Index
A
ABAC. See attribute based access control (ABAC)
access control, 513
ADC. See application delivery controller (ADC)
ADP. See automatically defined perimeter (ADP) controller
AGS. See authentication gateway service (AGS)
application delivery controller (ADC), 403
defined, 512
application layer attacks, 417
attestation service, 190, 192, 358, 451
defined, 512
attribute authority, 368
defined, 513
attribute based access control (ABAC), 368
defined, 513
attribute store. See attribute authority
audit monitor, 21, 24, 69, 79, 103, 110, 126, 144, 287, 294, 318
defined, 513
authentication gateway service (AGS), 363, 366-368, 435
defined, 513
Automated Administration design pattern, 38, 284, 302, 475, 477, 479, 481, 483, 493, 499
automated scaling listener, 22, 28, 31, 40, 43, 55, 69, 79, 85, 213, 287, 314
defined, 514
automatically defined perimeter (ADP) controller, 429
defined, 514
Automatically Defined Perimeter design pattern, 510
B
bandwidth, 43
Bare-Metal Provisioning design pattern, 475, 477, 483
bare metal virtualization, 344
basic input/output system (BIOS), 337
BGP (Border Gateway Protocol), 421
billing management system, 291, 318
defined, 514
BIOS (basic input/output system), 337
BIOS/firmware rootkits, 337
bootkits, 338
Border Gateway Protocol (BGP), 421
botnets, 417
Broad Access design pattern, 16, 318, 475, 477, 479, 481, 483
Burst In compound pattern, 473, 492
Burst Out to Private Cloud compound pattern, 473, 496-497, 501
Burst Out to Public Cloud compound pattern, 473, 492, 501
C
CA. See certificate authority (CA)
capacity watchdog system, 52-55
capitalization in design pattern notation, 13
CCG. See cloud consumer gateway (CCG)
CCP (Cloud Certified Professional), 6
Centralized Remote Administration design pattern, 284, 293, 321, 475, 477, 479, 481, 483
defined, 514
certificate authority (CA), 435, 443
defined, 515
certificate revocation list (CRL), 435, 443
defined, 515
certificate trust store, 430, 435-436, 443
defined, 515
certificate validation service (CVS), 443
defined, 515
CKMS. See cryptographic key management system (CKMS)
Cloud Authentication compound pattern, 473
profile, 505
Cloud Authentication Gateway design pattern, 502, 505, 509
Cloud Balancing compound pattern, 473
cloud-based security groups, 354, 358, 364, 368, 409, 415
defined, 517
Cloud Bursting compound pattern, 473
profile, 492
Cloud Computing: Concepts, Technology & Architecture (Erl), 2-5, 14
cloud consumer gateway (CCG), 408
defined, 516
Cloud Data Breach Protection design pattern, profile, 382-385
Cloud Denial-of-Service Protection design pattern, profile, 416-420
Cloud Key Management design pattern, 406, 509
Cloud Resource Access Control design pattern, 502, 509
cloud service types, 453
cloud storage data aging management, 186
Cloud Storage Data at Rest Encryption design pattern, profile, 181-183
Cloud Storage Data Lifecycle Management design pattern, profile, 184-186
Cloud Storage Data Management design pattern, profile, 187-189
cloud storage data placement auditor, 192
defined, 516
Cloud Storage Data Placement Compliance Check design pattern, profile, 190-193
cloud storage device, 21, 24, 31, 49, 55, 63, 69, 73, 79, 85, 103, 110, 117, 122, 131, 142, 145, 154, 164, 171, 176, 183, 186, 189, 192, 197, 209, 213, 217, 226, 250, 282, 299, 308, 314, 394
defined, 516
Cloud Storage Device Masking design pattern, profile, 194-197
Cloud Storage Device Path Masking design pattern, profile, 198
Cloud Storage Device Performance Enforcement design pattern, profile, 201-203
cloud storage device performance monitor, 201-203
defined, 516
cloud storage device pools, 101
cloud storage management portal, 189, 217, 220
defined, 517
