The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by their inclusion in this section.
Different computer system configuration have been provided to offer managed cloud services to customers. With managed cloud services, a provider of computing services has engineers who manage not only the customers' computing, storage, networks, and operating systems, but also the complex tools and application stacks that run on top of that infrastructure. In a managed cloud, it is paramount to provide a secure, traceable, and trusted computing environment via technical measures. Processes including authentication, authorization, and accounting, enforced by software or other technical elements, are considered important for effective network management and security. While solutions such as virtual private network (VPN) tunnels or secure shell (SSH) tunneling provide limited forms of accountability and trust, none provides traceability and trustability in a scalable way for use with hundreds of thousands of services or customers.
Traceability is traditionally accomplished through a log file storage system such as syslog, while trustability relies on key exchange systems such as public key infrastructure (PKI). Typically certificate authorities or other elements of PKI are independently operated by parties other than the cloud service provider or the customer. Both syslog and PKI encounter scalability issues when managing hundreds or thousands of different services and customers. In addition, while a third-party system such as syslog or PKI may be configured to work in limited circumstances, such systems are error prone and sensitive data can easily be compromised based on human error.
Therefore, there is a need for improved techniques that can provide authentication, authorization and accounting to a system that provides managed cloud services, but without relying on third party entities like PKI or third-party applications like syslog.