Professional Documents
Culture Documents
Chapter 10 PDF
Chapter 10 PDF
Private Cloud
Public Cloud
Software-as-a-Service (SaaS)
Platform-as-a-Service (PaaS)
Infrastructure-as-a-Service (IaaS)
Elastic Environment
Multitenant Environment
Resilient Environment
Cloud Bursting
COMPOUND
PATTERN
PATTERN
VS.
COMPOSITE
JOINT
APPLICATION
APPLICATION
VS.
COEXISTENT
PRIVATE CLOUD
PUBLIC CLOUD
The Public Cloud compound pattern encompasses the patterns that comprised
Private Cloud (474), and further expands upon the private cloud feature-set to
provide multitenant functions in support of a broader range of diverse cloud
consumers. Key aspects that distinguish the public cloud are its emphasis on
resource sharing, billing, and the isolation of cloud consumer trust boundaries.
The administration of larger pools of IT resources that are unpredictably
accessed and utilized by different cloud consumers can become a significantly
more complex responsibility for public cloud providers.
The Public Cloud compound pattern is comprised of the following core
patterns:
Shared Resources (17)
Resource Pooling (99)
Rapid Provisioning (295)
Workload Distribution (22)
Centralized Remote Administration (315)
Usage Monitoring (285)
Pay-as-You-Go (288)
Realtime Resource Availability (292)
Self-Provisioning (324)
Resource Management (320)
Automated Administration (310)
Broad Access (93)
Elastic Environment (484)
Resilient Environment (490)
Multitenant Environment (486)
Isolated Trust Boundary (508)
The Public Cloud compound pattern further contains the following extension
patterns:
Resource Reservation (106)
Bare-Metal Provisioning (305)
Non-Disruptive Service Relocation (159)
SOFTWARE-AS-A-SERVICE (SAAS)
PLATFORM-AS-A-SERVICE (PAAS)
INFRASTRUCTURE-AS-A-SERVICE (IAAS)
The IaaS compound pattern builds upon the architectural layers established by
Private Cloud (474) and Public Cloud (476) to provide a concrete environment
that offers raw IT resources (virtual and, optionally, physical) for open and
independent usage and management by cloud consumers.
The member patterns of the IaaS compound pattern represent feature-sets, as
provided to individual cloud consumers. Note that cloud consumers of
commercial IaaS products are often able to choose the feature-set they will
actually lease.
The IaaS compound pattern is comprised of the following core patterns:
Multipath Resource Access (127)
Workload Distribution (22)
Dynamic Scalability (25)
ELASTIC ENVIRONMENT
MULTITENANT ENVIRONMENT
2. A parent-level resource pool is created from the resource group and a smaller
resource pool is created for each cloud consumer. Each set of resources is
allocated from the parent resource pool.
3. Cloud services designated for sharing to cloud consumers can be shared.
4. Any cloud consumer-specific or dedicated cloud services and IT resources
are allocated.
5. Each cloud consumer is given a dedicated administration portal and service
catalog access.
Figure 10.8 The common architectural layers of a cloud-based multitenant environment (Part I).
Figure 10.9 The common architectural layers of a cloud-based multitenant environment (Part II).
RESILIENT ENVIRONMENT
CLOUD BURSTING
Figure 10.13 An example of a typical burst out from an on-premise environment to a private
cloud.
Figure 10.15 An example of a typical burst out from an on-premise environment to a public
cloud.
BURST IN
Figure 10.17 Bursting in from a public cloud is based on a comparable cloud architecture,
resulting in an interaction scenario similar to the one just described. The primary difference is in
Step 4. When bursting in from a public cloud, IT resources are typically released and moved back
to the resource pool after the cloud service instances are deleted.
SECURE
BURST
OUT
CLOUD/PUBLIC CLOUD
TO
PRIVATE
Figure 10.18 The Secure Burst Out to Private Cloud/Public Cloud compound pattern.
The network connecting the cloud consumer and prospective cloud platforms
needs to be secure to the required assurance level.
The endpoints involved need to authenticate each other to the required security
assurance level.
The Secure Burst Out to Private Cloud/Public Cloud compound pattern is
composed of the following required patterns:
Cloud Authentication Gateway (430) Enables initiating and receiving
endpoints for communications to mutually authenticate.
Trust Attestation Service (448) Confirms the security assurance level of
compute platforms and compute pools and makes the information available to
properly authenticated consumers.
Secure Connection for Scaled VMs (409) Ensure that an encrypted and
authenticated communications channel is established for scaling of virtual
machine compute platforms.
Trusted Platform BIOS (337) Has been established to a specified security
assurance level through a trusted boot process.
The following member patterns are considered optional extensions:
Geotagging (341) Enables workload orchestration services to confirm the
proper location of compute resources.
Trusted Cloud Resource Pools (354) Have aggregated trusted compute
platforms of the same security assurance levels if the workload requires them.
Cloud Resource Access Control (364) Uses attributes of the cloud consumer
to determine if they have the privileges to access the resource.
It is assumed that the original on-premise resources and workload have been
properly secured. If anything changes at any time during the burst out or burst
in process, confirming the security of any new platform and required
authorizations, connections, and authentication of endpoints must always be
accomplished.
CLOUD BALANCING
CLOUD AUTHENTICATION
Note
In addition to the characteristics and features established by the application of the
aforementioned patterns, a resource workload management environment will often further
require storage performance and capacity assurance features to ensure that the storage
workload management system will not cause any SLA breaches or performance impacts,
and will further ensure that there is sufficient free space at the destination cloud storage
device before a service, application, or virtual server is moved there.
In-Transit Cloud Data Encryption (391) This pattern ensures that data
traveling between the organization and cloud and between cloud services is
protected at the network level.
Trust Attestation Service (448) This pattern confirms the security assurance
level of compute platforms and compute pools for execution of a trusted
workload.
Trusted Cloud Resource Pools (354) This pattern aggregates trusted
compute platforms of the same security assurance levels as required by the
workload.
Trusted Platform BIOS (337) This pattern establishes the specified platform
security assurance level through a trusted boot process.
Secure Cloud Interfaces and APIs (360) This pattern ensures that cloud
services require authentication to the proper level of assurance.
The following patterns are considered optional extensions:
Automatically Defined Perimeter (425) This pattern establishes protected
communications between cloud consumers and providers.
Geotagging (341) This pattern enables workload orchestration services to
confirm the proper location of compute resources.
Federated Cloud Authentication (436) This pattern allows a federation of
organizations to interoperate by trusting and authenticating each others
credentials.
Independent Cloud Auditing (460) This pattern provides attestation to
industry regulatory authorities that the organization is meeting their security and
privacy responsibilities.
Secure Connection for Scaled VMs (409) Whether or not scaling is involved,
the pattern ensures that an encrypted and authenticated communications channel
is established between virtual machine compute platforms.