 |
 |
 |
|
05.11.09 Making Your Cloud Server Architecture Secure  By Mike KavisThere are a lot of discussions going on about security and compliance in the cloud. The concerns are valid, but the belief that they can't be resolved are not. When you buy a cluster of servers and install them in your data center, are they secure? Of course not. There are many things one must do from the perspective of hardware, operating systems, process and policy, network, data center, and software in order to secure those servers and the applications or services running on them. This is true whether you are in the cloud or not. The cloud does add additional security requirements but all of them are solvable if you can identify them and architect for them. With that said, I would like to share a couple of approaches that my team has designed. I will make it generic enough not to give away any of our secret sauce. As I mentioned in the past, we are building a 100% off-premise solution for processing real time transactions in the cloud. We are using a hybrid cloud approach made up of a public cloud and a virtual private cloud (VPC) for dealing with sensitive data and compliance requirements. There are two models that we like, each with their pros and cons. The first model is the Public Master Model where the public cloud is the entry point to our platform (see diagram below).  From Cloud Computing The second model is VPC Master Model where the virtual private cloud is the entry point to our platform (see diagram below).
 From Cloud Computing Now let me discuss each model one at a time. Public Master The concept of the Public Master Model is to maximize the use of the cheaper computing platform which is the public cloud. The public cloud is substantially cheaper than any private cloud solution because of the shared resource model (meaning that you are sharing resources with other companies). Another factor is that Amazon excels in public cloud solutions which makes it an easier pill to swallow for your potential customers and partners, especially the ones that fear the cloud. Any data that enters the cloud (per our requirements) will be encrypted and each partner/customer that we interface with must pass us their unique security key with every message. We validate their key against our private key pair in our security layer. All data is then replicated from the master database to slave databases in multiple data centers in the public cloud. Also, all data is replicated to the master and slave copies in multiple locations in the VPC through the intercloud connection. The intercloud is the equivalent of a virtual private network between clouds where only certain elastic IPs are allowed to carry out communications. Once again encryption and secure protocols are used for each transmission. Continue reading this article. About the Author: Mike Kavis is a veteran Chief Architect with over 23 years of IT experience including distributed computing, SOA, BPM, data warehouse, business intelligence, and enterprise architecture. Read Mike's blog at Enterprise Initiatives. |
|
| ||
| -- CIOproNews is an iEntry, Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2009 iEntry, Inc. All Rights Reserved Privacy Policy Legal archives | advertising info | news headlines | free newsletters | comments/feedback | submit article |
