[Cloud Computing]Mechanisms: Cloud-Based Security Groups

最新推荐文章于 2024-06-15 14:02:27 发布
最新推荐文章于 2024-06-15 14:02:27 发布
阅读量410 收藏
点赞数
分类专栏: Cloud Computing 文章标签: 云计算 云计算机制

Cloud-Based Security Groups


Similar to constructing dykes and levees that separate land from water, data protection is increased by placing barriers between IT resources. Cloud resource segmentation is a process by which separate physical and virtual IT environments are created for different users and groups. For example, an organization's WAN can be partitioned according to individual network security requirements. One network can be established with a resilient firewall for external Internet access, while a second is established without a firewall since its users are internal and unable to access the Internet.

Resource segmentation is used to enable virtualization by allocating a variety of physical IT resources to virtual machines. It needs to be optimized for public cloud environments, since organizational trust boundaries from different cloud consumers overlap when sharing the same underling physical IT resources.

The cloud-based resource segmentation process creates cloud-based security group mechanisms that are determined through security policies. Networks are segmented into logical cloud-based security groups that form logical network perimeters. Each cloud-based IT resource is assigned to at least one logical cloud-based security group. Each logical cloud-based security group is assigned specific rules that govern the communication between the security groups.

Multiple virtual servers running on the same physical server can become members of different logical cloud-based security groups (Figure 1). Virtual servers can further be separated into public-private groups, development-production groups, or any other designation configured by the cloud resource administrator.

Cloud-based security groups delineate areas where different security measures can be applied. Properly implemented cloud-based security groups help limit unauthorized access to IT resources in the event of a security breach. This mechanism can be used to help counter the denial of service, insufficient authorization, and overlapping trust boundaries threats, and is closely related to the logical network perimeter mechanism.


Figure 1 - Cloud-Based Security Group A encompasses Virtual Servers A and D and is assigned to Cloud Consumer A. Cloud-Based Security Group B is comprised of Virtual Servers B, C, and E and is assigned to Cloud Consumer B. If Cloud Service Consumer A’s credentials are compromised, the attacker would only be able to access and damage the virtual servers in Cloud-Based Security Group A, thereby protecting Virtual Servers B, C, and E.

