Cloud Computing Patterns | Mechanisms | Automatically Defined Perimeter Controller

Cloud Computing Patterns, Mechanisms > Mechanisms > A - B > Automatically Defined Perimeter Controller
Home > Mechanisms > Automatically Defined Perimeter Controller

Automatically Defined Perimeter Controller

Automatically Defined Perimeter Controller

The automatically defined perimeter (ADP) controller uses secure channels to control ADP participating hosts. ADP hosts can either initiate connections or accept connections managed by interactions with the ADP controller. This architecture that separates the control plane from the data plane enables greater security and scalability. All endpoints attempting to access a given infrastructure must be authenticated and authorized prior to entrance.

The ADP relies on authentication and access control mechanisms. It mitigates many network-based attacks, such as scanning, DDoS and injection attacks, and OS and application vulnerability exploits, as well as man-in-the-middle (MITM), cross-site scripting (XSS), cross-site request forgery (CSRF), pass-the-hash (PTH) and other attacks.

Figure 1 – An example of an automatically defined perimeter controller.

Figure 1 shows an ADP controller directing the access of a cloud consumer to two cloud provider services. Upon request from the consumer, the ADP authenticates the cloud consumer and delivers the service endpoints to the consumer. It also notifies the relevant services to provide access privileges to the authenticated consumer for a specified period of time.

The ADP architecture uses additional security controls, including single packet authorization, rejection of unauthorized traffic, mutually authenticated endpoint transport layer security, device validation that proves it is running trusted software, dynamic firewalls that deny until the ADP sends a permit rule, and application binding that restricts application communication to encrypted tunnels.

Related Patterns: Cloud Certified Professional (CCP) Module 7: Fundamental Cloud Security Cloud Certified Professional (CCP) Module 8: Advanced Cloud Security

This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.

For more information regarding the Cloud Certified Professional (CCP) curriculum, visit

Cloud Computing Design Patterns

This cloud computing mechanism is also covered in:

Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour

(ISBN: 9780133858563, Hardcover, ~ 528 pages)

For more information about this book, visit