Enhancing the Quality of Service of Cloud Computing in Big Data using Virtual Private Network and Firewall in Dense Mode

Cloud Computing entails accessing and storing programs and data over the internet instead of the hard drive of a personal computer. Over the Internet, it is the practice of software and hardware to pass a service. Cloud gives the ability to consumers to access big data and use applications from every device that can have access to the internet, however, the key problem is security and this can be solvable by a firewall and Virtual Private Network. Recently, research has been accomplished in deploying firewalls and Virtual Private Networks with parameters of throughput and load in sparse mode. In this paper, an examination of firewall and Virtual Private Network is considered based on average throughput, average packet loss and average end-to-end delay in dense mode. To examine the performance of cloud computing without Firewall and Virtual Private Network, with firewall only, and with firewall and Virtual Private Network is the research goal. The simulation results have shown that Firewall and Virtual Private Network offers better security through a wide investigation with slight distress in the cloud performance. Keywords—Cloud computing; big data; firewall; virtual private network; security; performance


I. INTRODUCTION
The Internet is growing vigorously these days. The cost of storing data, the power consumed by computers, and the hardware are increasing and expanding. The storage space in the data centre isn't enough to meet the requirements. Also, the system and service of the internet can't solve the said issues. The researchers and academia work to find new solutions. At the same time, large enterprises have to study data sources entirely to support their business. The collection and analysis must be built on a new platform such as Cloud Computing. In [1], the need for Cloud Computing by the business community is addressed? It is stated how to utilize the resources of a computer, how to increase the economic efficiency by improving the utilization rate, and how to decrease the equipment energy consumption. Cloud Computing is a computing technique in which capable and changeable information technology (IT) gives service to external clients using internet technology. Cloud Computing is not a fundamental idea instead it's a developmental concept that combines different existing techniques to recommend a new useful IT providing tool. Through the internet, Cloud applications expand their availability and accessibility by using large data centres and powerful servers that host web applications and services [2]. Those who have a standard internet connection, as well as browser, can be connected to the cloud applications. Cloud-based computing is a model that allows suitable on-demand network access to a shared pool of configurable assets of computing resources (e.g., networks, servers, storage, services, applications) that could be quickly provisioned and released with minimal management efforts or service provider interaction [3].
Cloud Computing technique helps in computing different tasks like efficiency, reduced cost, performance, quick deployment and easy access to the information, etc. The important issue in cloud computing is the security which needs to be improved. Earlier a couple of security mechanisms such as firewall and VPN has already been introduced and standardized for guaranteeing the security that influences the cloud performance in regards to the quality of service parameters. As per the literature survey, very few research attempts have been observed and prepared to examine average end-to-end delay, average throughput and average packet loss in dense mode. 1) E-Learning: Cloud Computing is a significant technique that can be used in education (e-learning) to create attractive environments for teachers, students, and researchers to retrieve information by using the cloud of parent organization [4].
2) E-Governance: A government can provide an efficient service to its citizens, institutions, and their cooperation by using Cloud-based computing [5]. This can make the environments more scalable and customizable by reducing the energy to manage, install, and upgrade the applications.
3) Cost efficiency: By using the Cloud Computing technique, the Cost and budget of a company can be reduced to a great extent rather than relying purely on traditional desktop-software based approaches [6], such as it provides the facilities to users or customers to use hardware and software owned by other companies without the hesitant of managing and purchasing them, or without purchasing the required application by accessing the third party servers with the help of internet. 4) Almost unlimited storage: Unlike traditional desktopbased computing approaches. Cloud computing offers the facility of unlimited storage. 5) Backup and recovery: As compared to physical desktop hard drives, in cloud computing the data is stored on many servers across the globe where one can easily retrieve data from the cloud [7].
6) Easy access to information: By accessing the cloud one can easily upload and download data from anywhere in the world by using different gadgets.

7) Automatic software integration:
Cloud-based computing is the automatic integration system that can integrate and update the software automatically which means that there is no need of the user to update the software itself. 8) Quick deployment: One of the vital advantages of cloud computing is its fast deployment. Once the account and procedure of data uploading and downloading are familiarized, then the user can easily retrieve data anywhere by using the application with the appropriate support of internet connection. 9) Fresh software: With the help of SaaS (Software as a Services), Cloud computing provides the latest version of software's to use in commerce and also to clients when they are released [8].
10) Always-on availability: The cloud providers are trustworthy to deliver their services and facilities to users/customers as efficiently as possible.

