Cloud Computing Design Patterns (paperback)

“This book continues the very high standard we have come to expect from ServiceTech Press. The book provides well-explained vendor-agnostic patterns to the challenges of providing or using cloud solutions from PaaS to SaaS. The book is not only a great patterns reference, but also worth reading from cover to cover as the patterns are thought-provoking, drawing out points that you should consider and ask of a potential vendor if you’re adopting a cloud solution.”
-- Phil Wilkins, Enterprise Integration Architect, Specsavers

“Thomas Erl’s text provides a unique and comprehensive perspective on cloud design patterns that is clearly and concisely explained for the technical professional and layman alike. It is an informative, knowledgeable, and powerful insight that may guide cloud experts in achieving extraordinary results based on extraordinary expertise identified in this text. I will use this text as a resource in future cloud designs and architectural considerations.”
-- Dr. Nancy M. Landreville, CEO/CISO, NML Computer Consulting

The Definitive Guide to Cloud Architecture and Design
Best-selling service technology author Thomas Erl has brought together the de facto catalog of design patterns for modern cloud-based architecture and solution design. More than two years in development, this book’s 100+ patterns illustrate proven solutions to common cloud challenges and requirements. Its patterns are supported by rich, visual documentation, including 300+ diagrams.

The authors address topics covering scalability, elasticity, reliability, resiliency, recovery, data management, storage, virtualization, monitoring, provisioning, administration, and much more. Readers will further find detailed coverage of cloud security, from networking and storage safeguards to identity systems, trust assurance, and auditing.

This book’s unprecedented technical depth makes it a must-have resource for every cloud technology architect, solution designer, developer, administrator, and manager.

Topic Areas

• Enabling ubiquitous, on-demand, scalable network access to shared pools of configurable IT resources
• Optimizing multitenant environments to efficiently serve multiple unpredictable consumers
• Using elasticity best practices to scale IT resources transparently and automatically
• Ensuring runtime reliability, operational resiliency, and automated recovery from any failure
• Establishing resilient cloud architectures that act as pillars for enterprise cloud solutions
• Rapidly provisioning cloud storage devices, resources, and data with minimal management effort
• Enabling customers to configure and operate custom virtual networks in SaaS, PaaS, or IaaS environments
• Efficiently provisioning resources, monitoring runtimes, and handling day-to-day administration
• Implementing best-practice security controls for cloud service architectures and cloud storage
• Securing on-premise Internet access, external cloud connections, and scaled VMs
• Protecting cloud services against denial-of-service attacks and traffic hijacking
• Establishing cloud authentication gateways, federated cloud authentication, and cloud key management
• Providing trust attestation services to customers
• Monitoring and independently auditing cloud security
• Solving complex cloud design problems with compound super-patterns

Thomas Erl is a top-selling IT author, founder of Arcitura Education Inc., and series editor of the Prentice Hall Service Technology Series from Thomas Erl. With more than 200,000 copies in print worldwide, his books have become international bestsellers and have been formally endorsed by senior members of major IT organizations, such as IBM, Microsoft, Oracle, Intel, Accenture, IEEE, HL7, MITRE, SAP, CISCO, HP, and many others. As CEO of Arcitura Education Inc., Thomas has led the development of curricula for the internationally recognized Big Data Science Certified Professional (BDSCP), Cloud Certified Professional (CCP), and SOA Certified Professional (SOACP) accreditation programs, which have established a series of formal, vendor-neutral industry certifications obtained by thousands of IT professionals around the world. Thomas has toured more than 20 countries as a speaker and instructor. More than 100 articles and interviews by Thomas have been published in numerous publications, including The Wall Street Journal and CIO Magazine.

Robert Cope has more than 25 years of experience in mission-critical systems development, spanning all aspects of the software system engineering lifecycle from architectural development, experimentation and prototyping, requirements development, design, implementation, and operations to acquisition program management for large systems. With more than 10 years in research, development, and implementation of security architecture, Public Key Infrastructure (PKI) security technology, and security services for large organizations, he has vast experience in information assurance, identity management deployment, operations, and maintenance of large-scale high assurance identity management enclaves.

Robert is the CEO of Homeland Security Consultants, a Federal Risk and Authorization Management Program (FedRAMP)-approved Third Party Assessment Organization (3PAO) for certifying cloud services. He led the development of the virtualization and cloud computing architecture for a large organization and was the chief architect responsible for the development of an enterprise authentication service, leading a team to integrate the organization’s identity and access management service architecture using Model Based System Engineering (MBSE) and the System Modeling Language (SysML).

