Evaluation of Virtual Firewall in Private Cloud
Hokkanen, Tommi (2016)
Hokkanen, Tommi
Metropolia Ammattikorkeakoulu
2016
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201701091215
https://urn.fi/URN:NBN:fi:amk-201701091215
Tiivistelmä
The Master’s Thesis study evaluates the deployment and performance of a virtual firewall appliance in a private cloud setting. The objective was to study virtual firewall technology in the perspective of a network service provider. The scope of the study was limited to virtual firewall appliance deployment and network throughput benchmarking with various network configurations. Other aspects of virtual firewalls, such as security functions, are not discussed in detail. The benchmarks contained the following virtual firewall use-cases: stateful firewall throughput, UTM services throughput, IPSec VPN throughput and SSL VPN throughput.
As the background for the study, key concepts of virtualization, network virtualization technologies and network performance testing methods were researched. Also, the current state of the network service provider’s firewall product portfolio was analyzed. Based on this background work, the virtual firewall under test was chosen to be Fortinet’s Fortigate-VM. Then, methodology for virtual firewall performance testing was created. The performance measurements were carried out in a laboratory network purpose-built for the case. The laboratory network consisted of two server machines and a switch. A Microsoft Hyper-V hypervisor was installed on one of the servers and virtual network was created. Virtual network consisted of virtual firewall appliance, virtual switches and Linux virtual machines.
The results showed that virtual firewall throughput performance was close to that of the same vendor’s (Fortinet) low-end physical appliance firewalls. In addition, it was found that virtual firewall deployment and configuration was practical and straightforward. No major issues were encountered in any part of the deployment. The conclusion was drawn that virtual firewall network performance is feasible and the technology is ready for production use. The developed test method will be replicated in other deployment scenarios in the future. In the next phase of the virtual firewall productization, the performance of a virtual firewall appliance deployed in Microsoft Azure and Amazon Web Services public clouds will be evaluated using the developed method.
As the background for the study, key concepts of virtualization, network virtualization technologies and network performance testing methods were researched. Also, the current state of the network service provider’s firewall product portfolio was analyzed. Based on this background work, the virtual firewall under test was chosen to be Fortinet’s Fortigate-VM. Then, methodology for virtual firewall performance testing was created. The performance measurements were carried out in a laboratory network purpose-built for the case. The laboratory network consisted of two server machines and a switch. A Microsoft Hyper-V hypervisor was installed on one of the servers and virtual network was created. Virtual network consisted of virtual firewall appliance, virtual switches and Linux virtual machines.
The results showed that virtual firewall throughput performance was close to that of the same vendor’s (Fortinet) low-end physical appliance firewalls. In addition, it was found that virtual firewall deployment and configuration was practical and straightforward. No major issues were encountered in any part of the deployment. The conclusion was drawn that virtual firewall network performance is feasible and the technology is ready for production use. The developed test method will be replicated in other deployment scenarios in the future. In the next phase of the virtual firewall productization, the performance of a virtual firewall appliance deployed in Microsoft Azure and Amazon Web Services public clouds will be evaluated using the developed method.