Home > Design Patterns > Automatically Defined Perimeter

Automatically Defined Perimeter (Cope, Erl)

How can a perimeter be protected that is dynamic and extends from on-premise to multi-vendor cloud resources?

Automatically Defined Perimeter

Problem

In cloud architecture, IT boundaries are dynamic and can scale into multiple clouds from on-premise resources, which creates challenges when establishing and securing perimeters.

Solution

A system is established that provides protected communications between consumers and providers whereby each provider either accepts or rejects communications based on privileges securely granted automatically by a perimeter controller.

Application

Cloud consumers authenticate to an automatically defined perimeter (ADP) controller which, if they are authorized, notifies the appropriate cloud provider services to respond to the authenticated consumer’s requests. Otherwise, protected providers do not respond to any communications.
Automatically Defined Perimeter: ADP cloud services can either be: cloud consumers requesting a single service, multiple services, or a service orchestration (A), cloud providers that initially only respond only to the ADP controller and then only to cloud consumers that have been authorized by the ADP controller (B), access managed by requests to ADP controllers which rely on the organization’s IAM (C).

ADP cloud services can either be: cloud consumers requesting a single service, multiple services, or a service orchestration (A), cloud providers that initially only respond only to the ADP controller and then only to cloud consumers that have been authorized by the ADP controller (B), access managed by requests to ADP controllers which rely on the organization’s IAM (C).

Automatically Defined Perimeter: The participating cloud resources authenticate to the ADP and register with it when they are initially brought online.

The participating cloud resources authenticate to the ADP and register with it when they are initially brought online.