B. The Architecture of Cloud Computing
From the architecture perspective, the cloud computing architecture is composed of several important characteristics or components, three service models and five deployment models, that are illustrated in Fig. 2

1) Deployment models of cloud:
Cloud-based computing is established [9] on settlement models such as Public Cloud, Private Cloud and Hybrid Cloud, moreover, for different purposes, community cloud networks and mobile cloud are also used. a) Public Cloud: This model delivers and stores a huge size of data and other facilities for the access of the general community from facility providers, spending facilities as pay/ use or cost-free. b) Private Cloud: This model is used in fog computing by a different organization and recycled via the certified worker of that organization. In other words, Private cloud is one of the deployment models that is normally used by an individual organization or used by the authorized users of that organization. c) Hybrid Cloud: In such systems, the organization use the important data or information on the private cloud, and the data which is less secured is being used on public could thus in such a situation the Hybrid Cloud is commonly preferred to be used, which means that this model is the mixture of double models of Cloud deployment such as community, private or public cloud models. d) Community Cloud: A community cloud is a distinctive model of cloud deployment in which an organization is dispersed by numerous organizations that chain a precise community that has mutual concerns. A community cloud is shaped when numerous organizations share common infrastructure with similar necessities. e) Mobile Cloud: The practice of cloud computing in mixture with portable mobile devices is known as being a Mobile cloud [10]. The occurrence of Cloud computing www.ijacsa.thesai.org happens when on the internet data and information are kept somewhat compared to separate strategies, giving access on demand. In the situation of mobile cloud, applications run on the server remotely and formerly user receives them. Mobile applications are rapidly developing a section of the worldwide mobile market. Several mobile corporations have their cloud and the user takes functionality from the mobile cloud.
2) Services model of cloud: Cloud computing service suppliers provide the three services to the end-user such as Infrastructure as a Service (IaaS), Software as a Service (SaaS), Platform as a Service (PaaS) [11].
a) Infrastructure as a Service (IaaS): Infrastructure as a Services (IaaS) provides physical components over the internet. Infrastructure as a Services provides the Infrastructure physically or virtually such as load balancer, virtual machine, data storage spaces, caching. IaaS is known as Hardware as a Service, as in IaaS the clients aren't afraid of managing and purchasing data centres and hardware's as all these things are controlled by the cloud service provider. The Cloud services provider could allow one to store data in the data center based on the size requested.

C. Security Issues in Cloud Computing
Cloud computing comes up with numerous major issues and trials concurrently. Like availability, performance, and security. In [12], amongst the challenges in Cloud computing, security is one of the significant and critical issues.
The security challenges in Cloud-based computing are very vast, dynamic and versatile [13]. Location transparency and data location is an important issue in the security of Cloud computing as the record is stored on virtual servers in the cloud. The users without knowing the exact location of its data storage due to which the act about data protection might be violated and affected.
In Cloud-based computing, security issues occur due to the usage of the network in Cloud computing, as users want a network connection to enter that information and resource that is of need [14]. Due to which an unauthorized user may also interfere in the network of Cloud computing. As shown in Fig. 3, the security issues are rated up to 74.4% amongst all the challenges faced by Cloud Computing.
The main issue in Cloud-based computing is to assure security. Therefore, a security technique needs to be deployed that permits only those users who are authorized and blocks those users who are not trustworthy in the cloud computing network. Two methods or techniques are deployed in an association such as firewall and VPN to improve the security in Cloud-based computing. VPN is one of the preferred technique that is used for secure data transmission from and to the Cloud. Within the VPN secured and reserved sub tunnels can be generated. VPN connects and transmits data with the help of a concept called tunneling. First, the packet is protected (encapsulated) in a fresh packet by a fresh header before it is transmitted into the VPN tunnel. The header provides information about the router of the corresponding packet, while the packet is roaming in a network that is shared before it is gotten by the tunnel destination. This encoded track is enveloped or compressed in which the packet travels is known as a tunnel. This summarized packet is 'decapsulated' and sent to the final destination when it extends the endpoint of the tunnel. Both the termination points of the tunnel desires to provide a similar tunneling protocol. That protocol works on the data link layer (layer two) or the network layer (layer three) of the open system interconnection (OSI) model. The best well-known protocol used for VPN is Internet protocol security (IPsec) and point to point tunneling protocol (PPTP). VPNs are usually employed by using the IPsec. It is a standard way for the employment of a VPN. The IPsec and VPN are recognized very well and developed in a manner to offer strong security which gives access control, data confidentially and authentication. By assimilating IP security infrastructure into the wireless LAN's infrastructure is a simple effort to transmit wireless traffic and the VPN will provide the security to that traffic [15] as shown in Fig. 4.
A firewall is used for packet filtering between the outside world and the internal network. As the firewalls have been employed on large public networks from many years that's why firewalls have been used with VPN. Another reason for using a firewall with VPN is because of its important role and the security of the network. The joint implementation of firewall and VPN has a great impact on the performance of Cloud Computing in terms of quality of service (QoS) parameters [16].