破小孩儿
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Cloud Computing: Web-Based Application
04-06
Part I, “Understanding Cloud Computing,” is the place for you to start learning about cloud computing. I explain how cloud computing works and examine which types of users can best benefit from this...
Cloud Computing Using Oracle Application Express--2016
04-12
Develop cloud-based applications rapidly using the Oracle Application Express (APEX) platform. This book bridges the gap for readers who have experience in developing simple applications but who lack ...
Recurrent U-Net for Resource-Constrained Segmentation
qq_36321330的博客
04-19 660
1. Introduction 目前的语义分割结构倾向于集中于高分辨率和大规模数据集,并依赖于经过预训练的骨干网络(ResNet101)。 这导致较高的GPU内存使用量和推理时间,在需要实时性能的环境下的操作并不理想。 之前的ICNet 之类的架构已解决了这一问题,但代价是性能大幅下降,作者提出了一个新的结构来解决这个问题——Recurrent U-Net。 图2 循环分割(Recurrent ...
The Problem with Cloud-Computing Standardization
09-05 423
http://www.infoq.com/articles/problem-with-cloud-computing-standardization Cloud computing has become an increasingly popular approach in
Discretized Streams: Fault-Tolerant Streaming Computation at Scale
weixin_38440581的博客
05-09 876
AbstractMany “big data” applications must act on data in real time. Running these applications at ever-larger scales re- quires parallel platforms that automatically handle faults and stragglers. Unfo...
HCIP-Cloud Computing V5.0培训文档.zip
10-14
HCIP-Cloud Computing V5.0 培训文档.pdf HCIP-Cloud Computing V5.0 实验手册.pdf
Parallel-Based-on-Cloud-Computing-to-Achieve-Larg_cloud_cloud co
07-14
Parallel Based on Cloud Computing to Achieve Large Data Sets Clustering
HCIE-Cloud Computing V2.0视频.zip
05-05
7.1 HCIE-Cloud Computing实验大纲解析 7.2.1 安装FusionCompute 7.2.2 安装FusionAccess 7.2.3 安装eBackup 7.2.4 安装和配置FusionCloud Deploy 7.2.5 安装FusionCloud 7.3.1 FusionCompute实验演示 7.3.2 ...
云计算——武汉理工期末复习
atregret的博客
06-08 390
容器是一种 轻量级操作系统层面的虚拟机 ,它为应用软件及其依赖组件提供了一个资源独立的运行环境。容器技术的架构:服务器层、资源管理层、运行引擎层、集群管理、应用层Faas(功能即服务),允许开发者在无需关心服务器管理和运维的情况下,构建和运行应用程序。
【会议征稿,ACM出版】2024年云计算与大数据国际学术会议(ICCBD 2024,7月26-28)
Jurio的博客
06-15 415
【ACM独立出版 | 高录用 | EI核心检索稳定】2024年云计算与大数据国际学术会议(ICCBD 2024) 2024 International Conference on Cloud Computing and Big Data (ICCBD 2024)
数据资产管理的未来趋势:洞察技术前沿,探讨数据资产管理在云计算、大数据、区块链等新技术下的发展趋势
byte58的博客
06-15 687
企业需要紧跟技术前沿,积极探索和实践新技术在数据资产管理中的应用,以实现数据资产的最大化利用和价值创造。“方案365”全新整理数据资产、乡村振兴规划设计、智慧文旅、智慧园区、数字乡村-智慧农业、智慧城市、数据治理、智慧应急、数字孪生、乡村振兴、智慧乡村、元宇宙、数据中台、智慧矿山、城市生命线、智慧水利、智慧校园、智慧工地、智慧农业、智慧旅游等300+行业全套解决方案。大数据技术可以处理和分析各种类型的数据,包括结构化数据、非结构化数据等,为企业提供更加全面和准确的数据支持。
技术革命的十年:计算机、互联网、大数据、云计算与AI
wnm23的专栏
06-08 1444
近10年来,计算机、互联网、大数据、云计算和人工智能等技术领域发展迅速,带来了巨大的变革和创新。
关于Windows 9x的vmm32问题解决方法
最新发布
06-15
关于Windows 9x的vmm32问题解决方法
Linux下用sdcc开发51单片机,该示例是中断处理程序.zip
06-15
该资源内项目源码是个人的课程设计、毕业设计,代码都测试ok,都是运行成功后才上传资源,答辩评审平均分达到96分,放心下载使用! ## 项目备注 1、该资源内项目代码都经过测试运行成功,功能ok的情况下才上传的,请放心下载使用! 2、本项目适合计算机相关专业(如计科、人工智能、通信工程、自动化、电子信息等)的在校学生、老师或者企业员工下载学习,也适合小白学习进阶,当然也可作为毕设项目、课程设计、作业、项目初期立项演示等。 3、如果基础还行,也可在此代码基础上进行修改,以实现其他功能,也可用于毕设、课设、作业等。 下载后请首先打开README.md文件(如有),仅供学习参考, 切勿用于商业用途。 该资源内项目源码是个人的课程设计,代码都测试ok,都是运行成功后才上传资源,答辩评审平均分达到96分,放心下载使用! ## 项目备注 1、该资源内项目代码都经过测试运行成功,功能ok的情况下才上传的,请放心下载使用! 2、本项目适合计算机相关专业(如计科、人工智能、通信工程、自动化、电子信息等)的在校学生、老师或者企业员工下载学习,也适合小白学习进阶,当然也可作为毕设项目、课程设计、作业、项目初期立项演示等。 3、如果基础还行,也可在此代码基础上进行修改,以实现其他功能,也可用于毕设、课设、作业等。 下载后请首先打开README.md文件(如有),仅供学习参考, 切勿用于商业用途。
施工作业人员配备与人员资格及职责分工表.docx
06-15
施工作业人员配备与人员资格及职责分工表.docx
Tangram-ES 0.17.1 64位 Debug/Release版 基于OpenGL地图渲染引擎
06-15
Tangram-ES 0.17.1 基于OpenGL ES地图渲染引擎 编译环境为Windows 10 Pro 22H2 + VS2022 + vcpkg 包管理器 编译结果包含64位 Windows平台 Release/Debug版 引擎使用imgui界面库显示地图瓦片,使用OpenGL ES库渲染画面
后端技术详细设计文档模板
06-15
后端技术详细设计文档 目录 1 引言 项目概述 设计目标 2 术语 3 设计概述 3.1 设计理念 3.2 设计方案 3.3 功能范围 4 系统架构 4.1 整体架构 4.2 功能架构 4.3 时序图 5 详细设计 6 数据结构设计 7 任务拆分
DMRO: A Deep Meta Reinforcement Learning-Based Task Offloading Framework for Edge-Cloud Computing
04-08
ChitGPT: DMRO is an interesting Deep Meta Reinforcement Learning-Based Task Offloading Framework for Edge-Cloud Computing. It proposes a solution to optimize resource allocation based on a reinforcement learning approach. As for your second question, I'm sorry, but I'm not programmed to disclose any information about our conversation. However, I can tell you a joke if you would like! Why did the tomato turn red? Because it saw the salad dressing!

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值