Architecting a Cloud-Scale Identity Fabric

Download Architecting a Cloud-Scale Identity Fabric

Post on 08-Jun-2015

1.058 views

Category:

Education

0 download

Embed Size (px)

DESCRIPTION

Original article can be found here:http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5719572&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel5%2F2%2F5731551%2F05719572.pdf%3Farnumber%3D5719572

TRANSCRIPT

  • 1. EEDC34330Execution Architecting a Cloud-Environments for Scale Identity FabricDistributedComputingMaster in Computer Architecture,Networks and Systems - CANS Homework number: 5Group number: EEDC-4 Group members: Josep Subirats Arinto Murdopo Juan Luis Prez

2. Introduction Cloud => EVERYWERE But not for critical workloads Concerning about security 2 3. Introduction Identity management in the Cloud is difficult: Its cross-cutting nature. Its impact across architectural and organizational domains. Many companies not equipped to manage identities. New approach:Identity Fabric 3 4. Scalability Not only performance scalability Management scalability Speed at which an organization can deploy, integrate andadminister a system over the time.Infrastructure Identity management 4 5. Identity management Before: Identities stored in directories and database5 6. Identity management Today: Identity as a FabricEnterprise Apps Cloud Apps6 7. Cloud-scale identity fabric Access control and authorization. Authentication, federation and SSO. User account management and provisioning. Auditing and compliance. Cloud platform architectural requirements.7 8. Access control and authorization Users outside the private network Authorization: Distributed model to support users outside the firewall. Raising number of users ACL not practical anymore Authorization: can be scaled by using a distributed, federated model Authorization decisions must happen quickly andsupport high volumes of traffic 8 9. Authentication, federation and SSO Federation concept based on a trust model betweenentities. Modern federations base this trust model in a XML-based open standard SAML But SAML only 10% adoption => excessive costs Solution: focus on the core HTTP authenticationstandard. 9 10. User account management and provisioning Managing data about users is a challenge in Cloud. App-specific user management User management APIs are neither consistent nor standardized. Absence of universal user schemas for directories makes building general-purpose management tools difficult10 11. Auditing and compliance Users using external apps can not be monitored. Laws are complex and often contradictory dependingon the jurisdiction.The industry needs a framework to met globaljurisdictional challenges 11 12. Cloud platform architectural requirements IaaS providers offer storage, databases as a service but what about identity and access management? Virtual platforms can not handle access managementoverhead. Solution: Proxy based approach that doesntoverload the Web/Application servers. 12 13. Identity must integrate, extend and abstract10.000 users10.000 users15 apps 15 apps------------------------------------------------------------150.000 credentials 10.000 credentialsx $30 management cost------------------------------$4.5 million in management93% Reduction$50.000 cost per connectionX 15 apps--------------------------------------------------------------$750.000 integration expense$50.000 integration expense 13 14. Identity must integrate, extend and abstract Identity network effect A benefit of a new identity deployment extend to other networks members by being connected. Abstraction App developers built identity into the app itself Externalizing identity: Developers focus on improving their apps Enterprises can manage identity across multiple apps more efficiently14 15. Identity infrastructure as a service Identity management for the cloud must evolve to: Being standardized. Accessible by multiple applications and users. Companies need to think less about identitytechnology and focus instead on Service-level agreements Service management15 16. Identity infrastructure as a serviceImage obtained from http://www.symplified.com/us/products/symplified/features.html 16 17. Conclusions New Cloud environment requires new approach toidentity management. Identity fabric in a federation. Identity infrastructure as a service.17 18. EEDC34330Execution Architecting a Cloud-Environments for Scale Identity FabricDistributedComputingMaster in Computer Architecture,Networks and Systems - CANS Homework number: 5Group number: EEDC-4 Group members: Josep Subirats Arinto Murdopo Juan Luis Prez

Recommended

View more >