Multi-tenant cloud systems allow multiple clients (i.e., users) to share communication and computational resources, such as compute nodes and network switching equipment. Through the shared computational resources, a cloud system is operable to provide computational services on-demand to clients. In many instances the cloud system comprises distributed computational resources, which may be located across multiple data centers in different locations.
Sharing of computational resources in the cloud system enables a provider to use these resources efficiently, while striving to provide adequate performance, which may be specified in service level agreements, to its clients. However, isolation in a cloud system can be difficult. For example, some clients may require that their data be isolated from data of other clients. An isolation failure in a shared resource system is often characterized in terms of its affect on privacy, security, or even performance.
A distinction between cloud systems and conventional data center systems is the need to dynamically reconfigure the system to support newly arriving and departing clients as well as existing client system reconfiguration requests. In many cloud systems, it can be expected that the frequencies of such reconfigurations occur at much higher rates than would be observed in a conventional data center, which may service only a single client or service many clients that typically continually use the data center over long periods of time. The greater occurrence of reconfigurations in a cloud system lends itself to greater occurrences of misconfigurations. For example, instantiating a client system is susceptible to hardware errors in cabling that may inadvertently connect customer domains (contrary to isolation policies).
In cases where a computational resource associated with one customer domain is unintentionally connected to another customer domain, the resource might either be able to communicate on that domain, or be able to listen and receive information from that domain. While sensitive information leakage may be one principal worry of cloud clients, failure to segregate domains can also result in disruption or a decrease in system performance, or increase the risk of a third party attack through a misconfiguration point.