VSITE: A scalable and secure architecture for seamless L2 enterprise extension in the cloud

This paper presents an end-to-end architecture, called VSITE, for seamless integration of cloud resources into an enterprise's intranet at layer 2. VSITE allows a cloud provider to carve out its resources to serve multiple enterprises simultaneously while maintaining isolation and security. Resources (allocated to an enterprise) in the cloud provider appears "internal" to the enterprise. VSITE achieves this abstraction through the use of VPN technologies, the assignment of different VLANs to different enterprises, and the encoding of enterprise IDs in MAC addresses. Unlike traditional layer 2 VPN technology such as VPLS, VSITE suppresses layer 2 MAC learning related broadcast traffic from reaching the remote sites. VSITE makes use of location IP (represents location area) for scalable migration support. The MAC or IP address of a VM is not visible in data center core. VSITE hypervisor enforces security mechanisms to prevent enterprises from attacking one another. Thus, VSITE is scalable, secure and efficient, and it facilitates common data center operation such as VM migration. Because VSITE extends enterprise network at layer 2, this offers transparency to most existing applications and presents an easy migration path for an enterprise to leverage cloud computing resources.