Self-Provisioning (Erl, Naserpour)
How can cloud consumers be empowered to have IT resources provisioned on-demand?
ProblemManual or semi-automated IT resource provisioning processes required by cloud providers can be time-consuming and inefficient and can impose unnecessary delays and effort upon cloud consumers.
SolutionA self-service portal is established with the ability to interface with back-end systems required for the automated provisioning of IT resources.
ApplicationIn addition to offering front-end controls for cloud consumers to choose IT resources for automated provisioning, the self-service portal is also equipped with the ability to receive a feed of current IT resources that are available for provisioning.
MechanismsAudit Monitor, Cloud Usage Monitor, Logical Network Perimeter, Multi-Device Broker, Remote Administration System
Compound PatternsBurst In, Burst Out to Private Cloud, Burst Out to Public Cloud, Elastic Environment, Infrastructure-as-a-Service (IaaS), Multitenant Environment, Platform-as-a-Service (PaaS), Private Cloud, Public Cloud, Resilient Environment, Software-as-a-Service (SaaS)
A cloud provider may require that a cloud consumer interact with sales staff to have new IT resources provisioned or, subsequent to receiving the provisioning request, an approval process may be required and cloud resource administrators may further have to manually perform the provisioning. These types of processes can unreasonably prolong the time it takes for a cloud consumer to gain access to the required IT resources and can further demand extra effort and communication from the cloud consumer organization.
A burdensome provisioning experience can make cloud consumers wary of further transactions with the cloud provider and can inhibit the cloud consumer organization's overall ability to be responsive to fulfilling their own business automation requirements.
The cloud provider makes a self-service portal available that provides cloud consumers with a live, up-to-date list of available cloud services and IT resources that can be automatically provisioned after the cloud consumer submits the request online.
Some cloud providers will still require a human-driven approval process that is carried out upon receiving a provisioning request via a self-service portal. However, often this process is expedited so that approved requests are fulfilled within hours instead of days.
The Self-Provisioning pattern can be applied together with the Centralized Remote Administration pattern to establish a sophisticated consumer-facing front-end comprised of a combination of the features of the usage and administration portal and the self-service portal. The respective portals can still be displayed independently but by standardizing both, they can be integrated as part of the same overall Web application to ensure a consistent experience for consumer-side cloud resource administrators.
Figure 1 - A simple cloud architecture in which both the self-service portal and usage and administration portal play roles in relation to how cloud services are provisioned online.
- The cloud consumer connects to the self-service portal (established by the Self-Provisioning pattern) via a multi-device broker that provides accessible connectivity to this cloud consumer and others that may need to connect with different devices.
- The cloud consumer selects the desired cloud service from an inventory of services listed and described in a service catalog published on the self-service portal.
- The selected cloud service is provisioned.
- The provisioned cloud service is published to the usage and administration portal (established by the Centralized Remote Administration pattern), making it available for management by the cloud consumer.
- The cloud consumer can use tools published on the usage and administration portal to manage the cloud service implementation.
The self-service portal needs to be integrated with whatever separate approval process a cloud provider requires, along with the security system used to grant different levels of access and control. Cloud consumers are typically organized into access groups and granted service provisioning permissions based on the outcome of the approval process or prior profile information. Users who then log into the self-service portal on behalf of a cloud consumer organization are only be able to view and request from a list of IT resources that corresponds to their permission level.
Figure 2 - Common steps required to navigate the permission approval process of a self-service portal (Part 1).
Figure 3 - Common steps required to navigate the permission approval process of a self-service portal (Part 2).
NIST Reference Architecture Mapping
This pattern relates to the highlighted parts of the NIST reference architecture, as follows: