ENGINEERING
and TECHNOLOGY RESEARCH

Hybrid cloud is composed of enterprise private cloud and public cloud tenant network. It has effectively reduced construction cost, improved enterprise IT construction efficiency and expansibility of private cloud, and brought security risk such as fuzzy boundary at the same time. This thesis studies the common access control means used in current hybrid cloud and has proposed a unified strategy control mechanism to address hybrid cloud. By applying software-defined network and network function virtualization, the mechanism has succeeded in multi-granularity of flow in east-west direction and in north-south direction of virtual network, realized internally unified access strategy, and improved the efficiency and flexibility of access control.

hybrid cloud; access control; micro-segmentation; software-defined security; software-defined network