Community cloud

Community clouds

Customer Problem

Many businesses, educational facilities, governments, and research institutions need to collaborate either with other organizations of their own kind or with completely different organizations. As examples, two universities may be collaborating on a joint research endeavor, a software company may be outsourcing development to a contractor, two or more government agencies might be sharing sensitive data with each other, or an enterprise in a regulated industry might need to open up to an external auditor or regulatory agency.

In these cases, private clouds must be selectively made available to external parties
in a controlled manner so that the right collaboration can take place without creating a risk of opening security holes and sharing unauthorized data.

Oftentimes, this must be done without the helpful concept of a shared authority – what one organization wants to share must be mapped somehow with the understanding of who in the other organization places in the joint project. In this transaction, there are multiple sources of authority that must be reconciled without overwhelming process and without the assumption of an omniscient IT/cloud provider.

Benefits

• Deliver a solution for hosting multiple customers that need to selectively collaborate
• Base security is delivered by the default isolation between customers applications, data, and networks
• Collaboration is enabled by allowing customers to selectively enable each others users and groups rights to perform specific actions on selected cloud resources
• Collaboration is secure. The self-service delegation mechanism contains the right checks and balances to ensure that the right resources are shared with the right users from the right customers.
• Low operation costs. No centralized authority is required and no help from the cloud provider for any of these security settings.

Key Benefits

• Collaborative permissioning provide the security on shared objects in the collaborative cloud
• Security lists provide security communications for collaborative projects

Solution Details

Nimbula Director provides extremely efficient and scalable cloud infrastructure software for public and private clouds. These clouds can be used for the private running development and testing, next-generation applications, or elastic compute farms or as public or semi-public clouds for serving infrastructure services or software services. Any of these five use cases can be augmented to be a community cloud by adding multiple tenants and having them use the security and networking controls inherent in Nimbula Director to their fullest extent. No other cloud infrastructure software comes out of the box ready to model the actual nature of modern collaborative projects and thereby enable true collaborative clouds.

Nimbula allows multiple organizations without a shared authority to collaborate with each other by providing a sophisticated permissions and network security system both of which implement a handshake between the organization doing the sharing and the organization who is being shared with. These mechanisms combine to determine who can do what on which objects in the cloud and which instances can communicate with which other instances and how.

All of this collaborative work, the setting of policy, the access of other groups’ resources, and disallowed access attempts, are centrally logged for compliance verification and audit trails.

The only way to accomplish this in the past would be to have the collaborating organizations create a separate datacenter, network, and SAN just for this single purpose with each person entering that network having unfettered access. Here, controls are more precisely set, finer grained in their application, and yet done with more self-service and lower turn-around time for collaboration oriented requests.