You are previewing Cloud Computing Design Patterns.
O'Reilly logo
Cloud Computing Design Patterns

Book Description

“This book continues the very high standard we have come to expect from ServiceTech Press. The book provides well-explained vendor-agnostic patterns to the challenges of providing or using cloud solutions from PaaS to SaaS. The book is not only a great patterns reference, but also worth reading from cover to cover as the patterns are thought-provoking, drawing out points that you should consider and ask of a potential vendor if you’re adopting a cloud solution.”
--Phil Wilkins, Enterprise Integration Architect, Specsavers

“Thomas Erl’s text provides a unique and comprehensive perspective on cloud design patterns that is clearly and concisely explained for the technical professional and layman alike. It is an informative, knowledgeable, and powerful insight that may guide cloud experts in achieving extraordinary results based on extraordinary expertise identified in this text. I will use this text as a resource in future cloud designs and architectural considerations.”
--Dr. Nancy M. Landreville, CEO/CISO, NML Computer Consulting

The Definitive Guide to Cloud Architecture and Design
Best-selling service technology author Thomas Erl has brought together the de facto catalog of design patterns for modern cloud-based architecture and solution design. More than two years in development, this book’s 100+ patterns illustrate proven solutions to common cloud challenges and requirements. Its patterns are supported by rich, visual documentation, including 300+ diagrams.

The authors address topics covering scalability, elasticity, reliability, resiliency, recovery, data management, storage, virtualization, monitoring, provisioning, administration, and much more. Readers will further find detailed coverage of cloud security, from networking and storage safeguards to identity systems, trust assurance, and auditing.

This book’s unprecedented technical depth makes it a must-have resource for every cloud technology architect, solution designer, developer, administrator, and manager.

Topic Areas

  • Enabling ubiquitous, on-demand, scalable network access to shared pools of configurable IT resources

  • Optimizing multitenant environments to efficiently serve multiple unpredictable consumers

  • Using elasticity best practices to scale IT resources transparently and automatically

  • Ensuring runtime reliability, operational resiliency, and automated recovery from any failure

  • Establishing resilient cloud architectures that act as pillars for enterprise cloud solutions

  • Rapidly provisioning cloud storage devices, resources, and data with minimal management effort

  • Enabling customers to configure and operate custom virtual networks in SaaS, PaaS, or IaaS environments

  • Efficiently provisioning resources, monitoring runtimes, and handling day-to-day administration

  • Implementing best-practice security controls for cloud service architectures and cloud storage

  • Securing on-premise Internet access, external cloud connections, and scaled VMs

  • Protecting cloud services against denial-of-service attacks and traffic hijacking

  • Establishing cloud authentication gateways, federated cloud authentication, and cloud key management

