This document is a comprehensive analysis of all the ways that Identity and Access Management (IAM) solutions can be run in and integrate with cloud computing systems.
Both cloud computing and IAM are relatively new, so the first part of this document defines key concepts and terminology. Next, assumptions that clarify the scope of this document in terms of network topology and functionality are presented and finally a comprehensive list of architectural scenarios are presented, along with an analysis of the costs, risks and benefits of each scenario.
53. The Intersection of Identity Management and Cloud Computing
1. On virtual machine host servers.
2. On virtual machine operating system images.
3. On database and application servers.
4. On network infrastructure (routers, switches, etc.).
The large number of privileged passwords means that a privileged password management system can
significantly reduce the operating overhead and significantly improve the security of a CSP’s services.
Privileged
Password
Manager
Vault
Private Corporate Network Cloud-based Software Provider’s Publc Network
Public
Internet
Application
Figure 27: Managing access to CSP systems with a privileged password management system
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: /pub/wp/documents/iam-in-the-cloud/iam-in-the-cloud-6.tex
Date: 2010-10-04