Is it possible to build a private cloud on public cloud infrastructure?

PrivateCLoudGraphicThe NIST Special Publication SP800-146 (http://csrc.nist.gov/publications/nistpubs/800-146/sp800-146.pdf ) provides a detailed explanation of what is meant by an Outsourced Private Cloud. In Section 4.3 of the document, it is emphasized that an outsourced private cloud must have two main components:

  • A security perimeter implemented by the cloud provider the prevents “mingling of private cloud resources with other cloud resources that are outside the provider-controlled security perimeter”
  • A protected communications link

The publication does not specify that an outsourced private cloud necessarily requires dedicated hardware. Rather, it gives some examples of protections that could be put in place by the provider to establish the private cloud perimeter. One of the acceptable protection mechanisms listed is the use of VLANs. A dedicated VLAN is one of the perimeter protections that Project Hosts establishes for its private cloud customers.

Cloud_Provider_GraphicThe publication clarifies that if a cloud environment uses virtualization and VLANs as the only protection, and they are used in the same way as in a public cloud, then the environment should not be characterized as a private cloud. In section 9.4 of the publication, NIST suggests other protections that could be applied to enhance protection, such as virtual firewalls and virtual IDS/IPS systems. Both of these protections are implemented in Project Hosts’ private clouds in order to strengthen the perimeter.

But in addition to implementing the perimeter protections listed above, Project Hosts also implements boundary protection for its private cloud environments. Project Hosts’ private cloud boundary protection mechanisms take one of two forms: either restricting the IP addresses that are allowed to access the private cloud or establishing a VPN directly to a customer’s on-premise network. In either case, the private cloud is not publicly accessible from the Internet – it is only accessible from the customer’s private network (as shown in the diagram above).

Because Project Hosts can provision environments with the two key requirements listed by NIST for outsourced private clouds (perimeter protection and boundary protection that limits access to a customer’s private network), Project Hosts considers one of its deployment models to be a Private Cloud.

Custom Cloud Advantage

SharePoint Custom Cloud

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: