1. Field of the Invention
The present invention relates to the field of distributed computing and in particular, to apparatus, systems, and methods to facilitate secure access to selected services during computations performed using hybrid public-private infrastructures.
2. Description of Related Art
The performance of computing applications may often be increased by distributing the computational workload across nodes in a cluster of computers. For example, the performance of compute intensive applications such as DNA sequencing, financial modeling, weather simulations, electronic design automation, etc. can be significantly improved by distributing the applications across nodes in computing clusters. The evolution of “Cloud computing services” or “public clouds”, which provide on-demand access to computing capabilities over the Internet, is an attempt to increase efficiencies and scalability, while reducing the costs associated with large computing clusters.
“Cloud computing” can refer to the use of a company's own computer cluster, but more often the term refers to the use of publicly available computing resources over the Internet through Web browser-based or client-side applications. Clouds or cloud infrastructures are typically made available on an on-demand basis. Cloud computing enables organizations to run applications on reliable, highly-available, and scalable software and hardware infrastructures referred to as clouds. Clouds may use virtualization or sophisticated systems management solutions to provide a flexible, fault tolerant, and highly available view of underlying resources so that dedicated hardware resources can be dynamically shared across several users instead of being assigned individually.
Cloud computing resources, which are often made available as virtual machines (and in some instances as physical machines), may be accessed using Application Programming Interfaces (“APIs”) and self-service portals—such as websites accessed using a web browser. Cloud infrastructure, which is offered by companies such as Amazon™ EC2, Terremark™, Rackspace™, and Savvis™ refers to the provision of Infrastructure as a Service (laaS) and permits fee-based on-demand access to the power of computing clusters and datacenters over the Internet. In some instances, organizations may use virtualization and convert their private data-centers into clouds as well. These are termed private clouds. As used herein, the term cloud can refer to both public and private clouds, which can be set-up as virtualized or physical compute clusters.
One drawback in running distributed computing applications on cloud infrastructures is the need for services used by applications to be available and accessible at runtime on the cloud infrastructure. Typical distributed computing applications may be composed of several components that may interact with each other as well as with services which, in some instances, can reside outside the core application.
In some instances, it may not be desirable for one or more services to reside on the cloud infrastructure. Security, performance, cost, difficulty in porting, legal issues, and/or other business related concerns may make it difficult or impractical to migrate and/or run some service components on the cloud infrastructure. Accordingly, some services may continue to be deployed or made available on a user's private infrastructure behind a firewall, while other parts of the distributed computing application may be run on public cloud infrastructure. In situations where such hybrid public-private infrastructures are desirable, difficulties arise when portions of the application running on the public cloud infrastructure request communication or interaction with services deployed on the private infrastructure. Because services deployed on private infrastructures are protected by firewalls they are not usually accessible to application portions running on the public cloud infrastructure. Accordingly, when applications are run on hybrid infrastructures, access to privately deployed services may involve making changes or exceptions to existing security policies that may be cumbersome to perform and can also increase vulnerabilities to the security of the private infrastructure.
Therefore, there is a need for apparatus, systems, and methods that facilitate secure, seamless, and transparent access to select services available in a private infrastructure to authorized applications running on a public cloud with minimal changes to the security policies of the private infrastructure.