Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-0-470-62446-3
21222324252627282930
Chapter 1 Internet Era: E-Commerce 25
Service Orientation
Service orientation means to accomplish loose-coupling between application
components to enable composition and facilitate rewiring of application com-
ponents dynamically. Service orientation also enables quality of service (QoS)
mechanisms that are implemented by the infrastructure (such as rate limitation),
which in turn facilitate the resource management at the datacenter level. This
property will not only apply to the applications that are deployed to the cloud
infrastructure, but also mainly to the infrastructure services that are exposed,
such as storage.
Multi-Tenancy
The majority of cloud computing infrastructures have multiple domains and
tenants. Therefore it is critical to provide isolation between domains that have
different requirements such as confidentiality and availability. Multi-tenancy
should be considered at multiple levels:
Role-based access control (RBAC) protecting access to sensitive
functionalities
Resource allocation policies that are aware of domain needs
Information partitioning (logs, monitoring traces, and so on)
Cloud Security
It is essential to get the security in any distributed computing paradigm (such as
cloud computing) correctly from the beginning because sharing the infrastructure
and repurposing resources have the inherent potential to create security holes.
Cloud computing infrastructure should take into account the security require-
ments of each application and provide secure isolation when deemed necessary.
This isolation will impact the fluidity to some extent, as it creates partitions
where resource sharing is prohibited or constrained. In this section we discuss
the principles of cloud computing security from various aspects including the
architecture review, implementation, operations, and governance.
Architecture Review
Architectural aspects of the cloud have to do with security aspects of informa-
tion when:
In transit:
That is, information is exchanged between different hosts or
between hosts and users.
At rest:
That is, when information is persisted in the storage media.
624463c01.indd 25 3/29/11 2:26:36 AM