This disclosure relates generally to the field of cloud computing. More particularly, but not by way of limitation, it relates to methods and systems for offering virtual private clouds within a public cloud environment.
In a cloud computing environment, service providers may want to have the capability to provide cloud infrastructure to meet the needs of different kinds of customers. One type of customer is a technical end-user, who wants to setup a virtual machine for his own purposes. Another type of customer is an IT organization who wants to setup up a virtual machine on behalf of his own end-users.
The first kind of customer may simply want to be able to choose from a library of machine images that are offered by the service provider, and also potentially provide some of his own. He may or may not have his own standards to which he wants these machines to adhere—but is willing to take on the burden of managing his virtual machines himself.
The second kind of customer, an IT administrator, wants to be able to treat his end-user's machines like an extension of his own internal data center. Therefore, he will want to apply his own organization's standards to the images that his end-users select. For instance, he may only want to offer images that include his choice of systems management software so that the organization's patching levels and security configurations can be enforced. The IT administrator may also want his end-users to be able to access a self-service portal in order to create virtual machines, in much the same way that the first kind of customer does. This type of end-user would only be able to choose images according to policies that have been established by the IT administrator. A cloud administrator may also want to subdivide the virtual infrastructure underpinning the cloud in order to make it available to different kinds of customers. For example, a cloud administrator may divide the virtual infrastructure according to classes of service and/or geography.
While one means to provide the above identified capabilities is to create one or more portal applications backed by a sophisticated entitlements database and, possibly, creating multiple clouds that are accessible by different customers, such an approach is complex and does not scale well. Therefore, there is a need for a simpler, more elegant mechanism to provide the above discussed functionality.