- Overview
- Mechanisms
- Overview
-
Application Delivery Controller
-
Attestation Service
-
Attribute Authority
-
Attribute-Based Access Control System
-
Audit Monitor
-
Authentication Gateway Service
-
Automated Scaling Listener
-
Automatically Defined Perimeter Controller
-
Billing Management System
-
Certificate
-
Certificate Authority
-
Certificate Revocation List
-
Certificate Trust Store
-
Certificate Validation Service
-
Cloud-Based Security Groups
-
Cloud Consumer Gateway
-
Cloud Storage Data Aging Management
-
Cloud Storage Data Placement Auditor
-
Cloud Storage Device
-
Cloud Storage Device Performance Monitor
-
Cloud Storage Management Portal
-
Cloud Usage Monitor
-
Cloud Workload Scheduler
-
Cryptographic Key Management System
-
Data Transport
-
Digital Signature
-
Domain Name Service
-
Encryption
-
Endpoint Threat Detection and Response
-
Enterprise Mobility Management System
-
Failover System
-
Geotag
-
Hardened Virtual Server Image
-
Hardware-Based VM Discovery System
-
Hardware Security Module
-
Honeypot
-
Host Based Security System
-
Hypervisor
-
Identity and Access Management
-
Import and Export
-
Intrusion Detection and Prevention Systems
-
Live VM Migration
-
Load Balancer
-
Logical Network Perimeter
-
LUN Masking
-
Malware Hash
-
Multi-Device Broker
-
Network Forensic Monitor
-
Orchestration Engine
-
Pay-Per-Use Monitor
-
Physical Uplink
-
Platform Trust Policy
-
Public Key Infrastructure
-
RAID-level Identifier
-
Ready-Made Environment
-
Remote Administration System
-
Resource Cluster
-
Resource Management System
-
Resource Replication
-
Sandbox
-
Secure Token Service
-
Security Information and Event Management System
-
Single Sign-On
-
SLA Management System
-
SLA Monitor
-
State Management Database
-
Storage Path Masking
-
Sub-LUN Migration
-
Threat Intelligence System
-
Traffic Filter
-
Traffic Monitor
-
Trusted Platform Module
-
Virtual Appliance
-
Virtual CPU
-
Virtual Disk
-
Virtual Firewall
-
Virtual Infrastructure Manager
-
Virtual Network
-
Virtual Private Cloud
-
Virtual Private Network
-
Virtual RAM
-
Virtual Server
-
Virtual Server Snapshot
-
Virtual Server State Manager
-
Virtual Switch
-
Virtualization Agent
-
Virtualization Monitor
-
VPN Cloud Hub
- Design Patterns (alphabetical)
- Overview
-
Automated Administration
-
Automatically Defined Perimeter
-
Bare-Metal Provisioning
-
Broad Access
-
Centralized Remote Administration
-
Cloud Authentication Gateway
-
Cloud Data Breach Protection
-
Cloud Denial-of-Service Protection
-
Cloud Key Management
-
Cloud Resource Access Control
-
Cloud Storage Data at Rest Encryption
-
Cloud Storage Data Lifecycle Management
-
Cloud Storage Data Management
-
Cloud Storage Data Placement Compliance Check
-
Cloud Storage Device Masking
-
Cloud Storage Device Path Masking
-
Cloud Storage Device Performance Enforcement
-
Cloud Traffic Hijacking Protection
-
Cloud VM Platform Encryption
-
Collaborative Monitoring and Logging
-
Cross-Hypervisor Workload Mobility
-
Cross-Storage Device Vertical Tiering
-
Detecting and Mitigating User-Installed VMs
-
Direct I/O Access
-
Direct LUN Access
-
Dynamic Data Normalization
-
Dynamic Failure Detection and Recovery
-
Dynamic Scalability
-
Elastic Disk Provisioning
-
Elastic Network Capacity
-
Elastic Resource Capacity
-
External Virtual Server Accessibility
-
Federated Cloud Authentication
-
Geotagging
-
Hypervisor Clustering
-
Hypervisor Protection
-
In-Transit Cloud Data Encryption
-
Independent Cloud Auditing
-
Intra-Storage Device Vertical Data Tiering
-
IP Storage Isolation
-
Load Balanced Virtual Server Instances
-
Load Balanced Virtual Switches
-
Memory Over-Committing
-
Mobile BYOD Security
-
Multipath Resource Access
-
NIC Teaming
-
Non-Disruptive Service Relocation
-
Pay-as-You-Go
-
Permanent Data Loss Protection
-
Persistent Virtual Network Configuration
-
Platform Provisioning
-
Power Consumption Reduction
-
RAID-Based Data Placement
-
Rapid Provisioning
-
Realtime Resource Availability
-
Redundant Physical Connection for Virtual Servers
-
Redundant Storage
-
Resource Management
-
Resource Pooling
-
Resource Reservation
-
Secure Cloud Interfaces and APIs
-
Secure Connection for Scaled VMs
-
Secure External Cloud Connection
-
Secure On-Premise Internet Access
-
Self-Provisioning
-
Service Load Balancing
-
Service State Management
-
Shared Resources
-
Single Root I/O Virtualization
-
Stateless Hypervisor
-
Storage Maintenance Window
-
Storage Workload Management
-
Sub-LUN Tiering
-
Synchronized Operating State
-
Threat Intelligence Processing
-
Trust Attestation Service
-
Trusted Cloud Resource Pools
-
Trusted Platform BIOS
-
Usage Monitoring
-
Virtual Disk Splitting
-
Virtual Server Auto Crash Recovery
-
Virtual Server Connectivity Isolation
-
Virtual Server Folder Migration
-
Virtual Server NAT Connectivity
-
Virtual Server-to-Host Affinity
-
Virtual Server-to-Host Anti-Affinity
-
Virtual Server-to-Host Connectivity
-
Virtual Server-to-Virtual Server Affinity
-
Virtual Server-to-Virtual Server Anti-Affinity
-
Virtual Switch Isolation