  • Providing trust attestation services to customers

  • Monitoring and independently auditing cloud security

  • Solving complex cloud design problems with compound super-patterns

  • Table of Contents

    1. About This eBook
    2. Title Page
    3. Copyright Page
    4. Praise for This Book
    5. Dedication Page
    6. Contents at a Glance
    7. Contents
    8. Acknowledgments
    9. Chapter 1. Introduction
      1. Objective of This Book
      2. What This Book Does Not Cover
      3. Who This Book Is For
      4. Origin of This Book
      5. Recommended Reading
      6. How This Book Is Organized
        1. Chapter 3: Sharing, Scaling and Elasticity Patterns
        2. Chapter 4: Reliability, Resiliency and Recovery Patterns
        3. Chapter 5: Data Management and Storage Device Patterns
        4. Chapter 6: Virtual Server and Hypervisor Connectivity and Management Patterns
        5. Chapter 7: Monitoring, Provisioning and Administration Patterns
        6. Chapter 8: Cloud Service and Storage Security Patterns
        7. Chapter 9: Network Security, Identity & Access Management and Trust Assurance Patterns
        8. Chapter 10: Common Compound Patterns
        9. Appendix A: Cloud Computing Mechanisms Glossary
        10. Appendix B: Alphabetical Design Patterns Reference
      7. Additional Information
        1. Symbol Legend
        2. Pattern Documentation Conventions
        3. Updates, Errata, and Resources (www.servicetechbooks.com)
        4. Cloud Computing Design Patterns (www.cloudpatterns.org)
        5. What Is Cloud? (www.whatiscloud.com)
        6. Referenced Specifications (www.servicetechspecs.com)
        7. The Service Technology Magazine (www.servicetechmag.com)
        8. CloudSchool.com™ Certified Cloud (CCP) Professional (www.cloudschool.com)
        9. Social Media and Notification
    10. Chapter 2. Understanding Design Patterns
      1. About Pattern Profiles
        1. Requirement
        2. Icon
        3. Problem
        4. Solution
        5. Application
        6. Mechanisms
      2. About Compound Patterns
      3. Design Pattern Notation
        1. Capitalization
        2. Page Number References
      4. Measures of Design Pattern Application
      5. Working with This Catalog
    11. Chapter 3. Sharing, Scaling and Elasticity Patterns
      1. Shared Resources
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      2. Workload Distribution
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      3. Dynamic Scalability
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      4. Service Load Balancing
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      5. Elastic Resource Capacity
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      6. Elastic Network Capacity
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      7. Elastic Disk Provisioning
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      8. Load Balanced Virtual Server Instances
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      9. Load Balanced Virtual Switches
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      10. Service State Management
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      11. Storage Workload Management
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      12. Dynamic Data Normalization
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      13. Cross-Storage Device Vertical Tiering
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      14. Intra-Storage Device Vertical Data Tiering
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      15. Memory Over-Committing
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      16. NIC Teaming
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      17. Broad Access
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
    12. Chapter 4. Reliability, Resiliency and Recovery Patterns
      1. Resource Pooling
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      2. Resource Reservation
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      3. Hypervisor Clustering
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      4. Redundant Storage
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      5. Dynamic Failure Detection and Recovery
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      6. Multipath Resource Access
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      7. Redundant Physical Connection for Virtual Servers
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      8. Synchronized Operating State
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      9. Zero Downtime
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      10. Storage Maintenance Window
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      11. Virtual Server Auto Crash Recovery
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      12. Non-Disruptive Service Relocation
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
    13. Chapter 5. Data Management and Storage Device Patterns
      1. Direct I/O Access
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      2. Direct LUN Access
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      3. Single Root I/O Virtualization
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      4. Cloud Storage Data at Rest Encryption
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      5. Cloud Storage Data Lifecycle Management
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      6. Cloud Storage Data Management
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      7. Cloud Storage Data Placement Compliance Check
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      8. Cloud Storage Device Masking
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      9. Cloud Storage Device Path Masking
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      10. Cloud Storage Device Performance Enforcement
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      11. Virtual Disk Splitting
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      12. Sub-LUN Tiering
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      13. RAID-Based Data Placement
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      14. IP Storage Isolation
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
    14. Chapter 6. Virtual Server and Hypervisor Connectivity and Management Patterns
      1. Virtual Server Folder Migration
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      2. Persistent Virtual Network Configuration
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      3. Virtual Server Connectivity Isolation
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      4. Virtual Switch Isolation
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      5. Virtual Server NAT Connectivity
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      6. External Virtual Server Accessibility
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      7. Cross-Hypervisor Workload Mobility
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      8. Virtual Server-to-Host Affinity
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      9. Virtual Server-to-Host Anti-Affinity
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      10. Virtual Server-to-Host Connectivity
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      11. Virtual Server-to-Virtual Server Affinity
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      12. Virtual Server-to-Virtual Server Anti-Affinity
