Cloud computing offers advantages over traditional hosted computing infrastructure in some environments. For example, cloud computing may offer improved flexibility through the use of on-demand, pay as you go deployment models that allow a computing infrastructure to be sized appropriately for current business needs. Cloud computing may also provide for reduced capital expenditures and operational overhead when compared to traditional hosted solutions.
While cloud computing offers some advantages over a traditional hosted model, it also presents some challenges. For example, the flexibility provided by cloud computing's ability to dynamically scale an application infrastructure may limit the ability to control security access rules for each of the nodes in the infrastructure. For example, because nodes performing infrastructure functions may not be statically known to an application architect, it may be difficult to define firewall or VLAN rule sets that partition access to those nodes based on a fixed security model.
For example, in a traditional hosted infrastructure model employing dedicated computing resources, infrastructure owners may have complete control of the security model employed by the infrastructure. For example, a security model may be defined that provides for public or untrusted access to some predefined computing resources. Other computing resources within the infrastructure that do not need to be accessible to untrusted nodes may be placed in a “DMZ,” a euphemism for “demilitarized zone.” Untrusted nodes have no access to computing resources within a DMZ, thus increasing the security of those nodes. With a cloud based infrastructure, the dynamic nature of nodes included in the infrastructure may prevent the effective deployment of a DMZ architecture. Therefore, alternative security architectures for cloud computing deployments are needed.