Intel SOA Expressway Cloud Gateway Security Design Guide
The emerging use of public, private, and hybrid cloud paradigms has driven a focus on the security of both infrastructure and virtual machines as well as on applications and identities on the cloud.
Traditional access security models have focused on privileged data user access; trusted and anonymous user access; and application access control for data, applications, and networks. In the private, public, and hybrid cloud models, however, security requirements evolve significantly. The authorization domains model is an efficient way of enforcing information security in the cloud environment. Authorization domains support independent security domains that cooperate to achieve integration while enforcing consistent security policy. Here, on- and off-premise applications are deliberately isolated from each other, so that distribution is explicit, even if the exact locations are not. The connecting component is Intel® SOA Expressway—a service, security, and cloud gateway that provides a solution for identity federation, security policy enforcement for identities and resources that span multiple security domains, and threat protection and trust functions for application-level network traffic between a client and cloud services.
Intel’s cloud implementation consists of a six-node cluster. Each machine is a Dell PowerEdge* 2950 powered by Quad-Core Intel® Xeon® processors. Each machine has 100 GB of memory and 8 GB of RAM. Intel SOA Expressway is exposed as a gateway on the cloud perimeter and acts as a transparent proxy between the client and the cloud service. Intel SOA Expressway removes concerns over fixed-capacity fragile virtual networks by carrying secured messages across multiple security domains. Intel SOA Expressway passes messages directly, service to service, removing integration obstacles by doing inter-domain communications for key shared concerns, and providing a simple, central location for application development and deployment.
Read the full Cloud Design and Deployment Paper.