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      13. Stateless Hypervisor
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
    15. Chapter 7. Monitoring, Provisioning and Administration Patterns
      1. Usage Monitoring
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      2. Pay-as-You-Go
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      3. Realtime Resource Availability
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      4. Rapid Provisioning
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      5. Platform Provisioning
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      6. Bare-Metal Provisioning
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      7. Automated Administration
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      8. Centralized Remote Administration
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      9. Resource Management
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      10. Self-Provisioning
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      11. Power Consumption Reduction
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
    16. Chapter 8. Cloud Service and Storage Security Patterns
      1. Trusted Platform BIOS
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      2. Geotagging
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      3. Hypervisor Protection
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      4. Cloud VM Platform Encryption
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      5. Trusted Cloud Resource Pools
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      6. Secure Cloud Interfaces and APIs
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      7. Cloud Resource Access Control
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      8. Detecting and Mitigating User-Installed VMs
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      9. Mobile BYOD Security
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      10. Cloud Data Breach Protection
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      11. Permanent Data Loss Protection
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      12. In-Transit Cloud Data Encryption
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
    17. Chapter 9. Network Security, Identity & Access Management and Trust Assurance Patterns
      1. Secure On-Premise Internet Access
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      2. Secure External Cloud Connection
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      3. Secure Connection for Scaled VMs
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      4. Cloud Denial-of-Service Protection
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      5. Cloud Traffic Hijacking Protection
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      6. Automatically Defined Perimeter
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      7. Cloud Authentication Gateway
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      8. Federated Cloud Authentication
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      9. Cloud Key Management
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      10. Trust Attestation Service
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      11. Collaborative Monitoring and Logging
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      12. Independent Cloud Auditing
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
      13. Threat Intelligence Processing
        1. Problem
        2. Solution
        3. Application
        4. Mechanisms
    18. Chapter 10. Common Compound Patterns
      1. “Compound Pattern” vs. “Composite Pattern”
      2. Compound Pattern Members
      3. Joint Application vs. Coexistent Application
      4. Private Cloud
      5. Public Cloud
      6. Software-as-a-Service (SaaS)
      7. Platform-as-a-Service (PaaS)
      8. Infrastructure-as-a-Service (IaaS)
      9. Elastic Environment
      10. Multitenant Environment
      11. Resilient Environment
      12. Cloud Bursting
      13. Burst Out to Private Cloud
      14. Burst Out to Public Cloud
      15. Burst In
      16. Secure Burst Out to Private Cloud/Public Cloud
      17. Cloud Balancing
      18. Cloud Authentication
      19. Resource Workload Management
      20. Isolated Trust Boundary
    19. Appendix A. Cloud Computing Mechanisms Glossary
      1. Application Delivery Controller (ADC)
      2. Attestation Service
      3. Attribute Authority
      4. Attribute-Based Access Control (ABAC) System
      5. Audit Monitor
      6. Authentication Gateway Service (AGS)
      7. Automated Scaling Listener
      8. Automatically Defined Perimeter (ADP) Controller
      9. Billing Management System
      10. Certificate
      11. Certificate Authority (CA)
      12. Certificate Revocation List (CRL)
      13. Certificate Trust Store
      14. Certificate Validation Service (CVS)
      15. Cloud Consumer Gateway (CCG)
      16. Cloud Storage Data Placement Auditor
      17. Cloud Storage Device
      18. Cloud Storage Device Performance Monitor
      19. Cloud Storage Management Portal
      20. Cloud Usage Monitor
      21. Cloud Workload Scheduler
      22. Cloud-based Security Groups
      23. Cryptographic Key Management System (CKMS)
      24. Digital Signature
      25. Domain Name Service (DNS)
      26. Encryption
      27. Endpoint Threat Detection and Response (ETDR)
      28. Enterprise Mobility Management (EMM) System
      29. Failover System
      30. Geotag
      31. Hardened Virtual Server Image
      32. Hardware-Based VM Discovery System
      33. Hardware Security Module (HSM)
      34. Honeypot
      35. Host-Based Security System (HBSS)
      36. Hypervisor
      37. Identity and Access Management (IAM)
      38. Intrusion Detection and Prevention System (IDPS)
      39. Live VM Migration
      40. Load Balancer
      41. Logical Network Perimeter
      42. LUN Masking
      43. Malware Hash
      44. Multi-Device Broker
      45. Network Forensics Monitor
      46. Orchestration Engine
      47. Pay-Per-Use Monitor
      48. Physical Uplink
      49. Platform Trust Policy
      50. Public Key Infrastructure (PKI)
      51. RAID-level Idenfitier
      52. Ready-Made Environment
      53. Remote Administration System
      54. Resource Cluster
      55. Resource Management System
      56. Resource Replication
      57. Sandbox
      58. Secure Token Service (STS)
      59. Security Information and Event Management (SIEM) System
      60. Single Sign-On (SSO)
      61. SLA Management System
      62. SLA Monitor
      63. State Management Database
      64. Storage Path Masking
      65. Sub-LUN Migration
      66. Threat Intelligence System
      67. Traffic Filter
      68. Traffic Monitor
      69. Trusted Platform Module (TPM)
      70. Virtual Appliance
      71. Virtual CPU (vCPU)
      72. Virtual Disk (vDisk)
      73. Virtual Firewall
      74. Virtual Infrastructure Manager (VIM)
      75. Virtual Network
      76. Virtual Private Cloud (VPC)
      77. Virtual Private Network (VPN)
      78. Virtual RAM (vRAM)
      79. Virtual Server
      80. Virtual Server Snapshot
      81. Virtual Server State Manager
      82. Virtual Switch
      83. Virtualization Agent
      84. Virtualization Monitor
      85. VPN Cloud Hub
    20. Appendix B. Alphabetical Design Patterns Reference
    21. About the Authors
      1. Thomas Erl
      2. Robert Cope
      3. Amin Naserpour
    22. Index