As an operator of a private cloud solution:
Enabling rapid elasticity in the supply of private cloud resources to tenants impacts on many of the same operational security functions as the enabling of the on-demand self-service and resource pooling attributes discussed previously:
However, enabling rapid elasticity in the supply of private cloud resources raises some additional operational concerns:
Enabling rapid elasticity shares some of the same security concerns as managing resource pooling. However, in addition to the requirement that resources can be recycled without compromising the confidentiality of any data that a service might have stored on the resource before releasing it back into the pool, resource recycling must happen quickly, especially if there is pressure on the available resources within the cloud. This consideration further emphasizes the importance of efficient automation procedures to manage the cloud infrastructure.
Giving client business units or hosted applications the ability to rapidly scale in or out the virtual resources they are using also gives those clients access to the shared pool of resources. You must constrain elasticity in the supply of available resources so that clients do not affect the availability of the services owned and managed by other clients or destabilize the cloud as a whole.
Monitoring and Logging
You should monitor and log resource requests to maintain a full audit trail of provisioning requests associated with scaling running applications and services. This approach can help you to identify clients or applications that might be affecting the overall availability of services within the cloud by overloading the infrastructure with requests to provision or de-provision resources. You should also have automated monitoring in place that can identify resource de-provisioning requests that attempts to flood the cloud with requests to shut down running services within the cloud in a type of denial of service attack.
Managing Capacity Limits
Although in the private cloud there is typically a financial incentive for client business units to use resources efficiently, the private cloud approach to service delivery is new and may be unfamiliar to the service consumers. Although SLAs may offer guarantees that resources will be available to scale running applications and services, and that those resources will be available within a given timeframe, the CSP may need to take steps to educate tenants about the elastic capabilities of the private cloud.
This document is part of a collection of documents that comprise the Reference Architecture for Private Cloud document set. The Solution for Private Cloud is a community collaboration project. Please feel free to edit this document to improve its quality. If you would like to be recognized for your work on improving this document, please include your name and any contact information you wish to share at the bottom of this page
Operational monitoring may include monitoring for under-utilized resources that may indicate hoarding behavior by client business units attempting to reserve capacity and consequently reducing the ability of the infrastructure to make resources available to other business units.
Part of the private cloud capacity management processes should include regular reviews of any resource usage quotas applied to tenants. Changes in usage patterns of private cloud resources and changes in the available resources may enable you to increase quotas or force you to reduce them.
If you use quotas to control how many virtual instances a service or application can use, you may be able to use information from the provisioning system as input to your capacity planning procedures to ensure the availability of services in the longer term.
To manage capacity limits, you may consider a hybrid private cloud model that enables you to use a public cloud or a private cloud hosted by a third party to host applications and services when your on-premises capacity is exhausted in order to maintain availability (sometimes referred to as “cloud bursting). In this scenario, you must plan carefully how you will continue to provide your services to your client business units, including how you will:
Enabling rapid elasticity in the supply of resources may require the infrastructure to move virtualized services between physical devices (for example to load balance requests effectively). Automated procedures that move running services between physical servers should ensure that recycling resources does not accidentally expose confidential data.
Typically, enabling rapid elasticity in the supply of resources is achieved by allocating additional virtual machines to a tenant application or service and configuring load balancing across those virtual machines. Tenant applications will not always "just work" in such a scenario: they must be designed to work in this way, often by introducing state data that must be shared between the different instances. Sharing state may involve configuring access control on a cache, using shared data that must be protected, or using the client application. These approaches may introduce security vulnerabilities if not implemented correctly.
You can provide best practice guidance or verification services to software development groups within the enterprise on the approaches they can take to ensure that application and services take reasonable steps to ensure the confidentiality, integrity, and trust-worthiness of their data when they are scaled to run on multiple instances.
If you edit this page and would like acknowledgement of your participation in the v1 version of this document set, please include your name below:
[Enter your name here and include any contact information you would like to share]
Return to Private Cloud Security Operations Challenges
Return to A Solution for Private Cloud Security
Return to Reference Architecture for Private Cloud
Move forward to Private Cloud Security Operations Challenges - Measured Services
Table of Contents for A Solution for Private Cloud Security