Cloud Traffic Hijacking Protection design pattern, profile, 421-424
cloud usage monitor, 21, 24, 31, 36, 40, 43, 48-49, 55, 60, 63, 69, 80, 85, 104, 111, 126, 145, 164, 171, 176, 287, 291, 294, 314, 318
defined, 517
Cloud VM Platform Encryption design pattern, 509
cloud workload scheduler, 357-358
defined, 517
coexistent application
of compound patterns, 473
defined, 13
Collaborative Monitoring and Logging design pattern, 509
community clouds, 453
Burst Out to Private Cloud, 473, 492, 496-497, 501
Burst Out to Public Cloud, 473, 492, 501
Cloud Authentication, 473
profile, 505
Cloud Balancing, 473
Cloud Bursting, 473
profile, 492
coexistent application of, 473
composite patterns versus, 472
design patterns as members, 472
Infrastructure-as-a-Service, 20, 473
Isolated Trust Boundary, 477, 481, 486-487
joint application of, 472
Multitenant Environment, 473-483, 494-496
Platform-as-a-Service, 473, 486
Private Cloud, 473, 476, 482-486, 490
Public Cloud, 20, 473-474, 482-486, 490
Resilient Environment, 473-477
Resource Workload Management, 473
profile, 506
Secure Burst Out to Private Cloud/Public Cloud, 473
Software-as-a-Service, 20, 473, 486
CPU pools, 101
CRL. See certificate revocation list (CRL)
Cross-Hypervisor Workload Mobility design pattern, profile, 247-251
Cross-Storage Device Vertical Tiering design pattern, 485, 494, 499
cryptographic key management system (CKMS), 183, 197, 353, 386, 390, 394, 424, 447
defined, 517
custom reporter (Usage Monitoring design pattern), 287
custom scripts (Rapid Provisioning design pattern), 296
CVS. See certificate validation service (CVS)
D
data source loader, 290
data transport mechanism, 186
denial-of-service (DoS) attacks, 416-420
deployment agent, 306
deployment component, 306
deployment data store, 296
design patterns. See also compound patterns
benefits of, 10
defined, 2
as members of compound patterns, 472
list of, 536
notation for
capitalization, 13
page number references, 13
Design Patterns: Elements of Reusable Object-Oriented Software (Gamma, et al), 3
Detecting and Mitigating User-Installed VMs design pattern, profile, 369-374
digital certificates. See certificate
digital signature, 340, 349, 359, 394, 415, 451
defined, 518
DIL procedures, 443
Direct I/O Access design pattern, 43, 164, 178-179, 485
Direct LUN Access design pattern, 485
discovery agent, 306
distributed denial-of-service (DDoS) attacks, 416
distributed reflector denial-of-service (DRDoS) attacks, 416
DNS reflection attacks, 416
domain name service (DNS), 403, 420
defined, 518
driver rootkits, 338
Dynamic Data Normalization design pattern, 16, 485
Dynamic Failure Detection and Recovery design pattern, 98, 490
dynamic horizontal scaling, 28-31
dynamic relocation, 29
Dynamic Scalability design pattern, 38, 99-100, 479, 481, 483, 493
dynamic storage provisioning, 46
dynamic vertical scaling, 29
E
Elastic Disk Provisioning design pattern, 485
Elastic Environment compound pattern, 473, 475, 477
Elastic Network Capacity design pattern, 485
Elastic Resource Capacity design pattern, 485, 493, 504
EMM system. See enterprise mobility management (EMM) system
encryption, 181-183, 197, 390, 394, 424
defined, 518
endpoint threat detection and response (ETDR) system, 469
defined, 518
enterprise mobility management (EMM) system, 381
defined, 519
External Virtual Server Accessibility design pattern, 242
F
failover system, 122, 126, 136, 142, 145, 154
defined, 519
Federated Cloud Authentication design pattern, 505, 510
federation of users, 443
firewalls (Secure Connection for Scaled VMs design pattern), 409-415
fixed-disk storage allocation, 45
G
gateway. See cloud consumer gateway (CCG)
Geotagging design pattern, 502, 510
defined, 519
H