-
Workload Distribution
-
Zero Downtime
- Design Patterns (by category)
- Sharing, Scaling and Elasticity Patterns
-
Broad Access
-
Cross-Storage Device Vertical Tiering
-
Dynamic Data Normalization
-
Dynamic Scalability
-
Elastic Disk Provisioning
-
Elastic Network Capacity
-
Elastic Resource Capacity
-
Intra-Storage Device Vertical Data Tiering
-
Load Balanced Virtual Server Instances
-
Load Balanced Virtual Switches
-
Memory Over-Committing
-
NIC Teaming
-
Service Load Balancing
-
Service State Management
-
Shared Resources
-
Storage Workload Management
-
Workload Distribution
-
- Reliability, Resiliency and Recovery Patterns
-
Dynamic Failure Detection and Recovery
-
Hypervisor Clustering
-
Multipath Resource Access
-
Non-Disruptive Service Relocation
-
Redundant Physical Connection for Virtual Servers
-
Redundant Storage
-
Resource Pooling
-
Resource Reservation
-
Storage Maintenance Window
-
Synchronized Operating State
-
Virtual Server Auto Crash Recovery
-
Zero Downtime
-
- Data Management and Storage Device Patterns
-
Cloud Storage Data at Rest Encryption
-
Cloud Storage Data Lifecycle Management
-
Cloud Storage Data Management
-
Cloud Storage Data Placement Compliance Check
-
Cloud Storage Device Masking
-
Cloud Storage Device Path Masking
-
Cloud Storage Device Performance Enforcement
-
Direct I/O Access
-
Direct LUN Access
-
IP Storage Isolation
-
RAID-Based Data Placement
-
Single Root I/O Virtualization
-
Sub-LUN Tiering
-
Virtual Disk Splitting
-
- Virtual Server and Hypervisor Connectivity and Management Patterns
-
Cross-Hypervisor Workload Mobility
-
External Virtual Server Accessibility
-
Persistent Virtual Network Configuration
-
Stateless Hypervisor
-
Virtual Server Connectivity Isolation
-
Virtual Server Folder Migration
-
Virtual Server NAT Connectivity
-
Virtual Server-to-Host Affinity
-
Virtual Server-to-Host Anti-Affinity
-
Virtual Server-to-Host Connectivity
-
Virtual Server-to-Virtual Server Affinity
-
Virtual Server-to-Virtual Server Anti-Affinity
-
Virtual Switch Isolation
-
- Monitoring, Provisioning and Administration Patterns
- Cloud Service and Storage Security Patterns
-
Cloud Data Breach Protection
-
Cloud Resource Access Control
-
Cloud VM Platform Encryption
-
Detecting and Mitigating User-Installed VMs
-
Geotagging
-
Hypervisor Protection
-
In-Transit Cloud Data Encryption
-
Mobile BYOD Security
-
Permanent Data Loss Protection
-
Secure Cloud Interfaces and APIs
-
Trusted Cloud Resource Pools
-
Trusted Platform BIOS
-
- Network Security, Identity & Access Management and Trust Assurance Patterns
-
Automatically Defined Perimeter
-
Cloud Authentication Gateway
-
Cloud Denial-of-Service Protection
-
Cloud Key Management
-
Cloud Traffic Hijacking Protection
-
Collaborative Monitoring and Logging
-
Federated Cloud Authentication
-
Independent Cloud Auditing
-
Secure Connection for Scaled VMs
-
Secure External Cloud Connection
-
Secure On-Premise Internet Access
-
Threat Intelligence Processing
-
Trust Attestation Service
-
- Sharing, Scaling and Elasticity Patterns
- Compound Patterns
- Overview
- Burst In
- Burst Out to Private Cloud
- Burst Out to Public Cloud
- Cloud Authentication
- Cloud Balancing
- Cloud Bursting
- Elastic Environment
- Infrastructure-as-a-Service (IaaS)
- Isolated Trust Boundary
- Multitenant Environment
- Platform-as-a-Service (PaaS)
- Private Cloud
- Public Cloud
- Resilient Environment
- Resource Workload Management
- Secure Burst Out to Private Cloud/Public Cloud
- Software-as-a-Service (SaaS)
- Microservice Patterns
- Big Data Patterns
- SOA Patterns
- CCP
Cloud Storage Data Placement Auditor

The cloud storage data placement auditor mechanism is used to govern and control where datasets can be stored. This mechanism can be used to enforce policies on where each dataset can or cannot be stored and perform frequent checks and audits of each dataset's storage location to ensure the appropriate cloud storage device is used according to requirements established in the service contract.
As shown in Figure 1, the cloud storage data placement auditor mechanism checks compliance and regulatory policies against where data is actually stored. This is performed in case a dataset should not be hosted in the region in which the cloud storage device is located.

Figure 1 - The cloud storage data placement auditor mechanism checks compliance and regulatory policies of Cloud Storage Device A (1) to determine the dataset’s relocation into Cloud Storage Device C (2).
This mechanism is generally established via the use of APIs, ADKs, a policy engine, and the SLA monitor mechanism.
This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.
For more information regarding the Cloud Certified Professional (CCP) curriculum, visit www.arcitura.com/ccp.
The architectural model upon which this design pattern is based is further covered in:
Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour
(ISBN: 9780133858563, Hardcover, ~ 528 pages)
For more information about this book, visit www.arcitura.com/books.