D. Firewall
A firewall is a device used for security that detects incoming and outgoing traffic for network and a choice is made on the basis that which packet needs to be allowed and which to be blocked based on administration policy for the firewall [17]. It is like a barrier and the entire traffic (leaving or arriving) must be passed via this barrier. Only permitted traffic as defined by the cloud service provider in local security policy that will be allowed to pass. The firewall is normally considered as a tool that filters the packets, that acts as a barrier between the public and private networks. The word firewall is used in a computer that implies a device that guards the network against traffic that is untrusted. www.ijacsa.thesai.org

1) Types of firewall:
Firewalls are classified into three basic types: proxy servers (that is divided into two subtypes application gateways, circuit-level gateways firewall), statefull packet filters and packet filters firewall [18], as shown in Fig. 5.
a) Packet Filters Firewall: One of the most basic types of firewall is the packet filter firewall. Packet filter is applied for safety to shield the inside network users from outside network threats. This kind of firewall is the initial firewall that is used for the security of the network. It is used to monitor network entrances or access by observing incoming and outgoing packets and then making a decision based on the interior protocol address (IP address) of source and destination to allow and halt packets from the network. This packet filter firewall works on the third layer of the OSI model which deliver highly effective security mechanism. This kind of firewall is also known as static filtering. When it is implemented in a network the packet filtering is one of the most important procedures that are essential for security concern.
b) Proxy Servers: A proxy server is a kind of firewall that saves and shelters the properties of the network by data filtering at the seventh layer of the OSI model. This kind of firewall is the best kind of firewall. It provides security that is improved due to proxy data and information that doesn't allow transmitting over proxy as proxy acts as an intermediate between server and clients. A proxy server firewall provides and delivers internet access to network users. They are either on the application layer or the transport layer. This type of firewall is of two categories one is application gateway (work on application layer) and second is the circuit-level gateway (work on transport layer). c) State-full Packet Filters: State-full packet filters are similar to a screen that exists between the server and users. This device uses state-full packet filtering for observing all packets of data when arrived on the screen. The screen examines the data based on the set of security policies.

E. Virtual Private Network (VPN)
VPN (Virtual Private Network) technology provides a way of protecting information being transmitted over the internet, by allowing users to establish a virtual private "tunnel" to securely enter in internal networks, accessing resources, data and communications via an insecure network such as the internet. A VPN is a private network connection [19] that provides one's a facility of secure connection in existing public network in a remote area. In VPN each record (video, voice, and file) is an encrypted form goes to a secure virtual tunnel among the clients and the VPN provider server to cloud computing services.

1) VPN tunneling:
A VPN tunnel is an encoded or encrypted or cipher path between a user and another network. To learn more that how a VPN works then it easily understand to looking at the procedure of tunneling data. A VPN tunnel is often called a virtual private network which is an encrypted path between one's computer and the server of VPN that provides the VPN services. As the connection is encrypted nobody is allowed to monitor, modify or stop one's communication. All of the communication and the data is travel in a VPN tunnel so nobody is allowing to examine the data. The VPN tunnel protects one's chatting, browsing and all other traffic from the snooping eyes of one's Internet service provider (ISP), government and also from the person who controls the Wi-Fi (wireless fidelity) which one uses to connect as shown in Fig. 6 [20]. 2) Privacy in VPN tunnel: A VPN tunnel offers safe and free of intrudes connection [21]. Moreover, using VPN hides the IP address, and browsing data. Nobody can discover your real locality or IP address if one is using a VPN tunnel. One's VPN server will be merely catchable.

II. RELATED WORK
After studying the literature in Cloud computing, different techniques are used for ensuring the security of networks, such as firewall and VPN. Firewall plays a vital role in network security because a firewall can scan all the traffic on the network and filter the packets and allow only those packets or users which are authorized. While implementing a firewall, the network administrator faces issues of conflicting policies. A firewall supports multiple distributed policy which may cause delay, system overhead and time-consuming. Various authors have used firewall and VPN for security purpose however every one has its limitations. In this paper, the issue of security is the main problem in the wireless LAN standard IEEE 802.11 in Cloud computing [22].
The performance is a major issue as the firewall tool checks all incoming and outgoing packets, it consumes time and produces overhead in the system which affects the service level agreement (SLA) [23]. A cloud-based firewall is difficult to configure efficiently. To support distributed processing environments and to overcome the conflict of making security policy rules set by the network administration [24]. Implementing Firewalls cost enough budget as for as lowlevel business is concerned. The amount of implementing a firewall is approximately 116,075$ for one year to keep its deployment and maintenance [25]. VPN is a security mechanism that allows user to access common applications such as HTTP, load, Email. However, using the VPN can achieve the security but it also degrades the performance of the network in terms of throughput, etc. [26]. Once some attacks occur against Cloud service the response time of system firewall becomes overhead of performance due to the huge arrival of packets. So, it will take a long response time which will be the violation of service level agreement (SLA) and the decrease in customer fulfilment [27]. In a computer networking environment, a firewall protects internal nodes from the external attack and the internal nodes as well because a firewall is managed by the system administrator. Therefore, it is needed to handle the firewall in a new way which satisfies the requirement of Cloud computing [28]. Firewalls can be an essential part to secure network that prevents hackers away from a computer network, in this regard, the procedure of configuring a firewall is a difficult and stressful job [29]. When the external users try to enter the Cloud computing network, so, first they undergo through the vital barrier of firewall that provides networks security and allow only those users who are compliant and give safety from different attacks such as HTTP DoS (Denial of service) or brute force attack. [30,31].

A. Simulation Parameter Selections
The parameters used in the simulation are given below in Table I.

B. Performance Parameters
In this research there are three performance parameters used are discussed as follows. 2) Average end-to-end delay: It is the total time taken by a packet to reach from source to destination and is represented in seconds/millisecond. Thus, in the research work achieved, one of the parameters is the average end-to-end delay as declared in equation (2).

C. Network Objects
The following objects are used.

D. Network Simulation Scenario
In this paper, the optimize network simulator was chosen that contain three different scenarios that will investigate the performance of the network with different illustration as mention below.

1) Without firewall and VPN scenario:
In the scenario shown in Fig. 7, there are several workstations connected to three Access Points (Access Point-1, Access Point-2, Access Point-3) which are configured for three BSS. The Access Points are connected by PPP-DS1 to IP cloud (Internet) and then further connected by PPP-DS1 to Router D connected by PPP-DS1 to three Servers (Server AA, Server BB, Server CC) which represents three departments. The scenario architecture and layout are as shown in Fig. 7.
2) With firewall no VPN scenario: In the scenario shown in Fig. 8, there are several workstations connected to three access points (Access Point 1, Access Point 2, Access Point 3) which are configured for three BSS. The access points are connected by PPP-DS1 to IP cloud (Internet), then further connected by PPP-DS1 to Firewall and Router D by PPP-DS1 to three Servers (Server AA, Server BB, Server CC) which signifies three departments. In the scenario, the firewall is selected to stop servers from any exterior entree to/ (browsing over the web) from the servers.