Robert is a Certified Trainer for Arcitura’s Cloud School and SOA School. He has been a contributing member of the National Institute of Standards and Technology (NIST) Cloud-adapted Risk Management Framework (CRMF) and a contributing member of the Organization for the Advancement of Structured Information Standards (OASIS) IdCloud Technical Committee. He is also a member of the International Council on Systems Engineering (INCOSE).

A certified IT professional with over 14 years of experience in solution architecture and design, engineering, and consultation, Amin Naserpour specializes in designing medium to enterprise-level complex solutions for partially to fully virtualized front-end infrastructures. His portfolio includes clients such as VMware, Microsoft, and Citrix, and his work consists of integrating front-ends with back-end infrastructure-layer solutions. Amin designed a unified, vendor-independent cloud computing framework that he presented at the 5th International SOA, Cloud + Service Technology Symposium in 2012. Certified in cloud computing, virtualization, and storage, Amin currently holds Technical Consultant and Cloud Operations Lead positions for Hewlett-Packard, Australia.

Chapter 1: Introduction     1
Objective of This Book     2
What This Book Does Not Cover     2
Who This Book Is For     2
Origin of This Book     3
Recommended Reading     3
How This Book Is Organized     3
Chapter 3: Sharing, Scaling and Elasticity Patterns     4
Chapter 4: Reliability, Resiliency and Recovery Patterns     4
Chapter 5: Data Management and Storage Device Patterns     4
Chapter 6: Virtual Server and Hypervisor Connectivity and Management Patterns     4
Chapter 7: Monitoring, Provisioning and Administration Patterns     4
Chapter 8: Cloud Service and Storage Security Patterns     4
Chapter 9: Network Security, Identity & Access Management and Trust Assurance Patterns     4
Chapter 10: Common Compound Patterns     5
Appendix A: Cloud Computing Mechanisms Glossary     5
Appendix B: Alphabetical Design Patterns Reference     5
Additional Information     5
Symbol Legend     5
Pattern Documentation Conventions     5
Updates, Errata, and Resources (www.servicetechbooks.com)      6
Cloud Computing Design Patterns (www.cloudpatterns.org)      6
What Is Cloud? (www.whatiscloud.com)      6
Referenced Specifications (www.servicetechspecs.com)      6
The Service Technology Magazine (www.servicetechmag.com)      6
CloudSchool.com Certified Cloud (CCP) Professional (www.cloudschool.com)      6
Social Media and Notification     7
Chapter 2: Understanding Design Patterns     9
About Pattern Profiles     11
Requirement     11
Icon     11
Problem      11
Solution     12
Application     12
Mechanisms     12
About Compound Patterns     12
Design Pattern Notation     13
Capitalization     13
Page Number References     13
Measures of Design Pattern Application     13
Working with This Catalog     14
Chapter 3: Sharing, Scaling and Elasticity Patterns     15
Shared Resources     17
Problem     17
Solution     18
Application     19
Mechanisms     21
Workload Distribution     22
Problem     22
Solution     22
Application     22
Mechanisms     24
Dynamic Scalability     25
Problem     25
Solution     27
Application     28
Mechanisms     31
Service Load Balancing     32
Problem     32
Solution     33
Application     34
Mechanisms     36
Elastic Resource Capacity     37
Problem     37
Solution     37
Application     38
Mechanisms     40
Elastic Network Capacity     42
Problem     42
Solution     43
Application     43
Mechanisms     43
Elastic Disk Provisioning     45
Problem     45
Solution     46
Application     48
Mechanisms     49
Load Balanced Virtual Server Instances     51
Problem     51
Solution     52
Application     53
Mechanisms     55
Load Balanced Virtual Switches     57
Problem     57
Solution     58
Application     58
Mechanisms     60
Service State Management     61
Problem     61
Solution     61
Application     62
Mechanisms     63
Storage Workload Management     64
Problem     64
Solution     64
Application     66
Mechanisms     69
Dynamic Data Normalization     71
Problem     71
Solution     72
Application     72
Mechanisms     73
Cross-Storage Device Vertical Tiering     74
Problem     74
Solution     76
Application     76
Mechanisms     79
Intra-Storage Device Vertical Data Tiering     81
Problem     81
Solution     81
Application     82
Mechanisms     85
Memory Over-Committing     86
Problem     86
Solution     87
Application     88
Mechanisms     89
NIC Teaming     90
Problem     90
Solution     90
Application     91
Mechanisms     92
Broad Access     93
Problem     93
Solution     93
Application     94
Mechanisms     94