hardened virtual server images, defined, 519
hardware-based VM discovery system, 374
defined, 520
hardware security module (HSM), 340, 447
defined, 520
honeypots, 469
defined, 520
host-based security system (HBSS), 375
defined, 521
hosted virtualization, 345
HSM. See hardware security module (HSM)
hybrid clouds, 453
hypervisor
defined, 521
purpose of, 222
Hypervisor Clustering design pattern, 98, 269, 491, 503
Hypervisor Protection design pattern, 509
I
IaaS. See Infrastructure-as-a-Service compound pattern; Infrastructure-as-a-Service environments
icons in pattern profiles, 11
identity and access management (IAM) system, 189, 363, 366-368
defined, 521
IDPS. See intrusion detection and prevention system (IDPS)
Independent Cloud Auditing design pattern, 510
Infrastructure-as-a-Service compound pattern, 20, 473
Infrastructure-as-a-Service environments, flexibility in, 222
intelligent automation engine, 43, 311-314
intelligent watchdog monitor, 125-126
interconnect pools, 101
In-Transit Cloud Data Encryption design pattern, 510
Intra-Storage Device Vertical Data Tiering design pattern, 485
intrusion detection and prevention system (IDPS), 403, 469
defined, 522
IP Storage Isolation design pattern, profile, 218-220
Isolated Trust Boundary compound pattern, 477, 481, 486-487
IT resources
dynamic scaling, 27
horizontal scaling, 22
sharing, risks and challenges, 20
J-K
joint application
of compound patterns, 472
defined, 13
kernel rootkits, 338
Key Management design pattern. See Cloud Key Management design pattern
L
live VM migration, 40, 56, 145, 165, 251, 257, 264, 271, 277, 334, 415
defined, 522
Load Balanced Virtual Server Instances design pattern, 254, 261, 269, 276, 331, 503, 506
limitations of, 253
Load Balanced Virtual Switches design pattern, 237, 245, 491, 506
load balancer, 22-24, 33-36, 56, 60, 70, 287
defined, 522
logical network perimeter, 21, 24, 43, 56, 60, 70, 104, 111, 118, 131, 136, 145, 171, 229, 308, 318,
defined, 523
defined, 523
M
malware hashes, 469
defined, 523
management loader, 306
management portal. See cloud storage management portal
measured boot, 339
mechanisms in pattern profiles, 12
Memory Over-Committing design pattern, 16
Mobile BYOD Security design pattern, profile, 376-381
defined, 523
Multipath Resource Access design pattern, 482
multitenancy, virtualization versus, 487
Multitenant Environment compound pattern, 473-475, 477, 479, 481, 483, 494, 496
N
nested resource pools, 102
network bandwidth, 43
network forensics monitor (NFM)
defined, 524
NIC Teaming design pattern, 16
Non-Disruptive Service Relocation design pattern, 180, 260, 475, 477, 479, 481
normalization (Dynamic Data Normalization design pattern), 71-73
notification service for this book series, 7
O
Open Virtualization Format (OVF), converting virtual servers to, 248
operating system baseline (Rapid Provisioning design pattern), 296
orchestration engine, 451
defined, 524
O/S boot load bootkits, 338
OVF (Open Virtualization Format), converting virtual servers to, 248
P-Q
PaaS. See Platform-as-a-Service compound pattern; Platform-as-a-Service environments
page number references in design pattern notation, 13
parent resource pools, 101
pattern languages, defined, 11
Pattern-Oriented Software Architecture (Buschmann, et al), 3
patterns, defined, 10. See also compound patterns; design patterns
Patterns of Enterprise Application Architecture (Fowler), 3
Pay-as-You-Go design pattern, 284-285, 475, 477, 479, 481, 483
pay-per-use monitor, 31, 41, 43, 50, 63, 80, 85, 104, 165, 171, 176, 287, 291, 318
defined, 524
Permanent Data Loss Protection design pattern, profile, 387-390
Persistent Virtual Network Configuration design pattern, 144, 164, 234, 493, 504
