Cloud-based services are becoming more and more important, due to ready access to the cloud by users who can access a cloud system using various computing devices (e.g., mobile phone, tablet, personal computer) at various locations. For example, CITRIX CLOUD (by Citrix Systems of Fort Lauderdale, Fla.) offers a simple, flexible way to deliver applications, desktops, and data, to users wherever the users may be.
The building and operation of a cloud-based service involves two primary components: a) a control plane that is comprised of application programming interfaces (APIs), a provisioning system, a database, etc., and b) a data plane that corresponds to the actual resources that get provisioned via the control plane. For example, the data plane may comprise one or more cloud servers that get provisioned by the control plane, and one or more services that may be performed by the cloud-based service.
In more detail, with respect to movement of traffic (e.g., data packets, control messages) between components in a network, the control plane is used to make decisions about where the traffic is sent. The control plane may include the exchange of routing table information between routers through which traffic is to pass from a source device to a destination device. The data plane is used to forward traffic from one device to the next device along a network path. The routers/switches use what the control plane has built to pass incoming data packets and control messages to their eventual destinations.
When a new service is being developed for a cloud-based system, that new service should not have access to a production cloud system that is currently being made available to all users of the cloud-based system, since access to data should be restricted until the new service has been thoroughly tested and has met production release requirements. As such, a sandbox is typically used to test the new service separate from the services already in production. The sandbox is only made available to certain users who have been chosen to test out the new service and determine whether it affects the services in production. The sandbox is typically separated from a production cloud system by a firewall, and is not made available to normal users of the production cloud system. That way, users of the production cloud system are not adversely affected due to any problems associated with integration of the new service with existing services of the production cloud system.
An alternative approach to developing a new service is to target a different deployment of the cloud-based system, such as a deployment that can be used only for service integration. However, this alternative approach may incur significant cost, since multiple deployments need to be maintained while the new service is being tested out, requiring multiple production cloud systems and the increased storage requirements associated therewith. Also, additional operational staff (e.g., network administrators, IT personnel) are needed to maintain and support each of the multiple deployments, resulting in additional costs associated with this approach.
There is a need to provide for a seamless integration of a service into a production cloud system, while such service is still in development and being tested, and which does not cause adverse impacts to users of the production cloud system.