Chapter 4: Reliability, Resiliency and Recovery Patterns     97
Resource Pooling     99
Problem     99
Solution     99
Application     100
Mechanisms     103
Resource Reservation     106
Problem     106
Solution     107
Application     107
Mechanisms     110
Hypervisor Clustering     112
Problem     112
Solution     112
Application     114
Mechanisms     117
Redundant Storage     119
Problem     119
Solution     121
Application     121
Mechanisms     122
Dynamic Failure Detection and Recovery     123
Problem     123
Solution     123
Application     123
Mechanisms     126
Multipath Resource Access     127
Problem     127
Solution     128
Application     129
Mechanisms     131
Redundant Physical Connection for Virtual Servers     132
Problem     132
Solution     133
Application     134
Mechanisms     136
Synchronized Operating State     138
Problem     138
Solution     138
Application     139
Mechanisms     142
Zero Downtime     143
Problem     143
Solution     143
Application     144
Mechanisms     144
Storage Maintenance Window     147
Problem     147
Solution     148
Application     148
Mechanisms     154
Virtual Server Auto Crash Recovery    155
Problem     155
Solution     156
Application     157
Mechanisms     158
Non-Disruptive Service Relocation     159
Problem     159
Solution     160
Application     160
Mechanisms     164
Chapter 5: Data Management and Storage Device Patterns     167
Direct I/O Access     169
Problem     169
Solution     169
Application     169
Mechanisms     171
Direct LUN Access     173
Problem     173
Solution     174
Application     174
Mechanisms     176
Single Root I/O Virtualization     178
Problem     178
Solution     179
Application     179
Mechanisms     180
Cloud Storage Data at Rest Encryption     181
Problem     181
Solution     182
Application     182
Mechanisms     183
Cloud Storage Data Lifecycle Management     184
Problem     184
Solution     185
Application     185
Mechanisms     186
Cloud Storage Data Management     187
Problem     187
Solution     188
Application     188
Mechanisms     189
Cloud Storage Data Placement Compliance Check     190
Problem     190
Solution     191
Application     191
Mechanisms     192
Cloud Storage Device Masking     194
Problem     194
Solution     194
Application     195
Mechanisms     197
Cloud Storage Device Path Masking     198
Problem     198
Solution     198
Application     199
Mechanisms     200
Cloud Storage Device Performance Enforcement     201
Problem     201
Solution     202
Application     202
Mechanisms     203
Virtual Disk Splitting     204
Problem     204
Solution     205
Application     206
Mechanisms     209
Sub-LUN Tiering     210
Problem     210
Solution     210
Application     211
Mechanisms     213
RAID-Based Data Placement     214
Problem     214
Solution     214
Application     215
Mechanisms     217
IP Storage Isolation     218
Problem     218
Solution     218
Application     218
Mechanisms     220
Chapter 6: Virtual Server and Hypervisor Connectivity and Management Patterns     221
Virtual Server Folder Migration     223
Problem     223
Solution     225
Application     225
Mechanisms     226
Persistent Virtual Network Configuration     227
Problem     227
Solution     227
Application     228
Mechanisms     229
Virtual Server Connectivity Isolation     231
Problem     231
Solution     232
Application     233
Mechanisms     234
Virtual Switch Isolation     235
Problem     235
Solution     236
Application     236
Mechanisms     238
Virtual Server NAT Connectivity     240
Problem     240
Solution     240
Application     240
Mechanisms     243
External Virtual Server Accessibility     244
Problem     244
Solution     245
Application     245
Mechanisms     246
Cross-Hypervisor Workload Mobility     247
Problem     247
Solution     248
Application     250
Mechanisms     250
Virtual Server-to-Host Affinity     252
Problem     252
Solution     253
Application     254
Mechanisms     257
Virtual Server-to-Host Anti-Affinity     258
Problem     258
Solution     261
Application    261
Mechanisms    264
Virtual Server-to-Host Connectivity     265
Problem     265
Solution     266
Application     266
Mechanisms     266
Virtual Server-to-Virtual Server Affinity     267
Problem     267
Solution     269
Application     269
Mechanisms     271
Virtual Server-to-Virtual Server Anti-Affinity     272
Problem     272
Solution     275
Application     275
Mechanisms     277
Stateless Hypervisor     278
Problem     278
Solution     278
Application     279
Mechanisms     282
Chapter 7: Monitoring, Provisioning and Administration Patterns     283
Usage Monitoring     285
Problem     285
Solution     285
Application     286
Mechanisms     287
Pay-as-You-Go     288
Problem     288
Solution     288
Application     289