physical RAM pools, 101
physical server pools, 100
physical uplink, 60, 92, 136, 145, 229, 234, 238, 243, 246, 251
defined, 524
PKI. See public key infrastructure (PKI)
Platform-as-a-Service compound pattern, 473, 486
Platform-as-a-Service environments, networking interfaces, 222
Platform Provisioning design pattern, 284, 481
platform trust policy, 343, 359
defined, 524
PNIC hardware devices, functionality, 179
pools. See Resource Pooling design pattern
Power Consumption Reduction design pattern, profile, 330-334
Prentice Hall Service Technology Series from Thomas Erl, 2-6
pre-signed validations, 442
Private Cloud compound pattern, 473, 476, 482, 484, 486, 490
private clouds, 453
problems in pattern profiles, 11
protocol attacks, 417
Public Cloud compound pattern, 20, 473-474, 482, 484, 486, 490
public clouds, 453
public key certificates. See certificate
public key infrastructure (PKI), 435, 443
defined, 525
R
RAID-Based Data Placement design pattern, profile, 214-217
RAID-level identifier, 217, 220
defined, 525
Rapid Provisioning design pattern, 284, 302, 475, 477, 479, 481, 483, 485, 491, 493-494, 503
ready-made environment, 304
defined, 525
Realtime Resource Availability design pattern, 284, 319, 475, 477, 479, 481, 483
Redundant Physical Connection for Virtual Servers design pattern, 245, 490, 504
Redundant Storage design pattern, 98, 485, 490, 493, 504
remote administration system, 104, 111, 319
defined, 525
requirements in pattern profiles, 11
Resilient Environment compound pattern, 473, 475, 477
resilient watchdog system, 123-125
resource borrowing, 106
resource cluster, 24, 36, 56, 118, 145
defined, 526
resource constraints, 106
Resource Management design pattern, 475, 477, 479, 481, 483
profile, 320
resource management system, 104, 111, 304, 308, 319
defined, 526
Resource Pooling design pattern, 20, 28, 38, 98, 106-107, 475, 477, 481, 483, 485-487, 494, 496, 499
resource replication, 21, 24, 31, 36, 41, 44, 50, 56, 60, 63, 104, 111, 118, 122, 131, 136, 142, 145, 154, 165, 171, 177, 193, 229, 300, 304, 309, 314
defined, 526
Resource Reservation design pattern, 20, 88, 98, 100, 477, 479, 481, 485-487, 494, 496
Resource Workload Management compound pattern, 473
profile, 506
rootkits, types of, 337
S
SaaS. See Software-as-a-Service compound pattern; Software-as-a-Service environments
sandbox, 469
defined, 526
Secure Burst Out to Private Cloud/Public Cloud compound pattern, 473
Secure Cloud Interfaces and APIs design pattern, 510
Secure Connection for Scaled VMs design pattern, 502, 510
Secure External Cloud Connection design pattern, profile, 404-408
secure firmware boot, 339
Secure On-Premise Internet Access design pattern, profile, 397-403
secure token service (STS), 368, 435
defined, 526
security information and event management (SIEM) system, 403, 459, 464, 469
defined, 526
Self-Provisioning design pattern, 297, 302, 318, 475, 477, 479, 481, 483
sequence logger, 296
sequence manager, 296
server groups, 35
server images, 296
server templates, 296
Service Load Balancing design pattern, 485, 491, 494, 503
Service State Management design pattern, 481
Shared Resources design pattern, 16, 99-100, 106, 475, 477, 479, 481, 483, 486-487
sibling resource pools, 101
SIEM. See security information and event management (SIEM) system
Single Root I/O Virtualization design pattern, profile, 178-180
single sign-on (SSO), defined, 527
SLA management system, 126, 165, 294, 309
defined, 527
SLA monitor, 126, 165, 287, 294, 319
defined, 527
SOA Design Patterns (Erl), 3
Software-as-a-Service compound pattern, 20, 473, 486
Software-as-a-Service environments, networking interfaces, 222
solutions in pattern profiles, 12
SSO (single sign-on), defined, 527
