PLUMgrid Secures OpenStack With Networking Suite

Instead of using SSL for data in motion encryption, PLUMgrid is leveraging a new approach to keep the cloud safe.


The open-source OpenStack cloud platform is getting a security boost today thanks to software-defined networking (SDN) vendor PLUMgrid. PLUMgrid's new OpenStack Networking Suite is an attempt to provide virtual networking and security through the use of a number of innovative technologies.

The OpenStack cloud platform is made up of multiple components, including the Neutron networking project. The PLUMgrid OpenStack Networking Suite plugs into Neutron, enabling cloud administrators to create and manage a virtual cloud network. The PLUMgrid solution has a plug-in that works with the recent OpenStack Icehouse release as well as one for the OpenStack Havana release that debuted in 2013.

The PLUMgrid solution is built on top of the company's SDN platform that was first announced in June 2013. At the time, PLUMgrid was just emerging from its stealth phase and had received $10.7 million in funding.

Awais Nemat, co-founder and CEO of PLUMgrid, told eWEEK that his company has now raised a new $16.2 million round of funding to help further advance PLUMgrid's technologies. The OpenStack Networking Suite, Nemat said, is built on top of his company's core PLUMgrid platform, which includes a virtual switching technology known as IO Visor. The IO Visor technology is now in the process of becoming part of the open-source Linux kernel, with some components already included in the Linux 3.15 kernel.

The PLUMgrid OpenStack Networking Suite introduces the idea of a virtual private cloud to the OpenStack market. Amazon Web Services has been providing a virtual private cloud (Amazon VPC) to its users, providing privacy and isolation for a cloud deployment.

"We are bringing to OpenStack secure virtual domains that you can think of as VPC on steroids," Nemat said. "It's a private, logical data center."

The way it works is a virtual domain can be spun up that provides an independent and private IPv4 address space and other private networking services, including router, DNS and load balancing capabilities.

Networking is only one aspect of any OpenStack deployment; there is also the Nova compute project within OpenStack that provides the actual compute virtualization layer. Pere Monclus, co-founder and CTO of PLUMgrid, explained to eWEEK that the virtual machine is created by OpenStack Nova and the network is an area where enforcement of privacy and security policy can occur.

One of the particularly interesting ideas that the PLUMgrid OpenStack Networking Suite introduces, aside from tenant isolation using private virtual networks, is the notion that all traffic within the network is encrypted. Secure Sockets Layer (SSL)-based encryption for data in motion is widely used within OpenStack, but PLUMgrid isn't using SSL. Instead, Monclus said that the technology his company is using is an overlay-based encryption approach within VXLAN. VXLAN is a key SDN networking protocol that typically does not include encryption. If there is a security breach where traffic gets sent to the wrong location, the traffic is encrypted, limiting the risk, he noted.

PLUMgrid is now working with its partners to submit a draft proposal that includes its VXLAN encryption features as part of the main VXLAN standard, Monclus added.


To help expedite workload deployments, the PLUMgrid OpenStack Networking Suite includes recommended blueprints for specific deployments. The first round of blueprints that PLUMgrid is making available includes one for the CloudFoundry platform-as-a-service (PaaS) technology.

The idea of rapid deployment models for workloads within OpenStack is not a new one. The Heat orchestration project was included as part of the OpenStack Havana release in October 2013, providing a template-based approach for cloud application deployment.

Monclus noted that PLUMgrid does not currently leverage Heat, though he said it is on the roadmap for future automation and orchestration.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.