3) With firewall and VPN scenario:
In the scenario shown in Fig. 9, several workstations are connected to three access points (Access Point 1, Access Point 2, Access Point 3) which are configured for three BSS. These access points connected by PPP-DS1 to IP cloud (Internet), then further connected by PPP-DS1 to Firewall and Router D by PPP-DS1 to three Servers (Server AA, Server BB, Server CC) which represents three departments. In the last scenario, the firewall is used to stop servers from any outside access to HTTP (web browsing). The VPN tunnel would be chosen to let the clients (PCs) from Access Point-1 to access HTTP (web browsing) from the servers in the scenario. The traffic generated by Access Point-1 is not cleaned by the firewall and let users from the Access point-1 because the IP packets in the tunnel will be condensed inside an IP datagram. The scenario design and arrangement is as shown in Fig. 9

IV. COMPARISON AND ANALYSIS
After implementing the scenario, the results are packed, stored and compared with each other, then the results are graphed by using the Origen Lab 2020, the parameters selected for the decision are average throughput, average endto-end delay, and average packet loss.
Three scenarios had been prepared to examine the impact of firewall and VPN in Cloud-based computing in current research by using optimized network modular 14.5 simulators. In the paper, the results and graphs are discussed below for investigating the performance of the Cloud computing network after applying a firewall and VPN.

A. Simulation Results
For each scenario, to inspect the performance of Cloud computing "without Firewall and VPN", "with Firewall no VPN" and "with Firewall and VPN" are used, the following three performance parameters that are 'Average Throughput', 'Average End-to-end Delay', and 'Average Packet loss'.

1) Average throughput:
The number of successfully received packets from source to destination as per unit time. It is calculated in bits per second (bps) or packet per second.   Fig. 10 shows the comparison of average throughput for "no Firewall and no VPN", "with Firewall no VPN" and "with Firewall and VPN" in Cloud-based computing. 18 nodes and 3 servers are included in the scenario. The simulation time per second is displayed on the horizontal axis, whereas the network average throughput (bits/sec) is displayed on the vertical axis. The network average throughput presence of no firewall no VPN is represented by the square line while network average throughput presence of with firewall no VPN is showed by circle line, whereas the network average throughput presence of with firewall and VPN is presented by triangle line. The average throughput improved with the presence of nodes 'without firewall and VPN' as compared to 'with Firewall no VPN' and 'with the firewall with VPN' by the wide investigation since without any hurdles users can send and receive the data. The impact of 'firewall and VPN' on the cloud computing network is verified and It has been confirmed from the graph that the presence of 'no firewall no VPN' gives an improved rate of average throughput than the presence of 'firewall and no VPN' and 'with the firewall with VPN' in a cloud-based computing network. It was revealed through broad simulation that firewall and VPN affect cloud performance while provides better security.
2) Average end-to-end delay: It is the total time taken by a packet to reach from source to destination and is represented in seconds/millisecond.  Fig. 11 shows the comparison of average end-to-end delay for 'no firewall and no VPN', 'with Firewall no VPN' and 'with a firewall with VPN' in Cloud-based computing. 18 nodes and 3 servers are included in the scenario as well. The simulation time per second is displayed on the horizontal axis, whereas the network average end-to-end delay (sec) is displayed on the vertical axis. The network average end-toend delay (sec) presence of 'no firewall no VPN' is represented by the square while network average end-to-end delay (sec) presence of 'with firewall no VPN' is showed by circle line, whereas the network average end-to-end delay (sec) presence of 'with the firewall with VPN' is presented by triangle line. The average end-to-end delay slightly greater 'with no firewall and no VPN' in comparison 'with Firewall no VPN' and 'with the firewall with VPN' as all clients had willingly requested for all three applications like HTTP, FTP, Email so that's why a huge amount of traffic was accessible. Besides, in the presence of a firewall, the firewall has blocked the HTTP traffic and the only VPN give open access to its users to use this traffic. When in the network, users are limited so its Average end-to-end delay will also get reduced like results shown below in Fig. 11. The graph shows the influence of the firewall and with a VPN on a cloud-based computing network. It is proved from the results that in presence of no firewall and no VPN average end-to-end delay was slightly greater than the presence of 'firewall no VPN' and 'with the firewall with VPN' in a network of cloud-based computing.
3) Average packet loss: Packet loss happens whenever a packet flops to the extent of the target while roaming through a network of computers. It is normally initiated by crowding over a network. In the presence of Firewall and VPN, it is also significant to investigate the average packet loss.    It has been verified from the graph that average packet loss is greater in case of scenario 'with firewall and no VPN' as compared to the presence of 'no firewall no VPN' and 'with firewall and VPN' in a network of cloud-based computing. It is examined by wide simulation that firewall and VPN affect network performance of cloud though it provides better security.