Stateless Hypervisor design pattern, profile, 278-282
state management database, 63, 142
defined, 527
Storage Maintenance Window design pattern, 491
storage path masking, 220
defined, 528
storage pools, 101
Storage Workload Management design pattern, 485, 504, 506
STS. See secure token service (STS)
sub-LUN migration, 213
defined, 528
Sub-LUN Tiering design pattern, profile, 210-213
symbols, legend, 5
Synchronized Operating State design pattern, 491
T
Threat Intelligence Processing design pattern, profile, 465-469
threat intelligence system, 386, 469
defined, 528
TPM (trusted platform module), 193, 339-340, 343, 349, 359, 451, 529
traffic filter, 420
defined, 528
defined, 529
trust attestation service. See attestation service
Trust Attestation Service design pattern, 502, 510
trusted boot, 339
Trusted Cloud Resource Pools design pattern, 502, 510
Trusted Platform BIOS design pattern, 502, 510
trusted platform module (TPM), 193, 339-340, 343, 349, 359, 451, 529
trust models for CVS, 442
U
usage database, 286
Usage Monitoring design pattern, 284, 289, 475, 477, 479, 481, 483, 485, 491, 493, 499
usage monitoring station, 286
usage reporter, 287
V
vCPU. See virtual CPU (vCPU)
vDisk. See virtual disk (vDisk)
VIM. See virtual infrastructure manager (VIM)
virtual appliance
Cross-Hypervisor Workload Mobility design pattern, 251
defined, 529
Cross-Hypervisor Workload Mobility design pattern, 21, 41, 56, 104, 111, 145, 251
defined, 529
Virtual Disk Splitting design pattern, profile, 209
virtual disk (vDisk), 145, 209, 251
defined, 530
defined, 530
virtual infrastructure manager (VIM), 21, 41, 56, 60, 89, 92, 104, 111, 118, 136, 146, 165, 172, 177, 209, 226, 230, 234, 238, 246, 251, 257, 264, 271, 277, 282, 334, 375
defined, 530
virtual machines (VMs). See virtual server
virtual network, 146, 243, 251, 239
defined, 530
virtual private cloud (VPC), 408
defined, 531
virtual private network (VPN), 403, 408, 429, 435
defined, 531
virtual private network (VPN) cloud hub. See VPN cloud hub
virtual RAM (vRAM), 21, 41, 56, 89, 104, 111, 146
defined, 531
virtual server, 21, 24, 31, 41, 44, 51-56, 60, 63, 105, 111, 118, 131-137, 142, 146, 165, 172, 177, 230, 248, 300, 304, 314, 353, 369-374, 522
defined, 531
Virtual Server Auto Crash Recovery design pattern, profile, 155-158
Virtual Server Connectivity Isolation design pattern, profile, 231-234
Virtual Server Folder Migration design pattern, profile, 223-226
Virtual Server NAT Connectivity design pattern, profile, 240-243
virtual server pools, 100
virtual server snapshot, 251
defined, 532
virtual server state manager, 251
defined, 532
Virtual Server-to-Host Affinity design pattern, profile, 252-257
Virtual Server-to-Host Anti-Affinity design pattern, profile, 258-264
Virtual Server-to-Host Connectivity design pattern, profile, 265-266
Virtual Server-to-Virtual Server Affinity design pattern, 234
Virtual Server-to-Virtual Server Anti-Affinity design pattern, profile, 272-277
Virtual Switch Isolation design pattern, profile, 235-239
virtual switches, 56-60, 92, 118, 137, 146, 165, 230, 234, 239, 243, 246, 251, 266
defined, 532
types of, 344
virtualization agent, 89, 146, 158
defined, 532
virtualization monitor, 56, 89, 118, 146, 209, 334
defined, 533
VMs (virtual machines). See virtual server
VPC. See virtual private cloud (VPC)
VPN. See virtual private network (VPN)
VPN cloud hub, 408
defined, 533
vRAM. See virtual RAM (vRAM)
W
Web sites
www.cloudschool.com, 6
www.servicetechbooks.com, 2, 6-7
www.servicetechmag.com, 6
www.servicetechspecs.com, 6
Workload Distribution design pattern, 475, 477, 479, 481-482, 485, 491, 493, 504
workloads, defined, 517
X-Y-Z
X.509 certificates. See certificate