Page 78 - Cloud Essentials
P. 78
system components to support the Cloud Providers’ activities in
arrangement, coordination and management of computing resources in order
to provide cloud services to Cloud Consumers.” Microsoft Azure (IaaS and
PaaS) is a good example of cloud automation; on a single day, thousands of
private cloud networks might be created to accommodate cloud customer
demand. Having this done manually by humans would take much longer and
would be prone to error.
Public cloud self-service portals will charge fees as computing resources
are provisioned and used. Private cloud self-service portals will often use
departmental chargeback, or some kind of quota system such that once the
configured quota points are exhausted, no further resources can be
provisioned. Figure 3-7 summarizes the time used when provisioning
compute resources.
FIGURE 3-7 Automation and self-service
Federation
Access to information systems is granted through digital identities that might
come in the form of a username and password or Public Key Infrastructure
(PKI) certificates. When multiple services from different providers are
used, it becomes desirable to separate identity management from
applications. This is done through one or more identity providers. The use
of one or more identity providers across multiple applications is called
identity federation, and it reduces the number of accounts and passwords
that users have to remember, and it reduces identity management tasks.
Identity providers are known as issuing parties because they issue
credentials. The SaaS providers then act as a relying party, because it relies
on the issuing party. The relying parties (application or service providers)
decide about the access rights (authorization) themselves. Users can use
78
