EEDC                          34330Execution                                   Architecting a Cloud-Environments for      ...
Introduction Cloud => EVERYWERE         But not for critical workloads           Concerning about security               ...
Introduction Identity management in the Cloud is difficult:   – Its cross-cutting nature.   – Its impact across architect...
Scalability Not only performance scalability Management scalability    – Speed at which an organization can deploy, inte...
Identity management Before: Identities stored in directories and database                            5
Identity management Today: Identity as a Fabric      Enterprise Apps           Cloud Apps                            6
Cloud-scale identity fabric   Access control and authorization.   Authentication, federation and SSO.   User account ma...
Access control and authorization Users outside the private network   – Authorization: Distributed model to support users ...
Authentication, federation and SSO Federation concept based on a trust model between    entities.   Modern federations b...
User account management and provisioning Managing data about users is a challenge in Cloud.   – App-specific user managem...
Auditing and compliance Users using external apps can not be monitored. Laws are complex and often contradictory dependi...
Cloud platform architectural requirements IaaS providers offer storage, databases as a service    … but what about identi...
Identity must integrate, extend and abstract  10.000 users                          10.000 users  15 apps                 ...
Identity must integrate, extend and abstract Identity network effect   – A benefit of a new identity deployment extend to...
Identity infrastructure as a service Identity management for the cloud must evolve to:   – Being standardized.   – Access...
Identity infrastructure as a service  Image obtained from http://www.symplified.com/us/products/symplified/features.html  ...
Conclusions New Cloud environment requires new approach to    identity management.   Identity fabric in a federation.  ...
EEDC                          34330Execution                                   Architecting a Cloud-Environments for      ...
Upcoming SlideShare
Loading in...5
×

Architecting a Cloud-Scale Identity Fabric

1,091

Published on

Original article can be found here:
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5719572&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel5%2F2%2F5731551%2F05719572.pdf%3Farnumber%3D5719572

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,091
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Architecting a Cloud-Scale Identity Fabric

  1. 1. EEDC 34330Execution Architecting a Cloud-Environments for Scale Identity FabricDistributedComputingMaster in Computer Architecture,Networks and Systems - CANS Homework number: 5 Group number: EEDC-4 Group members: Josep Subirats Arinto Murdopo Juan Luis Pérez
  2. 2. Introduction Cloud => EVERYWERE But not for critical workloads Concerning about security 2
  3. 3. Introduction Identity management in the Cloud is difficult: – Its cross-cutting nature. – Its impact across architectural and organizational domains. – Many companies not equipped to manage identities. New approach: Identity Fabric 3
  4. 4. Scalability Not only performance scalability Management scalability – Speed at which an organization can deploy, integrate and administer a system over the time.Infrastructure Identity management 4
  5. 5. Identity management Before: Identities stored in directories and database 5
  6. 6. Identity management Today: Identity as a Fabric Enterprise Apps Cloud Apps 6
  7. 7. Cloud-scale identity fabric Access control and authorization. Authentication, federation and SSO. User account management and provisioning. Auditing and compliance. Cloud platform architectural requirements. 7
  8. 8. Access control and authorization Users outside the private network – Authorization: Distributed model to support users outside the firewall. Raising number of users – ACL not practical anymore – Authorization: can be scaled by using a distributed, federated model Authorization decisions must happen quickly and support high volumes of traffic 8
  9. 9. Authentication, federation and SSO Federation concept based on a trust model between entities. Modern federations base this trust model in a XML- based open standard – SAML – But SAML only 10% adoption => excessive costs Solution: focus on the core HTTP authentication standard. 9
  10. 10. User account management and provisioning Managing data about users is a challenge in Cloud. – App-specific user management – User management APIs are neither consistent nor standardized. – Absence of universal user schemas for directories makes building general-purpose management tools difficult 10
  11. 11. Auditing and compliance Users using external apps can not be monitored. Laws are complex and often contradictory depending on the jurisdiction. The industry needs a framework to met global jurisdictional challenges 11
  12. 12. Cloud platform architectural requirements IaaS providers offer storage, databases as a service … but what about identity and access management? Virtual platforms can not handle access management overhead. Solution: Proxy based approach that doesn’t overload the Web/Application servers. 12
  13. 13. Identity must integrate, extend and abstract 10.000 users 10.000 users 15 apps 15 apps ------------------------------ ------------------------------ 150.000 credentials 10.000 credentials x $30 management cost ------------------------------ $4.5 million in management 93% Reduction $50.000 cost per connection X 15 apps ------------------------------ -------------------------------- $750.000 integration expense $50.000 integration expense 13
  14. 14. Identity must integrate, extend and abstract Identity network effect – A benefit of a new identity deployment extend to other networks members by being connected. Abstraction – App developers built identity into the app itself – Externalizing identity: • Developers focus on improving their apps • Enterprises can manage identity across multiple apps more efficiently 14
  15. 15. Identity infrastructure as a service Identity management for the cloud must evolve to: – Being standardized. – Accessible by multiple applications and users. Companies need to think less about identity technology and focus instead on – Service-level agreements – Service management 15
  16. 16. Identity infrastructure as a service Image obtained from http://www.symplified.com/us/products/symplified/features.html 16
  17. 17. Conclusions New Cloud environment requires new approach to identity management. Identity fabric in a federation. Identity infrastructure as a service. 17
  18. 18. EEDC 34330Execution Architecting a Cloud-Environments for Scale Identity FabricDistributedComputingMaster in Computer Architecture,Networks and Systems - CANS Homework number: 5 Group number: EEDC-4 Group members: Josep Subirats Arinto Murdopo Juan Luis Pérez
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×