Cloud Computing Patterns | Design Patterns | Secure Connection for Scaled VMs


Cloud Computing Patterns, Mechanisms > Network Security, Identity & Access Management and Trust Assurance Patterns > Secure Connection for Scaled VMs
Home > Design Patterns > Secure Connection for Scaled VMs

Secure Connection for Scaled VMs (Cope, Erl)

How can connections be scaled to protect dynamically scaled VMs in a way that mitigates cloud provider lock-in?

Secure Connection for Scaled VMs

Problem

When scaling cloud resources, differences between cloud consumer on-premise firewall and multiple cloud provider firewall and network protection offerings can make it difficult to configure secure networking.

Solution

A system can be established by controlling network traffic moving in and out of the VM using firewall agents or operating system firewalls. This will create a portable security solution that is location independent and scales as VMs are created.

Application

Using firewall agents or operating system-based firewalls, VMs can be pre-configured with a baseline of firewall policy, including VPN configuration, so that when VMs are created or live migrated in a cloud burst or other scaling activity, the associated firewall is also created or live migrated and pre-configured with firewall policy.

Secure Connection for Scaled VMs: An OS or virtual agent firewall connects Business Process A’s services via a VPN (A). An OS or virtual agent firewall connects Business Process B’s services via a VPN (B). They are all managed by a policy-driven firewall management system capable of managing multiple OS-type firewalls or firewall agents (C).

An OS or virtual agent firewall connects Business Process A’s services via a VPN (A). An OS or virtual agent firewall connects Business Process B’s services via a VPN (B). They are all managed by a policy-driven firewall management system capable of managing multiple OS-type firewalls or firewall agents (C).

Secure Connection for Scaled VMs: An example of the establishment of a VPN.

An example of the establishment of a VPN.


CloudSchool.com Cloud Certified Professional (CCP) Module 7: Fundamental Cloud Security
CloudSchool.com Cloud Certified Professional (CCP) Module 8: Advanced Cloud Security

This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.

For more information regarding the Cloud Certified Professional (CCP) curriculum, visit www.arcitura.com/ccp.


Cloud Computing Design Patterns

The architectural model upon which this design pattern is based is further covered in:

Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour

(ISBN: 9780133858563, Hardcover, ~ 528 pages)

For more information about this book, visit www.arcitura.com/books.