Mechanisms     291
Realtime Resource Availability     292
Problem     292
Solution     292
Application     293
Mechanisms     294
Rapid Provisioning     295
Problem     295
Solution     296
Application     296
Mechanisms     299
Platform Provisioning     301
Problem     301
Solution     301
Application     302
Mechanisms     304
Bare-Metal Provisioning     305
Problem     305
Solution     305
Application     305
Mechanisms     308
Automated Administration     310
Problem     310
Solution     310
Application     311
Mechanisms     314
Centralized Remote Administration     315
Problem     315
Solution     317
Application     317
Mechanisms     318
Resource Management     320
Problem     320
Solution     320
Application     321
Mechanisms     323
Self-Provisioning     324
Problem     324
Solution     325
Application     325
Mechanisms     329
Power Consumption Reduction     330
Problem     330
Solution     330
Application     331
Mechanisms     334
Chapter 8: Cloud Service and Storage Security Patterns     335
Trusted Platform BIOS     337
Problem     337
Solution     338
Application     339
Mechanisms     340
Geotagging     341
Problem     341
Solution     341
Application     342
Mechanisms     343
Hypervisor Protection     344
Problem     344
Solution     346
Application     347
Mechanisms     349
Cloud VM Platform Encryption     350
Problem     350
Solution     350
Application     352
Mechanisms     353
Trusted Cloud Resource Pools     354
Problem     354
Solution     354
Application     356
Mechanisms     358
Secure Cloud Interfaces and APIs     360
Problem     360
Solution     361
Application     361
Mechanisms     363
Cloud Resource Access Control     364
Problem     364
Solution     366
Application     368
Mechanisms     368
Detecting and Mitigating User-Installed VMs     369
Problem     369
Solution     371
Application     372
Mechanisms     374
Mobile BYOD Security     376
Problem     376
Solution     378
Application     380
Mechanisms     381
Cloud Data Breach Protection     382
Problem     382
Solution     384
Application     384
Mechanisms     386
Permanent Data Loss Protection     387
Problem     387
Solution     388
Application     389
Mechanisms     390
In-Transit Cloud Data Encryption     391
Problem     391
Solution     391
Application     392
Mechanisms     394
Chapter 9: Network Security, Identity & Access Management and Trust Assurance Patterns     395
Secure On-Premise Internet Access     397
Problem     397
Solution     398
Application     400
Mechanisms     403
Secure External Cloud Connection     404
Problem     404
Solution     404
Application     405
Mechanisms     408
Secure Connection for Scaled VMs     409
Problem     409
Solution     412
Application     414
Mechanisms     415
Cloud Denial-of-Service Protection     416
Problem     416
Solution     418
Application     419
Mechanisms     420
Cloud Traffic Hijacking Protection     421
Problem     421
Solution     423
Application     423
Mechanisms     424
Automatically Defined Perimeter     425
Problem     425
Solution     426
Application     427
Mechanisms     429
Cloud Authentication Gateway     430
Problem     430
Solution     431
Application     432
Mechanisms     435
Federated Cloud Authentication     436
Problem     436
Solution     438
Application     439
Mechanisms     443
Cloud Key Management     444
Problem     444
Solution     445
Application     446
Mechanisms     447
Trust Attestation Service     448
Problem     448
Solution     449
Application     449
Mechanisms     451
Collaborative Monitoring and Logging     452
Problem     452
Solution     455
Application     455
Mechanisms     459
Independent Cloud Auditing     460
Problem     460
Solution     461
Application     463
Mechanisms     464
Threat Intelligence Processing     465
Problem     465
Solution     466
Application     468
Mechanisms     469
Chapter 10: Common Compound Patterns     471
“Compound Pattern” vs. “Composite Pattern”      472
Compound Pattern Members     472
Joint Application vs. Coexistent Application     472
Private Cloud     474
Public Cloud     476
Software-as-a-Service (SaaS)      478
Platform-as-a-Service (PaaS)      480
Infrastructure-as-a-Service (IaaS)      482
Elastic Environment      484
Multitenant Environment     486
Resilient Environment     490
Cloud Bursting     492
Burst Out to Private Cloud     493
Burst Out to Public Cloud     496
Burst In     499
Secure Burst Out to Private Cloud/Public Cloud     501
Cloud Balancing     503
Cloud Authentication     505
Resource Workload Management     506
Isolated Trust Boundary     508
Appendix A: Cloud Computing Mechanisms Glossary     511
Appendix B: Alphabetical Design Patterns Reference     535
About the Authors     541
Index     543