Centralized Remote Administration (Erl, Naserpour)
How can diverse administrative tasks and controls be consolidated for central remote access by cloud consumers?
ProblemCloud consumers can end up having to manage a range of diverse cloud-based IT resources, each with distinct administrative functions. The disparity in user-interfaces and reporting features can make remote administration burdensome and prone to human error.
SolutionThe cloud provider can consolidate diverse management features for different IT resources into a single, custom portal that standardizes administrative controls as well as providing cross-IT resource reporting features.
ApplicationA usage and administration portal is developed by the cloud provider to interface with systems and APIs offered by back-end products, IT resources and mechanisms, and to further support different levels of access based on pre-assigned permissions.
MechanismsAudit Monitor, Billing Management System, Cloud Usage Monitor, Logical Network Perimeter, Multi-Device Broker, Pay-Per-Use Monitor, Remote Administration System, Resource Management System, SLA Monitor
Compound PatternsBurst In, Burst Out to Private Cloud, Burst Out to Public Cloud, Elastic Environment, Infrastructure-as-a-Service (IaaS), Multitenant Environment, Platform-as-a-Service (PaaS), Private Cloud, Public Cloud, Resilient Environment, Software-as-a-Service (SaaS)
Cloud platforms commonly provide cloud consumers with access to proprietary administration frontends and portals for individual IT resources, meaning cloud providers essentially make out-of-the-box features externally available. Pre-built administration user interfaces can be sufficient for simpler cloud platforms and any cloud consumers that only require access to a modest number of IT resources. However, these user interfaces become inadequate once a greater number of IT resources need administering, especially by larger cloud consumer organizations that employ a number of cloud resource administrators.
Inconsistencies in the presentation of administrative controls and features and the processes they require can lead to human error and recurring inefficiencies as cloud resource administrators are required learn how to perform the same tasks using different tools.
In the example illustrated in Figure 1, the cloud consumer wants to monitor the usage of IT resources that are allocated to each branch of its organization. The cloud consumer also requires the option of providing each branch manager with control over the IT resources at its own branch. Security and administrative risks are introduced if branch managers were provided with the same level of access as the cloud consumer that established the IT environment.
Figure 1 - Cloud Consumer A leases an IaaS platform from a cloud provider (1) with the intention of offering its own PaaS platform to other cloud consumers (thereby assuming the role of a cloud provider). After the new PaaS platform is made available by Cloud Consumer A, Cloud Consumers B and C lease instances of the platform (2). Cloud Consumer A (acting as a cloud provider) needs a means of offering management features and usage tracking and reporting of the various IT resources that are available via the PaaS platform, while ensuring that each cloud consumer is granted an appropriate level of control.
A custom usage and administration portal can be created to support different levels of security access, while consolidating the administrative functions of a range of IT resources for consistent and standardized presentation.
Figure 2 - Cloud Consumers B and C can access and manage their provisioned IT resources using the usage and administration portal.
The usage and administration portal generally provides two broad sets of features: management controls and reporting. Management controls consolidate similar IT resource management functions into standardized front-end controls presented to the cloud resource administrator. Reporting features can also consolidate usage data from multiple IT resources into summarized analysis reports and realtime dashboard statistics. Single sign-on technology is commonly used to enable cloud resource administrator credentials to propagate the authorization and authentication of all affected, underlying IT resources.
Unless the cloud provider chooses to build the usage and administration portal from scratch, the remote administration system mechanism is most commonly used as the main component around which the portal's architecture is built. The mechanism is then further integrated with various backend management systems and API-enabled IT resources.
This pattern is commonly combined with the Self-Provisioning pattern to further extend the feature-set of the centralized portal, as well as the Broad Access pattern to enable the portal to support access from multiple devices and protocols.
NIST Reference Architecture Mapping
This pattern relates to the highlighted parts of the NIST reference architecture, as follows: