Information technology (IT) professionals increasingly find the Infrastructure as a Service (IaaS) model to be flexible, easy, and cost-effective way to deliver the services their users need. The ability to specify IT infrastructure and applications remotely and on demand provides flexibility to build out only those resources that exactly fit user requirements at a given time. Additional benefits provided by professional cloud service providers include the ability to adjust rapidly to changes in demand, access to equipment with superior performance, built-in enterprise level security, disaster recovery, and other functions.
IaaS solutions combine remotely hosted physical IT infrastructure and virtualization technologies to provide a simplified, abstracted operating model to end-users. Virtualization decouples physical hardware from operating systems, applications and other information technology resources. Virtualization allows multiple virtual machines with different operating systems and applications to run in isolation side-by-side on a physical machine. Such virtual machines are a software representation of a physical machine, specifying its own set of virtual hardware resources such as processors, memory, storage, network interfaces, and so forth. Additional network virtualization technologies offered by some providers allows their tenants to add other elements such as Virtual Local Area Networks (VLANs), virtual firewall, virtual load balancers and other virtual resources. Cloud service providers frequently allow users to specify groups of logically related virtual elements as components of a Virtual Data Center (VDC) construct that can be deployed, configured and managed as a single unit.
Delivering a simplified, abstracted service to IT customers comes at the cost of increased complexity for the service provider. One significant area of complexity is providing a strong security and isolation in a dynamic, multitenant environment. For example, any changes requested by one customer must not disrupt another customer's services or expose one customer's data to another customer. With the rapid pace of configuration changes in a cloud service provider's infrastructure, automating these changes using software is critical. To avoid serious configuration errors when such a change must be coordinated across multiple elements of IT infrastructure, it becomes desirable to conduct these changes as distributed atomic transactions.
Atomicity of provisioning operations should especially apply in cloud environments that use a common physical infrastructure to support multiple tenants. Delivering this guarantee can complex. For example, a single physical switch may need to support VLANs for different tenants. It is often the case that tenants wish to control their own VLAN settings and manipulate switch port settings, however the service provider must ensure that a customer cannot make configuration changes that permit them to access other customer's data.