spent. An environment like Amazon that allows us the flexibility and convenience of provisioning the servers we need, when we need them, is remarkable.”