Politecnico di Torino (logo)

Automatic management of network firewall rules in a hybrid and multi-cloud environment

Claudio Nuzzo

Automatic management of network firewall rules in a hybrid and multi-cloud environment.

Rel. Martino Trevisan. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022


Taking advantage of cost and performance improvements, enterprises are extending their networks significantly further than the traditional on premises data centers and now incorporate software-defined networks, micro-segmentation and multiple clouds, both privates and public. The migration of applications to clouds has become an indispensable strategy for businesses, as clouds offer many financial, performance and operational benefits. The typical medium to large enterprise now operates a dynamic heterogeneous network that includes on premises data centers, private clouds and public clouds, in the so-called hybrid and multi-cloud environment. This heterogeneous structure leads to the need to manage firewalls from different vendors, thousands of rules and hundreds of weekly or monthly changes, and the need to interact with different cloud providers, each with their own language and methods. In this context, the need to create a mechanism for the automation of network and firewall configurations that allows each company to be independent of on premises equipment vendors or cloud providers becomes essential. In this thesis will be presented a product that, starting from a hybrid and multi-cloud environment, aims at creating a solution for the automation of the configuration of firewall rules through the creation of an abstract and universal data model, which can be interpreted by the involved environments and the definition of a workflow able to apply the rules on the affected environments. The implemented solution includes a system built on top of Flask, one of Python's frameworks for creating API engines, integrated with Bitbucket, Rundeck, Terraform and Tufin: this enables the complete, unified and vendor-agnostic application of the rules required to define communication between technology layers, performing a high-level translation of these policies and applying them in a short timeframe and without the need for human intervention on both on-premises and private and public cloud environments.

Relators: Martino Trevisan
Academic year: 2021/22
Publication type: Electronic
Number of Pages: 93
Additional Information: Tesi secretata. Fulltext non presente
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: Accenture SpA
URI: http://webthesis.biblio.polito.it/id/eprint/22844
Modify record (reserved for operators) Modify record (reserved for operators)