Extending the Data Center Into the Cloud
At the heart of the cloud computing movement sits the data center infrastructure. The data center has long been the workhorse of the cloud world, providing bandwidth, connectivity, and of course resources to help the environment run continuously (or as continuously as possible).
During the early days of cloud computing, there was a disconnect between cloud resources and the internal corporate environment. To access workloads or resources in the cloud, administrators would have to jump through a few hoops to connect their environment with external components. Beyond an internal data center hosting some cloud options; there are other SaaS, PaaS and even IaaS environments out there that require connectivity.
So the challenge was very clear: how does an administrator effectively scale their data center to directly connect with other components in the cloud?
Although there are a few ways to accomplish this goal – software-defined technologies, virtualization, and advanced networking – identity federation has become an integral part of connecting a data center to the cloud. A user who sits on a corporate data center may at any one point require access to the outside world or an application hosted externally.
One of the great things about cloud computing is the flexibility that it brings to both the user and the administrator. This is where identity federation can help. To truly get an idea to the nature of cloud authentication and how it interacts with a corporate data center, we can look at federated identity in the following three ways:
Connecting The User
The user is probably the most important part of any environment. Considerations around the end-user can mean the difference between a successful deployment and one that has to go back to the drawing board. Many times, organizations will deploy applications or resources which are completely cloud-hosted. In many situations, the user will have to re-authenticate from their internal environment into the cloud resources.
This is where identity federation can help a user, who is accessing a local data center, become much more transparent in their experience. By publishing a special portal – sometimes referred to as a cloud gateway – the user will see their set of applications, which can include Word, Outlook, Excel, and other local resources. However, in the very same portal, administrators can now present external applications like Salesforce, LinkedIn, Ceridian, and others as well. To the user, they look like their installed locally. Furthermore, they only need to authenticate once with their Active Directory credentials.
From there, identity federation takes over and allows the user to connect to both internally hosted applications, and those hosted in the cloud. What about password changes and some other administrative functions for those cloud-hosted apps? No problem. Modern identity federation technologies work with a self-service portal that allows users to change their password as needed and even add/remove icons from their portals. Not only does this help the user connect to the cloud via an internal data center – it also eases the management process for data center administrators.
Connecting The Applications
One of the main goals in creating a good identity federation mechanism for the end-user is to make the experience as transparent as possible. One of the other goals is to simplify administration.
Applications being hosted outside of the internal data center may need to be connected. In the previous section, we discussed how this experience would look to the end user. Now, we have to look at how it’s accomplished. Administrators will set up an internal server or service which will interface with external applications. From there, many identity federation solutions will actually have pre-built connectors for many cloud-facing applications. They will know the landing pages and be able to identify the authentication methods and how to tie them back into the internal environment.
From there, administrators are able to set password reset metrics, how a user access external applications, and create a local data center capable of expanding into the cloud. The flexibility of using identity federation technologies to connect to the cloud doesn’t only cover “pre-approved” application lists. For custom apps or even those not only the list, administrators are able to create custom HTTP or SAML connectors for the resource in need. This type of deployment creates certain flexibility for applications which were once thought to be cloud-challenging.
Connecting The Data Center
As one of the final, yet very important, pieces in the connection process, connecting the data center goes a bit beyond just identity federation. In conjunction with software-defined technologies, connecting a data center with the cloud becomes much easier.
From an authentication perspective, identity federation acts as the engine to a facilitate user access for both internal, data center-hosted, as well as external applications. Now, administrators are able to logically connect internal data centers with cloud-based environments for an even greater extension of their infrastructure. At this point, not only is the internal environment connected to cloud-facing data center resources, but users can seamlessly authenticate into the environment as well. A secure link can be created with a data center which hosts a specific set of applications. Beyond that, the identity federation solution can help handle the authentication for users to access those resources. And so, not only is there a private link going to a cloud-based data center, users can still incorporate their AD credentials to access resources across the platform.
Extending a data center into the cloud doesn’t have to be a complicated task. In fact, advanced security and connectivity methodologies make the process much safer now than it was before. Software-defined technologies and cloud APIs continue to make the modern data center more agile and capable of scaling with the needs of the organization. More companies are leveraging cloud-based resources and require a way to connect into that type of environment. This is where using solutions like identity federation can help connect local data center environments to the cloud.
Enlightening article. Thanks for sharing
Bill KleymanPosted January 19th, 2013
Much appreciated Shane! Thank YOU for reading