B. Average Http Traffic Comparison of No Firewall No VPN, with Firewall No VPN and with Firewall VPN
Firewall blocked the traffic of Http while at VPN side Http traffic was simply allowable for users. Those users who are not using the service of the VPN tunnel cannot able to access Http traffic from the servers as the traffic was filtered by the firewall and tested that this request was of VPN. If those users were of VPN then they were allowable by a firewall to access the traffic of Http from the servers.

1) Server AA Average http traffic received:
The server AA average Http traffic received the number of requests that were made by the user to server AA that was a part of a Cloudbased computing network. The server AA Http traffic received was presented in bytes per second (bytes/sec).  Only those 6 nodes were VPN users that were connected to access point-1. These users were permitted to access Http traffic in the presence of firewalls and VPN. Simulation time per second is shown on the horizontal axis, though the Server AA average Http traffic received (bytes/sec) is displayed on the vertical axis. The Server AA average Http traffic received is displayed with the square line in the presence of 'no firewall no VPN' and the Server AA average Http traffic received is displayed with the help of circle line in the presence 'with firewall no VPN', while the Server AA average Http traffic received is shown with triangle line in the presence of firewall and VPN. In the presence of a VPN and firewall, the Server AA average Http traffic received was minimum in comparison with 'no firewall and no VPN', and the result shown in the graph is zero 'with a firewall and no VPN' as when the firewall is implemented for Http there are no facilities of VPN so no transmission took place between client and server. The results show the impact of firewall and VPN on Server AA in a network of Cloud-based computing. It has been revealed from the graph that the presence of 'no firewall and no VPN' give maximum Server AA average Http traffic received than the presence of 'with Firewall no VPN' and 'with Firewall and with VPN' in a network of cloud-based computing. Through extensive simulations It was showed that firewall and VPN affect the performance of the cloud however it gives better security.
2) Server AA Average http traffic sent: The server AA average Http traffic sent to represent the amount of data sent by the servers and received by the users which are present in the cloud computing network. The server AA average Http traffic sent is represented in bytes per second (bytes/sec). www.ijacsa.thesai.org   among these 18 nodes, the 12 nodes do not have the accessibility to access Http traffic as just 6 nodes of VPN that were connected to access point-1 were the VPN users. They were only allowable to access Http traffic in the presence of a firewall with the help of VPN. The simulation time/second is showed on the horizontal axis, whereas the Server AA average Http traffic sent (bytes/sec) is shown on the vertical axis. The Server AA average Http traffic sent is displayed with the square line in the presence of 'no firewall no VPN' and the Server AA average Http traffic sent is presented with the circle line in the presence of 'firewall no VPN', whereas the Server AA average Http traffic sent is presented with triangle line in the presence of 'VPN and firewall'. The Server AA average Http traffic sent was minimum in the presence of a firewall and VPN as compared to 'no firewall and no VPN'. And the graph for 'with firewall and no VPN' is zero as whenever employing the firewall for Http 'without VPN so no Http communication was achieved between server and nodes. The results show the impact of firewall and VPN on server AA in a cloud computing network. From the graph, it has been verified that the presence of no firewall no VPN gives maximum server AA average Http traffic sent than the presence of 'with firewall no VPN and 'with firewall and VPN in a cloud computing network. Through extensive simulations, it was observed that firewall and VPN affect cloud performance while it gives better security.

V. CONCLUSION
In this paper, the research work links the VPN and Firewall effect on the performance of cloud computing. The cloud computing network is simulated and evaluated for without firewall and VPN with the help of OPNET modeler 14.5; and then compared and analyzed the performance of Cloud computing after deploying "with firewall and without VPN" and "with firewall and with VPN" in term of average throughput, average end-to-end delay and average packet loss. The simulation results indicated that average throughput and average end-to-end delay of the network was decreased when implementing firewall and VPN. It seemed from the results that IP VPN is a properly effective method for transferring of data over the Cloud computing network because it provides a suitable level of security and the end-to-end delay is unaffected in the network. Besides, simulation results also revealed the fact that the average packet loss increases with the presence of VPN and firewall. From the analysis, it is concluded that deploying the firewall and VPN slightly affects the performance of Cloud computing network while it gives better security.